Juniper Apstra API
Intent-based networking API for data center automation and orchestration.
OpenAPI Specification
openapi: 3.1.0
info:
title: Juniper Networks Juniper Apstra Intent-Based Networking API
description: >-
RESTful API for Juniper Apstra, an intent-based networking platform for
automating data center network design, deployment, and operations. Apstra
abstracts network infrastructure into design blueprints with logical
models, rack types, templates, and connectivity. The platform continuously
validates that the network state matches the intended configuration and
raises anomalies when deviations occur. The API provides full access to
design resources, blueprints, device management, telemetry, and IBA
(Intent-Based Analytics) probes. Authentication uses token-based sessions
obtained via the login endpoint.
version: '4.2'
contact:
name: Juniper Networks Support
url: https://www.juniper.net/documentation/product/us/en/juniper-apstra/
license:
name: Proprietary
url: https://www.juniper.net/us/en/legal-notices.html
servers:
- url: https://{apstra_server}/api
description: Apstra server API endpoint.
variables:
apstra_server:
description: Hostname or IP address of the Apstra server.
default: apstra.example.com
security:
- authToken: []
tags:
- name: Anomalies
description: Network state anomaly detection and reporting.
- name: Authentication
description: User login, logout, and token management.
- name: Blueprints
description: >-
Blueprint lifecycle management for data center network intent, including
staging, commit, and deployment.
- name: Design
description: >-
Design resources including logical devices, interface maps, rack types,
templates, and config templates.
- name: IBA
description: Intent-Based Analytics probes and dashboards.
- name: Resources
description: >-
Resource pool management for ASN, IP, and VNI allocation.
- name: Systems
description: Managed system (device) agent lifecycle and telemetry.
paths:
/aaa/login:
post:
operationId: login
summary: Juniper Networks Authenticate and obtain token
description: >-
Authenticates with username and password, returns an authentication
token for subsequent API calls. The token must be passed in the
AuthToken header for all authenticated endpoints.
tags:
- Authentication
security: []
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- username
- password
properties:
username:
type: string
description: Apstra admin username.
password:
type: string
description: Apstra admin password.
responses:
'201':
description: Authentication successful.
content:
application/json:
schema:
type: object
properties:
token:
type: string
description: Authentication token for API access.
id:
type: string
format: uuid
description: Session identifier.
'401':
description: Invalid credentials.
/aaa/logout:
post:
operationId: logout
summary: Juniper Networks Logout and invalidate token
description: Invalidates the current authentication token.
tags:
- Authentication
responses:
'200':
description: Logout successful.
/design/logical-devices:
get:
operationId: listLogicalDevices
summary: Juniper Networks List logical devices
description: >-
Returns all logical device definitions. Logical devices represent
abstract switch models with port groups and capabilities, independent
of specific hardware vendors. They define the port layout and
capabilities used in rack type definitions.
tags:
- Design
responses:
'200':
description: Logical devices returned.
content:
application/json:
schema:
type: object
properties:
items:
type: array
items:
$ref: '#/components/schemas/LogicalDevice'
'401':
$ref: '#/components/responses/Unauthorized'
post:
operationId: createLogicalDevice
summary: Juniper Networks Create logical device
description: Creates a new logical device definition.
tags:
- Design
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/LogicalDevice'
responses:
'201':
description: Logical device created.
content:
application/json:
schema:
$ref: '#/components/schemas/LogicalDevice'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
/design/interface-maps:
get:
operationId: listInterfaceMaps
summary: Juniper Networks List interface maps
description: >-
Returns all interface maps. Interface maps bind logical device port
groups to physical device interfaces, connecting the abstract design
to specific hardware models.
tags:
- Design
responses:
'200':
description: Interface maps returned.
content:
application/json:
schema:
type: object
properties:
items:
type: array
items:
$ref: '#/components/schemas/InterfaceMap'
'401':
$ref: '#/components/responses/Unauthorized'
/design/rack-types:
get:
operationId: listRackTypes
summary: Juniper Networks List rack types
description: >-
Returns all rack type definitions. Rack types define the physical
layout of a data center rack including leaf switches, access switches,
generic systems, and their interconnections.
tags:
- Design
responses:
'200':
description: Rack types returned.
content:
application/json:
schema:
type: object
properties:
items:
type: array
items:
$ref: '#/components/schemas/RackType'
'401':
$ref: '#/components/responses/Unauthorized'
post:
operationId: createRackType
summary: Juniper Networks Create rack type
description: Creates a new rack type definition.
tags:
- Design
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/RackType'
responses:
'201':
description: Rack type created.
content:
application/json:
schema:
$ref: '#/components/schemas/RackType'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
/design/templates:
get:
operationId: listTemplates
summary: Juniper Networks List templates
description: >-
Returns all data center templates. Templates combine rack types with
spine layer definitions to create complete data center fabric designs
using leaf-spine or 3-stage Clos topologies.
tags:
- Design
responses:
'200':
description: Templates returned.
content:
application/json:
schema:
type: object
properties:
items:
type: array
items:
$ref: '#/components/schemas/Template'
'401':
$ref: '#/components/responses/Unauthorized'
/blueprints:
get:
operationId: listBlueprints
summary: Juniper Networks List blueprints
description: >-
Returns all blueprints. Blueprints are instantiations of templates
representing a specific data center network. They contain the full
network graph including nodes, links, and configuration state.
tags:
- Blueprints
responses:
'200':
description: Blueprints returned.
content:
application/json:
schema:
type: object
properties:
items:
type: array
items:
$ref: '#/components/schemas/BlueprintSummary'
'401':
$ref: '#/components/responses/Unauthorized'
post:
operationId: createBlueprint
summary: Juniper Networks Create blueprint
description: >-
Creates a new blueprint from a template. The blueprint will contain
the initial network graph based on the template design.
tags:
- Blueprints
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- label
- design
properties:
label:
type: string
description: Blueprint display name.
design:
type: string
enum:
- two_stage_l3clos
description: Blueprint design type.
init_type:
type: string
enum:
- template_reference
description: Initialization method.
template_id:
type: string
format: uuid
description: Template ID to instantiate.
responses:
'201':
description: Blueprint created.
content:
application/json:
schema:
$ref: '#/components/schemas/BlueprintSummary'
'400':
$ref: '#/components/responses/BadRequest'
/blueprints/{blueprint_id}:
get:
operationId: getBlueprint
summary: Juniper Networks Get blueprint
description: Returns details for a specific blueprint.
tags:
- Blueprints
parameters:
- $ref: '#/components/parameters/BlueprintId'
responses:
'200':
description: Blueprint returned.
content:
application/json:
schema:
$ref: '#/components/schemas/Blueprint'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
delete:
operationId: deleteBlueprint
summary: Juniper Networks Delete blueprint
description: Deletes a blueprint and its associated network graph.
tags:
- Blueprints
parameters:
- $ref: '#/components/parameters/BlueprintId'
responses:
'204':
description: Blueprint deleted.
'401':
$ref: '#/components/responses/Unauthorized'
/blueprints/{blueprint_id}/deploy:
put:
operationId: deployBlueprint
summary: Juniper Networks Deploy blueprint
description: >-
Commits and deploys staged changes in the blueprint to the physical
network devices. Generates device-specific configurations from the
intent model and pushes them to managed switches.
tags:
- Blueprints
parameters:
- $ref: '#/components/parameters/BlueprintId'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
version:
type: integer
description: Blueprint version to deploy.
description:
type: string
description: Deployment description.
responses:
'200':
description: Deployment initiated.
'400':
$ref: '#/components/responses/BadRequest'
'409':
description: Blueprint has no staged changes or version conflict.
/blueprints/{blueprint_id}/anomalies:
get:
operationId: listBlueprintAnomalies
summary: Juniper Networks List blueprint anomalies
description: >-
Returns anomalies detected in a blueprint. Anomalies represent
deviations between the intended state defined in the blueprint
and the actual state observed on network devices. Includes
configuration drift, cabling issues, and BGP session problems.
tags:
- Anomalies
parameters:
- $ref: '#/components/parameters/BlueprintId'
responses:
'200':
description: Anomalies returned.
content:
application/json:
schema:
type: object
properties:
items:
type: array
items:
$ref: '#/components/schemas/Anomaly'
'401':
$ref: '#/components/responses/Unauthorized'
/blueprints/{blueprint_id}/security-zones:
get:
operationId: listSecurityZones
summary: Juniper Networks List security zones (VRFs)
description: >-
Returns all security zones (routing zones / VRFs) configured in
the blueprint. Security zones provide network segmentation through
VRF instances on leaf switches.
tags:
- Blueprints
parameters:
- $ref: '#/components/parameters/BlueprintId'
responses:
'200':
description: Security zones returned.
content:
application/json:
schema:
type: object
properties:
items:
type: object
additionalProperties:
$ref: '#/components/schemas/SecurityZone'
'401':
$ref: '#/components/responses/Unauthorized'
/blueprints/{blueprint_id}/virtual-networks:
get:
operationId: listVirtualNetworks
summary: Juniper Networks List virtual networks
description: >-
Returns all virtual networks in the blueprint. Virtual networks
represent VLANs/VXLANs provisioned across the fabric for
workload connectivity.
tags:
- Blueprints
parameters:
- $ref: '#/components/parameters/BlueprintId'
responses:
'200':
description: Virtual networks returned.
content:
application/json:
schema:
type: object
properties:
items:
type: object
additionalProperties:
$ref: '#/components/schemas/VirtualNetwork'
'401':
$ref: '#/components/responses/Unauthorized'
/resources/asn-pools:
get:
operationId: listAsnPools
summary: Juniper Networks List ASN pools
description: >-
Returns all ASN (Autonomous System Number) pools. ASN pools are
allocated to spine and leaf switches for BGP peering in the
data center fabric.
tags:
- Resources
responses:
'200':
description: ASN pools returned.
content:
application/json:
schema:
type: object
properties:
items:
type: array
items:
$ref: '#/components/schemas/AsnPool'
'401':
$ref: '#/components/responses/Unauthorized'
post:
operationId: createAsnPool
summary: Juniper Networks Create ASN pool
description: Creates a new ASN pool with defined ranges.
tags:
- Resources
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/AsnPool'
responses:
'201':
description: ASN pool created.
content:
application/json:
schema:
$ref: '#/components/schemas/AsnPool'
'400':
$ref: '#/components/responses/BadRequest'
/resources/ip-pools:
get:
operationId: listIpPools
summary: Juniper Networks List IP pools
description: >-
Returns all IP address pools. IP pools are used to allocate
loopback addresses, fabric link subnets, and virtual network
gateways across the data center fabric.
tags:
- Resources
responses:
'200':
description: IP pools returned.
content:
application/json:
schema:
type: object
properties:
items:
type: array
items:
$ref: '#/components/schemas/IpPool'
'401':
$ref: '#/components/responses/Unauthorized'
/resources/vni-pools:
get:
operationId: listVniPools
summary: Juniper Networks List VNI pools
description: >-
Returns all VNI (VXLAN Network Identifier) pools. VNI pools
provide unique identifiers for VXLAN tunnels used in the
EVPN-VXLAN fabric overlay.
tags:
- Resources
responses:
'200':
description: VNI pools returned.
content:
application/json:
schema:
type: object
properties:
items:
type: array
items:
$ref: '#/components/schemas/VniPool'
'401':
$ref: '#/components/responses/Unauthorized'
/systems:
get:
operationId: listSystems
summary: Juniper Networks List managed systems
description: >-
Returns all systems (network devices) known to Apstra, including
their agent status, management IP, and hardware information.
tags:
- Systems
responses:
'200':
description: Systems returned.
content:
application/json:
schema:
type: object
properties:
items:
type: array
items:
$ref: '#/components/schemas/System'
'401':
$ref: '#/components/responses/Unauthorized'
/systems/{system_id}:
get:
operationId: getSystem
summary: Juniper Networks Get system details
description: Returns detailed information for a specific managed system.
tags:
- Systems
parameters:
- $ref: '#/components/parameters/SystemId'
responses:
'200':
description: System returned.
content:
application/json:
schema:
$ref: '#/components/schemas/System'
'404':
$ref: '#/components/responses/NotFound'
/blueprints/{blueprint_id}/iba/probes:
get:
operationId: listIbaProbes
summary: Juniper Networks List IBA probes
description: >-
Returns all Intent-Based Analytics probes in a blueprint. IBA probes
continuously collect and analyze telemetry data from network devices
to detect anomalies and verify intent compliance.
tags:
- IBA
parameters:
- $ref: '#/components/parameters/BlueprintId'
responses:
'200':
description: IBA probes returned.
content:
application/json:
schema:
type: object
properties:
items:
type: array
items:
$ref: '#/components/schemas/IbaProbe'
'401':
$ref: '#/components/responses/Unauthorized'
components:
securitySchemes:
authToken:
type: apiKey
in: header
name: AuthToken
description: >-
Authentication token obtained from POST /api/aaa/login. Include
in the AuthToken header for all authenticated API requests.
parameters:
BlueprintId:
name: blueprint_id
in: path
required: true
description: Blueprint unique identifier.
schema:
type: string
format: uuid
SystemId:
name: system_id
in: path
required: true
description: System unique identifier.
schema:
type: string
format: uuid
responses:
BadRequest:
description: Invalid request parameters or malformed payload.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
Unauthorized:
description: Authentication required or token expired.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
NotFound:
description: Resource not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
schemas:
Error:
type: object
properties:
errors:
type: string
description: Error message.
LogicalDevice:
type: object
properties:
id:
type: string
format: uuid
description: Logical device unique identifier.
display_name:
type: string
description: Display name for the logical device.
panels:
type: array
description: Port panel definitions.
items:
type: object
properties:
panel_layout:
type: object
properties:
row_count:
type: integer
column_count:
type: integer
port_indexing:
type: object
properties:
order:
type: string
enum:
- T-B, L-R
- L-R, T-B
start_index:
type: integer
schema:
type: string
enum:
- absolute
port_groups:
type: array
items:
type: object
properties:
count:
type: integer
description: Number of ports in the group.
speed:
type: object
properties:
unit:
type: string
enum:
- G
value:
type: integer
description: Port speed.
roles:
type: array
items:
type: string
enum:
- spine
- leaf
- peer
- access
- generic
- superspine
- unused
description: Roles the port group can fulfill.
InterfaceMap:
type: object
properties:
id:
type: string
format: uuid
description: Interface map unique identifier.
label:
type: string
description: Display label.
logical_device_id:
type: string
format: uuid
description: Associated logical device.
device_profile_id:
type: string
format: uuid
description: Associated hardware device profile.
interfaces:
type: array
items:
type: object
properties:
name:
type: string
description: Physical interface name.
mapping:
type: array
items:
type: integer
description: Logical port indices mapped to this interface.
RackType:
type: object
properties:
id:
type: string
format: uuid
description: Rack type unique identifier.
display_name:
type: string
description: Display name.
description:
type: string
description: Description of the rack type.
fabric_connectivity_design:
type: string
enum:
- l3clos
- l3collapsed
description: Fabric connectivity design pattern.
leaf_switches:
type: array
description: Leaf switch definitions in the rack.
items:
type: object
properties:
label:
type: string
logical_device_id:
type: string
format: uuid
link_per_spine_count:
type: integer
link_per_spine_speed:
type: object
properties:
unit:
type: string
value:
type: integer
redundancy_protocol:
type: string
enum:
- esi
- mlag
generic_systems:
type: array
description: Generic system (server, storage) definitions in the rack.
items:
type: object
properties:
label:
type: string
count:
type: integer
logical_device_id:
type: string
format: uuid
links:
type: array
items:
type: object
properties:
label:
type: string
target_switch_label:
type: string
link_per_switch_count:
type: integer
link_speed:
type: object
properties:
unit:
type: string
value:
type: integer
lag_mode:
type: string
enum:
- lacp_active
- lacp_passive
- static_lag
Template:
type: object
properties:
id:
type: string
format: uuid
description: Template unique identifier.
display_name:
type: string
description: Template display name.
type:
type: string
enum:
- rack_based
description: Template type.
spine:
type: object
properties:
count:
type: integer
description: Number of spine switches.
logical_device_id:
type: string
format: uuid
description: Logical device for spine switches.
rack_types:
type: array
description: Rack types included in the template.
items:
type: object
properties:
rack_type_id:
type: string
format: uuid
count:
type: integer
BlueprintSummary:
type: object
properties:
id:
type: string
format: uuid
description: Blueprint unique identifier.
label:
type: string
description: Blueprint label.
design:
type: string
description: Design type.
status:
type: string
description: Blueprint deployment status.
build_errors_count:
type: integer
description: Number of build errors.
build_warnings_count:
type: integer
description: Number of build warnings.
version:
type: integer
description: Current blueprint version.
Blueprint:
type: object
properties:
id:
type: string
format: uuid
label:
type: string
design:
type: string
version:
type: integer
nodes:
type: object
additionalProperties:
type: object
description: Blueprint graph nodes keyed by ID.
relationships:
type: object
additionalProperties:
type: object
description: Blueprint graph relationships keyed by ID.
Anomaly:
type: object
properties:
id:
type: string
format: uuid
description: Anomaly unique identifier.
type:
type: string
description: Anomaly type (e.g., config, cabling, bgp, route, liveness).
severity:
type: string
enum:
- critical
- warning
- info
description: Anomaly severity.
role:
type: string
description: Node role where the anomaly was detected.
expected:
type: string
description: Expected state value.
actual:
type: string
description: Actual observed state value.
identity:
type: object
additionalProperties:
type: string
description: Identifying attributes of the anomalous element.
SecurityZone:
type: object
properties:
id:
type: string
format: uuid
label:
type: string
description: Security zone name.
vrf_name:
type: string
description: VRF name on devices.
routing_policy_id:
type: string
format: uuid
description: Associated routing policy.
vni_id:
type: integer
description: L3 VNI for the security zone.
VirtualNetwork:
type: object
properties:
id:
type: string
format: uuid
label:
type: string
description: Virtual network name.
vn_type:
type: string
enum:
- vxlan
description: Virtual network type.
vn_id:
type: string
description: VXLAN VNI.
security_zone_id:
type: string
format: uuid
description: Parent security zone.
bound_to:
type: array
items:
type: object
properties:
system_id:
type: string
format: uuid
vlan_id:
type: integer
description: Systems and VLAN IDs where the VN is bound.
ipv4_subnet:
type: string
description: IPv4 gateway subnet in CIDR notation.
virtual_gateway_ipv4:
type: string
description: Virtual gateway IPv4 address.
AsnPool:
type: object
properties:
id:
type: string
format: uuid
display_name:
type: string
ranges:
type: array
items:
type: object
properties:
first:
type: integer
description: First ASN in the range.
last:
type: integer
description: Last ASN in the range.
status:
type: string
description: Pool usage status.
IpPool:
type: object
properties:
id:
type: string
format: uuid
display_name:
type: string
subnets:
type: array
items:
type: object
properties:
network:
type: string
description: Subnet in CIDR notation.
status:
# --- truncated at 32 KB (34 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/juniper-networks/refs/heads/main/openapi/juniper-networks-apstra-openapi.yml