Error trying to use the NetFoundry Admin APIs to create and endpoint

I am trying to automate the way an API consumer will get access to a dark service in NetFoundry, and part of that is to create the endpoint and enroll it.

I am checking this documentation: NetFoundry API Reference

But I see two things:

  1. When I tried:
    curl ‘’ -i -X POST -H ‘Content-Type: application/json’ -H ‘Authorization: Bearer eyJraWQiOiJOaTREa3lTUWFRZjRicENzR3dTOFwvQlhwdjJJZVZBSlpKVUhUdHVLTNZPudIK1Mjehi1pZk5gvqPUAN7eeJu03CdsTX5GldF4IHV1G4C0FQ’ -d ‘{“name”:“Test Endpoint 01”,“endpointType”:“Device”,“geoRegionId”:“15095af7-689e-46c5-95bf-2772116a65c0”,“dataCenterId”:null,“haEndpointType”:“HAGW”,“o365BreakoutNextHopIp”:null,“source”:null,“syncId”:null,“syncResourceId”:null,“clientMfaEnable”:“NO”,“subscriptionId”:null,“countryId”:null,“sessionIdentityId”:null,“endpointGroupId”:null}’
    HTTP/1.1 403 Forbidden
    Date: Sat, 25 Mar 2023 18:56:48 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Vary: Origin
    Vary: Access-Control-Request-Method
    Vary: Access-Control-Request-Headers
    X-B3-TraceId: d50a480bd3f0a7d3

[{“logref”:“error”,“message”:“Client lacks authorization for the ‘create’ action on the ‘endpoint’ resource over the -null- resource path.”},{“logref”:“traceId”,“message”:“d50a480bd3f0a7d3”}]

I got that message. I am admin of this network and it seems I can’t create endpoints. I can create other things but no endpoints

I was also kind of confused since in the NetFoundry WEB UI the only two parameters that are asked when creating and endpoint are:
a) Endpoint Name
b) Attributes

  1. I found this: REST Examples -
    Which was exactly what I was looking, but couldn’t found that resource in the API documentation. My questions is if that resource exist in the API documentation and if the answer is yes, where can I find it?

And my last question is:

Are those different resources to create endpoints? What is the difference between them?

I would like to create a device type of endpoint.

Thank u

I’ve learned that this is the right call:

curl ‘’ -i -X POST
-H ‘Content-Type: application/json’
-H ‘Authorization: Bearer eyJraWQiOiJOaTREa3lTUWFRZjRicENzR3dTOFwvQlhwdjJJZVZBSlpKVUhUdHVLSWxCVT0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiI3Nm9rODUzYXRvuUEbLCBUwH3AieM5gdE8TRg’
-d ‘{“attributes”:, “networkId”: “a32b688b-d71a-4344-91e6-cd4e77dbb5ff”,“enrollmentMethod”:{“ott”: true},“name”: “client222”, “selected”:false}’

This payload:
{“attributes”:, “networkId”: “a32b688b-d71a-4344-91e6-cd4e77dbb5ff”,“enrollmentMethod”:{“ott”: true},“name”: “client222”, “selected”:false}
does create a client and generate a jwt.

I do not know that the selected element means, that is why I am looking for the API documentation. But again, with that payload I am able to create the endpoint and generate its jwt.

Thank u

Hi @borland_c

I’m happy you figured things out on your own. Just in case any other questions come up, here is a link to the NetFoundry API Reference.

There’s a very nice interactive swagger UI.

Otherwise, you can get the specs here

1 Like