Network Security API

Name: Network Security API API
Brand: Network Security API
Availability: InStock

✓ Official Vendor SpecSecurityComplianceoauth247 EndpointsREST

For Agents

Configure and manage Google Cloud network security policies — address groups, TLS policies, authorization policies, and security profile groups — across regional locations.

Quickstart

Get started with Network Security API in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"create a google cloud network security address group"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with Network Security API API.

Create address groups and add or remove IP CIDRs to drive allow/deny rules across VPCs

Author authorization policies that gate east-west and north-south traffic on managed gateways

Roll out server and client TLS policies to enforce mTLS between Google Cloud services

Define gateway security policies and attach URL filtering rules to mediate egress traffic

GET STARTED

Start building with Network Security API API

Explore with Jentic

View OpenAPI Document

Use for: I need to create an address group of allowed IP CIDRs, Add a new IP range to an existing network security address group, List all server TLS policies in a given region, Create an authorization policy that denies a specific service account

Not supported: Does not handle VPC firewall rule enforcement, identity-level access control, or DDoS mitigation — use for declaring network security policy resources only.

The Network Security API configures and manages Google Cloud network security policies — address groups, authorization policies, server and client TLS policies, gateway security policies, and security profile groups. It provides the control plane for shaping which traffic is allowed across VPC networks, load balancers, and Google Cloud workloads. Use it to define IP allow lists, enforce mTLS, attach URL filtering rules, and bind security profiles to gateways. The spec exposes 47 endpoints across regional locations and long-running operations.

Use Cases

Patterns agents use Network Security API API for, with concrete tasks.

★ Centralised IP allow lists across regions

Maintain reusable address groups that hold allowed or blocked IP CIDRs, then reference them from firewall and authorization policies across multiple regions. The Network Security API lets you add, clone, and remove items from a group atomically so policy changes propagate through one source of truth instead of dozens of inline rules. Suitable for organisations standardising egress controls or enforcing partner allow lists across hundreds of VPCs.

Create an address group named partner-allowlist in us-central1, add CIDRs 203.0.113.0/24 and 198.51.100.0/24, and confirm the operation finished successfully.

Mutual TLS enforcement between services

Author server and client TLS policies that enforce mTLS for traffic between Google Cloud workloads exposed via load balancers and service mesh endpoints. The API stores certificate authorities, validation rules, and SAN lists as policy resources you attach to backend services. Useful for zero-trust deployments that need cryptographic identity instead of network-level trust.

Create a server TLS policy that requires client certificates issued by a specific CertificateAuthorityService CA and attach it to the backend service my-grpc-service.

Gateway URL filtering and threat inspection

Define gateway security policies with ordered URL filtering rules and bind security profile groups for deep inspection. The API targets traffic flowing through Secure Web Proxy and other Google Cloud network gateways so security teams can block categories, log decisions, and route traffic through TLS interception. Reduces the friction of editing rule sets directly inside the gateway console.

Create a gateway security policy gw-egress-policy in europe-west1, add a URL filtering rule that denies category gambling, and bind security profile group threats-default.

Agent-driven network security automation via Jentic

Through Jentic, AI agents can author and update network security resources without holding raw OAuth tokens. The agent issues an intent like configure mTLS, Jentic returns the matching Network Security API operation with its input schema, and execution happens with credentials brokered via the Jentic vault. This lets ops chatbots and remediation agents adjust policies in response to alerts in seconds.

Use Jentic to find the operation that adds items to an address group, load its schema, and execute it to add 10.0.0.0/8 to corp-internal-ranges.

Key Endpoints

47 endpoints — the network security api configures and manages google cloud network security policies — address groups, authorization policies, server and client tls policies, gateway security policies, and security profile groups.

METHOD

PATH

DESCRIPTION

POST

/v1/{+addressGroup}:addItems

Add IP CIDRs to an address group

POST

/v1/{+addressGroup}:removeItems

Remove IP CIDRs from an address group

POST

/v1/{+parent}/addressGroups

Create a new address group

GET

/v1/{+addressGroup}:listReferences

List policies that reference an address group

POST

/v1/{+name}:cancel

Cancel a long-running operation

GET

/v1/{+name}/operations

List operations for a parent resource

POST

/v1/{+addressGroup}:addItems

Add IP CIDRs to an address group

POST

/v1/{+addressGroup}:removeItems

Remove IP CIDRs from an address group

POST

/v1/{+parent}/addressGroups

Create a new address group

GET

/v1/{+addressGroup}:listReferences

List policies that reference an address group

POST

/v1/{+name}:cancel

Cancel a long-running operation

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

Google OAuth 2.0 access tokens are minted from a service-account refresh credential stored in the Jentic vault (MAXsystem). Agents receive scoped, short-lived tokens — the underlying private key never enters the agent context.

Intent-based discovery

Agents search Jentic with intents like configure mtls policy or add ip to allow list and Jentic returns the matching Network Security API operation, its input schema, and its required scopes — no doc browsing required.

Time to first call

Direct integration with the Network Security API: 1-2 days to wire OAuth, retries, and long-running operation polling. Through Jentic: under 30 minutes — search, load, execute.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Complementary

Compute Engine API

Compute Engine owns VPC firewall rules that consume Network Security address groups

Choose Compute Engine when the agent needs to attach or modify the actual VPC firewall rule that references a network security address group.

Complementary

Security Command Center API

Security Command Center surfaces findings that often drive Network Security policy changes

Use Security Command Center when the agent first needs to triage findings before deciding which network security policy to update.

Alternative

Identity and Access Management API

IAM controls identity-level access; Network Security controls network-level reachability

Use IAM when the agent needs to grant or revoke a principal's permissions; use Network Security when the gating decision is about network paths and TLS.

FAQs

Specific to using Network Security API API through Jentic.

What authentication does the Network Security API use?

The API uses Google OAuth 2.0 with the cloud-platform scope. When called through Jentic, the OAuth token is brokered from the encrypted Jentic vault so agents never see the raw credential.

Can I manage IP allow lists with the Network Security API?

Yes. The addItems, removeItems, and cloneItems operations on /v1/{+addressGroup} let you mutate address group membership, and the resulting groups can be referenced from firewall rules and authorization policies.

What are the rate limits for the Network Security API?

Google Cloud applies per-project quotas for control-plane writes — typically a few hundred mutating operations per minute. Exact ceilings appear in the Cloud Console quotas page; treat large rollouts as long-running by polling the operations endpoint.

How do I create a server TLS policy through Jentic?

Search Jentic for create server tls policy, load the schema for the POST on /v1/{+parent}/serverTlsPolicies, and execute it with the parent location and policy body. The Jentic SDK runs the call asynchronously and returns the long-running operation handle.

Does this API handle data plane packet filtering?

No — the API is a control plane that defines policy resources. Packet enforcement happens inside the VPC firewall, load balancers, and Secure Web Proxy data planes that consume these policies.

How do I track a long-running rollout?

Every mutating call returns an operation. Poll /v1/{+name}/operations and inspect the done field; cancel in-flight changes by POSTing to /v1/{+name}:cancel.