PowerCLI

I have a PowerShell script that uses Invoke-RestMethod with Basic authentication to query NSX‑T: first to list all Tier‑0 gateways, then for each Tier‑0 get its locale‑services, then for each locale-service get BGP neighbor status.

Because Basic auth is specified on every request, each Invoke‑RestMethod call re‑authenticates. In a large NSX‑T environment with many Tier‑0 and locale‑services, that means dozens or hundreds of auth checks each run. For example, if I have 50 Tier‑0s and each has 4 locale-services, that's 1 + 50 + 200 = 251 HTTP requests each run - and 251 separate authentication attempts.

While the script works fine and only performs GET requests, I wonder:

1. Is this repeated authentication putting unnecessary load on NSX‑T Manager?

2. Should I switch to a "login once → reuse token → many GETs" approach (e.g. via the NSX‑T REST token endpoint) - and is this supported / recommended with NSX‑T 4.2.2.1 + PowerCLI?

3. If I change to token‑based auth, are there any known pitfalls when using PowerCLI / Invoke‑RestMethod + Bearer token for NSX‑T?

What I'm asking you:

• Any experience from others with large NSX‑T environments + PowerCLI + REST API regarding load / performance.

• Suggestions or sample patterns for token‑based authentication + efficient querying (especially for large number of objects).

• Warnings or "gotchas" - e.g. token expiry, API‑rate limiting, concurrency issues.

The Code:

Hi There,

I can partially answer this & Since this hasn't been answered in the past ~3w, I think it would help.

1. Is this repeated authentication putting unnecessary load on NSX‑T Manager? 

Yes, this is going to put a lot of pressure on the NSX and you might as well notice CPU Spikes + Latency. Also, this might even hit the rate limit for NSX and you might even receive HTTP 429 (too many requests) messages. You can increase this rate limit though.

To check the current limit, login to the NSX Manager CLI and run the command "get service http". It will return an excerpt like below 

Client API rate limit: 100 requests/sec

By default this limit is 100 requests/sec which can be increased (to say 500 requests/sec) by using the below command

set service http client-api-rate-limit 500

I have a PowerShell script that uses Invoke-RestMethod with Basic authentication to query NSX‑T: first to list all Tier‑0 gateways, then for each Tier‑0 get its locale‑services, then for each locale-service get BGP neighbor status.

Because Basic auth is specified on every request, each Invoke‑RestMethod call re‑authenticates. In a large NSX‑T environment with many Tier‑0 and locale‑services, that means dozens or hundreds of auth checks each run. For example, if I have 50 Tier‑0s and each has 4 locale-services, that's 1 + 50 + 200 = 251 HTTP requests each run - and 251 separate authentication attempts.

While the script works fine and only performs GET requests, I wonder:

1. Is this repeated authentication putting unnecessary load on NSX‑T Manager?

2. Should I switch to a "login once → reuse token → many GETs" approach (e.g. via the NSX‑T REST token endpoint) - and is this supported / recommended with NSX‑T 4.2.2.1 + PowerCLI?

3. If I change to token‑based auth, are there any known pitfalls when using PowerCLI / Invoke‑RestMethod + Bearer token for NSX‑T?

What I'm asking you:

• Any experience from others with large NSX‑T environments + PowerCLI + REST API regarding load / performance.

• Suggestions or sample patterns for token‑based authentication + efficient querying (especially for large number of objects).

• Warnings or "gotchas" - e.g. token expiry, API‑rate limiting, concurrency issues.

The Code: