# Trustgrid Management API

The Trustgrid Management API provides programmatic access to manage the Trustgrid
network infrastructure platform. Trustgrid connects distributed nodes (appliances and
agents) into secure overlay networks with centralized management.

## Key Concepts

- **Nodes**: The core compute units — either `Node` (physical/VM appliance) or `Agent`
  (lightweight software agent on a device). Identified by UUID (`uid`) and FQDN.
- **Clusters**: High-availability groups of nodes sharing configuration.
- **Domains**: Logical groupings of nodes within an organization.
- **Virtual Networks**: Layer-3 overlay networks (`DomainNetwork`) created within a domain,
  enabling zero-trust connectivity between nodes. Each network has access policies,
  DNS config, routes, and port forwarding rules.
- **Tags**: Key-value metadata attached to nodes and clusters for grouping and permissions.
- **Shadow**: Each node has an AWS IoT Device Shadow with `desired` (target config) and
  `reported` (current state) halves. The `reported` shadow contains telemetry using
  dot-notation keys (e.g. `nic.eth0.mtu`, `node-core.version`).

## Authentication

All API requests require a JWT Bearer token in the `Authorization` header:
```
Authorization: Bearer <token>
```
Tokens are obtained via the Trustgrid portal or programmatically via service user
credentials. See [API Access docs](https://docs.trustgrid.io/docs/user-management/api-access/).

## Permissions

Most endpoints require specific permissions (noted in each endpoint's description).
Permissions follow the pattern `resource::action` (e.g. `nodes::read`, `virtual-networks::modify`).


Version: 1.0.0
License: unlicensed

## Servers

```
https://api.trustgrid.io
```

## Security

### JWTAuthorizer

JWT Bearer token. Send as `Authorization: Bearer <token>`. Obtain via the Trustgrid portal or service user credentials. See https://docs.trustgrid.io/docs/user-management/api-access/

Type: http
Scheme: bearer
Bearer Format: JWT

## Download OpenAPI description

[Trustgrid Management API](https://apidocs.trustgrid.io/_bundle/index.yaml)

## Alarm

[Alarm filters](https://docs.trustgrid.io/docs/alarms/alarm-filters/) define criteria and thresholds for when events generate alert notifications. Configure alert channels (email, Slack, PagerDuty, OpsGenie, Teams, webhooks) and maintenance windows. Requires `alarms::read` permission.


### Retrieve all configured alarm filters and their trigger conditions

 - [GET /v2/alarm](https://apidocs.trustgrid.io/alarm/listalarms.md): Requires alarms::read permission.

### Create a new alarm filter to monitor events and trigger notifications

 - [POST /v2/alarm](https://apidocs.trustgrid.io/alarm/paths/~1v2~1alarm/post.md): Requires alarms::modify permission.

### Retrieve all configured notification channels for alarm delivery

 - [GET /v2/alarm-channel](https://apidocs.trustgrid.io/alarm/listalarmchannels.md)

### Configure a new notification channel for alarm delivery (email, Slack, etc.)

 - [POST /v2/alarm-channel](https://apidocs.trustgrid.io/alarm/paths/~1v2~1alarm-channel/post.md)

### Permanently remove a notification channel configuration

 - [DELETE /v2/alarm-channel/{uid}](https://apidocs.trustgrid.io/alarm/paths/~1v2~1alarm-channel~1%7Buid%7D/delete.md)

### Retrieve configuration details for a specific notification channel

 - [GET /v2/alarm-channel/{uid}](https://apidocs.trustgrid.io/alarm/getalarmchannel.md)

### Modify settings for an existing notification channel

 - [PUT /v2/alarm-channel/{uid}](https://apidocs.trustgrid.io/alarm/paths/~1v2~1alarm-channel~1%7Buid%7D/put.md)

### Cancel an active alert suppression window and resume normal notifications

 - [DELETE /v2/alarm/suppression](https://apidocs.trustgrid.io/alarm/paths/~1v2~1alarm~1suppression/delete.md)

### Retrieve current or upcoming alert suppression schedule details

 - [GET /v2/alarm/suppression](https://apidocs.trustgrid.io/alarm/getalarmsuppression.md)

### Schedule a time period to temporarily disable alarm notifications

 - [POST /v2/alarm/suppression](https://apidocs.trustgrid.io/alarm/paths/~1v2~1alarm~1suppression/post.md)

### Permanently remove an alarm filter and stop monitoring conditions

 - [DELETE /v2/alarm/{uid}](https://apidocs.trustgrid.io/alarm/paths/~1v2~1alarm~1%7Buid%7D/delete.md)

### Retrieve detailed configuration of a specific alarm filter

 - [GET /v2/alarm/{uid}](https://apidocs.trustgrid.io/alarm/getalarm.md)

### Modify trigger conditions and settings for an existing alarm filter

 - [PUT /v2/alarm/{uid}](https://apidocs.trustgrid.io/alarm/paths/~1v2~1alarm~1%7Buid%7D/put.md)

## Alert

Security and operational events broadcast when significant node or system activity occurs (connects/disconnects, certificate warnings, order updates). Required permissions vary by endpoint; see each operation description for the specific permission needed.


### Retrieve security and operational events for a specific node

 - [GET /alert/{nodeID}](https://apidocs.trustgrid.io/alert/listnodealerts.md): List events for a node (appliance or agent), newest first

---

Requires alerts::read permission.

### Retrieve all recent security and operational alerts across the organization

 - [GET /v2/alert](https://apidocs.trustgrid.io/alert/listalertsv2.md): Requires alerts::read permission.

### Retrieve security and operational alerts specific to a single node

 - [GET /v2/alert/{nodeID}](https://apidocs.trustgrid.io/alert/listnodealertsv2.md): Requires alerts::read permission.

### Manually resolve and dismiss a specific alert type for a node

 - [DELETE /v2/alert/{nodeID}/{alertType}](https://apidocs.trustgrid.io/alert/paths/~1v2~1alert~1%7Bnodeid%7D~1%7Balerttype%7D/delete.md): Requires alerts::read permission.

### List audit events across the organization filtered by time range and type

 - [GET /v2/event](https://apidocs.trustgrid.io/alert/listevents.md): Returns a paginated list of audit events (node connects/disconnects,
config changes, certificate warnings, order updates, etc.) within a
time window. Supports filtering by node, event type, level, and item
type. Use sTime/eTime for the time range (ISO 8601).

---

Requires events::read permission.

### Get all events by time range for a Node

 - [GET /v2/event/{nodeId}](https://apidocs.trustgrid.io/alert/listnodeevents.md): Requires events::read permission.

### Validate if a specific event would trigger configured alarm filters

 - [POST /v2/event/{nodeId}/{eventId}](https://apidocs.trustgrid.io/alert/paths/~1v2~1event~1%7Bnodeid%7D~1%7Beventid%7D/post.md)

### List all security and operational events across the organization (deprecated)

 - [GET /alert](https://apidocs.trustgrid.io/alert/listalerts.md): This is deprecated; use /v2/event instead.

---

Requires alerts::read permission.

## Domain

A [domain](https://docs.trustgrid.io/docs/domain/) is a logical grouping of nodes within an organization, providing the namespace for virtual networks, DNS zones, and access policies. Requires `domains::read` permission.


### Retrieve domain configuration including security and network settings

 - [GET /domain/{domainName}](https://apidocs.trustgrid.io/domain/getdomain.md): Requires domains::read permission.

### Configure domain-wide alert thresholds and notification settings

 - [PUT /domain/{domainName}/config/alert](https://apidocs.trustgrid.io/domain/paths/~1domain~1%7Bdomainname%7D~1config~1alert/put.md): Requires domains::configure:thresholds permission.

### Configure domain-level API gateway settings and access policies

 - [PUT /domain/{domainName}/config/apigw](https://apidocs.trustgrid.io/domain/paths/~1domain~1%7Bdomainname%7D~1config~1apigw/put.md): Requires domains::configure:gateway permission.

### List virtual networks

 - [GET /v2/domain/{domainName}/network](https://apidocs.trustgrid.io/domain/listvirtualnetworks.md): Requires virtual-networks::read permission.

### Create a virtual network network

 - [POST /v2/domain/{domainName}/network](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network/post.md): Requires virtual-networks::modify permission.

### Delete a virtual network - this change is not staged and will immediately affect the domain

 - [DELETE /v2/domain/{domainName}/network/{networkName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D/delete.md): Requires virtual-networks::modify permission.

### List a virtual network's access policies

 - [GET /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/domain/listnetworkaccesspolicies.md): Requires virtual-networks::read permission.

### Create a network access policy

 - [POST /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy/post.md): Requires virtual-networks::modify permission.

### Delete a network access policy

 - [DELETE /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network access policy

 - [PUT /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's auth groups

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/domain/listnetworkauthgroups.md): Requires virtual-networks::read permission.

### Create a network auth group

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group/post.md): Requires virtual-networks::modify permission.

### Delete a network auth group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network auth group's members

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/domain/getnetworkauthgroup.md): Requires virtual-networks::read permission.

### Add a network auth group member

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/post.md): Requires virtual-networks::modify permission.

### Update a network auth group

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network auth group member

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a membership

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/put.md): Requires virtual-networks::modify permission.

### List staged changes awaiting commit

 - [GET /v2/domain/{domainName}/network/{networkName}/change](https://apidocs.trustgrid.io/domain/listnetworkchanges.md): Returns staged (uncommitted) changes to the virtual network. Changes are staged before being committed via the change/commit endpoint. Requires virtual-networks::read permission.

### Commit staged changes

 - [POST /v2/domain/{domainName}/network/{networkName}/change/commit](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1commit/post.md): Requires virtual-networks::modify permission.

### List validation errors for staged changes

 - [GET /v2/domain/{domainName}/network/{networkName}/change/validate](https://apidocs.trustgrid.io/domain/validatenetworkchanges.md): Requires virtual-networks::read permission.

### Revert a staged change. If the item is newly added and not committed, the item will be deleted along with any associated changes.

 - [DELETE /v2/domain/{domainName}/network/{networkName}/change/{changeID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1%7Bchangeid%7D/delete.md): Requires virtual-networks::modify permission.

### Get a network's DNS configuration

 - [GET /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/domain/getnetworkdns.md): Requires virtual-networks::read permission.

### Update a network's DNS configuration

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns/put.md): Requires virtual-networks::modify permission.

### List a network's DNS zones

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/domain/listnetworkdnszones.md): Requires virtual-networks::read permission.

### Create a DNS zone

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone/post.md): Requires virtual-networks::modify permission.

### Delete a DNS zone

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS zone

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/put.md): Requires virtual-networks::modify permission.

### List a network zone's DNS records

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/domain/listnetworkdnsrecords.md): Requires virtual-networks::read permission.

### Create a DNS record

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record/post.md): Requires virtual-networks::modify permission.

### Delete a DNS record

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS record

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/put.md): Requires virtual-networks::modify permission.

### List a network's groups

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/domain/listnetworkgroups.md): Requires virtual-networks::read permission.

### Create a network group

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group/post.md): Requires virtual-networks::modify permission.

### Delete a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network's group memberships

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/domain/getnetworkgroup.md): Requires virtual-networks::read permission.

### Update a network group

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network object from a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Add a network object to a network group (represented by a network group membership

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/post.md): Requires virtual-networks::modify permission.

### List a network's objects

 - [GET /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/domain/listnetworkobjects.md): Requires virtual-networks::read permission.

### Create a network object

 - [POST /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object/post.md): Requires virtual-networks::modify permission.

### Delete a network object

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network object

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/put.md): Requires virtual-networks::modify permission.

### List a network's port forwardings

 - [GET /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/domain/listnetworkportforwardings.md): Requires virtual-networks::read permission.

### Create a port forwarding

 - [POST /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding/post.md): Requires virtual-networks::modify permission.

### Get a port forwarding

 - [DELETE /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/delete.md): Requires virtual-networks::read permission.

### Update a port forwarding

 - [PUT /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's routes

 - [GET /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/domain/listnetworkroutes.md): Requires virtual-networks::read permission.

### Create a network route

 - [POST /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route/post.md): Requires virtual-networks::modify permission.

### Delete a network route

 - [DELETE /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network route

 - [PUT /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/put.md): Requires virtual-networks::modify permission.

### List virtual networks

 - [GET /v2/domain/{domainName}/network](https://apidocs.trustgrid.io/virtual-networks/listvirtualnetworks.md): Requires virtual-networks::read permission.

### Create a virtual network network

 - [POST /v2/domain/{domainName}/network](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network/post.md): Requires virtual-networks::modify permission.

### Delete a virtual network - this change is not staged and will immediately affect the domain

 - [DELETE /v2/domain/{domainName}/network/{networkName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D/delete.md): Requires virtual-networks::modify permission.

### List a virtual network's access policies

 - [GET /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/virtual-networks/listnetworkaccesspolicies.md): Requires virtual-networks::read permission.

### Create a network access policy

 - [POST /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy/post.md): Requires virtual-networks::modify permission.

### Delete a network access policy

 - [DELETE /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network access policy

 - [PUT /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's auth groups

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/virtual-networks/listnetworkauthgroups.md): Requires virtual-networks::read permission.

### Create a network auth group

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group/post.md): Requires virtual-networks::modify permission.

### Delete a network auth group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network auth group's members

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/getnetworkauthgroup.md): Requires virtual-networks::read permission.

### Add a network auth group member

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/post.md): Requires virtual-networks::modify permission.

### Update a network auth group

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network auth group member

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a membership

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/put.md): Requires virtual-networks::modify permission.

### List staged changes awaiting commit

 - [GET /v2/domain/{domainName}/network/{networkName}/change](https://apidocs.trustgrid.io/virtual-networks/listnetworkchanges.md): Returns staged (uncommitted) changes to the virtual network. Changes are staged before being committed via the change/commit endpoint. Requires virtual-networks::read permission.

### Commit staged changes

 - [POST /v2/domain/{domainName}/network/{networkName}/change/commit](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1commit/post.md): Requires virtual-networks::modify permission.

### List validation errors for staged changes

 - [GET /v2/domain/{domainName}/network/{networkName}/change/validate](https://apidocs.trustgrid.io/virtual-networks/validatenetworkchanges.md): Requires virtual-networks::read permission.

### Revert a staged change. If the item is newly added and not committed, the item will be deleted along with any associated changes.

 - [DELETE /v2/domain/{domainName}/network/{networkName}/change/{changeID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1%7Bchangeid%7D/delete.md): Requires virtual-networks::modify permission.

### Get a network's DNS configuration

 - [GET /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/virtual-networks/getnetworkdns.md): Requires virtual-networks::read permission.

### Update a network's DNS configuration

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns/put.md): Requires virtual-networks::modify permission.

### List a network's DNS zones

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/virtual-networks/listnetworkdnszones.md): Requires virtual-networks::read permission.

### Create a DNS zone

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone/post.md): Requires virtual-networks::modify permission.

### Delete a DNS zone

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS zone

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/put.md): Requires virtual-networks::modify permission.

### List a network zone's DNS records

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/virtual-networks/listnetworkdnsrecords.md): Requires virtual-networks::read permission.

### Create a DNS record

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record/post.md): Requires virtual-networks::modify permission.

### Delete a DNS record

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS record

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/put.md): Requires virtual-networks::modify permission.

### List a network's groups

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/virtual-networks/listnetworkgroups.md): Requires virtual-networks::read permission.

### Create a network group

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group/post.md): Requires virtual-networks::modify permission.

### Delete a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network's group memberships

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/getnetworkgroup.md): Requires virtual-networks::read permission.

### Update a network group

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network object from a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Add a network object to a network group (represented by a network group membership

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/post.md): Requires virtual-networks::modify permission.

### List a network's objects

 - [GET /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/virtual-networks/listnetworkobjects.md): Requires virtual-networks::read permission.

### Create a network object

 - [POST /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object/post.md): Requires virtual-networks::modify permission.

### Delete a network object

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network object

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/put.md): Requires virtual-networks::modify permission.

### List a network's port forwardings

 - [GET /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/virtual-networks/listnetworkportforwardings.md): Requires virtual-networks::read permission.

### Create a port forwarding

 - [POST /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding/post.md): Requires virtual-networks::modify permission.

### Get a port forwarding

 - [DELETE /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/delete.md): Requires virtual-networks::read permission.

### Update a port forwarding

 - [PUT /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's routes

 - [GET /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/virtual-networks/listnetworkroutes.md): Requires virtual-networks::read permission.

### Create a network route

 - [POST /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route/post.md): Requires virtual-networks::modify permission.

### Delete a network route

 - [DELETE /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network route

 - [PUT /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/put.md): Requires virtual-networks::modify permission.

### List a virtual network's access policies

 - [GET /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/access-policy/listnetworkaccesspolicies.md): Requires virtual-networks::read permission.

### Create a network access policy

 - [POST /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/access-policy/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy/post.md): Requires virtual-networks::modify permission.

### Delete a network access policy

 - [DELETE /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/access-policy/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network access policy

 - [PUT /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/access-policy/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/put.md): Requires virtual-networks::modify permission.

### List staged changes awaiting commit

 - [GET /v2/domain/{domainName}/network/{networkName}/change](https://apidocs.trustgrid.io/change-management/listnetworkchanges.md): Returns staged (uncommitted) changes to the virtual network. Changes are staged before being committed via the change/commit endpoint. Requires virtual-networks::read permission.

### Commit staged changes

 - [POST /v2/domain/{domainName}/network/{networkName}/change/commit](https://apidocs.trustgrid.io/change-management/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1commit/post.md): Requires virtual-networks::modify permission.

### List validation errors for staged changes

 - [GET /v2/domain/{domainName}/network/{networkName}/change/validate](https://apidocs.trustgrid.io/change-management/validatenetworkchanges.md): Requires virtual-networks::read permission.

### Revert a staged change. If the item is newly added and not committed, the item will be deleted along with any associated changes.

 - [DELETE /v2/domain/{domainName}/network/{networkName}/change/{changeID}](https://apidocs.trustgrid.io/change-management/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1%7Bchangeid%7D/delete.md): Requires virtual-networks::modify permission.

### Get a network's DNS configuration

 - [GET /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/dns/getnetworkdns.md): Requires virtual-networks::read permission.

### Update a network's DNS configuration

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/dns/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns/put.md): Requires virtual-networks::modify permission.

### List a network's DNS zones

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/dns-zone/listnetworkdnszones.md): Requires virtual-networks::read permission.

### Create a DNS zone

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/dns-zone/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone/post.md): Requires virtual-networks::modify permission.

### Delete a DNS zone

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/dns-zone/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS zone

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/dns-zone/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/put.md): Requires virtual-networks::modify permission.

### List a network zone's DNS records

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/dns-record/listnetworkdnsrecords.md): Requires virtual-networks::read permission.

### Create a DNS record

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/dns-record/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record/post.md): Requires virtual-networks::modify permission.

### Delete a DNS record

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/dns-record/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS record

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/dns-record/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/put.md): Requires virtual-networks::modify permission.

### List a network's groups

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/network-group/listnetworkgroups.md): Requires virtual-networks::read permission.

### Create a network group

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group/post.md): Requires virtual-networks::modify permission.

### Delete a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network's group memberships

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/network-group/getnetworkgroup.md): Requires virtual-networks::read permission.

### Update a network group

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network object from a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Add a network object to a network group (represented by a network group membership

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/post.md): Requires virtual-networks::modify permission.

### List a network's objects

 - [GET /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/network-object/listnetworkobjects.md): Requires virtual-networks::read permission.

### Create a network object

 - [POST /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/network-object/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object/post.md): Requires virtual-networks::modify permission.

### Delete a network object

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/network-object/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network object

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/network-object/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/put.md): Requires virtual-networks::modify permission.

### List a network's port forwardings

 - [GET /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/port-forwarding/listnetworkportforwardings.md): Requires virtual-networks::read permission.

### Create a port forwarding

 - [POST /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/port-forwarding/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding/post.md): Requires virtual-networks::modify permission.

### Get a port forwarding

 - [DELETE /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/port-forwarding/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/delete.md): Requires virtual-networks::read permission.

### Update a port forwarding

 - [PUT /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/port-forwarding/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's routes

 - [GET /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/route/listnetworkroutes.md): Requires virtual-networks::read permission.

### Create a network route

 - [POST /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/route/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route/post.md): Requires virtual-networks::modify permission.

### Delete a network route

 - [DELETE /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/route/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network route

 - [PUT /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/route/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's auth groups

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/auth-group/listnetworkauthgroups.md): Requires virtual-networks::read permission.

### Create a network auth group

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group/post.md): Requires virtual-networks::modify permission.

### Delete a network auth group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network auth group's members

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/auth-group/getnetworkauthgroup.md): Requires virtual-networks::read permission.

### Add a network auth group member

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/post.md): Requires virtual-networks::modify permission.

### Update a network auth group

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network auth group member

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a membership

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/put.md): Requires virtual-networks::modify permission.

## Virtual Networks

[Virtual networks](https://docs.trustgrid.io/docs/domain/virtual-networks/) are Layer-3 overlay networks enabling zero-trust connectivity between nodes. Configure routes, DNS, access policies, port forwarding, and IP pools. Requires `virtual-networks::read` permission.


### List virtual networks

 - [GET /v2/domain/{domainName}/network](https://apidocs.trustgrid.io/domain/listvirtualnetworks.md): Requires virtual-networks::read permission.

### Create a virtual network network

 - [POST /v2/domain/{domainName}/network](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network/post.md): Requires virtual-networks::modify permission.

### Delete a virtual network - this change is not staged and will immediately affect the domain

 - [DELETE /v2/domain/{domainName}/network/{networkName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D/delete.md): Requires virtual-networks::modify permission.

### List a virtual network's access policies

 - [GET /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/domain/listnetworkaccesspolicies.md): Requires virtual-networks::read permission.

### Create a network access policy

 - [POST /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy/post.md): Requires virtual-networks::modify permission.

### Delete a network access policy

 - [DELETE /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network access policy

 - [PUT /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's auth groups

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/domain/listnetworkauthgroups.md): Requires virtual-networks::read permission.

### Create a network auth group

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group/post.md): Requires virtual-networks::modify permission.

### Delete a network auth group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network auth group's members

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/domain/getnetworkauthgroup.md): Requires virtual-networks::read permission.

### Add a network auth group member

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/post.md): Requires virtual-networks::modify permission.

### Update a network auth group

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network auth group member

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a membership

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/put.md): Requires virtual-networks::modify permission.

### List staged changes awaiting commit

 - [GET /v2/domain/{domainName}/network/{networkName}/change](https://apidocs.trustgrid.io/domain/listnetworkchanges.md): Returns staged (uncommitted) changes to the virtual network. Changes are staged before being committed via the change/commit endpoint. Requires virtual-networks::read permission.

### Commit staged changes

 - [POST /v2/domain/{domainName}/network/{networkName}/change/commit](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1commit/post.md): Requires virtual-networks::modify permission.

### List validation errors for staged changes

 - [GET /v2/domain/{domainName}/network/{networkName}/change/validate](https://apidocs.trustgrid.io/domain/validatenetworkchanges.md): Requires virtual-networks::read permission.

### Revert a staged change. If the item is newly added and not committed, the item will be deleted along with any associated changes.

 - [DELETE /v2/domain/{domainName}/network/{networkName}/change/{changeID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1%7Bchangeid%7D/delete.md): Requires virtual-networks::modify permission.

### Get a network's DNS configuration

 - [GET /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/domain/getnetworkdns.md): Requires virtual-networks::read permission.

### Update a network's DNS configuration

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns/put.md): Requires virtual-networks::modify permission.

### List a network's DNS zones

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/domain/listnetworkdnszones.md): Requires virtual-networks::read permission.

### Create a DNS zone

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone/post.md): Requires virtual-networks::modify permission.

### Delete a DNS zone

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS zone

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/put.md): Requires virtual-networks::modify permission.

### List a network zone's DNS records

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/domain/listnetworkdnsrecords.md): Requires virtual-networks::read permission.

### Create a DNS record

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record/post.md): Requires virtual-networks::modify permission.

### Delete a DNS record

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS record

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/put.md): Requires virtual-networks::modify permission.

### List a network's groups

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/domain/listnetworkgroups.md): Requires virtual-networks::read permission.

### Create a network group

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group/post.md): Requires virtual-networks::modify permission.

### Delete a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network's group memberships

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/domain/getnetworkgroup.md): Requires virtual-networks::read permission.

### Update a network group

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network object from a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Add a network object to a network group (represented by a network group membership

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/post.md): Requires virtual-networks::modify permission.

### List a network's objects

 - [GET /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/domain/listnetworkobjects.md): Requires virtual-networks::read permission.

### Create a network object

 - [POST /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object/post.md): Requires virtual-networks::modify permission.

### Delete a network object

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network object

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/put.md): Requires virtual-networks::modify permission.

### List a network's port forwardings

 - [GET /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/domain/listnetworkportforwardings.md): Requires virtual-networks::read permission.

### Create a port forwarding

 - [POST /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding/post.md): Requires virtual-networks::modify permission.

### Get a port forwarding

 - [DELETE /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/delete.md): Requires virtual-networks::read permission.

### Update a port forwarding

 - [PUT /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's routes

 - [GET /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/domain/listnetworkroutes.md): Requires virtual-networks::read permission.

### Create a network route

 - [POST /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route/post.md): Requires virtual-networks::modify permission.

### Delete a network route

 - [DELETE /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network route

 - [PUT /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/put.md): Requires virtual-networks::modify permission.

### List virtual networks

 - [GET /v2/domain/{domainName}/network](https://apidocs.trustgrid.io/virtual-networks/listvirtualnetworks.md): Requires virtual-networks::read permission.

### Create a virtual network network

 - [POST /v2/domain/{domainName}/network](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network/post.md): Requires virtual-networks::modify permission.

### Delete a virtual network - this change is not staged and will immediately affect the domain

 - [DELETE /v2/domain/{domainName}/network/{networkName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D/delete.md): Requires virtual-networks::modify permission.

### List a virtual network's access policies

 - [GET /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/virtual-networks/listnetworkaccesspolicies.md): Requires virtual-networks::read permission.

### Create a network access policy

 - [POST /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy/post.md): Requires virtual-networks::modify permission.

### Delete a network access policy

 - [DELETE /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network access policy

 - [PUT /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's auth groups

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/virtual-networks/listnetworkauthgroups.md): Requires virtual-networks::read permission.

### Create a network auth group

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group/post.md): Requires virtual-networks::modify permission.

### Delete a network auth group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network auth group's members

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/getnetworkauthgroup.md): Requires virtual-networks::read permission.

### Add a network auth group member

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/post.md): Requires virtual-networks::modify permission.

### Update a network auth group

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network auth group member

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a membership

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/put.md): Requires virtual-networks::modify permission.

### List staged changes awaiting commit

 - [GET /v2/domain/{domainName}/network/{networkName}/change](https://apidocs.trustgrid.io/virtual-networks/listnetworkchanges.md): Returns staged (uncommitted) changes to the virtual network. Changes are staged before being committed via the change/commit endpoint. Requires virtual-networks::read permission.

### Commit staged changes

 - [POST /v2/domain/{domainName}/network/{networkName}/change/commit](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1commit/post.md): Requires virtual-networks::modify permission.

### List validation errors for staged changes

 - [GET /v2/domain/{domainName}/network/{networkName}/change/validate](https://apidocs.trustgrid.io/virtual-networks/validatenetworkchanges.md): Requires virtual-networks::read permission.

### Revert a staged change. If the item is newly added and not committed, the item will be deleted along with any associated changes.

 - [DELETE /v2/domain/{domainName}/network/{networkName}/change/{changeID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1%7Bchangeid%7D/delete.md): Requires virtual-networks::modify permission.

### Get a network's DNS configuration

 - [GET /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/virtual-networks/getnetworkdns.md): Requires virtual-networks::read permission.

### Update a network's DNS configuration

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns/put.md): Requires virtual-networks::modify permission.

### List a network's DNS zones

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/virtual-networks/listnetworkdnszones.md): Requires virtual-networks::read permission.

### Create a DNS zone

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone/post.md): Requires virtual-networks::modify permission.

### Delete a DNS zone

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS zone

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/put.md): Requires virtual-networks::modify permission.

### List a network zone's DNS records

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/virtual-networks/listnetworkdnsrecords.md): Requires virtual-networks::read permission.

### Create a DNS record

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record/post.md): Requires virtual-networks::modify permission.

### Delete a DNS record

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS record

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/put.md): Requires virtual-networks::modify permission.

### List a network's groups

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/virtual-networks/listnetworkgroups.md): Requires virtual-networks::read permission.

### Create a network group

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group/post.md): Requires virtual-networks::modify permission.

### Delete a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network's group memberships

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/getnetworkgroup.md): Requires virtual-networks::read permission.

### Update a network group

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network object from a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Add a network object to a network group (represented by a network group membership

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/post.md): Requires virtual-networks::modify permission.

### List a network's objects

 - [GET /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/virtual-networks/listnetworkobjects.md): Requires virtual-networks::read permission.

### Create a network object

 - [POST /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object/post.md): Requires virtual-networks::modify permission.

### Delete a network object

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network object

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/put.md): Requires virtual-networks::modify permission.

### List a network's port forwardings

 - [GET /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/virtual-networks/listnetworkportforwardings.md): Requires virtual-networks::read permission.

### Create a port forwarding

 - [POST /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding/post.md): Requires virtual-networks::modify permission.

### Get a port forwarding

 - [DELETE /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/delete.md): Requires virtual-networks::read permission.

### Update a port forwarding

 - [PUT /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's routes

 - [GET /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/virtual-networks/listnetworkroutes.md): Requires virtual-networks::read permission.

### Create a network route

 - [POST /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route/post.md): Requires virtual-networks::modify permission.

### Delete a network route

 - [DELETE /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network route

 - [PUT /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/put.md): Requires virtual-networks::modify permission.

### List a virtual network's access policies

 - [GET /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/access-policy/listnetworkaccesspolicies.md): Requires virtual-networks::read permission.

### Create a network access policy

 - [POST /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/access-policy/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy/post.md): Requires virtual-networks::modify permission.

### Delete a network access policy

 - [DELETE /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/access-policy/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network access policy

 - [PUT /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/access-policy/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/put.md): Requires virtual-networks::modify permission.

### List staged changes awaiting commit

 - [GET /v2/domain/{domainName}/network/{networkName}/change](https://apidocs.trustgrid.io/change-management/listnetworkchanges.md): Returns staged (uncommitted) changes to the virtual network. Changes are staged before being committed via the change/commit endpoint. Requires virtual-networks::read permission.

### Commit staged changes

 - [POST /v2/domain/{domainName}/network/{networkName}/change/commit](https://apidocs.trustgrid.io/change-management/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1commit/post.md): Requires virtual-networks::modify permission.

### List validation errors for staged changes

 - [GET /v2/domain/{domainName}/network/{networkName}/change/validate](https://apidocs.trustgrid.io/change-management/validatenetworkchanges.md): Requires virtual-networks::read permission.

### Revert a staged change. If the item is newly added and not committed, the item will be deleted along with any associated changes.

 - [DELETE /v2/domain/{domainName}/network/{networkName}/change/{changeID}](https://apidocs.trustgrid.io/change-management/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1%7Bchangeid%7D/delete.md): Requires virtual-networks::modify permission.

### Get a network's DNS configuration

 - [GET /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/dns/getnetworkdns.md): Requires virtual-networks::read permission.

### Update a network's DNS configuration

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/dns/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns/put.md): Requires virtual-networks::modify permission.

### List a network's DNS zones

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/dns-zone/listnetworkdnszones.md): Requires virtual-networks::read permission.

### Create a DNS zone

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/dns-zone/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone/post.md): Requires virtual-networks::modify permission.

### Delete a DNS zone

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/dns-zone/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS zone

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/dns-zone/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/put.md): Requires virtual-networks::modify permission.

### List a network zone's DNS records

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/dns-record/listnetworkdnsrecords.md): Requires virtual-networks::read permission.

### Create a DNS record

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/dns-record/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record/post.md): Requires virtual-networks::modify permission.

### Delete a DNS record

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/dns-record/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS record

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/dns-record/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/put.md): Requires virtual-networks::modify permission.

### List a network's groups

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/network-group/listnetworkgroups.md): Requires virtual-networks::read permission.

### Create a network group

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group/post.md): Requires virtual-networks::modify permission.

### Delete a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network's group memberships

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/network-group/getnetworkgroup.md): Requires virtual-networks::read permission.

### Update a network group

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network object from a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Add a network object to a network group (represented by a network group membership

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/post.md): Requires virtual-networks::modify permission.

### List a network's objects

 - [GET /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/network-object/listnetworkobjects.md): Requires virtual-networks::read permission.

### Create a network object

 - [POST /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/network-object/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object/post.md): Requires virtual-networks::modify permission.

### Delete a network object

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/network-object/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network object

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/network-object/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/put.md): Requires virtual-networks::modify permission.

### List a network's port forwardings

 - [GET /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/port-forwarding/listnetworkportforwardings.md): Requires virtual-networks::read permission.

### Create a port forwarding

 - [POST /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/port-forwarding/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding/post.md): Requires virtual-networks::modify permission.

### Get a port forwarding

 - [DELETE /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/port-forwarding/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/delete.md): Requires virtual-networks::read permission.

### Update a port forwarding

 - [PUT /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/port-forwarding/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's routes

 - [GET /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/route/listnetworkroutes.md): Requires virtual-networks::read permission.

### Create a network route

 - [POST /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/route/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route/post.md): Requires virtual-networks::modify permission.

### Delete a network route

 - [DELETE /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/route/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network route

 - [PUT /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/route/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's auth groups

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/auth-group/listnetworkauthgroups.md): Requires virtual-networks::read permission.

### Create a network auth group

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group/post.md): Requires virtual-networks::modify permission.

### Delete a network auth group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network auth group's members

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/auth-group/getnetworkauthgroup.md): Requires virtual-networks::read permission.

### Add a network auth group member

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/post.md): Requires virtual-networks::modify permission.

### Update a network auth group

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network auth group member

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a membership

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/put.md): Requires virtual-networks::modify permission.

## Access Policy

Access policies within virtual networks controlling which nodes and groups can communicate. Requires `virtual-networks::read` to view, `virtual-networks::modify` to manage.


### List a virtual network's access policies

 - [GET /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/domain/listnetworkaccesspolicies.md): Requires virtual-networks::read permission.

### Create a network access policy

 - [POST /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy/post.md): Requires virtual-networks::modify permission.

### Delete a network access policy

 - [DELETE /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network access policy

 - [PUT /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/put.md): Requires virtual-networks::modify permission.

### List a virtual network's access policies

 - [GET /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/virtual-networks/listnetworkaccesspolicies.md): Requires virtual-networks::read permission.

### Create a network access policy

 - [POST /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy/post.md): Requires virtual-networks::modify permission.

### Delete a network access policy

 - [DELETE /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network access policy

 - [PUT /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/put.md): Requires virtual-networks::modify permission.

### List a virtual network's access policies

 - [GET /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/access-policy/listnetworkaccesspolicies.md): Requires virtual-networks::read permission.

### Create a network access policy

 - [POST /v2/domain/{domainName}/network/{networkName}/access-policy](https://apidocs.trustgrid.io/access-policy/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy/post.md): Requires virtual-networks::modify permission.

### Delete a network access policy

 - [DELETE /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/access-policy/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network access policy

 - [PUT /v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}](https://apidocs.trustgrid.io/access-policy/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1access-policy~1%7Baccesspolicyid%7D/put.md): Requires virtual-networks::modify permission.

## Auth Group

Authentication groups that map identity provider groups to Trustgrid access groups, controlling ZTNA application access. Requires `virtual-networks::read` to view, `virtual-networks::modify` to manage.


### List a network's auth groups

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/domain/listnetworkauthgroups.md): Requires virtual-networks::read permission.

### Create a network auth group

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group/post.md): Requires virtual-networks::modify permission.

### Delete a network auth group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network auth group's members

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/domain/getnetworkauthgroup.md): Requires virtual-networks::read permission.

### Add a network auth group member

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/post.md): Requires virtual-networks::modify permission.

### Update a network auth group

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network auth group member

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a membership

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's auth groups

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/virtual-networks/listnetworkauthgroups.md): Requires virtual-networks::read permission.

### Create a network auth group

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group/post.md): Requires virtual-networks::modify permission.

### Delete a network auth group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network auth group's members

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/getnetworkauthgroup.md): Requires virtual-networks::read permission.

### Add a network auth group member

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/post.md): Requires virtual-networks::modify permission.

### Update a network auth group

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network auth group member

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a membership

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's auth groups

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/auth-group/listnetworkauthgroups.md): Requires virtual-networks::read permission.

### Create a network auth group

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group/post.md): Requires virtual-networks::modify permission.

### Delete a network auth group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network auth group's members

 - [GET /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/auth-group/getnetworkauthgroup.md): Requires virtual-networks::read permission.

### Add a network auth group member

 - [POST /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/post.md): Requires virtual-networks::modify permission.

### Update a network auth group

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network auth group member

 - [DELETE /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a membership

 - [PUT /v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}](https://apidocs.trustgrid.io/auth-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1auth-group~1%7Bgroupname%7D~1%7Bmemberid%7D/put.md): Requires virtual-networks::modify permission.

## Change Management

Tracked network configuration changes with approval workflows. Requires `virtual-networks::read` to view changes, `virtual-networks::modify` to stage and commit changes.


### List staged changes awaiting commit

 - [GET /v2/domain/{domainName}/network/{networkName}/change](https://apidocs.trustgrid.io/domain/listnetworkchanges.md): Returns staged (uncommitted) changes to the virtual network. Changes are staged before being committed via the change/commit endpoint. Requires virtual-networks::read permission.

### Commit staged changes

 - [POST /v2/domain/{domainName}/network/{networkName}/change/commit](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1commit/post.md): Requires virtual-networks::modify permission.

### List validation errors for staged changes

 - [GET /v2/domain/{domainName}/network/{networkName}/change/validate](https://apidocs.trustgrid.io/domain/validatenetworkchanges.md): Requires virtual-networks::read permission.

### Revert a staged change. If the item is newly added and not committed, the item will be deleted along with any associated changes.

 - [DELETE /v2/domain/{domainName}/network/{networkName}/change/{changeID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1%7Bchangeid%7D/delete.md): Requires virtual-networks::modify permission.

### List staged changes awaiting commit

 - [GET /v2/domain/{domainName}/network/{networkName}/change](https://apidocs.trustgrid.io/virtual-networks/listnetworkchanges.md): Returns staged (uncommitted) changes to the virtual network. Changes are staged before being committed via the change/commit endpoint. Requires virtual-networks::read permission.

### Commit staged changes

 - [POST /v2/domain/{domainName}/network/{networkName}/change/commit](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1commit/post.md): Requires virtual-networks::modify permission.

### List validation errors for staged changes

 - [GET /v2/domain/{domainName}/network/{networkName}/change/validate](https://apidocs.trustgrid.io/virtual-networks/validatenetworkchanges.md): Requires virtual-networks::read permission.

### Revert a staged change. If the item is newly added and not committed, the item will be deleted along with any associated changes.

 - [DELETE /v2/domain/{domainName}/network/{networkName}/change/{changeID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1%7Bchangeid%7D/delete.md): Requires virtual-networks::modify permission.

### List staged changes awaiting commit

 - [GET /v2/domain/{domainName}/network/{networkName}/change](https://apidocs.trustgrid.io/change-management/listnetworkchanges.md): Returns staged (uncommitted) changes to the virtual network. Changes are staged before being committed via the change/commit endpoint. Requires virtual-networks::read permission.

### Commit staged changes

 - [POST /v2/domain/{domainName}/network/{networkName}/change/commit](https://apidocs.trustgrid.io/change-management/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1commit/post.md): Requires virtual-networks::modify permission.

### List validation errors for staged changes

 - [GET /v2/domain/{domainName}/network/{networkName}/change/validate](https://apidocs.trustgrid.io/change-management/validatenetworkchanges.md): Requires virtual-networks::read permission.

### Revert a staged change. If the item is newly added and not committed, the item will be deleted along with any associated changes.

 - [DELETE /v2/domain/{domainName}/network/{networkName}/change/{changeID}](https://apidocs.trustgrid.io/change-management/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1change~1%7Bchangeid%7D/delete.md): Requires virtual-networks::modify permission.

## DNS

DNS configuration within virtual networks, including zone and record management for resolving names across the overlay network. Requires `virtual-networks::read` to view, `virtual-networks::modify` to manage.


### Get a network's DNS configuration

 - [GET /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/domain/getnetworkdns.md): Requires virtual-networks::read permission.

### Update a network's DNS configuration

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns/put.md): Requires virtual-networks::modify permission.

### Get a network's DNS configuration

 - [GET /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/virtual-networks/getnetworkdns.md): Requires virtual-networks::read permission.

### Update a network's DNS configuration

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns/put.md): Requires virtual-networks::modify permission.

### Get a network's DNS configuration

 - [GET /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/dns/getnetworkdns.md): Requires virtual-networks::read permission.

### Update a network's DNS configuration

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns](https://apidocs.trustgrid.io/dns/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns/put.md): Requires virtual-networks::modify permission.

## DNS Zone

DNS zones hosted within a virtual network, used to resolve internal hostnames for nodes and services. Requires `virtual-networks::read` to view, `virtual-networks::modify` to manage.


### List a network's DNS zones

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/domain/listnetworkdnszones.md): Requires virtual-networks::read permission.

### Create a DNS zone

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone/post.md): Requires virtual-networks::modify permission.

### Delete a DNS zone

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS zone

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/put.md): Requires virtual-networks::modify permission.

### List a network's DNS zones

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/virtual-networks/listnetworkdnszones.md): Requires virtual-networks::read permission.

### Create a DNS zone

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone/post.md): Requires virtual-networks::modify permission.

### Delete a DNS zone

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS zone

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/put.md): Requires virtual-networks::modify permission.

### List a network's DNS zones

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/dns-zone/listnetworkdnszones.md): Requires virtual-networks::read permission.

### Create a DNS zone

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone](https://apidocs.trustgrid.io/dns-zone/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone/post.md): Requires virtual-networks::modify permission.

### Delete a DNS zone

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/dns-zone/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS zone

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}](https://apidocs.trustgrid.io/dns-zone/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D/put.md): Requires virtual-networks::modify permission.

## DNS Record

Individual DNS A/CNAME records within a virtual network DNS zone. Requires `virtual-networks::read` to view, `virtual-networks::modify` to manage.


### List a network zone's DNS records

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/domain/listnetworkdnsrecords.md): Requires virtual-networks::read permission.

### Create a DNS record

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record/post.md): Requires virtual-networks::modify permission.

### Delete a DNS record

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS record

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/put.md): Requires virtual-networks::modify permission.

### List a network zone's DNS records

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/virtual-networks/listnetworkdnsrecords.md): Requires virtual-networks::read permission.

### Create a DNS record

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record/post.md): Requires virtual-networks::modify permission.

### Delete a DNS record

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS record

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/put.md): Requires virtual-networks::modify permission.

### List a network zone's DNS records

 - [GET /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/dns-record/listnetworkdnsrecords.md): Requires virtual-networks::read permission.

### Create a DNS record

 - [POST /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record](https://apidocs.trustgrid.io/dns-record/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record/post.md): Requires virtual-networks::modify permission.

### Delete a DNS record

 - [DELETE /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/dns-record/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/delete.md): Requires virtual-networks::modify permission.

### Update a DNS record

 - [PUT /v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}](https://apidocs.trustgrid.io/dns-record/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1dns-zone~1%7Bzonename%7D~1dns-record~1%7Brecordname%7D~1%7Brecordtype%7D/put.md): Requires virtual-networks::modify permission.

## Network Group

Named collections of network objects for use in access policies. Requires `virtual-networks::read` to view, `virtual-networks::modify` to manage.


### List a network's groups

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/domain/listnetworkgroups.md): Requires virtual-networks::read permission.

### Create a network group

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group/post.md): Requires virtual-networks::modify permission.

### Delete a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network's group memberships

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/domain/getnetworkgroup.md): Requires virtual-networks::read permission.

### Update a network group

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network object from a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Add a network object to a network group (represented by a network group membership

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/post.md): Requires virtual-networks::modify permission.

### List a network's groups

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/virtual-networks/listnetworkgroups.md): Requires virtual-networks::read permission.

### Create a network group

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group/post.md): Requires virtual-networks::modify permission.

### Delete a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network's group memberships

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/getnetworkgroup.md): Requires virtual-networks::read permission.

### Update a network group

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network object from a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Add a network object to a network group (represented by a network group membership

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/post.md): Requires virtual-networks::modify permission.

### List a network's groups

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/network-group/listnetworkgroups.md): Requires virtual-networks::read permission.

### Create a network group

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group/post.md): Requires virtual-networks::modify permission.

### Delete a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/delete.md): Requires virtual-networks::modify permission.

### List a network's group memberships

 - [GET /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/network-group/getnetworkgroup.md): Requires virtual-networks::read permission.

### Update a network group

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D/put.md): Requires virtual-networks::modify permission.

### Remove a network object from a network group

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Add a network object to a network group (represented by a network group membership

 - [POST /v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}](https://apidocs.trustgrid.io/network-group/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-group~1%7Bgroupname%7D~1%7Bobjectname%7D/post.md): Requires virtual-networks::modify permission.

## Network Object

Network objects (subnets, hosts, ranges) used as reusable references in access policies and routes. Requires `virtual-networks::read` to view, `virtual-networks::modify` to manage.


### List a network's objects

 - [GET /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/domain/listnetworkobjects.md): Requires virtual-networks::read permission.

### Create a network object

 - [POST /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object/post.md): Requires virtual-networks::modify permission.

### Delete a network object

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network object

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/put.md): Requires virtual-networks::modify permission.

### List a network's objects

 - [GET /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/virtual-networks/listnetworkobjects.md): Requires virtual-networks::read permission.

### Create a network object

 - [POST /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object/post.md): Requires virtual-networks::modify permission.

### Delete a network object

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network object

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/put.md): Requires virtual-networks::modify permission.

### List a network's objects

 - [GET /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/network-object/listnetworkobjects.md): Requires virtual-networks::read permission.

### Create a network object

 - [POST /v2/domain/{domainName}/network/{networkName}/network-object](https://apidocs.trustgrid.io/network-object/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object/post.md): Requires virtual-networks::modify permission.

### Delete a network object

 - [DELETE /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/network-object/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network object

 - [PUT /v2/domain/{domainName}/network/{networkName}/network-object/{objectName}](https://apidocs.trustgrid.io/network-object/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1network-object~1%7Bobjectname%7D/put.md): Requires virtual-networks::modify permission.

## Port Forwarding

Port forwarding rules that expose node services through the virtual network to other nodes. Requires `virtual-networks::read` to view, `virtual-networks::modify` to manage.


### List a network's port forwardings

 - [GET /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/domain/listnetworkportforwardings.md): Requires virtual-networks::read permission.

### Create a port forwarding

 - [POST /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding/post.md): Requires virtual-networks::modify permission.

### Get a port forwarding

 - [DELETE /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/delete.md): Requires virtual-networks::read permission.

### Update a port forwarding

 - [PUT /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's port forwardings

 - [GET /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/virtual-networks/listnetworkportforwardings.md): Requires virtual-networks::read permission.

### Create a port forwarding

 - [POST /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding/post.md): Requires virtual-networks::modify permission.

### Get a port forwarding

 - [DELETE /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/delete.md): Requires virtual-networks::read permission.

### Update a port forwarding

 - [PUT /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's port forwardings

 - [GET /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/port-forwarding/listnetworkportforwardings.md): Requires virtual-networks::read permission.

### Create a port forwarding

 - [POST /v2/domain/{domainName}/network/{networkName}/port-forwarding](https://apidocs.trustgrid.io/port-forwarding/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding/post.md): Requires virtual-networks::modify permission.

### Get a port forwarding

 - [DELETE /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/port-forwarding/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/delete.md): Requires virtual-networks::read permission.

### Update a port forwarding

 - [PUT /v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}](https://apidocs.trustgrid.io/port-forwarding/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1port-forwarding~1%7Bportforwardingid%7D/put.md): Requires virtual-networks::modify permission.

## Route

Static routes within a virtual network directing traffic between nodes and subnets. Requires `virtual-networks::read` to view, `virtual-networks::modify` to manage.


### List a network's routes

 - [GET /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/domain/listnetworkroutes.md): Requires virtual-networks::read permission.

### Create a network route

 - [POST /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route/post.md): Requires virtual-networks::modify permission.

### Delete a network route

 - [DELETE /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network route

 - [PUT /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/domain/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's routes

 - [GET /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/virtual-networks/listnetworkroutes.md): Requires virtual-networks::read permission.

### Create a network route

 - [POST /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route/post.md): Requires virtual-networks::modify permission.

### Delete a network route

 - [DELETE /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network route

 - [PUT /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/virtual-networks/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/put.md): Requires virtual-networks::modify permission.

### List a network's routes

 - [GET /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/route/listnetworkroutes.md): Requires virtual-networks::read permission.

### Create a network route

 - [POST /v2/domain/{domainName}/network/{networkName}/route](https://apidocs.trustgrid.io/route/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route/post.md): Requires virtual-networks::modify permission.

### Delete a network route

 - [DELETE /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/route/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/delete.md): Requires virtual-networks::modify permission.

### Update a network route

 - [PUT /v2/domain/{domainName}/network/{networkName}/route/{routeID}](https://apidocs.trustgrid.io/route/paths/~1v2~1domain~1%7Bdomainname%7D~1network~1%7Bnetworkname%7D~1route~1%7Brouteid%7D/put.md): Requires virtual-networks::modify permission.

## Cluster

[Clusters](https://docs.trustgrid.io/docs/clusters/) group nodes for high availability and shared configuration. Changes applied to a cluster propagate to all member nodes. Requires `nodes::read` permission.


### Retrieve all high-availability node clusters in the organization

 - [GET /cluster](https://apidocs.trustgrid.io/cluster/listclusters.md)

### Create a new high-availability cluster for grouping nodes

 - [POST /cluster](https://apidocs.trustgrid.io/cluster/paths/~1cluster/post.md)

### Permanently remove a cluster and all its configurations

 - [DELETE /cluster/{clusterFQDN}](https://apidocs.trustgrid.io/cluster/paths/~1cluster~1%7Bclusterfqdn%7D/delete.md)

### Retrieve detailed configuration and status of a specific cluster

 - [GET /cluster/{clusterFQDN}](https://apidocs.trustgrid.io/cluster/getcluster.md)

### Modify cluster configuration and failover settings

 - [PUT /cluster/{clusterFQDN}](https://apidocs.trustgrid.io/cluster/paths/~1cluster~1%7Bclusterfqdn%7D/put.md)

### Manually promote a specific node to be the active member in an HA cluster

 - [PUT /cluster/{clusterFQDN}/active/{nodeID}](https://apidocs.trustgrid.io/cluster/paths/~1cluster~1%7Bclusterfqdn%7D~1active~1%7Bnodeid%7D/put.md)

### Update connectors configuration for a cluster

 - [PUT /cluster/{clusterFQDN}/config/connectors](https://apidocs.trustgrid.io/cluster/paths/~1cluster~1%7Bclusterfqdn%7D~1config~1connectors/put.md): Requires node::configure::connectors permissions

### Delete the connector config for a cluster

 - [DELETE /cluster/{clusterFQDN}/config/connectors](https://apidocs.trustgrid.io/cluster/paths/~1cluster~1%7Bclusterfqdn%7D~1config~1connectors/delete.md): Requires node::configure::connectors permissions

### Add a connector to a cluster. Requires V2 connector config.

 - [POST /v2/cluster/{clusterFQDN}/config/connectors](https://apidocs.trustgrid.io/cluster/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1config~1connectors/post.md): Requires node::configure::connectors permissions

### Upgrade a cluster's connector config to V2.

 - [POST /v2/cluster/{clusterFQDN}/config/connectors/upgrade](https://apidocs.trustgrid.io/cluster/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1config~1connectors~1upgrade/post.md): Requires node::configure::connectors permissions

### Update a connector on a cluster

 - [PUT /v2/cluster/{clusterFQDN}/config/connectors/{connectorID}](https://apidocs.trustgrid.io/cluster/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1config~1connectors~1%7Bconnectorid%7D/put.md): Requires V2 connector config.

---

Requires node::configure::connectors permissions

### Delete a connector from a cluster. Requires V2 connector config.

 - [DELETE /v2/cluster/{clusterFQDN}/config/connectors/{connectorID}](https://apidocs.trustgrid.io/cluster/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1config~1connectors~1%7Bconnectorid%7D/delete.md): Requires node::configure::connectors permissions

### Update network configuration for a cluster

 - [PUT /cluster/{clusterFQDN}/config/network](https://apidocs.trustgrid.io/cluster/paths/~1cluster~1%7Bclusterfqdn%7D~1config~1network/put.md): Requires node::configure:network permissions

### Update services configuration for a cluster.

 - [PUT /cluster/{clusterFQDN}/config/services](https://apidocs.trustgrid.io/cluster/paths/~1cluster~1%7Bclusterfqdn%7D~1config~1services/put.md): Requires nodes::configure::services permissions.

### Remove a cluster's services configuration.

 - [DELETE /cluster/{clusterFQDN}/config/services](https://apidocs.trustgrid.io/cluster/paths/~1cluster~1%7Bclusterfqdn%7D~1config~1services/delete.md): Requires nodes::configure::services permissions.

### Add a service to a cluster. Requires V2 services config.

 - [POST /v2/cluster/{clusterFQDN}/config/services](https://apidocs.trustgrid.io/cluster/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1config~1services/post.md): Requires node::configure::services permissions

### Upgrade a cluster's services config to V2.

 - [POST /v2/cluster/{clusterFQDN}/config/services/upgrade](https://apidocs.trustgrid.io/cluster/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1config~1services~1upgrade/post.md): Requires node::configure::services permissions

### Update a service on a cluster.

 - [PUT /v2/cluster/{clusterFQDN}/config/services/{serviceID}](https://apidocs.trustgrid.io/cluster/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1config~1services~1%7Bserviceid%7D/put.md): Requires V2 services config.

---

Requires node::configure::services permissions

### Delete a service from a cluster

 - [DELETE /v2/cluster/{clusterFQDN}/config/services/{serviceID}](https://apidocs.trustgrid.io/cluster/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1config~1services~1%7Bserviceid%7D/delete.md): Requires V2 services config.

---

Requires node::configure::services permissions

### Delete a tag from a cluster

 - [DELETE /cluster/{clusterFQDN}/tag/{tagName}](https://apidocs.trustgrid.io/cluster/paths/~1cluster~1%7Bclusterfqdn%7D~1tag~1%7Btagname%7D/delete.md)

### Set a tag on a cluster

 - [PUT /cluster/{clusterFQDN}/tag/{tagName}](https://apidocs.trustgrid.io/cluster/paths/~1cluster~1%7Bclusterfqdn%7D~1tag~1%7Btagname%7D/put.md)

## VPN

Per-cluster attachment to virtual networks. Configure which virtual networks a cluster participates in and its VPN interface settings. Requires `node-vpn::read` permission.


### List all VPN networks attached to a cluster, including IP assignments and routing

 - [GET /v2/cluster/{clusterFQDN}/vpn](https://apidocs.trustgrid.io/cluster-greater-vpn/listclustervpnnetworks.md)

### Attach a VPN network

 - [POST /v2/cluster/{clusterFQDN}/vpn](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn/post.md)

### Delete a VPN network

 - [DELETE /v2/cluster/{clusterFQDN}/vpn/{networkName}](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D/delete.md)

### Get full details of a VPN network on a cluster, including routes, services, interfaces, and DNS

 - [GET /v2/cluster/{clusterFQDN}/vpn/{networkName}](https://apidocs.trustgrid.io/cluster-greater-vpn/getclustervpnnetwork.md)

### Update a VPN network

 - [PUT /v2/cluster/{clusterFQDN}/vpn/{networkName}](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D/put.md)

### Delete a VPN DNS configuration

 - [DELETE /v2/cluster/{clusterFQDN}/vpn/{networkName}/dns](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1dns/delete.md)

### Get a VPN DNS configuration

 - [GET /v2/cluster/{clusterFQDN}/vpn/{networkName}/dns](https://apidocs.trustgrid.io/cluster-greater-vpn/getclustervpndns.md)

### Create a VPN DNS configuration

 - [POST /v2/cluster/{clusterFQDN}/vpn/{networkName}/dns](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1dns/post.md)

### Update a VPN DNS configuration

 - [PUT /v2/cluster/{clusterFQDN}/vpn/{networkName}/dns](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1dns/put.md)

### Get a VPN's dynamic export routes

 - [GET /v2/cluster/{clusterFQDN}/vpn/{networkName}/dynamic/export-route](https://apidocs.trustgrid.io/cluster-greater-vpn/listclustervpnexportroutes.md)

### Create a VPN export route

 - [POST /v2/cluster/{clusterFQDN}/vpn/{networkName}/dynamic/export-route](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1dynamic~1export-route/post.md)

### Delete a VPN export route

 - [DELETE /v2/cluster/{clusterFQDN}/vpn/{networkName}/dynamic/export-route/{uid}](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1dynamic~1export-route~1%7Buid%7D/delete.md)

### Update a VPN export route

 - [PUT /v2/cluster/{clusterFQDN}/vpn/{networkName}/dynamic/export-route/{uid}](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1dynamic~1export-route~1%7Buid%7D/put.md)

### Get a VPN's dynamic import routes

 - [GET /v2/cluster/{clusterFQDN}/vpn/{networkName}/dynamic/import-route](https://apidocs.trustgrid.io/cluster-greater-vpn/listclustervpnimportroutes.md)

### Create a VPN import route

 - [POST /v2/cluster/{clusterFQDN}/vpn/{networkName}/dynamic/import-route](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1dynamic~1import-route/post.md)

### Delete a VPN import route

 - [DELETE /v2/cluster/{clusterFQDN}/vpn/{networkName}/dynamic/import-route/{uid}](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1dynamic~1import-route~1%7Buid%7D/delete.md)

### Update a VPN import route

 - [PUT /v2/cluster/{clusterFQDN}/vpn/{networkName}/dynamic/import-route/{uid}](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1dynamic~1import-route~1%7Buid%7D/put.md)

### Get a VPN's interfaces

 - [GET /v2/cluster/{clusterFQDN}/vpn/{networkName}/interface](https://apidocs.trustgrid.io/cluster-greater-vpn/listclustervpninterfaces.md): Get the list of interfaces attached to a VPN network on a cluster. Note: NATs within a VPN interface can share the same source and destination CIDRs provided they are differentiated by route metric. This is intentional and not a configuration error.

### Create a VPN interface

 - [POST /v2/cluster/{clusterFQDN}/vpn/{networkName}/interface](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1interface/post.md): inDefaultRoute and outDefaultRoute are mutually exclusive — set at most one to true.

Inside NATs (insideNats) rewrite traffic arriving from the VPN before it enters the local network.
Outside NATs (outsideNats) rewrite traffic leaving the local network before it enters the VPN.

After creating or updating a VPN interface, push the cluster config for the change to take effect.

### Delete a VPN interface

 - [DELETE /v2/cluster/{clusterFQDN}/vpn/{networkName}/interface/{interfaceName}](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1interface~1%7Binterfacename%7D/delete.md)

### Update a VPN interface

 - [PUT /v2/cluster/{clusterFQDN}/vpn/{networkName}/interface/{interfaceName}](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1interface~1%7Binterfacename%7D/put.md): inDefaultRoute and outDefaultRoute are mutually exclusive — set at most one to true.

Inside NATs (insideNats) rewrite traffic arriving from the VPN before it enters the local network.
Outside NATs (outsideNats) rewrite traffic leaving the local network before it enters the VPN.

After creating or updating a VPN interface, push the cluster config for the change to take effect.

### Get a VPN's routes

 - [GET /v2/cluster/{clusterFQDN}/vpn/{networkName}/route](https://apidocs.trustgrid.io/cluster-greater-vpn/listclustervpnroutes.md)

### Create a VPN route

 - [POST /v2/cluster/{clusterFQDN}/vpn/{networkName}/route](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1route/post.md)

### Delete a VPN route

 - [DELETE /v2/cluster/{clusterFQDN}/vpn/{networkName}/route/{uid}](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1route~1%7Buid%7D/delete.md)

### Update a VPN route

 - [PUT /v2/cluster/{clusterFQDN}/vpn/{networkName}/route/{uid}](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1route~1%7Buid%7D/put.md)

### Get a VPN's services

 - [GET /v2/cluster/{clusterFQDN}/vpn/{networkName}/service](https://apidocs.trustgrid.io/cluster-greater-vpn/listclustervpnservices.md)

### Create a VPN Service

 - [POST /v2/cluster/{clusterFQDN}/vpn/{networkName}/service](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1service/post.md)

### Delete a Service

 - [DELETE /v2/cluster/{clusterFQDN}/vpn/{networkName}/service/{uid}](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1service~1%7Buid%7D/delete.md)

### Update a Service

 - [PUT /v2/cluster/{clusterFQDN}/vpn/{networkName}/service/{uid}](https://apidocs.trustgrid.io/cluster-greater-vpn/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1vpn~1%7Bnetworkname%7D~1service~1%7Buid%7D/put.md)

## Compute

[Cluster edge compute](https://docs.trustgrid.io/docs/nodes/appliances/containers/) — Docker container workloads deployed across cluster nodes. Requires `node-exec::read` permission. Requires `exec` feature flag.


### Retrieve all edge computing containers running on a cluster

 - [GET /v2/cluster/{clusterFQDN}/exec/container](https://apidocs.trustgrid.io/cluster-greater-compute/listclustercontainers.md): Requires node-exec::read permission.

### Deploy a new containerized application to run on the cluster

 - [POST /v2/cluster/{clusterFQDN}/exec/container](https://apidocs.trustgrid.io/cluster-greater-compute/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1exec~1container/post.md): Requires node-exec::modify permission.

### Remove a containerized application from the cluster and stop execution

 - [DELETE /v2/cluster/{clusterFQDN}/exec/container/{containerID}](https://apidocs.trustgrid.io/cluster-greater-compute/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1exec~1container~1%7Bcontainerid%7D/delete.md): Requires node-exec::modify permission.

### Get edge compute container configuration on a cluster

 - [GET /v2/cluster/{clusterFQDN}/exec/container/{containerID}](https://apidocs.trustgrid.io/cluster-greater-compute/getclustercontainer.md): Requires node-exec::read permission.

### Update a container

 - [PUT /v2/cluster/{clusterFQDN}/exec/container/{containerID}](https://apidocs.trustgrid.io/cluster-greater-compute/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1exec~1container~1%7Bcontainerid%7D/put.md): Requires node-exec::modify permission.

### Retrieve security capabilities and permissions for a container

 - [GET /v2/cluster/{clusterFQDN}/exec/container/{containerID}/capability](https://apidocs.trustgrid.io/cluster-greater-compute/getclustercontainercapabilities.md): Requires node-exec::read permission.

### Update container config

 - [PUT /v2/cluster/{clusterFQDN}/exec/container/{containerID}/config](https://apidocs.trustgrid.io/cluster-greater-compute/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1exec~1container~1%7Bcontainerid%7D~1config/put.md): Requires node-exec::modify permission.

### Get container health check

 - [GET /v2/cluster/{clusterFQDN}/exec/container/{containerID}/healthcheck](https://apidocs.trustgrid.io/cluster-greater-compute/getclustercontainerhealthcheck.md): Requires node-exec::read permission.

### List container interfaces

 - [GET /v2/cluster/{clusterFQDN}/exec/container/{containerID}/interface](https://apidocs.trustgrid.io/cluster-greater-compute/listclustercontainerinterfaces.md): Requires node-exec::read permission.

### List container limits

 - [GET /v2/cluster/{clusterFQDN}/exec/container/{containerID}/limit](https://apidocs.trustgrid.io/cluster-greater-compute/listclustercontainerlimits.md): Requires node-exec::read permission.

### Get container logging configuration

 - [GET /v2/cluster/{clusterFQDN}/exec/container/{containerID}/logging](https://apidocs.trustgrid.io/cluster-greater-compute/getclustercontainerlogging.md): Requires node-exec::read permission.

### List container mounts

 - [GET /v2/cluster/{clusterFQDN}/exec/container/{containerID}/mount](https://apidocs.trustgrid.io/cluster-greater-compute/listclustercontainermounts.md): Requires node-exec::read permission.

### List container port mappings

 - [GET /v2/cluster/{clusterFQDN}/exec/container/{containerID}/port-mapping](https://apidocs.trustgrid.io/cluster-greater-compute/listclustercontainerportmappings.md): Requires node-exec::read permission.

### List container variables

 - [GET /v2/cluster/{clusterFQDN}/exec/container/{containerID}/variable](https://apidocs.trustgrid.io/cluster-greater-compute/listclustercontainervariables.md): Requires node-exec::read permission.

### List container virtual networks

 - [GET /v2/cluster/{clusterFQDN}/exec/container/{containerID}/virtual-network](https://apidocs.trustgrid.io/cluster-greater-compute/listclustercontainervirtualnetworks.md): Requires node-exec::read permission.

### List container volumes

 - [GET /v2/cluster/{clusterFQDN}/exec/container/{containerID}/volume](https://apidocs.trustgrid.io/cluster-greater-compute/listclustercontainervolumes.md): Requires node-exec::read permission.

### Get container VRF

 - [GET /v2/cluster/{clusterFQDN}/exec/container/{containerID}/vrf](https://apidocs.trustgrid.io/cluster-greater-compute/getclustercontainervrf.md): Requires node-exec::read permission.

### List volumes

 - [GET /v2/cluster/{clusterFQDN}/exec/volume](https://apidocs.trustgrid.io/cluster-greater-compute/listclustervolumes.md): Requires node-exec::read permission.

### Create volume

 - [POST /v2/cluster/{clusterFQDN}/exec/volume](https://apidocs.trustgrid.io/cluster-greater-compute/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1exec~1volume/post.md): Requires node-exec::modify permission.

### Delete a volume

 - [DELETE /v2/cluster/{clusterFQDN}/exec/volume/{volumeName}](https://apidocs.trustgrid.io/cluster-greater-compute/paths/~1v2~1cluster~1%7Bclusterfqdn%7D~1exec~1volume~1%7Bvolumename%7D/delete.md): Requires node-exec::modify permission.

## Appliance

[Appliances](https://docs.trustgrid.io/docs/nodes/appliances/) are physical or virtual machine Trustgrid nodes providing full network, VPN, edge compute, and monitoring capabilities. Requires `nodes::read` permission.


### Retrieve all network nodes including appliances and agents with filtering options

 - [GET /node](https://apidocs.trustgrid.io/appliance/listnodes.md): List both appliances and agents. The fields config and shadow will be empty unless
specified in the projection parameter. The query for the config or shadow must be at least
one level deep - projection0=config won't work, but projection0=config&projection0=gateway
will result in config.gateway being populated.

---

Requires nodes::read permission.

### Generate a license key for registering a new node to the organization

 - [GET /node/license](https://apidocs.trustgrid.io/appliance/getnodelicense.md)

### Retrieve a node by its fully-qualified domain name

 - [GET /node/by-fqdn/{fqdn}](https://apidocs.trustgrid.io/appliance/getnodebyfqdn.md): Get a node using its FQDN directly, as an alternative to looking up the nodeID first.

---

Requires nodes::read permission on the node.

### Permanently remove a node from the organization and revoke access

 - [DELETE /node/{nodeID}](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D/delete.md): Delete a node (appliance or agent)

---

Requires nodes::delete permission.

### Retrieve detailed configuration and status information for a specific node

 - [GET /node/{nodeID}](https://apidocs.trustgrid.io/appliance/getnode.md): Get a node (appliance or agent)

---

Requires nodes::read permission.

### Modify node settings including cluster assignment and operational state

 - [PUT /node/{nodeID}](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D/put.md): Update a node (appliance or agent)

---

Requires nodes::manage permission.

### Configure alert thresholds and notification settings for a specific appliance

 - [PUT /node/{nodeID}/config/alert](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1config~1alert/put.md): Applicable to appliances only.

### Configure high-availability cluster settings for a specific appliance

 - [PUT /node/{nodeID}/config/cluster](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1config~1cluster/put.md): Applicable to appliances only.

### Configure inbound network connectors for external access to node services

 - [PUT /node/{nodeID}/config/connectors](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1config~1connectors/put.md)

### Remove all connector configurations from a node

 - [DELETE /node/{nodeID}/config/connectors](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1config~1connectors/delete.md)

### Create a new inbound connector to expose services running on the node

 - [POST /v2/node/{nodeID}/config/connectors](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors/post.md): Requires node::configure::connectors permissions

### Migrate a node's connector configuration to the latest V2 format

 - [POST /v2/node/{nodeID}/config/connectors/upgrade](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors~1upgrade/post.md): Requires node::configure::connectors permissions

### Modify settings for an existing connector on a node

 - [PUT /v2/node/{nodeID}/config/connectors/{connectorID}](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors~1%7Bconnectorid%7D/put.md): Applies to appliances and agents. Requires V2 connector config.
---
Requires node::configure::connectors permissions

### Remove a specific connector configuration from a node

 - [DELETE /v2/node/{nodeID}/config/connectors/{connectorID}](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors~1%7Bconnectorid%7D/delete.md): Delete a connector from a node (appliance or agent). Requires V2 connector config.

---

Requires node::configure::connectors permissions

### Configure network interfaces, routing, and firewall rules for an appliance

 - [PUT /node/{nodeID}/config/network](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1config~1network/put.md): Update network configuration for a node (appliance)

---

Requires node::configure:network permissions

### Configure outbound services for external connections from the node

 - [PUT /node/{nodeID}/config/services](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1config~1services/put.md): Update services configuration for a node (appliance or agent)

---

Note: request body will be validated by JSON schema of the plugin

### Create a new outbound service connection for external resource access

 - [POST /v2/node/{nodeID}/config/services](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services/post.md): Requires node::configure::services permissions

### Migrate a node's service configuration to the latest V2 format

 - [POST /v2/node/{nodeID}/config/services/upgrade](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services~1upgrade/post.md): Requires node::configure::services permissions

### Modify settings for an existing service connection on a node

 - [PUT /v2/node/{nodeID}/config/services/{serviceID}](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services~1%7Bserviceid%7D/put.md): Update a service on a node. Requires V2 services config.

---

Requires node::configure::services permissions

### Remove a specific service configuration from a node

 - [DELETE /v2/node/{nodeID}/config/services/{serviceID}](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services~1%7Bserviceid%7D/delete.md): Delete a service from a node. Requires V2 services config.

---

Requires node::configure::services permissions

### Configure Zero Trust Network Access gateway settings for secure remote access

 - [PUT /node/{nodeID}/config/ztnagw](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1config~1ztnagw/put.md): Update ZTNA gateway configuration for a node (appliance)

Note that this endpoint used to be apigw. The config section is still named apigw.
---

"WireGuard" is a registered trademark of Jason A. Donenfeld.

Requires node::configure::apigw permissions

### Remove ZTNA gateway configuration and disable secure remote access

 - [DELETE /node/{nodeID}/config/ztnagw](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1config~1ztnagw/delete.md): Delete the ZTNA gateway configuration for a node (appliance)

---

Requires node::configure::apigw permissions

### Configure node as a network gateway for routing traffic between networks

 - [PUT /node/{nodeID}/config/gateway](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1config~1gateway/put.md): Update gateway configuration

Use host (not ip) for the gateway hostname.

---

Requires nodes::configure:gateway permission.

### Configure SNMP monitoring settings for network management integration

 - [PUT /node/{nodeID}/snmp](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1snmp/put.md): Update SNMP configuration

---

Requires nodes::configure:snmp permission.

### Remove a metadata tag from a node for organizational categorization

 - [DELETE /node/{nodeID}/tag/{tagName}](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1tag~1%7Btagname%7D/delete.md)

### Add or update a metadata tag on a node for organizational categorization

 - [PUT /node/{nodeID}/tag/{tagName}](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1tag~1%7Btagname%7D/put.md)

### Execute a remote operation or command on a specific node

 - [POST /node/{nodeID}/trigger/{event}](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1trigger~1%7Bevent%7D/post.md): Sends an event to the node and optionally waits for its response.

Common event values:
- node-restart-service — restart the Trustgrid node service (requires nodes::service:node-restart-service)
- node-reboot — reboot the host OS (requires nodes::service:node-reboot)
- node-upgrade — upgrade node software (requires nodes::service:node-upgrade)
- gateway-routes — fetch current gateway routes (requires nodes::service:gateway-routes)
- vpn-routes — fetch virtual network routing table (requires nodes::service:vpn-routes)
- vpn-nats — fetch virtual network NAT table (requires nodes::service:vpn-nats)
- tg-ping — run a ping via the Trustgrid overlay (requires nodes::service:tg-ping)
- tg-traceroute — run a traceroute via the overlay (requires nodes::service:tg-traceroute)
- tg-net-ping — ping through the virtual network (requires nodes::service:tg-net-ping)
- speed-test — measure internet bandwidth (requires nodes::service:speed-test)
- flows — manage active network flows (requires nodes::service:flows)
- bgp — interact with the BGP server (requires nodes::service:bgp)
- ipsec-restart — restart the IPSec service (requires nodes::service:ipsec-restart)
- ipsec-statusall — retrieve IPSec status (requires nodes::service:ipsec-statusall)

All services require either nodes::remote-execute or nodes::service:{event}
permission.

Add ?wait=1 to block until the node responds (useful for synchronous checks).

### Retrieve real-time network usage statistics and bandwidth metrics for nodes

 - [GET /stats/realtime/usage](https://apidocs.trustgrid.io/appliance/getrealtimeusage.md): Returns an array of usage data buckets for specified nodes within the specified time range and interval.

### Delete a file or directory

 - [DELETE /v2/node/{nodeID}/data-store](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1data-store/delete.md): Requires nodes::service:datastore-manager permission.

### Copy a file from an HTTP location to the data store

 - [POST /v2/node/{nodeID}/data-store/http-download](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1data-store~1http-download/post.md): Requires nodes::service:datastore-manager permission.

### Upload a file from the node to an HTTP endpoint

 - [POST /v2/node/{nodeID}/data-store/http-upload](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1data-store~1http-upload/post.md): Requires nodes::service:datastore-manager permission.

### List the data store contents

 - [GET /v2/node/{nodeID}/data-store/list](https://apidocs.trustgrid.io/appliance/listnodedatastorecontents.md): Requires nodes::service:datastore-manager permission.

### Create a directory

 - [POST /v2/node/{nodeID}/data-store/mkdir](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1data-store~1mkdir/post.md): Requires nodes::service:datastore-manager permission.

### Copy a file from S3 to the data store

 - [POST /v2/node/{nodeID}/data-store/s3-download](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1data-store~1s3-download/post.md): Requires nodes::service:datastore-manager permission.

### Upload a file from the node to an S3 bucket

 - [POST /v2/node/{nodeID}/data-store/s3-upload](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1data-store~1s3-upload/post.md): Requires nodes::service:datastore-manager permission.

### List recent data store activity

 - [GET /v2/node/{nodeID}/data-store/tasks](https://apidocs.trustgrid.io/appliance/listnodedatastoretasks.md): Requires nodes::service:datastore-manager permission.

### Get per-minute gateway RTT telemetry for a node's VPN peer connections

 - [GET /v2/node/{nodeID}/plugin-logs/gateway-details](https://apidocs.trustgrid.io/appliance/getnodegatewaydetails.md): Returns time-series RTT (round-trip time) statistics for each VPN peer
the node is connected to. Each element covers one minute bucket.
Results are only available for online appliance nodes.

---

Requires nodes::read permission.

### Update the lifecycle state of a specific node

 - [PUT /v2/node/{nodeID}/lifecycle-state](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1lifecycle-state/put.md): Update the lifecycle state for a node (appliance or agent).

---

Requires nodes::manage permission.

### Retrieve all network nodes including appliances and agents with filtering options

 - [GET /node](https://apidocs.trustgrid.io/agent/listnodes.md): List both appliances and agents. The fields config and shadow will be empty unless
specified in the projection parameter. The query for the config or shadow must be at least
one level deep - projection0=config won't work, but projection0=config&projection0=gateway
will result in config.gateway being populated.

---

Requires nodes::read permission.

### Retrieve a node by its fully-qualified domain name

 - [GET /node/by-fqdn/{fqdn}](https://apidocs.trustgrid.io/agent/getnodebyfqdn.md): Get a node using its FQDN directly, as an alternative to looking up the nodeID first.

---

Requires nodes::read permission on the node.

### Permanently remove a node from the organization and revoke access

 - [DELETE /node/{nodeID}](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D/delete.md): Delete a node (appliance or agent)

---

Requires nodes::delete permission.

### Retrieve detailed configuration and status information for a specific node

 - [GET /node/{nodeID}](https://apidocs.trustgrid.io/agent/getnode.md): Get a node (appliance or agent)

---

Requires nodes::read permission.

### Modify node settings including cluster assignment and operational state

 - [PUT /node/{nodeID}](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D/put.md): Update a node (appliance or agent)

---

Requires nodes::manage permission.

### Configure inbound network connectors for external access to node services

 - [PUT /node/{nodeID}/config/connectors](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1config~1connectors/put.md)

### Remove all connector configurations from a node

 - [DELETE /node/{nodeID}/config/connectors](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1config~1connectors/delete.md)

### Create a new inbound connector to expose services running on the node

 - [POST /v2/node/{nodeID}/config/connectors](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors/post.md): Requires node::configure::connectors permissions

### Migrate a node's connector configuration to the latest V2 format

 - [POST /v2/node/{nodeID}/config/connectors/upgrade](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors~1upgrade/post.md): Requires node::configure::connectors permissions

### Modify settings for an existing connector on a node

 - [PUT /v2/node/{nodeID}/config/connectors/{connectorID}](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors~1%7Bconnectorid%7D/put.md): Applies to appliances and agents. Requires V2 connector config.
---
Requires node::configure::connectors permissions

### Remove a specific connector configuration from a node

 - [DELETE /v2/node/{nodeID}/config/connectors/{connectorID}](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors~1%7Bconnectorid%7D/delete.md): Delete a connector from a node (appliance or agent). Requires V2 connector config.

---

Requires node::configure::connectors permissions

### Configure outbound services for external connections from the node

 - [PUT /node/{nodeID}/config/services](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1config~1services/put.md): Update services configuration for a node (appliance or agent)

---

Note: request body will be validated by JSON schema of the plugin

### Create a new outbound service connection for external resource access

 - [POST /v2/node/{nodeID}/config/services](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services/post.md): Requires node::configure::services permissions

### Migrate a node's service configuration to the latest V2 format

 - [POST /v2/node/{nodeID}/config/services/upgrade](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services~1upgrade/post.md): Requires node::configure::services permissions

### Modify settings for an existing service connection on a node

 - [PUT /v2/node/{nodeID}/config/services/{serviceID}](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services~1%7Bserviceid%7D/put.md): Update a service on a node. Requires V2 services config.

---

Requires node::configure::services permissions

### Remove a specific service configuration from a node

 - [DELETE /v2/node/{nodeID}/config/services/{serviceID}](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services~1%7Bserviceid%7D/delete.md): Delete a service from a node. Requires V2 services config.

---

Requires node::configure::services permissions

### Configure node as a network gateway for routing traffic between networks

 - [PUT /node/{nodeID}/config/gateway](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1config~1gateway/put.md): Update gateway configuration

Use host (not ip) for the gateway hostname.

---

Requires nodes::configure:gateway permission.

### Configure SNMP monitoring settings for network management integration

 - [PUT /node/{nodeID}/snmp](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1snmp/put.md): Update SNMP configuration

---

Requires nodes::configure:snmp permission.

### Remove a metadata tag from a node for organizational categorization

 - [DELETE /node/{nodeID}/tag/{tagName}](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1tag~1%7Btagname%7D/delete.md)

### Add or update a metadata tag on a node for organizational categorization

 - [PUT /node/{nodeID}/tag/{tagName}](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1tag~1%7Btagname%7D/put.md)

### Execute a remote operation or command on a specific node

 - [POST /node/{nodeID}/trigger/{event}](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1trigger~1%7Bevent%7D/post.md): Sends an event to the node and optionally waits for its response.

Common event values:
- node-restart-service — restart the Trustgrid node service (requires nodes::service:node-restart-service)
- node-reboot — reboot the host OS (requires nodes::service:node-reboot)
- node-upgrade — upgrade node software (requires nodes::service:node-upgrade)
- gateway-routes — fetch current gateway routes (requires nodes::service:gateway-routes)
- vpn-routes — fetch virtual network routing table (requires nodes::service:vpn-routes)
- vpn-nats — fetch virtual network NAT table (requires nodes::service:vpn-nats)
- tg-ping — run a ping via the Trustgrid overlay (requires nodes::service:tg-ping)
- tg-traceroute — run a traceroute via the overlay (requires nodes::service:tg-traceroute)
- tg-net-ping — ping through the virtual network (requires nodes::service:tg-net-ping)
- speed-test — measure internet bandwidth (requires nodes::service:speed-test)
- flows — manage active network flows (requires nodes::service:flows)
- bgp — interact with the BGP server (requires nodes::service:bgp)
- ipsec-restart — restart the IPSec service (requires nodes::service:ipsec-restart)
- ipsec-statusall — retrieve IPSec status (requires nodes::service:ipsec-statusall)

All services require either nodes::remote-execute or nodes::service:{event}
permission.

Add ?wait=1 to block until the node responds (useful for synchronous checks).

### Update the lifecycle state of a specific node

 - [PUT /v2/node/{nodeID}/lifecycle-state](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1lifecycle-state/put.md): Update the lifecycle state for a node (appliance or agent).

---

Requires nodes::manage permission.

## Agent

[Agents](https://docs.trustgrid.io/docs/nodes/agents/) are lightweight software clients installed on user devices or servers, supporting VPN/ZTNA connectivity. Requires `nodes::read` permission.


### Retrieve all network nodes including appliances and agents with filtering options

 - [GET /node](https://apidocs.trustgrid.io/appliance/listnodes.md): List both appliances and agents. The fields config and shadow will be empty unless
specified in the projection parameter. The query for the config or shadow must be at least
one level deep - projection0=config won't work, but projection0=config&projection0=gateway
will result in config.gateway being populated.

---

Requires nodes::read permission.

### Retrieve a node by its fully-qualified domain name

 - [GET /node/by-fqdn/{fqdn}](https://apidocs.trustgrid.io/appliance/getnodebyfqdn.md): Get a node using its FQDN directly, as an alternative to looking up the nodeID first.

---

Requires nodes::read permission on the node.

### Permanently remove a node from the organization and revoke access

 - [DELETE /node/{nodeID}](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D/delete.md): Delete a node (appliance or agent)

---

Requires nodes::delete permission.

### Retrieve detailed configuration and status information for a specific node

 - [GET /node/{nodeID}](https://apidocs.trustgrid.io/appliance/getnode.md): Get a node (appliance or agent)

---

Requires nodes::read permission.

### Modify node settings including cluster assignment and operational state

 - [PUT /node/{nodeID}](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D/put.md): Update a node (appliance or agent)

---

Requires nodes::manage permission.

### Configure inbound network connectors for external access to node services

 - [PUT /node/{nodeID}/config/connectors](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1config~1connectors/put.md)

### Remove all connector configurations from a node

 - [DELETE /node/{nodeID}/config/connectors](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1config~1connectors/delete.md)

### Create a new inbound connector to expose services running on the node

 - [POST /v2/node/{nodeID}/config/connectors](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors/post.md): Requires node::configure::connectors permissions

### Migrate a node's connector configuration to the latest V2 format

 - [POST /v2/node/{nodeID}/config/connectors/upgrade](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors~1upgrade/post.md): Requires node::configure::connectors permissions

### Modify settings for an existing connector on a node

 - [PUT /v2/node/{nodeID}/config/connectors/{connectorID}](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors~1%7Bconnectorid%7D/put.md): Applies to appliances and agents. Requires V2 connector config.
---
Requires node::configure::connectors permissions

### Remove a specific connector configuration from a node

 - [DELETE /v2/node/{nodeID}/config/connectors/{connectorID}](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors~1%7Bconnectorid%7D/delete.md): Delete a connector from a node (appliance or agent). Requires V2 connector config.

---

Requires node::configure::connectors permissions

### Configure outbound services for external connections from the node

 - [PUT /node/{nodeID}/config/services](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1config~1services/put.md): Update services configuration for a node (appliance or agent)

---

Note: request body will be validated by JSON schema of the plugin

### Create a new outbound service connection for external resource access

 - [POST /v2/node/{nodeID}/config/services](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services/post.md): Requires node::configure::services permissions

### Migrate a node's service configuration to the latest V2 format

 - [POST /v2/node/{nodeID}/config/services/upgrade](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services~1upgrade/post.md): Requires node::configure::services permissions

### Modify settings for an existing service connection on a node

 - [PUT /v2/node/{nodeID}/config/services/{serviceID}](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services~1%7Bserviceid%7D/put.md): Update a service on a node. Requires V2 services config.

---

Requires node::configure::services permissions

### Remove a specific service configuration from a node

 - [DELETE /v2/node/{nodeID}/config/services/{serviceID}](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services~1%7Bserviceid%7D/delete.md): Delete a service from a node. Requires V2 services config.

---

Requires node::configure::services permissions

### Configure node as a network gateway for routing traffic between networks

 - [PUT /node/{nodeID}/config/gateway](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1config~1gateway/put.md): Update gateway configuration

Use host (not ip) for the gateway hostname.

---

Requires nodes::configure:gateway permission.

### Configure SNMP monitoring settings for network management integration

 - [PUT /node/{nodeID}/snmp](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1snmp/put.md): Update SNMP configuration

---

Requires nodes::configure:snmp permission.

### Remove a metadata tag from a node for organizational categorization

 - [DELETE /node/{nodeID}/tag/{tagName}](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1tag~1%7Btagname%7D/delete.md)

### Add or update a metadata tag on a node for organizational categorization

 - [PUT /node/{nodeID}/tag/{tagName}](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1tag~1%7Btagname%7D/put.md)

### Execute a remote operation or command on a specific node

 - [POST /node/{nodeID}/trigger/{event}](https://apidocs.trustgrid.io/appliance/paths/~1node~1%7Bnodeid%7D~1trigger~1%7Bevent%7D/post.md): Sends an event to the node and optionally waits for its response.

Common event values:
- node-restart-service — restart the Trustgrid node service (requires nodes::service:node-restart-service)
- node-reboot — reboot the host OS (requires nodes::service:node-reboot)
- node-upgrade — upgrade node software (requires nodes::service:node-upgrade)
- gateway-routes — fetch current gateway routes (requires nodes::service:gateway-routes)
- vpn-routes — fetch virtual network routing table (requires nodes::service:vpn-routes)
- vpn-nats — fetch virtual network NAT table (requires nodes::service:vpn-nats)
- tg-ping — run a ping via the Trustgrid overlay (requires nodes::service:tg-ping)
- tg-traceroute — run a traceroute via the overlay (requires nodes::service:tg-traceroute)
- tg-net-ping — ping through the virtual network (requires nodes::service:tg-net-ping)
- speed-test — measure internet bandwidth (requires nodes::service:speed-test)
- flows — manage active network flows (requires nodes::service:flows)
- bgp — interact with the BGP server (requires nodes::service:bgp)
- ipsec-restart — restart the IPSec service (requires nodes::service:ipsec-restart)
- ipsec-statusall — retrieve IPSec status (requires nodes::service:ipsec-statusall)

All services require either nodes::remote-execute or nodes::service:{event}
permission.

Add ?wait=1 to block until the node responds (useful for synchronous checks).

### Update the lifecycle state of a specific node

 - [PUT /v2/node/{nodeID}/lifecycle-state](https://apidocs.trustgrid.io/appliance/paths/~1v2~1node~1%7Bnodeid%7D~1lifecycle-state/put.md): Update the lifecycle state for a node (appliance or agent).

---

Requires nodes::manage permission.

### Retrieve all network nodes including appliances and agents with filtering options

 - [GET /node](https://apidocs.trustgrid.io/agent/listnodes.md): List both appliances and agents. The fields config and shadow will be empty unless
specified in the projection parameter. The query for the config or shadow must be at least
one level deep - projection0=config won't work, but projection0=config&projection0=gateway
will result in config.gateway being populated.

---

Requires nodes::read permission.

### Retrieve a node by its fully-qualified domain name

 - [GET /node/by-fqdn/{fqdn}](https://apidocs.trustgrid.io/agent/getnodebyfqdn.md): Get a node using its FQDN directly, as an alternative to looking up the nodeID first.

---

Requires nodes::read permission on the node.

### Permanently remove a node from the organization and revoke access

 - [DELETE /node/{nodeID}](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D/delete.md): Delete a node (appliance or agent)

---

Requires nodes::delete permission.

### Retrieve detailed configuration and status information for a specific node

 - [GET /node/{nodeID}](https://apidocs.trustgrid.io/agent/getnode.md): Get a node (appliance or agent)

---

Requires nodes::read permission.

### Modify node settings including cluster assignment and operational state

 - [PUT /node/{nodeID}](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D/put.md): Update a node (appliance or agent)

---

Requires nodes::manage permission.

### Configure inbound network connectors for external access to node services

 - [PUT /node/{nodeID}/config/connectors](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1config~1connectors/put.md)

### Remove all connector configurations from a node

 - [DELETE /node/{nodeID}/config/connectors](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1config~1connectors/delete.md)

### Create a new inbound connector to expose services running on the node

 - [POST /v2/node/{nodeID}/config/connectors](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors/post.md): Requires node::configure::connectors permissions

### Migrate a node's connector configuration to the latest V2 format

 - [POST /v2/node/{nodeID}/config/connectors/upgrade](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors~1upgrade/post.md): Requires node::configure::connectors permissions

### Modify settings for an existing connector on a node

 - [PUT /v2/node/{nodeID}/config/connectors/{connectorID}](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors~1%7Bconnectorid%7D/put.md): Applies to appliances and agents. Requires V2 connector config.
---
Requires node::configure::connectors permissions

### Remove a specific connector configuration from a node

 - [DELETE /v2/node/{nodeID}/config/connectors/{connectorID}](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1connectors~1%7Bconnectorid%7D/delete.md): Delete a connector from a node (appliance or agent). Requires V2 connector config.

---

Requires node::configure::connectors permissions

### Configure outbound services for external connections from the node

 - [PUT /node/{nodeID}/config/services](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1config~1services/put.md): Update services configuration for a node (appliance or agent)

---

Note: request body will be validated by JSON schema of the plugin

### Create a new outbound service connection for external resource access

 - [POST /v2/node/{nodeID}/config/services](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services/post.md): Requires node::configure::services permissions

### Migrate a node's service configuration to the latest V2 format

 - [POST /v2/node/{nodeID}/config/services/upgrade](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services~1upgrade/post.md): Requires node::configure::services permissions

### Modify settings for an existing service connection on a node

 - [PUT /v2/node/{nodeID}/config/services/{serviceID}](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services~1%7Bserviceid%7D/put.md): Update a service on a node. Requires V2 services config.

---

Requires node::configure::services permissions

### Remove a specific service configuration from a node

 - [DELETE /v2/node/{nodeID}/config/services/{serviceID}](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1config~1services~1%7Bserviceid%7D/delete.md): Delete a service from a node. Requires V2 services config.

---

Requires node::configure::services permissions

### Configure node as a network gateway for routing traffic between networks

 - [PUT /node/{nodeID}/config/gateway](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1config~1gateway/put.md): Update gateway configuration

Use host (not ip) for the gateway hostname.

---

Requires nodes::configure:gateway permission.

### Configure SNMP monitoring settings for network management integration

 - [PUT /node/{nodeID}/snmp](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1snmp/put.md): Update SNMP configuration

---

Requires nodes::configure:snmp permission.

### Remove a metadata tag from a node for organizational categorization

 - [DELETE /node/{nodeID}/tag/{tagName}](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1tag~1%7Btagname%7D/delete.md)

### Add or update a metadata tag on a node for organizational categorization

 - [PUT /node/{nodeID}/tag/{tagName}](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1tag~1%7Btagname%7D/put.md)

### Execute a remote operation or command on a specific node

 - [POST /node/{nodeID}/trigger/{event}](https://apidocs.trustgrid.io/agent/paths/~1node~1%7Bnodeid%7D~1trigger~1%7Bevent%7D/post.md): Sends an event to the node and optionally waits for its response.

Common event values:
- node-restart-service — restart the Trustgrid node service (requires nodes::service:node-restart-service)
- node-reboot — reboot the host OS (requires nodes::service:node-reboot)
- node-upgrade — upgrade node software (requires nodes::service:node-upgrade)
- gateway-routes — fetch current gateway routes (requires nodes::service:gateway-routes)
- vpn-routes — fetch virtual network routing table (requires nodes::service:vpn-routes)
- vpn-nats — fetch virtual network NAT table (requires nodes::service:vpn-nats)
- tg-ping — run a ping via the Trustgrid overlay (requires nodes::service:tg-ping)
- tg-traceroute — run a traceroute via the overlay (requires nodes::service:tg-traceroute)
- tg-net-ping — ping through the virtual network (requires nodes::service:tg-net-ping)
- speed-test — measure internet bandwidth (requires nodes::service:speed-test)
- flows — manage active network flows (requires nodes::service:flows)
- bgp — interact with the BGP server (requires nodes::service:bgp)
- ipsec-restart — restart the IPSec service (requires nodes::service:ipsec-restart)
- ipsec-statusall — retrieve IPSec status (requires nodes::service:ipsec-statusall)

All services require either nodes::remote-execute or nodes::service:{event}
permission.

Add ?wait=1 to block until the node responds (useful for synchronous checks).

### Update the lifecycle state of a specific node

 - [PUT /v2/node/{nodeID}/lifecycle-state](https://apidocs.trustgrid.io/agent/paths/~1v2~1node~1%7Bnodeid%7D~1lifecycle-state/put.md): Update the lifecycle state for a node (appliance or agent).

---

Requires nodes::manage permission.

## VPN

Per-appliance attachment to virtual networks. Configure which virtual networks an appliance participates in and its VPN interface settings. Requires `node-vpn::read` permission.


### List all VPN networks attached to a node, including IP assignments and routing

 - [GET /v2/node/{nodeID}/vpn](https://apidocs.trustgrid.io/appliance-greater-vpn/listnodevpnnetworks.md)

### Attach a VPN network

 - [POST /v2/node/{nodeID}/vpn](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn/post.md)

### Delete a VPN network

 - [DELETE /v2/node/{nodeID}/vpn/{networkName}](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D/delete.md)

### Get full details of a VPN network on a node, including routes, services, interfaces, DNS, and WireGuard config

 - [GET /v2/node/{nodeID}/vpn/{networkName}](https://apidocs.trustgrid.io/appliance-greater-vpn/getnodevpnnetwork.md)

### Update a VPN network

 - [PUT /v2/node/{nodeID}/vpn/{networkName}](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D/put.md)

### Delete a VPN DNS configuration

 - [DELETE /v2/node/{nodeID}/vpn/{networkName}/dns](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1dns/delete.md)

### Get a VPN's DNS configuration

 - [GET /v2/node/{nodeID}/vpn/{networkName}/dns](https://apidocs.trustgrid.io/appliance-greater-vpn/getnodevpndns.md)

### Create a VPN DNS configuration

 - [POST /v2/node/{nodeID}/vpn/{networkName}/dns](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1dns/post.md)

### Update a VPN DNS configuration

 - [PUT /v2/node/{nodeID}/vpn/{networkName}/dns](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1dns/put.md)

### Get a VPN's dynamic export routes

 - [GET /v2/node/{nodeID}/vpn/{networkName}/dynamic/export-route](https://apidocs.trustgrid.io/appliance-greater-vpn/listnodevpnexportroutes.md)

### Create a VPN export route

 - [POST /v2/node/{nodeID}/vpn/{networkName}/dynamic/export-route](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1dynamic~1export-route/post.md)

### Delete a VPN export route

 - [DELETE /v2/node/{nodeID}/vpn/{networkName}/dynamic/export-route/{uid}](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1dynamic~1export-route~1%7Buid%7D/delete.md)

### Update a VPN export route

 - [PUT /v2/node/{nodeID}/vpn/{networkName}/dynamic/export-route/{uid}](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1dynamic~1export-route~1%7Buid%7D/put.md)

### Get a VPN's dynamic import routes

 - [GET /v2/node/{nodeID}/vpn/{networkName}/dynamic/import-route](https://apidocs.trustgrid.io/appliance-greater-vpn/listnodevpnimportroutes.md)

### Create a VPN import route

 - [POST /v2/node/{nodeID}/vpn/{networkName}/dynamic/import-route](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1dynamic~1import-route/post.md)

### Delete a VPN import route

 - [DELETE /v2/node/{nodeID}/vpn/{networkName}/dynamic/import-route/{uid}](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1dynamic~1import-route~1%7Buid%7D/delete.md)

### Update a VPN import route

 - [PUT /v2/node/{nodeID}/vpn/{networkName}/dynamic/import-route/{uid}](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1dynamic~1import-route~1%7Buid%7D/put.md)

### Get a VPN's interfaces

 - [GET /v2/node/{nodeID}/vpn/{networkName}/interface](https://apidocs.trustgrid.io/appliance-greater-vpn/listnodevpninterfaces.md): Get the list of interfaces attached to a VPN network on a node. Note: NATs within a VPN interface can share the same source and destination CIDRs provided they are differentiated by route metric. This is intentional and not a configuration error.

### Create a VPN interface

 - [POST /v2/node/{nodeID}/vpn/{networkName}/interface](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1interface/post.md): inDefaultRoute and outDefaultRoute are mutually exclusive — set at most one to true.

Inside NATs (insideNats) rewrite traffic arriving from the VPN before it enters the local network.
Outside NATs (outsideNats) rewrite traffic leaving the local network before it enters the VPN.

After creating or updating a VPN interface, push the node config for the change to take effect.

### Delete a VPN interface

 - [DELETE /v2/node/{nodeID}/vpn/{networkName}/interface/{interfaceName}](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1interface~1%7Binterfacename%7D/delete.md)

### Update a VPN interface

 - [PUT /v2/node/{nodeID}/vpn/{networkName}/interface/{interfaceName}](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1interface~1%7Binterfacename%7D/put.md): inDefaultRoute and outDefaultRoute are mutually exclusive — set at most one to true.

Inside NATs (insideNats) rewrite traffic arriving from the VPN before it enters the local network.
Outside NATs (outsideNats) rewrite traffic leaving the local network before it enters the VPN.

After creating or updating a VPN interface, push the node config for the change to take effect.

### Get a VPN's routes

 - [GET /v2/node/{nodeID}/vpn/{networkName}/route](https://apidocs.trustgrid.io/appliance-greater-vpn/listnodevpnroutes.md)

### Create a VPN route

 - [POST /v2/node/{nodeID}/vpn/{networkName}/route](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1route/post.md)

### Delete a VPN route

 - [DELETE /v2/node/{nodeID}/vpn/{networkName}/route/{uid}](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1route~1%7Buid%7D/delete.md)

### Update a VPN route

 - [PUT /v2/node/{nodeID}/vpn/{networkName}/route/{uid}](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1route~1%7Buid%7D/put.md)

### Get a VPN's services

 - [GET /v2/node/{nodeID}/vpn/{networkName}/service](https://apidocs.trustgrid.io/appliance-greater-vpn/listnodevpnservices.md): Requires node-vpn::read permission.

### Create a VPN Service

 - [POST /v2/node/{nodeID}/vpn/{networkName}/service](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1service/post.md): Requires node-vpn::modify permission.

### Delete a VPN Service

 - [DELETE /v2/node/{nodeID}/vpn/{networkName}/service/{uid}](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1service~1%7Buid%7D/delete.md): Requires node-vpn::modify permission.

### Update a Service

 - [PUT /v2/node/{nodeID}/vpn/{networkName}/service/{uid}](https://apidocs.trustgrid.io/appliance-greater-vpn/paths/~1v2~1node~1%7Bnodeid%7D~1vpn~1%7Bnetworkname%7D~1service~1%7Buid%7D/put.md)

## Compute

[Appliance edge compute](https://docs.trustgrid.io/docs/nodes/appliances/containers/) — Docker container workloads deployed on a specific appliance. Requires `node-exec::read` permission. Requires `exec` feature flag.


### List containers

 - [GET /v2/node/{nodeID}/exec/container](https://apidocs.trustgrid.io/appliance-greater-compute/listnodecontainers.md): Requires node-exec::read permission.

### Create a container

 - [POST /v2/node/{nodeID}/exec/container](https://apidocs.trustgrid.io/appliance-greater-compute/paths/~1v2~1node~1%7Bnodeid%7D~1exec~1container/post.md): Requires node-exec::modify permission.

### Delete a container

 - [DELETE /v2/node/{nodeID}/exec/container/{containerID}](https://apidocs.trustgrid.io/appliance-greater-compute/paths/~1v2~1node~1%7Bnodeid%7D~1exec~1container~1%7Bcontainerid%7D/delete.md): Requires node-exec::modify permission.

### Get edge compute container configuration on a node

 - [GET /v2/node/{nodeID}/exec/container/{containerID}](https://apidocs.trustgrid.io/appliance-greater-compute/getnodecontainer.md): Requires node-exec::read permission.

### Update a container

 - [PUT /v2/node/{nodeID}/exec/container/{containerID}](https://apidocs.trustgrid.io/appliance-greater-compute/paths/~1v2~1node~1%7Bnodeid%7D~1exec~1container~1%7Bcontainerid%7D/put.md): Requires node-exec::modify permission.

### Get container capabilities

 - [GET /v2/node/{nodeID}/exec/container/{containerID}/capability](https://apidocs.trustgrid.io/appliance-greater-compute/getnodecontainercapabilities.md): Requires node-exec::read permission.

### Update container config

 - [PUT /v2/node/{nodeID}/exec/container/{containerID}/config](https://apidocs.trustgrid.io/appliance-greater-compute/paths/~1v2~1node~1%7Bnodeid%7D~1exec~1container~1%7Bcontainerid%7D~1config/put.md): Requires node-exec::modify permission.

### Get container health check

 - [GET /v2/node/{nodeID}/exec/container/{containerID}/healthcheck](https://apidocs.trustgrid.io/appliance-greater-compute/getnodecontainerhealthcheck.md): Requires node-exec::read permission.

### List container interfaces

 - [GET /v2/node/{nodeID}/exec/container/{containerID}/interface](https://apidocs.trustgrid.io/appliance-greater-compute/listnodecontainerinterfaces.md): Requires node-exec::read permission.

### List container limits

 - [GET /v2/node/{nodeID}/exec/container/{containerID}/limit](https://apidocs.trustgrid.io/appliance-greater-compute/listnodecontainerlimits.md): Requires node-exec::read permission.

### Get container logging configuration

 - [GET /v2/node/{nodeID}/exec/container/{containerID}/logging](https://apidocs.trustgrid.io/appliance-greater-compute/getnodecontainerlogging.md): Requires node-exec::read permission.

### List container mounts

 - [GET /v2/node/{nodeID}/exec/container/{containerID}/mount](https://apidocs.trustgrid.io/appliance-greater-compute/listnodecontainermounts.md): Requires node-exec::read permission.

### List container port mappings

 - [GET /v2/node/{nodeID}/exec/container/{containerID}/port-mapping](https://apidocs.trustgrid.io/appliance-greater-compute/listnodecontainerportmappings.md): Requires node-exec::read permission.

### List container variables

 - [GET /v2/node/{nodeID}/exec/container/{containerID}/variable](https://apidocs.trustgrid.io/appliance-greater-compute/listnodecontainervariables.md): Requires node-exec::read permission.

### List container virtual networks

 - [GET /v2/node/{nodeID}/exec/container/{containerID}/virtual-network](https://apidocs.trustgrid.io/appliance-greater-compute/listnodecontainervirtualnetworks.md): Requires node-exec::read permission.

### List container volumes

 - [GET /v2/node/{nodeID}/exec/container/{containerID}/volume](https://apidocs.trustgrid.io/appliance-greater-compute/listnodecontainervolumes.md): Requires node-exec::read permission.

### Get container VRF

 - [GET /v2/node/{nodeID}/exec/container/{containerID}/vrf](https://apidocs.trustgrid.io/appliance-greater-compute/getnodecontainervrf.md): Requires node-exec::read permission.

### List volumes

 - [GET /v2/node/{nodeID}/exec/volume](https://apidocs.trustgrid.io/appliance-greater-compute/listnodevolumes.md): Requires node-exec::read permission.

### Create volume

 - [POST /v2/node/{nodeID}/exec/volume](https://apidocs.trustgrid.io/appliance-greater-compute/paths/~1v2~1node~1%7Bnodeid%7D~1exec~1volume/post.md): Requires node-exec::modify permission.

### Delete a volume

 - [DELETE /v2/node/{nodeID}/exec/volume/{volumeName}](https://apidocs.trustgrid.io/appliance-greater-compute/paths/~1v2~1node~1%7Bnodeid%7D~1exec~1volume~1%7Bvolumename%7D/delete.md): Requires node-exec::modify permission.

## Upgrade Manager

The [upgrade manager](https://docs.trustgrid.io/docs/upgrade-manager/) orchestrates software upgrades for nodes and clusters in bulk with scheduling and rollback support. Requires `upgrade-manager::read` permission.


### Retrieve all firmware upgrade campaigns and their execution status

 - [GET /upgrade-manager/api/v1/upgrades](https://apidocs.trustgrid.io/upgrade-manager/listupgrades.md): Requires upgrade-manager::read permission.

### Create a new firmware upgrade campaign for multiple nodes

 - [POST /upgrade-manager/api/v1/upgrades](https://apidocs.trustgrid.io/upgrade-manager/paths/~1upgrade-manager~1api~1v1~1upgrades/post.md): Requires upgrade-manager::modify permission.

### Retrieve the currently running firmware upgrade campaign

 - [GET /upgrade-manager/api/v1/upgrades/active](https://apidocs.trustgrid.io/upgrade-manager/getactiveupgrade.md): Requires upgrade-manager::read permission.

### Cancel and permanently remove an upgrade campaign

 - [DELETE /upgrade-manager/api/v1/upgrades/{upgradeID}](https://apidocs.trustgrid.io/upgrade-manager/paths/~1upgrade-manager~1api~1v1~1upgrades~1%7Bupgradeid%7D/delete.md): Requires upgrade-manager::modify permission.

### Retrieve detailed status and progress of a specific upgrade campaign

 - [GET /upgrade-manager/api/v1/upgrades/{upgradeID}](https://apidocs.trustgrid.io/upgrade-manager/getupgrade.md): Requires upgrade-manager::read permission.

### Modify upgrade campaign settings and target selection criteria

 - [PUT /upgrade-manager/api/v1/upgrades/{upgradeID}](https://apidocs.trustgrid.io/upgrade-manager/paths/~1upgrade-manager~1api~1v1~1upgrades~1%7Bupgradeid%7D/put.md): Requires upgrade-manager::modify permission.

### Authorize automatic failover of HA clusters during upgrade process

 - [POST /upgrade-manager/api/v1/upgrades/{upgradeID}/approve-failover](https://apidocs.trustgrid.io/upgrade-manager/paths/~1upgrade-manager~1api~1v1~1upgrades~1%7Bupgradeid%7D~1approve-failover/post.md): Requires upgrade-manager::modify permission.

### Manually mark an upgrade campaign as finished and finalize the process

 - [POST /upgrade-manager/api/v1/upgrades/{upgradeID}/complete](https://apidocs.trustgrid.io/upgrade-manager/paths/~1upgrade-manager~1api~1v1~1upgrades~1%7Bupgradeid%7D~1complete/post.md): Requires upgrade-manager::modify permission.

### Acknowledge and dismiss a failed or problematic upgrade workflow

 - [POST /upgrade-manager/api/v1/upgrades/{upgradeID}/dismiss/{workflowID}](https://apidocs.trustgrid.io/upgrade-manager/paths/~1upgrade-manager~1api~1v1~1upgrades~1%7Bupgradeid%7D~1dismiss~1%7Bworkflowid%7D/post.md): Requires upgrade-manager::modify permission.

### Test an upgrade campaign by creating and executing a non-destructive simulation

 - [POST /upgrade-manager/api/v1/upgrades/{upgradeID}/dryrun](https://apidocs.trustgrid.io/upgrade-manager/paths/~1upgrade-manager~1api~1v1~1upgrades~1%7Bupgradeid%7D~1dryrun/post.md): Requires upgrade-manager::modify permission.

### Retrieve detailed execution logs and error messages for an upgrade campaign

 - [GET /upgrade-manager/api/v1/upgrades/{upgradeID}/logs](https://apidocs.trustgrid.io/upgrade-manager/getupgradelogs.md): Requires upgrade-manager::read permission.

### Add administrative notes or comments to an upgrade workflow for tracking

 - [POST /upgrade-manager/api/v1/upgrades/{upgradeID}/note/{workflowID}](https://apidocs.trustgrid.io/upgrade-manager/paths/~1upgrade-manager~1api~1v1~1upgrades~1%7Bupgradeid%7D~1note~1%7Bworkflowid%7D/post.md): Requires upgrade-manager::modify permission.

### Restart a failed upgrade workflow to attempt the operation again

 - [POST /upgrade-manager/api/v1/upgrades/{upgradeID}/retry/{workflowID}](https://apidocs.trustgrid.io/upgrade-manager/paths/~1upgrade-manager~1api~1v1~1upgrades~1%7Bupgradeid%7D~1retry~1%7Bworkflowid%7D/post.md): Requires upgrade-manager::modify permission.

### Begin execution of a configured upgrade campaign across target nodes

 - [POST /upgrade-manager/api/v1/upgrades/{upgradeID}/start](https://apidocs.trustgrid.io/upgrade-manager/paths/~1upgrade-manager~1api~1v1~1upgrades~1%7Bupgradeid%7D~1start/post.md): Requires upgrade-manager::modify permission.

## Repository

Container image repositories for storing and distributing Docker images to edge compute nodes. Requires `repositories::read` permission.


### Retrieve all container repositories available for edge computing

 - [GET /repositories](https://apidocs.trustgrid.io/repository/listrepositories.md)

### Permanently remove a container repository and all its images

 - [DELETE /repositories/{reponame}](https://apidocs.trustgrid.io/repository/paths/~1repositories~1%7Breponame%7D/delete.md)

### Retrieve available image tags and metadata for a specific repository

 - [GET /repositories/{reponame}](https://apidocs.trustgrid.io/repository/getrepository.md)

### Remove a specific image tag from a container repository

 - [DELETE /repositories/{reponame}/{tag}](https://apidocs.trustgrid.io/repository/paths/~1repositories~1%7Breponame%7D~1%7Btag%7D/delete.md)

## Audit

Immutable logs for compliance and troubleshooting. Trustgrid exposes [authentication audits](https://docs.trustgrid.io/docs/operations/authentication/) (`audits::read:user`), [configuration changes](https://docs.trustgrid.io/docs/operations/changes/) (`audits::read:config`), [node events](https://docs.trustgrid.io/docs/operations/node-events/) (`audits::read:node`), and [flow logs](https://docs.trustgrid.io/docs/operations/flow-logs/) (`audits::read:flows`).


### Export configuration change audit logs as a downloadable file

 - [GET /audit/download/config](https://apidocs.trustgrid.io/audit/downloadconfigaudit.md): Requires audits::read:config permission.

### Export node activity and operational audit logs as a downloadable file

 - [GET /audit/download/node](https://apidocs.trustgrid.io/audit/downloadnodeaudit.md): Requires audits::read:node permission.

### Export user authentication and access audit logs as a downloadable file

 - [GET /audit/download/user](https://apidocs.trustgrid.io/audit/downloaduseraudit.md): Requires audits::read:user permission.

### Retrieve real-time configuration change audit logs with filtering options

 - [GET /audit/tail/config](https://apidocs.trustgrid.io/audit/tailconfigaudit.md): Requires audits::read:config permission.

### Retrieve real-time node operational and security audit logs

 - [GET /audit/tail/node](https://apidocs.trustgrid.io/audit/tailnodeaudit.md): List node (appliance or agent) audits

---

Requires audits::read:node permission.

### Retrieve real-time user authentication and session audit logs

 - [GET /audit/tail/user](https://apidocs.trustgrid.io/audit/tailuseraudit.md): Requires audits::read:user permission.

### Retrieve network traffic flow logs with advanced filtering and pagination

 - [GET /v2/audit/flow-logs](https://apidocs.trustgrid.io/audit/getflowlogs.md): Requires audits::read:flows permission.

### Retrieve network traffic flow logs with advanced filtering and pagination (deprecated)

 - [GET /audit/tail/flow_logs](https://apidocs.trustgrid.io/audit/tailflowlogs.md): This is deprecated; use /v2/audit/flow-logs instead.

---

Requires audits::read:flows permission.

## Certificate

[TLS certificates](https://docs.trustgrid.io/docs/certificates/) provisioned for nodes to secure communications. Requires `certificates::read` to view, `certificates::modify` to manage.


### Retrieve all TLS certificates and their expiration status

 - [GET /v2/certificates](https://apidocs.trustgrid.io/certificate/listcertificates.md): Requires certificates::read permission.

### Upload and install a new TLS certificate for secure communications

 - [POST /v2/certificates](https://apidocs.trustgrid.io/certificate/paths/~1v2~1certificates/post.md): Requires certificates::modify permission.

### Remove a TLS certificate and disable secure communications for the domain

 - [DELETE /v2/certificates/{fqdn}](https://apidocs.trustgrid.io/certificate/paths/~1v2~1certificates~1%7Bfqdn%7D/delete.md): Requires certificates::modify permission.

### Replace an existing TLS certificate with an updated version

 - [PUT /v2/certificates/{fqdn}](https://apidocs.trustgrid.io/certificate/paths/~1v2~1certificates~1%7Bfqdn%7D/put.md): Requires certificates::modify permission.

## User

[User](https://docs.trustgrid.io/docs/user-management/) accounts for portal and API access. Authenticated via SSO (IDP) or local credentials and assigned permissions via policies. Requires `users::read` permission.


### Retrieve all user groups and their access permissions

 - [GET /group](https://apidocs.trustgrid.io/group/listgroups.md): Requires groups::read permissions

### Create a new user group with specified access permissions

 - [POST /group](https://apidocs.trustgrid.io/group/paths/~1group/post.md): Requires groups::modify permissions

### Remove a user from a group and revoke associated permissions

 - [DELETE /group/{groupId}/members/{email}](https://apidocs.trustgrid.io/group/paths/~1group~1%7Bgroupid%7D~1members~1%7Bemail%7D/delete.md): Requires groups::modify permissions

### Permanently delete a group and remove all member associations

 - [DELETE /group/{uid}](https://apidocs.trustgrid.io/group/paths/~1group~1%7Buid%7D/delete.md): Requires groups::modify permissions

### Retrieve detailed information about a specific group

 - [GET /group/{uid}](https://apidocs.trustgrid.io/group/getgroup.md): Requires groups::read permissions

### List all identity providers associated with a group

 - [GET /group/{uid}/idps](https://apidocs.trustgrid.io/group/listgroupidps.md): Requires groups::read permissions

### Retrieve all users that belong to a specific group

 - [GET /group/{uid}/members](https://apidocs.trustgrid.io/group/listgroupmembers.md): Requires groups::read permissions

### Add a new user to a group and grant associated permissions

 - [POST /group/{uid}/members](https://apidocs.trustgrid.io/group/paths/~1group~1%7Buid%7D~1members/post.md): Requires groups::modify permissions

### Retrieve all user groups and their access permissions

 - [GET /group](https://apidocs.trustgrid.io/user/listgroups.md): Requires groups::read permissions

### Create a new user group with specified access permissions

 - [POST /group](https://apidocs.trustgrid.io/user/paths/~1group/post.md): Requires groups::modify permissions

### Remove a user from a group and revoke associated permissions

 - [DELETE /group/{groupId}/members/{email}](https://apidocs.trustgrid.io/user/paths/~1group~1%7Bgroupid%7D~1members~1%7Bemail%7D/delete.md): Requires groups::modify permissions

### Permanently delete a group and remove all member associations

 - [DELETE /group/{uid}](https://apidocs.trustgrid.io/user/paths/~1group~1%7Buid%7D/delete.md): Requires groups::modify permissions

### Retrieve detailed information about a specific group

 - [GET /group/{uid}](https://apidocs.trustgrid.io/user/getgroup.md): Requires groups::read permissions

### List all identity providers associated with a group

 - [GET /group/{uid}/idps](https://apidocs.trustgrid.io/user/listgroupidps.md): Requires groups::read permissions

### Retrieve all users that belong to a specific group

 - [GET /group/{uid}/members](https://apidocs.trustgrid.io/user/listgroupmembers.md): Requires groups::read permissions

### Add a new user to a group and grant associated permissions

 - [POST /group/{uid}/members](https://apidocs.trustgrid.io/user/paths/~1group~1%7Buid%7D~1members/post.md): Requires groups::modify permissions

### Retrieve all users in the organization with their roles and permissions

 - [GET /user](https://apidocs.trustgrid.io/user/listusers.md): Changes to users sometimes take a few minutes to appear while being indexed

### Send an invitation email to a new user to join the organization

 - [POST /user](https://apidocs.trustgrid.io/user/paths/~1user/post.md): For organizations using the default Trustgrid authentication provider, users must be invited and then they should sign up with the invited email address.
For custom IDP integrations, users should be added instead.

### Directly add a user account for organizations with custom identity providers

 - [POST /user/add](https://apidocs.trustgrid.io/user/paths/~1user~1add/post.md): Add a user. This is only available to organizations with custom IDP integrations.

### Permanently remove a user from the organization and revoke all access

 - [DELETE /user/{email}](https://apidocs.trustgrid.io/user/paths/~1user~1%7Bemail%7D/delete.md)

### Retrieve the effective merged policy for a user

 - [GET /user/{email}/policy](https://apidocs.trustgrid.io/user/paths/~1user~1%7Bemail%7D~1policy/get.md): Returns the combined policy derived from all policies directly attached to the user plus those inherited via group membership.

### Attach a named policy to a user

 - [POST /user/{email}/policy/{name}](https://apidocs.trustgrid.io/user/paths/~1user~1%7Bemail%7D~1policy~1%7Bname%7D/post.md): Adds name to the user's set of directly attached policies.

Policies whose names start with restricted- cannot be attached via this endpoint.

Requires permissions::modify permission.

### Detach a named policy from a user

 - [DELETE /user/{email}/policy/{name}](https://apidocs.trustgrid.io/user/paths/~1user~1%7Bemail%7D~1policy~1%7Bname%7D/delete.md): Requires permissions::modify permission.

### Retrieve all groups that a specific user belongs to

 - [GET /user/{email}/groups](https://apidocs.trustgrid.io/user/listusergroups.md)

### Add a user to a group and grant associated permissions

 - [POST /v2/user/{email}/groups](https://apidocs.trustgrid.io/user/paths/~1v2~1user~1%7Bemail%7D~1groups/post.md)

### Remove a user from a group and revoke associated permissions

 - [DELETE /v2/user/{email}/groups/{group}](https://apidocs.trustgrid.io/user/paths/~1v2~1user~1%7Bemail%7D~1groups~1%7Bgroup%7D/delete.md)

## Group

[Groups](https://docs.trustgrid.io/docs/user-management/groups/) control which users can access ZTNA applications exposed through virtual networks. Can be synchronized from identity providers. Requires `groups::read` permission.


### Retrieve all user groups and their access permissions

 - [GET /group](https://apidocs.trustgrid.io/group/listgroups.md): Requires groups::read permissions

### Create a new user group with specified access permissions

 - [POST /group](https://apidocs.trustgrid.io/group/paths/~1group/post.md): Requires groups::modify permissions

### Remove a user from a group and revoke associated permissions

 - [DELETE /group/{groupId}/members/{email}](https://apidocs.trustgrid.io/group/paths/~1group~1%7Bgroupid%7D~1members~1%7Bemail%7D/delete.md): Requires groups::modify permissions

### Permanently delete a group and remove all member associations

 - [DELETE /group/{uid}](https://apidocs.trustgrid.io/group/paths/~1group~1%7Buid%7D/delete.md): Requires groups::modify permissions

### Retrieve detailed information about a specific group

 - [GET /group/{uid}](https://apidocs.trustgrid.io/group/getgroup.md): Requires groups::read permissions

### List all identity providers associated with a group

 - [GET /group/{uid}/idps](https://apidocs.trustgrid.io/group/listgroupidps.md): Requires groups::read permissions

### Retrieve all users that belong to a specific group

 - [GET /group/{uid}/members](https://apidocs.trustgrid.io/group/listgroupmembers.md): Requires groups::read permissions

### Add a new user to a group and grant associated permissions

 - [POST /group/{uid}/members](https://apidocs.trustgrid.io/group/paths/~1group~1%7Buid%7D~1members/post.md): Requires groups::modify permissions

### Retrieve all user groups and their access permissions

 - [GET /group](https://apidocs.trustgrid.io/user/listgroups.md): Requires groups::read permissions

### Create a new user group with specified access permissions

 - [POST /group](https://apidocs.trustgrid.io/user/paths/~1group/post.md): Requires groups::modify permissions

### Remove a user from a group and revoke associated permissions

 - [DELETE /group/{groupId}/members/{email}](https://apidocs.trustgrid.io/user/paths/~1group~1%7Bgroupid%7D~1members~1%7Bemail%7D/delete.md): Requires groups::modify permissions

### Permanently delete a group and remove all member associations

 - [DELETE /group/{uid}](https://apidocs.trustgrid.io/user/paths/~1group~1%7Buid%7D/delete.md): Requires groups::modify permissions

### Retrieve detailed information about a specific group

 - [GET /group/{uid}](https://apidocs.trustgrid.io/user/getgroup.md): Requires groups::read permissions

### List all identity providers associated with a group

 - [GET /group/{uid}/idps](https://apidocs.trustgrid.io/user/listgroupidps.md): Requires groups::read permissions

### Retrieve all users that belong to a specific group

 - [GET /group/{uid}/members](https://apidocs.trustgrid.io/user/listgroupmembers.md): Requires groups::read permissions

### Add a new user to a group and grant associated permissions

 - [POST /group/{uid}/members](https://apidocs.trustgrid.io/user/paths/~1group~1%7Buid%7D~1members/post.md): Requires groups::modify permissions

## ObservabilityExporter

[Observability exporters](https://docs.trustgrid.io/docs/observability/) configure telemetry data forwarding to external monitoring systems (Splunk, HTTP endpoints) via OpenTelemetry. Requires `observability::read` to view, `observability::modify` to configure. Requires `observability` feature flag.


### Retrieve HTTP-specific configuration for a telemetry data exporter

 - [GET /v2/observability-exporter/http/{id}](https://apidocs.trustgrid.io/httpexporter/gethttpobservabilityexporter.md): Requires observability::read permission and Organization observability feature needs to be enabled.

### Modify HTTP-specific settings for a telemetry data exporter

 - [PUT /v2/observability-exporter/http/{id}](https://apidocs.trustgrid.io/httpexporter/paths/~1v2~1observability-exporter~1http~1%7Bid%7D/put.md): Requires observability::modify permission and Organization observability feature needs to be enabled.

### Retrieve all configured telemetry data exporters for external monitoring systems

 - [GET /v2/observability-exporter](https://apidocs.trustgrid.io/observabilityexporter/listobservabilityexporters.md): Requires observability::read permission and Organization observability feature needs to be enabled.

### Configure a new telemetry data exporter for external monitoring integration

 - [POST /v2/observability-exporter](https://apidocs.trustgrid.io/observabilityexporter/paths/~1v2~1observability-exporter/post.md): Requires observability::modify permission and Organization observability feature needs to be enabled.

### Retrieve configuration details for a specific telemetry data exporter

 - [GET /v2/observability-exporter/{id}](https://apidocs.trustgrid.io/observabilityexporter/getobservabilityexporter.md): Requires observability::read permission and Organization observability feature needs to be enabled.

### Modify settings for an existing telemetry data exporter

 - [PUT /v2/observability-exporter/{id}](https://apidocs.trustgrid.io/observabilityexporter/paths/~1v2~1observability-exporter~1%7Bid%7D/put.md): Requires observability::modify permission and Organization observability feature needs to be enabled.

### Remove a telemetry data exporter and stop external monitoring integration

 - [DELETE /v2/observability-exporter/{id}](https://apidocs.trustgrid.io/observabilityexporter/paths/~1v2~1observability-exporter~1%7Bid%7D/delete.md): Requires observability::modify permission and Organization observability feature needs to be enabled.

### Retrieve Splunk-specific configuration for a telemetry data exporter

 - [GET /v2/observability-exporter/splunk/{id}](https://apidocs.trustgrid.io/observabilityexporter/getsplunkobservabilityexporter.md): Requires observability::read permission and Organization observability feature needs to be enabled.

### Modify Splunk-specific settings for a telemetry data exporter

 - [PUT /v2/observability-exporter/splunk/{id}](https://apidocs.trustgrid.io/observabilityexporter/paths/~1v2~1observability-exporter~1splunk~1%7Bid%7D/put.md): Requires observability::modify permission and Organization observability feature needs to be enabled.

### Retrieve HTTP-specific configuration for a telemetry data exporter

 - [GET /v2/observability-exporter/http/{id}](https://apidocs.trustgrid.io/observabilityexporter/gethttpobservabilityexporter.md): Requires observability::read permission and Organization observability feature needs to be enabled.

### Modify HTTP-specific settings for a telemetry data exporter

 - [PUT /v2/observability-exporter/http/{id}](https://apidocs.trustgrid.io/observabilityexporter/paths/~1v2~1observability-exporter~1http~1%7Bid%7D/put.md): Requires observability::modify permission and Organization observability feature needs to be enabled.

### Retrieve Splunk-specific configuration for a telemetry data exporter

 - [GET /v2/observability-exporter/splunk/{id}](https://apidocs.trustgrid.io/splunkexporter/getsplunkobservabilityexporter.md): Requires observability::read permission and Organization observability feature needs to be enabled.

### Modify Splunk-specific settings for a telemetry data exporter

 - [PUT /v2/observability-exporter/splunk/{id}](https://apidocs.trustgrid.io/splunkexporter/paths/~1v2~1observability-exporter~1splunk~1%7Bid%7D/put.md): Requires observability::modify permission and Organization observability feature needs to be enabled.

## HTTPExporter

Generic HTTP observability exporter for forwarding telemetry to any OpenTelemetry-compatible HTTP endpoint. Requires `observability::read` to view, `observability::modify` to configure. Requires `observability` feature flag.


### Retrieve HTTP-specific configuration for a telemetry data exporter

 - [GET /v2/observability-exporter/http/{id}](https://apidocs.trustgrid.io/httpexporter/gethttpobservabilityexporter.md): Requires observability::read permission and Organization observability feature needs to be enabled.

### Modify HTTP-specific settings for a telemetry data exporter

 - [PUT /v2/observability-exporter/http/{id}](https://apidocs.trustgrid.io/httpexporter/paths/~1v2~1observability-exporter~1http~1%7Bid%7D/put.md): Requires observability::modify permission and Organization observability feature needs to be enabled.

### Retrieve HTTP-specific configuration for a telemetry data exporter

 - [GET /v2/observability-exporter/http/{id}](https://apidocs.trustgrid.io/observabilityexporter/gethttpobservabilityexporter.md): Requires observability::read permission and Organization observability feature needs to be enabled.

### Modify HTTP-specific settings for a telemetry data exporter

 - [PUT /v2/observability-exporter/http/{id}](https://apidocs.trustgrid.io/observabilityexporter/paths/~1v2~1observability-exporter~1http~1%7Bid%7D/put.md): Requires observability::modify permission and Organization observability feature needs to be enabled.

## IDP

[Identity provider](https://docs.trustgrid.io/docs/idps/) integrations (Okta, Azure AD, Google, SAML, OIDC) for SSO authentication and user/group synchronization. Requires `identity-providers::read` permission.


### Retrieve all configured identity providers for user authentication

 - [GET /v2/idp](https://apidocs.trustgrid.io/idp/listidps.md)

### Configure a new identity provider for external user authentication

 - [POST /v2/idp](https://apidocs.trustgrid.io/idp/paths/~1v2~1idp/post.md)

### Configure OpenID Connect authentication settings for an identity provider

 - [PUT /v2/idp/openid/{idpID}](https://apidocs.trustgrid.io/idp/paths/~1v2~1idp~1openid~1%7Bidpid%7D/put.md): Requires identity-providers::modify permission.

### Configure SAML 2.0 authentication settings for an identity provider

 - [PUT /v2/idp/saml/{idpID}](https://apidocs.trustgrid.io/idp/paths/~1v2~1idp~1saml~1%7Bidpid%7D/put.md): Requires identity-providers::modify permission.

### Remove an identity provider and disable external authentication

 - [DELETE /v2/idp/{uid}](https://apidocs.trustgrid.io/idp/paths/~1v2~1idp~1%7Buid%7D/delete.md)

### Retrieve configuration details for a specific identity provider

 - [GET /v2/idp/{uid}](https://apidocs.trustgrid.io/idp/getidp.md)

### Modify authentication settings for an existing identity provider

 - [PUT /v2/idp/{uid}](https://apidocs.trustgrid.io/idp/paths/~1v2~1idp~1%7Buid%7D/put.md)

## SplunkExporter

Splunk-specific observability exporter configuration for forwarding Trustgrid telemetry to a Splunk HEC endpoint. Requires `observability::read` to view, `observability::modify` to configure. Requires `observability` feature flag.


### Retrieve Splunk-specific configuration for a telemetry data exporter

 - [GET /v2/observability-exporter/splunk/{id}](https://apidocs.trustgrid.io/observabilityexporter/getsplunkobservabilityexporter.md): Requires observability::read permission and Organization observability feature needs to be enabled.

### Modify Splunk-specific settings for a telemetry data exporter

 - [PUT /v2/observability-exporter/splunk/{id}](https://apidocs.trustgrid.io/observabilityexporter/paths/~1v2~1observability-exporter~1splunk~1%7Bid%7D/put.md): Requires observability::modify permission and Organization observability feature needs to be enabled.

### Retrieve Splunk-specific configuration for a telemetry data exporter

 - [GET /v2/observability-exporter/splunk/{id}](https://apidocs.trustgrid.io/splunkexporter/getsplunkobservabilityexporter.md): Requires observability::read permission and Organization observability feature needs to be enabled.

### Modify Splunk-specific settings for a telemetry data exporter

 - [PUT /v2/observability-exporter/splunk/{id}](https://apidocs.trustgrid.io/splunkexporter/paths/~1v2~1observability-exporter~1splunk~1%7Bid%7D/put.md): Requires observability::modify permission and Organization observability feature needs to be enabled.

## Org

Organization-level settings including [support requests](https://docs.trustgrid.io/docs/support/), notification preferences, and [shared documents](https://docs.trustgrid.io/docs/support/documents/). Requires `orgs::read` permission.


### Retrieve organization details and configuration settings

 - [GET /org/mine](https://apidocs.trustgrid.io/org/getorg.md)

## Order

[Provisioning orders](https://docs.trustgrid.io/docs/provisioning/) track the lifecycle of Trustgrid appliances from purchase through deployment. Requires `orders::read` permission.


### Retrieve all hardware provisioning orders and their current status

 - [GET /provisioning/api/v1/orders](https://apidocs.trustgrid.io/order/listorders.md): The responses for orders from this API request are not fully hydrated (eg, no nodes).

### Submit a new hardware provisioning order for appliances or agents

 - [POST /provisioning/api/v1/orders](https://apidocs.trustgrid.io/order/paths/~1provisioning~1api~1v1~1orders/post.md)

### Retrieve detailed information about a specific provisioning order

 - [GET /provisioning/api/v1/orders/{uid}](https://apidocs.trustgrid.io/order/getorder.md)

### Modify the details and requirements of an existing provisioning order

 - [PUT /provisioning/api/v1/orders/{uid}](https://apidocs.trustgrid.io/order/paths/~1provisioning~1api~1v1~1orders~1%7Buid%7D/put.md)

### Add a note or comment to track order progress and communication

 - [POST /provisioning/api/v1/orders/{uid}/comment](https://apidocs.trustgrid.io/order/paths/~1provisioning~1api~1v1~1orders~1%7Buid%7D~1comment/post.md)

### Remove priority flag from an order to normalize processing

 - [DELETE /provisioning/api/v1/orders/{uid}/flag](https://apidocs.trustgrid.io/order/paths/~1provisioning~1api~1v1~1orders~1%7Buid%7D~1flag/delete.md)

### Mark an order as high priority or requiring special attention

 - [PUT /provisioning/api/v1/orders/{uid}/flag](https://apidocs.trustgrid.io/order/paths/~1provisioning~1api~1v1~1orders~1%7Buid%7D~1flag/put.md)

## Permissions

[Role-based access control](https://docs.trustgrid.io/docs/user-management/policies/) via policies assigning permissions to users and groups. Includes a simulator to evaluate permission decisions. Requires `permissions::read` to view, `permissions::modify` to configure.


### Retrieve all access control policies and their permission rules

 - [GET /v2/policy](https://apidocs.trustgrid.io/permissions/listpolicies.md): Requires permissions::read permission.

### Create a new access control policy with specified permissions and conditions

 - [POST /v2/policy](https://apidocs.trustgrid.io/permissions/paths/~1v2~1policy/post.md): Requires permissions::modify permission.

resources is a top-level field on the policy object, not nested inside statements.

Resource names use TGRN format, e.g. tgrn:tg::nodes:node/{uid} or tgrn:tg::access-apps:app/{uid}. Use * to match all resources of a type.

Action names must match the exact permission identifier accepted by the API, e.g. nodes::configure:apigw.

### Remove an access control policy and revoke associated permissions

 - [DELETE /v2/policy/{name}](https://apidocs.trustgrid.io/permissions/paths/~1v2~1policy~1%7Bname%7D/delete.md): Requires permissions::modify permission.

### Retrieve detailed configuration of a specific access control policy

 - [GET /v2/policy/{name}](https://apidocs.trustgrid.io/permissions/getpolicy.md): Requires permissions::read permission.

### Modify permissions and conditions for an existing access control policy

 - [PUT /v2/policy/{name}](https://apidocs.trustgrid.io/permissions/paths/~1v2~1policy~1%7Bname%7D/put.md): Requires permissions::modify permission.

resources is a top-level field on the policy object, not nested inside statements.

Resource names use TGRN format, e.g. tgrn:tg::nodes:node/{uid} or tgrn:tg::access-apps:app/{uid}. Use * to match all resources of a type.

Action names must match the exact permission identifier accepted by the API, e.g. nodes::configure:apigw.

## ServiceUser

Machine accounts for API-only access, used for automation and integrations. Each service user can have API tokens generated without portal access. Requires `users::read` to view.


### Retrieve configuration details for a specific service account

 - [GET /v2/service-user/{name}](https://apidocs.trustgrid.io/serviceuser/getserviceuser.md)

### Generate new API credentials (client ID and secret) for a service account

 - [POST /v2/service-user/{name}/token](https://apidocs.trustgrid.io/serviceuser/paths/~1v2~1service-user~1%7Bname%7D~1token/post.md)

### Retrieve all API-only service accounts configured for the organization

 - [GET /v2/service-user](https://apidocs.trustgrid.io/serviceuser/listserviceusers.md)

### Create a new API-only service account with specified permissions

 - [POST /v2/service-user](https://apidocs.trustgrid.io/serviceuser/paths/~1v2~1service-user/post.md)

## Tag

[Tags](https://docs.trustgrid.io/docs/nodes/shared/tags/) are key-value metadata attached to nodes and clusters for grouping, permissions scoping, and dashboard filtering. Requires `nodes::read` to view, `nodes::tag` to modify.


### Retrieve all available metadata tags used for node and cluster organization

 - [GET /tags](https://apidocs.trustgrid.io/tag/listtags.md)

### Retrieve details and usage information for a specific tag

 - [GET /tags/{tagName}](https://apidocs.trustgrid.io/tag/gettag.md)