# Trustgrid Management API

The Trustgrid Management API provides programmatic access to manage the Trustgrid
network infrastructure platform. Trustgrid connects distributed nodes (appliances and
agents) into secure overlay networks with centralized management.

## Key Concepts

- **Nodes**: The core compute units — either `Node` (physical/VM appliance) or `Agent`
  (lightweight software agent on a device). Identified by UUID (`uid`) and FQDN.
- **Clusters**: High-availability groups of nodes sharing configuration.
- **Domains**: Logical groupings of nodes within an organization.
- **Virtual Networks**: Layer-3 overlay networks (`DomainNetwork`) created within a domain,
  enabling zero-trust connectivity between nodes. Each network has access policies,
  DNS config, routes, and port forwarding rules.
- **Tags**: Key-value metadata attached to nodes and clusters for grouping and permissions.
- **Shadow**: Each node has an AWS IoT Device Shadow with `desired` (target config) and
  `reported` (current state) halves. The `reported` shadow contains telemetry using
  dot-notation keys (e.g. `nic.eth0.mtu`, `node-core.version`).

## Authentication

All API requests require a JWT Bearer token in the `Authorization` header:
```
Authorization: Bearer <token>
```
Tokens are obtained via the Trustgrid portal or programmatically via service user
credentials. See [API Access docs](https://docs.trustgrid.io/docs/user-management/api-access/).

## Permissions

Most endpoints require specific permissions (noted in each endpoint's description).
Permissions follow the pattern `resource::action` (e.g. `nodes::read`, `virtual-networks::modify`).


Version: 1.0.0
License: unlicensed

## Servers

```
https://api.trustgrid.io
```

## Security

### JWTAuthorizer

JWT Bearer token. Send as `Authorization: Bearer <token>`. Obtain via the Trustgrid portal or service user credentials. See https://docs.trustgrid.io/docs/user-management/api-access/

Type: http
Scheme: bearer
Bearer Format: JWT

## Download OpenAPI description

[Trustgrid Management API](https://apidocs.trustgrid.io/_bundle/index.yaml)

## Alarm

[Alarm filters](https://docs.trustgrid.io/docs/alarms/alarm-filters/) define criteria and thresholds for when events generate alert notifications. Configure alert channels (email, Slack, PagerDuty, OpsGenie, Teams, webhooks) and maintenance windows. Requires `alarms::read` permission.


### Retrieve all configured alarm filters and their trigger conditions

 - [GET /v2/alarm](https://apidocs.trustgrid.io/alarm/listalarms.md): Requires alarms::read permission.

### Create a new alarm filter to monitor events and trigger notifications

 - [POST /v2/alarm](https://apidocs.trustgrid.io/alarm/paths/~1v2~1alarm/post.md): Requires alarms::modify permission.

### Retrieve all configured notification channels for alarm delivery

 - [GET /v2/alarm-channel](https://apidocs.trustgrid.io/alarm/listalarmchannels.md)

### Configure a new notification channel for alarm delivery (email, Slack, etc.)

 - [POST /v2/alarm-channel](https://apidocs.trustgrid.io/alarm/paths/~1v2~1alarm-channel/post.md)

### Permanently remove a notification channel configuration

 - [DELETE /v2/alarm-channel/{uid}](https://apidocs.trustgrid.io/alarm/paths/~1v2~1alarm-channel~1%7Buid%7D/delete.md)

### Retrieve configuration details for a specific notification channel

 - [GET /v2/alarm-channel/{uid}](https://apidocs.trustgrid.io/alarm/getalarmchannel.md)

### Modify settings for an existing notification channel

 - [PUT /v2/alarm-channel/{uid}](https://apidocs.trustgrid.io/alarm/paths/~1v2~1alarm-channel~1%7Buid%7D/put.md)

### Cancel an active alert suppression window and resume normal notifications

 - [DELETE /v2/alarm/suppression](https://apidocs.trustgrid.io/alarm/paths/~1v2~1alarm~1suppression/delete.md)

### Retrieve current or upcoming alert suppression schedule details

 - [GET /v2/alarm/suppression](https://apidocs.trustgrid.io/alarm/getalarmsuppression.md)

### Schedule a time period to temporarily disable alarm notifications

 - [POST /v2/alarm/suppression](https://apidocs.trustgrid.io/alarm/paths/~1v2~1alarm~1suppression/post.md)

### Permanently remove an alarm filter and stop monitoring conditions

 - [DELETE /v2/alarm/{uid}](https://apidocs.trustgrid.io/alarm/paths/~1v2~1alarm~1%7Buid%7D/delete.md)

### Retrieve detailed configuration of a specific alarm filter

 - [GET /v2/alarm/{uid}](https://apidocs.trustgrid.io/alarm/getalarm.md)

### Modify trigger conditions and settings for an existing alarm filter

 - [PUT /v2/alarm/{uid}](https://apidocs.trustgrid.io/alarm/paths/~1v2~1alarm~1%7Buid%7D/put.md)

## Alert

Security and operational events broadcast when significant node or system activity occurs (connects/disconnects, certificate warnings, order updates). Required permissions vary by endpoint; see each operation description for the specific permission needed.


### Retrieve security and operational events for a specific node

 - [GET /alert/{nodeID}](https://apidocs.trustgrid.io/alert/listnodealerts.md): List events for a node (appliance or agent), newest first

---

Requires alerts::read permission.

### Retrieve all recent security and operational alerts across the organization

 - [GET /v2/alert](https://apidocs.trustgrid.io/alert/listalertsv2.md): Requires alerts::read permission.

### Retrieve security and operational alerts specific to a single node

 - [GET /v2/alert/{nodeID}](https://apidocs.trustgrid.io/alert/listnodealertsv2.md): Requires alerts::read permission.

### Manually resolve and dismiss a specific alert type for a node

 - [DELETE /v2/alert/{nodeID}/{alertType}](https://apidocs.trustgrid.io/alert/paths/~1v2~1alert~1%7Bnodeid%7D~1%7Balerttype%7D/delete.md): Requires alerts::read permission.

### List audit events across the organization filtered by time range and type

 - [GET /v2/event](https://apidocs.trustgrid.io/alert/listevents.md): Returns a paginated list of audit events (node connects/disconnects,
config changes, certificate warnings, order updates, etc.) within a
time window. Supports filtering by node, event type, level, and item
type. Use sTime/eTime for the time range (ISO 8601).

---

Requires events::read permission.

### Get all events by time range for a Node

 - [GET /v2/event/{nodeId}](https://apidocs.trustgrid.io/alert/listnodeevents.md): Requires events::read permission.

### Validate if a specific event would trigger configured alarm filters

 - [POST /v2/event/{nodeId}/{eventId}](https://apidocs.trustgrid.io/alert/paths/~1v2~1event~1%7Bnodeid%7D~1%7Beventid%7D/post.md)

### List all security and operational events across the organization (deprecated)

 - [GET /alert](https://apidocs.trustgrid.io/alert/listalerts.md): This is deprecated; use /v2/event instead.

---

Requires alerts::read permission.

## Domain

A [domain](https://docs.trustgrid.io/docs/domain/) is a logical grouping of nodes within an organization, providing the namespace for virtual networks, DNS zones, and access policies. Requires `domains::read` permission.


### Retrieve domain configuration including security and network settings

 - [GET /domain/{domainName}](https://apidocs.trustgrid.io/domain/getdomain.md): Requires domains::read permission.

### Configure domain-wide alert thresholds and notification settings

 - [PUT /domain/{domainName}/config/alert](https://apidocs.trustgrid.io/domain/paths/~1domain~1%7Bdomainname%7D~1config~1alert/put.md): Requires domains::configure:thresholds permission.

### Configure domain-level API gateway settings and access policies

 - [PUT /domain/{domainName}/config/apigw](https://apidocs.trustgrid.io/domain/paths/~1domain~1%7Bdomainname%7D~1config~1apigw/put.md): Requires domains::configure:gateway permission.

### List virtual networks

 - [GET /v2/domain/{domainName}/network](https://apidocs.trustgrid.io/domain/listvirtualnetworks.md): Requires virtual-networks::read permission.

### Create a virtual network network

 - [POST /v2/domain/{domainName}/network](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network/post.md): Requires virtual-networks::modify permission.

### Delete a virtual network - this change is not staged and will immediately affect the domain

 - [DELETE /v2/domain/{domainName}/network/{networkName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D/delete.md): Requires virtual-networks::modify permission.

### List a virtual network's access policies

 - [GET /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/domain/listnetworkaccesspolicies.md): Requires virtual-networks::read permission.

### Create a network access policy

 - [POST /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy/post.md): Requires virtual-networks::modify permission.

### Delete a network access policy

 - [DELETE /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network access policy

 - [PUT /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's auth groups

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/domain/listnetworkauthgroups.md): Requires virtual-networks::read permission.

### Create a network auth group

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group/post.md): Requires virtual-networks::modify permission.

### Delete a network auth group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network auth group's members

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/domain/getnetworkauthgroup.md): Requires virtual-networks::read permission.

### Add a network auth group member

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/post.md): Requires virtual-networks::modify permission.

### Update a network auth group

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network auth group member

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a membership

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/put.md): Requires virtual-networks::modify permission.

### List staged changes awaiting commit

 - [GET /v2/domain/{domainName}/network/{networkName}/change](https://apidocs.trustgrid.io/domain/listnetworkchanges.md): Returns staged (uncommitted) changes to the virtual network. Changes are staged before being committed via the change/commit endpoint. Requires virtual-networks::read permission.

### Commit staged changes

 - [POST /v2/domain/{domainName}/network/{networkName}/change/commit](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1commit/post.md): Requires virtual-networks::modify permission.

### List validation errors for staged changes

 - [GET /v2/domain/{domainName}/network/{networkName}/change/validate](https://apidocs.trustgrid.io/domain/validatenetworkchanges.md): Requires virtual-networks::read permission.

### Revert a staged change. If the item is newly added and not committed, the item will be deleted along with any associated changes.

 - [DELETE /v2/domain/{domainName}/network/{networkName}/change/{changeID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1%7Bchangeid%7D/delete.md): Requires virtual-networks::modify permission.

### Get a network's DNS configuration

 - [GET /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/domain/getnetworkdns.md): Requires virtual-networks::read permission.

### Update a network's DNS configuration

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns/put.md): Requires virtual-networks::modify permission.

### List a network's DNS zones

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/domain/listnetworkdnszones.md): Requires virtual-networks::read permission.

### Create a DNS zone

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone/post.md): Requires virtual-networks::modify permission.

### Delete a DNS zone

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS zone

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/put.md): Requires virtual-networks::modify permission.

### List a network zone's DNS records

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/domain/listnetworkdnsrecords.md): Requires virtual-networks::read permission.

### Create a DNS record

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record/post.md): Requires virtual-networks::modify permission.

### Delete a DNS record

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS record

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/put.md): Requires virtual-networks::modify permission.

### List a network's groups

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/domain/listnetworkgroups.md): Requires virtual-networks::read permission.

### Create a network group

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group/post.md): Requires virtual-networks::modify permission.

### Delete a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network's group memberships

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/domain/getnetworkgroup.md): Requires virtual-networks::read permission.

### Update a network group

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network object from a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Add a network object to a network group (represented by a network group membership

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/post.md): Requires virtual-networks::modify permission.

### List a network's objects

 - [GET /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/domain/listnetworkobjects.md): Requires virtual-networks::read permission.

### Create a network object

 - [POST /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object/post.md): Requires virtual-networks::modify permission.

### Delete a network object

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network object

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/put.md): Requires virtual-networks::modify permission.

### List a network's port forwardings

 - [GET /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/domain/listnetworkportforwardings.md): Requires virtual-networks::read permission.

### Create a port forwarding

 - [POST /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding/post.md): Requires virtual-networks::modify permission.

### Get a port forwarding

 - [DELETE /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/delete.md): Requires virtual-networks::read permission.

### Update a port forwarding

 - [PUT /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/put.md): Requires virtual-networks::modify permission.

### Get default global vpn routes for a virtual network

 - [GET /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/domain/listnetworkroutes.md): Requires virtual-networks::read permission.

### Create a network route

 - [POST /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route/post.md): Requires virtual-networks::modify permission.

### Delete a network route

 - [DELETE /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network route

 - [PUT /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/put.md): Requires virtual-networks::modify permission.

### List virtual networks

 - [GET /v2/domain/{domainName}/network](https://apidocs.trustgrid.io/virtual-networks/listvirtualnetworks.md): Requires virtual-networks::read permission.

### Create a virtual network network

 - [POST /v2/domain/{domainName}/network](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network/post.md): Requires virtual-networks::modify permission.

### Delete a virtual network - this change is not staged and will immediately affect the domain

 - [DELETE /v2/domain/{domainName}/network/{networkName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D/delete.md): Requires virtual-networks::modify permission.

### List a virtual network's access policies

 - [GET /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/virtual-networks/listnetworkaccesspolicies.md): Requires virtual-networks::read permission.

### Create a network access policy

 - [POST /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy/post.md): Requires virtual-networks::modify permission.

### Delete a network access policy

 - [DELETE /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network access policy

 - [PUT /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's auth groups

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/virtual-networks/listnetworkauthgroups.md): Requires virtual-networks::read permission.

### Create a network auth group

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group/post.md): Requires virtual-networks::modify permission.

### Delete a network auth group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network auth group's members

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/getnetworkauthgroup.md): Requires virtual-networks::read permission.

### Add a network auth group member

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/post.md): Requires virtual-networks::modify permission.

### Update a network auth group

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network auth group member

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a membership

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/put.md): Requires virtual-networks::modify permission.

### List staged changes awaiting commit

 - [GET /v2/domain/{domainName}/network/{networkName}/change](https://apidocs.trustgrid.io/virtual-networks/listnetworkchanges.md): Returns staged (uncommitted) changes to the virtual network. Changes are staged before being committed via the change/commit endpoint. Requires virtual-networks::read permission.

### Commit staged changes

 - [POST /v2/domain/{domainName}/network/{networkName}/change/commit](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1commit/post.md): Requires virtual-networks::modify permission.

### List validation errors for staged changes

 - [GET /v2/domain/{domainName}/network/{networkName}/change/validate](https://apidocs.trustgrid.io/virtual-networks/validatenetworkchanges.md): Requires virtual-networks::read permission.

### Revert a staged change. If the item is newly added and not committed, the item will be deleted along with any associated changes.

 - [DELETE /v2/domain/{domainName}/network/{networkName}/change/{changeID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1%7Bchangeid%7D/delete.md): Requires virtual-networks::modify permission.

### Get a network's DNS configuration

 - [GET /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/virtual-networks/getnetworkdns.md): Requires virtual-networks::read permission.

### Update a network's DNS configuration

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns/put.md): Requires virtual-networks::modify permission.

### List a network's DNS zones

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/virtual-networks/listnetworkdnszones.md): Requires virtual-networks::read permission.

### Create a DNS zone

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone/post.md): Requires virtual-networks::modify permission.

### Delete a DNS zone

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS zone

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/put.md): Requires virtual-networks::modify permission.

### List a network zone's DNS records

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/virtual-networks/listnetworkdnsrecords.md): Requires virtual-networks::read permission.

### Create a DNS record

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record/post.md): Requires virtual-networks::modify permission.

### Delete a DNS record

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS record

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/put.md): Requires virtual-networks::modify permission.

### List a network's groups

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/virtual-networks/listnetworkgroups.md): Requires virtual-networks::read permission.

### Create a network group

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group/post.md): Requires virtual-networks::modify permission.

### Delete a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network's group memberships

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/getnetworkgroup.md): Requires virtual-networks::read permission.

### Update a network group

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network object from a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Add a network object to a network group (represented by a network group membership

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/post.md): Requires virtual-networks::modify permission.

### List a network's objects

 - [GET /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/virtual-networks/listnetworkobjects.md): Requires virtual-networks::read permission.

### Create a network object

 - [POST /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object/post.md): Requires virtual-networks::modify permission.

### Delete a network object

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network object

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/put.md): Requires virtual-networks::modify permission.

### List a network's port forwardings

 - [GET /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/virtual-networks/listnetworkportforwardings.md): Requires virtual-networks::read permission.

### Create a port forwarding

 - [POST /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding/post.md): Requires virtual-networks::modify permission.

### Get a port forwarding

 - [DELETE /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/delete.md): Requires virtual-networks::read permission.

### Update a port forwarding

 - [PUT /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/put.md): Requires virtual-networks::modify permission.

### Get default global vpn routes for a virtual network

 - [GET /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/virtual-networks/listnetworkroutes.md): Requires virtual-networks::read permission.

### Create a network route

 - [POST /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route/post.md): Requires virtual-networks::modify permission.

### Delete a network route

 - [DELETE /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network route

 - [PUT /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/put.md): Requires virtual-networks::modify permission.

### List a virtual network's access policies

 - [GET /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/access-policy/listnetworkaccesspolicies.md): Requires virtual-networks::read permission.

### Create a network access policy

 - [POST /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/access-policy/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy/post.md): Requires virtual-networks::modify permission.

### Delete a network access policy

 - [DELETE /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/access-policy/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network access policy

 - [PUT /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/access-policy/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/put.md): Requires virtual-networks::modify permission.

### List staged changes awaiting commit

 - [GET /v2/domain/{domainName}/network/{networkName}/change](https://apidocs.trustgrid.io/change-management/listnetworkchanges.md): Returns staged (uncommitted) changes to the virtual network. Changes are staged before being committed via the change/commit endpoint. Requires virtual-networks::read permission.

### Commit staged changes

 - [POST /v2/domain/{domainName}/network/{networkName}/change/commit](https://apidocs.trustgrid.io/change-management/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1commit/post.md): Requires virtual-networks::modify permission.

### List validation errors for staged changes

 - [GET /v2/domain/{domainName}/network/{networkName}/change/validate](https://apidocs.trustgrid.io/change-management/validatenetworkchanges.md): Requires virtual-networks::read permission.

### Revert a staged change. If the item is newly added and not committed, the item will be deleted along with any associated changes.

 - [DELETE /v2/domain/{domainName}/network/{networkName}/change/{changeID}](https://apidocs.trustgrid.io/change-management/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1%7Bchangeid%7D/delete.md): Requires virtual-networks::modify permission.

### Get a network's DNS configuration

 - [GET /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/dns/getnetworkdns.md): Requires virtual-networks::read permission.

### Update a network's DNS configuration

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/dns/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns/put.md): Requires virtual-networks::modify permission.

### List a network's DNS zones

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/dns-zone/listnetworkdnszones.md): Requires virtual-networks::read permission.

### Create a DNS zone

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/dns-zone/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone/post.md): Requires virtual-networks::modify permission.

### Delete a DNS zone

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/dns-zone/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS zone

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/dns-zone/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/put.md): Requires virtual-networks::modify permission.

### List a network zone's DNS records

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/dns-record/listnetworkdnsrecords.md): Requires virtual-networks::read permission.

### Create a DNS record

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/dns-record/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record/post.md): Requires virtual-networks::modify permission.

### Delete a DNS record

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/dns-record/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS record

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/dns-record/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/put.md): Requires virtual-networks::modify permission.

### List a network's groups

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/network-group/listnetworkgroups.md): Requires virtual-networks::read permission.

### Create a network group

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group/post.md): Requires virtual-networks::modify permission.

### Delete a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network's group memberships

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/network-group/getnetworkgroup.md): Requires virtual-networks::read permission.

### Update a network group

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network object from a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Add a network object to a network group (represented by a network group membership

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/post.md): Requires virtual-networks::modify permission.

### List a network's objects

 - [GET /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/network-object/listnetworkobjects.md): Requires virtual-networks::read permission.

### Create a network object

 - [POST /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/network-object/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object/post.md): Requires virtual-networks::modify permission.

### Delete a network object

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/network-object/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network object

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/network-object/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/put.md): Requires virtual-networks::modify permission.

### List a network's port forwardings

 - [GET /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/port-forwarding/listnetworkportforwardings.md): Requires virtual-networks::read permission.

### Create a port forwarding

 - [POST /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/port-forwarding/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding/post.md): Requires virtual-networks::modify permission.

### Get a port forwarding

 - [DELETE /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/port-forwarding/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/delete.md): Requires virtual-networks::read permission.

### Update a port forwarding

 - [PUT /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/port-forwarding/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/put.md): Requires virtual-networks::modify permission.

### Get default global vpn routes for a virtual network

 - [GET /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/route/listnetworkroutes.md): Requires virtual-networks::read permission.

### Create a network route

 - [POST /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/route/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route/post.md): Requires virtual-networks::modify permission.

### Delete a network route

 - [DELETE /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/route/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network route

 - [PUT /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/route/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's auth groups

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/auth-group/listnetworkauthgroups.md): Requires virtual-networks::read permission.

### Create a network auth group

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group/post.md): Requires virtual-networks::modify permission.

### Delete a network auth group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network auth group's members

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/auth-group/getnetworkauthgroup.md): Requires virtual-networks::read permission.

### Add a network auth group member

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/post.md): Requires virtual-networks::modify permission.

### Update a network auth group

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network auth group member

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a membership

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/put.md): Requires virtual-networks::modify permission.

## Virtual Networks

[Virtual networks](https://docs.trustgrid.io/docs/domain/virtual-networks/) are Layer-3 overlay networks enabling zero-trust connectivity between nodes. Configure routes, DNS, access policies, port forwarding, and IP pools. Requires `virtual-networks::read` permission.


### List virtual networks

 - [GET /v2/domain/{domainName}/network](https://apidocs.trustgrid.io/domain/listvirtualnetworks.md): Requires virtual-networks::read permission.

### Create a virtual network network

 - [POST /v2/domain/{domainName}/network](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network/post.md): Requires virtual-networks::modify permission.

### Delete a virtual network - this change is not staged and will immediately affect the domain

 - [DELETE /v2/domain/{domainName}/network/{networkName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D/delete.md): Requires virtual-networks::modify permission.

### List a virtual network's access policies

 - [GET /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/domain/listnetworkaccesspolicies.md): Requires virtual-networks::read permission.

### Create a network access policy

 - [POST /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy/post.md): Requires virtual-networks::modify permission.

### Delete a network access policy

 - [DELETE /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network access policy

 - [PUT /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's auth groups

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/domain/listnetworkauthgroups.md): Requires virtual-networks::read permission.

### Create a network auth group

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group/post.md): Requires virtual-networks::modify permission.

### Delete a network auth group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network auth group's members

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/domain/getnetworkauthgroup.md): Requires virtual-networks::read permission.

### Add a network auth group member

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/post.md): Requires virtual-networks::modify permission.

### Update a network auth group

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network auth group member

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a membership

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/put.md): Requires virtual-networks::modify permission.

### List staged changes awaiting commit

 - [GET /v2/domain/{domainName}/network/{networkName}/change](https://apidocs.trustgrid.io/domain/listnetworkchanges.md): Returns staged (uncommitted) changes to the virtual network. Changes are staged before being committed via the change/commit endpoint. Requires virtual-networks::read permission.

### Commit staged changes

 - [POST /v2/domain/{domainName}/network/{networkName}/change/commit](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1commit/post.md): Requires virtual-networks::modify permission.

### List validation errors for staged changes

 - [GET /v2/domain/{domainName}/network/{networkName}/change/validate](https://apidocs.trustgrid.io/domain/validatenetworkchanges.md): Requires virtual-networks::read permission.

### Revert a staged change. If the item is newly added and not committed, the item will be deleted along with any associated changes.

 - [DELETE /v2/domain/{domainName}/network/{networkName}/change/{changeID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1%7Bchangeid%7D/delete.md): Requires virtual-networks::modify permission.

### Get a network's DNS configuration

 - [GET /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/domain/getnetworkdns.md): Requires virtual-networks::read permission.

### Update a network's DNS configuration

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns/put.md): Requires virtual-networks::modify permission.

### List a network's DNS zones

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/domain/listnetworkdnszones.md): Requires virtual-networks::read permission.

### Create a DNS zone

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone/post.md): Requires virtual-networks::modify permission.

### Delete a DNS zone

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS zone

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/put.md): Requires virtual-networks::modify permission.

### List a network zone's DNS records

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/domain/listnetworkdnsrecords.md): Requires virtual-networks::read permission.

### Create a DNS record

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record/post.md): Requires virtual-networks::modify permission.

### Delete a DNS record

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS record

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/put.md): Requires virtual-networks::modify permission.

### List a network's groups

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/domain/listnetworkgroups.md): Requires virtual-networks::read permission.

### Create a network group

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group/post.md): Requires virtual-networks::modify permission.

### Delete a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network's group memberships

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/domain/getnetworkgroup.md): Requires virtual-networks::read permission.

### Update a network group

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network object from a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Add a network object to a network group (represented by a network group membership

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/post.md): Requires virtual-networks::modify permission.

### List a network's objects

 - [GET /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/domain/listnetworkobjects.md): Requires virtual-networks::read permission.

### Create a network object

 - [POST /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object/post.md): Requires virtual-networks::modify permission.

### Delete a network object

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network object

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/put.md): Requires virtual-networks::modify permission.

### List a network's port forwardings

 - [GET /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/domain/listnetworkportforwardings.md): Requires virtual-networks::read permission.

### Create a port forwarding

 - [POST /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding/post.md): Requires virtual-networks::modify permission.

### Get a port forwarding

 - [DELETE /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/delete.md): Requires virtual-networks::read permission.

### Update a port forwarding

 - [PUT /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/put.md): Requires virtual-networks::modify permission.

### Get default global vpn routes for a virtual network

 - [GET /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/domain/listnetworkroutes.md): Requires virtual-networks::read permission.

### Create a network route

 - [POST /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route/post.md): Requires virtual-networks::modify permission.

### Delete a network route

 - [DELETE /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network route

 - [PUT /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/put.md): Requires virtual-networks::modify permission.

### List virtual networks

 - [GET /v2/domain/{domainName}/network](https://apidocs.trustgrid.io/virtual-networks/listvirtualnetworks.md): Requires virtual-networks::read permission.

### Create a virtual network network

 - [POST /v2/domain/{domainName}/network](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network/post.md): Requires virtual-networks::modify permission.

### Delete a virtual network - this change is not staged and will immediately affect the domain

 - [DELETE /v2/domain/{domainName}/network/{networkName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D/delete.md): Requires virtual-networks::modify permission.

### List a virtual network's access policies

 - [GET /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/virtual-networks/listnetworkaccesspolicies.md): Requires virtual-networks::read permission.

### Create a network access policy

 - [POST /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy/post.md): Requires virtual-networks::modify permission.

### Delete a network access policy

 - [DELETE /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network access policy

 - [PUT /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's auth groups

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/virtual-networks/listnetworkauthgroups.md): Requires virtual-networks::read permission.

### Create a network auth group

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group/post.md): Requires virtual-networks::modify permission.

### Delete a network auth group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network auth group's members

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/getnetworkauthgroup.md): Requires virtual-networks::read permission.

### Add a network auth group member

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/post.md): Requires virtual-networks::modify permission.

### Update a network auth group

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network auth group member

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a membership

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/put.md): Requires virtual-networks::modify permission.

### List staged changes awaiting commit

 - [GET /v2/domain/{domainName}/network/{networkName}/change](https://apidocs.trustgrid.io/virtual-networks/listnetworkchanges.md): Returns staged (uncommitted) changes to the virtual network. Changes are staged before being committed via the change/commit endpoint. Requires virtual-networks::read permission.

### Commit staged changes

 - [POST /v2/domain/{domainName}/network/{networkName}/change/commit](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1commit/post.md): Requires virtual-networks::modify permission.

### List validation errors for staged changes

 - [GET /v2/domain/{domainName}/network/{networkName}/change/validate](https://apidocs.trustgrid.io/virtual-networks/validatenetworkchanges.md): Requires virtual-networks::read permission.

### Revert a staged change. If the item is newly added and not committed, the item will be deleted along with any associated changes.

 - [DELETE /v2/domain/{domainName}/network/{networkName}/change/{changeID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1%7Bchangeid%7D/delete.md): Requires virtual-networks::modify permission.

### Get a network's DNS configuration

 - [GET /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/virtual-networks/getnetworkdns.md): Requires virtual-networks::read permission.

### Update a network's DNS configuration

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns/put.md): Requires virtual-networks::modify permission.

### List a network's DNS zones

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/virtual-networks/listnetworkdnszones.md): Requires virtual-networks::read permission.

### Create a DNS zone

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone/post.md): Requires virtual-networks::modify permission.

### Delete a DNS zone

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS zone

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/put.md): Requires virtual-networks::modify permission.

### List a network zone's DNS records

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/virtual-networks/listnetworkdnsrecords.md): Requires virtual-networks::read permission.

### Create a DNS record

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record/post.md): Requires virtual-networks::modify permission.

### Delete a DNS record

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS record

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/put.md): Requires virtual-networks::modify permission.

### List a network's groups

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/virtual-networks/listnetworkgroups.md): Requires virtual-networks::read permission.

### Create a network group

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group/post.md): Requires virtual-networks::modify permission.

### Delete a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network's group memberships

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/getnetworkgroup.md): Requires virtual-networks::read permission.

### Update a network group

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network object from a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Add a network object to a network group (represented by a network group membership

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/post.md): Requires virtual-networks::modify permission.

### List a network's objects

 - [GET /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/virtual-networks/listnetworkobjects.md): Requires virtual-networks::read permission.

### Create a network object

 - [POST /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object/post.md): Requires virtual-networks::modify permission.

### Delete a network object

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network object

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/put.md): Requires virtual-networks::modify permission.

### List a network's port forwardings

 - [GET /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/virtual-networks/listnetworkportforwardings.md): Requires virtual-networks::read permission.

### Create a port forwarding

 - [POST /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding/post.md): Requires virtual-networks::modify permission.

### Get a port forwarding

 - [DELETE /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/delete.md): Requires virtual-networks::read permission.

### Update a port forwarding

 - [PUT /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/put.md): Requires virtual-networks::modify permission.

### Get default global vpn routes for a virtual network

 - [GET /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/virtual-networks/listnetworkroutes.md): Requires virtual-networks::read permission.

### Create a network route

 - [POST /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route/post.md): Requires virtual-networks::modify permission.

### Delete a network route

 - [DELETE /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network route

 - [PUT /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/put.md): Requires virtual-networks::modify permission.

### List a virtual network's access policies

 - [GET /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/access-policy/listnetworkaccesspolicies.md): Requires virtual-networks::read permission.

### Create a network access policy

 - [POST /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/access-policy/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy/post.md): Requires virtual-networks::modify permission.

### Delete a network access policy

 - [DELETE /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/access-policy/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network access policy

 - [PUT /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/access-policy/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/put.md): Requires virtual-networks::modify permission.

### List staged changes awaiting commit

 - [GET /v2/domain/{domainName}/network/{networkName}/change](https://apidocs.trustgrid.io/change-management/listnetworkchanges.md): Returns staged (uncommitted) changes to the virtual network. Changes are staged before being committed via the change/commit endpoint. Requires virtual-networks::read permission.

### Commit staged changes

 - [POST /v2/domain/{domainName}/network/{networkName}/change/commit](https://apidocs.trustgrid.io/change-management/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1commit/post.md): Requires virtual-networks::modify permission.

### List validation errors for staged changes

 - [GET /v2/domain/{domainName}/network/{networkName}/change/validate](https://apidocs.trustgrid.io/change-management/validatenetworkchanges.md): Requires virtual-networks::read permission.

### Revert a staged change. If the item is newly added and not committed, the item will be deleted along with any associated changes.

 - [DELETE /v2/domain/{domainName}/network/{networkName}/change/{changeID}](https://apidocs.trustgrid.io/change-management/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1%7Bchangeid%7D/delete.md): Requires virtual-networks::modify permission.

### Get a network's DNS configuration

 - [GET /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/dns/getnetworkdns.md): Requires virtual-networks::read permission.

### Update a network's DNS configuration

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/dns/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns/put.md): Requires virtual-networks::modify permission.

### List a network's DNS zones

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/dns-zone/listnetworkdnszones.md): Requires virtual-networks::read permission.

### Create a DNS zone

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/dns-zone/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone/post.md): Requires virtual-networks::modify permission.

### Delete a DNS zone

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/dns-zone/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS zone

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/dns-zone/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/put.md): Requires virtual-networks::modify permission.

### List a network zone's DNS records

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/dns-record/listnetworkdnsrecords.md): Requires virtual-networks::read permission.

### Create a DNS record

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/dns-record/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record/post.md): Requires virtual-networks::modify permission.

### Delete a DNS record

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/dns-record/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS record

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/dns-record/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/put.md): Requires virtual-networks::modify permission.

### List a network's groups

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/network-group/listnetworkgroups.md): Requires virtual-networks::read permission.

### Create a network group

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group/post.md): Requires virtual-networks::modify permission.

### Delete a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network's group memberships

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/network-group/getnetworkgroup.md): Requires virtual-networks::read permission.

### Update a network group

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network object from a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Add a network object to a network group (represented by a network group membership

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/post.md): Requires virtual-networks::modify permission.

### List a network's objects

 - [GET /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/network-object/listnetworkobjects.md): Requires virtual-networks::read permission.

### Create a network object

 - [POST /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/network-object/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object/post.md): Requires virtual-networks::modify permission.

### Delete a network object

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/network-object/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network object

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/network-object/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/put.md): Requires virtual-networks::modify permission.

### List a network's port forwardings

 - [GET /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/port-forwarding/listnetworkportforwardings.md): Requires virtual-networks::read permission.

### Create a port forwarding

 - [POST /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/port-forwarding/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding/post.md): Requires virtual-networks::modify permission.

### Get a port forwarding

 - [DELETE /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/port-forwarding/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/delete.md): Requires virtual-networks::read permission.

### Update a port forwarding

 - [PUT /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/port-forwarding/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/put.md): Requires virtual-networks::modify permission.

### Get default global vpn routes for a virtual network

 - [GET /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/route/listnetworkroutes.md): Requires virtual-networks::read permission.

### Create a network route

 - [POST /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/route/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route/post.md): Requires virtual-networks::modify permission.

### Delete a network route

 - [DELETE /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/route/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network route

 - [PUT /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/route/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's auth groups

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/auth-group/listnetworkauthgroups.md): Requires virtual-networks::read permission.

### Create a network auth group

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group/post.md): Requires virtual-networks::modify permission.

### Delete a network auth group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network auth group's members

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/auth-group/getnetworkauthgroup.md): Requires virtual-networks::read permission.

### Add a network auth group member

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/post.md): Requires virtual-networks::modify permission.

### Update a network auth group

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network auth group member

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a membership

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/put.md): Requires virtual-networks::modify permission.

## Access Policy

Access policies within virtual networks controlling which nodes and groups can communicate. Requires `virtual-networks::read` to view, `virtual-networks::modify` to manage.


### List a virtual network's access policies

 - [GET /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/domain/listnetworkaccesspolicies.md): Requires virtual-networks::read permission.

### Create a network access policy

 - [POST /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy/post.md): Requires virtual-networks::modify permission.

### Delete a network access policy

 - [DELETE /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network access policy

 - [PUT /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/put.md): Requires virtual-networks::modify permission.

### List a virtual network's access policies

 - [GET /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/virtual-networks/listnetworkaccesspolicies.md): Requires virtual-networks::read permission.

### Create a network access policy

 - [POST /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy/post.md): Requires virtual-networks::modify permission.

### Delete a network access policy

 - [DELETE /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network access policy

 - [PUT /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/put.md): Requires virtual-networks::modify permission.

### List a virtual network's access policies

 - [GET /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/access-policy/listnetworkaccesspolicies.md): Requires virtual-networks::read permission.

### Create a network access policy

 - [POST /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/access-policy/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy/post.md): Requires virtual-networks::modify permission.

### Delete a network access policy

 - [DELETE /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/access-policy/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network access policy

 - [PUT /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/access-policy/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/put.md): Requires virtual-networks::modify permission.

## Auth Group

### List a network's auth groups

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/domain/listnetworkauthgroups.md): Requires virtual-networks::read permission.

### Create a network auth group

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group/post.md): Requires virtual-networks::modify permission.

### Delete a network auth group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network auth group's members

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/domain/getnetworkauthgroup.md): Requires virtual-networks::read permission.

### Add a network auth group member

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/post.md): Requires virtual-networks::modify permission.

### Update a network auth group

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network auth group member

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a membership

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's auth groups

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/virtual-networks/listnetworkauthgroups.md): Requires virtual-networks::read permission.

### Create a network auth group

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group/post.md): Requires virtual-networks::modify permission.

### Delete a network auth group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network auth group's members

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/getnetworkauthgroup.md): Requires virtual-networks::read permission.

### Add a network auth group member

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/post.md): Requires virtual-networks::modify permission.

### Update a network auth group

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network auth group member

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a membership

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's auth groups

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/auth-group/listnetworkauthgroups.md): Requires virtual-networks::read permission.

### Create a network auth group

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group/post.md): Requires virtual-networks::modify permission.

### Delete a network auth group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network auth group's members

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/auth-group/getnetworkauthgroup.md): Requires virtual-networks::read permission.

### Add a network auth group member

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/post.md): Requires virtual-networks::modify permission.

### Update a network auth group

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network auth group member

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a membership

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/put.md): Requires virtual-networks::modify permission.

## Change Management

Tracked network configuration changes with approval workflows. Requires `virtual-networks::read` to view changes, `virtual-networks::modify` to stage and commit changes.


### List staged changes awaiting commit

 - [GET /v2/domain/{domainName}/network/{networkName}/change](https://apidocs.trustgrid.io/domain/listnetworkchanges.md): Returns staged (uncommitted) changes to the virtual network. Changes are staged before being committed via the change/commit endpoint. Requires virtual-networks::read permission.

### Commit staged changes

 - [POST /v2/domain/{domainName}/network/{networkName}/change/commit](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1commit/post.md): Requires virtual-networks::modify permission.

### List validation errors for staged changes

 - [GET /v2/domain/{domainName}/network/{networkName}/change/validate](https://apidocs.trustgrid.io/domain/validatenetworkchanges.md): Requires virtual-networks::read permission.

### Revert a staged change. If the item is newly added and not committed, the item will be deleted along with any associated changes.

 - [DELETE /v2/domain/{domainName}/network/{networkName}/change/{changeID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1%7Bchangeid%7D/delete.md): Requires virtual-networks::modify permission.

### List staged changes awaiting commit

 - [GET /v2/domain/{domainName}/network/{networkName}/change](https://apidocs.trustgrid.io/virtual-networks/listnetworkchanges.md): Returns staged (uncommitted) changes to the virtual network. Changes are staged before being committed via the change/commit endpoint. Requires virtual-networks::read permission.

### Commit staged changes

 - [POST /v2/domain/{domainName}/network/{networkName}/change/commit](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1commit/post.md): Requires virtual-networks::modify permission.

### List validation errors for staged changes

 - [GET /v2/domain/{domainName}/network/{networkName}/change/validate](https://apidocs.trustgrid.io/virtual-networks/validatenetworkchanges.md): Requires virtual-networks::read permission.

### Revert a staged change. If the item is newly added and not committed, the item will be deleted along with any associated changes.

 - [DELETE /v2/domain/{domainName}/network/{networkName}/change/{changeID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1%7Bchangeid%7D/delete.md): Requires virtual-networks::modify permission.

### List staged changes awaiting commit

 - [GET /v2/domain/{domainName}/network/{networkName}/change](https://apidocs.trustgrid.io/change-management/listnetworkchanges.md): Returns staged (uncommitted) changes to the virtual network. Changes are staged before being committed via the change/commit endpoint. Requires virtual-networks::read permission.

### Commit staged changes

 - [POST /v2/domain/{domainName}/network/{networkName}/change/commit](https://apidocs.trustgrid.io/change-management/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1commit/post.md): Requires virtual-networks::modify permission.

### List validation errors for staged changes

 - [GET /v2/domain/{domainName}/network/{networkName}/change/validate](https://apidocs.trustgrid.io/change-management/validatenetworkchanges.md): Requires virtual-networks::read permission.

### Revert a staged change. If the item is newly added and not committed, the item will be deleted along with any associated changes.

 - [DELETE /v2/domain/{domainName}/network/{networkName}/change/{changeID}](https://apidocs.trustgrid.io/change-management/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1%7Bchangeid%7D/delete.md): Requires virtual-networks::modify permission.

## DNS

DNS configuration within virtual networks, including zone and record management for resolving names across the overlay network. Requires `virtual-networks::read` to view, `virtual-networks::modify` to manage.


### Get a network's DNS configuration

 - [GET /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/domain/getnetworkdns.md): Requires virtual-networks::read permission.

### Update a network's DNS configuration

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns/put.md): Requires virtual-networks::modify permission.

### Get a network's DNS configuration

 - [GET /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/virtual-networks/getnetworkdns.md): Requires virtual-networks::read permission.

### Update a network's DNS configuration

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns/put.md): Requires virtual-networks::modify permission.

### Get a network's DNS configuration

 - [GET /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/dns/getnetworkdns.md): Requires virtual-networks::read permission.

### Update a network's DNS configuration

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/dns/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns/put.md): Requires virtual-networks::modify permission.

## DNS Zone

DNS zones hosted within a virtual network, used to resolve internal hostnames for nodes and services. Requires `virtual-networks::read` to view, `virtual-networks::modify` to manage.


### List a network's DNS zones

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/domain/listnetworkdnszones.md): Requires virtual-networks::read permission.

### Create a DNS zone

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone/post.md): Requires virtual-networks::modify permission.

### Delete a DNS zone

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS zone

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/put.md): Requires virtual-networks::modify permission.

### List a network's DNS zones

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/virtual-networks/listnetworkdnszones.md): Requires virtual-networks::read permission.

### Create a DNS zone

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone/post.md): Requires virtual-networks::modify permission.

### Delete a DNS zone

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS zone

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/put.md): Requires virtual-networks::modify permission.

### List a network's DNS zones

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/dns-zone/listnetworkdnszones.md): Requires virtual-networks::read permission.

### Create a DNS zone

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/dns-zone/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone/post.md): Requires virtual-networks::modify permission.

### Delete a DNS zone

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/dns-zone/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS zone

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/dns-zone/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/put.md): Requires virtual-networks::modify permission.

## DNS Record

Individual DNS A/CNAME records within a virtual network DNS zone. Requires `virtual-networks::read` to view, `virtual-networks::modify` to manage.


### List a network zone's DNS records

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/domain/listnetworkdnsrecords.md): Requires virtual-networks::read permission.

### Create a DNS record

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record/post.md): Requires virtual-networks::modify permission.

### Delete a DNS record

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS record

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/put.md): Requires virtual-networks::modify permission.

### List a network zone's DNS records

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/virtual-networks/listnetworkdnsrecords.md): Requires virtual-networks::read permission.

### Create a DNS record

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record/post.md): Requires virtual-networks::modify permission.

### Delete a DNS record

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS record

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/put.md): Requires virtual-networks::modify permission.

### List a network zone's DNS records

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/dns-record/listnetworkdnsrecords.md): Requires virtual-networks::read permission.

### Create a DNS record

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/dns-record/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record/post.md): Requires virtual-networks::modify permission.

### Delete a DNS record

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/dns-record/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS record

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/dns-record/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/put.md): Requires virtual-networks::modify permission.

## Network Group

Named collections of network objects for use in access policies. Requires `virtual-networks::read` to view, `virtual-networks::modify` to manage.


### List a network's groups

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/domain/listnetworkgroups.md): Requires virtual-networks::read permission.

### Create a network group

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group/post.md): Requires virtual-networks::modify permission.

### Delete a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network's group memberships

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/domain/getnetworkgroup.md): Requires virtual-networks::read permission.

### Update a network group

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network object from a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Add a network object to a network group (represented by a network group membership

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/post.md): Requires virtual-networks::modify permission.

### List a network's groups

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/virtual-networks/listnetworkgroups.md): Requires virtual-networks::read permission.

### Create a network group

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group/post.md): Requires virtual-networks::modify permission.

### Delete a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network's group memberships

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/getnetworkgroup.md): Requires virtual-networks::read permission.

### Update a network group

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network object from a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Add a network object to a network group (represented by a network group membership

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/post.md): Requires virtual-networks::modify permission.

### List a network's groups

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/network-group/listnetworkgroups.md): Requires virtual-networks::read permission.

### Create a network group

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group/post.md): Requires virtual-networks::modify permission.

### Delete a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network's group memberships

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/network-group/getnetworkgroup.md): Requires virtual-networks::read permission.

### Update a network group

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network object from a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Add a network object to a network group (represented by a network group membership

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/post.md): Requires virtual-networks::modify permission.

## Network Object

Network objects (subnets, hosts, ranges) used as reusable references in access policies and routes. Requires `virtual-networks::read` to view, `virtual-networks::modify` to manage.


### List a network's objects

 - [GET /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/domain/listnetworkobjects.md): Requires virtual-networks::read permission.

### Create a network object

 - [POST /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object/post.md): Requires virtual-networks::modify permission.

### Delete a network object

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network object

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/put.md): Requires virtual-networks::modify permission.

### List a network's objects

 - [GET /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/virtual-networks/listnetworkobjects.md): Requires virtual-networks::read permission.

### Create a network object

 - [POST /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object/post.md): Requires virtual-networks::modify permission.

### Delete a network object

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network object

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/put.md): Requires virtual-networks::modify permission.

### List a network's objects

 - [GET /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/network-object/listnetworkobjects.md): Requires virtual-networks::read permission.

### Create a network object

 - [POST /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/network-object/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object/post.md): Requires virtual-networks::modify permission.

### Delete a network object

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/network-object/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network object

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/network-object/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/put.md): Requires virtual-networks::modify permission.

## Port Forwarding

Port forwarding rules that expose node services through the virtual network to other nodes. Requires `virtual-networks::read` to view, `virtual-networks::modify` to manage.


### List a network's port forwardings

 - [GET /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/domain/listnetworkportforwardings.md): Requires virtual-networks::read permission.

### Create a port forwarding

 - [POST /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding/post.md): Requires virtual-networks::modify permission.

### Get a port forwarding

 - [DELETE /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/delete.md): Requires virtual-networks::read permission.

### Update a port forwarding

 - [PUT /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's port forwardings

 - [GET /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/virtual-networks/listnetworkportforwardings.md): Requires virtual-networks::read permission.

### Create a port forwarding

 - [POST /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding/post.md): Requires virtual-networks::modify permission.

### Get a port forwarding

 - [DELETE /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/delete.md): Requires virtual-networks::read permission.

### Update a port forwarding

 - [PUT /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's port forwardings

 - [GET /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/port-forwarding/listnetworkportforwardings.md): Requires virtual-networks::read permission.

### Create a port forwarding

 - [POST /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/port-forwarding/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding/post.md): Requires virtual-networks::modify permission.

### Get a port forwarding

 - [DELETE /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/port-forwarding/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/delete.md): Requires virtual-networks::read permission.

### Update a port forwarding

 - [PUT /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/port-forwarding/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/put.md): Requires virtual-networks::modify permission.

## Route

Static routes within a virtual network directing traffic between nodes and subnets. Requires `virtual-networks::read` to view, `virtual-networks::modify` to manage.


### Get default global vpn routes for a virtual network

 - [GET /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/domain/listnetworkroutes.md): Requires virtual-networks::read permission.

### Create a network route

 - [POST /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route/post.md): Requires virtual-networks::modify permission.

### Delete a network route

 - [DELETE /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network route

 - [PUT /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/put.md): Requires virtual-networks::modify permission.

### Get default global vpn routes for a virtual network

 - [GET /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/virtual-networks/listnetworkroutes.md): Requires virtual-networks::read permission.

### Create a network route

 - [POST /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route/post.md): Requires virtual-networks::modify permission.

### Delete a network route

 - [DELETE /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network route

 - [PUT /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/put.md): Requires virtual-networks::modify permission.

### Get default global vpn routes for a virtual network

 - [GET /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/route/listnetworkroutes.md): Requires virtual-networks::read permission.

### Create a network route

 - [POST /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/route/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route/post.md): Requires virtual-networks::modify permission.

### Delete a network route

 - [DELETE /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/route/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network route

 - [PUT /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/route/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/put.md): Requires virtual-networks::modify permission.

## Cluster

[Clusters](https://docs.trustgrid.io/docs/clusters/) group nodes for high availability and shared configuration. Changes applied to a cluster propagate to all member nodes. Requires `nodes::read` permission.


### Retrieve all high-availability node clusters in the organization

 - [GET /cluster](https://apidocs.trustgrid.io/cluster/listclusters.md)

### Create a new high-availability cluster for grouping nodes

 - [POST /cluster](https://apidocs.trustgrid.io/cluster/paths/~1cluster/post.md)

### Permanently remove a cluster and all its configurations

 - [DELETE /cluster/{clusterFQDN}](https://apidocs.trustgrid.io/cluster/paths/~1cluster~1%7Bclusterfqdn%7D/delete.md)

### Retrieve detailed configuration and status of a specific cluster

 - [GET /cluster/{clusterFQDN}](https://apidocs.trustgrid.io/cluster/getcluster.md)

### Modify cluster configuration and failover settings

 - [PUT /cluster/{clusterFQDN}](https://apidocs.trustgrid.io/cluster/paths/~1cluster~1%7Bclusterfqdn%7D/put.md)

### Manually promote a specific node to be the active member in an HA cluster

 - [PUT /cluster/{clusterFQDN}/active/{nodeID}](https://apidocs.trustgrid.io/cluster/paths/~1cluster~1%7Bclusterfqdn%7D~1active~1%7Bnodeid%7D/put.md)

### Update connectors configuration for a cluster

 - [PUT /cluster/{clusterFQDN}/config/connectors](https://apidocs.trustgrid.io/cluster/paths/~1cluster~1%7Bclusterfqdn%7D~1config~1connectors/put.md): Requires node::configure::connectors permissions

### Delete the connector config for a cluster

 - [DELETE /cluster/{clusterFQDN}/config/connectors](https://apidocs.trustgrid.io/cluster/paths/~1cluster~1%7Bclusterfqdn%7D~1config~1connectors/delete.md): Requires node::configure::connectors permissions

### Add a connector to a cluster. Requires V2 connector config.

 - [POST /v2/cluster/{clusterFQDN}/config/connectors](https://apidocs.trustgrid.io/cluster/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1config~1connectors/post.md): Requires node::configure::connectors permissions

### Upgrade a cluster's connector config to V2.

 - [POST /v2/cluster/{clusterFQDN}/config/connectors/upgrade](https://apidocs.trustgrid.io/cluster/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1config~1connectors~1upgrade/post.md): Requires node::configure::connectors permissions

### Update a connector on a cluster

 - [PUT /v2/cluster/{clusterFQDN}/config/connectors/{connectorID}](https://apidocs.trustgrid.io/cluster/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1config~1connectors~1%7Bconnectorid%7D/put.md): Requires V2 connector config.

---

Requires node::configure::connectors permissions

### Delete a connector from a cluster. Requires V2 connector config.

 - [DELETE /v2/cluster/{clusterFQDN}/config/connectors/{connectorID}](https://apidocs.trustgrid.io/cluster/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1config~1connectors~1%7Bconnectorid%7D/delete.md): Requires node::configure::connectors permissions

### Update network configuration for a cluster

 - [PUT /cluster/{clusterFQDN}/config/network](https://apidocs.trustgrid.io/cluster/paths/~1cluster~1%7Bclusterfqdn%7D~1config~1network/put.md): Requires node::configure:network permissions

### Update services configuration for a cluster.

 - [PUT /cluster/{clusterFQDN}/config/services](https://apidocs.trustgrid.io/cluster/paths/~1cluster~1%7Bclusterfqdn%7D~1config~1services/put.md): Requires nodes::configure::services permissions.

### Remove a cluster's services configuration.

 - [DELETE /cluster/{clusterFQDN}/config/services](https://apidocs.trustgrid.io/cluster/paths/~1cluster~1%7Bclusterfqdn%7D~1config~1services/delete.md): Requires nodes::configure::services permissions.

### Add a service to a cluster. Requires V2 services config.

 - [POST /v2/cluster/{clusterFQDN}/config/services](https://apidocs.trustgrid.io/cluster/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1config~1services/post.md): Requires node::configure::services permissions

### Upgrade a cluster's services config to V2.

 - [POST /v2/cluster/{clusterFQDN}/config/services/upgrade](https://apidocs.trustgrid.io/cluster/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1config~1services~1upgrade/post.md): Requires node::configure::services permissions

### Update a service on a cluster.

 - [PUT /v2/cluster/{clusterFQDN}/config/services/{serviceID}](https://apidocs.trustgrid.io/cluster/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1config~1services~1%7Bserviceid%7D/put.md): Requires V2 services config.

---

Requires node::configure::services permissions

### Delete a service from a cluster

 - [DELETE /v2/cluster/{clusterFQDN}/config/services/{serviceID}](https://apidocs.trustgrid.io/cluster/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1config~1services~1%7Bserviceid%7D/delete.md): Requires V2 services config.

---

Requires node::configure::services permissions

### Delete a tag from a cluster

 - [DELETE /cluster/{clusterFQDN}/tag/{tagName}](https://apidocs.trustgrid.io/cluster/paths/~1cluster~1%7Bclusterfqdn%7D~1tag~1%7Btagname%7D/delete.md)

### Set a tag on a cluster

 - [PUT /cluster/{clusterFQDN}/tag/{tagName}](https://apidocs.trustgrid.io/cluster/paths/~1cluster~1%7Bclusterfqdn%7D~1tag~1%7Btagname%7D/put.md)

## VPN

Per-cluster attachment to virtual networks. Configure which virtual networks a cluster participates in and its VPN interface settings. Requires `node-vpn::read` permission.


### List all VPN networks attached to a cluster, including IP assignments and routing

 - [GET /v2/cluster/{clusterFQDN}/vpn](https://apidocs.trustgrid.io/cluster-greater-vpn/listclustervpnnetworks.md)

### Attach a VPN network

 - [POST /v2/cluster/{clusterFQDN}/vpn](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn/post.md)

### Delete a VPN network

 - [DELETE /v2/cluster/{clusterFQDN}/vpn/{networkName}](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D/delete.md)

### Get full details of a VPN network on a cluster, including routes, services, interfaces, and DNS

 - [GET /v2/cluster/{clusterFQDN}/vpn/{networkName}](https://apidocs.trustgrid.io/cluster-greater-vpn/getclustervpnnetwork.md)

### Update a VPN network

 - [PUT /v2/cluster/{clusterFQDN}/vpn/{networkName}](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D/put.md)

### Delete a VPN DNS configuration

 - [DELETE /v2/cluster/{clusterFQDN}/vpn/{networkName}/dns](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1dns/delete.md)

### Get a VPN DNS configuration

 - [GET /v2/cluster/{clusterFQDN}/vpn/{networkName}/dns](https://apidocs.trustgrid.io/cluster-greater-vpn/getclustervpndns.md)

### Create a VPN DNS configuration

 - [POST /v2/cluster/{clusterFQDN}/vpn/{networkName}/dns](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1dns/post.md)

### Update a VPN DNS configuration

 - [PUT /v2/cluster/{clusterFQDN}/vpn/{networkName}/dns](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1dns/put.md)

### Get dynamic routes exported by a cluster

 - [GET /v2/cluster/{clusterFQDN}/vpn/{networkName}/dynamic/export-route](https://apidocs.trustgrid.io/cluster-greater-vpn/listclustervpnexportroutes.md)

### Create a VPN export route

 - [POST /v2/cluster/{clusterFQDN}/vpn/{networkName}/dynamic/export-route](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1dynamic~1export-route/post.md)

### Delete a VPN export route

 - [DELETE /v2/cluster/{clusterFQDN}/vpn/{networkName}/dynamic/export-route/{uid}](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1dynamic~1export-route~1%7Buid%7D/delete.md)

### Update a VPN export route

 - [PUT /v2/cluster/{clusterFQDN}/vpn/{networkName}/dynamic/export-route/{uid}](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1dynamic~1export-route~1%7Buid%7D/put.md)

### Get dynamic routes imported by a cluster

 - [GET /v2/cluster/{clusterFQDN}/vpn/{networkName}/dynamic/import-route](https://apidocs.trustgrid.io/cluster-greater-vpn/listclustervpnimportroutes.md)

### Create a VPN import route

 - [POST /v2/cluster/{clusterFQDN}/vpn/{networkName}/dynamic/import-route](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1dynamic~1import-route/post.md)

### Delete a VPN import route

 - [DELETE /v2/cluster/{clusterFQDN}/vpn/{networkName}/dynamic/import-route/{uid}](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1dynamic~1import-route~1%7Buid%7D/delete.md)

### Update a VPN import route

 - [PUT /v2/cluster/{clusterFQDN}/vpn/{networkName}/dynamic/import-route/{uid}](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1dynamic~1import-route~1%7Buid%7D/put.md)

### Get a VPN's interfaces

 - [GET /v2/cluster/{clusterFQDN}/vpn/{networkName}/interface](https://apidocs.trustgrid.io/cluster-greater-vpn/listclustervpninterfaces.md): Get the list of interfaces attached to a VPN network on a cluster. Note: NATs within a VPN interface can share the same source and destination CIDRs provided they are differentiated by route metric. This is intentional and not a configuration error.

### Create a VPN interface

 - [POST /v2/cluster/{clusterFQDN}/vpn/{networkName}/interface](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1interface/post.md): inDefaultRoute and outDefaultRoute are mutually exclusive — set at most one to true.

Inside NATs (insideNats) rewrite traffic arriving from the VPN before it enters the local network.
Outside NATs (outsideNats) rewrite traffic leaving the local network before it enters the VPN.

After creating or updating a VPN interface, push the cluster config for the change to take effect.

### Delete a VPN interface

 - [DELETE /v2/cluster/{clusterFQDN}/vpn/{networkName}/interface/{interfaceName}](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1interface~1%7Binterfacename%7D/delete.md)

### Update a VPN interface

 - [PUT /v2/cluster/{clusterFQDN}/vpn/{networkName}/interface/{interfaceName}](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1interface~1%7Binterfacename%7D/put.md): inDefaultRoute and outDefaultRoute are mutually exclusive — set at most one to true.

Inside NATs (insideNats) rewrite traffic arriving from the VPN before it enters the local network.
Outside NATs (outsideNats) rewrite traffic leaving the local network before it enters the VPN.

After creating or updating a VPN interface, push the cluster config for the change to take effect.

### Get local vpn routes for a customer

 - [GET /v2/cluster/{clusterFQDN}/vpn/{networkName}/route](https://apidocs.trustgrid.io/cluster-greater-vpn/listclustervpnroutes.md)

### Create a VPN route

 - [POST /v2/cluster/{clusterFQDN}/vpn/{networkName}/route](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1route/post.md)

### Delete a VPN route

 - [DELETE /v2/cluster/{clusterFQDN}/vpn/{networkName}/route/{uid}](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1route~1%7Buid%7D/delete.md)

### Update a VPN route

 - [PUT /v2/cluster/{clusterFQDN}/vpn/{networkName}/route/{uid}](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1route~1%7Buid%7D/put.md)

### Get a VPN's services

 - [GET /v2/cluster/{clusterFQDN}/vpn/{networkName}/service](https://apidocs.trustgrid.io/cluster-greater-vpn/listclustervpnservices.md)

### Create a VPN Service

 - [POST /v2/cluster/{clusterFQDN}/vpn/{networkName}/service](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1service/post.md)

### Delete a Service

 - [DELETE /v2/cluster/{clusterFQDN}/vpn/{networkName}/service/{uid}](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1service~1%7Buid%7D/delete.md)

### Update a Service

 - [PUT /v2/cluster/{clusterFQDN}/vpn/{networkName}/service/{uid}](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1service~1%7Buid%7D/put.md)

## Compute

[Cluster edge compute](https://docs.trustgrid.io/docs/nodes/appliances/containers/) — Docker container workloads deployed across cluster nodes. Requires `node-exec::read` permission. Requires `exec` feature flag.


### Retrieve all edge computing containers running on a cluster

 - [GET /v2/cluster/{clusterFQDN}/exec/container](https://apidocs.trustgrid.io/cluster-greater-compute/listclustercontainers.md): Requires node-exec::read permission.

### Deploy a new containerized application to run on the cluster

 - [POST /v2/cluster/{clusterFQDN}/exec/container](https://apidocs.trustgrid.io/cluster-greater-compute/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1exec~1container/post.md): Requires node-exec::modify permission.

### Remove a containerized application from the cluster and stop execution

 - [DELETE /v2/cluster/{clusterFQDN}/exec/container/{containerID}](https://apidocs.trustgrid.io/cluster-greater-compute/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1exec~1container~1%7Bcontainerid%7D/delete.md): Requires node-exec::modify permission.

### Get edge compute container configuration on a cluster

 - [GET /v2/cluster/{clusterFQDN}/exec/container/{containerID}](https://apidocs.trustgrid.io/cluster-greater-compute/getclustercontainer.md): Requires node-exec::read permission.

### Update a container

 - [PUT /v2/cluster/{clusterFQDN}/exec/container/{containerID}](https://apidocs.trustgrid.io/cluster-greater-compute/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1exec~1container~1%7Bcontainerid%7D/put.md): Requires node-exec::modify permission.

### Retrieve security capabilities and permissions for a container

 - [GET /v2/cluster/{clusterFQDN}/exec/container/{containerID}/capability](https://apidocs.trustgrid.io/cluster-greater-compute/getclustercontainercapabilities.md): Requires node-exec::read permission.

### Update container config

 - [PUT /v2/cluster/{clusterFQDN}/exec/container/{containerID}/config](https://apidocs.trustgrid.io/cluster-greater-compute/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1exec~1container~1%7Bcontainerid%7D~1config/put.md): Requires node-exec::modify permission.

### Get container health check

 - [GET /v2/cluster/{clusterFQDN}/exec/container/{containerID}/healthcheck](https://apidocs.trustgrid.io/cluster-greater-compute/getclustercontainerhealthcheck.md): Requires node-exec::read permission.

### List container interfaces

 - [GET /v2/cluster/{clusterFQDN}/exec/container/{containerID}/interface](https://apidocs.trustgrid.io/cluster-greater-compute/listclustercontainerinterfaces.md): Requires node-exec::read permission.

### List container limits

 - [GET /v2/cluster/{clusterFQDN}/exec/container/{containerID}/limit](https://apidocs.trustgrid.io/cluster-greater-compute/listclustercontainerlimits.md): Requires node-exec::read permission.

### Get container logging configuration

 - [GET /v2/cluster/{clusterFQDN}/exec/container/{containerID}/logging](https://apidocs.trustgrid.io/cluster-greater-compute/getclustercontainerlogging.md): Requires node-exec::read permission.

### List container mounts

 - [GET /v2/cluster/{clusterFQDN}/exec/container/{containerID}/mount](https://apidocs.trustgrid.io/cluster-greater-compute/listclustercontainermounts.md): Requires node-exec::read permission.

### List container port mappings

 - [GET /v2/cluster/{clusterFQDN}/exec/container/{containerID}/port-mapping](https://apidocs.trustgrid.io/cluster-greater-compute/listclustercontainerportmappings.md): Requires node-exec::read permission.

### List container variables

 - [GET /v2/cluster/{clusterFQDN}/exec/container/{containerID}/variable](https://apidocs.trustgrid.io/cluster-greater-compute/listclustercontainervariables.md): Requires node-exec::read permission.

### List container virtual networks

 - [GET /v2/cluster/{clusterFQDN}/exec/container/{containerID}/virtual-network](https://apidocs.trustgrid.io/cluster-greater-compute/listclustercontainervirtualnetworks.md): Requires node-exec::read permission.

### List container volumes

 - [GET /v2/cluster/{clusterFQDN}/exec/container/{containerID}/volume](https://apidocs.trustgrid.io/cluster-greater-compute/listclustercontainervolumes.md): Requires node-exec::read permission.

### Get container VRF

 - [GET /v2/cluster/{clusterFQDN}/exec/container/{containerID}/vrf](https://apidocs.trustgrid.io/cluster-greater-compute/getclustercontainervrf.md): Requires node-exec::read permission.

### List volumes

 - [GET /v2/cluster/{clusterFQDN}/exec/volume](https://apidocs.trustgrid.io/cluster-greater-compute/listclustervolumes.md): Requires node-exec::read permission.

### Create volume

 - [POST /v2/cluster/{clusterFQDN}/exec/volume](https://apidocs.trustgrid.io/cluster-greater-compute/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1exec~1volume/post.md): Requires node-exec::modify permission.

### Delete a volume

 - [DELETE /v2/cluster/{clusterFQDN}/exec/volume/{volumeName}](https://apidocs.trustgrid.io/cluster-greater-compute/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1exec~1volume~1%7Bvolumename%7D/delete.md): Requires node-exec::modify permission.

## Appliance

[Appliances](https://docs.trustgrid.io/docs/nodes/appliances/) are physical or virtual machine Trustgrid nodes providing full network, VPN, edge compute, and monitoring capabilities. Requires `nodes::read` permission.


### Retrieve all network nodes including appliances and agents with filtering options

 - [GET /node](https://apidocs.trustgrid.io/appliance/listnodes.md): List both appliances and agents. The fields config and shadow will be empty unless
specified in the projection parameter. The query for the config or shadow must be at least
one level deep - projection0=config won't work, but projection0=config&projection0=gateway
will result in config.gateway being populated.

---

Requires nodes::read permission.

### Generate a license key for registering a new node to the organization

 - [GET /node/license](https://apidocs.trustgrid.io/appliance/getnodelicense.md): Generates a license key that an appliance node uses to register with the organization.

---

Requires nodes::manage permission.

### Retrieve a node by its fully-qualified domain name

 - [GET /node/by-fqdn/{fqdn}](https://apidocs.trustgrid.io/appliance/getnodebyfqdn.md): Get a node using its FQDN directly, as an alternative to looking up the nodeID first.

---

Requires nodes::read permission on the node.

### Permanently remove a node from the organization and revoke access

 - [DELETE /node/{nodeID}](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D/delete.md): Delete a node (appliance or agent)

---

Requires nodes::delete permission.

### Retrieve detailed configuration and status information for a specific node

 - [GET /node/{nodeID}](https://apidocs.trustgrid.io/appliance/getnode.md): Get a node (appliance or agent)

---

Requires nodes::read permission.

### Modify node settings including cluster assignment and operational state

 - [PUT /node/{nodeID}](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D/put.md): Update a node (appliance or agent)

---

Requires nodes::manage permission.

### Configure alert thresholds and notification settings for a specific appliance

 - [PUT /node/{nodeID}/config/alert](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1config~1alert/put.md): Applicable to appliances only.

### Configure high-availability cluster settings for a specific appliance

 - [PUT /node/{nodeID}/config/cluster](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1config~1cluster/put.md): Applicable to appliances only.

### Configure inbound network connectors for external access to node services

 - [PUT /node/{nodeID}/config/connectors](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1config~1connectors/put.md)

### Remove all connector configurations from a node

 - [DELETE /node/{nodeID}/config/connectors](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1config~1connectors/delete.md)

### Create a new inbound connector to expose services running on the node

 - [POST /v2/node/{nodeID}/config/connectors](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors/post.md): Requires node::configure::connectors permissions

### Migrate a node's connector configuration to the latest V2 format

 - [POST /v2/node/{nodeID}/config/connectors/upgrade](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors~1upgrade/post.md): Requires node::configure::connectors permissions

### Modify settings for an existing connector on a node

 - [PUT /v2/node/{nodeID}/config/connectors/{connectorID}](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors~1%7Bconnectorid%7D/put.md): Applies to appliances and agents. Requires V2 connector config.
---
Requires node::configure::connectors permissions

### Remove a specific connector configuration from a node

 - [DELETE /v2/node/{nodeID}/config/connectors/{connectorID}](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors~1%7Bconnectorid%7D/delete.md): Delete a connector from a node (appliance or agent). Requires V2 connector config.

---

Requires node::configure::connectors permissions

### Configure network interfaces, routing, and firewall rules for an appliance

 - [PUT /node/{nodeID}/config/network](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1config~1network/put.md): Update network configuration for a node (appliance)

---

Requires node::configure:network permissions

### Configure the BGP routing plugin on an appliance

 - [PUT /v2/node/{nodeID}/config/network/bgp](https://apidocs.trustgrid.io/appliance/updatenodebgpconfig.md): Replace the BGP plugin configuration on a node (appliance). The full
BGP config is replaced on each PUT — to add, change, or remove an
individual peer group, peer, or policy, send the new full config.
To turn BGP off, PUT a config with enabled: false.

There is no dedicated GET or DELETE: the current BGP config is read
from the node's config blob (e.g. getNode with a config.bgp
projection), and "deleting" BGP is just PUTing a disabled config.

BGP exchanges routes with one or more external peers grouped into peer
groups. Each peer group has its own import and export policies. Import
policies select which advertised routes are added to the local routing
table. Export policies select which prefixes are advertised to peers,
and may match by prefix, by virtual network ID, or both — see
BGPExportPolicy.match.network for the full list of triggers that
cause an exported route to be withdrawn.

There is no cluster-level BGP endpoint: BGP runs independently on
each cluster member, so cluster BGP is configured by PUTing the same
config to each member's node ID. Each member opens its own TCP peer
sessions to the configured peers, so the peers must be reachable
from every member. An export policy with match.cluster: true is
only advertised by the active cluster member; standby members keep
their BGP sessions up but withdraw the marked routes until they
become master. On a standalone (non-clustered) node match.cluster
has no effect.

BGP timers (hold time, keepalive, connect-retry), address families,
and eBGP-multihop / TTL are not user-configurable through this API;
the platform sets BGP defaults and only IPv4 unicast is supported.

---

Requires nodes::configure:network permission.

### Configure outbound services for external connections from the node

 - [PUT /node/{nodeID}/config/services](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1config~1services/put.md): Update services configuration for a node (appliance or agent)

---

Note: request body will be validated by JSON schema of the plugin

### Create a new outbound service connection for external resource access

 - [POST /v2/node/{nodeID}/config/services](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services/post.md): Requires node::configure::services permissions

### Migrate a node's service configuration to the latest V2 format

 - [POST /v2/node/{nodeID}/config/services/upgrade](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services~1upgrade/post.md): Requires node::configure::services permissions

### Modify settings for an existing service connection on a node

 - [PUT /v2/node/{nodeID}/config/services/{serviceID}](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services~1%7Bserviceid%7D/put.md): Update a service on a node. Requires V2 services config.

---

Requires node::configure::services permissions

### Remove a specific service configuration from a node

 - [DELETE /v2/node/{nodeID}/config/services/{serviceID}](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services~1%7Bserviceid%7D/delete.md): Delete a service from a node. Requires V2 services config.

---

Requires node::configure::services permissions

### Configure Zero Trust Network Access gateway settings for secure remote access

 - [PUT /node/{nodeID}/config/ztnagw](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1config~1ztnagw/put.md): Update APIGW gateway configuration for a node (appliance)

Note that this endpoint used to be apigw. The config section is still named apigw.
---

"WireGuard" is a registered trademark of Jason A. Donenfeld.

Requires node::configure::apigw permissions

### Remove APIGW gateway configuration and disable secure remote access

 - [DELETE /node/{nodeID}/config/ztnagw](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1config~1ztnagw/delete.md): Delete the APIGW gateway configuration for a node (appliance)

---

Requires node::configure::apigw permissions

### Configure node as a network gateway for routing traffic between networks

 - [PUT /node/{nodeID}/config/gateway](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1config~1gateway/put.md): Update gateway configuration

Use host (not ip) for the gateway hostname.

---

Requires nodes::configure:gateway permission.

### Configure SNMP monitoring settings for network management integration

 - [PUT /node/{nodeID}/snmp](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1snmp/put.md): Update SNMP configuration

---

Requires nodes::configure:snmp permission.

### Remove a metadata tag from a node for organizational categorization

 - [DELETE /node/{nodeID}/tag/{tagName}](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1tag~1%7Btagname%7D/delete.md)

### Add or update a metadata tag on a node for organizational categorization

 - [PUT /node/{nodeID}/tag/{tagName}](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1tag~1%7Btagname%7D/put.md)

### List AWS route tables attached to the node host

 - [POST /node/{nodeID}/trigger/aws-route-tables](https://apidocs.trustgrid.io/appliance/triggernodeawsroutetables.md): Retrieves the AWS EC2 route tables associated with the node's network interfaces.
Optionally filters by a specific network interface card (NIC). Available on
AWS-hosted nodes only.

---

Requires nodes::service:aws-route-tables or nodes::remote-execute permission.

### Retrieve BGP peer routes or restart the BGP router

 - [POST /node/{nodeID}/trigger/bgp](https://apidocs.trustgrid.io/appliance/triggernodebgp.md): Query the current BGP routing table (peers, routes, and rejected routes) or
restart the BGP router process. Returns an error payload if BGP is not enabled.

---

Requires nodes::service:bgp or nodes::remote-execute permission.

### Manage the node's local datastore files

 - [POST /node/{nodeID}/trigger/datastore-manager](https://apidocs.trustgrid.io/appliance/triggernodedatastoremanager.md): List or manage files in the node's local datastore directory.

---

Requires nodes::service:datastore-manager or nodes::remote-execute permission.

### View or delete active network flows on the node

 - [POST /node/{nodeID}/trigger/flows](https://apidocs.trustgrid.io/appliance/triggernodeflows.md): Returns the node's active network flow table, optionally filtered by protocol,
source/destination IP and port, container, or virtual network. Setting action 
to delete terminates matching flows instead of returning them.

---

Requires nodes::service:flows or nodes::remote-execute permission.

### Run a throughput performance test to a peer gateway node

 - [POST /node/{nodeID}/trigger/gateway-perf](https://apidocs.trustgrid.io/appliance/triggernodegatewayperf.md): Opens a streaming session that sends a configurable amount of data to the
destination node and measures throughput. Progress is streamed as text while
the test runs; a summary line with rate in Mbps is emitted at the end.

Use ?wait=1 to block until the test completes and receive the full output.

---

Requires nodes::service:gateway-perf or nodes::remote-execute permission.

### Ping a peer gateway node over the Trustgrid overlay

 - [POST /node/{nodeID}/trigger/gateway-ping](https://apidocs.trustgrid.io/appliance/triggernodegatewayping.md): Sends echo packets to the specified destination node through the Trustgrid
gateway overlay and reports round-trip latency. Results stream as JSON objects
with RTT measurements.

Use ?wait=1 to block until the session ends and receive buffered output.

---

Requires nodes::service:gateway-ping or nodes::remote-execute permission.

### Retrieve the node's active gateway routing table

 - [POST /node/{nodeID}/trigger/gateway-routes](https://apidocs.trustgrid.io/appliance/triggernodegatewayroutes.md): Returns the gateway peer routing table showing which nodes the gateway is
connected to, their RTT, throughput, and path details.

---

Requires nodes::service:gateway-routes or nodes::remote-execute permission.

### Restart the IPsec daemon on the node

 - [POST /node/{nodeID}/trigger/ipsec-restart](https://apidocs.trustgrid.io/appliance/triggernodeipsecrestart.md): Executes ipsec restart on the node and streams the output. Use ?wait=1
to block until the command completes.

---

Requires nodes::service:ipsec-restart or nodes::remote-execute permission.

### Retrieve the full IPsec daemon status

 - [POST /node/{nodeID}/trigger/ipsec-statusall](https://apidocs.trustgrid.io/appliance/triggernodeipsecstatusall.md): Executes ipsec statusall on the node and streams the output.
Use ?wait=1 to block and receive the full status text.

---

Requires nodes::service:ipsec-statusall or nodes::remote-execute permission.

### Retrieve or reset address-translation rule hit counts

 - [POST /node/{nodeID}/trigger/nat-hits](https://apidocs.trustgrid.io/appliance/triggernodenathits.md): Returns hit counts for address translation (NAT) rules, or resets counters
for specific rules. Filter by tracker ID, network name, interface, or CIDR ranges.

---

Requires nodes::service:nat-hits or nodes::remote-execute permission.

### Stream plugin debug messages from the node

 - [POST /node/{nodeID}/trigger/node-debug](https://apidocs.trustgrid.io/appliance/triggernodedebug.md): Opens a streaming session that subscribes to internal plugin debug messages.
Optionally filter by plugin name. Messages arrive formatted as
HH:MM:SS.mmm: {message} lines.

Use ?wait=1 to buffer messages until the session ends.

---

Requires nodes::service:node-debug or nodes::remote-execute permission.

### Reboot the node's host operating system

 - [POST /node/{nodeID}/trigger/node-reboot](https://apidocs.trustgrid.io/appliance/triggernodereboot.md): Schedules a host OS reboot (shutdown -r now) to execute 5 seconds after
this call is acknowledged. The node will disconnect and come back online
after completing its boot sequence.

---

Requires nodes::service:node-reboot or nodes::remote-execute permission.

### Restart the Trustgrid node service process

 - [POST /node/{nodeID}/trigger/node-restart-service](https://apidocs.trustgrid.io/appliance/triggernoderestartservice.md): Causes the Trustgrid node agent process to exit and restart. The node will
briefly disconnect while the service restarts.

---

Requires nodes::service:node-restart-service or nodes::remote-execute permission.

### Trigger an immediate software upgrade of the node

 - [POST /node/{nodeID}/trigger/node-upgrade](https://apidocs.trustgrid.io/appliance/triggernodeupgrade.md): Forces the node to run its upgrade process immediately, bypassing the normal
scheduled unattended-upgrade window. If an upgrade is already in progress,
returns a status message indicating so.

---

Requires nodes::service:node-upgrade or nodes::remote-execute permission.

### Measure the node's internet bandwidth to the Trustgrid control plane

 - [POST /node/{nodeID}/trigger/speed-test](https://apidocs.trustgrid.io/appliance/triggernodespeedtest.md): Runs a download and/or upload throughput test between the node and the
Trustgrid control plane speed-test endpoints. Results stream as JSON objects
containing downloadMbps, maxDownloadMbps, uploadMbps, and maxUploadMbps.

Use ?wait=1 to block until the test completes and receive the full output.

---

Requires nodes::service:speed-test or nodes::remote-execute permission.

### Send ARP ping to a host from the node

 - [POST /node/{nodeID}/trigger/tg-arping](https://apidocs.trustgrid.io/appliance/triggernodetgarping.md): Runs arping -i {iface} {host} on the node and streams the output.
Useful for verifying Layer 2 reachability on a given interface.

Use ?wait=1 to block and receive the command output.

---

Requires nodes::service:tg-arping or nodes::remote-execute permission.

### Run an MTR network diagnostic from the node

 - [POST /node/{nodeID}/trigger/tg-mtr](https://apidocs.trustgrid.io/appliance/triggernodetgmtr.md): Starts an interactive MTR (Matt's Traceroute) session to the specified host.
Results stream as terminal output.

Use ?wait=1 to block and receive the buffered MTR output.

---

Requires nodes::service:tg-mtr or nodes::remote-execute permission.

### Test TCP port connectivity from the node's local network

 - [POST /node/{nodeID}/trigger/tg-nc](https://apidocs.trustgrid.io/appliance/triggernodetgnc.md): Runs nc -v -z {host} {port} from the node, binding to the specified source
address. Returns the netcat output and exit code.

Use ?wait=1 to block and receive the result synchronously.

---

Requires nodes::service:tg-nc or nodes::remote-execute permission.

### Test TCP port connectivity from inside a virtual network namespace

 - [POST /node/{nodeID}/trigger/tg-net-nc](https://apidocs.trustgrid.io/appliance/triggernodetgnetnc.md): Runs nc -v -z {host} {port} inside the management namespace for the specified
virtual network, testing connectivity as seen from that network context.

Use ?wait=1 to block and receive the result synchronously.

---

Requires nodes::service:tg-net-nc or nodes::remote-execute permission.

### Ping a host through a virtual network namespace on the node

 - [POST /node/{nodeID}/trigger/tg-net-ping](https://apidocs.trustgrid.io/appliance/triggernodetgnetping.md): Runs ip netns exec mgmt-{network} ping {host} on the node, testing
reachability from inside the specified virtual network context.
Output streams as terminal text.

Use ?wait=1 to block and receive the output.

---

Requires nodes::service:tg-net-ping or nodes::remote-execute permission.

### Ping a host from the node

 - [POST /node/{nodeID}/trigger/tg-ping](https://apidocs.trustgrid.io/appliance/triggernodetgping.md): Runs ping -O -I {source} {host} on the node and streams the output.
Use ?wait=1 to block and receive the ping output.

---

Requires nodes::service:tg-ping or nodes::remote-execute permission.

### Capture packets on the node using tcpdump

 - [POST /node/{nodeID}/trigger/tg-tcpdump](https://apidocs.trustgrid.io/appliance/triggernodetgtcpdump.md): Starts a streaming tcpdump capture session on the node. Captured packet
details stream as text output. Use ?wait=1 to buffer until the capture ends.

---

Requires nodes::service:tg-tcpdump or nodes::remote-execute permission.

### Run a traceroute from the node

 - [POST /node/{nodeID}/trigger/tg-traceroute](https://apidocs.trustgrid.io/appliance/triggernodetgtraceroute.md): Runs traceroute to the specified host from the node and streams the output.
Use ?wait=1 to block and receive the full traceroute output.

---

Requires nodes::service:tg-traceroute or nodes::remote-execute permission.

### Stream virtual network packet captures from the node

 - [POST /node/{nodeID}/trigger/vpn-dump](https://apidocs.trustgrid.io/appliance/triggernodevpndump.md): Opens a streaming session that outputs VPN packet details in a tcpdump-like
format. Filter by network, protocol, peer, host, port, TCP flags, or session ID.
The session stays open until closed by the client.

Use ?wait=1 to buffer output until the session ends.

---

Requires nodes::service:vpn-dump or nodes::remote-execute permission.

### Get, generate, or save a Wireguard key for a virtual network

 - [POST /node/{nodeID}/trigger/vpn-key](https://apidocs.trustgrid.io/appliance/triggernodevpnkey.md): Manages the X25519 Wireguard private key for a virtual network interface.
- get — returns the current public key as a JWK
- generate — generates a new private key, saves it, and returns the public key
- save — saves the provided base64-encoded 32-byte private key and returns the public key

---

Requires nodes::service:vpn-key or nodes::remote-execute permission.

### Retrieve the NAT translation table for a virtual network

 - [POST /node/{nodeID}/trigger/vpn-nats](https://apidocs.trustgrid.io/appliance/triggernodevpnnats.md): Returns the active network address translation (NAT) table for the specified
virtual network, showing TCP and UDP flow mappings.

---

Requires nodes::service:vpn-nats or nodes::remote-execute permission.

### Retrieve the virtual network routing table

 - [POST /node/{nodeID}/trigger/vpn-routes](https://apidocs.trustgrid.io/appliance/triggernodevpnroutes.md): Returns routes for one or all virtual networks, with optional filtering by
network name, network ID, destination IP, or destination node name.

---

Requires nodes::service:vpn-routes or nodes::remote-execute permission.

### List or terminate active Wireguard ZTNA client sessions

 - [POST /node/{nodeID}/trigger/wg-clients](https://apidocs.trustgrid.io/appliance/triggernodewgclients.md): Returns active Wireguard client (ZTNA) sessions on the node's virtual networks,
optionally filtered by network, application ID, or session ID.
Setting action to kill terminates matching sessions instead.

---

Requires nodes::service:wg-clients or nodes::remote-execute permission.

### Execute a remote operation or command on a specific node

 - [POST /node/{nodeID}/trigger/{event}](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1trigger~1%7Bevent%7D/post.md): Sends an event to the node and optionally waits for its response. Use the
dedicated event endpoints (e.g. /node/{nodeID}/trigger/gateway-routes) for
documented events with typed request and response schemas.

Add ?wait=1 to block until the node responds (useful for synchronous checks).

All services require either nodes::remote-execute or nodes::service:{event}
permission.

### Retrieve real-time network usage statistics and bandwidth metrics for nodes

 - [GET /stats/realtime/usage](https://apidocs.trustgrid.io/appliance/getrealtimeusage.md): Returns an array of usage data buckets for specified nodes within the specified time range and interval.

### Delete a file or directory

 - [DELETE /v2/node/{nodeID}/data-store](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1data-store/delete.md): Requires nodes::service:datastore-manager permission.

### Copy a file from an HTTP location to the data store

 - [POST /v2/node/{nodeID}/data-store/http-download](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1data-store~1http-download/post.md): Requires nodes::service:datastore-manager permission.

### Upload a file from the node to an HTTP endpoint

 - [POST /v2/node/{nodeID}/data-store/http-upload](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1data-store~1http-upload/post.md): Requires nodes::service:datastore-manager permission.

### List the data store contents

 - [GET /v2/node/{nodeID}/data-store/list](https://apidocs.trustgrid.io/appliance/listnodedatastorecontents.md): Requires nodes::service:datastore-manager permission.

### Create a directory

 - [POST /v2/node/{nodeID}/data-store/mkdir](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1data-store~1mkdir/post.md): Requires nodes::service:datastore-manager permission.

### Copy a file from S3 to the data store

 - [POST /v2/node/{nodeID}/data-store/s3-download](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1data-store~1s3-download/post.md): Requires nodes::service:datastore-manager permission.

### Upload a file from the node to an S3 bucket

 - [POST /v2/node/{nodeID}/data-store/s3-upload](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1data-store~1s3-upload/post.md): Requires nodes::service:datastore-manager permission.

### List recent data store activity

 - [GET /v2/node/{nodeID}/data-store/tasks](https://apidocs.trustgrid.io/appliance/listnodedatastoretasks.md): Requires nodes::service:datastore-manager permission.

### Get per-minute gateway RTT telemetry for a node's VPN peer connections

 - [GET /v2/node/{nodeID}/plugin-logs/gateway-details](https://apidocs.trustgrid.io/appliance/getnodegatewaydetails.md): Returns time-series RTT (round-trip time) statistics for each VPN peer
the node is connected to. Each element covers one minute bucket.
Results are only available for online appliance nodes.

---

Requires nodes::read permission.

### Update the lifecycle state of a specific node

 - [PUT /v2/node/{nodeID}/lifecycle-state](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1lifecycle-state/put.md): Update the lifecycle state for a node (appliance or agent).

---

Requires nodes::manage permission.

### Retrieve all network nodes including appliances and agents with filtering options

 - [GET /node](https://apidocs.trustgrid.io/agent/listnodes.md): List both appliances and agents. The fields config and shadow will be empty unless
specified in the projection parameter. The query for the config or shadow must be at least
one level deep - projection0=config won't work, but projection0=config&projection0=gateway
will result in config.gateway being populated.

---

Requires nodes::read permission.

### Retrieve a node by its fully-qualified domain name

 - [GET /node/by-fqdn/{fqdn}](https://apidocs.trustgrid.io/agent/getnodebyfqdn.md): Get a node using its FQDN directly, as an alternative to looking up the nodeID first.

---

Requires nodes::read permission on the node.

### Permanently remove a node from the organization and revoke access

 - [DELETE /node/{nodeID}](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D/delete.md): Delete a node (appliance or agent)

---

Requires nodes::delete permission.

### Retrieve detailed configuration and status information for a specific node

 - [GET /node/{nodeID}](https://apidocs.trustgrid.io/agent/getnode.md): Get a node (appliance or agent)

---

Requires nodes::read permission.

### Modify node settings including cluster assignment and operational state

 - [PUT /node/{nodeID}](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D/put.md): Update a node (appliance or agent)

---

Requires nodes::manage permission.

### Configure inbound network connectors for external access to node services

 - [PUT /node/{nodeID}/config/connectors](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1config~1connectors/put.md)

### Remove all connector configurations from a node

 - [DELETE /node/{nodeID}/config/connectors](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1config~1connectors/delete.md)

### Create a new inbound connector to expose services running on the node

 - [POST /v2/node/{nodeID}/config/connectors](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors/post.md): Requires node::configure::connectors permissions

### Migrate a node's connector configuration to the latest V2 format

 - [POST /v2/node/{nodeID}/config/connectors/upgrade](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors~1upgrade/post.md): Requires node::configure::connectors permissions

### Modify settings for an existing connector on a node

 - [PUT /v2/node/{nodeID}/config/connectors/{connectorID}](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors~1%7Bconnectorid%7D/put.md): Applies to appliances and agents. Requires V2 connector config.
---
Requires node::configure::connectors permissions

### Remove a specific connector configuration from a node

 - [DELETE /v2/node/{nodeID}/config/connectors/{connectorID}](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors~1%7Bconnectorid%7D/delete.md): Delete a connector from a node (appliance or agent). Requires V2 connector config.

---

Requires node::configure::connectors permissions

### Configure outbound services for external connections from the node

 - [PUT /node/{nodeID}/config/services](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1config~1services/put.md): Update services configuration for a node (appliance or agent)

---

Note: request body will be validated by JSON schema of the plugin

### Create a new outbound service connection for external resource access

 - [POST /v2/node/{nodeID}/config/services](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services/post.md): Requires node::configure::services permissions

### Migrate a node's service configuration to the latest V2 format

 - [POST /v2/node/{nodeID}/config/services/upgrade](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services~1upgrade/post.md): Requires node::configure::services permissions

### Modify settings for an existing service connection on a node

 - [PUT /v2/node/{nodeID}/config/services/{serviceID}](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services~1%7Bserviceid%7D/put.md): Update a service on a node. Requires V2 services config.

---

Requires node::configure::services permissions

### Remove a specific service configuration from a node

 - [DELETE /v2/node/{nodeID}/config/services/{serviceID}](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services~1%7Bserviceid%7D/delete.md): Delete a service from a node. Requires V2 services config.

---

Requires node::configure::services permissions

### Configure node as a network gateway for routing traffic between networks

 - [PUT /node/{nodeID}/config/gateway](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1config~1gateway/put.md): Update gateway configuration

Use host (not ip) for the gateway hostname.

---

Requires nodes::configure:gateway permission.

### Configure SNMP monitoring settings for network management integration

 - [PUT /node/{nodeID}/snmp](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1snmp/put.md): Update SNMP configuration

---

Requires nodes::configure:snmp permission.

### Remove a metadata tag from a node for organizational categorization

 - [DELETE /node/{nodeID}/tag/{tagName}](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1tag~1%7Btagname%7D/delete.md)

### Add or update a metadata tag on a node for organizational categorization

 - [PUT /node/{nodeID}/tag/{tagName}](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1tag~1%7Btagname%7D/put.md)

### Run a throughput performance test to a peer gateway node

 - [POST /node/{nodeID}/trigger/gateway-perf](https://apidocs.trustgrid.io/agent/triggernodegatewayperf.md): Opens a streaming session that sends a configurable amount of data to the
destination node and measures throughput. Progress is streamed as text while
the test runs; a summary line with rate in Mbps is emitted at the end.

Use ?wait=1 to block until the test completes and receive the full output.

---

Requires nodes::service:gateway-perf or nodes::remote-execute permission.

### Ping a peer gateway node over the Trustgrid overlay

 - [POST /node/{nodeID}/trigger/gateway-ping](https://apidocs.trustgrid.io/agent/triggernodegatewayping.md): Sends echo packets to the specified destination node through the Trustgrid
gateway overlay and reports round-trip latency. Results stream as JSON objects
with RTT measurements.

Use ?wait=1 to block until the session ends and receive buffered output.

---

Requires nodes::service:gateway-ping or nodes::remote-execute permission.

### Stream plugin debug messages from the node

 - [POST /node/{nodeID}/trigger/node-debug](https://apidocs.trustgrid.io/agent/triggernodedebug.md): Opens a streaming session that subscribes to internal plugin debug messages.
Optionally filter by plugin name. Messages arrive formatted as
HH:MM:SS.mmm: {message} lines.

Use ?wait=1 to buffer messages until the session ends.

---

Requires nodes::service:node-debug or nodes::remote-execute permission.

### Execute a remote operation or command on a specific node

 - [POST /node/{nodeID}/trigger/{event}](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1trigger~1%7Bevent%7D/post.md): Sends an event to the node and optionally waits for its response. Use the
dedicated event endpoints (e.g. /node/{nodeID}/trigger/gateway-routes) for
documented events with typed request and response schemas.

Add ?wait=1 to block until the node responds (useful for synchronous checks).

All services require either nodes::remote-execute or nodes::service:{event}
permission.

### Update the lifecycle state of a specific node

 - [PUT /v2/node/{nodeID}/lifecycle-state](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1lifecycle-state/put.md): Update the lifecycle state for a node (appliance or agent).

---

Requires nodes::manage permission.

## Agent

[Agents](https://docs.trustgrid.io/docs/nodes/agents/) are lightweight software clients installed on user devices or servers, supporting VPN connectivity. Requires `nodes::read` permission.


### Retrieve all network nodes including appliances and agents with filtering options

 - [GET /node](https://apidocs.trustgrid.io/appliance/listnodes.md): List both appliances and agents. The fields config and shadow will be empty unless
specified in the projection parameter. The query for the config or shadow must be at least
one level deep - projection0=config won't work, but projection0=config&projection0=gateway
will result in config.gateway being populated.

---

Requires nodes::read permission.

### Retrieve a node by its fully-qualified domain name

 - [GET /node/by-fqdn/{fqdn}](https://apidocs.trustgrid.io/appliance/getnodebyfqdn.md): Get a node using its FQDN directly, as an alternative to looking up the nodeID first.

---

Requires nodes::read permission on the node.

### Permanently remove a node from the organization and revoke access

 - [DELETE /node/{nodeID}](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D/delete.md): Delete a node (appliance or agent)

---

Requires nodes::delete permission.

### Retrieve detailed configuration and status information for a specific node

 - [GET /node/{nodeID}](https://apidocs.trustgrid.io/appliance/getnode.md): Get a node (appliance or agent)

---

Requires nodes::read permission.

### Modify node settings including cluster assignment and operational state

 - [PUT /node/{nodeID}](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D/put.md): Update a node (appliance or agent)

---

Requires nodes::manage permission.

### Configure inbound network connectors for external access to node services

 - [PUT /node/{nodeID}/config/connectors](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1config~1connectors/put.md)

### Remove all connector configurations from a node

 - [DELETE /node/{nodeID}/config/connectors](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1config~1connectors/delete.md)

### Create a new inbound connector to expose services running on the node

 - [POST /v2/node/{nodeID}/config/connectors](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors/post.md): Requires node::configure::connectors permissions

### Migrate a node's connector configuration to the latest V2 format

 - [POST /v2/node/{nodeID}/config/connectors/upgrade](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors~1upgrade/post.md): Requires node::configure::connectors permissions

### Modify settings for an existing connector on a node

 - [PUT /v2/node/{nodeID}/config/connectors/{connectorID}](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors~1%7Bconnectorid%7D/put.md): Applies to appliances and agents. Requires V2 connector config.
---
Requires node::configure::connectors permissions

### Remove a specific connector configuration from a node

 - [DELETE /v2/node/{nodeID}/config/connectors/{connectorID}](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors~1%7Bconnectorid%7D/delete.md): Delete a connector from a node (appliance or agent). Requires V2 connector config.

---

Requires node::configure::connectors permissions

### Configure outbound services for external connections from the node

 - [PUT /node/{nodeID}/config/services](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1config~1services/put.md): Update services configuration for a node (appliance or agent)

---

Note: request body will be validated by JSON schema of the plugin

### Create a new outbound service connection for external resource access

 - [POST /v2/node/{nodeID}/config/services](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services/post.md): Requires node::configure::services permissions

### Migrate a node's service configuration to the latest V2 format

 - [POST /v2/node/{nodeID}/config/services/upgrade](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services~1upgrade/post.md): Requires node::configure::services permissions

### Modify settings for an existing service connection on a node

 - [PUT /v2/node/{nodeID}/config/services/{serviceID}](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services~1%7Bserviceid%7D/put.md): Update a service on a node. Requires V2 services config.

---

Requires node::configure::services permissions

### Remove a specific service configuration from a node

 - [DELETE /v2/node/{nodeID}/config/services/{serviceID}](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services~1%7Bserviceid%7D/delete.md): Delete a service from a node. Requires V2 services config.

---

Requires node::configure::services permissions

### Configure node as a network gateway for routing traffic between networks

 - [PUT /node/{nodeID}/config/gateway](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1config~1gateway/put.md): Update gateway configuration

Use host (not ip) for the gateway hostname.

---

Requires nodes::configure:gateway permission.

### Configure SNMP monitoring settings for network management integration

 - [PUT /node/{nodeID}/snmp](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1snmp/put.md): Update SNMP configuration

---

Requires nodes::configure:snmp permission.

### Remove a metadata tag from a node for organizational categorization

 - [DELETE /node/{nodeID}/tag/{tagName}](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1tag~1%7Btagname%7D/delete.md)

### Add or update a metadata tag on a node for organizational categorization

 - [PUT /node/{nodeID}/tag/{tagName}](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1tag~1%7Btagname%7D/put.md)

### Run a throughput performance test to a peer gateway node

 - [POST /node/{nodeID}/trigger/gateway-perf](https://apidocs.trustgrid.io/appliance/triggernodegatewayperf.md): Opens a streaming session that sends a configurable amount of data to the
destination node and measures throughput. Progress is streamed as text while
the test runs; a summary line with rate in Mbps is emitted at the end.

Use ?wait=1 to block until the test completes and receive the full output.

---

Requires nodes::service:gateway-perf or nodes::remote-execute permission.

### Ping a peer gateway node over the Trustgrid overlay

 - [POST /node/{nodeID}/trigger/gateway-ping](https://apidocs.trustgrid.io/appliance/triggernodegatewayping.md): Sends echo packets to the specified destination node through the Trustgrid
gateway overlay and reports round-trip latency. Results stream as JSON objects
with RTT measurements.

Use ?wait=1 to block until the session ends and receive buffered output.

---

Requires nodes::service:gateway-ping or nodes::remote-execute permission.

### Stream plugin debug messages from the node

 - [POST /node/{nodeID}/trigger/node-debug](https://apidocs.trustgrid.io/appliance/triggernodedebug.md): Opens a streaming session that subscribes to internal plugin debug messages.
Optionally filter by plugin name. Messages arrive formatted as
HH:MM:SS.mmm: {message} lines.

Use ?wait=1 to buffer messages until the session ends.

---

Requires nodes::service:node-debug or nodes::remote-execute permission.

### Execute a remote operation or command on a specific node

 - [POST /node/{nodeID}/trigger/{event}](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1trigger~1%7Bevent%7D/post.md): Sends an event to the node and optionally waits for its response. Use the
dedicated event endpoints (e.g. /node/{nodeID}/trigger/gateway-routes) for
documented events with typed request and response schemas.

Add ?wait=1 to block until the node responds (useful for synchronous checks).

All services require either nodes::remote-execute or nodes::service:{event}
permission.

### Update the lifecycle state of a specific node

 - [PUT /v2/node/{nodeID}/lifecycle-state](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1lifecycle-state/put.md): Update the lifecycle state for a node (appliance or agent).

---

Requires nodes::manage permission.

### Retrieve all network nodes including appliances and agents with filtering options

 - [GET /node](https://apidocs.trustgrid.io/agent/listnodes.md): List both appliances and agents. The fields config and shadow will be empty unless
specified in the projection parameter. The query for the config or shadow must be at least
one level deep - projection0=config won't work, but projection0=config&projection0=gateway
will result in config.gateway being populated.

---

Requires nodes::read permission.

### Retrieve a node by its fully-qualified domain name

 - [GET /node/by-fqdn/{fqdn}](https://apidocs.trustgrid.io/agent/getnodebyfqdn.md): Get a node using its FQDN directly, as an alternative to looking up the nodeID first.

---

Requires nodes::read permission on the node.

### Permanently remove a node from the organization and revoke access

 - [DELETE /node/{nodeID}](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D/delete.md): Delete a node (appliance or agent)

---

Requires nodes::delete permission.

### Retrieve detailed configuration and status information for a specific node

 - [GET /node/{nodeID}](https://apidocs.trustgrid.io/agent/getnode.md): Get a node (appliance or agent)

---

Requires nodes::read permission.

### Modify node settings including cluster assignment and operational state

 - [PUT /node/{nodeID}](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D/put.md): Update a node (appliance or agent)

---

Requires nodes::manage permission.

### Configure inbound network connectors for external access to node services

 - [PUT /node/{nodeID}/config/connectors](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1config~1connectors/put.md)

### Remove all connector configurations from a node

 - [DELETE /node/{nodeID}/config/connectors](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1config~1connectors/delete.md)

### Create a new inbound connector to expose services running on the node

 - [POST /v2/node/{nodeID}/config/connectors](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors/post.md): Requires node::configure::connectors permissions

### Migrate a node's connector configuration to the latest V2 format

 - [POST /v2/node/{nodeID}/config/connectors/upgrade](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors~1upgrade/post.md): Requires node::configure::connectors permissions

### Modify settings for an existing connector on a node

 - [PUT /v2/node/{nodeID}/config/connectors/{connectorID}](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors~1%7Bconnectorid%7D/put.md): Applies to appliances and agents. Requires V2 connector config.
---
Requires node::configure::connectors permissions

### Remove a specific connector configuration from a node

 - [DELETE /v2/node/{nodeID}/config/connectors/{connectorID}](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors~1%7Bconnectorid%7D/delete.md): Delete a connector from a node (appliance or agent). Requires V2 connector config.

---

Requires node::configure::connectors permissions

### Configure outbound services for external connections from the node

 - [PUT /node/{nodeID}/config/services](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1config~1services/put.md): Update services configuration for a node (appliance or agent)

---

Note: request body will be validated by JSON schema of the plugin

### Create a new outbound service connection for external resource access

 - [POST /v2/node/{nodeID}/config/services](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services/post.md): Requires node::configure::services permissions

### Migrate a node's service configuration to the latest V2 format

 - [POST /v2/node/{nodeID}/config/services/upgrade](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services~1upgrade/post.md): Requires node::configure::services permissions

### Modify settings for an existing service connection on a node

 - [PUT /v2/node/{nodeID}/config/services/{serviceID}](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services~1%7Bserviceid%7D/put.md): Update a service on a node. Requires V2 services config.

---

Requires node::configure::services permissions

### Remove a specific service configuration from a node

 - [DELETE /v2/node/{nodeID}/config/services/{serviceID}](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services~1%7Bserviceid%7D/delete.md): Delete a service from a node. Requires V2 services config.

---

Requires node::configure::services permissions

### Configure node as a network gateway for routing traffic between networks

 - [PUT /node/{nodeID}/config/gateway](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1config~1gateway/put.md): Update gateway configuration

Use host (not ip) for the gateway hostname.

---

Requires nodes::configure:gateway permission.

### Configure SNMP monitoring settings for network management integration

 - [PUT /node/{nodeID}/snmp](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1snmp/put.md): Update SNMP configuration

---

Requires nodes::configure:snmp permission.

### Remove a metadata tag from a node for organizational categorization

 - [DELETE /node/{nodeID}/tag/{tagName}](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1tag~1%7Btagname%7D/delete.md)

### Add or update a metadata tag on a node for organizational categorization

 - [PUT /node/{nodeID}/tag/{tagName}](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1tag~1%7Btagname%7D/put.md)

### Run a throughput performance test to a peer gateway node

 - [POST /node/{nodeID}/trigger/gateway-perf](https://apidocs.trustgrid.io/agent/triggernodegatewayperf.md): Opens a streaming session that sends a configurable amount of data to the
destination node and measures throughput. Progress is streamed as text while
the test runs; a summary line with rate in Mbps is emitted at the end.

Use ?wait=1 to block until the test completes and receive the full output.

---

Requires nodes::service:gateway-perf or nodes::remote-execute permission.

### Ping a peer gateway node over the Trustgrid overlay

 - [POST /node/{nodeID}/trigger/gateway-ping](https://apidocs.trustgrid.io/agent/triggernodegatewayping.md): Sends echo packets to the specified destination node through the Trustgrid
gateway overlay and reports round-trip latency. Results stream as JSON objects
with RTT measurements.

Use ?wait=1 to block until the session ends and receive buffered output.

---

Requires nodes::service:gateway-ping or nodes::remote-execute permission.

### Stream plugin debug messages from the node

 - [POST /node/{nodeID}/trigger/node-debug](https://apidocs.trustgrid.io/agent/triggernodedebug.md): Opens a streaming session that subscribes to internal plugin debug messages.
Optionally filter by plugin name. Messages arrive formatted as
HH:MM:SS.mmm: {message} lines.

Use ?wait=1 to buffer messages until the session ends.

---

Requires nodes::service:node-debug or nodes::remote-execute permission.

### Execute a remote operation or command on a specific node

 - [POST /node/{nodeID}/trigger/{event}](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1trigger~1%7Bevent%7D/post.md): Sends an event to the node and optionally waits for its response. Use the
dedicated event endpoints (e.g. /node/{nodeID}/trigger/gateway-routes) for
documented events with typed request and response schemas.

Add ?wait=1 to block until the node responds (useful for synchronous checks).

All services require either nodes::remote-execute or nodes::service:{event}
permission.

### Update the lifecycle state of a specific node

 - [PUT /v2/node/{nodeID}/lifecycle-state](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1lifecycle-state/put.md): Update the lifecycle state for a node (appliance or agent).

---

Requires nodes::manage permission.

## VPN

Per-appliance attachment to virtual networks. Configure which virtual networks an appliance participates in and its VPN interface settings. Requires `node-vpn::read` permission.


### List all VPN networks attached to a node, including IP assignments and routing

 - [GET /v2/node/{nodeID}/vpn](https://apidocs.trustgrid.io/appliance-greater-vpn/listnodevpnnetworks.md)

### Attach a VPN network

 - [POST /v2/node/{nodeID}/vpn](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn/post.md)

### Delete a VPN network

 - [DELETE /v2/node/{nodeID}/vpn/{networkName}](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D/delete.md)

### Get full details of a VPN network on a node, including routes, services, interfaces, DNS, and WireGuard config

 - [GET /v2/node/{nodeID}/vpn/{networkName}](https://apidocs.trustgrid.io/appliance-greater-vpn/getnodevpnnetwork.md)

### Update a VPN network

 - [PUT /v2/node/{nodeID}/vpn/{networkName}](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D/put.md)

### Delete a VPN DNS configuration

 - [DELETE /v2/node/{nodeID}/vpn/{networkName}/dns](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1dns/delete.md)

### Get a VPN's DNS configuration

 - [GET /v2/node/{nodeID}/vpn/{networkName}/dns](https://apidocs.trustgrid.io/appliance-greater-vpn/getnodevpndns.md)

### Create a VPN DNS configuration

 - [POST /v2/node/{nodeID}/vpn/{networkName}/dns](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1dns/post.md)

### Update a VPN DNS configuration

 - [PUT /v2/node/{nodeID}/vpn/{networkName}/dns](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1dns/put.md)

### Get dynamic routes exported by a node

 - [GET /v2/node/{nodeID}/vpn/{networkName}/dynamic/export-route](https://apidocs.trustgrid.io/appliance-greater-vpn/listnodevpnexportroutes.md)

### Create a VPN export route

 - [POST /v2/node/{nodeID}/vpn/{networkName}/dynamic/export-route](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1dynamic~1export-route/post.md)

### Delete a VPN export route

 - [DELETE /v2/node/{nodeID}/vpn/{networkName}/dynamic/export-route/{uid}](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1dynamic~1export-route~1%7Buid%7D/delete.md)

### Update a VPN export route

 - [PUT /v2/node/{nodeID}/vpn/{networkName}/dynamic/export-route/{uid}](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1dynamic~1export-route~1%7Buid%7D/put.md)

### Get dynamic routes imported by a node

 - [GET /v2/node/{nodeID}/vpn/{networkName}/dynamic/import-route](https://apidocs.trustgrid.io/appliance-greater-vpn/listnodevpnimportroutes.md)

### Create a VPN import route

 - [POST /v2/node/{nodeID}/vpn/{networkName}/dynamic/import-route](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1dynamic~1import-route/post.md)

### Delete a VPN import route

 - [DELETE /v2/node/{nodeID}/vpn/{networkName}/dynamic/import-route/{uid}](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1dynamic~1import-route~1%7Buid%7D/delete.md)

### Update a VPN import route

 - [PUT /v2/node/{nodeID}/vpn/{networkName}/dynamic/import-route/{uid}](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1dynamic~1import-route~1%7Buid%7D/put.md)

### Get a VPN's interfaces

 - [GET /v2/node/{nodeID}/vpn/{networkName}/interface](https://apidocs.trustgrid.io/appliance-greater-vpn/listnodevpninterfaces.md): Get the list of interfaces attached to a VPN network on a node. Note: NATs within a VPN interface can share the same source and destination CIDRs provided they are differentiated by route metric. This is intentional and not a configuration error.

### Create a VPN interface

 - [POST /v2/node/{nodeID}/vpn/{networkName}/interface](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1interface/post.md): inDefaultRoute and outDefaultRoute are mutually exclusive — set at most one to true.

Inside NATs (insideNats) rewrite traffic arriving from the VPN before it enters the local network.
Outside NATs (outsideNats) rewrite traffic leaving the local network before it enters the VPN.

After creating or updating a VPN interface, push the node config for the change to take effect.

### Delete a VPN interface

 - [DELETE /v2/node/{nodeID}/vpn/{networkName}/interface/{interfaceName}](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1interface~1%7Binterfacename%7D/delete.md)

### Update a VPN interface

 - [PUT /v2/node/{nodeID}/vpn/{networkName}/interface/{interfaceName}](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1interface~1%7Binterfacename%7D/put.md): inDefaultRoute and outDefaultRoute are mutually exclusive — set at most one to true.

Inside NATs (insideNats) rewrite traffic arriving from the VPN before it enters the local network.
Outside NATs (outsideNats) rewrite traffic leaving the local network before it enters the VPN.

After creating or updating a VPN interface, push the node config for the change to take effect.

### Get local vpn routes for a node

 - [GET /v2/node/{nodeID}/vpn/{networkName}/route](https://apidocs.trustgrid.io/appliance-greater-vpn/listnodevpnroutes.md)

### Create a VPN route

 - [POST /v2/node/{nodeID}/vpn/{networkName}/route](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1route/post.md)

### Delete a VPN route

 - [DELETE /v2/node/{nodeID}/vpn/{networkName}/route/{uid}](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1route~1%7Buid%7D/delete.md)

### Update a VPN route

 - [PUT /v2/node/{nodeID}/vpn/{networkName}/route/{uid}](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1route~1%7Buid%7D/put.md)

### Get a VPN's services

 - [GET /v2/node/{nodeID}/vpn/{networkName}/service](https://apidocs.trustgrid.io/appliance-greater-vpn/listnodevpnservices.md): Requires node-vpn::read permission.

### Create a VPN Service

 - [POST /v2/node/{nodeID}/vpn/{networkName}/service](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1service/post.md): Requires node-vpn::modify permission.

### Delete a VPN Service

 - [DELETE /v2/node/{nodeID}/vpn/{networkName}/service/{uid}](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1service~1%7Buid%7D/delete.md): Requires node-vpn::modify permission.

### Update a Service

 - [PUT /v2/node/{nodeID}/vpn/{networkName}/service/{uid}](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1service~1%7Buid%7D/put.md)

## Compute

[Appliance edge compute](https://docs.trustgrid.io/docs/nodes/appliances/containers/) — Docker container workloads deployed on a specific appliance. Requires `node-exec::read` permission. Requires `exec` feature flag.


### List containers

 - [GET /v2/node/{nodeID}/exec/container](https://apidocs.trustgrid.io/appliance-greater-compute/listnodecontainers.md): Requires node-exec::read permission.

### Create a container

 - [POST /v2/node/{nodeID}/exec/container](https://apidocs.trustgrid.io/appliance-greater-compute/paths/~1v2~1node~1%7Bnodeid%7D~1exec~1container/post.md): Requires node-exec::modify permission.

### Delete a container

 - [DELETE /v2/node/{nodeID}/exec/container/{containerID}](https://apidocs.trustgrid.io/appliance-greater-compute/paths/~1v2~1node~1%7Bnodeid%7D~1exec~1container~1%7Bcontainerid%7D/delete.md): Requires node-exec::modify permission.

### Get edge compute container configuration on a node

 - [GET /v2/node/{nodeID}/exec/container/{containerID}](https://apidocs.trustgrid.io/appliance-greater-compute/getnodecontainer.md): Requires node-exec::read permission.

### Update a container

 - [PUT /v2/node/{nodeID}/exec/container/{containerID}](https://apidocs.trustgrid.io/appliance-greater-compute/paths/~1v2~1node~1%7Bnodeid%7D~1exec~1container~1%7Bcontainerid%7D/put.md): Requires node-exec::modify permission.

### Get container capabilities

 - [GET /v2/node/{nodeID}/exec/container/{containerID}/capability](https://apidocs.trustgrid.io/appliance-greater-compute/getnodecontainercapabilities.md): Requires node-exec::read permission.

### Update container config

 - [PUT /v2/node/{nodeID}/exec/container/{containerID}/config](https://apidocs.trustgrid.io/appliance-greater-compute/paths/~1v2~1node~1%7Bnodeid%7D~1exec~1container~1%7Bcontainerid%7D~1config/put.md): Requires node-exec::modify permission.

### Get container health check

 - [GET /v2/node/{nodeID}/exec/container/{containerID}/healthcheck](https://apidocs.trustgrid.io/appliance-greater-compute/getnodecontainerhealthcheck.md): Requires node-exec::read permission.

### List container interfaces

 - [GET /v2/node/{nodeID}/exec/container/{containerID}/interface](https://apidocs.trustgrid.io/appliance-greater-compute/listnodecontainerinterfaces.md): Requires node-exec::read permission.

### List container limits

 - [GET /v2/node/{nodeID}/exec/container/{containerID}/limit](https://apidocs.trustgrid.io/appliance-greater-compute/listnodecontainerlimits.md): Requires node-exec::read permission.

### Get container logging configuration

 - [GET /v2/node/{nodeID}/exec/container/{containerID}/logging](https://apidocs.trustgrid.io/appliance-greater-compute/getnodecontainerlogging.md): Requires node-exec::read permission.

### List container mounts

 - [GET /v2/node/{nodeID}/exec/container/{containerID}/mount](https://apidocs.trustgrid.io/appliance-greater-compute/listnodecontainermounts.md): Requires node-exec::read permission.

### List container port mappings

 - [GET /v2/node/{nodeID}/exec/container/{containerID}/port-mapping](https://apidocs.trustgrid.io/appliance-greater-compute/listnodecontainerportmappings.md): Requires node-exec::read permission.

### List container variables

 - [GET /v2/node/{nodeID}/exec/container/{containerID}/variable](https://apidocs.trustgrid.io/appliance-greater-compute/listnodecontainervariables.md): Requires node-exec::read permission.

### List container virtual networks

 - [GET /v2/node/{nodeID}/exec/container/{containerID}/virtual-network](https://apidocs.trustgrid.io/appliance-greater-compute/listnodecontainervirtualnetworks.md): Requires node-exec::read permission.

### List container volumes

 - [GET /v2/node/{nodeID}/exec/container/{containerID}/volume](https://apidocs.trustgrid.io/appliance-greater-compute/listnodecontainervolumes.md): Requires node-exec::read permission.

### Get container VRF

 - [GET /v2/node/{nodeID}/exec/container/{containerID}/vrf](https://apidocs.trustgrid.io/appliance-greater-compute/getnodecontainervrf.md): Requires node-exec::read permission.

### List volumes

 - [GET /v2/node/{nodeID}/exec/volume](https://apidocs.trustgrid.io/appliance-greater-compute/listnodevolumes.md): Requires node-exec::read permission.

### Create volume

 - [POST /v2/node/{nodeID}/exec/volume](https://apidocs.trustgrid.io/appliance-greater-compute/paths/~1v2~1node~1%7Bnodeid%7D~1exec~1volume/post.md): Requires node-exec::modify permission.

### Delete a volume

 - [DELETE /v2/node/{nodeID}/exec/volume/{volumeName}](https://apidocs.trustgrid.io/appliance-greater-compute/paths/~1v2~1node~1%7Bnodeid%7D~1exec~1volume~1%7Bvolumename%7D/delete.md): Requires node-exec::modify permission.

## Upgrade Manager

The [upgrade manager](https://docs.trustgrid.io/docs/upgrade-manager/) orchestrates software upgrades for nodes and clusters in bulk with scheduling and rollback support. Requires `upgrade-manager::read` permission.


### Retrieve all firmware upgrade campaigns and their execution status

 - [GET /upgrade-manager/api/v1/upgrades](https://apidocs.trustgrid.io/upgrade-manager/listupgrades.md): Requires upgrade-manager::read permission.

### Create a new firmware upgrade campaign for multiple nodes

 - [POST /upgrade-manager/api/v1/upgrades](https://apidocs.trustgrid.io/upgrade-manager/paths/~1upgrade-manager~1api~1v1~1upgrades/post.md): Requires upgrade-manager::modify permission.

### Retrieve the currently running firmware upgrade campaign

 - [GET /upgrade-manager/api/v1/upgrades/active](https://apidocs.trustgrid.io/upgrade-manager/getactiveupgrade.md): Requires upgrade-manager::read permission.

### Cancel and permanently remove an upgrade campaign

 - [DELETE /upgrade-manager/api/v1/upgrades/{upgradeID}](https://apidocs.trustgrid.io/upgrade-manager/paths/~1upgrade-manager~1api~1v1~1upgrades~1%7Bupgradeid%7D/delete.md): Requires upgrade-manager::modify permission.

### Retrieve detailed status and progress of a specific upgrade campaign

 - [GET /upgrade-manager/api/v1/upgrades/{upgradeID}](https://apidocs.trustgrid.io/upgrade-manager/getupgrade.md): Requires upgrade-manager::read permission.

### Modify upgrade campaign settings and target selection criteria

 - [PUT /upgrade-manager/api/v1/upgrades/{upgradeID}](https://apidocs.trustgrid.io/upgrade-manager/paths/~1upgrade-manager~1api~1v1~1upgrades~1%7Bupgradeid%7D/put.md): Requires upgrade-manager::modify permission.

### Authorize automatic failover of HA clusters during upgrade process

 - [POST /upgrade-manager/api/v1/upgrades/{upgradeID}/approve-failover](https://apidocs.trustgrid.io/upgrade-manager/paths/~1upgrade-manager~1api~1v1~1upgrades~1%7Bupgradeid%7D~1approve-failover/post.md): Requires upgrade-manager::modify permission.

### Manually mark an upgrade campaign as finished and finalize the process

 - [POST /upgrade-manager/api/v1/upgrades/{upgradeID}/complete](https://apidocs.trustgrid.io/upgrade-manager/paths/~1upgrade-manager~1api~1v1~1upgrades~1%7Bupgradeid%7D~1complete/post.md): Requires upgrade-manager::modify permission.

### Acknowledge and dismiss a failed or problematic upgrade workflow

 - [POST /upgrade-manager/api/v1/upgrades/{upgradeID}/dismiss/{workflowID}](https://apidocs.trustgrid.io/upgrade-manager/paths/~1upgrade-manager~1api~1v1~1upgrades~1%7Bupgradeid%7D~1dismiss~1%7Bworkflowid%7D/post.md): Requires upgrade-manager::modify permission.

### Test an upgrade campaign by creating and executing a non-destructive simulation

 - [POST /upgrade-manager/api/v1/upgrades/{upgradeID}/dryrun](https://apidocs.trustgrid.io/upgrade-manager/paths/~1upgrade-manager~1api~1v1~1upgrades~1%7Bupgradeid%7D~1dryrun/post.md): Requires upgrade-manager::modify permission.

### Retrieve detailed execution logs and error messages for an upgrade campaign

 - [GET /upgrade-manager/api/v1/upgrades/{upgradeID}/logs](https://apidocs.trustgrid.io/upgrade-manager/getupgradelogs.md): Requires upgrade-manager::read permission.

### Add administrative notes or comments to an upgrade workflow for tracking

 - [POST /upgrade-manager/api/v1/upgrades/{upgradeID}/note/{workflowID}](https://apidocs.trustgrid.io/upgrade-manager/paths/~1upgrade-manager~1api~1v1~1upgrades~1%7Bupgradeid%7D~1note~1%7Bworkflowid%7D/post.md): Requires upgrade-manager::modify permission.

### Restart a failed upgrade workflow to attempt the operation again

 - [POST /upgrade-manager/api/v1/upgrades/{upgradeID}/retry/{workflowID}](https://apidocs.trustgrid.io/upgrade-manager/paths/~1upgrade-manager~1api~1v1~1upgrades~1%7Bupgradeid%7D~1retry~1%7Bworkflowid%7D/post.md): Requires upgrade-manager::modify permission.

### Begin execution of a configured upgrade campaign across target nodes

 - [POST /upgrade-manager/api/v1/upgrades/{upgradeID}/start](https://apidocs.trustgrid.io/upgrade-manager/paths/~1upgrade-manager~1api~1v1~1upgrades~1%7Bupgradeid%7D~1start/post.md): Requires upgrade-manager::modify permission.

## Repository

Container image repositories for storing and distributing Docker images to edge compute nodes. Requires `repositories::read` permission.


### Retrieve all container repositories available for edge computing

 - [GET /repositories](https://apidocs.trustgrid.io/repository/listrepositories.md)

### Permanently remove a container repository and all its images

 - [DELETE /repositories/{reponame}](https://apidocs.trustgrid.io/repository/paths/~1repositories~1%7Breponame%7D/delete.md)

### Retrieve available image tags and metadata for a specific repository

 - [GET /repositories/{reponame}](https://apidocs.trustgrid.io/repository/getrepository.md)

### Remove a specific image tag from a container repository

 - [DELETE /repositories/{reponame}/{tag}](https://apidocs.trustgrid.io/repository/paths/~1repositories~1%7Breponame%7D~1%7Btag%7D/delete.md)

## Audit

Immutable logs for compliance and troubleshooting. Trustgrid exposes [authentication audits](https://docs.trustgrid.io/docs/operations/authentication/) (`audits::read:user`), [configuration changes](https://docs.trustgrid.io/docs/operations/changes/) (`audits::read:config`), [node events](https://docs.trustgrid.io/docs/operations/node-events/) (`audits::read:node`), and [flow logs](https://docs.trustgrid.io/docs/operations/flow-logs/) (`audits::read:flows`).


### Export configuration change audit logs as a downloadable file

 - [GET /audit/download/config](https://apidocs.trustgrid.io/audit/downloadconfigaudit.md): Requires audits::read:config permission.

### Export node activity and operational audit logs as a downloadable file

 - [GET /audit/download/node](https://apidocs.trustgrid.io/audit/downloadnodeaudit.md): Requires audits::read:node permission.

### Export user authentication and access audit logs as a downloadable file

 - [GET /audit/download/user](https://apidocs.trustgrid.io/audit/downloaduseraudit.md): Requires audits::read:user permission.

### Retrieve real-time configuration change audit logs with filtering options

 - [GET /audit/tail/config](https://apidocs.trustgrid.io/audit/tailconfigaudit.md): Requires audits::read:config permission.

### Retrieve real-time node operational and security audit logs

 - [GET /audit/tail/node](https://apidocs.trustgrid.io/audit/tailnodeaudit.md): List node (appliance or agent) audits

---

Requires audits::read:node permission.

### Retrieve real-time user authentication and session audit logs

 - [GET /audit/tail/user](https://apidocs.trustgrid.io/audit/tailuseraudit.md): Requires audits::read:user permission.

### Retrieve network traffic flow logs with advanced filtering and pagination

 - [GET /v2/audit/flow-logs](https://apidocs.trustgrid.io/audit/getflowlogs.md): Requires audits::read:flows permission.

### Retrieve network traffic flow logs with advanced filtering and pagination (deprecated)

 - [GET /audit/tail/flow_logs](https://apidocs.trustgrid.io/audit/tailflowlogs.md): This is deprecated; use /v2/audit/flow-logs instead.

---

Requires audits::read:flows permission.

## Certificate

[TLS certificates](https://docs.trustgrid.io/docs/certificates/) provisioned for nodes to secure communications. Requires `certificates::read` to view, `certificates::modify` to manage.


### Retrieve all TLS certificates and their expiration status

 - [GET /v2/certificates](https://apidocs.trustgrid.io/certificate/listcertificates.md): Requires certificates::read permission.

### Upload and install a new TLS certificate for secure communications

 - [POST /v2/certificates](https://apidocs.trustgrid.io/certificate/paths/~1v2~1certificates/post.md): Requires certificates::modify permission.

### Remove a TLS certificate and disable secure communications for the domain

 - [DELETE /v2/certificates/{fqdn}](https://apidocs.trustgrid.io/certificate/paths/~1v2~1certificates~1%7Bfqdn%7D/delete.md): Requires certificates::modify permission.

### Replace an existing TLS certificate with an updated version

 - [PUT /v2/certificates/{fqdn}](https://apidocs.trustgrid.io/certificate/paths/~1v2~1certificates~1%7Bfqdn%7D/put.md): Requires certificates::modify permission.

## User

[User](https://docs.trustgrid.io/docs/user-management/) accounts for portal and API access. Authenticated via SSO (IDP) or local credentials and assigned permissions via policies. Requires `users::read` permission.


### Retrieve all user groups and their access permissions

 - [GET /group](https://apidocs.trustgrid.io/group/listgroups.md): Requires groups::read permissions

### Create a new user group with specified access permissions

 - [POST /group](https://apidocs.trustgrid.io/group/paths/~1group/post.md): Requires groups::modify permissions

### Remove a user from a group and revoke associated permissions

 - [DELETE /group/{groupId}/members/{email}](https://apidocs.trustgrid.io/group/paths/~1group~1%7Bgroupid%7D~1members~1%7Bemail%7D/delete.md): Requires groups::modify permissions

### Permanently delete a group and remove all member associations

 - [DELETE /group/{uid}](https://apidocs.trustgrid.io/group/paths/~1group~1%7Buid%7D/delete.md): Requires groups::modify permissions

### Retrieve detailed information about a specific group

 - [GET /group/{uid}](https://apidocs.trustgrid.io/group/getgroup.md): Requires groups::read permissions

### List all identity providers associated with a group

 - [GET /group/{uid}/idps](https://apidocs.trustgrid.io/group/listgroupidps.md): Requires groups::read permissions

### Retrieve all users that belong to a specific group

 - [GET /group/{uid}/members](https://apidocs.trustgrid.io/group/listgroupmembers.md): Requires groups::read permissions

### Add a new user to a group and grant associated permissions

 - [POST /group/{uid}/members](https://apidocs.trustgrid.io/group/paths/~1group~1%7Buid%7D~1members/post.md): Requires groups::modify permissions

### Retrieve all user groups and their access permissions

 - [GET /group](https://apidocs.trustgrid.io/user/listgroups.md): Requires groups::read permissions

### Create a new user group with specified access permissions

 - [POST /group](https://apidocs.trustgrid.io/user/paths/~1group/post.md): Requires groups::modify permissions

### Remove a user from a group and revoke associated permissions

 - [DELETE /group/{groupId}/members/{email}](https://apidocs.trustgrid.io/user/paths/~1group~1%7Bgroupid%7D~1members~1%7Bemail%7D/delete.md): Requires groups::modify permissions

### Permanently delete a group and remove all member associations

 - [DELETE /group/{uid}](https://apidocs.trustgrid.io/user/paths/~1group~1%7Buid%7D/delete.md): Requires groups::modify permissions

### Retrieve detailed information about a specific group

 - [GET /group/{uid}](https://apidocs.trustgrid.io/user/getgroup.md): Requires groups::read permissions

### List all identity providers associated with a group

 - [GET /group/{uid}/idps](https://apidocs.trustgrid.io/user/listgroupidps.md): Requires groups::read permissions

### Retrieve all users that belong to a specific group

 - [GET /group/{uid}/members](https://apidocs.trustgrid.io/user/listgroupmembers.md): Requires groups::read permissions

### Add a new user to a group and grant associated permissions

 - [POST /group/{uid}/members](https://apidocs.trustgrid.io/user/paths/~1group~1%7Buid%7D~1members/post.md): Requires groups::modify permissions

### Retrieve all users in the organization with their roles and permissions

 - [GET /user](https://apidocs.trustgrid.io/user/listusers.md): Changes to users sometimes take a few minutes to appear while being indexed

### Send an invitation email to a new user to join the organization

 - [POST /user](https://apidocs.trustgrid.io/user/paths/~1user/post.md): For organizations using the default Trustgrid authentication provider, users must be invited and then they should sign up with the invited email address.
For custom IDP integrations, users should be added instead.

### Directly add a user account for organizations with custom identity providers

 - [POST /user/add](https://apidocs.trustgrid.io/user/paths/~1user~1add/post.md): Add a user. This is only available to organizations with custom IDP integrations.

### Permanently remove a user from the organization and revoke all access

 - [DELETE /user/{email}](https://apidocs.trustgrid.io/user/paths/~1user~1%7Bemail%7D/delete.md)

### Retrieve the effective merged policy for a user

 - [GET /user/{email}/policy](https://apidocs.trustgrid.io/user/paths/~1user~1%7Bemail%7D~1policy/get.md): Returns the combined policy derived from all policies directly attached to the user plus those inherited via group membership.

### Attach a named policy to a user

 - [POST /user/{email}/policy/{name}](https://apidocs.trustgrid.io/user/paths/~1user~1%7Bemail%7D~1policy~1%7Bname%7D/post.md): Adds name to the user's set of directly attached policies.

Policies whose names start with restricted- cannot be attached via this endpoint.

Requires permissions::modify permission.

### Detach a named policy from a user

 - [DELETE /user/{email}/policy/{name}](https://apidocs.trustgrid.io/user/paths/~1user~1%7Bemail%7D~1policy~1%7Bname%7D/delete.md): Requires permissions::modify permission.

### Retrieve all groups that a specific user belongs to

 - [GET /user/{email}/groups](https://apidocs.trustgrid.io/user/listusergroups.md)

### Add a user to a group and grant associated permissions

 - [POST /v2/user/{email}/groups](https://apidocs.trustgrid.io/user/paths/~1v2~1user~1%7Bemail%7D~1groups/post.md)

### Remove a user from a group and revoke associated permissions

 - [DELETE /v2/user/{email}/groups/{group}](https://apidocs.trustgrid.io/user/paths/~1v2~1user~1%7Bemail%7D~1groups~1%7Bgroup%7D/delete.md)

## Group

### Retrieve all user groups and their access permissions

 - [GET /group](https://apidocs.trustgrid.io/group/listgroups.md): Requires groups::read permissions

### Create a new user group with specified access permissions

 - [POST /group](https://apidocs.trustgrid.io/group/paths/~1group/post.md): Requires groups::modify permissions

### Remove a user from a group and revoke associated permissions

 - [DELETE /group/{groupId}/members/{email}](https://apidocs.trustgrid.io/group/paths/~1group~1%7Bgroupid%7D~1members~1%7Bemail%7D/delete.md): Requires groups::modify permissions

### Permanently delete a group and remove all member associations

 - [DELETE /group/{uid}](https://apidocs.trustgrid.io/group/paths/~1group~1%7Buid%7D/delete.md): Requires groups::modify permissions

### Retrieve detailed information about a specific group

 - [GET /group/{uid}](https://apidocs.trustgrid.io/group/getgroup.md): Requires groups::read permissions

### List all identity providers associated with a group

 - [GET /group/{uid}/idps](https://apidocs.trustgrid.io/group/listgroupidps.md): Requires groups::read permissions

### Retrieve all users that belong to a specific group

 - [GET /group/{uid}/members](https://apidocs.trustgrid.io/group/listgroupmembers.md): Requires groups::read permissions

### Add a new user to a group and grant associated permissions

 - [POST /group/{uid}/members](https://apidocs.trustgrid.io/group/paths/~1group~1%7Buid%7D~1members/post.md): Requires groups::modify permissions

### Retrieve all user groups and their access permissions

 - [GET /group](https://apidocs.trustgrid.io/user/listgroups.md): Requires groups::read permissions

### Create a new user group with specified access permissions

 - [POST /group](https://apidocs.trustgrid.io/user/paths/~1group/post.md): Requires groups::modify permissions

### Remove a user from a group and revoke associated permissions

 - [DELETE /group/{groupId}/members/{email}](https://apidocs.trustgrid.io/user/paths/~1group~1%7Bgroupid%7D~1members~1%7Bemail%7D/delete.md): Requires groups::modify permissions

### Permanently delete a group and remove all member associations

 - [DELETE /group/{uid}](https://apidocs.trustgrid.io/user/paths/~1group~1%7Buid%7D/delete.md): Requires groups::modify permissions

### Retrieve detailed information about a specific group

 - [GET /group/{uid}](https://apidocs.trustgrid.io/user/getgroup.md): Requires groups::read permissions

### List all identity providers associated with a group

 - [GET /group/{uid}/idps](https://apidocs.trustgrid.io/user/listgroupidps.md): Requires groups::read permissions

### Retrieve all users that belong to a specific group

 - [GET /group/{uid}/members](https://apidocs.trustgrid.io/user/listgroupmembers.md): Requires groups::read permissions

### Add a new user to a group and grant associated permissions

 - [POST /group/{uid}/members](https://apidocs.trustgrid.io/user/paths/~1group~1%7Buid%7D~1members/post.md): Requires groups::modify permissions

## ObservabilityExporter

[Observability exporters](https://docs.trustgrid.io/docs/observability/) configure telemetry data forwarding to external monitoring systems (Splunk, HTTP endpoints) via OpenTelemetry. Requires `observability::read` to view, `observability::modify` to configure. Requires `observability` feature flag.


### Retrieve HTTP-specific configuration for a telemetry data exporter

 - [GET /v2/observability-exporter/http/{id}](https://apidocs.trustgrid.io/httpexporter/gethttpobservabilityexporter.md): Requires observability::read permission and Organization observability feature needs to be enabled.

### Modify HTTP-specific settings for a telemetry data exporter

 - [PUT /v2/observability-exporter/http/{id}](https://apidocs.trustgrid.io/httpexporter/paths/~1v2~1observability-exporter~1http~1%7Bid%7D/put.md): Requires observability::modify permission and Organization observability feature needs to be enabled.

### Retrieve all configured telemetry data exporters for external monitoring systems

 - [GET /v2/observability-exporter](https://apidocs.trustgrid.io/observabilityexporter/listobservabilityexporters.md): Requires observability::read permission and Organization observability feature needs to be enabled.

### Configure a new telemetry data exporter for external monitoring integration

 - [POST /v2/observability-exporter](https://apidocs.trustgrid.io/observabilityexporter/paths/~1v2~1observability-exporter/post.md): Requires observability::modify permission and Organization observability feature needs to be enabled.

### Retrieve configuration details for a specific telemetry data exporter

 - [GET /v2/observability-exporter/{id}](https://apidocs.trustgrid.io/observabilityexporter/getobservabilityexporter.md): Requires observability::read permission and Organization observability feature needs to be enabled.

### Modify settings for an existing telemetry data exporter

 - [PUT /v2/observability-exporter/{id}](https://apidocs.trustgrid.io/observabilityexporter/paths/~1v2~1observability-exporter~1%7Bid%7D/put.md): Requires observability::modify permission and Organization observability feature needs to be enabled.

### Remove a telemetry data exporter and stop external monitoring integration

 - [DELETE /v2/observability-exporter/{id}](https://apidocs.trustgrid.io/observabilityexporter/paths/~1v2~1observability-exporter~1%7Bid%7D/delete.md): Requires observability::modify permission and Organization observability feature needs to be enabled.

### Retrieve Splunk-specific configuration for a telemetry data exporter

 - [GET /v2/observability-exporter/splunk/{id}](https://apidocs.trustgrid.io/observabilityexporter/getsplunkobservabilityexporter.md): Requires observability::read permission and Organization observability feature needs to be enabled.

### Modify Splunk-specific settings for a telemetry data exporter

 - [PUT /v2/observability-exporter/splunk/{id}](https://apidocs.trustgrid.io/observabilityexporter/paths/~1v2~1observability-exporter~1splunk~1%7Bid%7D/put.md): Requires observability::modify permission and Organization observability feature needs to be enabled.

### Retrieve HTTP-specific configuration for a telemetry data exporter

 - [GET /v2/observability-exporter/http/{id}](https://apidocs.trustgrid.io/observabilityexporter/gethttpobservabilityexporter.md): Requires observability::read permission and Organization observability feature needs to be enabled.

### Modify HTTP-specific settings for a telemetry data exporter

 - [PUT /v2/observability-exporter/http/{id}](https://apidocs.trustgrid.io/observabilityexporter/paths/~1v2~1observability-exporter~1http~1%7Bid%7D/put.md): Requires observability::modify permission and Organization observability feature needs to be enabled.

### Retrieve Splunk-specific configuration for a telemetry data exporter

 - [GET /v2/observability-exporter/splunk/{id}](https://apidocs.trustgrid.io/splunkexporter/getsplunkobservabilityexporter.md): Requires observability::read permission and Organization observability feature needs to be enabled.

### Modify Splunk-specific settings for a telemetry data exporter

 - [PUT /v2/observability-exporter/splunk/{id}](https://apidocs.trustgrid.io/splunkexporter/paths/~1v2~1observability-exporter~1splunk~1%7Bid%7D/put.md): Requires observability::modify permission and Organization observability feature needs to be enabled.

## HTTPExporter

Generic HTTP observability exporter for forwarding telemetry to any OpenTelemetry-compatible HTTP endpoint. Requires `observability::read` to view, `observability::modify` to configure. Requires `observability` feature flag.


### Retrieve HTTP-specific configuration for a telemetry data exporter

 - [GET /v2/observability-exporter/http/{id}](https://apidocs.trustgrid.io/httpexporter/gethttpobservabilityexporter.md): Requires observability::read permission and Organization observability feature needs to be enabled.

### Modify HTTP-specific settings for a telemetry data exporter

 - [PUT /v2/observability-exporter/http/{id}](https://apidocs.trustgrid.io/httpexporter/paths/~1v2~1observability-exporter~1http~1%7Bid%7D/put.md): Requires observability::modify permission and Organization observability feature needs to be enabled.

### Retrieve HTTP-specific configuration for a telemetry data exporter

 - [GET /v2/observability-exporter/http/{id}](https://apidocs.trustgrid.io/observabilityexporter/gethttpobservabilityexporter.md): Requires observability::read permission and Organization observability feature needs to be enabled.

### Modify HTTP-specific settings for a telemetry data exporter

 - [PUT /v2/observability-exporter/http/{id}](https://apidocs.trustgrid.io/observabilityexporter/paths/~1v2~1observability-exporter~1http~1%7Bid%7D/put.md): Requires observability::modify permission and Organization observability feature needs to be enabled.

## IDP

[Identity provider](https://docs.trustgrid.io/docs/idps/) integrations (Okta, Azure AD, Google, SAML, OIDC) for SSO authentication and user/group synchronization. Requires `identity-providers::read` permission.


### Retrieve all configured identity providers for user authentication

 - [GET /v2/idp](https://apidocs.trustgrid.io/idp/listidps.md)

### Configure a new identity provider for external user authentication

 - [POST /v2/idp](https://apidocs.trustgrid.io/idp/paths/~1v2~1idp/post.md)

### Configure OpenID Connect authentication settings for an identity provider

 - [PUT /v2/idp/openid/{idpID}](https://apidocs.trustgrid.io/idp/paths/~1v2~1idp~1openid~1%7Bidpid%7D/put.md): Requires identity-providers::modify permission.

### Configure SAML 2.0 authentication settings for an identity provider

 - [PUT /v2/idp/saml/{idpID}](https://apidocs.trustgrid.io/idp/paths/~1v2~1idp~1saml~1%7Bidpid%7D/put.md): Requires identity-providers::modify permission.

### Remove an identity provider and disable external authentication

 - [DELETE /v2/idp/{uid}](https://apidocs.trustgrid.io/idp/paths/~1v2~1idp~1%7Buid%7D/delete.md)

### Retrieve configuration details for a specific identity provider

 - [GET /v2/idp/{uid}](https://apidocs.trustgrid.io/idp/getidp.md)

### Modify authentication settings for an existing identity provider

 - [PUT /v2/idp/{uid}](https://apidocs.trustgrid.io/idp/paths/~1v2~1idp~1%7Buid%7D/put.md)

## SplunkExporter

Splunk-specific observability exporter configuration for forwarding Trustgrid telemetry to a Splunk HEC endpoint. Requires `observability::read` to view, `observability::modify` to configure. Requires `observability` feature flag.


### Retrieve Splunk-specific configuration for a telemetry data exporter

 - [GET /v2/observability-exporter/splunk/{id}](https://apidocs.trustgrid.io/observabilityexporter/getsplunkobservabilityexporter.md): Requires observability::read permission and Organization observability feature needs to be enabled.

### Modify Splunk-specific settings for a telemetry data exporter

 - [PUT /v2/observability-exporter/splunk/{id}](https://apidocs.trustgrid.io/observabilityexporter/paths/~1v2~1observability-exporter~1splunk~1%7Bid%7D/put.md): Requires observability::modify permission and Organization observability feature needs to be enabled.

### Retrieve Splunk-specific configuration for a telemetry data exporter

 - [GET /v2/observability-exporter/splunk/{id}](https://apidocs.trustgrid.io/splunkexporter/getsplunkobservabilityexporter.md): Requires observability::read permission and Organization observability feature needs to be enabled.

### Modify Splunk-specific settings for a telemetry data exporter

 - [PUT /v2/observability-exporter/splunk/{id}](https://apidocs.trustgrid.io/splunkexporter/paths/~1v2~1observability-exporter~1splunk~1%7Bid%7D/put.md): Requires observability::modify permission and Organization observability feature needs to be enabled.

## Org

Organization-level settings including [support requests](https://docs.trustgrid.io/docs/support/), notification preferences, and [shared documents](https://docs.trustgrid.io/docs/support/documents/). Requires `orgs::read` permission.


### Retrieve organization details and configuration settings

 - [GET /org/mine](https://apidocs.trustgrid.io/org/getorg.md)

## Order

[Provisioning orders](https://docs.trustgrid.io/docs/provisioning/) track the lifecycle of Trustgrid appliances from purchase through deployment. Requires `orders::read` permission.


### Retrieve all hardware provisioning orders and their current status

 - [GET /provisioning/api/v1/orders](https://apidocs.trustgrid.io/order/listorders.md): The responses for orders from this API request are not fully hydrated (eg, no nodes).

### Submit a new hardware provisioning order for appliances or agents

 - [POST /provisioning/api/v1/orders](https://apidocs.trustgrid.io/order/paths/~1provisioning~1api~1v1~1orders/post.md)

### Retrieve detailed information about a specific provisioning order

 - [GET /provisioning/api/v1/orders/{uid}](https://apidocs.trustgrid.io/order/getorder.md)

### Modify the details and requirements of an existing provisioning order

 - [PUT /provisioning/api/v1/orders/{uid}](https://apidocs.trustgrid.io/order/paths/~1provisioning~1api~1v1~1orders~1%7Buid%7D/put.md)

### Add a note or comment to track order progress and communication

 - [POST /provisioning/api/v1/orders/{uid}/comment](https://apidocs.trustgrid.io/order/paths/~1provisioning~1api~1v1~1orders~1%7Buid%7D~1comment/post.md)

### Remove priority flag from an order to normalize processing

 - [DELETE /provisioning/api/v1/orders/{uid}/flag](https://apidocs.trustgrid.io/order/paths/~1provisioning~1api~1v1~1orders~1%7Buid%7D~1flag/delete.md)

### Mark an order as high priority or requiring special attention

 - [PUT /provisioning/api/v1/orders/{uid}/flag](https://apidocs.trustgrid.io/order/paths/~1provisioning~1api~1v1~1orders~1%7Buid%7D~1flag/put.md)

## Permissions

[Role-based access control](https://docs.trustgrid.io/docs/user-management/policies/) via policies assigning permissions to users and groups. Includes a simulator to evaluate permission decisions. Requires `permissions::read` to view, `permissions::modify` to configure.


### Retrieve all access control policies and their permission rules

 - [GET /v2/policy](https://apidocs.trustgrid.io/permissions/listpolicies.md): Requires permissions::read permission.

### Create a new access control policy with specified permissions and conditions

 - [POST /v2/policy](https://apidocs.trustgrid.io/permissions/paths/~1v2~1policy/post.md): Requires permissions::modify permission.

resources is a top-level field on the policy object, not nested inside statements.

Resource names use TGRN format, e.g. tgrn:tg::nodes:node/{uid} or tgrn:tg::access-apps:app/{uid}. Use * to match all resources of a type.

Action names must match the exact permission identifier accepted by the API, e.g. nodes::configure:apigw.

### Remove an access control policy and revoke associated permissions

 - [DELETE /v2/policy/{name}](https://apidocs.trustgrid.io/permissions/paths/~1v2~1policy~1%7Bname%7D/delete.md): Requires permissions::modify permission.

### Retrieve detailed configuration of a specific access control policy

 - [GET /v2/policy/{name}](https://apidocs.trustgrid.io/permissions/getpolicy.md): Requires permissions::read permission.

### Modify permissions and conditions for an existing access control policy

 - [PUT /v2/policy/{name}](https://apidocs.trustgrid.io/permissions/paths/~1v2~1policy~1%7Bname%7D/put.md): Requires permissions::modify permission.

resources is a top-level field on the policy object, not nested inside statements.

Resource names use TGRN format, e.g. tgrn:tg::nodes:node/{uid} or tgrn:tg::access-apps:app/{uid}. Use * to match all resources of a type.

Action names must match the exact permission identifier accepted by the API, e.g. nodes::configure:apigw.

## ServiceUser

Machine accounts for API-only access, used for automation and integrations. Each service user can have API tokens generated without portal access. Requires `users::read` to view.


### Retrieve configuration details for a specific service account

 - [GET /v2/service-user/{name}](https://apidocs.trustgrid.io/serviceuser/getserviceuser.md)

### Generate new API credentials (client ID and secret) for a service account

 - [POST /v2/service-user/{name}/token](https://apidocs.trustgrid.io/serviceuser/paths/~1v2~1service-user~1%7Bname%7D~1token/post.md)

### Retrieve all API-only service accounts configured for the organization

 - [GET /v2/service-user](https://apidocs.trustgrid.io/serviceuser/listserviceusers.md)

### Create a new API-only service account with specified permissions

 - [POST /v2/service-user](https://apidocs.trustgrid.io/serviceuser/paths/~1v2~1service-user/post.md)

## Tag

[Tags](https://docs.trustgrid.io/docs/nodes/shared/tags/) are key-value metadata attached to nodes and clusters for grouping, permissions scoping, and dashboard filtering. Requires `nodes::read` to view, `nodes::tag` to modify.


### Retrieve all available metadata tags used for node and cluster organization

 - [GET /tags](https://apidocs.trustgrid.io/tag/listtags.md)

### Retrieve details and usage information for a specific tag

 - [GET /tags/{tagName}](https://apidocs.trustgrid.io/tag/gettag.md)