Transfer API Menu

API OverviewTransfer API DocumentationEndpoint ActivationTask SubmissionTask MonitoringFile OperationsEndpoint ManagementEndpoint SearchEndpoint RolesEndpoint BookmarksEndpoint ACL ManagementAdvanced Endpoint ManagementChange History
  1. Home
  2. Globus APIs
  3. Transfer API Documentation

Endpoint Management

1. Overview

Endpoints are named entities that represent a gridftp or other file transfer service server. They have a globally unique id, and a not necessarily unique display name. The API for manipulating endpoint definitions is located under /endpoint/.

Note:Endpoints were formerly identified by a globally unique, username qualified name, called the "canonical name". These names still exist but are deprecated and will be removed in the future.

For operations that can be performed on an endpoint’s filesystem, see File Operations.

For delegating rights for managing various aspects of the endpoint’s administration to other users, see Endpoint Roles.

For getting list of endpoints matching a name or other categories, see Endpoint Search.

1.1. Linked Identities

Authorization is based on the capabilities granted to any of the linked identities associated with the Globus Auth token used to authenticate to the REST API, combined with capabilities granted to any of the groups any of the linked identities belong too. For example, a private endpoint will be visible if any of the linked identities own the endpoint, or if any of the linked identities has an appropriate effective role on the endpoint (see role documentation for details on which roles grant this visibility).

When an endpoint is created, the owner_id and owner_string are set based on the primary identity. Note that owner_string can be changed; see the field documentation for details.

1.2. "Managed" Endpoints

Some advanced endpoint features, for example hosting shared endpoints and using the Advanced Endpoint Management API, require a Globus subscription. To enable these features for an endpoint, the endpoint must be set as "managed" by setting the subscription_id field on the endpoint to the id for the subscription. Once this is set, the endpoint is considered "managed". A shared endpoint is considered "managed" if it’s host endpoint has a non-null subscription_id.

2. Document Types

2.1. Endpoint Document

The "endpoint" document type represents a single transfer endpoint, and contains a list of "server" documents in the "DATA" section, representing the GridFTP server or servers used to access the endpoint.

2.1.1. Types of Endpoints

Globus Connect Server endpoints

This category includes manually configured GridFTP servers, and servers configured using the Globus Connect Server package. These endpoints will have is_globus_connect set to "false", host_endpoint_id equal to "null", and s3_url equal to "null". To function, they must have at least one server sub-document.

Globus Connect Personal endpoints

Globus Connect Personal endpoints have is_globus_connect set to "true", and the server sub-documents are virtual and can’t be set by the user. The gcp_connected field can be used to determine if the Globus Connect Personal client is currently running and connected to Globus.

Shared endpoints

Shared endpoints will have host_endpoint_id set to a non-null value. They have no server sub-documents, and must always be public.

Note:If a host endpoint is deleted, all hosted shared endpoints will stop allowing filesystem operations (task submission and interactive operations). The API resources will return a "Conflict" error in this case.
S3 endpoints

S3 endpoints will have s3_url set to a non-null value. They have no server sub-documents.

Endpoint Document Example
{
  "DATA_TYPE": "endpoint",
  "id": "096a65b1-3e90-44e6-9cb4-550b2d5401c0",
  "display_name": "myserver",
  "organization": "My Org",
  "username": "auser",
  "description": "Example gridftp endpoint.",
  "public": false,
  "is_globus_connect": false,
  "globus_connect_setup_key": null,
  "gcp_connected": null,
  "gcp_paused": null,
  "s3_url": null,
  "s3_owner_activated": false,
  "host_endpoint_id": null,
  "host_path": null
  "disable_verify": false,
  "force_encryption": false,
  "myproxy_server": null,
  "myproxy_dn": null,
  "oauth_server": null,
  "default_directory": null,
  "activated": false,
  "expires_in": 0,
  "expire_time": "2000-01-02 03:45:06+00:00",
  "shareable": true,
  "acl_available": false,
  "acl_editable": false,
  "in_use": false,
  "DATA": [
    {
      "DATA_TYPE": "server",
      "hostname": "gridftp.example.org",
      "uri": "gsiftp://gridftp.example.org:2811",
      "port": 2811,
      "scheme": "gsiftp",
      "id": 985,
      "subject": "/O=Grid/OU=Example/CN=host/girdftp.example.org"
    }
  ],
}

2.1.2. Endpoint Fields

Field Name JSON Type Description

DATA_TYPE

string

Always has value "endpoint" to indicate this document type.

id

string

36 character unique identifier string for the endpoint.

display_name

string

Friendly name for the endpoint, not unique. Unicode string, max 128 characters, no new lines (\r or \n). If not specified, will default to canonical_name, but that is deprecated and all new clients hould use id and display_name. Searchable.

organization

string

Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines. Searchable.

department

string

Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines. Searchable.

keywords

string

Comma separated list of search keywords for the endpoint. Optional. Unicode string, max 1024 characters. Searchable.

name

string

[DEPRECATED] Legacy friendly name for the endpoint. Limited to 128 characters, and must match the regex ^[0-9a-zA-Z][-0-9a-zA-Z_.]*$. If not specified, will default to the unique id.

canonical_name

string

[DEPRECATED] The username qualified endpoint name, of the form USERNAME#ENDPOINTNAME. The username portion must match the current user. Use id instead in API requests, and use display_name to display to users. Will be searchable until it is removed.

username

string

[DEPRECATED] Use owner_id or owner_string instead. The Globus username of the endpoint owner. For non-globusid.org identities, this will be a meaningless string starting with u_, and for globusid.org identities it will be the globusid.org username.

owner_id

string

Identity id of the endpoint owner. Can’t be updated.

owner_string

string

Identity name of an endpoint administrator. This is initially set to the owner, but it can be changed later to any administrator that is set by a user-identity role (and that role may not be deleted). For security, the new administrator must perform the update.

This field is included in the fulltext query index used by the Endpoint Search API.

description

string

A description of the endpoint. Unicode string, max length 4096 characters. Included in fulltext search.

contact_email

string

Email address of the support contact for the server(s) represented by the endpoint. Optional. ASCII string, must be a valid email address.

contact_info

string

Other non-email contact information for the endpoint, e.g. phone and mailing address. Optional. Unicode string, can contain new lines, max 4096 characters.

info_link

string

Link to a web page with more information about the endpoint. ASCII string with an http or https URL. Basic checking is done to make sure this is a valid URL, but the administrator is responsible for running a website at this URL and verifying that it’s accepting public connections.

public

boolean

True if the endpoint definition should be visible to other Globus users.

subscription_id

string

If the endpoint is "managed", this will be a UUID string, otherwise it will be null. PUT can accept the special string "DEFAULT" to use your default subscription id. Note that certain features like setting network_use and in most cases hosting shared endpoints require a managed endpoint, so this field is useful for checking that state.

default_directory

string

Default directory to display when an endpoint is first accessed on the globus.org web interface. The default is // for GridFTP endpoints, and / for shared endpoints and S3 endpoints. The mapping of // depends on the configuration of the GridFTP server but is typically the local user’s home directory on Linux systems.

force_encryption

boolean

Forces encryption of all network data for transfers to and from the endpoint. If this is set on the endpoint or its host, all transfer to or from the endpoint will have the encryption option automatically turned on regardless of the user’s initial submission options. If this is not set, users can decide whether or not to enable encryption. Default: false.

disable_verify

boolean

This option indicates that the endpoint does not support computing MD5 checksums, needed for the verify_checksum option of transfer. When this is set on the endpoint or its host, new transfer submissions will default to not use the verify_checksum option.

expire_time

string

Date and time the endpoint activation expires, or null if not activated. Formatted as ISO 8601 but with space instead of "T" separating the date and time portions.

expires_in

int

Seconds until the endpoint expires, 0 if the endpoint is expired or not activated, or -1 if the endpoint never expires (for endpoints that use globus online credentials).

activated

boolean

"true" if the endpoint is activated, "false" otherwise.

myproxy_server

string

The default MyProxy server to use when activating this endpoint, or "null" if no associated proxy server.

myproxy_dn

string

A non-standard subject DN to use with the default MyProxy server. This is only necessary if the subject DN in the server’s certificate does not match its hostname. Can be "null".

oauth_server

string

hostname of server for getting credentials via oauth. For this to work, the oauth server must be registered with Globus Nexus and have the appropriate paths set up. Contact support@globus.org for more information.

is_globus_connect

boolean

"true" if the endpoint was created for Globus Connect Personal, "false" otherwise. Note that this will be "false" for Globus Connect Server endpoints.

globus_connect_setup_key

string

Key needed to complete Globus Connect Personal installation. "null" when installation/setup is complete. The key can only be used once. Always "null" for non personal endpoints.

host_endpoint

string

[DEPRECATED] Standard endpoint hosting the shared endpoint; "null" for non-shared endpoints. Use host_endpoint_id and host_endpoint_display_name instead.

host_endpoint_id

string

Id of standard endpoint hosting the shared endpoint; "null" for non-shared endpoints. Note that this will be set on all shared endpoints, regardless of whether the user has permission to get details of the endpoint or whether the endpoint has been deleted.

host_endpoint_display_name

string

If the host endpoint has not been deleted and the user has authorization for Get endpoint by id on the host endpoint, this will be set to the display_name of the host endpoint, or to the canonical_name if the display_name is not set. "null" if the host endpoint has been deleted, if the user does not have permission, or if the endpoint is not a shared endpoint.

host_path

string

Root path being shared on the host endpoint, if the endpoint is a shared endpoint and if the user has the "administrator" effective role on the shared endpoint or the "activity_monitor" effective role on the host endpoint. "null" if the host endpoint has been deleted, if the user does not have one of the required effective roles, or if the endpoint is not a shared endpoint.

s3_url

string

[ALPHA] For S3 endpoints, the url to the S3 bucket

s3_owner_activated

boolean

[ALPHA] For S3 endpoints, true if the endpoint is activated by the owner with Amazon credentials, and can be auto-activated by other users.

acl_available

boolean

[ALPHA] "true" for endpoints that support the ACL resources

acl_editable

boolean

[DEPRECATED] True if the user has the "access_manager" role on the endpoint. This is deprecated, and my_effective_roles should be used instead.

in_use

boolean

"true" if any active tasks owned by the user are using the endpoint

my_effective_roles

list of string

[ALPHA] List of effective roles the current user has on the endpoint.

gcp_connected

boolean

If is_globus_connect is "true", this indicates if the Globus Connect Personal (GCP) software is running and connected to Globus. "null" for other endpoint types.

gcp_paused

boolean

If is_globus_connect is "true", this indicates if the Globus Connect Personal (GCP) has been paused. "null" for other endpoint types.

network_use

string

This field may only be changed on managed endpoints. If a managed endpoint becomes unmanaged, the "normal" level will be automatically used. On shared endpoints, this field will be null. Allowed values for network_use are:

"normal"

The default setting. Uses an average level of concurrency and parallelism. The levels depend on the number of physical servers in the endpoint; use endpoint-details to display the exact values.

"minimal"

Uses a minimal level of concurrency and parallelism.

"aggressive"

Uses a high level of concurrency and parallelism.

"custom"

Uses custom values of concurrency and parallelism set by the endpoint admin. When setting this level, you must also set the max_concurrency, preferred_concurrency, max_parallelism, and preferred_parallelism options. (Note: the parallelism options must be set to null for S3 endpoints)

location

string

"Automatic" or comma separated floats in the form "LATITUDE,LONGITUDE". "null" for shared endpoints.

min_concurrency

integer

Can be network_use "custom", otherwise will contain the preset value for the specified network_use. Will be "null" for shared endpoints.

preferred_concurrency

integer

Can be network_use "custom", otherwise will contain the preset value for the specified network_use. Will be "null" for shared endpoints.

min_parallelism

integer

Can be network_use "custom", otherwise will contain the preset value for the specified network_use. Will be "null" for shared endpoints.

preferred_parallelism

integer

Can be network_use "custom", otherwise will contain the preset value for the specified network_use. Will be "null" for shared endpoints.

local_user_info_available

boolean

Indicates whether the endpoint exposes information about the local user on the endpoint to the Globus service. This is set internally, and can’t be updated. For new endpoints it will start out as null. When a task is run against the endpoint, local user information is requested from the GridFTP server, and if found, this flag will be set to true on the endpoint. If it fails, this will be set to false. Note that there are cases where the server may return a value, but because of the local filesystem and DSI, the value is not particularly useful for searching, but this will still be set to true. On shared endpoints, the value is inherited from the host endpoint. For S3 endpoints, this will always be false.

https_server

string

If non-null, indicates that the endpoint has https support at the specified URL. Must be of the form https://host:port (the port is optional), with no path. Only allowed for shared endpoints.

2.2. Server Document

The server document represents a network service that provides access to a filesystem. The most common type is a GridFTP server, which is represented by scheme "gsiftp". This is also the default scheme.

Server Document Example
{
  "DATA_TYPE": "server",
  "id": 985,
  "scheme": "gsiftp",
  "hostname": "gridftp.example.org",
  "port": 2811,
  "subject": "/O=Grid/OU=Example/CN=host/girdftp.example.org"
}

2.2.1. Server Fields

Only hostname is required on create.

Field Name JSON Type Description

DATA_TYPE

string

Always has value "server" to indicate this document type.

id

int

Unique identifier for a server in an endpoint.

hostname

string

Hostname of the server.

port

int

Port the server is listening on. Default: 2811.

scheme

string

URI scheme (protocol) used by the endpoint. Must be "gsiftp" or "ftp". Default: "gsiftp".

subject

string

subject of the x509 certificate of the server. If not specified, the CN in the subject must match its hostname.

incoming_data_port_start

int

Start (inclusive) of port range allowed for incoming GridFTP data connections. The purpose of this field is to indicate to firewall administrators at other sites how to allow traffic between this endpoint and their own endpoints. If "null", indicates that the endpoint administrator has not specified the configuration (the allowed range is unknown). A range of 1024-65535 indicates a completely open configuration. Must be a subset of 1024-65535 (privileged ports below 1024 are not allowed by GridFTP). Must be set along with incoming_data_port_end, i.e. both must be set to a valid value, or both must be set to "null". Can only be set on GridFTP endpoints.

incoming_data_port_end

int

End (inclusive) of port range allowed for incoming data connections. Must be greater or equal to incoming_data_port_range_start.

outgoing_data_port_start

int

Like incoming_data_port_start but for outgoing data connections.

outgoing_data_port_end

int

Like incoming_data_port_end but for outgoing data connections.

uri

string

[DEPRECATED] URI of the server. This is a derived field combining the scheme, hostname, and port, and is not used when creating servers.

is_connected

boolean

[DEPRECATED] Use gcp_connected in the endpoint document instead. For globus connect personal endpoints, indicates if the endpoint is available for operations; always true for other endpoints. When false, check the value of is_paused to determine if the user requested a temporary disconnect, or if globus connect is not running or not connected to a network.

is_paused

boolean

[DEPRECATED] Use gcp_paused in the endpoint document instead. For globus connect endpoints, indicates if the endpoint has been paused by the user. Note that when this is true, is_connected will always be false, because the endpoint is not available for any operations when paused. For non globus connect endpoints, is_paused will always be false.

2.3. Shared Endpoint Document

The shared endpoint document is a subtype of the "endpoint" document used to create shared endpoints only. Once created, a shared endpoint is accessed and updated using the standard endpoint resources.

server documents can’t be added or removed from shared endpoints; the server used depends entirely on the host endpoint.

Note:Use host_endpoint to create a shared endpoint, but use host_endpoint_id to look up a shared endpoint or to distinguish it from other types of endpoints.
Shared Endpoint Document Example
{
  "DATA_TYPE": "shared_endpoint",
  "display_name": "myshare",
  "host_endpoint": "2ebc7b58-de6f-46a3-ac36-2f2613aa32ba",
  "host_path": "/~/",
  "description": "Share my home directory on Globus Tutorial Endpoint 1",
  "organization": "my org"
}

The "shared_endpoint" document can include other informational fields like contact_email and keywords, and option fields like force_encryption (see the updatable field list and full endpoint field list for details). Note that shared endpoints are always public, and the location and network_use related feilds are inhereted from the host and not settable. The identity provider related fields, myproxy_server and oauth_server, can’t be set on shared endpoints, because they are authenticated using Globus credentials.

3. Path Arguments

Name Type Description

endpoint_xid

string

The id field of the endpoint, or for backward compatibility the canonical_name of the endpoint. The latter is deprecated, and all clients should be updated to use id.

4. Common Query Parameters

Name Type Description

fields

string

Comma separated list of fields to include in the response. This can be used to save bandwidth on large list responses when not all fields are needed.

5. Common Errors

The resources in this document use old error codes conventions, with a dotted code hierarchy.

Code HTTP Status Description

EndpointNotFound

404

If <endpoint_xid> not found

PermissionDenied

403

If user does not have privileges to get, modify, or delete the specified endpoint(s).

EndpointDeleted

409

See Get endpoint by id. The error document contains a deleted_time field indicating when the endpoint was deleted, in addition to the standard error fields.

ClientError.Conflict

409

If an endpoint with the same name already exists or if a role assignment with the same principal and role already exists.

ServiceUnavailable

503

If the service is down for maintenance.

6. Operations

6.1. Get endpoint by id

Get a single endpoint by id. All fields are included by default, including the server subdocuments, but the fields query parameter can be used to fetch only specific fields. Use "server" in the fields list to include server subdocuments in a limited field list. For backward compatibility, an endpoint canonical_name can be specified instead of the endpoint id, but this feature is deprecated and all clients should migrate to using the id.

Note:Returns an "EndpointDeleted" error instead of "EndpointNotFound" for deleted endpoints, but only when using id in the URL <endpoint_xid> argument. If an endpoint canonical_name is used for the <endpoint_xid>, it will return "EndpointNotFound" for deleted endpoints.
Authorization

Requires that the endpoint is public or that the user has the "administrator" or "activity_monitor" effective role on the endpoint.

URL

/endpoint/<endpoint_xid>

Method

GET

Response Body

Endpoint document

6.2. Create endpoint

Create an endpoint. Which fields are required depends on the type of endpoint. Note that name and canonical_name are deprecated and supported only for backward compatibility; display_name should be used instead of, or in addition to, these fields. If canonical_name is not set, it will default to "USERNAME#ENDPOINT_UUID". At least one of them must be specified.

The result will include an id field containing the globally unique endpoint id, which should be used to further manipulate the endpoint document, and to perform transfers and other operations on the endpoint’s filesystem.

Globus Connect Server endpoints

At least one of display_name and canonical_name is required, but at least one "server" sub document must be created for it to function.

Globus Connect Personal endpoints

Requires display_name or canonical_name, and is_globus_connect must be set to "true". Once created, the setup key can be obtained from the endpoint document in field globus_connect_setup_key.

Shared endpoints

Shared endpoints are created using a different resource, see [Create shared endpoint].

S3 endpoints

The REST API does not yet support creating S3 endpoints, this must be done using the CLI.

URL

/endpoint

Method

POST

Request Body

Endpoint document

Response Body

Result document, including an id field containing the system generated id of the new endpoint.

6.3. Create shared endpoint

Create a shared endpoint.

Authorization

Requires that the host endpoint is managed. For Globus Connect Personal endpoints, creating a shared endpoint is also allowed if the user has the "administrator" effective role on the host endpoint.

Note:If the authorization requirement is no longer met in the future, e.g. if the endpoint is made unmanaged, task submission will not be allowed. In this case, attempting to submit a new task will result in a "NotLicensedException" error.

URL

/shared_endpoint

Method

POST

Request Body

Shared endpoint document

Response Body

Result document, including an id field containing the system generated id of the new endpoint.

6.4. Update endpoint by id

Update an endpoint. This can be done using a partial document by specifying only DATA_TYPE and the fields to be updated, or doing a GET on the endpoint, changing the appropriate fields, and doing a PUT of the full document. Using a partial document is preferred.

Note:Endpoint PUT can not be used to update the servers on the endpoint. The server APIs should be used instead. New code should not pass a "DATA" key at all when doing endpoint update.
Authorization

Requires the "administrator" effective role on the endpoint.

URL

/endpoint/<endpoint_xid>

Method

PUT

Request Body

Partial endpoint document

Response Body

Result document

Which fields can be updated depends on the type of endpoint:

Type Updatable fields

All Endpoint Types

display_name, description, organization, department, keywords, contact_email, contact_info, info_link, owner_string

default_directory, force_encryption, disable_verify

DEPRECATED: name, canonical_name

Globus Connect Server

subscription_id, public

location, network_use, min_concurrency, preferred_concurrency, min_parallelism, preferred_parallelism

myproxy_server, myproxy_dn, oauth_server

Globus Connect Personal

subscription_id, public

location, network_use, min_concurrency, preferred_concurrency, min_parallelism, preferred_parallelism

Shared endpoint

https_server

S3 endpoint

subscription_id, public

6.5. Delete endpoint by id

Delete an endpoint by id or canonical name (the latter is deprecated). Note that all data associated with the endpoint, including roles and the ACL, will be deleted as well. If the hostname of the server has changed, the server document(s) in the endpoint should be changed rather than deleting and recreating the endpoint with different servers.

Authorization

Requires the "administrator" effective role on the endpoint.

URL

/endpoint/<endpoint_xid>

Method

DELETE

Response Body

Result document

6.6. Get my effective endpoint pause rules

Get all pause rules on an endpoint that affect the current user, with sensitive administrator only fields removed.

See also: pause_rule_limited document.

URL

/endpoint/<endpoint_xid>/my_effective_pause_rule_list

Method

GET

Response Body

List of "pause_rule_limited" documents

6.7. Get endpoint server list

Get a list of all servers belonging to the specified endpoint. Note that this is the same as the server list included under the "DATA" key of the endpoint document.

Authorization

Requires that the endpoint is public or that the user has the "administrator" or "activity_monitor" effective role on the endpoint.

URL

/endpoint/<endpoint_xid>/server_list

Method

GET

Response Body

List of server documents

6.8. Get endpoint server by id

Get a specific server belonging to the specified endpoint.

Authorization

Requires that the endpoint is public or that the user has the "administrator" or "activity_monitor" effective role on the endpoint.

URL

/endpoint/<endpoint_xid>/server/<server_id>

Method

GET

Response Body

A "server" document

6.9. Add endpoint server

Add a server to the specified endpoint. The hostname field is required, scheme and port default to "gsiftp" and 2811, and subject defaults to "null". The derived fields and boolean status fields are ignored, and should not be included in the request body.

Returns a result document containing the id of the newly added server.

Authorization

Requires the "administrator" effective role on the endpoint.

URL

/endpoint/<endpoint_xid>/server

Method

POST

Response Body

Server document without the id.

Response Body

 
{
    "DATA_TYPE": "endpoint_server_add_result",
    "id": 123,
    "code": "Created",
    "message": "Server added to endpoint successfully",
    "resource": "/endpoint/347a942d-3bf6-4d43-98e0-16e29cfb1d82/server",
    "request_id": "ABCdef789"
}

6.10. Update endpoint server by id

Update a server belonging to the specified endpoint. Include only the fields to be updated in the request body - any of hostname, scheme, port, and subject can be updated.

Authorization

Requires the "administrator" effective role on the endpoint.

URL

/endpoint/<endpoint_xid>/server/<server_id>

Method

PUT

Request Body

Partial server document.

Response Body

Result document

6.11. Delete endpoint server by id

Delete a server belonging to the specified endpoint.

Authorization

Requires the "administrator" effective role on the endpoint.

URL

/endpoint/<endpoint_xid>/server/<server_id>

Method

DELETE

Response Body

Result document

6.12. Get shared endpoint list

Get a list of shared endpoints for which the user has the "administrator" or "access_manager" effective role. hosted by a given GridFTP or Globus Connect Personal endpoint. Returns a "BadRequest" error if called on an endpoint that can’t host shared endpoints.

Authorization

Same as get endpoint by ID (GET /endpoint/<endpoint_xid>).

URL

/endpoint/<endpoint_xid>/my_shared_endpoint_list

Method

GET

Response Body

An "endpoint_list" document

© 2010- The University of Chicago Legal