YANG-API ProtocolYumaWorksandy@yumaworks.comTail-f Systemsmbj@tail-f.com
This document describes a RESTful protocol that provides
a programmatic interface over HTTP for accessing data
defined in YANG, using the datastores defined in NETCONF.
There is a need for standard mechanisms to allow WEB applications
to access the configuration data, operational data, and
data-model specific protocol operations within
a networking device, in a modular and extensible manner.
This document describes a RESTful protocol called YANG-API,
running over HTTP , for accessing data defined
in YANG , using datastores defined in NETCONF .
The NETCONF protocol defines configuration datastores and
a set of Create, Retrieve, Update, Delete (CRUD) operations
that can be used to access these datastores. The YANG language
defines the syntax and semantics of datastore content
and operational data. RESTful operations are used to
access the hierarchical data within a datastore.
A RESTful API can be created that provides CRUD operations on a
NETCONF datastore containing YANG-defined data. This can be done in a
simplified manner, compatible with HTTP and RESTful design principles.
Since NETCONF protocol operations are not relevant, the user should
not need any prior knowledge of NETCONF in order to use the RESTful
API.
Configuration data and state data are exposed as resources that
can be retrieved with the GET method.
Resources representing configuration data
can be modified with the DELETE, PATCH, POST, and PUT methods.
Data-model specific protocol operations defined with
the YANG "rpc" statement can be invoked with the POST method.
The framework and meta-model used for a RESTful API does not need to
mirror those used by the NETCONF protocol. It just needs to be compatible
with NETCONF. A simplified framework and protocol is needed
that utilizes the three NETCONF datastores (candidate, running, startup),
but hides the complexity of multiple datastores from the client.
A simplified transaction model is needed that allows basic
CRUD operations on a hierarchy of conceptual resources.
This represents a limited subset of the transaction capabilities
of the NETCONF protocol.
Applications that require more complex transaction capabilities
might consider NETCONF instead of YANG-API. The following
transaction features are not provided in YANG-API:
datastore locking (full or partial)
candidate datastore
validate operation
confirmed-commit procedure
The RESTful API is not intended to replace NETCONF, but rather provide
an additional simplified interface that follows RESTful principles and
is compatible with a resource-oriented device abstraction. It is
expected that applications that need the full feature set of NETCONF
such as notifications will continue to use NETCONF.
The following figure shows the system components:
YANG-API combines the simplicity of a RESTful API over HTTP
with the predictability and automation potential
of a schema-driven API.
A RESTful client using YANG-API will not use any data modelling
language to define the application-specific content
of the API. The client would discover each new child
resource as it traverses the URIs return as Location IDs
to discover the server capabilities.
This approach has 3 significant weaknesses wrt/ control
of complex networking devices:
inefficient performance: configuration APIs will be quite
complex and may require thousands of protocol messages to
discover all the schema information. Typically the
data type information has to be passed in the protocol messages,
which is also wasteful overhead.
no data model richness: without a data model, the schema-level
semantics and validation constraints are not available to the application.
Data model modules such as YANG modules serve as an "API contract"
that will be honored by the server. An application designer
can code to the data model, knowing in advance important details
about the exact protocol operations and datastore content
a conforming server implementation will support.
no tool automation: API automation tools need some sort of
content schema to function. Such tools can automate
various programming and documentation tasks related
to specific data models.
YANG-API provides the YANG module capability information supported by the
server, in case the client wants to use it.
The URIs for custom protocol operations and datastore content
are predictable, based on the YANG module definitions.
Note that the YANG modules and predictable URIs are optional
to use by the client. They can be completely ignored without
any loss of protocol functionality.
Operational experience with CLI and SNMP indicates that
operators learn the 'location' of specific service
or device related data and do not expect such information
to be arbitrary and discovered each time the
client opens a management session to a server.
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14, .
The following terms are defined in :
candidate configuration datastore
client
configuration data
datastore
configuration datastore
protocol operation
running configuration datastore
server
startup configuration datastore
state data
user
The following terms are defined in :
entity tag
fragment
header line
message body
method
path
query
request URI
response body
The following terms are defined in :
container
data node
key leaf
leaf
leaf-list
list
presence container (or P-container)
RPC operation (now called protocol operation)
non-presence container (or NP-container)
ordered-by system
ordered-by user
The following terms are used within this document:
API resource: a resource with the media type
"application/vnd.yang.api+xml" or ""application/vnd.yang.api+json".
data resource: a resource with the media type
"application/vnd.yang.data+xml" or "application/vnd.yang.data+json".
datastore resource: a resource with the media type
"application/vnd.yang.datastore+xml" or
"application/vnd.yang.datastore+json"
edit operation: a YANG-API operation on a data resource
using the POST, PUT, PATCH, or DELETE method.
operation: the conceptual YANG-API operation for a message, derived from the
method, request URI, headers, and message body.
operation resource: a resource with the media type
"vnd.yang.operation+xml" or "vnd.yang.operation+json"
optional key: a key leaf for a YANG list data node,
which MAY be omitted by the client when an instance of the list
is created.
query parameter: a parameter (and its value if any),
encoded within the query portion of the request URI.
resource: a conceptual object representing a manageable
component within a device.
retrieval request: an operation using the GET or HEAD methods.
target resource: the resource that is associated with
a particular message, identified by the "path" component
of the request URI.
This document defines the YANG-API protocol, a RESTful API for accessing
conceptual datastores containing data defined with YANG language.
YANG-API provides an application framework and meta-model,
using HTTP operations.
The YANG-API resources are accessed via a set of
URIs defined in this document.
The set of YANG modules supported by the server
will determine the additional data model specific operations
and top-level data node resources available on the server.
The URI hierarchy for the YANG-API resources
consists of an entry point
and up to 4 top-level resources and/or fields.
Refer to for details on each URI.
The examples within this document use the non-normative
example YANG module defined in .
This section shows some typical YANG-API message exchanges.
By default, when a resource is retrieved, all of its fields are
returned, but none (if any) of the nested resources are
returned. Also, the default encoding is JSON. Data resources are
encoded according to the encoding rules in .
The client starts by retrieving the top-level
API resource, using the entry point URI "/yang‑api".
The server might respond as follows.
The "module" lines below are split for display
purposes only:
To request that the response content to be encoded in XML,
the "Accept" header can be used, as in this example request:
An alternate approach is provided using the "format" query
parameter, as in this example request:
The server will return the same response either way,
which might be as follows :
Refer to for details on the GET operation.
To create a new "jukebox" resource, the client might send:
If the resource is created, the server might respond:
To create a new "artist" resource within the "jukebox"
resource, the client might send the following request,
Note that the arbitrary integer "index" is not provided,
since it is an optional key:
If the resource is created, the server might respond:
To create a new "album" resource for this artist within the "jukebox"
resource, the client might send the following request,
If the resource is created, the server might respond
as follows. Note that the "Location" header line is wrapped
for display purposes only:
Refer to for details on the POST operation.
Note: replacing a resource is a fairly drastic operation.
The PATCH operation is often more appropriate.
The album sub-resource is re-added here for example
purposes only.
To replace the "artist" resource contents,
the client might send:
If the resource is updated, the server might respond:
Refer to for details on the PUT operation.
To replace just the "year" field in the "album" resource,
the client might send:
If the resource is updated, the server might respond:
Refer to for details on the PATCH operation.
To delete a resource such as the "album" resource,
the client might send:
If the resource is deleted, the server might respond:
Refer to for details on the DELETE operation.
To invoke a data-model specific operation via an
operation resource, the POST operation is used.
A client might send a "backup‑datastore" request as follows:
The server might respond:
Refer to for details on using the POST operation
with operation resources.
The YANG-API protocol defines a framework
that can be used to implement a common API for
configuration management. This section describes
the components of the YANG-API framework.
The YANG-API protocol uses HTTP entities for messages.
A single HTTP message corresponds to a single protocol operation.
A message can perform a single task on a single resource,
such as retrieving a resource or editing a resource. It cannot be used
to combine multiple tasks. The client cannot provide
multiple (possibly unrelated) edit operations within a single request,
like the NETCONF <edit‑config> protocol operation.
The YANG-API protocol operates on a hierarchy of resources,
starting with the top-level API resource itself. Each resource represents
a manageable component within the device.
A resource can be considered a collection of conceptual data
and the set of allowed operations on that data. It can contain
child nodes that are either "fields" or other resources.
The child resource types and operations allowed on them
are data-model specific.
A resource has its own media type identifier, represented
by the "Content‑Type" header in the HTTP response message.
A resource can contain zero or more fields and zero or
more resources. A resource can be
created and deleted independently of its
parent resource, as long as the parent resource exist.
A field is a child node defined within a resource.
A field can contain zero or more fields and zero or
more resources. A field cannot be
created and deleted independently of its parent resource.
All YANG-API resources and fields are defined in this document except
datastore contents and protocol operations. These resource types are
defined with YANG data definition statements and the "rpc" statement.
A default mapping is defined to differentiate sub-resources from fields
within data resources.
The YANG-API protocol defines some application specific media types
to identify each of the available resource types. The following table
summarizes the purpose of each resource.
ResourceMedia TypeAPIapplication/vnd.yang.apiDatastoreapplication/vnd.yang.datastoreDataapplication/vnd.yang.dataOperationapplication/vnd.yang.operation
These resources are described in .
A client SHOULD start by retrieving the top-level
API resource, using the entry point URI "/yang‑api".
The YANG-API protocol does not include a
resource discovery mechanism. Instead, the definitions
within the YANG modules advertised by the server
are used to construct a predictable operation or data
resource identifier.
The "depth" query parameter can be used to control how many
descendant levels should be included when retrieving
sub-resources. This parameter can be used with the GET operation
to discover sub-resources within a particular resource.
Refer to for more details on the "depth" parameter.
A conceptual "unified datastore" is used to simplify resource
management for the client. The YANG-API datastore is a
combination of the running configuration and any
non-configuration data supported by the device.
By default only configuration data is returned
by a GET operation on the datastore contents.
The underlying NETCONF datastores can be used
to implement the unified datastore, but the server design
is not limited to the exact datastore procedures defined
in NETCONF.
The "candidate" and "startup" datastores are not visible
in the YANG-API protocol. Transaction management and
configuration persistence are handled by the server
and not controlled by the client.
The YANG-API protocol operates on a conceptual datastore defined with
the YANG data modeling language. The server lists each YANG module it
supports in the "/yang‑api/modules/module" field in the
top-level API resource type, using the YANG module capability
URI format defined in RFC 6020.
The conceptual datastore contents and data-model-specific
operations are identified by the set of
YANG module capability URIs. All YANG-API content identified
as either a data resource or an operation resource
is defined with the YANG language.
The classification of data as configuration or
non-configuration is derived from the YANG "config" statement.
Data retrieval with the GET operation can be filtered
in several ways, including the "config" parameter
to retrieve configuration or non-configuration data.
The classification of data as a resource or field within
a resource is derived from the rules specified in .
Data ordering behavior is derived from the YANG "ordered‑by"
statement. Editing mechanisms are provided to allow
list or leaf-list resources to be inserted or moved
in the same manner as NETCONF, and defined in YANG.
The server is not required to maintain system ordered data
in any particular persistent order. The server SHOULD
maintain the same data ordering for system ordered data
until the next reboot or termination of the server.
The YANG-API datastore editing model is simple and direct,
similar to the behavior of the ":writable‑running"
capability in NETCONF.
Each YANG-API edit of a datastore resource is
activated upon successful completion of the transaction.
It is an implementation-specific matter how the server
accomplishes a YANG-API edit request. For example,
a server which only accepts edits through a candidate
datastore may internally edit this datastore and perform
the "commit" operation automatically.
Applications which need more control over the editing model
might consider using NETCONF instead of YANG-API.
Sometimes a server does not implement every operation
for every resource. Sometimes data model requirements
cause a node to implement a subset of the edit operations.
For example, a server may not allow modification of a
particular configuration data node after the
parent resource has been created.
The OPTIONS operation can be used to identify which
operations are supported by the server for a particular
resource. For example, if the server will allow a data resource
node to be created then the POST operation will be
returned in the response.
Two "edit collision detection" mechanisms are provided
in YANG-API, for datastore and data resources.
timestamp: the last change time is maintained and the
"Last‑Modified" and "Date" headers are returned in the
response for a retrieval request.
The "If‑Unmodified‑Since" header can be used
in edit operation requests to cause the server
to reject the request if the resource has been modified
since the specified timestamp.
entity tag: a unique opaque string is maintained and
the "ETag" header is returned in the
response for a retrieval request.
The "If‑Match" header can be used
in edit operation requests to cause the server
to reject the request if the resource entity tag
does not match the specified value.
Note that the server is only required to maintain these fields
for a datastore resource, not for individual data resources.
Example:
In this example, the server just supports the
mandatory datastore last-changed timestamp.
The client has previously retrieved the "Last‑Modified"
header and has some value cached to provide in
the following request to replace a list entry
with key value "11":
In this example the datastore resource has changed
since the time specified in the "If‑Unmodified‑Since"
header. The server might respond:
Datastore locking is not provided by YANG-API.
An application that needs to make several changes
to the running configuration datastore
contents in sequence, without disturbance from other clients
might consider using the NETCONF protocol instead of YANG-API.
Each YANG-API edit of a datastore resource is
saved to non-volatile storage in an
implementation-specific matter by the server.
There is no guarantee that configuration changes
are saved immediately, or that the saved configuration
is always a mirror of the running configuration.
Applications which need more control over the persistence model
might consider using NETCONF instead of YANG-API.
NETCONF has a rather complex defaults handling model for
leafs. YANG-API attempts to avoid this complexity by
restricting the operations that can be applied to
a resource and fields within that resource.
The GET method returns only nodes that exist, which will
be determined by the server. There is no mechanism for
the client to ask the server for the default values
that would be used for any nodes not present, but some
default value is in use by the server. (There is no
If a leaf definition has a default value, and the leaf has not been
given a value yet, the server SHOULD NOT return any value
for the leaf in the response for a GET operation.
Applications which need more control over the defaults model
might consider using NETCONF instead of YANG-API.
The YANG-API protocol does not provide a complex transaction
model that allows for multiple protocol operations, or even
operations on multiple resources in one protocol operation.
A very simple "one operation one one resource" per transaction
model is used instead.
Applications which need more control over the transaction model
might consider using NETCONF instead of YANG-API.
The YANG-API protocol is designed to be extensible for
datastore content and data-model specific protocol operations.
New protocol operations can be added without changing
the entry point if they are optional and do not alter
any existing operations.
Separate namespaces for each YANG module are used.
Content encoded in XML will indicate the module
using the "namespace" URI value in the YANG module.
Content encoded in JSON will indicate the module
using the module name specified in the YANG module.
JSON encoding rules for module namespaces are specified
in .
The version of a resource instance is identified with an entity tag,
as defined by HTTP.
The version identifiers in this section apply to the
version of the schema definition of a resource.
There are two types of schema versioning information used
in the YANG-API protocol:
the YANG-API protocol version
data and operation resource definition versions
The protocol version is identified by the string used for the
well-known URI entry point "/yang‑api".
This would be changed (e.g., "/yang‑api2")
if non-backward compatible changes are ever needed.
Minor version changes that do not break
backward-compatibility will not cause the entry point to change.
The API "yang‑api/version" field can be used by the client to identify
the exact version of the YANG-API protocol implemented by the server.
This value will include the complete YANG-API protocol version.
The "/yang‑api" entry point will only change (e.g., "/yang‑api2")
if non-backward compatible changes are made to the protocol.
The "/yang‑api/version" field MUST be updated every time
the protocol specification is republished.
The resource definition version for a data or operation
resource is a date string,
which is the revision date of the YANG module that defines the resource.
The resource version for all other resource types is a numeric string,
defined by the "/yang‑api/version" field.
There are four types of filtering for retrieval of data resources
in the YANG-API protocol.
conditional all-or-nothing: use some conditional test
mechanism in the request headers and retrieve either a
complete "200 OK" response if the condition is met,
or a "304 Not Modified" Status-Line if the condition is not met.
data classification: request configuration or non-configuration data.
subset: request a subset of all possible instances of a
list or leaf-list data resource.
filter: request a subset of all possible descendant nodes
within the target resource. The "select" query parameter can be used
for this purpose.
Refer to for details on data retrieval filtering.
The YANG-API protocol provides no granular access control for any
content except for operation and data resources. The NETCONF
Access Control Model (NACM) is defined in .
There is a specific mapping between YANG-API operations
and NETCONF edit operations, defined in .
The resource path also needs to be converted internally
by the server to the corresponding YANG instance-identifier.
Using this information, the server can apply the NACM
access control rules to YANG-API messages.
The server MUST NOT allow any operation to any resources that
the client is not authorized to access.
The YANG-API protocol uses HTTP methods to identify
the CRUD operation requested for a particular resource
or field within a resource. The following table
shows how the YANG-API operations relate to NETCONF
protocol operations:
YANG-APINETCONFOPTIONSnoneHEADnoneGET<get-config>, <get>POST<edit-config> (operation="create")PUT<edit-config> (operation="replace")PATCH<edit-config> (operation="merge")DELETE<edit-config> (operation="delete")
The NETCONF "remove" operation attribute is not supported
by the HTTP DELETE method. The resource must exist or
the DELETE operation will fail.
This section defines the YANG-API protocol usage for
each HTTP method.
The OPTIONS method is sent by the client to
discover which methods are supported by the server
for a specific resource, or field within a resource.
It is supported for all media types.
Note that implementation
of this operation is part of HTTP, and this section does
not introduce any additional requirements.
The request MUST contain a request URI
that contains at least the entry point component.
The server will return a "Status‑Line" header containing "204 No Content".
and include the "Allow" header in the response.
This header will be filled in, based on the target resource media type.
Other headers MAY also be included in the response.
Example 1:
A client might request the methods supported for a data
resource called "library"
The server might respond (for a config=true list):
Example 2:
A client might request the methods supported for a
non-configuration leaf within a data resource:
The server might respond:
Example 3:
A client might request the methods supported for an
operation resource called "play":
The server might respond:
The HEAD operation is sent by the client to
retrieve just the headers that would be returned
for the comparable GET operation, without the response body.
The HTTP HEAD method is used for this operation.
It is supported for all resource types, except operation resources.
The request MUST contain a request URI
that contains at least the entry point component.
The same query parameters supported by the GET operation
are supported by the HEAD operation. For example,
the "select" query parameter can be used to
specify a field within the target resource.
The access control behavior is enforced
as if the method was GET instead of HEAD.
The server MUST respond the same as if the method
was GET instead of HEAD, except that no
response body is included.
Example:
The client might request the response headers for the default
(JSON) representation of the "library" resource:
The server might respond:
The GET operation is sent by the client to
retrieve data and meta-data for a resource or
field within a resource.
The HTTP GET method is used for this operation.
It is supported for all resource types, except operation resources.
The request MUST contain a request URI
that contains at least the entry point component.
The following query parameters are supported
by the GET operation:
NameSectionDescriptionconfigRequest either configuration or non-configuration datadepthControl the depth of a retrieval requestformatRequest either JSON or XML content in the responseselectSpecify a field within the target resource
The server MUST NOT return any data resources or fields within
any data resources for which the user does not have read privileges.
If the user is not authorized to read any portion of
the target resource, an error response containing
a "403 Forbidden" Status-Line is returned to
the client.
If the user is authorized to read some but not all of
the target resource, the unauthorized content is omitted
from the response message body, and the authorized content
is returned to the client.
Example:
The client might request the response headers for a
JSON representation of the "library" resource:
The server might respond:
The POST operation is sent by the client for various
reasons. The HTTP POST method is used for this purpose.
The request MUST contain a request URI
that contains a target resource that
identifies one of the following resource types:
TypeDescriptionDataCreate a configuration data resourceOperationInvoke protocol operationTransactionCreate a new transaction
The following query parameters are supported
by the POST operation:
NameSectionDescriptioninsertSpecify where to insert a resourcepointSpecify the insert point for a resource
If the POST operation succeeds, a "200 OK" Status-Line
is returned if there is no response message body, and
a "204 No Content" Status-Line is returned if there is
a response message body.
If the user is not authorized to invoke the target (operation) resource,
or create the target resource,
an error response containing
a "403 Forbidden" Status-Line is returned to
the client. All other error responses are handled according to
the procedures defined in .
The PUT operation is sent by the client to replace
the target resource.
The HTTP PUT method is used for this purpose.
The request MUST contain a request URI
that contains a target resource that
identifies the data resource to replace.
The following query parameters are supported
by the PUT operation:
NameSectionDescriptioninsertSpecify where to move a resourcepointSpecify the move point for a resource
If the PUT operation succeeds, a "200 OK" Status-Line
is returned, and there is no response message body.
If the user is not authorized to replace the target resource
an error response containing
a "403 Forbidden" Status-Line is returned to
the client. All other error responses are handled according to
the procedures defined in .
The PATCH operation uses the HTTP PATCH method defined
in to provide a "merge" editing mode for
data resources. Instead of replacing all or part of the
target resource, the supplied values are merged into the
target resource.
If the PATCH operation succeeds, a "200 OK" Status-Line
is returned, and there is no response message body.
If the user is not authorized to alter the target resource
an error response containing
a "403 Forbidden" Status-Line is returned to
the client. All other error responses are handled according to
the procedures defined in .
The DELETE operation uses the HTTP DELETE method
to delete the target resource.
If the DELETE operation succeeds, a "200 OK" Status-Line
is returned, and there is no response message body.
If the user is not authorized to delete the target resource then
an error response containing
a "403 Forbidden" Status-Line is returned to
the client. All other error responses are handled according to
the procedures defined in .
Each YANG-API operation allows zero or more query
parameters to be present in the request URI.
Refer to
for details on the query parameters used
in the definition of each operation.
Query parameters can be given in any order.
Each parameter can appear zero or one time.
A default value may apply if the parameter is missing.
This section defines all the YANG-API query parameters.
The "config" parameter is used to specify whether
configuration or non-configuration data is requested.
This parameter is only supported for the GET and HEAD methods.
It is also only supported if the target resource is a data resource.
Example:
This example request by the client
would retrieve only the non-configuration data nodes
that exist within the second-level "library" resource.
The server might respond:
The "depth" parameter is used to specify the number
of nest levels returned in a response for a GET operation.
A nest-level consists of the target resource and any
child nodes which are optional data nodes (anyxml, leaf, or
leaf-list). A non-presence container
is transparent when determining the nest level.
A child node (which is not a non-presence container)
within a non-presence container is used to determine the nest-level.
The start level is determined by the target resource
for the operation.
Example:
This example operation would retrieve 2 levels of configuration data nodes
that exist within the top-level "jukebox" resource.
The server might respond:
The "format" parameter is used to specify the format
of any content returned in the response. Note that
the "Accept" header MAY be used instead of this
parameter to identify the format desired in the response.
For example:
This example request would retrieve only the configuration data nodes
that exist within the top-level "routing" resource, and retrieve
them in XML encoding instead of JSON encoding.
The "format" parameter is only supported for the GET and HEAD methods.
It is supported for all YANG-API media types.
Example:
This example URI would retrieve only the configuration data nodes
that exist within the top-level "routing" resource, and retrieve
them in XML encoding instead of JSON encoding.
The "insert" parameter is used to specify how a
resource should be inserted (or moved) within
the user-ordered list or leaf-list data resource.
This parameter is only supported for the POST and PUT methods.
It is also only supported if the target resource is
a data resource, and that data represents
a YANG list or leaf-list that is ordered by the user, not the system.
If the values "before" or "after" are used, then a "point"
parameter for the insertion parameter MUST also be present.
Example:
The "point" parameter is used to specify the insertion point
for a data resource that is being created or moved within
a user ordered list or leaf-list. It is ignored unless the "insert"
query parameter is also present, and has the value "before" or "after".
This parameter contains the instance identifier of the
resource, or field within a resource, to be used as the
insertion point for a POST or PUT operation. It is
encoded according to the rules defined in .
There is no default for this parameter.
Example:
In this example, the client is moving an existing "song" resource
within an "album" resource after another song.
The request URI is split for display purposes only.
The "select" query parameter is used to specify an
expression which can represent a subset of all data nodes
within the target resource. It contains a relative
path expression, using the target resource as the context node.
It is supported for all resource types except operation resources.
The contents are encoded according to the "api‑select"
rule defined in . This parameter is only allowed
for GET and HEAD operations.
[FIXME: the syntax of the select string is still TBD;
XPath, schema-identifier, regular expressions, something else]
Refer to for example request messages
using the "select" parameter.
The YANG-API also allows data-model specific protocol operations
to be invoked using the POST method. The media type
"vnd.yang.operation+xml" or "vnd.yang.operation+json"
MUST be used in the "Content‑Type" field in the message header.
Data model specific operations are supported.
The syntax and semantics of these operations
exactly correspond to the YANG "rpc" statement definition
for the operation.
Any input for a protocol operation is encoded in an element
called "input", which corresponds to the <input> element
in a NETCONF message. The child nodes of the "input"
element are encoded according to the data definition statements
in the input section of the "rpc" statement.
Any output for a protocol operation is encoded in an element
called "output", which corresponds to the <rpc‑reply> element
in a NETCONF message. The child nodes of the "output"
element are encoded according to the data definition statements
in the output section of the "rpc" statement.
This section describes the messages that are used in the YANG-API
protocol.
Resources are represented with URIs following the structure
for generic URIs in .
A YANG-API operation is derived from the HTTP method
and the request URI, using the following conceptual fields:
method: the HTTP method identifying the YANG-API operation
requested by the client, to act upon the target resource
specified in the request URI. YANG-API operation details are
described in .
entry: the well-known YANG-API entry point ("/yang‑api").
resource: the path expression identifying the resource
that is being accessed by the operation.
If this field is not present, then the target resource
is the API itself, represented by the media type "vnd.yang.api".
query: the set of parameters associated with the YANG-API
message. These have the familiar form of "name=value" pairs.
There is a specific set of parameters defined,
although the server MAY choose to support additional
parameters not defined in this document.
fragment: This field is not used by the YANG-API protocol.
The client SHOULD NOT assume the final structure of
a URI path for a resource. Instead, existing resources can
be discovered with the GET operation. When new resources
are created by the client, a "Location" header
is returned, which identifies the path of the newly created resource.
The client MUST use this exact path identifier to access
the resource once it has been created.
The "target" of an operation is a resource.
The "path" field in the request URI represents
the target resource for the operation.
There are several HTTP header lines utilized in YANG-API messages.
Messages are not limited to the HTTP headers listed in this section.
HTTP defines which header lines are required for particular circumstances.
Refer to each operation definition section in
for examples on how particular headers are used.
There are some request headers that are used within YANG-API,
usually applied to data resources.
The following tables summarize the headers most relevant
in YANG-API message requests:
NameDescriptionAcceptResponse Content-Types that are acceptableContent-TypeThe media type of the request bodyHostThe host address of the serverIf-MatchOnly perform the action if the entity matches ETagIf-Modified-SinceOnly perform the action if modified since timeIf-RangeOnly retrieve range if resource unchangedIf-Unmodified-SinceOnly perform the action if un-modified since timeRangeSpecify a range of data resource entries
The following tables summarize the headers most relevant
in YANG-API message responses:
NameDescriptionAllowValid actions when 405 error returnedContent-TypeThe media type of the response bodyDateThe date and time the message was sentETagAn identifier for a specific version of a resourceLast-ModifiedThe last modified date and time of a resourceLocationThe resource identifier for a newly created resource
YANG-API messages are encoded in HTTP according to RFC 2616.
The "utf‑8" character set is used for all messages.
YANG-API message content is sent in the HTTP message body.
Content is encoded in either JSON or XML format.
XML encoding rules for data nodes are defined in .
The same encoding rules are used for all XML content.
XML attributes are not used and will be ignored if present
in an XML-encoded message.
JSON encoding rules are defined in .
Special encoding rules are needed to handle multiple
module namespaces and provide consistent data type processing.
Request input content encoding format is identified with the Content-Type
header. This field MUST be present if message input is sent
by the client.
Response output content encoding format is identified with the Accept
header, the "format" query parameter, or if
neither is specified, the request input encoding format is used.
If there was no request input, then the default output encoding is JSON.
File extensions encoded in the request are not used to identify
format encoding.
Each message represents some sort of resource access.
An HTTP "Status‑Line" header line is returned for each request.
If a 4xx or 5xx range status code is returned in the Status-Line,
then the error information will be returned in the response,
according to the format defined in .
Since the datastore contents change at unpredictable times,
responses from a YANG-API server generally SHOULD NOT be cached.
The server SHOULD include a "Cache‑Control" header in every response
that specifies whether the response should be cached.
A "Pragma" header specifying "no‑cache" MAY also be sent
in case the "Cache‑Control" header is not supported.
Instead of using HTTP caching, the client SHOULD track the "ETag"
and/or "Last‑Modified" headers returned by the server for the
datastore resource (or data resource if the server supports it).
A retrieval request for a resource can include headers
such as "If‑None‑Match" or "If‑Modified‑Since" which
will cause the server to return a "304 Not Modified" Status-Line
if the resource has not changed.
The client MAY use the HEAD operation to retrieve just
the message headers, which SHOULD include the "ETag"
and "Last‑Modified" headers, if this meta-data is maintained
for the target resource.
The resources used in the YANG-API protocol are identified
by the "path" component in the request URI. Each operation
is performed on a target resource.
The API resource contains the state and access points for
the YANG-API features.
It is the top-level resource and has the media type
"application/vnd.yang.api+xml" or "application/vnd.yang.api+json".
It is accessible through the well-known URI "/yang‑api".
This resource has the following fields:
Field NameDescriptiondatastoreLink to "datastore" resourcemodulesYANG module capability URIsoperationsData-model specific operations
This mandatory resource represents the running configuration
datastore and any non-configuration data available.
It may be retrieved and edited directly.
It cannot be created or deleted by the client.
This resource type is defined in .
This mandatory field contains the identifiers
for the YANG data model modules supported by the server.
There MUST be exactly one instance of this field.
The server MUST maintain a last-modified timestamp for this
field, and return the "Last‑Modified" header when this
field is retrieved with the GET or HEAD methods.
This optional field provides access to the
data-model specific protocol operations supported by the server.
The server MAY omit this field if no data-model specific
operations are advertised.
Any data-model specific operations defined in the YANG
modules advertised by the server SHOULD be available
as child nodes of this field.
This mandatory field contains one URI string
for each YANG data model module supported by the server.
There MUST be an instance of this field for every
YANG module that is accessible via an operation resource
or a data resource.
The server MAY maintain a last-modified timestamp for
each instance of this resource, and return the
"Last‑Modified" header when this resource is retrieved
with the GET or HEAD methods. If not supported
then the timestamp for the parent "modules" field
MUST NOT be used instead.
The contents of this field are encoded with the "uri"
derived type from the "ietf‑iana‑types" modules
in .
There are additional encoding requirements for this field.
The URI MUST follow the YANG module capability URI formatting
defined in section 5.6.4 of .
In this example the client is retrieving the modules field
from the server in the default JSON format:
The server might respond as follows.
Note that the content below is split across multiple
lines for display purposes only:
This mandatory field identifies the specific version
of the YANG-API protocol implemented by the server.
The same server-wide response MUST be returned
each time this field is retrieved. It is assigned
by the server when the server is started.
The server MUST return the value "1.0" for this
version of the YANG-API protocol.
This field is encoded with the rules for an "enumeration" data type,
using the following leaf definition:
A datastore resource represents the conceptual root
of a tree of data resources.
The server MUST maintain a last-modified timestamp for this
resource, and return the "Last‑Modified" header when this
resource is retrieved with the GET or HEAD methods.
Only changes to configuration data resources within
the datastore affect this timestamp.
The server SHOULD maintain a resource entity tag for this
resource, and return the "ETag" header when this
resource is retrieved with the GET or HEAD methods.
The resource entity tag SHOULD be changed to a new
previously unused value if changes to any configuration
data resources within the datastore are made.
A datastore resource can be retrieved with the GET operation,
to retrieve either configuration data resources or non-configuration
data resources within the datastore. The "config" query
parameter is used to choose between them.
Refer to for more details.
The depth of the subtrees returned in retrieval operations
can be controlled with the "depth" query parameter.
The number of nest levels, starting at the target resource,
can be specified, or an unlimited number can be returned.
Refer to for more details.
A datastore resource cannot be written directly with
any edit operation. Only the configuration data resources
within the datastore resource can be edited.
A data resource represents a YANG data node that is a descendant
node of a datastore resource.
For configuration data resources,
the server MAY maintain a last-modified timestamp for the
resource, and return the "Last‑Modified" header when it
is retrieved with the GET or HEAD methods.
For configuration data resources,
the server MAY maintain a resource entity tag for the
resource, and return the "ETag" header when it
is retrieved as the target resource with the GET or HEAD methods.
The resource entity tag SHOULD be changed to a new
previously unused value if changes to the resource
or any configuration field within the resource is altered.
A data resource can be retrieved with the GET operation,
to retrieve either configuration data resources or non-configuration
data resources within the target resource. The "config" query
parameter is used to choose between them.
Refer to for more details.
The depth of the subtrees returned in retrieval operations
can be controlled with the "depth" query parameter.
The number of nest levels, starting at the target resource,
can be specified, or an unlimited number can be returned.
Refer to for more details.
A configuration data resource can be altered by the client
with some of all of the edit operations, depending on the
target resource and the specific operation. Refer to
for more details on edit operations.
In YANG, data nodes are named with an absolute
XPath expression, from the document root to the target resource.
In YANG-API, URL friendly path expressions are used instead.
The YANG "instance‑identifier" (i-i) data type is represented
in YANG-API with the path expression format defined
in this section.
NameCommentspointInsertion point is always a full i-ipathRequest URI path is a full or partial i-i
The "path" component of the request URI contains the
absolute path expression that identifies the
target resource. The "select" query parameter is
used to optionally identify the requested data nodes
within the target resource to be retrieved in a GET operation.
A predictable location for a data resource
is important, since applications will code to the YANG
data model module, which uses static naming and defines an
absolute path location for all data nodes.
A YANG-API data resource identifier is not an XPath expression.
It is encoded from left to right, starting with the top-level
data node, according to the "api‑path" rule in .
The node name of each ancestor of the target resource node
is encoded in order, ending with the node name for the
target resource.
If the "select" is present, it is encoded,
starting with a child node of the target resource,
according to the "api‑select" rule defined in .
If a data node in the path expression is a YANG list node,
then the key values for the list (if any) are encoded
according to the "key‑value" rule. If the list node
is the target resource, then the key values MAY be omitted,
according to the operation. For example, the POST
operation to create a new data resource for a list node
does not allow the key values to be present in the request URI.
The key leaf values for a data resource representing a YANG list
MUST be encoded as follows:
The value of each leaf identified in the "key" statement
is encoded in order.
All the components in the "key" statement MUST be encoded.
Partial instance identifiers are not supported.
Each value is encoded using the "key‑value" rule in ,
according to the encoding rules for the data type of the key leaf.
An empty string can be a valid key value
(e.g., "/top/list/key1//key3").
The "/" character MUST be URL-encoded (i.e., "%2F").
All whitespace MUST be URL-encoded.
A "null" value is not allowed since the "empty" data type is
not allowed for key leafs.
The XML encoding is defined in .
The JSON encoding is defined in .
The entire "key‑value" MUST be properly URL-encoded,
according to the rules defined in .
Notifications are not supported by YANG-API because they
are not supported by HTTP. YANG notification statements
are ignored by a YANG-API server.
Examples:
The following ABNF syntax is used to construct YANG-API
path identifiers:
The data resources used in YANG-API are
defined with YANG data definition statements.
Not every data node defined in a YANG module
should be treated as a resource. The YANG-API needs to know
which YANG data nodes are resources, and which are fields
within a resource.
For data resources, YANG-API uses a simple algorithm for defining
resource boundaries, within the conceptual sub-trees
described by YANG data definition statements.
All top-level data nodes are considered to
be resources. For nodes within a top-level resource:
a presence container starts a new resource
a list starts a new resource
an optional terminal node (anyxml, leaf, or leaf-list) starts a new resource
a data node of type "anyxml" cannot have any sub-resources
A non-configuration data node cannot be a separate resource
from its parent. Only top-level data nodes are considered
to be resources (which only support retrieval methods).
It is sometimes useful to have the server assign
the key(s) for a new resource. The "Location"
header will indicate the key value(s) that the server
selected, so the client does not need to provide all the key leaf
values.
It is useful to identify in the YANG data model module
which key leafs are optional to provide, and which are not.
The YANG extension statement "optional‑key" is provided
to indicate that the leaf definition represents
an optional key.
The client MAY provide a value for a key leaf
in a POST operation. Refer to for details
on the "optional‑key" extension. Refer to
for usage examples of this YANG extension statement.
There are four types of filtering for retrieval of data resources.
This section defines each mode.
The HTTP headers (such as "If‑Modified‑Since" and "If‑Match")
can by used in for a request message for a GET operation
to check a condition within the server state, such as the
last time the datastore resource was modified, or the resource entity tag
of the target resource.
If the condition is met according to the header
definition, a "200 OK" Status-Line and the data requested is
returned in the response message.
If the condition is not met, a "304 Not Modified"
Status-Line is returned in response message instead.
The "config" query parameter
can be used with the GET operation to specify whether
configuration or non-configuration data is requested.
Refer to for more details on the "config"
query parameter.
The "Range" header is used to request a specific
subset of the instances of a list or leaf-list
data resource that are returned by the
server for a retrieval operation. Normally, if the target resource
in a request message does not specify an instance,
then all instances are returned.
The YANG-API protocol uses the token "entries" instead
of "bytes" as the range units.
The entries are numbered
starting from "0". A list or leaf-list can change order
between requests so the client needs to be aware of
the data model semantics, and whether the list contents
are stable enough to use the subset retrieval mechanism.
If the requested range cannot be returned
because the range specification includes index
values for entries that do not exist,
then an error occurs, and the server MUST return
a "416 Requested range not satisfiable" Status-Line.
If the range request can be satisfied, then a "200 OK"
Status-Line is returned, and the response MUST include
a "Content‑Range" header indicating which entries are
returned. The response message body contains the
data for the requested range of entries.
Example:
In this example, the client is requesting 5 "artist"
resource entries, starting with the 10th entry:
The "select" query parameter is used to specify a filter
that should be applied to the target resource to
request a subset of all possible descendant nodes
within the target resource.
The format of the "select" parameter string is defined
in . The set of nodes selected by the
filter expression is applied to each context node
identified by the target resource.
An operation resource represents an protocol operation
defined with the YANG "rpc" statement.
All operation resources share the same module namespace
as any top-level data resources, so the name of an operation
resource cannot conflict with the name of a top-level
data resource defined within the same module.
If 2 different YANG modules define the same "rpc" identifier,
then the module name MUST be used in the request URI.
For example, if "module‑A" and "module‑B" both defined
a "reset" operation, then invoking the operation from "module‑A"
would be requested as follows:
Any usage of an operation resource from the same module,
with the same name, refers to the same "rpc" statement
definition. This behavior can be used to design protocol operations
that perform the same general function on different
resource types.
If the "rpc" statement has an "input" section, then a message body
MAY be sent by the client in the request, otherwise the request
message MUST NOT include a message body.
If the "rpc" statement has an "output" section, then a message body
MAY be sent by the server in the response. Otherwise the
server MUST NOT include a message body in the response message,
and MUST send a "204 No Content" Status-Line instead.
If the "rpc" statement has an "input" section, then
the "input" node is provided in the message body,
corresponding to the YANG data definition statements
within the "input" section.
Example:
The following YANG definition is used for the examples in this
section.
The client might send the following POST request message:
The server might respond:
If the "rpc" statement has an "output" section, then
the "output" node is provided in the message body,
corresponding to the YANG data definition statements
within the "output" section.
Example:
The following YANG definition is used for the examples in this
section.
The client might send the following POST request message:
The server might respond:
The operation resources used in YANG-API are
defined with YANG "rpc" statements.
All "rpc" statements within a YANG module that are
supported by the server are available as operation resources.
HTTP Status-Lines are used to report success or failure
for YANG-API operations.
The <rpc‑error> element returned in NETCONF error responses
contains some useful information. This error information
is adapted for use in YANG-API, and error information
is returned for "4xx" class of status codes.
The following table summarizes the return status codes
used specifically by YANG-API operations:
Status-LineDescription100 ContinuePOST accepted, 201 should follow200 OKSuccess with response body201 CreatedPOST to create a resource success202 AcceptedPOST to create a resource accepted204 No ContentSuccess without response body304 Not ModifiedConditional operation not done400 Bad RequestInvalid request message403 ForbiddenAccess to resource denied404 Not FoundResource target or resource node not found405 Method Not AllowedMethod not allowed for target resource409 ConflictResource or lock in use413 Request Entity Too Largetoo-big error414 Request-URI Too Largetoo-big error415 Unsupported Media Typenon YANG-API media type416 Requested range not satisfiableIf-Range error500 Internal Server Erroroperation-failed501 Not Implementedunknown-operation503 Service UnavailableRecoverable server error
Since an operation resource is defined with a YANG "rpc"
statement, a mapping between the NETCONF <error‑tag> value
and the HTTP status code is needed. The specific error
condition and response code to use are data-model specific
and might be contained in the YANG "description" statement
for the "rpc" statement.
<error‑tag>status codein-use409invalid-value400too-big413missing-attribute400bad-attribute400unknown-attribute400bad-element400unknown-element400unknown-namespace400access-denied403lock-denied409resource-denied409rollback-failed500data-exists409data-missing409operation-not-supported501operation-failed500partial-operation500malformed-message400
When an error occurs for a request message on a data resource
or an operation resource, and a "4xx" class of status codes
(except for status code "403"),
then the server SHOULD send a response body containing
the information described by the following YANG data definition
statement:
Example:
The following example shows an error returned for
an "lock‑denied" error on a datastore resource.
The server might respond:
TBD
RFC Ed.: update the date below with the date of RFC publication and
remove this note.
<CODE BEGINS> file "ietf-yang-api@2012-11-30.yang"<CODE ENDS>
This document registers one URI in the IETF XML registry
. Following the format in RFC 3688, the following
registration is requested to be made.
This document registers one YANG module in the YANG Module Names
registry .
TBD
expanded introduction
removed transactions
removed capabilities
simplified editing model
removed global protocol operations from ietf-yang-api.yang
changed RPC operation terminology to protocol operation
updated JSON draft reference
updated open issues section
updated IANA section
Which WG should do this work? NETCONF? NETMOD?
It is not clear since YANG-API builds on concepts and
standards from documents owned by both working groups.
Resource creation order and other dependencies between resources
are not well identified in YANG.
YANG has leafrefs and instance-identifiers, which can be used
to identify some order dependencies.
Are any new mechanisms needed in YANG-API needed to identify
resource creation order and other dependency requirements?
There is no "message‑id" field in a YANG-API message.
Is a message identifier needed? If so, should either the "Message‑ID"
or "Content‑ID" header from RFC 2392 be used for this purpose?
Should sessions be used or not?
Should "reusable sessions" be used? Better for auditing?
How does locking of the /yang-api/datastore resource
work for multiple edits if a session is 1 operation?
When does the server release the lock and decide it has
been abandoned or client was disconnected?
What syntax should be used for the "select" query parameter?
Should the "/yang‑api/modules" field within the API resource
be a separate resource, with its own timestamp? Currently the
API timestamp is coupled to any changes to the list of loaded
modules. Should the API resource be static and cacheable?
What to do about no REMOVE operation, just DELETE?
The effect is local to the request; in a NETCONF
edit-config it is worse, since the netconf request might
create/delete/modify many nodes
Should every YANG data node be a data resource and every YANG RPC
statement an operation resource? Is a YANG extension needed to
allow data modeler control of resource boundaries?
Encoding of leafrefs? Is there some additional meta-data needed?
Do leafref nodes need to be identified in responses (RFC 5988) or
is the YANG module definition sufficient to provide this meta-data?
What should the default algorithm be for defining data resources?
Should the default for an augment from another namespace be to
start a new resource? Top-level data node defaults as a resource OK?
Is the token "entries" legal in the YANG-API usage of Range?
What units should be used? "bytes" is the only token defined by HTTP.
Are all header lines used by YANG-API supported by common application
frameworks, such as FastCGI and WSGI? If not, then should
query parameters be used instead, since the QUERY_STRING is
widely available to WEB applications?
Should the <errors> element returned in error responses
be a separate media type?
How should additional datastores be supported, which may be added to the
NETCONF/NETMOD framework in the future?
Key words for use in RFCs to Indicate Requirement LevelsHarvard UniversityIn many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents.Hypertext Transfer Protocol -- HTTP/1.1Department of Information and Computer ScienceUniversity of California, IrvineIrvineCA92697-3425+1(949)824-1715fielding@ics.uci.eduWorld Wide Web ConsortiumMIT Laboratory for Computer Science, NE43-356545 Technology SquareCambridgeMA02139+1(617)258-8682jg@w3.orgCompaq Computer CorporationWestern Research Laboratory250 University AvenuePalo AltoCA94305mogul@wrl.dec.comWorld Wide Web ConsortiumMIT Laboratory for Computer Science, NE43-356545 Technology SquareCambridgeMA02139+1(617)258-8682frystyk@w3.orgXerox CorporationMIT Laboratory for Computer Science, NE43-3563333 Coyote Hill RoadPalo AltoCA94034masinter@parc.xerox.comMicrosoft Corporation1 Microsoft WayRedmondWA98052paulle@microsoft.comWorld Wide Web ConsortiumMIT Laboratory for Computer Science, NE43-356545 Technology SquareCambridgeMA02139+1(617)258-8682timbl@w3.org
The Hypertext Transfer Protocol (HTTP) is an application-level
protocol for distributed, collaborative, hypermedia information
systems. It is a generic, stateless, protocol which can be used for
many tasks beyond its use for hypertext, such as name servers and
distributed object management systems, through extension of its
request methods, error codes and headers . A feature of HTTP is
the typing and negotiation of data representation, allowing systems
to be built independently of the data being transferred.
HTTP has been in use by the World-Wide Web global information
initiative since 1990. This specification defines the protocol
referred to as "HTTP/1.1", and is an update to RFC 2068 .
The IETF XML RegistryThis document describes an IANA maintained registry for IETF standards which use Extensible Markup Language (XML) related items such as Namespaces, Document Type Declarations (DTDs), Schemas, and Resource Description Framework (RDF) Schemas.Uniform Resource Identifier (URI): Generic SyntaxWorld Wide Web ConsortiumMassachusetts Institute of Technology77 Massachusetts AvenueCambridgeMA02139USA+1-617-253-5702+1-617-258-5999timbl@w3.orghttp://www.w3.org/People/Berners-Lee/Day Software5251 California Ave., Suite 110IrvineCA92617USA+1-949-679-2960+1-949-679-2972fielding@gbiv.comhttp://roy.gbiv.com/Adobe Systems Incorporated345 Park AveSan JoseCA95110USA+1-408-536-3024LMM@acm.orghttp://larry.masinter.net/
Applications
uniform resource identifierURIURLURNWWWresource
A Uniform Resource Identifier (URI) is a compact sequence of characters
that identifies an abstract or physical resource. This specification
defines the generic URI syntax and a process for resolving URI references
that might be in relative form, along with guidelines and security
considerations for the use of URIs on the Internet.
The URI syntax defines a grammar that is a superset of all valid URIs,
allowing an implementation to parse the common components of a URI
reference without knowing the scheme-specific requirements of every
possible identifier. This specification does not define a generative
grammar for URIs; that task is performed by the individual
specifications of each URI scheme.
PATCH Method for HTTPSeveral applications extending the Hypertext Transfer Protocol (HTTP) require a feature to do partial resource modification. The existing HTTP PUT method only allows a complete replacement of a document. This proposal adds a new HTTP method, PATCH, to modify an existing HTTP resource. [STANDARDS-TRACK]Network Configuration Protocol (NETCONF)YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)YANG is a data modeling language used to model configuration and state data manipulated by the Network Configuration Protocol (NETCONF), NETCONF remote procedure calls, and NETCONF notifications. [STANDARDS TRACK]Common YANG Data TypesNetwork Configuration Protocol (NETCONF) Access Control ModelThe standardization of network configuration interfaces for use with the Network Configuration Protocol (NETCONF) requires a structured and secure operating environment that promotes human usability and multi-vendor interoperability. There is a need for standard mechanisms to restrict NETCONF protocol access for particular users to a pre-configured subset of all available NETCONF protocol operations and content. This document defines such an access control model. [STANDARDS-TRACK]Modeling JSON Text with YANGCZ.NIC