A10 Harmony API

A10 Harmony Controller is the central management platform for A10 products. The controller exposes APIs for all the configuration and management tasks as well getting analytics data. These APIs are called A10 Harmony API.

A10 Harmony API provide RESTful interface and use JSON as data exchange format. All API calls work on secure HTTP (HTTPS) protocol and is authenticated. API micro-service of Harmony Controller serves the APIs. This is different from the micro-service that serves Harmony Portal. Base URL of API server must be prepended to the URI of the specific API before making the API call.

<API Server URL>/<API URI>

In this example,

API Server URL:https//api.a10networks.com/api/v2
API URI:/session

The Basics

A10 Harmony API follow the principles of REST APIs and have objects and their properties. Each object has a rest endpoint and support common methods GET, POST, PUT and DELETE.

REST Interface

GET call on the collection lists all the objects in the collection.

GET /{object_collection}
GET /applications

POST call on collection adds new object in the collection.

POST /{object_collection}
POST /applications

GET, PUT and DELETE calls on individual object read, update and delete the object respectively.

DELETE /{object_collection}/{object_name}
DELETE /applications/MyApp

For nested objects, URIs extend as per hirarachy.

GET /{parent_object_collection}/{parent_object_name}/{child_object_collection}/{child_object_name}
GET /applications/MyApp/hosts/default-host

Data Input

The APIs accept data in form of JSON objects. In this documentation, request object and well as JSON schema is provided for each API call. In some cases (mostly GET or DELETE calls), sending data may not be required.

  "name": "MyServiceEndpoint",
  "description": "Some Description"


Other than standard HTTP headers, Harmony APIs require some customer headers. One custom header is used for authentication purpose. Other headers are required for Provider and Tenant information. Content-Type header is also required to be set to correct value (application/json) as input data is in JSON format.

'provider": MyProvider'
'Content-Type: application/json'
'Access-Control-Allow-Origin: controller.mydomain.com'

Authentication and Authorization

Each API call is authenticated and checked for authorization before it is accepted by the controller. Encrypted credentials of the user or a session token is required to be sent with each API call for the purpose of Authentication and authorization. This is done via “Authorization” header.

Two schemes of Authorization are supported - Basic and Session.

'Authorization: Basic YWtzaGF5QGFwcGNpdG8ubmV0OndlbGNvbWUxMjM='

Value of Basic Authorization header is constructed with base64 encoded value of user credential string. User credential string is created by concatenating username and password separated with a colon (:).


Value of Session Authorization header is constructed with the session ID obtained from controller in return of a ‘sessions’ API call.

'Authorization: Session b9629bb9-1bae-4a03-a59e-2737246f7697'