REST API and Supercluster
The types of operations you can perform with the Illumio Core REST API are determined by the permissions granted to your user account by a PCE administrator.
Available Operations on Leader vs. Members
Regardless or your user's permissions, you can only perform read operations on a member, which means you can perform GET operations on members, but not any POST, PUT, or DELETE operations using the REST API.
On the leader, you can perform full CRUD (GET, POST, PUT, DELETE) operations when your user account has the permissions to do so. Other REST API requests that assist in PCE operations, such as checking a node's availability, or determining the Supercluster leader, are available on the leader and members.
REST Operation | Leader | Members |
|---|---|---|
POST, PUT, DELETE | Yes | No |
GET | Yes | Yes |
DELETE blocked traffic | Yes | Yes |
Generate a workload support report | Yes | Yes |
Asynchronous GET collections | Yes | Yes |
GET product version | Yes | Yes |
Check node availability | Yes | Yes |
Determine Supercluster leader | Yes | Yes |
During a Supercluster rolling upgrade, you can use the REST API on all PCEs except the one that is currently being upgraded. During a Supercluster simple upgrade, you cannot use the REST API until the upgrade has finished on all PCEs. For more information, see Upgrade Supercluster.
REST API Login Response
When you have deployed a PCE Supercluster and use the REST API to connect to a PCE in the Supercluster, the response indicates when the PCE is a member of the Supercluster.
For example, when you log into a PCE in a Supercluster:
GET https://my.pce.supercluster:443/api/v1/login
The response contains a JSON property named pce_cluster_type and has a value of either member or leader. For example, you see this response from a leader when you log in:
"pce_cluster_type": "leader"