Proxmox VE API. Access.
- /access/users
- /access/groups
- /access/roles
- /access/domains
- /access/acl
- /access/ticket
- /access/password
/access
GET
Description: Directory index.
Permissions:
| User | Permissions | Description |
|---|---|---|
| all | N/A | N/A |
Return:
array
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| subdir | string | N/A | N/A |
Usage:
HTTP GET /api2/json/access
CLI pvesh get /access
/access/users
GET
Description: User index.
Permissions:
| User | Permissions | Description |
|---|---|---|
| all | N/A | The returned list is restricted to users where you have 'User.Modify' or 'Sys.Audit' permissions on '/access/groups' or on a group the user belongs too. But it always includes the current (authenticated) user. |
Parameters:
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| enabled | boolean | N/A | Optional filter for enable property. |  |
Return:
array
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| userid | string | N/A | N/A |
Usage:
HTTP GET /api2/json/access/users
CLI pvesh get /access/users
POST
Description: Create new user.
Permissions:
| User | Permissions | Description |
|---|---|---|
| N/A | [u'and', [u'userid-param', u'Realm.AllocateUser'], [u'userid-group', [u'User.Modify'], u'groups_param', 1]] | You need 'Realm.AllocateUser' on '/access/realm/ |
Parameters:
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| comment | string | N/A | N/A | |
| enable | boolean | N/A | Enable the account (default). You can set this to '0' to disable the accout | |
| firstname | string | N/A | N/A | |
| keys | string | N/A | Keys for two factor auth (yubico). | |
| lastname | string | N/A | N/A | |
| userid | string | pve-userid | User ID | |
| expire | integer | N/A | Account expiration date (seconds since epoch). '0' means no expiration date. | |
| groups | string | pve-groupid-list | N/A | |
| password | string | N/A | Initial password. | |
| string | email-opt | N/A | |
Return:
null
Usage:
HTTP POST /api2/json/access/users
CLI pvesh create /access/users
/access/users/{userid}
GET
Description: Get user configuration.
Permissions:
| User | Permissions | Description |
|---|---|---|
| N/A | [u'userid-group', [u'User.Modify', u'Sys.Audit']] | N/A |
Parameters:
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| userid | string | pve-userid | User ID |
Return:
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| comment | string | N/A | N/A | |
| enable | boolean | N/A | N/A | |
| firstname | string | N/A | N/A | |
| keys | string | N/A | N/A | |
| lastname | string | N/A | N/A | |
| expire | integer | N/A | N/A | |
| groups | array | N/A | N/A | |
| string | N/A | N/A | |
Usage:
HTTP GET /api2/json/access/users/{userid}
CLI pvesh get /access/users/{userid}
PUT
Description: Update user configuration.
Permissions:
| User | Permissions | Description |
|---|---|---|
| N/A | [u'userid-group', [u'User.Modify'], u'groups_param', 1] | N/A |
Parameters:
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| comment | string | N/A | N/A | |
| enable | boolean | N/A | Enable/disable the account. | |
| firstname | string | N/A | N/A | |
| keys | string | N/A | Keys for two factor auth (yubico). | |
| lastname | string | N/A | N/A | |
| userid | string | pve-userid | User ID | |
| expire | integer | N/A | Account expiration date (seconds since epoch). '0' means no expiration date. | |
| groups | string | pve-groupid-list | N/A | |
| string | email-opt | N/A | |
|
| append | boolean | N/A | N/A | |
Return:
null
Usage:
HTTP PUT /api2/json/access/users/{userid}
CLI pvesh set /access/users/{userid}
DELETE
Description: Delete user.
Permissions:
| User | Permissions | Description |
|---|---|---|
| N/A | [u'and', [u'userid-param', u'Realm.AllocateUser'], [u'userid-group', [u'User.Modify']]] | N/A |
Parameters:
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| userid | string | pve-userid | User ID |
Return:
null
Usage:
HTTP DELETE /api2/json/access/users/{userid}
CLI pvesh delete /access/users/{userid}
/access/groups
GET
Description: Group index.
Permissions:
| User | Permissions | Description |
|---|---|---|
| all | N/A | The returned list is restricted to groups where you have 'User.Modify', 'Sys.Audit' or 'Group.Allocate' permissions on /access/groups/ |
Return:
array
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| groupid | string | N/A | N/A |
Usage:
HTTP GET /api2/json/access/groups
CLI pvesh get /access/groups
POST
Description: Create new group.
Permissions:
| User | Permissions | Description |
|---|---|---|
| N/A | [u'perm', u'/access/groups', [u'Group.Allocate']] | N/A |
Parameters:
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| comment | string | N/A | N/A | |
| groupid | string | pve-groupid | N/A |
Return:
null
Usage:
HTTP POST /api2/json/access/groups
CLI pvesh create /access/groups
/access/groups/{groupid}
GET
Description: Get group configuration.
Permissions:
| User | Permissions | Description |
|---|---|---|
| N/A | [u'perm', u'/access/groups', [u'Sys.Audit', u'Group.Allocate'], u'any', 1] | N/A |
Parameters:
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| groupid | string | pve-groupid | N/A |
Return:
object
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| comment | string | N/A | N/A | |
| members | array | N/A | N/A |
Usage:
HTTP GET /api2/json/access/groups/{groupid}
CLI pvesh get /access/groups/{groupid}
PUT
Description: Update group data.
Permissions:
| User | Permissions | Description |
|---|---|---|
| N/A | [u'perm', u'/access/groups', [u'Group.Allocate']] | N/A |
Parameters:
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| comment | string | N/A | N/A | |
| groupid | string | pve-groupid | N/A |
Return:
null
Usage:
HTTP PUT /api2/json/access/groups/{groupid}
CLI pvesh set /access/groups/{groupid}
DELETE
Description: Delete group.
Permissions:
| User | Permissions | Description |
|---|---|---|
| N/A | [u'perm', u'/access/groups', [u'Group.Allocate']] | N/A |
Parameters:
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| groupid | string | pve-groupid | N/A |
Return:
null
Usage:
HTTP DELETE /api2/json/access/groups/{groupid}
CLI pvesh delete /access/groups/{groupid}
/access/roles
GET
Description: Role index.
Permissions:
| User | Permissions | Description |
|---|---|---|
| all | N/A | N/A |
Return:
array
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| roleid | string | N/A | N/A |
Usage:
HTTP GET /api2/json/access/roles
CLI pvesh get /access/roles
POST
Description: Create new role.
Permissions:
| User | Permissions | Description |
|---|---|---|
| N/A | [u'perm', u'/access', [u'Sys.Modify']] | N/A |
Parameters:
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| roleid | string | pve-roleid | N/A | |
| privs | string | pve-priv-list | N/A | |
Return:
null
Usage:
HTTP POST /api2/json/access/roles
CLI pvesh create /access/roles
/access/roles/{roleid}
GET
Description: Get role configuration.
Permissions:
| User | Permissions | Description |
|---|---|---|
| all | N/A | N/A |
Parameters:
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| roleid | string | pve-roleid | N/A |
Return:
Usage:
HTTP GET /api2/json/access/roles/{roleid}
CLI pvesh get /access/roles/{roleid}
PUT
Description: Create new role.
Permissions:
| User | Permissions | Description |
|---|---|---|
| N/A | [u'perm', u'/access', [u'Sys.Modify']] | N/A |
Parameters:
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| roleid | string | pve-roleid | N/A | |
| append | boolean | N/A | N/A | |
| privs | string | pve-priv-list | N/A |
Return:
null
Usage:
HTTP PUT /api2/json/access/roles/{roleid}
CLI pvesh set /access/roles/{roleid}
DELETE
Description: Delete role.
Permissions:
| User | Permissions | Description |
|---|---|---|
| N/A | [u'perm', u'/access', [u'Sys.Modify']] | N/A |
Parameters:
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| roleid | string | pve-roleid | N/A |
Return:
null
Usage:
HTTP DELETE /api2/json/access/roles/{roleid}
CLI pvesh delete /access/roles/{roleid}
/access/domains
GET
Description: Authentication domain index.
Permissions:
| User | Permissions | Description |
|---|---|---|
| world | N/A | Anyone can access that, because we need that list for the login box (before the user is authenticated). |
Return:
array
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| comment | string | N/A | N/A | |
| realm | string | N/A | N/A | |
| tfa | string | N/A | Two-factor authentication provider. | |
Usage:
HTTP GET /api2/json/access/domains
CLI pvesh get /access/domains
POST
Description: Add an authentication server.
Permissions:
| User | Permissions | Description |
|---|---|---|
| N/A | [u'perm', u'/access/realm', [u'Realm.Allocate']] | N/A |
Parameters:
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| comment | string | N/A | Description. | |
| domain | string | N/A | AD domain name | |
| realm | string | pve-realm | Authentication domain ID | |
| secure | boolean | N/A | Use secure LDAPS protocol. | |
| default | boolean | N/A | Use this as default realm | |
| tfa | string | pve-tfa-config | Use Two-factor authentication. | |
| user_attr | string | N/A | LDAP user attribute name | |
| base_dn | string | N/A | LDAP base domain name | |
| type | string | N/A | Realm type. | |
| port | integer | N/A | Server port. | |
Return:
null
Usage:
HTTP POST /api2/json/access/domains
CLI pvesh create /access/domains
/access/domains/{realm}
GET
Description: Get auth server configuration.
Permissions:
| User | Permissions | Description |
|---|---|---|
| N/A | [u'perm', u'/access/realm', [u'Realm.Allocate', u'Sys.Audit'], u'any', 1] | N/A |
Parameters:
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| realm | string | pve-realm | Authentication domain ID |
Return:
Usage:
HTTP GET /api2/json/access/domains/{realm}
CLI pvesh get /access/domains/{realm}
PUT
Description: Update authentication server settings.
Permissions:
| User | Permissions | Description |
|---|---|---|
| N/A | [u'perm', u'/access/realm', [u'Realm.Allocate']] | N/A |
Parameters:
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| comment | string | N/A | Description. | |
| domain | string | N/A | AD domain name | |
| realm | string | pve-realm | Authentication domain ID | |
| secure | boolean | N/A | Use secure LDAPS protocol. | |
| default | boolean | N/A | Use this as default realm | |
| tfa | string | pve-tfa-config | Use Two-factor authentication. | |
| user_attr | string | N/A | LDAP user attribute name | |
| base_dn | string | N/A | LDAP base domain name | |
| port | integer | N/A | Server port. | |
| digest | string | N/A | Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications. | |
| delete | string | pve-configid-list | A list of settings you want to delete. | |
Return:
null
Usage:
HTTP PUT /api2/json/access/domains/{realm}
CLI pvesh set /access/domains/{realm}
DELETE
Description: Delete an authentication server.
Permissions:
| User | Permissions | Description |
|---|---|---|
| N/A | [u'perm', u'/access/realm', [u'Realm.Allocate']] | N/A |
Parameters:
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| realm | string | pve-realm | Authentication domain ID |
Return:
null
Usage:
HTTP DELETE /api2/json/access/domains/{realm}
CLI pvesh delete /access/domains/{realm}
/access/acl
GET
Description: Get Access Control List (ACLs).
Permissions:
| User | Permissions | Description |
|---|---|---|
| all | N/A | The returned list is restricted to objects where you have rights to modify permissions. |
Return:
array
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| roleid | string | N/A | N/A | |
| ugid | string | N/A | N/A | |
| type | string | N/A | N/A | |
| propagate | boolean | N/A | N/A | |
| path | string | N/A | N/A |
Usage:
HTTP GET /api2/json/access/acl
CLI pvesh get /access/acl
PUT
Description: Update Access Control List (add or remove permissions).
Permissions:
| User | Permissions | Description |
|---|---|---|
| N/A | [u'perm-modify', u'{path}'] | N/A |
Parameters:
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| users | string | pve-userid-list | List of users. | |
| roles | string | pve-roleid-list | List of roles. | |
| propagate | boolean | N/A | Allow to propagate (inherit) permissions. | |
| groups | string | pve-groupid-list | List of groups. | |
| path | string | N/A | Access control path | |
| delete | boolean | N/A | Remove permissions (instead of adding it). | |
Return:
null
Usage:
HTTP PUT /api2/json/access/acl
CLI pvesh set /access/acl
/access/ticket
GET
Description: Dummy. Useful for formaters which want to priovde a login page.
Permissions:
| User | Permissions | Description |
|---|---|---|
| world | N/A | N/A |
Return:
null
Usage:
HTTP GET /api2/json/access/ticket
CLI pvesh get /access/ticket
POST
Description: Create or verify authentication ticket.
Permissions:
| User | Permissions | Description |
|---|---|---|
| world | N/A | You need to pass valid credientials. |
Parameters:
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| username | string | N/A | User name | |
| realm | string | pve-realm | You can optionally pass the realm using this parameter. Normally the realm is simply added to the username |
|
| privs | string | pve-priv-list | Verify ticket, and check if user have access 'privs' on 'path' | |
| otp | string | N/A | One-time password for Two-factor authentication. | |
| path | string | N/A | Verify ticket, and check if user have access 'privs' on 'path' | |
| password | string | N/A | The secret password. This can also be a valid ticket. |
Return:
object
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| username | string | N/A | N/A | |
| CSRFPreventionToken | string | N/A | N/A | |
| ticket | string | N/A | N/A | |
Usage:
HTTP POST /api2/json/access/ticket
CLI pvesh create /access/ticket
/access/password
PUT
Description: Change user password.
Permissions:
| User | Permissions | Description |
|---|---|---|
| N/A | [u'or', [u'userid-param', u'self'], [u'and', [u'userid-param', u'Realm.AllocateUser'], [u'userid-group', [u'User.Modify']]]] | Each user is allowed to change his own password. A user can change the password of another user if he has 'Realm.AllocateUser' (on the realm of user |
Parameters:
| Name | Type | Format | Description | Optional |
|---|---|---|---|---|
| password | string | N/A | The new password. | |
| userid | string | pve-userid | User ID |
Return:
null
Usage:
HTTP PUT /api2/json/access/password
CLI pvesh set /access/password
Proxmox VE API. Cluster.
Proxmox VE API. Storage.
Proxmox VE API. Pools.
Proxmox VE API. Versions.
Proxmox VE API. Nodes.
