Pure1 REST API 1.3

Added Organization and Street Address to
/subscription-assets endpoint.
Supported Evergreen Forever and Foundation Subscription to /subscriptions endpoint.

1.59.0

FlashArray REST API 2.38​

​​
​Secure DNS​

• ​Added ca_certificate_group​ and ca_certificate fields to request body and response.​
  • ​GET | POST | PATCH | DELETE /dns

​

​Fusion Context​

• Endpoints now contain the field context, which shows the array upon which a request was run.
  • GET | admins/policies/management-access, alerts, alert-watchers, arrays, arrays/space, arrays/tags, array-connections, audits, container-default-protections, connections, directories, file-systems, host-groups, hosts, log-targets, offloads, pods, pod-replica-links, policies, ports, protection-groups, protection-group-snapshots, realms, remote-pods, remote-protection-groups, remote-protection-group-snapshots, remote-volume-snapshots, snmp-managers, syslog-servers, volumes, volume-groups, volume-snapshots
  • ​POST | admins/policies/management-access, array-connections, connections, directories, file-systems, host-groups, hosts, offloads, log-targets, pods, pod-replica-links, policies, protection-groups, protection-group-snapshots, realms, remote-protection-groups, remote-protection-group-snapshots, remote-volume-snapshots, snmp-managers, syslog-servers, volumes, volume-groups, volume-snapshots​
  • PATCH | arrays, array-connections, container-default-protections, connections, directories, file-systems, host-groups, hosts, log-targets, pods, pod-replica-links, policies, protection-groups, protection-group-snapshots, realms, remote-protection-groups, remote-protection-group-snapshots, remote-volume-snapshots, snmp-managers, syslog-servers, volumes, volume-groups, volume-snapshots​
  • ​PUT | arrays/tags/batch, host-groups/tags/batch, hosts/tags/batch, pods/tags/batch, protection-groups/tags/batch, realms/tags/batch, volumes/tags/batch, volume-groups/tags/batch, volume-snapshots/tags/batch​
  • ​DELETE | admins/policies/management-access, arrays/tags, array-conections, connections, file-systems, host-groups, hosts, offloads, log-targets, pods, pod-replica-links, policies, protection-groups, protection-group-snapshots, realms, remote-protection-groups, remote-protection-group-snapshots, remote-volume-snapshots, snmp-managers, syslog-servers, volumes, volume-groups, volume-snapshots ​
    ​

​Fusion Fleet Lifecycle

• Added endpoints​:
  • PATCH | /fleets​
    ​

1.58.0

Added FlashBlade REST 2.16

Feature Endpoints

• Multiserver: Purity//FB 4.5.2 introduces enhanced management capabilities with the new Servers concept. Servers act as containers for configuration settings, enabling more granular management of network interfaces, Active Directory accounts, and NFS datastore configurations.

  • Added endpoints:
    • (get|post|patch|delete)_servers
    • (get|post|patch|delete)_file_system_exports
    • (post|delete)_dns
  • Enhanced endpoints:
    • (get|post|patch)_active_directory
    • (get|post|patch|delete)_dns
    • (get|post)_keytabs
    • (get|post|patch)_network_interfaces

• File System Rename: Purity//FB 4.5.2 introduces an enhancement to change file system names, including the exported file system name. With the introduction of File system exports, the mount name of a File system is decoupled from its management name. Both the names can be changed independently.

  • Enhanced endpoint:
    • patch_file_systems

• SAML 2.0 SSO Test: Purity//FB 4.5.2 introduces a new test endpoint that offers support for performing basic configuration syntax validation and checks on credentials and various URL references. When integrated with GUI interfaces, they provide an end-to-end testing experience for our management GUI SSO login.

  • Added endpoints:
    • (get|patch)_sso_saml2_idps_test

• Password Change Policies: Purity//FB 4.5.2 introduces a new endpoint for managing password policies, which is a successor of the /admins/settings endpoint - offering more configuration capabilities. For example, password history, minimum password age and more.

  • Added endpoints:
    • (get|patch)_password_policies

• Maintenance Windows: Purity//FB 4.5.2 introduces a new endpoint that allows a user to manage Maintenance Windows. When it is active, some alerts are suppressed by the system.

  • Added endpoints:
    • (get|post|delete)_maintenance_windows

• Diagnostics: Purity//FB 4.5.2 introduces new endpoints that offer support for users to trigger diagnostic tasks on the system and find if there are any issues. Using details, the user can get more insights into which test failed and what could be the probable reason and remediation (in some cases).
  For this release the last 10 results will be shown.
  For Software-checks:
  New endpoints offer support for the user to trigger pre-upgrade checks to see if their system is ready to upgrade to a different Purity OS version.
  For this release, that last 10 results will be shown.

  • Added endpoints:
    • (get|post)_support_diagnostics
    • get_support_diagnostics_details
    • (get|post)_software_check

• Wolverine policy and space reporting: Wolverine is the project to introduce a new storage system with the separation of cold and hot storage “tiers” within the same system. This is the response to the highly requested feature by customers to “tier” their data.

  • Added endpoints:
    • get_arrays_space_storage_classes
  • Enhanced endpoints:
    • get_arrays_space
    • get_buckets
    • get_object_store_accounts
    • (get|patch)_file_systems

• Display MAC Addresses: The goal of this feature is to display management and data MAC addresses for ethernet ports so customers can use the information for troubleshooting purposes.

  • Enhanced endpoints:
    • get_hardware

• Deprecate DS SMB config: Deprecation of Samba adapter config in DS.

  • Enhanced endpoints:
    • get_directory_services

1.57.0

Added FlashArray REST 2.37

CA certificate Field

Updates the maximum length of the ca_certificated field to 3000.

Added endpoints:

• GET | PATCH directory-services

Interactive Software Upgrades

Introduces the ability to customize upgrade parameters to change the behavior of a Purity upgrade.

Added endpoints

• GET | POST | PATCH | software-installations

Async Target to User Pod

Helps customers organize their async target easily. It can also support vvol features. Allows asynchronous replication to the user pod, enhancing data mobility and protection workflows. Includes the addition of a new \suspended\ status for pgroup targets, as well as a new “status” field for pgroup targets.

Added endpoints

• GET | POST | PATCH | DELETE protection-groups/targets

1.56.0

Added FlashArray REST 2.36

Purity//FA 6.6.11 also introduces FlashArray REST API 2.36, which includes new and modified endpoints.

Ignore Usage

Introduces ignore_usage query parameter to the PATCH realms API, which sets a quota limit lower than current usage. This ensures that no new volumes can be created/pods can be moved in until the existing usage drops below the quota_limit.

Defaults to false if not specified.

Updated endpoint:

• PATCH | realms

Pod Members

The pods/arrays endpoint is replaced by pods/members.

The new endpoint contains a field member_type with possible values arrays or realms.

This field is used to determine whether the pods/members endpoint is working with arrays or realms.

Deprecated endpoint:

• pods/arrays (use pods/members instead)

Added endpoint:

• GET | POST | DELETE pods/arrays/members

API Client Admin Policies

API clients now have more granular permissions, provided in the access_policies field. This can be used to restrict their access only to certain realms.

Added endpoints:

• DELETE | PATCH /api-clients: Enable or disable api clients

• GET /api-clients: Retrieve api client, containing access_policies

Multi-Tenancy (Realms and Servers)

Introducing realms.

The GET realms/performance endpoint displays real-time and historical performance data, real-time latency data,and average I/O sizes across all realms,displayed both by realm and as a total across all realms.

The GET realms/space endpoint displays provisioned size and storage consumption data for each realm on the local array.

New Query parameters for realms, pods and volume-groups:

• destroy_contents for PATCH /realms, /pods and /volume-groups. Allows destroying of the entity along with everything inside in a single command.

• eradicate_contents for DELETE /realms, /pods and /volume-groups. Allows eradication of the entity along with everything inside in a single command.

Added endpoints:

• GET realms/performance

• GET realms/space

• GET | POST | PATCH | DELETE realms

Host and Hgroup in Realm

Hosts and host groups can now exist inside a realm and can be implicitly destroyed, in case their containing realm gets destroyed. If marked as destroyed, hosts and host groups will have time_remaining with the same value as their containing realm.

New fields for /host-groups and /hosts endpoints:

• destroyed: true if the containing realm is also destroyed, false otherwis

• time_remaining: time remaining to eradication. Value taken from containing realm

Tenant and Scoped RBAC

Expand role based access control with the ability to specify which resources each role can interact with, effectively moving towards policy based access control.

Added endpoints:

• GET | POST | DELETE /admins/policies/admin-access

• POST /directory-services/roles

• GET | POST | DELETE /directory-services/roles/policies/admin-access

• GET | POST | DELETE /policies/admin-access

• GET /policies/admin-access/effective-capabilities

• GET | POST | DELETE /policies/admin-access/members

• POST | DELETE /directory-services/roles

Fleet Create, Join, Leave, and List Remote Arrays

Adds the ability to work with fleets. A fleet is a collection of Regions, Availability Zones, and Arrays.

Also adds an endpoint to retrieve remote arrays. This provides the ability to list and manage all the remote arrays known to an array.

Added endpoints:

• GET | POST | PATCH | DELETE /fleets

• GET | POST /fleets/fleet-keys

• GET | POST | DELETE /fleets/members

• GET /remote-arrays

SafeMode Under /support-diagnostics

Enables checking whether safe mode is enabled. Possible responses are enabled, disabled, and in use.

Added endpoint:

• GET | support/diagnostics/details

Support for Certificate Groups

Support added for certificate groups.

Added endpoints:

• GET | POST | DELETE /certificates/certificate-groups

• GET | POST | DELETE /certificate-groups

• GET | POST | DELETE /certificate-groups/certificates

Diagnostics Signals

puresupport signals are added to a new endpoint:

Added endpoint:

• GET | PATCH support/diagnostics/settings

NVMe/ROCE Statistics

Displays NVMe/ROCE statistics via purenetwork monitor

Updated endpoint:

• GET | /network/interfaces/performance

1.55.0

Added FlashBlade REST 2.15

Feature Endpoints

• SAML 2.0 SSO: Purity//FB 4.5.0 introduces support for single sign-on (SSO) integration with the Microsoft® Active Directory Federation Services (AD FS), Okta, Azure Active Directory (Azure AD), and Duo Security via the SAML 2.0 protocol. When SAML 2.0 SSO is configured and enabled, all user logins to the Purity//FB GUI are redirected to the identity provider (IdP) login page for single sign-on.

  • Added endpoints:
    • (get|post|patch|delete)_sso_saml2_idps

• Local Users for Administration: Purity//FB 4.5.0 introduces the ability to provision new local users. Local users can be created and configured directly on the FlashBlade by array administrators and cannot share the same names as LDAP users. Up to 100 local users can be created. During creation, local users are assigned one of four roles allowing varying privileges on the FlashBlade. Local users can use SSH keys, SSH certificates, API tokens, and other features that the pureuser credential can use to login. This feature supports new requests, POST and DELETE, for the /admins endpoint to create users. The PATCH request also now supports modifying local user roles.

  • Added endpoints:
    • (post|delete)_admins
  • Enhanced endpoint:
    • patch_admins

• Encrypted Email Traffic (SMTP over TLS): With Purity//FB 4.5.0, encryption for alert routing is Opportunistic TLS and enforced when StartTLS is configured for the relay host. The external SMTP relay server must support TLS 1.2 or above. The PATCH /smtp request now supports the "encryption_mode" field.

  • Enhanced endpoint:
    • patch_smtp

• Metadata Space Reporting: Purity//FB 4.5.0 improves space accounting information with the introduction of the display of metadata space (shared space) usage. The GET /arrays/space request now includes a "shared" field.

  • Enhanced endpoint:
    • get_arrays_space

• Filesystem WORM (write once read many): Purity//FB 4.5.0 introduces the File System WORM support. The goal of this feature is that data stored on Pure Storage files is considered immutable. Authorized users are able to read the data as often as is needed but no users (including the Pure FlashBlade Administrator) are allowed to change it once WORM is enabled.

  • Added endpoints:
    • (get|post|patch|delete)_worm_data_policies
    • get_worm_data_policies_members
    • get_file_systems_worm_data_policies
  • Enhanced endpoint:
    • post_file_systems

• Port-Speed: The lane-speed field for purehw connector ... commands is ambiguous as some higher speeds (e.g. 200 Gbps /400 Gbps both) use 50 Gbps. Purity//FB 4.5.0 now shows port-speed in addition to lane-speed in the output of the purehw connector ... commands.

  • Enhanced endpoints:
    • get_hardware_connectors

1.54.0

Added FlashArray REST 2.35

Feature Endpoints:

• Remote Assist Duration - Pure Support can set the duration of a remote assist session:

  • Enhanced PATCH /support - new attribute (request + response) remote_assist_duration - duration is in milliseconds

• File Audit Endpoints - File Audit Logging and Notification feature provides data-path access logs for Files (over SMB):

  • New endpoint (GET+POST+DELETE): /directories/policies/audit-file
  • New endpoint (GET): /log-targets
  • New endpoint (GET+PATCH+POST+DELETE): /log-targets/file
  • New endpoint (GET+PATCH+POST+DELETE): /log-targets/syslog
  • New endpoint (GET+PATCH): /log-targets/syslog/settings
  • New endpoint (GET): /log-targets/syslog/test
  • New endpoint (GET+PATCH+POST+DELETE): /policies/audit-file
  • New endpoint (GET+POST+DELETE): /policies/audit-file/members

• Virtual Machine Volume Snapshots - an endpoint has been added to enable querying virtual machine volume snapshots:

  • New endpoint (GET): /virtual-machine-volume-snapshots

1.53.0

Added FlashArray REST 2.34

Feature Endpoints:

• New Password Policy feature, which allows to use multiple password policies
  • New endpoint (GET+PATCH): /policies/password
• Deprecate field "other_errors" in /network-interfaces/performance
  • The field will return value "null" since purity 6.6.8
• Enable filtering of arrays, hosts and hgroups based on custom tags
  • New endpoint (GET+DELETE): /arrays/tags
  • New endpoint (PUT): /arrays/tags/batch
  • New endpoint (GET+DELETE): /host-groups/tags
  • New endpoint (GET+DELETE): /host-groups/tags/batch
  • New endpoint (GET+DELETE): /hosts/tags
  • New endpoint (PUT): /hosts/tags/batch
• Move "footprint" field inside "space" object
  • Original "footprint" field will be deprecated
  • Affects all objects that contains "space"
• FlashArray factory reset
  • Step1: Authorizing Factory Reset
    • POST /arrays/factory-reset-token?[skip_phonehome_check=true]
  • Step2: Executing Factory Reset
    • POST /arrays/erasures?factory_reset_token=4671919&eradicate_all_data=true&preserve_configuration_data=all
  • Step3: Check the completion of apartment reset and Retrieve Certificate of Sanitization
    • GET /arrays/erasures
  • Step4: Finalize Factory Reset
    • PATCH /arrays/erasures?finalize=true&factory_reset_token=4671919&eradicate_all_data=true&reinstall_image=true/false
• Add "quarantined" as a potential value for "Status" field in the output of GET /array-connections/path

1.52.0

Added FlashBlade REST 2.14

General enhancement

• Added X-Request-ID header to all endpoints.

Feature Endpoints

• Remote Assist Custom Duration: When enabling remote assist, users are able to specify how long they want their session to last for, with the default being 24h (where it was unconfigurable 48h every time before).

  • Enhanced endpoints:
    • patch_support

• Directory Service Multi-group Role Mapping: Supports mapping multiple directory service groups to a given admin role.

  • Added endpoints:
    • (post|delete)_directory_services_roles
  • Enhanced endpoints:
    • (get|patch)_directory_services_roles

• SSH Certificate Support: Supports logging into the array with SSH certificates instead of public key/private key pairs

  • Added endpoints:
    • (get|post|delete)_public_keys
    • get_public_keys_uses
    • (get|post|delete)_ssh_certificate_authority_policies
    • (get|post|delete)_ssh_certificate_authority_policies_admins
    • (get|post|delete)_ssh_certificate_authority_policies_arrays
    • (get|post|delete)_admins_ssh_certificate_authority_policies
    • (get|post|delete)_arrays_ssh_certificate_authority_policies

• Audit Logging: File Audit Logging and Notification feature provides data-path access logs for Files (over SMB).

  • Added endpoints:

    • (get|post|patch|delete)_audit_file_systems_policies
    • (get|post|delete)_audit_file_systems_policies_members
    • (get|post|delete)_file_systems_audit-policies

  • Enhanced endpoints:

    • (get|post|patch)_syslog_servers

• Per-Bucket Safemode: Supports SafeMode configuration at the bucket level while maintaining most of the original SafeMode semantics. Added a new option safemode for object_lock_config.default_retention_mode which is available if global Per-Bucket Safemode config is enabled

  • Enhanced endpoints:
    • (get|post|patch)_buckets

• Automatic Eradication for Retention-Based Buckets: Supports automatic eradication for WORM-protected buckets (WORM-2). Added a new retention-mode for Object Lock.

  • Enhanced endpoints:
    • (get|post|patch)_buckets

• Permanent Retention Lock for Object: FB Object supports permanent retention lock for strict 17a-4 WORM compliance. Added a new time_remaining_status field.

  • Enhanced endpoints:
    • (get|post|patch)_buckets

Added FlashArray REST 2.33

• POST /volumes/batch now allows parameter allow_throttle
  • This parameter will preemptively fail the operation if array health is not deemed sufficient for the task of copying volumes
• /volumes now newly contain protocol_endpoint, which contains vcversion
  • GET /volumes?filter=subtype=protocol-endpoint
  • PATCH /volumes?names=PE1
  • POST also allows protocol-endpoint parameter in the body
• New endpoint /vchost-connections added to manage ACLs (Access Control Policy) relating to vchosts and protocol endpoints
  • POST /vchost-connections?protocol_endpoint_names=pe1&vchost_names=vchost1
  • GET /vchost-connections?vchost_names=vchost1&protocol_endpoint_names=pe1
  • DELETE /vchost-connections?vchost_names=vchost1&protocol_endpoint_ids=pe-id-1
• New endpoint /volumes/batch/test which attempts to copy multiple volumes without actually doing so
  • Usage is the same as /volumes/batch
• Array connections now support encryption of traffic using TLS 1.3. This feature is inactive unless explicitly turned on. 
  • GET /array-connections/path
  • GET /array-connections/connection-key
• Vchost endpoints and certificates now contain a new field is_local
  • GET/POST/PATCH/DELETE /vchosts/certificates
  • GET/POST/PATCH/DELETE /vchosts/endpoints
• Add ability to create "groups" of email addresses that can subscribe/unsubscribe to specific alert codes and/or categories.
  • GET /policies/alert-watcher
  • POST /policies/alert-watcher
    • Creates one or more alert-watcher policies
    • To copy a policy, set one of either source_names or source_ids
  • PATCH /policies/alert-watcher
    • To enable a policy, set enabled=true. To disable a policy, set enabled=false
    • To rename a policy, set name to the new name
  • DELETE /policies/alert-watcher
  • GET/POST/PATCH/DELETE /policies/alert-watcher/rules
  • GET /policies/alert-watcher/members
  • POST /policies/alert-watcher/members
    • Creates a membership between one or more resources and an alert-watcher policy. The only applicable option right now is array
  • PATCH /policies/alert-watcher/members
  • DELETE /policies/alert-watcher/members
  • GET /policies/alert-watcher/rules/test
    • Test an alert-watcher policy rule's contact information to verify alert notifications can be sent and received.
• /smtp-servers response now contains encryption_mode
  • Filled in in case server uses TLS, null otherwise