The group id is a unique identifier. You can call every group the exact same name but the identifier has to be different. Thats how it's been in my experience.

So for example using the exmaple in the API document

PUT https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup { "expression": [ { "member_type": "VirtualMachine", "value": "webvm", "key": "Tag", "operator": "EQUALS", "resource_type": "Condition" } ], "description": "web group", "display_name": "web group", "_revision":0 }

PUT https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup1 { "expression": [ { "member_type": "VirtualMachine", "value": "webvm", "key": "Tag", "operator": "EQUALS", "resource_type": "Condition" } ], "description": "web group", "display_name": "web group", "_revision":0 }

You need a unique ID for each group you add otherwise it'll overwrite the previous group.

Pretty much every API you query is looking for that ID. Below is the API to add a rule  

PUT https://<policy-mgr>/policy/api/v1/infra/domains/vmc/security-policies/application-section-1 { "description": "comm map", "display_name": "application-section-1", "category": "Application", "rules": [ { "description": " comm entry", "display_name": "ce-1", "sequence_number": 1, "source_groups": [ "/infra/domains/vmc/groups/webgroup" ], "destination_groups": [ "/infra/domains/vmc/groups/webgroup1" ], "services": [ "/infra/services/HTTP", "/infra/services/CIM-HTTP" ], "action": "ALLOW" } ] }

If it wasn't unique you'd never be able to reference it since you wouldn't know what you're calling.

Thank you very much for the detailed response. That helps!

No problem, I hope it's clear! Group ID must be unique for the security groups but they can all share the same display_name if you wanted. If this has helped you solve your issue please mark as solved.