DFW Postman API

DFW Postman API

Hi Everyone,

I'm running VMware NSX 3.2.2. I created custom role (security: full access, inventory: full access and the rest read-only). 

I added an AD User and bind the custom role to the user. When I create a DFW policy and rule with this AD user through the UI it works whereas when I try to create the same rule through the API with postman, i have 403 error user is not authorized.

Has someone come across this issue?


Tags (3)

Hope the below link will help:





thank you @Prakash_Karasu . i used the policy api: PATCH /policy/api/v1/infra to do that but i had the error i mentionned above?

Have you made sure to authorize before you tried to edit the rule? You can find the authentication information here (scroll down to "Request Authentication).


If your authentication is okay, have you tried a GET a request to see if that works?

In addition, your endpoint doesn't seem to be complete. If you want to create a rule, you'd use something like

PUT /policy/api/v1/infra/domains/{domain-id}/security-policies/{security-policy-id}/rules/{rule-id}
PUT /policy/api/v1/infra/domains/{domain-id}/security-policies/{security-policy-id}/rules/{rule-id}



Regarding the authentication everything is OK. When I GET a request everything is OK. 

The only is issue is when i want to PATCH a request regarding DFW.

When I change the custom role to a built-in role (security admin) the same payload works fine.

I look into the nsxapi.log and I found an ERROR message mentionning that  "incoming role null is not authorized to access API with rbac_feature domain_admin having required_permission curd".


I looked at the role-with-feature and the admin_domain required_permission value is "read".  I can't changed that.

Version history
Revision #:
1 of 1
Last update:
‎12-20-2023 02:35 AM
Updated by: