diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 4054568..d7b9556 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -17,10 +17,19 @@ jobs:
       - name: Setup Go environment
         uses: actions/setup-go@v2.1.3
         with:
-          go-version: '1.19'
+          go-version: '1.20'
       - name: Compiles
         run: go build ./...
 
+      - name: Runs go fmt
+        if: ${{ success() }}
+        run: |
+          OUTPUT=$(go fmt ./... 2>&1)
+          if [ ! -z "$OUTPUT" ]; then
+            echo "go fmt failed on the following files:"
+            echo "$OUTPUT"
+            exit 1
+          fi
       - name: Runs unit tests
         if: ${{ success() }}
         run: go test -coverprofile ./unitcoverage.out ./...
@@ -47,4 +56,5 @@ jobs:
             ./unitcoverage.out
             ./test/reports/report.xml
             ./test/reports/coverage.out
+            ./test/diagnostics.tgz
 
diff --git a/.gitignore b/.gitignore
index 0534fc7..324c98d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,6 +8,7 @@
 # lib/*/include*
 
 test/reports
+test/diagnostics.tgz
 
 test/sempclient/action/*
 !test/sempclient/action/go.mod
diff --git a/Jenkinsfile b/Jenkinsfile
index ba92a3e..7964fde 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -1,3 +1,19 @@
+// pubsubplus-go-client
+//
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 // The following is an internal infrastructure file for building 
 properties([
     buildDiscarder(logRotator(daysToKeepStr: '30', numToKeepStr: '10')),
diff --git a/NOTICE.txt b/NOTICE.txt
index 4da3e72..c2a0278 100644
--- a/NOTICE.txt
+++ b/NOTICE.txt
@@ -1,6 +1,6 @@
 pubsubplus-go-client
 
-Copyright 2021-2022 Solace Corporation. All rights reserved.
+Copyright 2021-2023 Solace Corporation. All rights reserved.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
diff --git a/README.md b/README.md
index a920db6..c647639 100644
--- a/README.md
+++ b/README.md
@@ -56,4 +56,4 @@ https://solace.com/support
 - The [Solace Developer Portal](https://dev.solace.com)
 - Understanding [Solace technology](https://solace.com/products/tech/)
 
-Copyright 2021-2022 Solace Corporation. All rights reserved.
+Copyright 2021-2023 Solace Corporation. All rights reserved.
diff --git a/doc.go b/doc.go
index 4f13592..b503841 100644
--- a/doc.go
+++ b/doc.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/docs-templates/generate_documentation.go b/docs-templates/generate_documentation.go
deleted file mode 100644
index ab08f7a..0000000
--- a/docs-templates/generate_documentation.go
+++ /dev/null
@@ -1,144 +0,0 @@
-// pubsubplus-go-client
-//
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//go:build ignore
-// +build ignore
-
-package main
-
-import (
-	"fmt"
-	"os"
-	"os/exec"
-)
-
-const destination = "./docs/"
-const siteNameTemplate = "Solace PubSub+ Messaging API for Go v%s"
-const siteFooter = "Copyright 2021-2022 Solace Corporation. All rights reserved."
-
-const siteDescription = `The Solace PubSub+ Messaging API for Go allows developers to create client-based messaging applications that
-connect and subscribe to in order to publish/consume messages from PubSub+ event brokers.
-
-## Installing the PubSub+ Messaging API for Go
-Run the following to install the Messaging API to your project:
-<pre>go get solace.dev/go/messaging</pre>
-
-## Using Secure Socket Layer with the Messaging API for Go
-To use secure socket layer (SSL) endpoints, OpenSSL 1.1.1 must installed on the systems that run your client applications.
-Client applications use SSL endpoints to create secure connections to an event broker (or broker).
-For example, on PubSub+ event brokers, you can use SMF TLS/SSL (default port of 55443) and
-Web Transport TLS/SSL connectivity (default port 1443) for messaging. For more details, see the
-<a href="solace.dev/go/messaging/pkg/solace/index.html">overview</a> in the package solace.
-
-## Example: Publish a Message Application
-This PubSub+ Messaging API uses the builder pattern. 
-For simplicity, error checking has been removed from the following example that shows you:
-- how to configure and build MessageServiceBuilder to connect to an event broker using basic authentication
-- publish a message "hello world" to topic my/topic/string
-<pre>
-import (
-	"time"
-
-	"solace.dev/go/messaging"
-	"solace.dev/go/messaging/pkg/solace/config"
-	"solace.dev/go/messaging/pkg/solace/resource"
-)
-
-func main() {
-	// NOTE: All error checking has been removed below and is intended for
-	//       to show how to use the API. In production systems, we highly
-	//       recommmend you put proper error checking and handling in your code.
-	
-	// Create a new solace.MessagingServiceBuilder
-	messagingServiceBuilder := messaging.NewMessagingServiceBuilder()
-	// Configure and build a new solace.MessagingService
-	// Each function returns a solace.MessagingServiceBuilder for chaining
-	messagingService, _ := messagingServiceBuilder.
-		FromConfigurationProvider(config.ServicePropertyMap{
-			// Configure the host of the event broker to connect to.
-			config.TransportLayerPropertyHost: "localhost",
-			// Configure the Message VPN on the event broker for which to connect.
-			// Most event brokers have a default Message VPN.
-			config.ServicePropertyVPNName: "default",
-		}).
-		WithAuthenticationStrategy(config.BasicUserNamePasswordAuthentication(
-			// In this case, we use basic authentication, so is configured
-			// on your event broker (is this the client )
-			"username",
-			"password",
-		)).
-		Build()
-	
-	// Connect the solace.MessagingService using the configuation
-	// This call connects this application to the event broker
-	_ = messagingService.Connect()
-	
-	// Configure and build a new solace.DirectMessagePublisher to publish 
-	// messages to the event broker
-	publisher, _ := messagingService.CreateDirectMessagePublisherBuilder().Build()
-	
-	// Start the publisher to allow for publishing of outbound messages
-	_ = publisher.Start()
-	
-	// Build a new outbound message
-	msg, _ := messagingService.MessageBuilder().BuildWithStringPayload("hello world")
-	// Publish the message to the topic my/topic/string
-	publisher.Publish(msg, resource.TopicOf("my/topic/string"))
-	
-	// Terminate the publisher with a grace period of 10 seconds allowing buffered messages to be published
-	_ = publisher.Terminate(10 * time.Second)
-	
-	// Disconnect from the event broker
-	_ = messagingService.Disconnect()
-}
-</pre>
-`
-const pubsubDocsVersonEnv = "PUBSUB_DOCS_VERSION"
-
-func main() {
-	var pubsubDocsVersion string
-	if len(os.Args) < 2 {
-		fmt.Printf("%s not provided, defaulting to 0.0.0\n", pubsubDocsVersonEnv)
-		pubsubDocsVersion = "0.0.0"
-	} else {
-		pubsubDocsVersion = os.Args[1]
-	}
-
-	// assume we are being run from the docs-template directory
-	os.Mkdir(destination, os.ModePerm)
-
-	args := []string{
-		// set the destination
-		"-destination=" + destination,
-		// site name formatted string with the version inserted
-		"-site-name=" + fmt.Sprintf(siteNameTemplate, pubsubDocsVersion),
-		// site description displays on the landing page with markdown
-		"-site-description=" + siteDescription,
-		// footer set to the copyright
-		"-site-footer=" + siteFooter,
-		// and target the current module
-		".",
-	}
-
-	cmd := exec.Command("godoc-static", args...)
-	cmd.Stdout = os.Stdout
-	cmd.Stdin = os.Stdin
-	cmd.Stderr = os.Stderr
-	if err := cmd.Run(); err != nil {
-		fmt.Printf("An error occurred while generating the documentation: %s\n", err)
-		os.Exit(1)
-	}
-}
diff --git a/internal/ccsmp/ccsmp_callbacks.c b/internal/ccsmp/ccsmp_callbacks.c
index 32f822f..727a5b6 100644
--- a/internal/ccsmp/ccsmp_callbacks.c
+++ b/internal/ccsmp/ccsmp_callbacks.c
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/ccsmp_container.go b/internal/ccsmp/ccsmp_container.go
index 938c3c6..852739b 100644
--- a/internal/ccsmp/ccsmp_container.go
+++ b/internal/ccsmp/ccsmp_container.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/ccsmp_core.go b/internal/ccsmp/ccsmp_core.go
index a51c685..060ddb9 100644
--- a/internal/ccsmp/ccsmp_core.go
+++ b/internal/ccsmp/ccsmp_core.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -118,7 +118,7 @@ func goEventCallback(sessionP SolClientSessionPt, eventInfoP SolClientSessionEve
 
 // Logging
 
-//LogInfo structure
+// LogInfo structure
 type LogInfo struct {
 	Message string
 	Level   SolClientLogLevel
@@ -480,16 +480,16 @@ func handleCcsmpError(f func() SolClientReturnCode) *SolClientErrorInfoWrapper {
 }
 
 func (session *SolClientSession) SolClientModifySessionProperties(properties []string) *SolClientErrorInfoWrapper {
-        sessionPropsP, sessionPropertiesFreeFunction := ToCArray(properties, true)
-        defer sessionPropertiesFreeFunction()
-        
-        solClientErrorInfo := handleCcsmpError(func() SolClientReturnCode {
-                return C.solClient_session_modifyProperties(session.pointer, sessionPropsP)
-        })
-        // If there was an error, return the error
-        if solClientErrorInfo != nil {
-                return solClientErrorInfo
-        }
-        // If there was no error, return nil
-        return nil
+	sessionPropsP, sessionPropertiesFreeFunction := ToCArray(properties, true)
+	defer sessionPropertiesFreeFunction()
+
+	solClientErrorInfo := handleCcsmpError(func() SolClientReturnCode {
+		return C.solClient_session_modifyProperties(session.pointer, sessionPropsP)
+	})
+	// If there was an error, return the error
+	if solClientErrorInfo != nil {
+		return solClientErrorInfo
+	}
+	// If there was no error, return nil
+	return nil
 }
diff --git a/internal/ccsmp/ccsmp_endpoint_prop_generated.go b/internal/ccsmp/ccsmp_endpoint_prop_generated.go
index 5e02a80..e42ba0b 100644
--- a/internal/ccsmp/ccsmp_endpoint_prop_generated.go
+++ b/internal/ccsmp/ccsmp_endpoint_prop_generated.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -48,7 +48,7 @@ const (
 	SolClientEndpointPropQueue = C.SOLCLIENT_ENDPOINT_PROP_QUEUE
 	// SolClientEndpointPropTe: Request is for a Topic Endpoint.
 	SolClientEndpointPropTe = C.SOLCLIENT_ENDPOINT_PROP_TE
-	// SolClientEndpointPropClientName: Request is for a Client name  (solClient_session_endpointTopicSubscribe() / solClient_session_endpointTopicUnsubscribe() only.)
+	// SolClientEndpointPropClientName: Request is for a Client name  (solClient_session_endpointTopicSubscribe() / solClient_session_endpointTopicUnsubscribe()) only.
 	SolClientEndpointPropClientName = C.SOLCLIENT_ENDPOINT_PROP_CLIENT_NAME
 	// SolClientEndpointPropAccesstypeNonexclusive: A non-exclusive (shared) Queue. Each client to bind receives messages in a round robin fashion.
 	SolClientEndpointPropAccesstypeNonexclusive = C.SOLCLIENT_ENDPOINT_PROP_ACCESSTYPE_NONEXCLUSIVE
diff --git a/internal/ccsmp/ccsmp_flow.go b/internal/ccsmp/ccsmp_flow.go
index cbf7457..bde0615 100644
--- a/internal/ccsmp/ccsmp_flow.go
+++ b/internal/ccsmp/ccsmp_flow.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/ccsmp_flow_event_generated.go b/internal/ccsmp/ccsmp_flow_event_generated.go
index 6003e87..31e5ae8 100644
--- a/internal/ccsmp/ccsmp_flow_event_generated.go
+++ b/internal/ccsmp/ccsmp_flow_event_generated.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/ccsmp_flow_prop_generated.go b/internal/ccsmp/ccsmp_flow_prop_generated.go
index 97748c9..7322a54 100644
--- a/internal/ccsmp/ccsmp_flow_prop_generated.go
+++ b/internal/ccsmp/ccsmp_flow_prop_generated.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/ccsmp_generate.go b/internal/ccsmp/ccsmp_generate.go
index f851fda..f47752b 100644
--- a/internal/ccsmp/ccsmp_generate.go
+++ b/internal/ccsmp/ccsmp_generate.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/ccsmp_global_prop_generated.go b/internal/ccsmp/ccsmp_global_prop_generated.go
index be6a15e..2c89bfe 100644
--- a/internal/ccsmp/ccsmp_global_prop_generated.go
+++ b/internal/ccsmp/ccsmp_global_prop_generated.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/ccsmp_helper.c b/internal/ccsmp/ccsmp_helper.c
index 7f5a454..2c80293 100644
--- a/internal/ccsmp/ccsmp_helper.c
+++ b/internal/ccsmp/ccsmp_helper.c
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/ccsmp_helper.h b/internal/ccsmp/ccsmp_helper.h
index fd33571..0b30a0f 100644
--- a/internal/ccsmp/ccsmp_helper.h
+++ b/internal/ccsmp/ccsmp_helper.h
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/ccsmp_log_level_generated.go b/internal/ccsmp/ccsmp_log_level_generated.go
index 6d808d7..b154d7e 100644
--- a/internal/ccsmp/ccsmp_log_level_generated.go
+++ b/internal/ccsmp/ccsmp_log_level_generated.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/ccsmp_message.go b/internal/ccsmp/ccsmp_message.go
index b71f812..446f55d 100644
--- a/internal/ccsmp/ccsmp_message.go
+++ b/internal/ccsmp/ccsmp_message.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/ccsmp_return_code_generated.go b/internal/ccsmp/ccsmp_return_code_generated.go
index 2f5293b..c73dbb6 100644
--- a/internal/ccsmp/ccsmp_return_code_generated.go
+++ b/internal/ccsmp/ccsmp_return_code_generated.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/ccsmp_rmid.go b/internal/ccsmp/ccsmp_rmid.go
index 7250ddc..3a3e2dc 100644
--- a/internal/ccsmp/ccsmp_rmid.go
+++ b/internal/ccsmp/ccsmp_rmid.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/ccsmp_session_event_generated.go b/internal/ccsmp/ccsmp_session_event_generated.go
index f9b3ff9..1d9b290 100644
--- a/internal/ccsmp/ccsmp_session_event_generated.go
+++ b/internal/ccsmp/ccsmp_session_event_generated.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/ccsmp_session_prop_generated.go b/internal/ccsmp/ccsmp_session_prop_generated.go
index ad29619..bb830ac 100644
--- a/internal/ccsmp/ccsmp_session_prop_generated.go
+++ b/internal/ccsmp/ccsmp_session_prop_generated.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/ccsmp_session_stats_rx_generated.go b/internal/ccsmp/ccsmp_session_stats_rx_generated.go
index 3009f33..c61c319 100644
--- a/internal/ccsmp/ccsmp_session_stats_rx_generated.go
+++ b/internal/ccsmp/ccsmp_session_stats_rx_generated.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/ccsmp_session_stats_tx_generated.go b/internal/ccsmp/ccsmp_session_stats_tx_generated.go
index daa9697..157ea65 100644
--- a/internal/ccsmp/ccsmp_session_stats_tx_generated.go
+++ b/internal/ccsmp/ccsmp_session_stats_tx_generated.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/cgo_helpers.go b/internal/ccsmp/cgo_helpers.go
index 309a32d..754c190 100644
--- a/internal/ccsmp/cgo_helpers.go
+++ b/internal/ccsmp/cgo_helpers.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/dummy.go b/internal/ccsmp/dummy.go
index cc9b996..06dd689 100644
--- a/internal/ccsmp/dummy.go
+++ b/internal/ccsmp/dummy.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/generator/ccsmp_endpoint_prop_generator.go b/internal/ccsmp/generator/ccsmp_endpoint_prop_generator.go
index 69491c9..502d5e9 100644
--- a/internal/ccsmp/generator/ccsmp_endpoint_prop_generator.go
+++ b/internal/ccsmp/generator/ccsmp_endpoint_prop_generator.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/generator/ccsmp_flow_event_generator.go b/internal/ccsmp/generator/ccsmp_flow_event_generator.go
index 63fca49..eb8ea8c 100644
--- a/internal/ccsmp/generator/ccsmp_flow_event_generator.go
+++ b/internal/ccsmp/generator/ccsmp_flow_event_generator.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/generator/ccsmp_flow_prop_generator.go b/internal/ccsmp/generator/ccsmp_flow_prop_generator.go
index 7bd61be..2fa8670 100644
--- a/internal/ccsmp/generator/ccsmp_flow_prop_generator.go
+++ b/internal/ccsmp/generator/ccsmp_flow_prop_generator.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/generator/ccsmp_global_prop_generator.go b/internal/ccsmp/generator/ccsmp_global_prop_generator.go
index 5654a22..a58145d 100644
--- a/internal/ccsmp/generator/ccsmp_global_prop_generator.go
+++ b/internal/ccsmp/generator/ccsmp_global_prop_generator.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/generator/ccsmp_log_level_generator.go b/internal/ccsmp/generator/ccsmp_log_level_generator.go
index 07cfdbc..fa46073 100644
--- a/internal/ccsmp/generator/ccsmp_log_level_generator.go
+++ b/internal/ccsmp/generator/ccsmp_log_level_generator.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/generator/ccsmp_return_code_generator.go b/internal/ccsmp/generator/ccsmp_return_code_generator.go
index 728f5de..4678032 100644
--- a/internal/ccsmp/generator/ccsmp_return_code_generator.go
+++ b/internal/ccsmp/generator/ccsmp_return_code_generator.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/generator/ccsmp_session_event_generator.go b/internal/ccsmp/generator/ccsmp_session_event_generator.go
index 7a14fe2..b561154 100644
--- a/internal/ccsmp/generator/ccsmp_session_event_generator.go
+++ b/internal/ccsmp/generator/ccsmp_session_event_generator.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/generator/ccsmp_session_prop_generator.go b/internal/ccsmp/generator/ccsmp_session_prop_generator.go
index 783b376..3c2f364 100644
--- a/internal/ccsmp/generator/ccsmp_session_prop_generator.go
+++ b/internal/ccsmp/generator/ccsmp_session_prop_generator.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/generator/ccsmp_session_stats_generator.go b/internal/ccsmp/generator/ccsmp_session_stats_generator.go
index 5dbb9d7..7a8c24b 100644
--- a/internal/ccsmp/generator/ccsmp_session_stats_generator.go
+++ b/internal/ccsmp/generator/ccsmp_session_stats_generator.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/includes_darwin.go b/internal/ccsmp/includes_darwin_amd64.go
similarity index 93%
rename from internal/ccsmp/includes_darwin.go
rename to internal/ccsmp/includes_darwin_amd64.go
index 28f759b..aae7daa 100644
--- a/internal/ccsmp/includes_darwin.go
+++ b/internal/ccsmp/includes_darwin_amd64.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/includes_darwin_arm64.go b/internal/ccsmp/includes_darwin_arm64.go
new file mode 100644
index 0000000..76657db
--- /dev/null
+++ b/internal/ccsmp/includes_darwin_arm64.go
@@ -0,0 +1,26 @@
+// pubsubplus-go-client
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package ccsmp
+
+/*
+// specific flags for darwin static builds in C
+#cgo CFLAGS: -I${SRCDIR}/lib/include
+#cgo LDFLAGS: -L/opt/homebrew/opt/openssl@1.1/lib ${SRCDIR}/lib/darwin/libsolclient.a -lssl -lcrypto -framework Kerberos
+*/
+import "C"
+
+var SolClientRunningOnAlpine bool = false
diff --git a/internal/ccsmp/includes_linux.go b/internal/ccsmp/includes_linux.go
index a6c770b..a4a1624 100644
--- a/internal/ccsmp/includes_linux.go
+++ b/internal/ccsmp/includes_linux.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/lib/README.md b/internal/ccsmp/lib/README.md
index 314dfd0..ff7d008 100644
--- a/internal/ccsmp/lib/README.md
+++ b/internal/ccsmp/lib/README.md
@@ -1,3 +1,3 @@
 The lib directory contains the native C library (Solace PubSub+ API for C) used by the Solace PubSub+ for Go API.
 
-Copyright 2021-2022 Solace Corporation. All rights reserved.
+Copyright 2021-2023 Solace Corporation. All rights reserved.
diff --git a/internal/ccsmp/lib/darwin/dummy.go b/internal/ccsmp/lib/darwin/dummy.go
index 71e02d4..cfcf476 100644
--- a/internal/ccsmp/lib/darwin/dummy.go
+++ b/internal/ccsmp/lib/darwin/dummy.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/lib/darwin/libsolclient.a b/internal/ccsmp/lib/darwin/libsolclient.a
index 550058d..f5fdaf1 100644
Binary files a/internal/ccsmp/lib/darwin/libsolclient.a and b/internal/ccsmp/lib/darwin/libsolclient.a differ
diff --git a/internal/ccsmp/lib/include/solclient/dummy.go b/internal/ccsmp/lib/include/solclient/dummy.go
index 55e54f5..98b90d1 100644
--- a/internal/ccsmp/lib/include/solclient/dummy.go
+++ b/internal/ccsmp/lib/include/solclient/dummy.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/lib/include/solclient/solClient.h b/internal/ccsmp/lib/include/solclient/solClient.h
index 53848d5..ebaa2fa 100644
--- a/internal/ccsmp/lib/include/solclient/solClient.h
+++ b/internal/ccsmp/lib/include/solclient/solClient.h
@@ -2,7 +2,7 @@
 *
 * @file solClient.h include file for the Solace Corporation Messaging API for C
 *
-* Copyright 2007-2022 Solace Corporation. All rights reserved.
+* Copyright 2007-2023 Solace Corporation. All rights reserved.
 *
 * This include file provides the public constants and API calls for clients
 * connecting to a Solace messaging broker.
@@ -1533,6 +1533,16 @@ typedef struct solClient_field {
 *     <td width="300"> The client attempted to start replay on a flow bound to an anonymous queue. </td>
 *     <td width="300"> 403 Replay Not Supported on Anonymous Queue </td>
 * </tr>
+* <tr>
+*     <td width="300"> SOLCLIENT_SUBCODE_BROWSING_NOT_SUPPORTED_ON_PARTITIONED_QUEUE </td>
+*     <td width="300"> Browser flows to Partitioned Queues are not permitted. </td>
+*     <td width="300"> 403 Browsing Not Supported on Partitioned Queue </td>
+* </tr>
+* <tr>
+*     <td width="300"> SOLCLIENT_SUBCODE_SELECTORS_NOT_SUPPORTED_ON_PARTITIONED_QUEUE </td>
+*     <td width="300"> Egress selectors are not permitted when binding to a Partitioned Queue. </td>
+*     <td width="300"> 403 Selectors Not Supported on Partititoned Queue </td>
+* </tr>
 * </table>
 */
   typedef enum solClient_subCode
@@ -1699,7 +1709,9 @@ typedef struct solClient_field {
     SOLCLIENT_SUBCODE_DELIVERY_COUNT_NOT_SUPPORTED                   = 155, /**< The message was received from endpoint that does not support delivery count */
     SOLCLIENT_SUBCODE_REPLAY_START_MESSAGE_UNAVAILABLE               = 156, /**< A replay was requested but the requested start message is not available in the replay log. */
     SOLCLIENT_SUBCODE_MESSAGE_ID_NOT_COMPARABLE                      = 157, /**< Replication Group Message Id are not comparable. Messages must be published to the same broker or HA pair for their Replicaton Group Message Id to be comparable. */
-    SOLCLIENT_SUBCODE_REPLAY_ANONYMOUS_NOT_SUPPORTED                  = 158  /**< The client attempted to start replay on a flow bound to an anonymous queue. */
+    SOLCLIENT_SUBCODE_REPLAY_ANONYMOUS_NOT_SUPPORTED                  = 158,  /**< The client attempted to start replay on a flow bound to an anonymous queue. */
+    SOLCLIENT_SUBCODE_BROWSING_NOT_SUPPORTED_ON_PARTITIONED_QUEUE       = 159,  /**< Browser flows to Partitioned Queues are not permitted. */
+    SOLCLIENT_SUBCODE_SELECTORS_NOT_SUPPORTED_ON_PARTITIONED_QUEUE      = 160  /**< Egress selectors are not permitted when binding to a Partitioned Queue. */
     /*
      * ADDING NEW SUBCODES: When adding a new subcode always add a new entry to the HTML table in 
      * the comment above this enumeration 
@@ -2483,7 +2495,7 @@ Note: This property is used for all entries specified by the property ::SOLCLIEN
 /*@{*/
 #define SOLCLIENT_ENDPOINT_PROP_QUEUE           "2"     /**< Request is for a Queue. */
 #define SOLCLIENT_ENDPOINT_PROP_TE              "3"     /**< Request is for a Topic Endpoint. */
-#define SOLCLIENT_ENDPOINT_PROP_CLIENT_NAME     "4"     /**< Request is for a Client name  (solClient_session_endpointTopicSubscribe() / solClient_session_endpointTopicUnsubscribe() only.) */
+#define SOLCLIENT_ENDPOINT_PROP_CLIENT_NAME     "4"     /**< Request is for a Client name  (solClient_session_endpointTopicSubscribe() / solClient_session_endpointTopicUnsubscribe()) only. */
 /*@}*/
 
 /** @name Endpoint Naming Entities, used as values for ENDPOINT properties in solClient_session_endpointProvision().
@@ -2498,10 +2510,10 @@ Note: This property is used for all entries specified by the property ::SOLCLIEN
  */
 /*@(*/
 #define SOLCLIENT_ENDPOINT_PERM_NONE           "n"     /**< No permissions for other clients */
-#define SOLCLIENT_ENDPOINT_PERM_READ_ONLY      "r"     /**< Read-only permission — other clients may not consume messages. */
-#define SOLCLIENT_ENDPOINT_PERM_CONSUME        "c"     /**< Consumer permission — other clients may read and consume messages. */
-#define SOLCLIENT_ENDPOINT_PERM_MODIFY_TOPIC   "m"     /**< Modify Topic permission — other clients may read and consume messages, and modify Topic on a Topic Endpoint. */
-#define SOLCLIENT_ENDPOINT_PERM_DELETE         "d"     /**< Delete permission — other clients may read and consume messages, modify the Topic on a Topic Endpoint, and delete the endpoint.  */
+#define SOLCLIENT_ENDPOINT_PERM_READ_ONLY      "r"     /**< Read-only permission other clients may not consume messages. */
+#define SOLCLIENT_ENDPOINT_PERM_CONSUME        "c"     /**< Consumer permission other clients may read and consume messages. */
+#define SOLCLIENT_ENDPOINT_PERM_MODIFY_TOPIC   "m"     /**< Modify Topic permission other clients may read and consume messages, and modify Topic on a Topic Endpoint. */
+#define SOLCLIENT_ENDPOINT_PERM_DELETE         "d"     /**< Delete permission other clients may read and consume messages, modify the Topic on a Topic Endpoint, and delete the endpoint.  */
 /*@}*/
 
 /** @name Endpoint Discard Msg Behavior */
@@ -2586,6 +2598,14 @@ Note: This property is used for all entries specified by the property ::SOLCLIEN
 #define SOLCLIENT_TRANSACTEDSESSION_PROP_DEFAULT_PUB_WINDOW_SIZE "255" /**<The default transacted publisher window size. */
 /*@}*/
 
+/*@}*/
+
+/** @name UserProps
+ *  */
+/*@{*/
+#define SOLCLIENT_MESSAGE_USER_PROP_QUEUE_PARTITION_KEY "JMSXGroupID" /**<Key for getting or setting partition key for a queue where the message should/is published to when supported by a PubSub+ messaging broker. This property should be a  part of User Property map. Expected value is UTF-8 encoded up to 255 bytes long string. */
+/*@}*/
+
 /**
 * @struct solClient_errorInfo
 *
@@ -5094,7 +5114,7 @@ solClient_session_sendReply (solClient_opaqueSession_pt opaqueSession_p,
 * expect that the receive message callback can be called even after calling 
 * solClient_flow_stop(). The maximum number of messages that may be 
 * in transit at any one time is controlled by ::SOLCLIENT_FLOW_PROP_WINDOWSIZE 
-* and ::SOLCLIENT_FLOW_PROP_MAX_UNACKED_MESSAGES (see solClient_flow_setMaxUnAcked()).
+* and ::SOLCLIENT_FLOW_PROP_MAX_UNACKED_MESSAGES (see solClient_flow_setMaxUnacked()).
 *
 * A Flow can be created with the window closed by setting the Flow property ::SOLCLIENT_FLOW_PROP_START_STATE 
 * to ::SOLCLIENT_PROP_DISABLE_VAL. When a Flow is created in this way, messages will not be received
diff --git a/internal/ccsmp/lib/include/solclient/solClientDeprecated.h b/internal/ccsmp/lib/include/solclient/solClientDeprecated.h
index b1e8b67..913ce20 100644
--- a/internal/ccsmp/lib/include/solclient/solClientDeprecated.h
+++ b/internal/ccsmp/lib/include/solclient/solClientDeprecated.h
@@ -4,7 +4,7 @@
 *
 * @file solClientDeprecated.h include file for the Solace Corporation Messaging API for C
 *
-* Copyright 2007-2022 Solace Corporation. All rights reserved.
+* Copyright 2007-2023 Solace Corporation. All rights reserved.
 *
 * This include file provides the deprecated public constants and API calls for clients
 * connecting to a Solace messaging appliance.  This file is provided for backwards 
diff --git a/internal/ccsmp/lib/include/solclient/solClientMsg.h b/internal/ccsmp/lib/include/solclient/solClientMsg.h
index 4270e88..732aa87 100644
--- a/internal/ccsmp/lib/include/solclient/solClientMsg.h
+++ b/internal/ccsmp/lib/include/solclient/solClientMsg.h
@@ -1,7 +1,7 @@
 /**
 * @file solClientMsg.h include file for Solace Corporation Messaging Buffer Management
 *
-* Copyright 2008-2022 Solace Corporation. All rights reserved.
+* Copyright 2008-2023 Solace Corporation. All rights reserved.
 */
 /** @page msgbuffer Solace Message Buffers
 * 
diff --git a/internal/ccsmp/lib/licenses.txt b/internal/ccsmp/lib/licenses.txt
index 3ae8a44..7390376 100644
--- a/internal/ccsmp/lib/licenses.txt
+++ b/internal/ccsmp/lib/licenses.txt
@@ -3,8 +3,9 @@ LICENSE SUMMARY
 
 License terms can be found at the bottom of this file.
 
+BSD 1
+BSD 2
 BSD 3
-LGPL 2.0
 MIT
 OpenSSL
 Solace
@@ -14,12 +15,6 @@ Zlib
 THIRD-PARTY SOFTWARE USED
 =========================
 
-Judy-1.0.4.tar.gz
------------------
-Licensed under LGPL 2.0
-License terms can be found at: http://judy.sourceforge.net/
-Copyright 2004 Doug Baskins
-
 c-ares-1.13.0.tar.gz
 --------------------
 Licensed under MIT
@@ -46,6 +41,18 @@ Licensed under OpenSSL
 License terms can be found at: https://www.openssl.org/source/license.html
 Copyright 2018 OpenSSL Software Foundation
 
+rax-1.2.0.tar.gz
+----------------
+Licensed under BSD 2
+License terms can be found at: https://github.com/antirez/rax/blob/master/COPYING
+Copyright 2017 Salvatore Sanfilippo (antirez@gmail.com)
+
+uthash-2.3.0.tar.gz
+-------------------
+Licensed under BSD 1
+License terms can be found at: https://github.com/troydhanson/uthash/blob/master/LICENSE
+Copyright 2005-2022 Troy D. Hanson  https://troydhanson.github.io/uthash/
+
 zlib-1.2.11.tar.gz
 ------------------
 Licensed under Zlib
@@ -56,6 +63,52 @@ Copyright 2017 Jean-loup Gailly and Mark Adler
 LICENSE REQUIREMENTS & SPECIFICATIONS
 ======================================
 
+BSD 1
+-----
+
+Copyright (c) [Year]
+[Name of Organization] [All rights reserved].
+
+Redistribution and use in source and binary forms, with or without modification, are permitted
+provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice, this list of conditions and
+the following disclaimer.
+
+THIS SOFTWARE IS PROVIDED BY [Name of Organization] “AS IS'' AND ANY EXPRESS OR IMPLIED
+WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL [Name of Organisation] BE LIABLE FOR ANY
+DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+BSD 2
+-----
+
+Copyright (c) <YEAR>, <OWNER>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted
+provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice, this list of conditions and
+the following disclaimer.
+
+Redistributions in binary form must reproduce the above copyright notice, this list of conditions
+and the following disclaimer in the documentation and/or other materials provided with the
+distribution.
+
+THIS SOFTWARE IS PROVIDED BY {{THE COPYRIGHT HOLDERS AND CONTRIBUTORS}} "AS IS" AND ANY EXPRESS OR
+IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL {{THE COPYRIGHT HOLDER OR
+CONTRIBUTORS}} BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
 BSD 3
 -----
 
@@ -84,383 +137,6 @@ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-LGPL 2.0
---------
-
-GNU LIBRARY GENERAL PUBLIC LICENSE
-
-Version 2, June 1991
-
-Copyright (C) 1991 Free Software Foundation, Inc.
-51 Franklin St, Fifth Floor, Boston, MA  02110-1301, USA
-Everyone is permitted to copy and distribute verbatim copies
-of this license document, but changing it is not allowed.
-
-[This is the first released version of the library GPL.  It is
- numbered 2 because it goes with version 2 of the ordinary GPL.]
-Preamble
-
-The licenses for most software are designed to take away your freedom to share and change it. By
-contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and
-change free software--to make sure the software is free for all its users.
-
-This license, the Library General Public License, applies to some specially designated Free
-Software Foundation software, and to any other libraries whose authors decide to use it. You can
-use it for your libraries, too.
-
-When we speak of free software, we are referring to freedom, not price. Our General Public Licenses
-are designed to make sure that you have the freedom to distribute copies of free software (and
-charge for this service if you wish), that you receive source code or can get it if you want it,
-that you can change the software or use pieces of it in new free programs; and that you know you
-can do these things.
-
-To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or
-to ask you to surrender the rights. These restrictions translate to certain responsibilities for
-you if you distribute copies of the library, or if you modify it.
-
-For example, if you distribute copies of the library, whether gratis or for a fee, you must give
-the recipients all the rights that we gave you. You must make sure that they, too, receive or can
-get the source code. If you link a program with the library, you must provide complete object files
-to the recipients so that they can relink them with the library, after making changes to the
-library and recompiling it. And you must show them these terms so they know their rights.
-
-Our method of protecting your rights has two steps: (1) copyright the library, and (2) offer you
-this license which gives you legal permission to copy, distribute and/or modify the library.
-
-Also, for each distributor's protection, we want to make certain that everyone understands that
-there is no warranty for this free library. If the library is modified by someone else and passed
-on, we want its recipients to know that what they have is not the original version, so that any
-problems introduced by others will not reflect on the original authors' reputations.
-
-Finally, any free program is threatened constantly by software patents. We wish to avoid the danger
-that companies distributing free software will individually obtain patent licenses, thus in effect
-transforming the program into proprietary software. To prevent this, we have made it clear that any
-patent must be licensed for everyone's free use or not licensed at all.
-
-Most GNU software, including some libraries, is covered by the ordinary GNU General Public License,
-which was designed for utility programs. This license, the GNU Library General Public License,
-applies to certain designated libraries. This license is quite different from the ordinary one; be
-sure to read it in full, and don't assume that anything in it is the same as in the ordinary
-license.
-
-The reason we have a separate public license for some libraries is that they blur the distinction
-we usually make between modifying or adding to a program and simply using it. Linking a program
-with a library, without changing the library, is in some sense simply using the library, and is
-analogous to running a utility program or application program. However, in a textual and legal
-sense, the linked executable is a combined work, a derivative of the original library, and the
-ordinary General Public License treats it as such.
-
-Because of this blurred distinction, using the ordinary General Public License for libraries did
-not effectively promote software sharing, because most developers did not use the libraries. We
-concluded that weaker conditions might promote sharing better.
-
-However, unrestricted linking of non-free programs would deprive the users of those programs of all
-benefit from the free status of the libraries themselves. This Library General Public License is
-intended to permit developers of non-free programs to use free libraries, while preserving your
-freedom as a user of such programs to change the free libraries that are incorporated in them. (We
-have not seen how to achieve this as regards changes in header files, but we have achieved it as
-regards changes in the actual functions of the Library.) The hope is that this will lead to faster
-development of free libraries.
-
-The precise terms and conditions for copying, distribution and modification follow. Pay close
-attention to the difference between a "work based on the library" and a "work that uses the
-library". The former contains code derived from the library, while the latter only works together
-with the library.
-
-Note that it is possible for a library to be covered by the ordinary General Public License rather
-than by this special one.
-
-TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-0. This License Agreement applies to any software library which contains a notice placed by the
-copyright holder or other authorized party saying it may be distributed under the terms of this
-Library General Public License (also called "this License"). Each licensee is addressed as "you".
-
-A "library" means a collection of software functions and/or data prepared so as to be conveniently
-linked with application programs (which use some of those functions and data) to form executables.
-
-The "Library", below, refers to any such software library or work which has been distributed under
-these terms. A "work based on the Library" means either the Library or any derivative work under
-copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or
-with modifications and/or translated straightforwardly into another language. (Hereinafter,
-translation is included without limitation in the term "modification".)
-
-"Source code" for a work means the preferred form of the work for making modifications to it. For a
-library, complete source code means all the source code for all modules it contains, plus any
-associated interface definition files, plus the scripts used to control compilation and
-installation of the library.
-
-Activities other than copying, distribution and modification are not covered by this License; they
-are outside its scope. The act of running a program using the Library is not restricted, and output
-from such a program is covered only if its contents constitute a work based on the Library
-(independent of the use of the Library in a tool for writing it). Whether that is true depends on
-what the Library does and what the program that uses the Library does.
-
-1. You may copy and distribute verbatim copies of the Library's complete source code as you receive
-it, in any medium, provided that you conspicuously and appropriately publish on each copy an
-appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to
-this License and to the absence of any warranty; and distribute a copy of this License along with
-the Library.
-
-You may charge a fee for the physical act of transferring a copy, and you may at your option offer
-warranty protection in exchange for a fee.
-
-2. You may modify your copy or copies of the Library or any portion of it, thus forming a work
-based on the Library, and copy and distribute such modifications or work under the terms of Section
-1 above, provided that you also meet all of these conditions:
-
-a) The modified work must itself be a software library.
-b) You must cause the files modified to carry prominent notices stating that you changed the files
-and the date of any change.
-c) You must cause the whole of the work to be licensed at no charge to all third parties under the
-terms of this License.
-d) If a facility in the modified Library refers to a function or a table of data to be supplied by
-an application program that uses the facility, other than as an argument passed when the facility
-is invoked, then you must make a good faith effort to ensure that, in the event an application does
-not supply such function or table, the facility still operates, and performs whatever part of its
-purpose remains meaningful.
-(For example, a function in a library to compute square roots has a purpose that is entirely
-well-defined independent of the application. Therefore, Subsection 2d requires that any
-application-supplied function or table used by this function must be optional: if the application
-does not supply it, the square root function must still compute square roots.)
-
-These requirements apply to the modified work as a whole. If identifiable sections of that work are
-not derived from the Library, and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those sections when you distribute
-them as separate works. But when you distribute the same sections as part of a whole which is a
-work based on the Library, the distribution of the whole must be on the terms of this License,
-whose permissions for other licensees extend to the entire whole, and thus to each and every part
-regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest your rights to work written
-entirely by you; rather, the intent is to exercise the right to control the distribution of
-derivative or collective works based on the Library.
-
-In addition, mere aggregation of another work not based on the Library with the Library (or with a
-work based on the Library) on a volume of a storage or distribution medium does not bring the other
-work under the scope of this License.
-
-3. You may opt to apply the terms of the ordinary GNU General Public License instead of this
-License to a given copy of the Library. To do this, you must alter all the notices that refer to
-this License, so that they refer to the ordinary GNU General Public License, version 2, instead of
-to this License. (If a newer version than version 2 of the ordinary GNU General Public License has
-appeared, then you can specify that version instead if you wish.) Do not make any other change in
-these notices.
-
-Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU
-General Public License applies to all subsequent copies and derivative works made from that copy.
-
-This option is useful when you wish to copy part of the code of the Library into a program that is
-not a library.
-
-4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in
-object code or executable form under the terms of Sections 1 and 2 above provided that you
-accompany it with the complete corresponding machine-readable source code, which must be
-distributed under the terms of Sections 1 and 2 above on a medium customarily used for software
-interchange.
-
-If distribution of object code is made by offering access to copy from a designated place, then
-offering equivalent access to copy the source code from the same place satisfies the requirement to
-distribute the source code, even though third parties are not compelled to copy the source along
-with the object code.
-
-5. A program that contains no derivative of any portion of the Library, but is designed to work
-with the Library by being compiled or linked with it, is called a "work that uses the Library".
-Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the
-scope of this License.
-
-However, linking a "work that uses the Library" with the Library creates an executable that is a
-derivative of the Library (because it contains portions of the Library), rather than a "work that
-uses the library". The executable is therefore covered by this License. Section 6 states terms for
-distribution of such executables.
-
-When a "work that uses the Library" uses material from a header file that is part of the Library,
-the object code for the work may be a derivative work of the Library even though the source code is
-not. Whether this is true is especially significant if the work can be linked without the Library,
-or if the work is itself a library. The threshold for this to be true is not precisely defined by
-law.
-
-If such an object file uses only numerical parameters, data structure layouts and accessors, and
-small macros and small inline functions (ten lines or less in length), then the use of the object
-file is unrestricted, regardless of whether it is legally a derivative work. (Executables
-containing this object code plus portions of the Library will still fall under Section 6.)
-
-Otherwise, if the work is a derivative of the Library, you may distribute the object code for the
-work under the terms of Section 6. Any executables containing that work also fall under Section 6,
-whether or not they are linked directly with the Library itself.
-
-6. As an exception to the Sections above, you may also compile or link a "work that uses the
-Library" with the Library to produce a work containing portions of the Library, and distribute that
-work under terms of your choice, provided that the terms permit modification of the work for the
-customer's own use and reverse engineering for debugging such modifications.
-
-You must give prominent notice with each copy of the work that the Library is used in it and that
-the Library and its use are covered by this License. You must supply a copy of this License. If the
-work during execution displays copyright notices, you must include the copyright notice for the
-Library among them, as well as a reference directing the user to the copy of this License. Also,
-you must do one of these things:
-
-a) Accompany the work with the complete corresponding machine-readable source code for the Library
-including whatever changes were used in the work (which must be distributed under Sections 1 and 2
-above); and, if the work is an executable linked with the Library, with the complete
-machine-readable "work that uses the Library", as object code and/or source code, so that the user
-can modify the Library and then relink to produce a modified executable containing the modified
-Library. (It is understood that the user who changes the contents of definitions files in the
-Library will not necessarily be able to recompile the application to use the modified definitions.)
-b) Accompany the work with a written offer, valid for at least three years, to give the same user
-the materials specified in Subsection 6a, above, for a charge no more than the cost of performing
-this distribution.
-c) If distribution of the work is made by offering access to copy from a designated place, offer
-equivalent access to copy the above specified materials from the same place.
-d) Verify that the user has already received a copy of these materials or that you have already
-sent this user a copy.
-For an executable, the required form of the "work that uses the Library" must include any data and
-utility programs needed for reproducing the executable from it. However, as a special exception,
-the source code distributed need not include anything that is normally distributed (in either
-source or binary form) with the major components (compiler, kernel, and so on) of the operating
-system on which the executable runs, unless that component itself accompanies the executable.
-
-It may happen that this requirement contradicts the license restrictions of other proprietary
-libraries that do not normally accompany the operating system. Such a contradiction means you
-cannot use both them and the Library together in an executable that you distribute.
-
-7. You may place library facilities that are a work based on the Library side-by-side in a single
-library together with other library facilities not covered by this License, and distribute such a
-combined library, provided that the separate distribution of the work based on the Library and of
-the other library facilities is otherwise permitted, and provided that you do these two things:
-
-a) Accompany the combined library with a copy of the same work based on the Library, uncombined
-with any other library facilities. This must be distributed under the terms of the Sections above.
-b) Give prominent notice with the combined library of the fact that part of it is a work based on
-the Library, and explaining where to find the accompanying uncombined form of the same work.
-8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly
-provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or
-distribute the Library is void, and will automatically terminate your rights under this License.
-However, parties who have received copies, or rights, from you under this License will not have
-their licenses terminated so long as such parties remain in full compliance.
-
-9. You are not required to accept this License, since you have not signed it. However, nothing else
-grants you permission to modify or distribute the Library or its derivative works. These actions
-are prohibited by law if you do not accept this License. Therefore, by modifying or distributing
-the Library (or any work based on the Library), you indicate your acceptance of this License to do
-so, and all its terms and conditions for copying, distributing or modifying the Library or works
-based on it.
-
-10. Each time you redistribute the Library (or any work based on the Library), the recipient
-automatically receives a license from the original licensor to copy, distribute, link with or
-modify the Library subject to these terms and conditions. You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein. You are not responsible for
-enforcing compliance by third parties to this License.
-
-11. If, as a consequence of a court judgment or allegation of patent infringement or for any other
-reason (not limited to patent issues), conditions are imposed on you (whether by court order,
-agreement or otherwise) that contradict the conditions of this License, they do not excuse you from
-the conditions of this License. If you cannot distribute so as to satisfy simultaneously your
-obligations under this License and any other pertinent obligations, then as a consequence you may
-not distribute the Library at all. For example, if a patent license would not permit royalty-free
-redistribution of the Library by all those who receive copies directly or indirectly through you,
-then the only way you could satisfy both it and this License would be to refrain entirely from
-distribution of the Library.
-
-If any portion of this section is held invalid or unenforceable under any particular circumstance,
-the balance of the section is intended to apply, and the section as a whole is intended to apply in
-other circumstances.
-
-It is not the purpose of this section to induce you to infringe any patents or other property right
-claims or to contest validity of any such claims; this section has the sole purpose of protecting
-the integrity of the free software distribution system which is implemented by public license
-practices. Many people have made generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that system; it is up to the
-author/donor to decide if he or she is willing to distribute software through any other system and
-a licensee cannot impose that choice.
-
-This section is intended to make thoroughly clear what is believed to be a consequence of the rest
-of this License.
-
-12. If the distribution and/or use of the Library is restricted in certain countries either by
-patents or by copyrighted interfaces, the original copyright holder who places the Library under
-this License may add an explicit geographical distribution limitation excluding those countries, so
-that distribution is permitted only in or among countries not thus excluded. In such case, this
-License incorporates the limitation as if written in the body of this License.
-
-13. The Free Software Foundation may publish revised and/or new versions of the Library General
-Public License from time to time. Such new versions will be similar in spirit to the present
-version, but may differ in detail to address new problems or concerns.
-
-Each version is given a distinguishing version number. If the Library specifies a version number of
-this License which applies to it and "any later version", you have the option of following the
-terms and conditions either of that version or of any later version published by the Free Software
-Foundation. If the Library does not specify a license version number, you may choose any version
-ever published by the Free Software Foundation.
-
-14. If you wish to incorporate parts of the Library into other free programs whose distribution
-conditions are incompatible with these, write to the author to ask for permission. For software
-which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we
-sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the
-free status of all derivatives of our free software and of promoting the sharing and reuse of
-software generally.
-
-NO WARRANTY
-
-15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE
-EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS
-AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR
-IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU.
-SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
-CORRECTION.
-
-16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT
-HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE
-LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES
-ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA
-OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE
-LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF
-THE POSSIBILITY OF SUCH DAMAGES.
-
-END OF TERMS AND CONDITIONS
-
-How to Apply These Terms to Your New Libraries
-
-If you develop a new library, and you want it to be of the greatest possible use to the public, we
-recommend making it free software that everyone can redistribute and change. You can do so by
-permitting redistribution under these terms (or, alternatively, under the terms of the ordinary
-General Public License).
-
-To apply these terms, attach the following notices to the library. It is safest to attach them to
-the start of each source file to most effectively convey the exclusion of warranty; and each file
-should have at least the "copyright" line and a pointer to where the full notice is found.
-
-one line to give the library's name and an idea of what it does.
-Copyright (C) year  name of author
-
-This library is free software; you can redistribute it and/or
-modify it under the terms of the GNU Library General Public
-License as published by the Free Software Foundation; either
-version 2 of the License, or (at your option) any later version.
-
-This library is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-Library General Public License for more details.
-
-You should have received a copy of the GNU Library General Public
-License along with this library; if not, write to the
-Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
-Boston, MA  02110-1301, USA.
-Also add information on how to contact you by electronic and paper mail.
-
-You should also get your employer (if you work as a programmer) or your school, if any, to sign a
-"copyright disclaimer" for the library, if necessary. Here is a sample; alter the names:
-
-Yoyodyne, Inc., hereby disclaims all copyright interest in
-the library `Frob' (a library for tweaking knobs) written
-by James Random Hacker.
-
-signature of Ty Coon, 1 April 1990
-Ty Coon, President of Vice
-That's all there is to it!
-
 MIT
 ---
 
diff --git a/internal/ccsmp/lib/linux/dummy.go b/internal/ccsmp/lib/linux/dummy.go
index 6021e79..7642794 100644
--- a/internal/ccsmp/lib/linux/dummy.go
+++ b/internal/ccsmp/lib/linux/dummy.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/ccsmp/lib/linux/libsolclient.a b/internal/ccsmp/lib/linux/libsolclient.a
index 4f53feb..6a082dc 100644
Binary files a/internal/ccsmp/lib/linux/libsolclient.a and b/internal/ccsmp/lib/linux/libsolclient.a differ
diff --git a/internal/generator/generator_utils.go b/internal/generator/generator_utils.go
index f388344..e60af40 100644
--- a/internal/generator/generator_utils.go
+++ b/internal/generator/generator_utils.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -34,7 +34,7 @@ import (
 
 const copyrightHeader = `// pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/constants/constants.go b/internal/impl/constants/constants.go
index fc614e1..576936a 100644
--- a/internal/impl/constants/constants.go
+++ b/internal/impl/constants/constants.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/constants/default_properties.go b/internal/impl/constants/default_properties.go
index 7705dfe..d08c283 100644
--- a/internal/impl/constants/default_properties.go
+++ b/internal/impl/constants/default_properties.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/constants/error_strings.go b/internal/impl/constants/error_strings.go
index 63c045b..98ade04 100644
--- a/internal/impl/constants/error_strings.go
+++ b/internal/impl/constants/error_strings.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/core/error.go b/internal/impl/core/error.go
index a6a35fe..fdefb1c 100644
--- a/internal/impl/core/error.go
+++ b/internal/impl/core/error.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/core/events.go b/internal/impl/core/events.go
index fb5a6ef..8e27a6c 100644
--- a/internal/impl/core/events.go
+++ b/internal/impl/core/events.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/core/init.go b/internal/impl/core/init.go
index 5608577..081df61 100644
--- a/internal/impl/core/init.go
+++ b/internal/impl/core/init.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/core/log.go b/internal/impl/core/log.go
index f48fa10..0ea1a5a 100644
--- a/internal/impl/core/log.go
+++ b/internal/impl/core/log.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/core/metrics.go b/internal/impl/core/metrics.go
index 27b9add..cec3b10 100644
--- a/internal/impl/core/metrics.go
+++ b/internal/impl/core/metrics.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/core/metrics_test.go b/internal/impl/core/metrics_test.go
index 35be78c..01b5a31 100644
--- a/internal/impl/core/metrics_test.go
+++ b/internal/impl/core/metrics_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/core/publisher.go b/internal/impl/core/publisher.go
index 65785b7..9840130 100644
--- a/internal/impl/core/publisher.go
+++ b/internal/impl/core/publisher.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/core/publisher_test.go b/internal/impl/core/publisher_test.go
index 86e8cd3..8c2b2a9 100644
--- a/internal/impl/core/publisher_test.go
+++ b/internal/impl/core/publisher_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/core/receiver.go b/internal/impl/core/receiver.go
index 9b2adbf..6d9def6 100644
--- a/internal/impl/core/receiver.go
+++ b/internal/impl/core/receiver.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/core/transport.go b/internal/impl/core/transport.go
index 184e59f..baf269c 100644
--- a/internal/impl/core/transport.go
+++ b/internal/impl/core/transport.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -41,7 +41,7 @@ type Transport interface {
 	Events() Events
 	ID() string
 	Host() string
-        ModifySessionProperties([]string) error
+	ModifySessionProperties([]string) error
 }
 
 // NewTransport function
@@ -98,11 +98,11 @@ type ccsmpTransport struct {
 }
 
 func (transport *ccsmpTransport) ModifySessionProperties(properties []string) error {
-        err := transport.session.SolClientModifySessionProperties(properties)
-        if err != nil {
-            return ToNativeError(err, "an error occurred while modifying session properties.")
-        }
-        return nil
+	err := transport.session.SolClientModifySessionProperties(properties)
+	if err != nil {
+		return ToNativeError(err, "an error occurred while modifying session properties.")
+	}
+	return nil
 }
 
 func (transport *ccsmpTransport) Connect() error {
diff --git a/internal/impl/core/transport_test.go b/internal/impl/core/transport_test.go
index b6e53d9..dc1751b 100644
--- a/internal/impl/core/transport_test.go
+++ b/internal/impl/core/transport_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/core/version.go b/internal/impl/core/version.go
index acd0ede..cea0204 100644
--- a/internal/impl/core/version.go
+++ b/internal/impl/core/version.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/executor/executor.go b/internal/impl/executor/executor.go
index ba0c857..15bc913 100644
--- a/internal/impl/executor/executor.go
+++ b/internal/impl/executor/executor.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/executor/executor_test.go b/internal/impl/executor/executor_test.go
index 96b1b1d..31530c2 100644
--- a/internal/impl/executor/executor_test.go
+++ b/internal/impl/executor/executor_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/future/future_error.go b/internal/impl/future/future_error.go
index 19fb372..303b442 100644
--- a/internal/impl/future/future_error.go
+++ b/internal/impl/future/future_error.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/future/future_error_test.go b/internal/impl/future/future_error_test.go
index 8a51062..2d7f1a4 100644
--- a/internal/impl/future/future_error_test.go
+++ b/internal/impl/future/future_error_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/logging/logging.go b/internal/impl/logging/logging.go
index 792324f..f03ba52 100644
--- a/internal/impl/logging/logging.go
+++ b/internal/impl/logging/logging.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/logging/logging_test.go b/internal/impl/logging/logging_test.go
index 877fd23..8a9c406 100644
--- a/internal/impl/logging/logging_test.go
+++ b/internal/impl/logging/logging_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/message/inbound_message_impl.go b/internal/impl/message/inbound_message_impl.go
index a4c420c..3fa5142 100644
--- a/internal/impl/message/inbound_message_impl.go
+++ b/internal/impl/message/inbound_message_impl.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/message/message_impl.go b/internal/impl/message/message_impl.go
index 2471a4c..2761ff8 100644
--- a/internal/impl/message/message_impl.go
+++ b/internal/impl/message/message_impl.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/message/message_test.go b/internal/impl/message/message_test.go
index 05ffd1f..5785391 100644
--- a/internal/impl/message/message_test.go
+++ b/internal/impl/message/message_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/message/outbound_message_builder_impl.go b/internal/impl/message/outbound_message_builder_impl.go
index e67fbb2..648a140 100644
--- a/internal/impl/message/outbound_message_builder_impl.go
+++ b/internal/impl/message/outbound_message_builder_impl.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/message/outbound_message_impl.go b/internal/impl/message/outbound_message_impl.go
index 887bd8b..982bf85 100644
--- a/internal/impl/message/outbound_message_impl.go
+++ b/internal/impl/message/outbound_message_impl.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -86,6 +86,9 @@ func freeOutboundMessage(message *OutboundMessageImpl) {
 // DuplicateOutboundMessage will duplicate the message and return a new Message copying the original
 func DuplicateOutboundMessage(message *OutboundMessageImpl) (*OutboundMessageImpl, error) {
 	msgP, err := ccsmp.SolClientMessageDup(message.messagePointer)
+	// Ensure that the finalizer for `message` does not run before this point, so that we can be certain
+	// SolClientMessageDup will complete before `message` is freed by the gc.
+	runtime.KeepAlive(message)
 	if err != nil {
 		return nil, core.ToNativeError(err, "error duplicating message: ")
 	}
diff --git a/internal/impl/message/rgmid_impl.go b/internal/impl/message/rgmid_impl.go
index 64e6462..27ee999 100644
--- a/internal/impl/message/rgmid_impl.go
+++ b/internal/impl/message/rgmid_impl.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/message/rgmid_impl_test.go b/internal/impl/message/rgmid_impl_test.go
index 03015ba..770f288 100644
--- a/internal/impl/message/rgmid_impl_test.go
+++ b/internal/impl/message/rgmid_impl_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/messaging_service_builder_impl.go b/internal/impl/messaging_service_builder_impl.go
index 35b3822..637262b 100644
--- a/internal/impl/messaging_service_builder_impl.go
+++ b/internal/impl/messaging_service_builder_impl.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -179,10 +179,14 @@ func (builder *messagingServiceBuilderImpl) BuildWithApplicationID(applicationID
 
 // FromConfigurationProvider sets the configuration based on the given confniguration provider.
 // The following are built in configuration providers:
-//   ServicePropertyMap: can be used to set a ServiceProperty to a value programatically
+//
+//	ServicePropertyMap: can be used to set a ServiceProperty to a value programatically
+//
 // The ServicePropertiesConfigurationProvider interface can also be implemented by a type
 // to have it act as a configuration factory by implementing
-//   func (type MyType) GetConfiguration() ServicePropertyMap {...}
+//
+//	func (type MyType) GetConfiguration() ServicePropertyMap {...}
+//
 // Any properties provided by the configuration provider will be layered overtop of any
 // previously set properties, including those set by specifying various strategies.
 func (builder *messagingServiceBuilderImpl) FromConfigurationProvider(provider config.ServicePropertiesConfigurationProvider) solace.MessagingServiceBuilder {
diff --git a/internal/impl/messaging_service_builder_impl_test.go b/internal/impl/messaging_service_builder_impl_test.go
index 839e9be..d3d0278 100644
--- a/internal/impl/messaging_service_builder_impl_test.go
+++ b/internal/impl/messaging_service_builder_impl_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/messaging_service_impl.go b/internal/impl/messaging_service_impl.go
index 60f23bc..3838239 100644
--- a/internal/impl/messaging_service_impl.go
+++ b/internal/impl/messaging_service_impl.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -32,8 +32,8 @@ import (
 	"solace.dev/go/messaging/internal/impl/message"
 	"solace.dev/go/messaging/internal/impl/publisher"
 	"solace.dev/go/messaging/pkg/solace"
+	"solace.dev/go/messaging/pkg/solace/config"
 	"solace.dev/go/messaging/pkg/solace/metrics"
-        "solace.dev/go/messaging/pkg/solace/config"
 )
 
 // the main service lifecycle state
@@ -67,8 +67,8 @@ const (
 
 // This map contains the list of modifiable service properties
 var modifiableProperties = [...]config.ServiceProperty{
-        config.AuthenticationPropertySchemeOAuth2AccessToken,
-        config.AuthenticationPropertySchemeOAuth2OIDCIDToken,
+	config.AuthenticationPropertySchemeOAuth2AccessToken,
+	config.AuthenticationPropertySchemeOAuth2OIDCIDToken,
 }
 
 type messagingServiceImpl struct {
@@ -159,35 +159,33 @@ func (service *messagingServiceImpl) Connect() (ret error) {
 }
 
 func (service *messagingServiceImpl) UpdateProperty(property config.ServiceProperty, value interface{}) (ret error) {
-        // Verify the service is in the correct state for this operation
-        var state = service.getState()
-        if !(state == messagingServiceStateConnected || state == messagingServiceStateNotConnected || state == messagingServiceStateConnecting) {
-                // If the service is not connected or connecting, then the service is not in a valid state for
-                // updating service properties, so we return an error.
-                return solace.NewError(&solace.IllegalStateError{}, fmt.Sprintf(constants.UnableToModifyPropertyOfDisconnectedService), nil)
-        }
-
-
-        // Verify that the passed property is a valid property
-        var propertyIsModifiable = false
-        for _, modifiableProperty := range modifiableProperties {
-                if property == modifiableProperty {
-                        propertyIsModifiable = true
-                        break
-                }
-        }
-        if !propertyIsModifiable {
-                return solace.NewError(&solace.IllegalArgumentError{}, fmt.Sprintf(constants.UnableToModifyNonModifiableGivenServiceProperty, property), nil)
-        }
-
-
-        // All checks passed, proceed with property update
-        ccsmpProperty := servicePropertyToCCSMPMap[property]
-        propertyList := []string{} // The size of this array will need to be updated in the future if more properties are accepted by this method.
-        propertyList = append(propertyList, ccsmpProperty.solClientPropertyName)
-        propertyList = append(propertyList, ccsmpProperty.converter(value))
-
-        return service.transport.ModifySessionProperties(propertyList)
+	// Verify the service is in the correct state for this operation
+	var state = service.getState()
+	if !(state == messagingServiceStateConnected || state == messagingServiceStateNotConnected || state == messagingServiceStateConnecting) {
+		// If the service is not connected or connecting, then the service is not in a valid state for
+		// updating service properties, so we return an error.
+		return solace.NewError(&solace.IllegalStateError{}, fmt.Sprintf(constants.UnableToModifyPropertyOfDisconnectedService), nil)
+	}
+
+	// Verify that the passed property is a valid property
+	var propertyIsModifiable = false
+	for _, modifiableProperty := range modifiableProperties {
+		if property == modifiableProperty {
+			propertyIsModifiable = true
+			break
+		}
+	}
+	if !propertyIsModifiable {
+		return solace.NewError(&solace.IllegalArgumentError{}, fmt.Sprintf(constants.UnableToModifyNonModifiableGivenServiceProperty, property), nil)
+	}
+
+	// All checks passed, proceed with property update
+	ccsmpProperty := servicePropertyToCCSMPMap[property]
+	propertyList := []string{} // The size of this array will need to be updated in the future if more properties are accepted by this method.
+	propertyList = append(propertyList, ccsmpProperty.solClientPropertyName)
+	propertyList = append(propertyList, ccsmpProperty.converter(value))
+
+	return service.transport.ModifySessionProperties(propertyList)
 }
 
 func (service *messagingServiceImpl) downEventHandler(sessionEventInfo core.SessionEventInfo) {
diff --git a/internal/impl/messaging_service_impl_test.go b/internal/impl/messaging_service_impl_test.go
index 3ffb094..638283f 100644
--- a/internal/impl/messaging_service_impl_test.go
+++ b/internal/impl/messaging_service_impl_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -373,10 +373,10 @@ func (transport *solClientTransportMock) Host() string {
 }
 
 func (transport *solClientTransportMock) ModifySessionProperties(_ []string) error {
-        // FFC: This function is added to pass a check during building. Currently it
-        // is not used, so there is no implementation. The implementation will need
-        // to be added as a part of future work.
-        return nil
+	// FFC: This function is added to pass a check during building. Currently it
+	// is not used, so there is no implementation. The implementation will need
+	// to be added as a part of future work.
+	return nil
 }
 
 type solClientTransportEventsMock struct {
diff --git a/internal/impl/messaging_service_metrics_impl.go b/internal/impl/messaging_service_metrics_impl.go
index 9a3124f..ddad654 100644
--- a/internal/impl/messaging_service_metrics_impl.go
+++ b/internal/impl/messaging_service_metrics_impl.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/messaging_service_metrics_impl_test.go b/internal/impl/messaging_service_metrics_impl_test.go
index 5fa7294..28b061d 100644
--- a/internal/impl/messaging_service_metrics_impl_test.go
+++ b/internal/impl/messaging_service_metrics_impl_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/messaging_service_property_mapping.go b/internal/impl/messaging_service_property_mapping.go
index 18b4fae..3946220 100644
--- a/internal/impl/messaging_service_property_mapping.go
+++ b/internal/impl/messaging_service_property_mapping.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/publisher/buffer/publisher_task_buffer.go b/internal/impl/publisher/buffer/publisher_task_buffer.go
index 1d73b13..43f27f7 100644
--- a/internal/impl/publisher/buffer/publisher_task_buffer.go
+++ b/internal/impl/publisher/buffer/publisher_task_buffer.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/publisher/buffer/publisher_task_buffer_test.go b/internal/impl/publisher/buffer/publisher_task_buffer_test.go
index 915038d..a4acbbd 100644
--- a/internal/impl/publisher/buffer/publisher_task_buffer_test.go
+++ b/internal/impl/publisher/buffer/publisher_task_buffer_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/publisher/direct_message_publisher_impl.go b/internal/impl/publisher/direct_message_publisher_impl.go
index 5f76735..90675bd 100644
--- a/internal/impl/publisher/direct_message_publisher_impl.go
+++ b/internal/impl/publisher/direct_message_publisher_impl.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -618,8 +618,9 @@ func (builder *directMessagePublisherBuilderImpl) OnBackPressureWait(bufferSize
 
 // FromConfigurationProvider will configure the direct publisher with the given properties.
 // Built in PublisherPropertiesConfigurationProvider implementations include:
-//   PublisherPropertyMap, a map of PublisherProperty keys to values
-//   for loading of properties from a string configuration (files or other configuration source)
+//
+//	PublisherPropertyMap, a map of PublisherProperty keys to values
+//	for loading of properties from a string configuration (files or other configuration source)
 func (builder *directMessagePublisherBuilderImpl) FromConfigurationProvider(provider config.PublisherPropertiesConfigurationProvider) solace.DirectMessagePublisherBuilder {
 	if provider == nil {
 		return builder
diff --git a/internal/impl/publisher/direct_message_publisher_impl_test.go b/internal/impl/publisher/direct_message_publisher_impl_test.go
index 10da600..bbb6579 100644
--- a/internal/impl/publisher/direct_message_publisher_impl_test.go
+++ b/internal/impl/publisher/direct_message_publisher_impl_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/publisher/failed_publish_event.go b/internal/impl/publisher/failed_publish_event.go
index db8dca6..8abdda5 100644
--- a/internal/impl/publisher/failed_publish_event.go
+++ b/internal/impl/publisher/failed_publish_event.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/publisher/message_publisher_impl.go b/internal/impl/publisher/message_publisher_impl.go
index 7f6e427..169b376 100644
--- a/internal/impl/publisher/message_publisher_impl.go
+++ b/internal/impl/publisher/message_publisher_impl.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/publisher/message_publisher_impl_test.go b/internal/impl/publisher/message_publisher_impl_test.go
index 4d3775f..6843f77 100644
--- a/internal/impl/publisher/message_publisher_impl_test.go
+++ b/internal/impl/publisher/message_publisher_impl_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/publisher/persistent_message_publisher_impl.go b/internal/impl/publisher/persistent_message_publisher_impl.go
index 1a4d326..6422289 100644
--- a/internal/impl/publisher/persistent_message_publisher_impl.go
+++ b/internal/impl/publisher/persistent_message_publisher_impl.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -819,8 +819,9 @@ func (builder *persistentMessagePublisherBuilderImpl) OnBackPressureWait(bufferS
 
 // FromConfigurationProvider will configure the persistent publisher with the given properties.
 // Built in PublisherPropertiesConfigurationProvider implementations include:
-//   PublisherPropertyMap, a map of PublisherProperty keys to values
-//   for loading of properties from a string configuration (files or other configuration source)
+//
+//	PublisherPropertyMap, a map of PublisherProperty keys to values
+//	for loading of properties from a string configuration (files or other configuration source)
 func (builder *persistentMessagePublisherBuilderImpl) FromConfigurationProvider(provider config.PublisherPropertiesConfigurationProvider) solace.PersistentMessagePublisherBuilder {
 	if provider == nil {
 		return builder
diff --git a/internal/impl/publisher/persistent_message_publisher_impl_test.go b/internal/impl/publisher/persistent_message_publisher_impl_test.go
index a81d92e..bc6f72a 100644
--- a/internal/impl/publisher/persistent_message_publisher_impl_test.go
+++ b/internal/impl/publisher/persistent_message_publisher_impl_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/receiver/direct_message_receiver_impl.go b/internal/impl/receiver/direct_message_receiver_impl.go
index 166977f..7b01550 100644
--- a/internal/impl/receiver/direct_message_receiver_impl.go
+++ b/internal/impl/receiver/direct_message_receiver_impl.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -958,7 +958,8 @@ func (builder *directMessageReceiverBuilderImpl) WithSubscriptions(topics ...res
 
 // FromConfigurationProvider will configure the direct receiver with the given properties.
 // Built in ReceiverPropertiesConfigurationProvider implementations include:
-//   ReceiverPropertyMap, a map of ReceiverProperty keys to values
+//
+//	ReceiverPropertyMap, a map of ReceiverProperty keys to values
 func (builder *directMessageReceiverBuilderImpl) FromConfigurationProvider(provider config.ReceiverPropertiesConfigurationProvider) solace.DirectMessageReceiverBuilder {
 	if provider == nil {
 		return builder
diff --git a/internal/impl/receiver/direct_message_receiver_impl_test.go b/internal/impl/receiver/direct_message_receiver_impl_test.go
index e1ff93c..14926eb 100644
--- a/internal/impl/receiver/direct_message_receiver_impl_test.go
+++ b/internal/impl/receiver/direct_message_receiver_impl_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/receiver/message_receiver_impl.go b/internal/impl/receiver/message_receiver_impl.go
index 783e087..d436392 100644
--- a/internal/impl/receiver/message_receiver_impl.go
+++ b/internal/impl/receiver/message_receiver_impl.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/receiver/message_receiver_impl_test.go b/internal/impl/receiver/message_receiver_impl_test.go
index 4d98179..c0e0384 100644
--- a/internal/impl/receiver/message_receiver_impl_test.go
+++ b/internal/impl/receiver/message_receiver_impl_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/receiver/persistent_message_receiver_impl.go b/internal/impl/receiver/persistent_message_receiver_impl.go
index 94b6f78..93cf6d6 100644
--- a/internal/impl/receiver/persistent_message_receiver_impl.go
+++ b/internal/impl/receiver/persistent_message_receiver_impl.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -1342,7 +1342,8 @@ func (builder *persistentMessageReceiverBuilderImpl) WithSubscriptions(topics ..
 
 // FromConfigurationProvider will configure the persistent receiver with the given properties.
 // Built in ReceiverPropertiesConfigurationProvider implementations include:
-//   ReceiverPropertyMap, a map of ReceiverProperty keys to values
+//
+//	ReceiverPropertyMap, a map of ReceiverProperty keys to values
 func (builder *persistentMessageReceiverBuilderImpl) FromConfigurationProvider(provider config.ReceiverPropertiesConfigurationProvider) solace.PersistentMessageReceiverBuilder {
 	if provider == nil {
 		return builder
diff --git a/internal/impl/receiver/persistent_message_receiver_impl_test.go b/internal/impl/receiver/persistent_message_receiver_impl_test.go
index d376fff..9c5dc46 100644
--- a/internal/impl/receiver/persistent_message_receiver_impl_test.go
+++ b/internal/impl/receiver/persistent_message_receiver_impl_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/rgmid.go b/internal/impl/rgmid.go
index 69a8557..416cc4e 100644
--- a/internal/impl/rgmid.go
+++ b/internal/impl/rgmid.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/validation/validator.go b/internal/impl/validation/validator.go
index c38aee7..17bc024 100644
--- a/internal/impl/validation/validator.go
+++ b/internal/impl/validation/validator.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/internal/impl/validation/validator_test.go b/internal/impl/validation/validator_test.go
index 58292c5..724145e 100644
--- a/internal/impl/validation/validator_test.go
+++ b/internal/impl/validation/validator_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/messaging.go b/messaging.go
index eceea03..f71ce38 100644
--- a/messaging.go
+++ b/messaging.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/config/doc.go b/pkg/solace/config/doc.go
index c8573a3..97e5c59 100644
--- a/pkg/solace/config/doc.go
+++ b/pkg/solace/config/doc.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -29,14 +29,13 @@
 // For the various maps, such as a ServicePropertyMap, the configuration may be loaded
 // as JSON as shown:
 //
-//  import "encoding/json"
+//	import "encoding/json"
 //
-//  ...
-//
-//  var myJsonConfig []byte := []byte(`{"solace":{"messaging":{"transport":{"host":"10.10.10.10"}}}}`)
-//  var myServicePropertyMap config.ServicePropertyMap
-//  json.Unmarshal(myJsonConfig, &myServicePropertyMap)
-//  messaging.NewMessagingServiceBuilder().FromConfigurationProvider(myServicePropertyMap)
-//  ...
+//	...
 //
+//	var myJsonConfig []byte := []byte(`{"solace":{"messaging":{"transport":{"host":"10.10.10.10"}}}}`)
+//	var myServicePropertyMap config.ServicePropertyMap
+//	json.Unmarshal(myJsonConfig, &myServicePropertyMap)
+//	messaging.NewMessagingServiceBuilder().FromConfigurationProvider(myServicePropertyMap)
+//	...
 package config
diff --git a/pkg/solace/config/format_utils.go b/pkg/solace/config/format_utils.go
index 8fff9d2..2a3524d 100644
--- a/pkg/solace/config/format_utils.go
+++ b/pkg/solace/config/format_utils.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/config/format_utils_test.go b/pkg/solace/config/format_utils_test.go
index e83096c..649ca7a 100644
--- a/pkg/solace/config/format_utils_test.go
+++ b/pkg/solace/config/format_utils_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/config/message_properties.go b/pkg/solace/config/message_properties.go
index 4224ff4..6282596 100644
--- a/pkg/solace/config/message_properties.go
+++ b/pkg/solace/config/message_properties.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/config/message_properties_test.go b/pkg/solace/config/message_properties_test.go
index b0ab5da..cd24ef8 100644
--- a/pkg/solace/config/message_properties_test.go
+++ b/pkg/solace/config/message_properties_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/config/message_publisher_constants.go b/pkg/solace/config/message_publisher_constants.go
index 96065d7..65e88b1 100644
--- a/pkg/solace/config/message_publisher_constants.go
+++ b/pkg/solace/config/message_publisher_constants.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/config/message_publisher_properties.go b/pkg/solace/config/message_publisher_properties.go
index ec6d598..3c30f32 100644
--- a/pkg/solace/config/message_publisher_properties.go
+++ b/pkg/solace/config/message_publisher_properties.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/config/message_publisher_properties_test.go b/pkg/solace/config/message_publisher_properties_test.go
index d12173e..ebb8d82 100644
--- a/pkg/solace/config/message_publisher_properties_test.go
+++ b/pkg/solace/config/message_publisher_properties_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/config/message_receiver_constants.go b/pkg/solace/config/message_receiver_constants.go
index ccdbede..4b1aba0 100644
--- a/pkg/solace/config/message_receiver_constants.go
+++ b/pkg/solace/config/message_receiver_constants.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/config/message_receiver_properties.go b/pkg/solace/config/message_receiver_properties.go
index 5e41c82..4a1111f 100644
--- a/pkg/solace/config/message_receiver_properties.go
+++ b/pkg/solace/config/message_receiver_properties.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/config/message_receiver_properties_test.go b/pkg/solace/config/message_receiver_properties_test.go
index 95f87de..79cbfeb 100644
--- a/pkg/solace/config/message_receiver_properties_test.go
+++ b/pkg/solace/config/message_receiver_properties_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/config/message_receiver_strategies.go b/pkg/solace/config/message_receiver_strategies.go
index 157fda7..d0dfb41 100644
--- a/pkg/solace/config/message_receiver_strategies.go
+++ b/pkg/solace/config/message_receiver_strategies.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -69,7 +69,9 @@ func ReplayStrategyTimeBased(replayDate time.Time) ReplayStrategy {
 // received at or after the specified messageID. Returns the constructed
 // ReplayStrategy.
 // Valid Replication Group Message IDs take the form
+//
 //	rmid1:xxxxx-xxxxxxxxxxx-xxxxxxxx-xxxxxxxx
+//
 // where x is a valid hexadecimal digit.
 func ReplayStrategyReplicationGroupMessageID(replicationGroupMessageID rgmid.ReplicationGroupMessageID) ReplayStrategy {
 	return ReplayStrategy{
diff --git a/pkg/solace/config/message_user_property_constants.go b/pkg/solace/config/message_user_property_constants.go
new file mode 100644
index 0000000..bed7ec8
--- /dev/null
+++ b/pkg/solace/config/message_user_property_constants.go
@@ -0,0 +1,32 @@
+// pubsubplus-go-client
+//
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// An interface for constant property values to define user message properties that have a special
+// reserved meaning or behaviour.
+
+package config
+
+// MessageUserPropertyConstant is a property that can be set on a messages.
+type MessageUserPropertyConstant = MessageProperty
+
+const (
+	// A standard property key that clients should use if they want to group messages. It is used to
+	// specify a partition queue name, when supported by a PubSub+ messaging broker. Expected value
+	// is UTF-8 encoded up to 255 bytes long string. This constant can be passed as the property
+	// string to any generic property setter on the OutboundMessageBuilder that takes properties from
+	// message_properties.go as a parameter, such as
+	// OutboundMessage.WithProperty().
+	QueuePartitionKey = "JMSXGroupID"
+)
diff --git a/pkg/solace/config/messaging_service_constants.go b/pkg/solace/config/messaging_service_constants.go
index aaa83de..b70db08 100644
--- a/pkg/solace/config/messaging_service_constants.go
+++ b/pkg/solace/config/messaging_service_constants.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/config/messaging_service_properties.go b/pkg/solace/config/messaging_service_properties.go
index 4fcd828..e7eb50a 100644
--- a/pkg/solace/config/messaging_service_properties.go
+++ b/pkg/solace/config/messaging_service_properties.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/config/messaging_service_properties_test.go b/pkg/solace/config/messaging_service_properties_test.go
index d90f38a..3f135f7 100644
--- a/pkg/solace/config/messaging_service_properties_test.go
+++ b/pkg/solace/config/messaging_service_properties_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/config/messaging_service_strategies.go b/pkg/solace/config/messaging_service_strategies.go
index 7628589..6f3bb2e 100644
--- a/pkg/solace/config/messaging_service_strategies.go
+++ b/pkg/solace/config/messaging_service_strategies.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -89,14 +89,16 @@ func OAuth2Authentication(accessToken, oidcIDToken, issuerIdentifier string) Aut
 //
 // To implement Kerberos authentication for clients connecting to a broker, the following
 // configuration is required the broker:
-//  - A Kerberos Keytab must be loaded on the  broker. See "Event Broker File Management" for more information
-//    on the Solace documentation website.
-//  - Kerberos authentication must be configured and enabled for any Message VPNs that
-//    Kerberos-authenticated clients will connect to.
-//  - Optional: On an appliance, a Kerberos Service Principal Name (SPN) can be assigned to the IP address
-//    for the message backbone VRF Kerberos‑authenticated clients will use.
+//   - A Kerberos Keytab must be loaded on the  broker. See "Event Broker File Management" for more information
+//     on the Solace documentation website.
+//   - Kerberos authentication must be configured and enabled for any Message VPNs that
+//     Kerberos-authenticated clients will connect to.
+//   - Optional: On an appliance, a Kerberos Service Principal Name (SPN) can be assigned to the IP address
+//     for the message backbone VRF Kerberos‑authenticated clients will use.
+//
 // Further reference can be found at
-// 	https://docs.solace.com/Configuring-and-Managing/Configuring-Client-Authentication.htm#Config-Kerberos
+//
+//	https://docs.solace.com/Configuring-and-Managing/Configuring-Client-Authentication.htm#Config-Kerberos
 func KerberosAuthentication(serviceName string) AuthenticationStrategy {
 	authenticationStrategy := AuthenticationStrategy{make(ServicePropertyMap)}
 	authenticationStrategy.config[AuthenticationPropertyScheme] = AuthenticationSchemeKerberos
@@ -237,6 +239,7 @@ func (tss TransportSecurityStrategy) WithCertificateValidation(
 
 // WithCipherSuites configures cipher suites to use. The cipher suites value is a comma-separated
 // list of cipher suites and must be from the following table:
+//
 //	+-----------------+-------------------------------+--------------------+
 //	| 'AES256-SHA'    | 'ECDHE-RSA-AES256-SHA'        | 'AES256-GCM-SHA384'|
 //	+-----------------+-------------------------------+--------------------+
diff --git a/pkg/solace/direct_message_publisher.go b/pkg/solace/direct_message_publisher.go
index c3810b7..2ce34ce 100644
--- a/pkg/solace/direct_message_publisher.go
+++ b/pkg/solace/direct_message_publisher.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -92,24 +92,24 @@ type FailedPublishEvent interface {
 
 // DirectMessagePublisherBuilder allows for configuration of direct message publisher instances.
 type DirectMessagePublisherBuilder interface {
-	
-    // Build creates a new DirectMessagePublisher instance based on the configured properties.
+
+	// Build creates a new DirectMessagePublisher instance based on the configured properties.
 	// Returns solace/errors.*InvalidConfigurationError if an invalid configuration is provided.
 	Build() (messagePublisher DirectMessagePublisher, err error)
-	
+
 	// OnBackPressureReject sets the publisher back pressure strategy to reject
 	// where publish attempts will be rejected once the bufferSize, in number of messages, is reached.
 	// If bufferSize is 0, an error will be thrown when the transport is full when publishing.
 	// A buffer of the given size will be statically allocated when the publisher is built.
 	// Valid bufferSize is >= 0.
 	OnBackPressureReject(bufferSize uint) DirectMessagePublisherBuilder
-	
+
 	// OnBackPressureWait sets the publisher back pressure strategy to wait where publish
 	// attempts may block until there is space in the buffer of size bufferSize in number of messages.
 	// A buffer of the given size will be statically allocated when the publisher is built.
 	// Valid bufferSize is >= 1.
 	OnBackPressureWait(bufferSize uint) DirectMessagePublisherBuilder
-	
+
 	// FromConfigurationProvider configures the direct publisher with the specified properties.
 	// The built-in PublisherPropertiesConfigurationProvider implementations include:
 	// - PublisherPropertyMap - A map of PublisherProperty keys to values.
diff --git a/pkg/solace/direct_message_receiver.go b/pkg/solace/direct_message_receiver.go
index 41ffd4b..13258ed 100644
--- a/pkg/solace/direct_message_receiver.go
+++ b/pkg/solace/direct_message_receiver.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/doc.go b/pkg/solace/doc.go
index 9e908bc..df37c3b 100644
--- a/pkg/solace/doc.go
+++ b/pkg/solace/doc.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -27,35 +27,47 @@
 //
 // MessageServiceBuilder is retrieved through
 // the messaging package as follows.
-//  package main
 //
-//  import solace.dev/go/messaging
-//  import solace.dev/go/messaging/pkg/solace
+//	package main
 //
-//  func main() {
-//  	var messagingServiceBuilder solace.MessagingServiceBuilder
-//  	messagingServiceBuilder = messaging.NewMessagingServiceBuilder()
-//  	messagingService, err := messagingServiceBuilder.Build()
-//  	...
-//  }
+//	import solace.dev/go/messaging
+//	import solace.dev/go/messaging/pkg/solace
+//
+//	func main() {
+//		var messagingServiceBuilder solace.MessagingServiceBuilder
+//		messagingServiceBuilder = messaging.NewMessagingServiceBuilder()
+//		messagingService, err := messagingServiceBuilder.Build()
+//		...
+//	}
 //
 // Before the MessagingService is created, global properties can be set by environment variable. The
 // following environment variables are recognized and handled during API initialization:
-//  - SOLCLIENT_GLOBAL_PROP_GSS_KRB_LIB: GSS (Kerberos) library name. If not set the default value is OS specific
+//
+//   - SOLCLIENT_GLOBAL_PROP_GSS_KRB_LIB: GSS (Kerberos) library name. If not set the default value is OS specific
+//
 //   - Linux/MacOS: libgssapi_krb5.so.2
+//
 //   - Windows: secur32.dll
 //
-//  - SOLCLIENT_GLOBAL_PROP_SSL_LIB: TLS Protocol library name. If not set the default value is OS specific:
+//   - SOLCLIENT_GLOBAL_PROP_SSL_LIB: TLS Protocol library name. If not set the default value is OS specific:
+//
 //   - Linux: libssl.so
+//
 //   - MacOS: libssl.dylib
+//
 //   - Windows: libssl-1_1.dll
 //
-//  - SOLCLIENT_GLOBAL_PROP_CRYPTO_LIB: TLS Cryptography library name.  If not set the default value is OS specific:
+//   - SOLCLIENT_GLOBAL_PROP_CRYPTO_LIB: TLS Cryptography library name.  If not set the default value is OS specific:
+//
 //   - Linux: libcrypto.so
+//
 //   - MacOS: libcrypto.dylib
+//
 //   - Windows: libcrypto-1_1.dll-
 //
-//  - GLOBAL_GSS_KRB_LIB: Alternate name for SOLCLIENT_GLOBAL_PROP_GSS_KRB_LIB
-//  - GLOBAL_SSL_LIB: Alternate name for SOLCLIENT_GLOBAL_PROP_SSL_LIB
-//  - GLOBAL_CRYPTO_LIB: Alternate name for SOLCLIENT_GLOBAL_PROP_CRYPTO_LIB
+//   - GLOBAL_GSS_KRB_LIB: Alternate name for SOLCLIENT_GLOBAL_PROP_GSS_KRB_LIB
+//
+//   - GLOBAL_SSL_LIB: Alternate name for SOLCLIENT_GLOBAL_PROP_SSL_LIB
+//
+//   - GLOBAL_CRYPTO_LIB: Alternate name for SOLCLIENT_GLOBAL_PROP_CRYPTO_LIB
 package solace
diff --git a/pkg/solace/errors.go b/pkg/solace/errors.go
index d66e5b0..5a9bf7b 100644
--- a/pkg/solace/errors.go
+++ b/pkg/solace/errors.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/lifecycle.go b/pkg/solace/lifecycle.go
index c470342..424cbdd 100644
--- a/pkg/solace/lifecycle.go
+++ b/pkg/solace/lifecycle.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/logging/logging.go b/pkg/solace/logging/logging.go
index 4c71048..5547bea 100644
--- a/pkg/solace/logging/logging.go
+++ b/pkg/solace/logging/logging.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/message/disposable.go b/pkg/solace/message/disposable.go
index 0cbf10d..13b3ae8 100644
--- a/pkg/solace/message/disposable.go
+++ b/pkg/solace/message/disposable.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/message/doc.go b/pkg/solace/message/doc.go
index 3ad2d4e..4422987 100644
--- a/pkg/solace/message/doc.go
+++ b/pkg/solace/message/doc.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/message/inbound_message.go b/pkg/solace/message/inbound_message.go
index c143d29..02334cd 100644
--- a/pkg/solace/message/inbound_message.go
+++ b/pkg/solace/message/inbound_message.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/message/message.go b/pkg/solace/message/message.go
index 53d70e3..6f1a82f 100644
--- a/pkg/solace/message/message.go
+++ b/pkg/solace/message/message.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/message/outbound_message.go b/pkg/solace/message/outbound_message.go
index 15dc49c..6aa77af 100644
--- a/pkg/solace/message/outbound_message.go
+++ b/pkg/solace/message/outbound_message.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/message/rgmid/replication_group_message_id.go b/pkg/solace/message/rgmid/replication_group_message_id.go
index 8734ee3..7d9953c 100644
--- a/pkg/solace/message/rgmid/replication_group_message_id.go
+++ b/pkg/solace/message/rgmid/replication_group_message_id.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/message/sdt/structured_data_types.go b/pkg/solace/message/sdt/structured_data_types.go
index c440ff1..f3872d3 100644
--- a/pkg/solace/message/sdt/structured_data_types.go
+++ b/pkg/solace/message/sdt/structured_data_types.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -66,6 +66,7 @@ type Stream []Data
 //	SOLCLIENT_UNKNOWN       []byte
 //
 // On outbound messages, the following additional types are supported with the following mappings:
+//
 //	byte      SOLCLIENT_INT8
 //	int      SOLCLIENT_INT64
 //	uint      SOLCLIENT_UINT64
@@ -113,8 +114,11 @@ type Stream []Data
 // converts strings of length 1 into a WChar. All other strings are rejected.
 //
 // In addition, the following one-to-one conversions are used:
+//
 //	sdt.Map, sdt.Stream
+//
 // Lastly, Destination is mapped with these getters:
+//
 //	GetQueue, GetTopic, and GetDestination
 type Data interface{}
 
diff --git a/pkg/solace/message/sdt/structured_data_types_test.go b/pkg/solace/message/sdt/structured_data_types_test.go
index a2ae3df..a3431d8 100644
--- a/pkg/solace/message/sdt/structured_data_types_test.go
+++ b/pkg/solace/message/sdt/structured_data_types_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/message_publisher.go b/pkg/solace/message_publisher.go
index 6e42a4a..54356bf 100644
--- a/pkg/solace/message_publisher.go
+++ b/pkg/solace/message_publisher.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/message_receiver.go b/pkg/solace/message_receiver.go
index 21ac741..83960d3 100644
--- a/pkg/solace/message_receiver.go
+++ b/pkg/solace/message_receiver.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/messaging_service.go b/pkg/solace/messaging_service.go
index 2390937..3b4627a 100644
--- a/pkg/solace/messaging_service.go
+++ b/pkg/solace/messaging_service.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -122,26 +122,26 @@ type MessagingService interface {
 	// Info returns the API Info for this MessagingService instance.
 	Info() metrics.APIInfo
 
-        // Updates the value of a modifiable service property once the service has been created.
-        // Modifiable service properties include:
-        //     - solace/config.AuthenticationPropertySchemeOAuth2AccessToken,
-        //       whose update will be applied during the next reconnection attempt.
-        //     - solace/config.AuthenticationPropertySchemeOAuth2OIDCIDToken,
-        //       whose update will be applied during the next reconnection attempt.
-        //
-        // Modification of a service property may occur instantly, or may occur during the next
-        // service reconnection.
-        // Modification of a service property during an ongoing service reconnection may apply
-        // to the next reconnection attempt.
-        // property (ServiceProperty): The name of the property to modify.
-        // value (interface{}): The new value of the property.
-        //
-        // - solace/errors.*IllegalArgumentError: If the specified property cannot
-        // -   be modified.
-        // - solace/errors.*IllegalStateError: If the specified property cannot
-        //     be modified in the current service state.
-        // - solace/errors.*NativeError: If other transport or communication related errors occur.
-        UpdateProperty(property config.ServiceProperty, value interface{}) error
+	// Updates the value of a modifiable service property once the service has been created.
+	// Modifiable service properties include:
+	//     - solace/config.AuthenticationPropertySchemeOAuth2AccessToken,
+	//       whose update will be applied during the next reconnection attempt.
+	//     - solace/config.AuthenticationPropertySchemeOAuth2OIDCIDToken,
+	//       whose update will be applied during the next reconnection attempt.
+	//
+	// Modification of a service property may occur instantly, or may occur during the next
+	// service reconnection.
+	// Modification of a service property during an ongoing service reconnection may apply
+	// to the next reconnection attempt.
+	// property (ServiceProperty): The name of the property to modify.
+	// value (interface{}): The new value of the property.
+	//
+	// - solace/errors.*IllegalArgumentError: If the specified property cannot
+	// -   be modified.
+	// - solace/errors.*IllegalStateError: If the specified property cannot
+	//     be modified in the current service state.
+	// - solace/errors.*NativeError: If other transport or communication related errors occur.
+	UpdateProperty(property config.ServiceProperty, value interface{}) error
 }
 
 // MessagingServiceBuilder is used to configure and build MessagingService instances.
diff --git a/pkg/solace/metrics/metrics.go b/pkg/solace/metrics/metrics.go
index 279777d..02afb85 100644
--- a/pkg/solace/metrics/metrics.go
+++ b/pkg/solace/metrics/metrics.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@ package metrics
 
 // Metric represents the various metrics retrievable from a MessagingService's APIMetrics instance.
 type Metric int
+
 // The various metrics available.
 const (
 	// BrokerDiscardNotificationsReceived is the number of received messages
diff --git a/pkg/solace/outbound_message_builder.go b/pkg/solace/outbound_message_builder.go
index 7c80795..946651c 100644
--- a/pkg/solace/outbound_message_builder.go
+++ b/pkg/solace/outbound_message_builder.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/persistent_message_publisher.go b/pkg/solace/persistent_message_publisher.go
index a107d66..0cc0af8 100644
--- a/pkg/solace/persistent_message_publisher.go
+++ b/pkg/solace/persistent_message_publisher.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/persistent_message_receiver.go b/pkg/solace/persistent_message_receiver.go
index 9ddc7ac..e7e355e 100644
--- a/pkg/solace/persistent_message_receiver.go
+++ b/pkg/solace/persistent_message_receiver.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/resource/destination.go b/pkg/solace/resource/destination.go
index a8c18da..a311f9a 100644
--- a/pkg/solace/resource/destination.go
+++ b/pkg/solace/resource/destination.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/resource/destination_test.go b/pkg/solace/resource/destination_test.go
index 55a8316..5ec8ebe 100644
--- a/pkg/solace/resource/destination_test.go
+++ b/pkg/solace/resource/destination_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/subcode/subcode.go b/pkg/solace/subcode/subcode.go
index 435cfbb..a1bc946 100644
--- a/pkg/solace/subcode/subcode.go
+++ b/pkg/solace/subcode/subcode.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/solace/subcode/subcode_generated.go b/pkg/solace/subcode/subcode_generated.go
index a21c541..b7f3c33 100644
--- a/pkg/solace/subcode/subcode_generated.go
+++ b/pkg/solace/subcode/subcode_generated.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -336,4 +336,8 @@ const (
 	MessageIDNotComparable Code = 157
 	// ReplayAnonymousNotSupported: The client attempted to start replay on a flow bound to an anonymous queue.
 	ReplayAnonymousNotSupported Code = 158
+	// BrowsingNotSupportedOnPartitionedQueue: Browser flows to Partitioned Queues are not permitted.
+	BrowsingNotSupportedOnPartitionedQueue Code = 159
+	// SelectorsNotSupportedOnPartitionedQueue: Egress selectors are not permitted when binding to a Partitioned Queue.
+	SelectorsNotSupportedOnPartitionedQueue Code = 160
 )
diff --git a/pkg/solace/subcode/subcode_generator.go b/pkg/solace/subcode/subcode_generator.go
index 1c225be..ec3e7ed 100644
--- a/pkg/solace/subcode/subcode_generator.go
+++ b/pkg/solace/subcode/subcode_generator.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/test/config_test.go b/test/config_test.go
index 868b52d..97d6cfb 100644
--- a/test/config_test.go
+++ b/test/config_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/test/constants/test_constants.go b/test/constants/test_constants.go
index 2fa7853..bec10c9 100644
--- a/test/constants/test_constants.go
+++ b/test/constants/test_constants.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/test/data/compose/docker-compose.oauth.yml b/test/data/compose/docker-compose.oauth.yml
index bde8b7e..e82cc7b 100644
--- a/test/data/compose/docker-compose.oauth.yml
+++ b/test/data/compose/docker-compose.oauth.yml
@@ -14,7 +14,7 @@ services:
     hostname: $PUBSUB_OAUTHSERVER_HOSTNAME
     container_name: $PUBSUB_OAUTHSERVER_HOSTNAME
     ports:
-      - "4400-4410:4400-4410"
+      - "30000-30010:30000-30010"
     command: supervisord -n -c /etc/supervisord.conf
     environment:
       - KEYSTORE=/run/secrets/keystore.ks
@@ -26,4 +26,4 @@ services:
       - jwks_endpoint.json
       - userinfo_endpoint.json
     networks:
-      - solace_internal_net
\ No newline at end of file
+      - solace_internal_net
diff --git a/test/data/compose/docker-compose.yml b/test/data/compose/docker-compose.yml
index 23fb930..2cbc24d 100644
--- a/test/data/compose/docker-compose.yml
+++ b/test/data/compose/docker-compose.yml
@@ -34,7 +34,7 @@ services:
       - server_passphrase
 
   toxiproxy:
-    image: shopify/toxiproxy
+    image: ghcr.io/shopify/toxiproxy
     container_name: toxiproxy
     hostname: "$TOXIPROXY_HOSTNAME"
     ports:
diff --git a/test/data/config/config_remote.json b/test/data/config/config_remote.json
index 9e26dfe..5cd2bd8 100644
--- a/test/data/config/config_remote.json
+++ b/test/data/config/config_remote.json
@@ -1 +1,8 @@
-{}
\ No newline at end of file
+{
+    "messaging": {
+        "host": "localhost"
+    },
+    "semp": {
+        "host": "localhost"
+    }
+}
diff --git a/test/data/config/config_testcontainers.json b/test/data/config/config_testcontainers.json
index 3e4f66b..b02bf81 100644
--- a/test/data/config/config_testcontainers.json
+++ b/test/data/config/config_testcontainers.json
@@ -15,7 +15,7 @@
     },
     "testcontainers": {
         "broker_hostname": "solbroker",
-        "broker_tag": "9.13",
+        "broker_tag": "10.3",
         "broker_repo": "solace/solace-pubsub",
         "broker_edition": "standard",
         "toxiproxy_hostname": "toxiproxy",
@@ -28,6 +28,10 @@
         "password": "localtest"
     },
     "oauth": {
-        "hostname": "solaceOAuth"
+        "hostname": "solaceOAuth",
+        "endpoints": {
+            "jwks": "https://solaceOAuth:30000/",
+            "user_info": "https://solaceOAuth:30001/"
+        }
     }
-}
\ No newline at end of file
+}
diff --git a/test/direct_publisher_test.go b/test/direct_publisher_test.go
index 89c9af8..3cefc69 100644
--- a/test/direct_publisher_test.go
+++ b/test/direct_publisher_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/test/direct_receiver_test.go b/test/direct_receiver_test.go
index 8fe76bf..ee1c1f2 100644
--- a/test/direct_receiver_test.go
+++ b/test/direct_receiver_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/test/helpers/builder_helpers.go b/test/helpers/builder_helpers.go
index 1bc26c5..15ec5e8 100644
--- a/test/helpers/builder_helpers.go
+++ b/test/helpers/builder_helpers.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/test/helpers/error_helpers.go b/test/helpers/error_helpers.go
index b842c4f..7df5bfd 100644
--- a/test/helpers/error_helpers.go
+++ b/test/helpers/error_helpers.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/test/helpers/lifecycle_helpers.go b/test/helpers/lifecycle_helpers.go
index 211a48e..0a62d0e 100644
--- a/test/helpers/lifecycle_helpers.go
+++ b/test/helpers/lifecycle_helpers.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/test/helpers/messaging_service_helpers.go b/test/helpers/messaging_service_helpers.go
index 9678ff8..adce1dc 100644
--- a/test/helpers/messaging_service_helpers.go
+++ b/test/helpers/messaging_service_helpers.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/test/helpers/resource_helpers.go b/test/helpers/resource_helpers.go
index a4680a0..d765661 100644
--- a/test/helpers/resource_helpers.go
+++ b/test/helpers/resource_helpers.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/test/helpers/semp_helpers.go b/test/helpers/semp_helpers.go
index 7950df5..f8b272b 100644
--- a/test/helpers/semp_helpers.go
+++ b/test/helpers/semp_helpers.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@ package helpers
 import (
 	"solace.dev/go/messaging/test/sempclient/config"
 	"solace.dev/go/messaging/test/testcontext"
+	"time"
 )
 
 // Our generated SEMPv2 client has **bool as the datatype for booleans to be able to differentiate between "missing" and "false"
@@ -114,3 +115,108 @@ func RemovePublishTopicException(topicString string) {
 		topicString,
 	)
 }
+
+// HasDomainCertAuthority function
+func HasDomainCertAuthority(certAuthName string) (bool, error) {
+	var found bool
+	var err error
+	var certAuthResp config.DomainCertAuthoritiesResponse
+	// determine if DomainCertAuhtority exists
+	certAuthResp, _, err = testcontext.SEMP().Config().DomainCertAuthorityApi.GetDomainCertAuthorities(
+		testcontext.SEMP().ConfigCtx(),
+		nil,
+	)
+	if err != nil {
+		return false, err
+	}
+	if domainCertAuths := certAuthResp.Data; domainCertAuths != nil {
+		for _, domainCertAuth := range domainCertAuths {
+			if domainCertAuth.CertAuthorityName == certAuthName {
+				found = true
+				break
+			}
+		}
+		return found, err
+	}
+	return false, err
+}
+
+// EnsureCreateDomainCertAuthority function
+func EnsureCreateDomainCertAuthority(certAuthName string, certContent string) error {
+	var err error
+	var found bool
+	found, err = HasDomainCertAuthority(certAuthName)
+	if err != nil {
+		return err
+	}
+	// repeat the create http request until the broker has the certificate authority
+	for !found {
+		_, _, err = testcontext.SEMP().Config().DomainCertAuthorityApi.CreateDomainCertAuthority(
+			testcontext.SEMP().ConfigCtx(), config.DomainCertAuthority{
+				CertAuthorityName: certAuthName,
+				CertContent:       certContent,
+			}, nil)
+		if err != nil {
+			return err
+		}
+		// wait for base semp service to reload
+		err = testcontext.WaitForSEMPReachable()
+		if err != nil {
+			return err
+		}
+		// ensure domain certification authority exists on the broker
+		// wait up to 30 secs after the service is back is overkill however to have an exit condition to prevent hung tests
+		for i := 0; i < 30; i++ {
+			found, err = HasDomainCertAuthority(certAuthName)
+
+			if err != nil {
+				// the broker can sometimes fail to have semp up after cert auth change
+				time.Sleep(1 * time.Second)
+			} else {
+				break
+			}
+		}
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// EnsureDeleteCertAuthrity function
+func EnsureDeleteDomainCertAuthority(certAuthName string) error {
+	var found bool
+	var err error
+	found, err = HasDomainCertAuthority(certAuthName)
+	if err != nil {
+		return err
+	}
+	for found {
+		_, _, err = testcontext.SEMP().Config().DomainCertAuthorityApi.DeleteDomainCertAuthority(
+			testcontext.SEMP().ConfigCtx(),
+			certAuthName,
+		)
+		if err != nil {
+			return err
+		}
+		err = testcontext.WaitForSEMPReachable()
+		if err != nil {
+			return err
+		}
+		// ensure domain certification authority does not exist on the broker
+		// wait up to 30 secs after the service is back is overkill however to have an exit condition to prevent hung tests
+		for i := 0; i < 30; i++ {
+			found, err = HasDomainCertAuthority(certAuthName)
+			if err != nil {
+				// the broker can sometimes fail to have semp up after cert auth change
+				time.Sleep(1 * time.Second)
+			} else {
+				break
+			}
+		}
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/test/helpers/toxic_helpers.go b/test/helpers/toxic_helpers.go
index d7d9bd1..ef252ee 100644
--- a/test/helpers/toxic_helpers.go
+++ b/test/helpers/toxic_helpers.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/test/kerberos_test.go b/test/kerberos_test.go
index 2ad3a2b..cc3d043 100644
--- a/test/kerberos_test.go
+++ b/test/kerberos_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/test/main_test.go b/test/main_test.go
index bfb6acb..5781004 100644
--- a/test/main_test.go
+++ b/test/main_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/test/message_test.go b/test/message_test.go
index f4b60d2..f0cadf3 100644
--- a/test/message_test.go
+++ b/test/message_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/test/messaging_service_test.go b/test/messaging_service_test.go
index 211bd3e..79fa907 100644
--- a/test/messaging_service_test.go
+++ b/test/messaging_service_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -359,6 +359,8 @@ var _ = Describe("MessagingService Lifecycle", func() {
 						time.Sleep(100 * time.Millisecond)
 					}
 					Expect(err).ToNot(HaveOccurred())
+					err = testcontext.WaitForSEMPReachable()
+					Expect(err).ToNot(HaveOccurred())
 				})
 				AfterEach(func() {
 					certContent, err := ioutil.ReadFile(constants.ValidServerCertificate)
@@ -375,6 +377,8 @@ var _ = Describe("MessagingService Lifecycle", func() {
 						time.Sleep(100 * time.Millisecond)
 					}
 					Expect(err).ToNot(HaveOccurred())
+					err = testcontext.WaitForSEMPReachable()
+					Expect(err).ToNot(HaveOccurred())
 				})
 
 				When("using a server certificate with bad SAN", func() {
@@ -481,7 +485,7 @@ var _ = Describe("MessagingService Lifecycle", func() {
 						Expect(err).ToNot(HaveOccurred())
 						// sometimes this SEMP command fails on Git Actions. Retry
 						for i := 0; i < 5; i++ {
-							_, _, err = testcontext.SEMP().Config().CertAuthorityApi.CreateCertAuthority(testcontext.SEMP().ConfigCtx(), sempconfig.CertAuthority{
+							_, _, err = testcontext.SEMP().Config().ClientCertAuthorityApi.CreateClientCertAuthority(testcontext.SEMP().ConfigCtx(), sempconfig.ClientCertAuthority{
 								CertAuthorityName:           certificateAuthorityName,
 								CertContent:                 string(certContent),
 								CrlDayList:                  "daily",
@@ -503,7 +507,7 @@ var _ = Describe("MessagingService Lifecycle", func() {
 						_, _, err := testcontext.SEMP().Config().MsgVpnApi.UpdateMsgVpn(testcontext.SEMP().ConfigCtx(),
 							sempconfig.MsgVpn{AuthenticationClientCertEnabled: helpers.False}, testcontext.Messaging().VPN, nil)
 						Expect(err).ToNot(HaveOccurred())
-						_, _, err = testcontext.SEMP().Config().CertAuthorityApi.DeleteCertAuthority(testcontext.SEMP().ConfigCtx(), certificateAuthorityName)
+						_, _, err = testcontext.SEMP().Config().ClientCertAuthorityApi.DeleteClientCertAuthority(testcontext.SEMP().ConfigCtx(), certificateAuthorityName)
 						Expect(err).ToNot(HaveOccurred())
 					})
 					It("should be able to connect to the broker configured via properties", func() {
@@ -688,7 +692,7 @@ var _ = Describe("MessagingService Lifecycle", func() {
 							Expect(err).ToNot(HaveOccurred())
 							certContent, err := ioutil.ReadFile(constants.InvalidClientCertificatePEM)
 							Expect(err).ToNot(HaveOccurred())
-							_, _, err = testcontext.SEMP().Config().CertAuthorityApi.CreateCertAuthority(testcontext.SEMP().ConfigCtx(), sempconfig.CertAuthority{
+							_, _, err = testcontext.SEMP().Config().ClientCertAuthorityApi.CreateClientCertAuthority(testcontext.SEMP().ConfigCtx(), sempconfig.ClientCertAuthority{
 								CertAuthorityName:           certificateAuthorityName,
 								CertContent:                 string(certContent),
 								CrlDayList:                  "daily",
@@ -705,7 +709,7 @@ var _ = Describe("MessagingService Lifecycle", func() {
 							_, _, err := testcontext.SEMP().Config().MsgVpnApi.UpdateMsgVpn(testcontext.SEMP().ConfigCtx(),
 								sempconfig.MsgVpn{AuthenticationClientCertEnabled: helpers.False}, testcontext.Messaging().VPN, nil)
 							Expect(err).ToNot(HaveOccurred())
-							_, _, err = testcontext.SEMP().Config().CertAuthorityApi.DeleteCertAuthority(testcontext.SEMP().ConfigCtx(), certificateAuthorityName)
+							_, _, err = testcontext.SEMP().Config().ClientCertAuthorityApi.DeleteClientCertAuthority(testcontext.SEMP().ConfigCtx(), certificateAuthorityName)
 							Expect(err).ToNot(HaveOccurred())
 						})
 						It("fails to connect with client certificate authentication", func() {
@@ -715,7 +719,7 @@ var _ = Describe("MessagingService Lifecycle", func() {
 								constants.ValidCertificateKeyPassword,
 							))
 							helpers.TestFailedConnectMessagingService(builder, func(err error) {
-								Expect(err.Error()).To(ContainSubstring("Certificate Error"))
+								Expect(err.Error()).To(ContainSubstring("Untrusted Certificate"))
 							})
 						})
 					}) // Invalid Client Cert end
diff --git a/test/metrics_test.go b/test/metrics_test.go
index 04615a4..5c6da78 100644
--- a/test/metrics_test.go
+++ b/test/metrics_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/test/missing_resource_test.go b/test/missing_resource_test.go
index 5823d51..b2269b9 100644
--- a/test/missing_resource_test.go
+++ b/test/missing_resource_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/test/oauth_test.go b/test/oauth_test.go
index a73b108..6668639 100644
--- a/test/oauth_test.go
+++ b/test/oauth_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -19,7 +19,7 @@ package test
 import (
 	"fmt"
 	"io/ioutil"
-        "time"
+	"time"
 
 	"solace.dev/go/messaging"
 	"solace.dev/go/messaging/pkg/solace"
@@ -52,29 +52,28 @@ var _ = Describe("OAuth Strategy", func() {
 	Describe("When OAuth Authentication is allowed on the Message VPN", func() {
 
 		BeforeEach(func() {
-			if testcontext.OAuth().Hostname == "" {
-				Skip("No OAuth server found")
+			if testcontext.OAuth().Hostname == "" || testcontext.OAuth().Endpoints == nil {
+				Skip("No OAuth server endpoints found")
 			}
+			var endpointJwks string
+			var endpointUserInfo string
 
-			endpointJwks := fmt.Sprintf("https://%s:4400/", testcontext.OAuth().Hostname)
-			endpointUserInfo := fmt.Sprintf("https://%s:4401/", testcontext.OAuth().Hostname)
+			if testcontext.OAuth().Endpoints.JwksEndpoint == "" {
+				endpointJwks = fmt.Sprintf("https://%s:30000/", testcontext.OAuth().Hostname)
+			} else {
+				endpointJwks = testcontext.OAuth().Endpoints.JwksEndpoint
+			}
+			if testcontext.OAuth().Endpoints.UserInfoEndpoint == "" {
+				endpointUserInfo = fmt.Sprintf("https://%s:30001/", testcontext.OAuth().Hostname)
+			} else {
+				endpointUserInfo = testcontext.OAuth().Endpoints.UserInfoEndpoint
+			}
 
 			var err error
 			certContent, err := ioutil.ReadFile(constants.ValidClientCertificatePEM)
 			Expect(err).ToNot(HaveOccurred())
-			_, _, err = testcontext.SEMP().Config().CertAuthorityApi.CreateCertAuthority(testcontext.SEMP().ConfigCtx(), sempconfig.CertAuthority{
-				CertAuthorityName:           rootAuthorityName,
-				CertContent:                 string(certContent),
-				CrlDayList:                  "daily",
-				CrlTimeList:                 "3:00",
-				CrlUrl:                      "",
-				OcspNonResponderCertEnabled: helpers.False,
-				OcspOverrideUrl:             "",
-				OcspTimeout:                 5,
-				RevocationCheckEnabled:      helpers.False,
-			}, nil)
+			err = helpers.EnsureCreateDomainCertAuthority(rootAuthorityName, string(certContent))
 			Expect(err).ToNot(HaveOccurred())
-
 			_, _, err = testcontext.SEMP().Config().MsgVpnApi.UpdateMsgVpn(
 				testcontext.SEMP().ConfigCtx(),
 				sempconfig.MsgVpn{
@@ -200,13 +199,8 @@ var _ = Describe("OAuth Strategy", func() {
 				"solclient_oauth",
 			)
 			Expect(err).ToNot(HaveOccurred())
-
-			_, _, err = testcontext.SEMP().Config().CertAuthorityApi.DeleteCertAuthority(
-				testcontext.SEMP().ConfigCtx(),
-				rootAuthorityName,
-			)
+			err = helpers.EnsureDeleteDomainCertAuthority(rootAuthorityName)
 			Expect(err).ToNot(HaveOccurred())
-
 			if messagingService.IsConnected() {
 				helpers.DisconnectMessagingService(messagingService)
 			}
@@ -234,259 +228,259 @@ var _ = Describe("OAuth Strategy", func() {
 			Entry("When given access token d, no id token and an issuer identifier", tokenD, "", issuerIdentifier),
 		)
 
-                Describe("When the messaging service tries to connect after multiple token updates", func() {
-                        Context("When the multiple updates were applied before the first connection with valid tokens", func() {
-                                It("should not fail when trying to connect the messaging service", func() {
-                                        var err error
-                                        // We first set the tokens and issuer identifier to empty strings to prove that the update
-                                        // later on actually worked. If the update doesn't work, the connection attempt will fail
-                                        // because the original tokens were invalid. If the connection attempt succeeds, it is only
-                                        // because the service token properties were successfully updated.
-                                        messagingService, err = builder.WithAuthenticationStrategy(config.OAuth2Authentication(
-                                                "invalid access token",
-                                                "invalid id token",
-                                                "",
-                                        )).Build()
-                                        Expect(err).ToNot(HaveOccurred())
-
-                                        // First round of updates
-                                        err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2OIDCIDToken, tokenB)
-                                        Expect(err).ToNot(HaveOccurred())
-                                        err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2AccessToken, tokenC)
-                                        Expect(err).ToNot(HaveOccurred())
-
-                                        // Second round of updates
-                                        err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2OIDCIDToken, tokenB)
-                                        Expect(err).ToNot(HaveOccurred())
-                                        err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2AccessToken, tokenC)
-                                        Expect(err).ToNot(HaveOccurred())
-
-                                        helpers.ConnectMessagingService(messagingService)
-                                        // Validation of connection state occurs within the ConnectMessagingService
-                                        // and DisconnectMessagingService methods
-                                        helpers.DisconnectMessagingService(messagingService)
-                                })
-                        })
-
-                        Context("When the multiple updates were applied after the first connection with valid tokens", func() {
-                                It("should not fail when trying to reconnect the messaging service", func() {
-                                        var err error
-
-                                        messagingService, err = builder.WithAuthenticationStrategy(config.OAuth2Authentication(
-                                                tokenC,
-                                                tokenB,
-                                                "",
-                                        )).WithReconnectionRetryStrategy(config.RetryStrategyForeverRetry()).Build()
-                                        Expect(err).ToNot(HaveOccurred())
-
-                                        helpers.ConnectMessagingService(messagingService)
-
-                                        // First round of updates
-                                        // Updating the ID token to the same value is not redundant because we are verifying that the update
-                                        // of that property can occur at all, regardless of the value being different.
-                                        err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2OIDCIDToken, tokenB)
-                                        Expect(err).ToNot(HaveOccurred())
-                                        err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2AccessToken, tokenD)
-                                        Expect(err).ToNot(HaveOccurred())
-
-                                        // Second round of updates
-                                        // Updating the ID token to the same value is not redundant because we are verifying that the update
-                                        // of that property can occur at all, regardless of the value being different.
-                                        err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2OIDCIDToken, tokenB)
-                                        Expect(err).ToNot(HaveOccurred())
-                                        err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2AccessToken, tokenD)
-                                        Expect(err).ToNot(HaveOccurred())
-
-                                        reconnectChan := make(chan struct{})
-                                        messagingService.AddReconnectionListener(func(event solace.ServiceEvent) {
-                                                close(reconnectChan)
-                                        })
-
-                                        helpers.ForceDisconnectViaSEMPv2(messagingService)
-                                        Eventually(reconnectChan).Should(BeClosed())
-
-                                        // Clean up messaging service
-                                        helpers.DisconnectMessagingService(messagingService)
-                                })
-                        })
-                })
-
-                Describe("When the service tries to update the token in an invalid way", func() {
-                        Context("When the token is updated with an invalid token value after successfully connecting", func() {
-                                It("should fail to reconnect", func() {
-                                        var err error
-
-                                        messagingService, err = builder.WithAuthenticationStrategy(config.OAuth2Authentication(
-                                                tokenC,
-                                                tokenB,
-                                                "",
-                                        )).WithReconnectionRetryStrategy(config.RetryStrategyParameterizedRetry(1, 200*time.Millisecond)).Build()
-                                        Expect(err).ToNot(HaveOccurred())
-
-                                        helpers.ConnectMessagingService(messagingService)
-
-                                        // We are passing a non-empty string as the value for a valid token property, so we expect the update
-                                        // to not return any errors. Instead the error is expected to be returned later when we try to
-                                        // reconnect using the invalid token.
-                                        err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2OIDCIDToken, "invalid token")
-                                        Expect(err).ToNot(HaveOccurred())
-
-                                        err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2AccessToken, "invalid token")
-                                        Expect(err).ToNot(HaveOccurred())
-
-                                        reconnectChan := make(chan struct{})
-                                        messagingService.AddReconnectionListener(func(event solace.ServiceEvent) {
-                                                close(reconnectChan)
-                                        })
-
-                                        helpers.ForceDisconnectViaSEMPv2(messagingService)
-                                        Consistently(reconnectChan).ShouldNot(Receive())
-                                        Eventually(messagingService.IsConnected()).Should(BeFalse())
-
-                                        // The service should fail to reconnect above, so if the service is connected at this point,
-                                        // then there was an error that was not detected, so we will fail the test here, after
-                                        // cleaning up the service.
-                                        var messagingServiceIsConnected = messagingService.IsConnected()
-                                        helpers.DisconnectMessagingService(messagingService)
-
-                                        if messagingServiceIsConnected {
-                                                Fail("Service was expected to be disconnected, but instead was connected.")
-                                        }
-                                })
-                        })
-
-                        Context("When the token is updated with an invalid token type after successfully connecting", func() {
-                                It("should fail to reconnect", func() {
-                                        var err error
-
-                                        messagingService, err = builder.WithAuthenticationStrategy(config.OAuth2Authentication(
-                                                tokenC,
-                                                tokenB,
-                                                "",
-                                        )).WithReconnectionRetryStrategy(config.RetryStrategyParameterizedRetry(1, 200*time.Millisecond)).Build()
-                                        Expect(err).ToNot(HaveOccurred())
-
-                                        helpers.ConnectMessagingService(messagingService)
-
-                                        // We are passing a non-empty string as the value for a valid token property, so we expect the update
-                                        // to not return any errors. Instead the error is expected to be returned later when we try to
-                                        // reconnect using the invalid token.
-                                        err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2OIDCIDToken, 75)
-                                        Expect(err).ToNot(HaveOccurred())
-
-                                        err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2AccessToken, 75)
-                                        Expect(err).ToNot(HaveOccurred())
-
-                                        reconnectChan := make(chan struct{})
-                                        messagingService.AddReconnectionListener(func(event solace.ServiceEvent) {
-                                                close(reconnectChan)
-                                        })
-
-                                        helpers.ForceDisconnectViaSEMPv2(messagingService)
-                                        Consistently(reconnectChan).ShouldNot(Receive())
-                                        Eventually(messagingService.IsConnected()).Should(BeFalse())
-
-                                        // The service should fail to reconnect above, so if the service is connected at this point,
-                                        // then there was an error that was not detected, so we will fail the test here, after
-                                        // cleaning up the service.
-                                        var messagingServiceIsConnected = messagingService.IsConnected()
-                                        helpers.DisconnectMessagingService(messagingService)
-
-                                        if messagingServiceIsConnected {
-                                                Fail("Service was expected to be disconnected, but instead was connected.")
-                                        }
-                                })
-                        })
-
-                        Context("When the token is updated with a nil token value after successfully connecting", func() {
-                                It("should fail to reconnect", func() {
-                                        var err error
-
-                                        messagingService, err = builder.WithAuthenticationStrategy(config.OAuth2Authentication(
-                                                tokenC,
-                                                tokenB,
-                                                "",
-                                        )).WithReconnectionRetryStrategy(config.RetryStrategyParameterizedRetry(1, 200*time.Millisecond)).Build()
-                                        Expect(err).ToNot(HaveOccurred())
-
-                                        helpers.ConnectMessagingService(messagingService)
-
-                                        // We are passing a non-empty string as the value for a valid token property, so we expect the update
-                                        // to not return any errors. Instead the error is expected to be returned later when we try to
-                                        // reconnect using the invalid token.
-                                        err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2OIDCIDToken, nil)
-                                        Expect(err).ToNot(HaveOccurred())
-
-                                        err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2AccessToken, nil)
-                                        Expect(err).ToNot(HaveOccurred())
-
-                                        reconnectChan := make(chan struct{})
-                                        messagingService.AddReconnectionListener(func(event solace.ServiceEvent) {
-                                                close(reconnectChan)
-                                        })
-
-                                        helpers.ForceDisconnectViaSEMPv2(messagingService)
-                                        Consistently(reconnectChan).ShouldNot(Receive())
-                                        Eventually(messagingService.IsConnected()).Should(BeFalse())
-
-                                        // The service should fail to reconnect above, so if the service is connected at this point,
-                                        // then there was an error that was not detected, so we will fail the test here, after
-                                        // cleaning up the service.
-                                        var messagingServiceIsConnected = messagingService.IsConnected()
-                                        helpers.DisconnectMessagingService(messagingService)
-
-                                        if messagingServiceIsConnected {
-                                                Fail("Service was expected to be disconnected, but instead was connected.")
-                                        }
-                                })
-                        })
-
-                        Context("When the token is updated on a disconnected service", func() {
-                                It("should return an IllegalStateError", func() {
-                                        var err error
-
-                                        messagingService, err = builder.WithAuthenticationStrategy(config.OAuth2Authentication(
-                                                tokenC,
-                                                tokenB,
-                                                "",
-                                        )).Build()
-                                        Expect(err).ToNot(HaveOccurred())
-
-                                        // We need to connect and then disconnect the service to get the service into
-                                        // the `disconnected` state since it is valid for the application to update the
-                                        // tokens on a service that has not yet been connected, but not on one that is
-                                        // already disconnected.
-                                        helpers.ConnectMessagingService(messagingService)
-                                        helpers.DisconnectMessagingService(messagingService)
-                                        Expect(messagingService.IsConnected()).To(BeFalse())
-
-                                        err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2OIDCIDToken, tokenB)
-                                        Expect(err).To(HaveOccurred())
-                                        helpers.ValidateError(err, &solace.IllegalStateError{})
-
-                                        err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2AccessToken, tokenC)
-                                        Expect(err).To(HaveOccurred())
-                                        helpers.ValidateError(err, &solace.IllegalStateError{})
-                                })
-                        })
-
-                        Context("When an invalid property is used to update the token", func() {
-                                It("should return an IllegalArgumentError", func() {
-                                        var err error
-
-                                        messagingService, err = builder.WithAuthenticationStrategy(config.OAuth2Authentication(
-                                                tokenC,
-                                                tokenB,
-                                                "",
-                                        )).Build()
-                                        Expect(err).ToNot(HaveOccurred())
-
-                                        err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeBasicPassword, "arbitrary string")
-                                        Expect(err).To(HaveOccurred())
-                                        helpers.ValidateError(err, &solace.IllegalArgumentError{})
-                                })
-                        })
-                })
+		Describe("When the messaging service tries to connect after multiple token updates", func() {
+			Context("When the multiple updates were applied before the first connection with valid tokens", func() {
+				It("should not fail when trying to connect the messaging service", func() {
+					var err error
+					// We first set the tokens and issuer identifier to empty strings to prove that the update
+					// later on actually worked. If the update doesn't work, the connection attempt will fail
+					// because the original tokens were invalid. If the connection attempt succeeds, it is only
+					// because the service token properties were successfully updated.
+					messagingService, err = builder.WithAuthenticationStrategy(config.OAuth2Authentication(
+						"invalid access token",
+						"invalid id token",
+						"",
+					)).Build()
+					Expect(err).ToNot(HaveOccurred())
+
+					// First round of updates
+					err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2OIDCIDToken, tokenB)
+					Expect(err).ToNot(HaveOccurred())
+					err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2AccessToken, tokenC)
+					Expect(err).ToNot(HaveOccurred())
+
+					// Second round of updates
+					err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2OIDCIDToken, tokenB)
+					Expect(err).ToNot(HaveOccurred())
+					err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2AccessToken, tokenC)
+					Expect(err).ToNot(HaveOccurred())
+
+					helpers.ConnectMessagingService(messagingService)
+					// Validation of connection state occurs within the ConnectMessagingService
+					// and DisconnectMessagingService methods
+					helpers.DisconnectMessagingService(messagingService)
+				})
+			})
+
+			Context("When the multiple updates were applied after the first connection with valid tokens", func() {
+				It("should not fail when trying to reconnect the messaging service", func() {
+					var err error
+
+					messagingService, err = builder.WithAuthenticationStrategy(config.OAuth2Authentication(
+						tokenC,
+						tokenB,
+						"",
+					)).WithReconnectionRetryStrategy(config.RetryStrategyForeverRetry()).Build()
+					Expect(err).ToNot(HaveOccurred())
+
+					helpers.ConnectMessagingService(messagingService)
+
+					// First round of updates
+					// Updating the ID token to the same value is not redundant because we are verifying that the update
+					// of that property can occur at all, regardless of the value being different.
+					err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2OIDCIDToken, tokenB)
+					Expect(err).ToNot(HaveOccurred())
+					err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2AccessToken, tokenD)
+					Expect(err).ToNot(HaveOccurred())
+
+					// Second round of updates
+					// Updating the ID token to the same value is not redundant because we are verifying that the update
+					// of that property can occur at all, regardless of the value being different.
+					err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2OIDCIDToken, tokenB)
+					Expect(err).ToNot(HaveOccurred())
+					err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2AccessToken, tokenD)
+					Expect(err).ToNot(HaveOccurred())
+
+					reconnectChan := make(chan struct{})
+					messagingService.AddReconnectionListener(func(event solace.ServiceEvent) {
+						close(reconnectChan)
+					})
+
+					helpers.ForceDisconnectViaSEMPv2(messagingService)
+					Eventually(reconnectChan).Should(BeClosed())
+
+					// Clean up messaging service
+					helpers.DisconnectMessagingService(messagingService)
+				})
+			})
+		})
+
+		Describe("When the service tries to update the token in an invalid way", func() {
+			Context("When the token is updated with an invalid token value after successfully connecting", func() {
+				It("should fail to reconnect", func() {
+					var err error
+
+					messagingService, err = builder.WithAuthenticationStrategy(config.OAuth2Authentication(
+						tokenC,
+						tokenB,
+						"",
+					)).WithReconnectionRetryStrategy(config.RetryStrategyParameterizedRetry(1, 200*time.Millisecond)).Build()
+					Expect(err).ToNot(HaveOccurred())
+
+					helpers.ConnectMessagingService(messagingService)
+
+					// We are passing a non-empty string as the value for a valid token property, so we expect the update
+					// to not return any errors. Instead the error is expected to be returned later when we try to
+					// reconnect using the invalid token.
+					err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2OIDCIDToken, "invalid token")
+					Expect(err).ToNot(HaveOccurred())
+
+					err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2AccessToken, "invalid token")
+					Expect(err).ToNot(HaveOccurred())
+
+					reconnectChan := make(chan struct{})
+					messagingService.AddReconnectionListener(func(event solace.ServiceEvent) {
+						close(reconnectChan)
+					})
+
+					helpers.ForceDisconnectViaSEMPv2(messagingService)
+					Consistently(reconnectChan).ShouldNot(Receive())
+					Eventually(messagingService.IsConnected()).Should(BeFalse())
+
+					// The service should fail to reconnect above, so if the service is connected at this point,
+					// then there was an error that was not detected, so we will fail the test here, after
+					// cleaning up the service.
+					var messagingServiceIsConnected = messagingService.IsConnected()
+					helpers.DisconnectMessagingService(messagingService)
+
+					if messagingServiceIsConnected {
+						Fail("Service was expected to be disconnected, but instead was connected.")
+					}
+				})
+			})
+
+			Context("When the token is updated with an invalid token type after successfully connecting", func() {
+				It("should fail to reconnect", func() {
+					var err error
+
+					messagingService, err = builder.WithAuthenticationStrategy(config.OAuth2Authentication(
+						tokenC,
+						tokenB,
+						"",
+					)).WithReconnectionRetryStrategy(config.RetryStrategyParameterizedRetry(1, 200*time.Millisecond)).Build()
+					Expect(err).ToNot(HaveOccurred())
+
+					helpers.ConnectMessagingService(messagingService)
+
+					// We are passing a non-empty string as the value for a valid token property, so we expect the update
+					// to not return any errors. Instead the error is expected to be returned later when we try to
+					// reconnect using the invalid token.
+					err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2OIDCIDToken, 75)
+					Expect(err).ToNot(HaveOccurred())
+
+					err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2AccessToken, 75)
+					Expect(err).ToNot(HaveOccurred())
+
+					reconnectChan := make(chan struct{})
+					messagingService.AddReconnectionListener(func(event solace.ServiceEvent) {
+						close(reconnectChan)
+					})
+
+					helpers.ForceDisconnectViaSEMPv2(messagingService)
+					Consistently(reconnectChan).ShouldNot(Receive())
+					Eventually(messagingService.IsConnected()).Should(BeFalse())
+
+					// The service should fail to reconnect above, so if the service is connected at this point,
+					// then there was an error that was not detected, so we will fail the test here, after
+					// cleaning up the service.
+					var messagingServiceIsConnected = messagingService.IsConnected()
+					helpers.DisconnectMessagingService(messagingService)
+
+					if messagingServiceIsConnected {
+						Fail("Service was expected to be disconnected, but instead was connected.")
+					}
+				})
+			})
+
+			Context("When the token is updated with a nil token value after successfully connecting", func() {
+				It("should fail to reconnect", func() {
+					var err error
+
+					messagingService, err = builder.WithAuthenticationStrategy(config.OAuth2Authentication(
+						tokenC,
+						tokenB,
+						"",
+					)).WithReconnectionRetryStrategy(config.RetryStrategyParameterizedRetry(1, 200*time.Millisecond)).Build()
+					Expect(err).ToNot(HaveOccurred())
+
+					helpers.ConnectMessagingService(messagingService)
+
+					// We are passing a non-empty string as the value for a valid token property, so we expect the update
+					// to not return any errors. Instead the error is expected to be returned later when we try to
+					// reconnect using the invalid token.
+					err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2OIDCIDToken, nil)
+					Expect(err).ToNot(HaveOccurred())
+
+					err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2AccessToken, nil)
+					Expect(err).ToNot(HaveOccurred())
+
+					reconnectChan := make(chan struct{})
+					messagingService.AddReconnectionListener(func(event solace.ServiceEvent) {
+						close(reconnectChan)
+					})
+
+					helpers.ForceDisconnectViaSEMPv2(messagingService)
+					Consistently(reconnectChan).ShouldNot(Receive())
+					Eventually(messagingService.IsConnected()).Should(BeFalse())
+
+					// The service should fail to reconnect above, so if the service is connected at this point,
+					// then there was an error that was not detected, so we will fail the test here, after
+					// cleaning up the service.
+					var messagingServiceIsConnected = messagingService.IsConnected()
+					helpers.DisconnectMessagingService(messagingService)
+
+					if messagingServiceIsConnected {
+						Fail("Service was expected to be disconnected, but instead was connected.")
+					}
+				})
+			})
+
+			Context("When the token is updated on a disconnected service", func() {
+				It("should return an IllegalStateError", func() {
+					var err error
+
+					messagingService, err = builder.WithAuthenticationStrategy(config.OAuth2Authentication(
+						tokenC,
+						tokenB,
+						"",
+					)).Build()
+					Expect(err).ToNot(HaveOccurred())
+
+					// We need to connect and then disconnect the service to get the service into
+					// the `disconnected` state since it is valid for the application to update the
+					// tokens on a service that has not yet been connected, but not on one that is
+					// already disconnected.
+					helpers.ConnectMessagingService(messagingService)
+					helpers.DisconnectMessagingService(messagingService)
+					Expect(messagingService.IsConnected()).To(BeFalse())
+
+					err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2OIDCIDToken, tokenB)
+					Expect(err).To(HaveOccurred())
+					helpers.ValidateError(err, &solace.IllegalStateError{})
+
+					err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeOAuth2AccessToken, tokenC)
+					Expect(err).To(HaveOccurred())
+					helpers.ValidateError(err, &solace.IllegalStateError{})
+				})
+			})
+
+			Context("When an invalid property is used to update the token", func() {
+				It("should return an IllegalArgumentError", func() {
+					var err error
+
+					messagingService, err = builder.WithAuthenticationStrategy(config.OAuth2Authentication(
+						tokenC,
+						tokenB,
+						"",
+					)).Build()
+					Expect(err).ToNot(HaveOccurred())
+
+					err = messagingService.UpdateProperty(config.AuthenticationPropertySchemeBasicPassword, "arbitrary string")
+					Expect(err).To(HaveOccurred())
+					helpers.ValidateError(err, &solace.IllegalArgumentError{})
+				})
+			})
+		})
 
 		DescribeTable("Messaging Service fails to connect",
 			func(access, id, issuer string) {
diff --git a/test/persistent_publisher_test.go b/test/persistent_publisher_test.go
index 9baade7..c522478 100644
--- a/test/persistent_publisher_test.go
+++ b/test/persistent_publisher_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/test/persistent_receiver_test.go b/test/persistent_receiver_test.go
index 3574632..194dd14 100644
--- a/test/persistent_receiver_test.go
+++ b/test/persistent_receiver_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -1433,7 +1433,7 @@ var _ = Describe("PersistentReceiver", func() {
 						helpers.ValidateError(err, &solace.MessageReplayError{})
 						var wrapped *solace.NativeError
 						Expect(errors.As(err, &wrapped)).To(BeTrue())
-						helpers.ValidateNativeError(wrapped, subcode.ReplayTemporaryNotSupported)
+						helpers.ValidateNativeError(wrapped, subcode.ReplayTemporaryNotSupported, subcode.ReplayAnonymousNotSupported)
 					})
 
 				})
diff --git a/test/rgmid_test.go b/test/rgmid_test.go
index 99564a8..77f032f 100644
--- a/test/rgmid_test.go
+++ b/test/rgmid_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/test/sdt_test.go b/test/sdt_test.go
index 8654130..4b28918 100644
--- a/test/sdt_test.go
+++ b/test/sdt_test.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/test/sempclient/Dockerfile b/test/sempclient/Dockerfile
new file mode 100644
index 0000000..cab48c4
--- /dev/null
+++ b/test/sempclient/Dockerfile
@@ -0,0 +1,28 @@
+# pubsubplus-go-client
+#
+# Copyright 2023 Solace Corporation. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Based on https://github.com/swagger-api/swagger-codegen/blob/3.0.0/modules/swagger-codegen-cli/Dockerfile as general reference
+# specifically using https://github.com/swagger-api/swagger-codegen/blob/v3.0.40/modules/swagger-codegen-cli/Dockerfile as reference
+# use openjdk:8-jre-alpine as base as multi arch is supported for x86_64 and arm64
+FROM openjdk:8-jre-alpine
+#pull codegen jar from maven.org
+ARG SWAGGER_VER=3.0.40
+ENV SWAGGER_VERSION=${SWAGGER_VER}
+ADD https://repo1.maven.org/maven2/io/swagger/codegen/v3/swagger-codegen-cli/${SWAGGER_VERSION}/swagger-codegen-cli-${SWAGGER_VERSION}.jar /opt/swagger-codegen-cli/swagger-codegen-cli.jar
+# use entrypoint and cmd from reference dockerfile
+ENTRYPOINT ["java", "-jar", "/opt/swagger-codegen-cli/swagger-codegen-cli.jar"]
+
+CMD ["help"]
diff --git a/test/sempclient/makeclean b/test/sempclient/makeclean
new file mode 100755
index 0000000..85cd5d7
--- /dev/null
+++ b/test/sempclient/makeclean
@@ -0,0 +1,49 @@
+#! /bin/sh
+
+# pubsubplus-go-client
+#
+# Copyright 2023 Solace Corporation. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# generates a command equivalent to:
+# rm -rf /output/action/api /output/action/docs /output/action/.swagger-codegen* /output/action/*.go /output/action/*.sh /output/action/*.md /output/action/*.yml /output/action/.gitignore /output/monitor/api /output/monitor/docs /output/monitor/.swagger-codegen* /output/monitor/*.go /output/monitor/*.sh /output/monitor/*.md /output/monitor/*.yml /output/monitor/.gitignore /output/config/api /output/config/docs /output/action/.swagger-codegen* /output/config/*.go /output/config/*.sh /output/config/*.md /output/config/*.yml /output/config/.gitignore
+# This command can be run from the host or from the codegen container
+# The files to delete can change over time
+
+BASEDIR=$(cd $(dirname $0) && pwd)
+
+function cleanup_files() {
+    echo "from `pwd` cleanup $*"
+    rm -rf $*
+}
+function cleanup() {
+    echo "args $*"
+    echo "script dir $BASEDIR"
+    echo "Current dir `pwd`"
+
+    local gen_root_dir=${BASEDIR}
+    local gen_dirs=" action config monitor "
+    local sub_gen_dirs=".swagger-codegen* docs api"
+    local gen_files=" *.go *.sh *.md *.yml .gitignore .*.yml"
+
+    for topdir in $gen_dirs ; do
+        local cur_dir=$gen_root_dir/$topdir
+        if [[ -e $cur_dir ]]; then
+            (cd $cur_dir; cleanup_files $sub_gen_dirs ) && (cd $cur_dir; cleanup_files $gen_files )
+        fi
+    done
+
+}
+cleanup $*
diff --git a/test/sempclient/semp-client.go b/test/sempclient/semp-client.go
index f36fd79..cc87a4f 100644
--- a/test/sempclient/semp-client.go
+++ b/test/sempclient/semp-client.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -17,6 +17,11 @@
 // Package sempclient contains generated SEMPv2 code
 package sempclient
 
-//go:generate docker run --rm -v "$PWD/spec:/schema" -v "$PWD:/output" swaggerapi/swagger-codegen-cli-v3:3.0.27 generate -l go -i /schema/spec_action.json -o /output/action --type-mappings boolean=*bool --additional-properties packageName=action
-//go:generate docker run --rm -v "$PWD/spec:/schema" -v "$PWD:/output" swaggerapi/swagger-codegen-cli-v3:3.0.27 generate -l go -i /schema/spec_config.json -o /output/config --type-mappings boolean=*bool --additional-properties packageName=config
-//go:generate docker run --rm -v "$PWD/spec:/schema" -v "$PWD:/output" swaggerapi/swagger-codegen-cli-v3:3.0.27 generate -l go -i /schema/spec_monitor.json -o /output/monitor --type-mappings boolean=*bool --additional-properties packageName=monitor
+// create docker image based off of swaggerapi/swagger-codegen-cli-v3
+//go:generate docker build -f Dockerfile -t solace-semp-swagger-codegen-cli:3.0.27 --build-arg SWAGGER_VER=3.0.27 $PWD
+// clean previously generated semp files if any
+//go:generate docker run --rm -v "$PWD:/output" --entrypoint /bin/sh solace-semp-swagger-codegen-cli:3.0.27 -c "/output/makeclean"
+// generate new semp client files using umask 0000 to avoid host mahcine modidifcation after generation
+//go:generate docker run --rm -v "$PWD/spec:/schema" -v "$PWD:/output" --entrypoint /bin/sh solace-semp-swagger-codegen-cli:3.0.27 -c "umask 0000; java -jar /opt/swagger-codegen-cli/swagger-codegen-cli.jar generate -l go -i /schema/spec_action.json -o /output/action --type-mappings boolean=*bool --additional-properties packageName=action"
+//go:generate docker run --rm -v "$PWD/spec:/schema" -v "$PWD:/output" --entrypoint /bin/sh solace-semp-swagger-codegen-cli:3.0.27 -c "umask 0000; java -jar /opt/swagger-codegen-cli/swagger-codegen-cli.jar generate -l go -i /schema/spec_config.json -o /output/config --type-mappings boolean=*bool --additional-properties packageName=config"
+//go:generate docker run --rm -v "$PWD/spec:/schema" -v "$PWD:/output" --entrypoint /bin/sh solace-semp-swagger-codegen-cli:3.0.27 -c "umask 0000; java -jar /opt/swagger-codegen-cli/swagger-codegen-cli.jar generate -l go -i /schema/spec_monitor.json -o /output/monitor --type-mappings boolean=*bool --additional-properties packageName=monitor"
diff --git a/test/sempclient/spec/spec_action.json b/test/sempclient/spec/spec_action.json
index d809408..3188c8b 100644
--- a/test/sempclient/spec/spec_action.json
+++ b/test/sempclient/spec/spec_action.json
@@ -288,7 +288,7 @@
           "type": "string"
         },
         "sessionsUri": {
-          "description": "The URI of this Broker's collection of Session objects. Available since 2.21.",
+          "description": "The URI of this Broker's collection of SEMP Session objects. Available since 2.21.",
           "type": "string"
         },
         "uri": {
@@ -450,7 +450,7 @@
     "ConfigSyncAssertLeaderMsgVpn": {
       "properties": {
         "msgVpnName": {
-          "description": "The name of the Message VPN. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4.",
+          "description": "The name of the Message VPN.",
           "type": "string"
         }
       },
@@ -463,7 +463,7 @@
     "ConfigSyncResyncFollowerMsgVpn": {
       "properties": {
         "msgVpnName": {
-          "description": "The name of the Message VPN. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4.",
+          "description": "The name of the Message VPN.",
           "type": "string"
         }
       },
@@ -472,7 +472,7 @@
     "ConfigSyncResyncLeaderMsgVpn": {
       "properties": {
         "msgVpnName": {
-          "description": "The name of the Message VPN. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4.",
+          "description": "The name of the Message VPN.",
           "type": "string"
         }
       },
@@ -664,7 +664,7 @@
     "MsgVpnBridgeClearEvent": {
       "properties": {
         "eventName": {
-          "description": "The name of the event. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. The allowed values and their meaning are:\n\n<pre>\n\"ttl-exceeded\" - Time to live exceeded event.\n</pre>\n",
+          "description": "The name of the event. The allowed values and their meaning are:\n\n<pre>\n\"ttl-exceeded\" - Time to live exceeded event.\n</pre>\n",
           "enum": [
             "ttl-exceeded"
           ],
@@ -774,7 +774,7 @@
     "MsgVpnClientClearEvent": {
       "properties": {
         "eventName": {
-          "description": "The name of the event. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. The allowed values and their meaning are:\n\n<pre>\n\"large-message\" - The Client large message received event.\n\"message-too-big\" - The Client message too big event.\n\"parse-error\" - The Client parse error event.\n\"max-eliding-topic-count\" - The Client maximum eliding topics reached event.\n</pre>\n",
+          "description": "The name of the event. The allowed values and their meaning are:\n\n<pre>\n\"large-message\" - The Client large message received event.\n\"message-too-big\" - The Client message too big event.\n\"parse-error\" - The Client parse error event.\n\"max-eliding-topic-count\" - The Client maximum eliding topics reached event.\n</pre>\n",
           "enum": [
             "large-message",
             "message-too-big",
@@ -987,7 +987,7 @@
     "MsgVpnDistributedCacheClusterInstanceBackupCachedMsgs": {
       "properties": {
         "filename": {
-          "description": "The filename for storing the cached messages. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4.",
+          "description": "The filename for storing the cached messages.",
           "type": "string"
         }
       },
@@ -1004,7 +1004,7 @@
     "MsgVpnDistributedCacheClusterInstanceClearEvent": {
       "properties": {
         "eventName": {
-          "description": "The name of the event. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. The allowed values and their meaning are:\n\n<pre>\n\"lost-message\" - Lost message event.\n</pre>\n",
+          "description": "The name of the event. The allowed values and their meaning are:\n\n<pre>\n\"lost-message\" - Lost message event.\n</pre>\n",
           "enum": [
             "lost-message"
           ],
@@ -1020,7 +1020,7 @@
     "MsgVpnDistributedCacheClusterInstanceDeleteMsgs": {
       "properties": {
         "topic": {
-          "description": "The topic covering the messages to delete. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4.",
+          "description": "The topic covering the messages to delete.",
           "type": "string"
         }
       },
@@ -1087,7 +1087,7 @@
     "MsgVpnDistributedCacheClusterInstanceRestoreCachedMsgs": {
       "properties": {
         "filename": {
-          "description": "The filename for restoring the cached messages. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4.",
+          "description": "The filename for restoring the cached messages.",
           "type": "string"
         }
       },
@@ -1390,7 +1390,7 @@
     "MsgVpnQueueCancelReplay": {
       "properties": {
         "forceComplete": {
-          "description": "Force cancellation to complete without waiting for client unbind ack. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4.",
+          "description": "Force cancellation to complete without waiting for client unbind ack.",
           "type": "boolean"
         }
       },
@@ -1400,6 +1400,49 @@
       "properties": {},
       "type": "object"
     },
+    "MsgVpnQueueCopyMsgFromQueue": {
+      "properties": {
+        "replicationGroupMsgId": {
+          "description": "The Message to copy, identified by its Replication Group Message ID.",
+          "type": "string"
+        },
+        "sourceQueueName": {
+          "description": "The name of the Queue to copy the message from.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnQueueCopyMsgFromReplayLog": {
+      "properties": {
+        "replicationGroupMsgId": {
+          "description": "The Message to copy, identified by its Replication Group Message ID.",
+          "type": "string"
+        },
+        "sourceReplayLogName": {
+          "description": "The name of the Replay Log to copy the message from.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnQueueCopyMsgFromTopicEndpoint": {
+      "properties": {
+        "replicationGroupMsgId": {
+          "description": "The Message to copy, identified by its Replication Group Message ID.",
+          "type": "string"
+        },
+        "sourceTopicEndpointName": {
+          "description": "The name of the Topic Endpoint to copy the message from.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnQueueDeleteMsgs": {
+      "properties": {},
+      "type": "object"
+    },
     "MsgVpnQueueLinks": {
       "properties": {
         "cancelReplayUri": {
@@ -1410,6 +1453,22 @@
           "description": "The URI of this Queue's Clear Stats action.",
           "type": "string"
         },
+        "copyMsgFromQueueUri": {
+          "description": "The URI of this Queue's Copy Message From Queue action. Available since 2.29.",
+          "type": "string"
+        },
+        "copyMsgFromReplayLogUri": {
+          "description": "The URI of this Queue's Copy Message From Replay Log action. Available since 2.29.",
+          "type": "string"
+        },
+        "copyMsgFromTopicEndpointUri": {
+          "description": "The URI of this Queue's Copy Message From Topic Endpoint action. Available since 2.29.",
+          "type": "string"
+        },
+        "deleteMsgsUri": {
+          "description": "The URI of this Queue's Delete All Messages action. Available since 2.28.",
+          "type": "string"
+        },
         "msgsUri": {
           "description": "The URI of this Queue's collection of Queue Message objects.",
           "type": "string"
@@ -1520,16 +1579,16 @@
     "MsgVpnQueueStartReplay": {
       "properties": {
         "afterMsg": {
-          "description": "The Message after which to begin replay, identified by its Replication Group Message ID. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Available since 2.21.",
+          "description": "The Message after which to begin replay, identified by its Replication Group Message ID. Available since 2.21.",
           "type": "string"
         },
         "fromTime": {
-          "description": "The time to begin replaying messages from. The value must be no less than the time that the replay log was created. To play back the whole log, this parameter must be omitted. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
+          "description": "The time to begin replaying messages from. The value must be no less than the time that the replay log was created. To play back the whole log, this parameter must be omitted. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
           "format": "int32",
           "type": "integer"
         },
         "replayLogName": {
-          "description": "The name of the Replay Log. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4.",
+          "description": "The name of the Replay Log.",
           "type": "string"
         }
       },
@@ -1604,7 +1663,7 @@
     "MsgVpnReplayLogTrimLoggedMsgs": {
       "properties": {
         "olderThanTime": {
-          "description": "The time to use for trimming older messages. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
+          "description": "The time to use for trimming older messages. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
           "format": "int32",
           "type": "integer"
         }
@@ -1807,7 +1866,7 @@
     "MsgVpnTopicEndpointCancelReplay": {
       "properties": {
         "forceComplete": {
-          "description": "Force cancellation to complete without waiting for client unbind ack. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4.",
+          "description": "Force cancellation to complete without waiting for client unbind ack.",
           "type": "boolean"
         }
       },
@@ -1817,6 +1876,49 @@
       "properties": {},
       "type": "object"
     },
+    "MsgVpnTopicEndpointCopyMsgFromQueue": {
+      "properties": {
+        "replicationGroupMsgId": {
+          "description": "The Message to copy, identified by its Replication Group Message ID.",
+          "type": "string"
+        },
+        "sourceQueueName": {
+          "description": "The name of the Queue to copy the message from.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTopicEndpointCopyMsgFromReplayLog": {
+      "properties": {
+        "replicationGroupMsgId": {
+          "description": "The Message to copy, identified by its Replication Group Message ID.",
+          "type": "string"
+        },
+        "sourceReplayLogName": {
+          "description": "The name of the Replay Log to copy the message from.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTopicEndpointCopyMsgFromTopicEndpoint": {
+      "properties": {
+        "replicationGroupMsgId": {
+          "description": "The Message to copy, identified by its Replication Group Message ID.",
+          "type": "string"
+        },
+        "sourceTopicEndpointName": {
+          "description": "The name of the Topic Endpoint to copy the message from.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTopicEndpointDeleteMsgs": {
+      "properties": {},
+      "type": "object"
+    },
     "MsgVpnTopicEndpointLinks": {
       "properties": {
         "cancelReplayUri": {
@@ -1827,6 +1929,22 @@
           "description": "The URI of this Topic Endpoint's Clear Stats action.",
           "type": "string"
         },
+        "copyMsgFromQueueUri": {
+          "description": "The URI of this Topic Endpoint's Copy Message From Queue action. Available since 2.29.",
+          "type": "string"
+        },
+        "copyMsgFromReplayLogUri": {
+          "description": "The URI of this Topic Endpoint's Copy Message From Replay Log action. Available since 2.29.",
+          "type": "string"
+        },
+        "copyMsgFromTopicEndpointUri": {
+          "description": "The URI of this Topic Endpoint's Copy Message From Topic Endpoint action. Available since 2.29.",
+          "type": "string"
+        },
+        "deleteMsgsUri": {
+          "description": "The URI of this Topic Endpoint's Delete All Messages action. Available since 2.28.",
+          "type": "string"
+        },
         "msgsUri": {
           "description": "The URI of this Topic Endpoint's collection of Topic Endpoint Message objects.",
           "type": "string"
@@ -1937,16 +2055,16 @@
     "MsgVpnTopicEndpointStartReplay": {
       "properties": {
         "afterMsg": {
-          "description": "The Message after which to begin replay, identified by its Replication Group Message ID. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Available since 2.21.",
+          "description": "The Message after which to begin replay, identified by its Replication Group Message ID. Available since 2.21.",
           "type": "string"
         },
         "fromTime": {
-          "description": "The time to begin replaying messages from. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
+          "description": "The time to begin replaying messages from. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
           "format": "int32",
           "type": "integer"
         },
         "replayLogName": {
-          "description": "The name of the Replay Log. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4.",
+          "description": "The name of the Replay Log.",
           "type": "string"
         }
       },
@@ -2241,7 +2359,6 @@
         }
       },
       "required": [
-        "uri",
         "method"
       ],
       "type": "object"
@@ -2266,11 +2383,11 @@
     "SessionLinks": {
       "properties": {
         "deleteUri": {
-          "description": "The URI of this Session's Delete action.",
+          "description": "The URI of this SEMP Session's Delete action.",
           "type": "string"
         },
         "uri": {
-          "description": "The URI of this Session object.",
+          "description": "The URI of this SEMP Session object.",
           "type": "string"
         }
       },
@@ -2324,9 +2441,9 @@
       "name": "Solace",
       "url": "http://www.solace.com"
     },
-    "description": "SEMP (starting in `v2`, see note 1) is a RESTful API for configuring, monitoring, and administering a Solace PubSub+ broker.\n\nSEMP uses URIs to address manageable **resources** of the Solace PubSub+ broker. Resources are individual **objects**, **collections** of objects, or (exclusively in the action API) **actions**. This document applies to the following API:\n\n\nAPI|Base Path|Purpose|Comments\n:---|:---|:---|:---\nAction|/SEMP/v2/action|Performing actions|See note 2\n\n\n\nThe following APIs are also available:\n\n\nAPI|Base Path|Purpose|Comments\n:---|:---|:---|:---\nConfiguration|/SEMP/v2/config|Reading and writing config state|See note 2\nMonitoring|/SEMP/v2/monitor|Querying operational parameters|See note 2\n\n\n\nResources are always nouns, with individual objects being singular and collections being plural.\n\nObjects within a collection are identified by an `obj-id`, which follows the collection name with the form `collection-name/obj-id`.\n\nActions within an object are identified by an `action-id`, which follows the object name with the form `obj-id/action-id`.\n\nSome examples:\n\n```\n/SEMP/v2/config/msgVpns                        ; MsgVpn collection\n/SEMP/v2/config/msgVpns/a                      ; MsgVpn object named \"a\"\n/SEMP/v2/config/msgVpns/a/queues               ; Queue collection in MsgVpn \"a\"\n/SEMP/v2/config/msgVpns/a/queues/b             ; Queue object named \"b\" in MsgVpn \"a\"\n/SEMP/v2/action/msgVpns/a/queues/b/startReplay ; Action that starts a replay on Queue \"b\" in MsgVpn \"a\"\n/SEMP/v2/monitor/msgVpns/a/clients             ; Client collection in MsgVpn \"a\"\n/SEMP/v2/monitor/msgVpns/a/clients/c           ; Client object named \"c\" in MsgVpn \"a\"\n```\n\n## Collection Resources\n\nCollections are unordered lists of objects (unless described as otherwise), and are described by JSON arrays. Each item in the array represents an object in the same manner as the individual object would normally be represented. In the configuration API, the creation of a new object is done through its collection resource.\n\n## Object and Action Resources\n\nObjects are composed of attributes, actions, collections, and other objects. They are described by JSON objects as name/value pairs. The collections and actions of an object are not contained directly in the object's JSON content; rather the content includes an attribute containing a URI which points to the collections and actions. These contained resources must be managed through this URI. At a minimum, every object has one or more identifying attributes, and its own `uri` attribute which contains the URI pointing to itself.\n\nActions are also composed of attributes, and are described by JSON objects as name/value pairs. Unlike objects, however, they are not members of a collection and cannot be retrieved, only performed. Actions only exist in the action API.\n\nAttributes in an object or action may have any combination of the following properties:\n\n\nProperty|Meaning|Comments\n:---|:---|:---\nIdentifying|Attribute is involved in unique identification of the object, and appears in its URI|\nRequired|Attribute must be provided in the request|\nRead-Only|Attribute can only be read, not written.|See note 3\nWrite-Only|Attribute can only be written, not read, unless the attribute is also opaque|See the documentation for the opaque property\nRequires-Disable|Attribute can only be changed when object is disabled|\nDeprecated|Attribute is deprecated, and will disappear in the next SEMP version|\nOpaque|Attribute can be set or retrieved in opaque form when the `opaquePassword` query parameter is present|See the `opaquePassword` query parameter documentation\n\n\n\nIn some requests, certain attributes may only be provided in certain combinations with other attributes:\n\n\nRelationship|Meaning\n:---|:---\nRequires|Attribute may only be changed by a request if a particular attribute or combination of attributes is also provided in the request\nConflicts|Attribute may only be provided in a request if a particular attribute or combination of attributes is not also provided in the request\n\n\n\nIn the monitoring API, any non-identifying attribute may not be returned in a GET.\n\n## HTTP Methods\n\nThe following HTTP methods manipulate resources in accordance with these general principles. Note that some methods are only used in certain APIs:\n\n\nMethod|Resource|Meaning|Request Body|Response Body|Missing Request Attributes\n:---|:---|:---|:---|:---|:---\nPOST|Collection|Create object|Initial attribute values|Object attributes and metadata|Set to default\nPUT|Object|Create or replace object (see note 5)|New attribute values|Object attributes and metadata|Set to default, with certain exceptions (see note 4)\nPUT|Action|Performs action|Action arguments|Action metadata|N/A\nPATCH|Object|Update object|New attribute values|Object attributes and metadata|unchanged\nDELETE|Object|Delete object|Empty|Object metadata|N/A\nGET|Object|Get object|Empty|Object attributes and metadata|N/A\nGET|Collection|Get collection|Empty|Object attributes and collection metadata|N/A\n\n\n\n## Common Query Parameters\n\nThe following are some common query parameters that are supported by many method/URI combinations. Individual URIs may document additional parameters. Note that multiple query parameters can be used together in a single URI, separated by the ampersand character. For example:\n\n```\n; Request for the MsgVpns collection using two hypothetical query parameters\n; \"q1\" and \"q2\" with values \"val1\" and \"val2\" respectively\n/SEMP/v2/action/msgVpns?q1=val1&q2=val2\n```\n\n### select\n\nInclude in the response only selected attributes of the object, or exclude from the response selected attributes of the object. Use this query parameter to limit the size of the returned data for each returned object, return only those fields that are desired, or exclude fields that are not desired.\n\nThe value of `select` is a comma-separated list of attribute names. If the list contains attribute names that are not prefaced by `-`, only those attributes are included in the response. If the list contains attribute names that are prefaced by `-`, those attributes are excluded from the response. If the list contains both types, then the difference of the first set of attributes and the second set of attributes is returned. If the list is empty (i.e. `select=`), no attributes are returned.\n\nAll attributes that are prefaced by `-` must follow all attributes that are not prefaced by `-`. In addition, each attribute name in the list must match at least one attribute in the object.\n\nNames may include the `*` wildcard (zero or more characters). Nested attribute names are supported using periods (e.g. `parentName.childName`).\n\nSome examples:\n\n```\n; List of all MsgVpn names\n/SEMP/v2/action/msgVpns?select=msgVpnName\n; List of all MsgVpn and their attributes except for their names\n/SEMP/v2/action/msgVpns?select=-msgVpnName\n; Authentication attributes of MsgVpn \"finance\"\n/SEMP/v2/action/msgVpns/finance?select=authentication*\n; All attributes of MsgVpn \"finance\" except for authentication attributes\n/SEMP/v2/action/msgVpns/finance?select=-authentication*\n; Access related attributes of Queue \"orderQ\" of MsgVpn \"finance\"\n/SEMP/v2/action/msgVpns/finance/queues/orderQ?select=owner,permission\n```\n\n### where\n\nInclude in the response only objects where certain conditions are true. Use this query parameter to limit which objects are returned to those whose attribute values meet the given conditions.\n\nThe value of `where` is a comma-separated list of expressions. All expressions must be true for the object to be included in the response. Each expression takes the form:\n\n```\nexpression  = attribute-name OP value\nOP          = '==' | '!=' | '&lt;' | '&gt;' | '&lt;=' | '&gt;='\n```\n\n`value` may be a number, string, `true`, or `false`, as appropriate for the type of `attribute-name`. Greater-than and less-than comparisons only work for numbers. A `*` in a string `value` is interpreted as a wildcard (zero or more characters). Some examples:\n\n```\n; Only enabled MsgVpns\n/SEMP/v2/action/msgVpns?where=enabled==true\n; Only MsgVpns using basic non-LDAP authentication\n/SEMP/v2/action/msgVpns?where=authenticationBasicEnabled==true,authenticationBasicType!=ldap\n; Only MsgVpns that allow more than 100 client connections\n/SEMP/v2/action/msgVpns?where=maxConnectionCount>100\n; Only MsgVpns with msgVpnName starting with \"B\":\n/SEMP/v2/action/msgVpns?where=msgVpnName==B*\n```\n\n### count\n\nLimit the count of objects in the response. This can be useful to limit the size of the response for large collections. The minimum value for `count` is `1` and the default is `10`. There is also a per-collection maximum value to limit request handling time.\n\n`count` does not guarantee that a minimum number of objects will be returned. A page may contain fewer than `count` objects or even be empty. Additional objects may nonetheless be available for retrieval on subsequent pages. See the `cursor` query parameter documentation for more information on paging.\n\nFor example:\n```\n; Up to 25 MsgVpns\n/SEMP/v2/action/msgVpns?count=25\n```\n\n### cursor\n\nThe cursor, or position, for the next page of objects. Cursors are opaque data that should not be created or interpreted by SEMP clients, and should only be used as described below.\n\nWhen a request is made for a collection and there may be additional objects available for retrieval that are not included in the initial response, the response will include a `cursorQuery` field containing a cursor. The value of this field can be specified in the `cursor` query parameter of a subsequent request to retrieve the next page of objects. For convenience, an appropriate URI is constructed automatically by the broker and included in the `nextPageUri` field of the response. This URI can be used directly to retrieve the next page of objects.\n\nApplications must continue to follow the `nextPageUri` if one is provided in order to retrieve the full set of objects associated with the request, even if a page contains fewer than the requested number of objects (see the `count` query parameter documentation) or is empty.\n\n### opaquePassword\n\nAttributes with the opaque property are also write-only and so cannot normally be retrieved in a GET. However, when a password is provided in the `opaquePassword` query parameter, attributes with the opaque property are retrieved in a GET in opaque form, encrypted with this password. The query parameter can also be used on a POST, PATCH, or PUT to set opaque attributes using opaque attribute values retrieved in a GET, so long as:\n\n1. the same password that was used to retrieve the opaque attribute values is provided; and\n\n2. the broker to which the request is being sent has the same major and minor SEMP version as the broker that produced the opaque attribute values.\n\nThe password provided in the query parameter must be a minimum of 8 characters and a maximum of 128 characters.\n\nThe query parameter can only be used in the configuration API, and only over HTTPS.\n\n## Authentication\n\nWhen a client makes its first SEMPv2 request, it must supply a username and password using HTTP Basic authentication, or an OAuth token or tokens using HTTP Bearer authentication.\n\nWhen HTTP Basic authentication is used, the broker returns a cookie containing a session key. The client can omit the username and password from subsequent requests, because the broker can use the session cookie for authentication instead. When the session expires or is deleted, the client must provide the username and password again, and the broker creates a new session.\n\nThere are a limited number of session slots available on the broker. The broker returns 529 No SEMP Session Available if it is not able to allocate a session.\n\nIf certain attributes\u2014such as a user's password\u2014are changed, the broker automatically deletes the affected sessions. These attributes are documented below. However, changes in external user configuration data stored on a RADIUS or LDAP server do not trigger the broker to delete the associated session(s), therefore you must do this manually, if required.\n\nA client can retrieve its current session information using the /about/user endpoint and delete its own session using the /about/user/logout endpoint. A client with appropriate permissions can also manage all sessions using the /sessions endpoint.\n\nSessions are not created when authenticating with an OAuth token or tokens using HTTP Bearer authentication. If a session cookie is provided, it is ignored.\n\n## Help\n\nVisit [our website](https://solace.com) to learn more about Solace.\n\nYou can also download the SEMP API specifications by clicking [here](https://solace.com/downloads/).\n\nIf you need additional support, please contact us at [support@solace.com](mailto:support@solace.com).\n\n## Notes\n\nNote|Description\n:---:|:---\n1|This specification defines SEMP starting in \"v2\", and not the original SEMP \"v1\" interface. Request and response formats between \"v1\" and \"v2\" are entirely incompatible, although both protocols share a common port configuration on the Solace PubSub+ broker. They are differentiated by the initial portion of the URI path, one of either \"/SEMP/\" or \"/SEMP/v2/\"\n2|This API is partially implemented. Only a subset of all objects are available.\n3|Read-only attributes may appear in POST and PUT/PATCH requests. However, if a read-only attribute is not marked as identifying, it will be ignored during a PUT/PATCH.\n4|On a PUT, if the SEMP user is not authorized to modify the attribute, its value is left unchanged rather than set to default. In addition, the values of write-only attributes are not set to their defaults on a PUT, except in the following two cases: there is a mutual requires relationship with another non-write-only attribute, both attributes are absent from the request, and the non-write-only attribute is not currently set to its default value; or the attribute is also opaque and the `opaquePassword` query parameter is provided in the request.\n5|On a PUT, if the object does not exist, it is created first.\n\n",
+    "description": "SEMP (starting in `v2`, see note 1) is a RESTful API for configuring, monitoring, and administering a Solace PubSub+ broker.\n\nSEMP uses URIs to address manageable **resources** of the Solace PubSub+ broker. Resources are individual **objects**, **collections** of objects, or (exclusively in the action API) **actions**. This document applies to the following API:\n\n\nAPI|Base Path|Purpose|Comments\n:---|:---|:---|:---\nAction|/SEMP/v2/action|Performing actions|See note 2\n\n\n\nThe following APIs are also available:\n\n\nAPI|Base Path|Purpose|Comments\n:---|:---|:---|:---\nConfiguration|/SEMP/v2/config|Reading and writing config state|See note 2\nMonitoring|/SEMP/v2/monitor|Querying operational parameters|See note 2\n\n\n\nResources are always nouns, with individual objects being singular and collections being plural.\n\nObjects within a collection are identified by an `obj-id`, which follows the collection name with the form `collection-name/obj-id`.\n\nActions within an object are identified by an `action-id`, which follows the object name with the form `obj-id/action-id`.\n\nSome examples:\n\n```\n/SEMP/v2/config/msgVpns                        ; MsgVpn collection\n/SEMP/v2/config/msgVpns/a                      ; MsgVpn object named \"a\"\n/SEMP/v2/config/msgVpns/a/queues               ; Queue collection in MsgVpn \"a\"\n/SEMP/v2/config/msgVpns/a/queues/b             ; Queue object named \"b\" in MsgVpn \"a\"\n/SEMP/v2/action/msgVpns/a/queues/b/startReplay ; Action that starts a replay on Queue \"b\" in MsgVpn \"a\"\n/SEMP/v2/monitor/msgVpns/a/clients             ; Client collection in MsgVpn \"a\"\n/SEMP/v2/monitor/msgVpns/a/clients/c           ; Client object named \"c\" in MsgVpn \"a\"\n```\n\n## Collection Resources\n\nCollections are unordered lists of objects (unless described as otherwise), and are described by JSON arrays. Each item in the array represents an object in the same manner as the individual object would normally be represented. In the configuration API, the creation of a new object is done through its collection resource.\n\n## Object and Action Resources\n\nObjects are composed of attributes, actions, collections, and other objects. They are described by JSON objects as name/value pairs. The collections and actions of an object are not contained directly in the object's JSON content; rather the content includes an attribute containing a URI which points to the collections and actions. These contained resources must be managed through this URI. At a minimum, every object has one or more identifying attributes, and its own `uri` attribute which contains the URI pointing to itself.\n\nActions are also composed of attributes, and are described by JSON objects as name/value pairs. Unlike objects, however, they are not members of a collection and cannot be retrieved, only performed. Actions only exist in the action API.\n\nAttributes in an object or action may have any combination of the following properties:\n\n\nProperty|Meaning|Comments\n:---|:---|:---\nIdentifying|Attribute is involved in unique identification of the object, and appears in its URI|\nConst|Attribute value can only be chosen during object creation|\nRequired|Attribute must be provided in the request|\nRead-Only|Attribute can only be read, not written.|See note 3\nWrite-Only|Attribute can only be written, not read, unless the attribute is also opaque|See the documentation for the opaque property\nRequires-Disable|Attribute cannot be changed while the object (or the relevant part of the object) is administratively enabled|\nAuto-Disable|Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as one or more attributes will be temporarily disabled to apply the change|\nDeprecated|Attribute is deprecated, and will disappear in the next SEMP version|\nOpaque|Attribute can be set or retrieved in opaque form when the `opaquePassword` query parameter is present|See the `opaquePassword` query parameter documentation\n\n\n\nIn some requests, certain attributes may only be provided in certain combinations with other attributes:\n\n\nRelationship|Meaning\n:---|:---\nRequires|Attribute may only be changed by a request if a particular attribute or combination of attributes is also provided in the request\nConflicts|Attribute may only be provided in a request if a particular attribute or combination of attributes is not also provided in the request\n\n\n\nIn the monitoring API, any non-identifying attribute may not be returned in a GET.\n\n## HTTP Methods\n\nThe following HTTP methods manipulate resources in accordance with these general principles. Note that some methods are only used in certain APIs:\n\n\nMethod|Resource|Meaning|Request Body|Response Body|Notes\n:---|:---|:---|:---|:---|:---\nPOST|Collection|Create object|Initial attribute values|Object attributes and metadata|Absent attributes are set to default. If object already exists, a 400 error is returned\nPUT|Object|Update object|New attribute values|Object attributes and metadata|If does not exist, the object is first created. Absent attributes are set to default, with certain exceptions (see note 4)\nPUT|Action|Performs action|Action arguments|Action metadata|\nPATCH|Object|Update object|New attribute values|Object attributes and metadata|Absent attributes are left unchanged. If the object does not exist, a 404 error is returned\nDELETE|Object|Delete object|Empty|Object metadata|If the object does not exist, a 404 is returned\nGET|Object|Get object|Empty|Object attributes and metadata|If the object does not exist, a 404 is returned\nGET|Collection|Get collection|Empty|Object attributes and collection metadata|If the collection is empty, then an empty collection is returned with a 200 code\n\n\n\n## Common Query Parameters\n\nThe following are some common query parameters that are supported by many method/URI combinations. Individual URIs may document additional parameters. Note that multiple query parameters can be used together in a single URI, separated by the ampersand character. For example:\n\n```\n; Request for the MsgVpns collection using two hypothetical query parameters\n; \"q1\" and \"q2\" with values \"val1\" and \"val2\" respectively\n/SEMP/v2/action/msgVpns?q1=val1&q2=val2\n```\n\n### select\n\nInclude in the response only selected attributes of the object, or exclude from the response selected attributes of the object. Use this query parameter to limit the size of the returned data for each returned object, return only those fields that are desired, or exclude fields that are not desired.\n\nThe value of `select` is a comma-separated list of attribute names. If the list contains attribute names that are not prefaced by `-`, only those attributes are included in the response. If the list contains attribute names that are prefaced by `-`, those attributes are excluded from the response. If the list contains both types, then the difference of the first set of attributes and the second set of attributes is returned. If the list is empty (i.e. `select=`), it is treated the same as if no `select` was provided: all attribute are returned.\n\nAll attributes that are prefaced by `-` must follow all attributes that are not prefaced by `-`. In addition, each attribute name in the list must match at least one attribute in the object.\n\nNames may include the `*` wildcard (zero or more characters). Nested attribute names are supported using periods (e.g. `parentName.childName`).\n\nSome examples:\n\n```\n; List of all MsgVpn names\n/SEMP/v2/action/msgVpns?select=msgVpnName\n; List of all MsgVpn and their attributes except for their names\n/SEMP/v2/action/msgVpns?select=-msgVpnName\n; Authentication attributes of MsgVpn \"finance\"\n/SEMP/v2/action/msgVpns/finance?select=authentication%2A\n; All attributes of MsgVpn \"finance\" except for authentication attributes\n/SEMP/v2/action/msgVpns/finance?select=-authentication%2A\n; Access related attributes of Queue \"orderQ\" of MsgVpn \"finance\"\n/SEMP/v2/action/msgVpns/finance/queues/orderQ?select=owner,permission\n```\n\n### where\n\nInclude in the response only objects where certain conditions are true. Use this query parameter to limit which objects are returned to those whose attribute values meet the given conditions.\n\nThe value of `where` is a comma-separated list of expressions. All expressions must be true for the object to be included in the response. Each expression takes the form:\n\n```\nexpression  = attribute-name OP value\nOP          = '==' | '!=' | '<' | '>' | '<=' | '>='\n```\n\n`value` may be a number, string, `true`, or `false`, as appropriate for the type of `attribute-name`. Greater-than and less-than comparisons only work for numbers. A `*` in a string `value` is interpreted as a wildcard (zero or more characters). Some examples:\n\n```\n; Only enabled MsgVpns\n/SEMP/v2/action/msgVpns?where=enabled%3D%3Dtrue\n; Only MsgVpns using basic non-LDAP authentication\n/SEMP/v2/action/msgVpns?where=authenticationBasicEnabled%3D%3Dtrue,authenticationBasicType%21%3Dldap\n; Only MsgVpns that allow more than 100 client connections\n/SEMP/v2/action/msgVpns?where=maxConnectionCount%3E100\n; Only MsgVpns with msgVpnName starting with \"B\":\n/SEMP/v2/action/msgVpns?where=msgVpnName%3D%3DB%2A\n```\n\n### count\n\nLimit the count of objects in the response. This can be useful to limit the size of the response for large collections. The minimum value for `count` is `1` and the default is `10`. There is also a per-collection maximum value to limit request handling time.\n\n`count` does not guarantee that a minimum number of objects will be returned. A page may contain fewer than `count` objects or even be empty. Additional objects may nonetheless be available for retrieval on subsequent pages. See the `cursor` query parameter documentation for more information on paging.\n\nFor example:\n```\n; Up to 25 MsgVpns\n/SEMP/v2/action/msgVpns?count=25\n```\n\n### cursor\n\nThe cursor, or position, for the next page of objects. Cursors are opaque data that should not be created or interpreted by SEMP clients, and should only be used as described below.\n\nWhen a request is made for a collection and there may be additional objects available for retrieval that are not included in the initial response, the response will include a `cursorQuery` field containing a cursor. The value of this field can be specified in the `cursor` query parameter of a subsequent request to retrieve the next page of objects.\n\nApplications must continue to use the `cursorQuery` if one is provided in order to retrieve the full set of objects associated with the request, even if a page contains fewer than the requested number of objects (see the `count` query parameter documentation) or is empty.\n\n### opaquePassword\n\nAttributes with the opaque property are also write-only and so cannot normally be retrieved in a GET. However, when a password is provided in the `opaquePassword` query parameter, attributes with the opaque property are retrieved in a GET in opaque form, encrypted with this password. The query parameter can also be used on a POST, PATCH, or PUT to set opaque attributes using opaque attribute values retrieved in a GET, so long as:\n\n1. the same password that was used to retrieve the opaque attribute values is provided; and\n\n2. the broker to which the request is being sent has the same major and minor SEMP version as the broker that produced the opaque attribute values.\n\nThe password provided in the query parameter must be a minimum of 8 characters and a maximum of 128 characters.\n\nThe query parameter can only be used in the configuration API, and only over HTTPS.\n\n## Authentication\n\nWhen a client makes its first SEMPv2 request, it must supply a username and password using HTTP Basic authentication, or an OAuth token or tokens using HTTP Bearer authentication.\n\nWhen HTTP Basic authentication is used, the broker returns a cookie containing a session key. The client can omit the username and password from subsequent requests, because the broker can use the session cookie for authentication instead. When the session expires or is deleted, the client must provide the username and password again, and the broker creates a new session.\n\nThere are a limited number of session slots available on the broker. The broker returns 529 No SEMP Session Available if it is not able to allocate a session.\n\nIf certain attributes\u2014such as a user's password\u2014are changed, the broker automatically deletes the affected sessions. These attributes are documented below. However, changes in external user configuration data stored on a RADIUS or LDAP server do not trigger the broker to delete the associated session(s), therefore you must do this manually, if required.\n\nA client can retrieve its current session information using the /about/user endpoint and delete its own session using the /about/user/logout endpoint. A client with appropriate permissions can also manage all sessions using the /sessions endpoint.\n\nSessions are not created when authenticating with an OAuth token or tokens using HTTP Bearer authentication. If a session cookie is provided, it is ignored.\n\n## Help\n\nVisit [our website](https://solace.com) to learn more about Solace.\n\nYou can also download the SEMP API specifications by clicking [here](https://solace.com/downloads/).\n\nIf you need additional support, please contact us at [support@solace.com](mailto:support@solace.com).\n\n## Notes\n\nNote|Description\n:---:|:---\n1|This specification defines SEMP starting in \"v2\", and not the original SEMP \"v1\" interface. Request and response formats between \"v1\" and \"v2\" are entirely incompatible, although both protocols share a common port configuration on the Solace PubSub+ broker. They are differentiated by the initial portion of the URI path, one of either \"/SEMP/\" or \"/SEMP/v2/\"\n2|This API is partially implemented. Only a subset of all objects are available.\n3|Read-only attributes may appear in POST and PUT/PATCH requests. However, if a read-only attribute is not marked as identifying, it will be ignored during a PUT/PATCH.\n4|On a PUT, if the SEMP user is not authorized to modify the attribute, its value is left unchanged rather than set to default. In addition, the values of write-only attributes are not set to their defaults on a PUT, except in the following two cases: there is a mutual requires relationship with another non-write-only attribute, both attributes are absent from the request, and the non-write-only attribute is not currently set to its default value; or the attribute is also opaque and the `opaquePassword` query parameter is provided in the request.\n\n",
     "title": "SEMP (Solace Element Management Protocol)",
-    "version": "2.26"
+    "version": "2.34"
   },
   "parameters": {
     "countQuery": {
@@ -6022,6 +6139,242 @@
         ]
       }
     },
+    "/msgVpns/{msgVpnName}/queues/{queueName}/copyMsgFromQueue": {
+      "put": {
+        "description": "Copy a message from another Queue to this Queue.\n\n\nAttribute|Required|Deprecated\n:---|:---:|:---:\nreplicationGroupMsgId|x|\nsourceQueueName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.29.",
+        "operationId": "doMsgVpnQueueCopyMsgFromQueue",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Copy Message From Queue action's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueueCopyMsgFromQueue"
+            }
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The action was successfully performed.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The action was not successfully performed.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Copy a message from another Queue to this Queue.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "queue"
+        ]
+      }
+    },
+    "/msgVpns/{msgVpnName}/queues/{queueName}/copyMsgFromReplayLog": {
+      "put": {
+        "description": "Copy a message from a Replay Log to this Queue.\n\n\nAttribute|Required|Deprecated\n:---|:---:|:---:\nreplicationGroupMsgId|x|\nsourceReplayLogName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.29.",
+        "operationId": "doMsgVpnQueueCopyMsgFromReplayLog",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Copy Message From Replay Log action's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueueCopyMsgFromReplayLog"
+            }
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The action was successfully performed.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The action was not successfully performed.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Copy a message from a Replay Log to this Queue.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "queue"
+        ]
+      }
+    },
+    "/msgVpns/{msgVpnName}/queues/{queueName}/copyMsgFromTopicEndpoint": {
+      "put": {
+        "description": "Copy a message from a Topic Endpoint to this Queue.\n\n\nAttribute|Required|Deprecated\n:---|:---:|:---:\nreplicationGroupMsgId|x|\nsourceTopicEndpointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.29.",
+        "operationId": "doMsgVpnQueueCopyMsgFromTopicEndpoint",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Copy Message From Topic Endpoint action's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueueCopyMsgFromTopicEndpoint"
+            }
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The action was successfully performed.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The action was not successfully performed.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Copy a message from a Topic Endpoint to this Queue.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "queue"
+        ]
+      }
+    },
+    "/msgVpns/{msgVpnName}/queues/{queueName}/deleteMsgs": {
+      "put": {
+        "description": "Delete all spooled messages from the Queue.\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "doMsgVpnQueueDeleteMsgs",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Delete All Messages action's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueueDeleteMsgs"
+            }
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The action was successfully performed.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The action was not successfully performed.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete all spooled messages from the Queue.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "queue"
+        ]
+      }
+    },
     "/msgVpns/{msgVpnName}/queues/{queueName}/msgs": {
       "get": {
         "description": "Get a list of Queue Message objects.\n\nA Queue Message is a packet of information sent from producers to consumers using the Queue.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgId|x|\nmsgVpnName|x|\nqueueName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
@@ -6958,6 +7311,242 @@
         ]
       }
     },
+    "/msgVpns/{msgVpnName}/topicEndpoints/{topicEndpointName}/copyMsgFromQueue": {
+      "put": {
+        "description": "Copy a message from a Queue to this Topic Endpoint.\n\n\nAttribute|Required|Deprecated\n:---|:---:|:---:\nreplicationGroupMsgId|x|\nsourceQueueName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.29.",
+        "operationId": "doMsgVpnTopicEndpointCopyMsgFromQueue",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Topic Endpoint.",
+            "in": "path",
+            "name": "topicEndpointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Copy Message From Queue action's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTopicEndpointCopyMsgFromQueue"
+            }
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The action was successfully performed.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The action was not successfully performed.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Copy a message from a Queue to this Topic Endpoint.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "topicEndpoint"
+        ]
+      }
+    },
+    "/msgVpns/{msgVpnName}/topicEndpoints/{topicEndpointName}/copyMsgFromReplayLog": {
+      "put": {
+        "description": "Copy a message from a Replay Log to this Topic Endpoint.\n\n\nAttribute|Required|Deprecated\n:---|:---:|:---:\nreplicationGroupMsgId|x|\nsourceReplayLogName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.29.",
+        "operationId": "doMsgVpnTopicEndpointCopyMsgFromReplayLog",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Topic Endpoint.",
+            "in": "path",
+            "name": "topicEndpointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Copy Message From Replay Log action's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTopicEndpointCopyMsgFromReplayLog"
+            }
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The action was successfully performed.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The action was not successfully performed.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Copy a message from a Replay Log to this Topic Endpoint.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "topicEndpoint"
+        ]
+      }
+    },
+    "/msgVpns/{msgVpnName}/topicEndpoints/{topicEndpointName}/copyMsgFromTopicEndpoint": {
+      "put": {
+        "description": "Copy a message from another Topic Endpoint to this Topic Endpoint.\n\n\nAttribute|Required|Deprecated\n:---|:---:|:---:\nreplicationGroupMsgId|x|\nsourceTopicEndpointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.29.",
+        "operationId": "doMsgVpnTopicEndpointCopyMsgFromTopicEndpoint",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Topic Endpoint.",
+            "in": "path",
+            "name": "topicEndpointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Copy Message From Topic Endpoint action's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTopicEndpointCopyMsgFromTopicEndpoint"
+            }
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The action was successfully performed.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The action was not successfully performed.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Copy a message from another Topic Endpoint to this Topic Endpoint.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "topicEndpoint"
+        ]
+      }
+    },
+    "/msgVpns/{msgVpnName}/topicEndpoints/{topicEndpointName}/deleteMsgs": {
+      "put": {
+        "description": "Delete all spooled messages from the Topic Endpoint.\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "doMsgVpnTopicEndpointDeleteMsgs",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Topic Endpoint.",
+            "in": "path",
+            "name": "topicEndpointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Delete All Messages action's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTopicEndpointDeleteMsgs"
+            }
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The action was successfully performed.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The action was not successfully performed.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete all spooled messages from the Topic Endpoint.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "topicEndpoint"
+        ]
+      }
+    },
     "/msgVpns/{msgVpnName}/topicEndpoints/{topicEndpointName}/msgs": {
       "get": {
         "description": "Get a list of Topic Endpoint Message objects.\n\nA Topic Endpoint Message is a packet of information sent from producers to consumers using the Topic Endpoint.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgId|x|\nmsgVpnName|x|\ntopicEndpointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
@@ -7635,7 +8224,7 @@
     },
     "/sessions": {
       "get": {
-        "description": "Get a list of Session objects.\n\nAdministrative sessions for configuration and monitoring.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nsessionId|x|\nsessionUsername|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.21.",
+        "description": "Get a list of SEMP Session objects.\n\nAdministrative sessions for configuration and monitoring.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nsessionId|x|\nsessionUsername|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.21.",
         "operationId": "getSessions",
         "parameters": [
           {
@@ -7656,7 +8245,7 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Session objects' attributes, and the request metadata.",
+            "description": "The list of SEMP Session objects' attributes, and the request metadata.",
             "schema": {
               "$ref": "#/definitions/SessionsResponse"
             }
@@ -7673,7 +8262,7 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Session objects.",
+        "summary": "Get a list of SEMP Session objects.",
         "tags": [
           "all",
           "session"
@@ -7682,7 +8271,7 @@
     },
     "/sessions/{sessionUsername},{sessionId}": {
       "get": {
-        "description": "Get a Session object.\n\nAdministrative sessions for configuration and monitoring.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nsessionId|x|\nsessionUsername|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.21.",
+        "description": "Get a SEMP Session object.\n\nAdministrative sessions for configuration and monitoring.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nsessionId|x|\nsessionUsername|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.21.",
         "operationId": "getSession",
         "parameters": [
           {
@@ -7708,7 +8297,7 @@
         ],
         "responses": {
           "200": {
-            "description": "The Session object's attributes, and the request metadata.",
+            "description": "The SEMP Session object's attributes, and the request metadata.",
             "schema": {
               "$ref": "#/definitions/SessionResponse"
             }
@@ -7725,7 +8314,7 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Session object.",
+        "summary": "Get a SEMP Session object.",
         "tags": [
           "all",
           "session"
@@ -7734,7 +8323,7 @@
     },
     "/sessions/{sessionUsername},{sessionId}/delete": {
       "put": {
-        "description": "Delete the session.\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.21.",
+        "description": "Delete the SEMP session.\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.21.",
         "operationId": "doSessionDelete",
         "parameters": [
           {
@@ -7783,7 +8372,7 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete the session.",
+        "summary": "Delete the SEMP session.",
         "tags": [
           "all",
           "session"
diff --git a/test/sempclient/spec/spec_config.json b/test/sempclient/spec/spec_config.json
index cdec32a..4821fa8 100644
--- a/test/sempclient/spec/spec_config.json
+++ b/test/sempclient/spec/spec_config.json
@@ -396,7 +396,7 @@
           "type": "boolean"
         },
         "serviceAmqpTlsListenPort": {
-          "description": "TCP port number that AMQP clients can use to connect to the broker using raw TCP over TLS. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`. Available since 2.17.",
+          "description": "TCP port number that AMQP clients can use to connect to the broker using raw TCP over TLS. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceAmqpEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`. Available since 2.17.",
           "format": "int64",
           "type": "integer"
         },
@@ -404,11 +404,20 @@
           "$ref": "#/definitions/EventThreshold"
         },
         "serviceHealthCheckEnabled": {
-          "description": "Enable or disable the health-check service. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since 2.17.",
+          "description": "Enable or disable the plain-text health-check service. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since 2.17.",
           "type": "boolean"
         },
         "serviceHealthCheckListenPort": {
-          "description": "The port number for the health-check service. The port must be unique across the message backbone. The health-check service must be disabled to change the port. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `5550`. Available since 2.17.",
+          "description": "The port number for the plain-text health-check service. The port must be unique across the message backbone. The health-check service must be disabled to change the port. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceHealthCheckEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `5550`. Available since 2.17.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "serviceHealthCheckTlsEnabled": {
+          "description": "Enable or disable the TLS health-check service. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since 2.34.",
+          "type": "boolean"
+        },
+        "serviceHealthCheckTlsListenPort": {
+          "description": "The port number for the TLS health-check service. The port must be unique across the message backbone. The health-check service must be disabled to change the port. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceHealthCheckTlsEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`. Available since 2.34.",
           "format": "int64",
           "type": "integer"
         },
@@ -417,7 +426,7 @@
           "type": "boolean"
         },
         "serviceMateLinkListenPort": {
-          "description": "The port number for the mate-link service. The port must be unique across the message backbone. The mate-link service must be disabled to change the port. The default value is `8741`. Available since 2.17.",
+          "description": "The port number for the mate-link service. The port must be unique across the message backbone. The mate-link service must be disabled to change the port. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceMateLinkEnabled will be temporarily set to false to apply the change. The default value is `8741`. Available since 2.17.",
           "format": "int64",
           "type": "integer"
         },
@@ -434,7 +443,7 @@
           "type": "boolean"
         },
         "serviceRedundancyFirstListenPort": {
-          "description": "The first listen-port used for the redundancy service. Redundancy uses this port and the subsequent 2 ports. These port must be unique across the message backbone. The redundancy service must be disabled to change this port. The default value is `8300`. Available since 2.17.",
+          "description": "The first listen-port used for the redundancy service. Redundancy uses this port and the subsequent 2 ports. These port must be unique across the message backbone. The redundancy service must be disabled to change this port. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceRedundancyEnabled will be temporarily set to false to apply the change. The default value is `8300`. Available since 2.17.",
           "format": "int64",
           "type": "integer"
         },
@@ -462,7 +471,7 @@
           "type": "boolean"
         },
         "serviceSempPlainTextListenPort": {
-          "description": "The TCP port for plain-text SEMP client connections. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `80`. Available since 2.17.",
+          "description": "The TCP port for plain-text SEMP client connections. This attribute cannot be cannot be changed while serviceSempPlainTextEnabled are set to true. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `80`. Available since 2.17.",
           "format": "int64",
           "type": "integer"
         },
@@ -481,12 +490,12 @@
           "type": "boolean"
         },
         "serviceSempTlsListenPort": {
-          "description": "The TCP port for TLS SEMP client connections. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1943`. Available since 2.17.",
+          "description": "The TCP port for TLS SEMP client connections. This attribute cannot be cannot be changed while serviceSempTlsEnabled are set to true. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1943`. Available since 2.17.",
           "format": "int64",
           "type": "integer"
         },
         "serviceSmfCompressionListenPort": {
-          "description": "TCP port number that SMF clients can use to connect to the broker using raw compression TCP. The default value is `55003`. Available since 2.17.",
+          "description": "TCP port number that SMF clients can use to connect to the broker using raw compression TCP. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceSmfEnabled will be temporarily set to false to apply the change. The default value is `55003`. Available since 2.17.",
           "format": "int64",
           "type": "integer"
         },
@@ -498,17 +507,17 @@
           "$ref": "#/definitions/EventThreshold"
         },
         "serviceSmfPlainTextListenPort": {
-          "description": "TCP port number that SMF clients can use to connect to the broker using raw TCP. The default value is `55555`. Available since 2.17.",
+          "description": "TCP port number that SMF clients can use to connect to the broker using raw TCP. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceSmfEnabled will be temporarily set to false to apply the change. The default value is `55555`. Available since 2.17.",
           "format": "int64",
           "type": "integer"
         },
         "serviceSmfRoutingControlListenPort": {
-          "description": "TCP port number that SMF clients can use to connect to the broker using raw routing control TCP. The default value is `55556`. Available since 2.17.",
+          "description": "TCP port number that SMF clients can use to connect to the broker using raw routing control TCP. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceSmfEnabled will be temporarily set to false to apply the change. The default value is `55556`. Available since 2.17.",
           "format": "int64",
           "type": "integer"
         },
         "serviceSmfTlsListenPort": {
-          "description": "TCP port number that SMF clients can use to connect to the broker using raw TCP over TLS. The default value is `55443`. Available since 2.17.",
+          "description": "TCP port number that SMF clients can use to connect to the broker using raw TCP over TLS. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceSmfEnabled will be temporarily set to false to apply the change. The default value is `55443`. Available since 2.17.",
           "format": "int64",
           "type": "integer"
         },
@@ -520,17 +529,17 @@
           "type": "boolean"
         },
         "serviceWebTransportPlainTextListenPort": {
-          "description": "The TCP port for plain-text WEB client connections. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `8008`. Available since 2.17.",
+          "description": "The TCP port for plain-text WEB client connections. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceWebTransportEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `8008`. Available since 2.17.",
           "format": "int64",
           "type": "integer"
         },
         "serviceWebTransportTlsListenPort": {
-          "description": "The TCP port for TLS WEB client connections. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1443`. Available since 2.17.",
+          "description": "The TCP port for TLS WEB client connections. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceWebTransportEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1443`. Available since 2.17.",
           "format": "int64",
           "type": "integer"
         },
         "serviceWebTransportWebUrlSuffix": {
-          "description": "Used to specify the Web URL suffix that will be used by Web clients when communicating with the broker. The default value is `\"\"`. Available since 2.17.",
+          "description": "Used to specify the Web URL suffix that will be used by Web clients when communicating with the broker. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceWebTransportEnabled will be temporarily set to false to apply the change. The default value is `\"\"`. Available since 2.17.",
           "type": "string"
         },
         "tlsBlockVersion11Enabled": {
@@ -572,6 +581,10 @@
           "format": "int32",
           "type": "integer"
         },
+        "webManagerAllowUnencryptedWizardsEnabled": {
+          "description": "Enable or disable the use of unencrypted wizards in the Web-based Manager UI. This setting should be left at its default on all production systems or other systems that need to be secure.  Enabling this option will permit the broker to forward plain-text data to other brokers, making important information or credentials available for snooping. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since 2.28.",
+          "type": "boolean"
+        },
         "webManagerCustomization": {
           "description": "Reserved for internal use by Solace. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`. Available since 2.25.",
           "type": "string"
@@ -692,7 +705,7 @@
           "type": "string"
         },
         "crlUrl": {
-          "description": "The URL for the CRL source. This is a required attribute for CRL to be operational and the URL must be complete with http:// included. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`. Deprecated since 2.19. certAuthorities replaced by clientCertAuthorities and domainCertAuthorities.",
+          "description": "The URL for the CRL source. This is a required attribute for CRL to be operational and the URL must be complete with http:// included. IPv6 addresses must be enclosed in square-brackets. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as revocationCheckEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`. Deprecated since 2.19. certAuthorities replaced by clientCertAuthorities and domainCertAuthorities.",
           "type": "string"
         },
         "ocspNonResponderCertEnabled": {
@@ -841,15 +854,15 @@
           "type": "string"
         },
         "crlDayList": {
-          "description": "The scheduled CRL refresh day(s), specified as \"daily\" or a comma-separated list of days. Days must be specified as \"Sun\", \"Mon\", \"Tue\", \"Wed\", \"Thu\", \"Fri\", or \"Sat\", with no spaces, and in sorted order from Sunday to Saturday. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"daily\"`.",
+          "description": "The scheduled CRL refresh day(s), specified as \"daily\" or a comma-separated list of days. Days must be specified as \"Sun\", \"Mon\", \"Tue\", \"Wed\", \"Thu\", \"Fri\", or \"Sat\", with no spaces, and in sorted order from Sunday to Saturday. The empty-string (\"\") can also be specified, indicating no schedule is configured (\"crlTimeList\" must also be configured to the empty-string). Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"daily\"`.",
           "type": "string"
         },
         "crlTimeList": {
-          "description": "The scheduled CRL refresh time(s), specified as \"hourly\" or a comma-separated list of 24-hour times in the form hh:mm, or h:mm. There must be no spaces, and times (up to 4) must be in sorted order from 0:00 to 23:59. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"3:00\"`.",
+          "description": "The scheduled CRL refresh time(s), specified as \"hourly\" or a comma-separated list of 24-hour times in the form hh:mm, or h:mm. There must be no spaces, and times (up to 4) must be in sorted order from 0:00 to 23:59. The empty-string (\"\") can also be specified, indicating no schedule is configured (\"crlDayList\" must also be configured to the empty-string). Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"3:00\"`.",
           "type": "string"
         },
         "crlUrl": {
-          "description": "The URL for the CRL source. This is a required attribute for CRL to be operational and the URL must be complete with http:// included. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "description": "The URL for the CRL source. This is a required attribute for CRL to be operational and the URL must be complete with http:// included. IPv6 addresses must be enclosed in square-brackets. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as revocationCheckEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
           "type": "string"
         },
         "ocspNonResponderCertEnabled": {
@@ -971,7 +984,7 @@
           "type": "boolean"
         },
         "authenticationBasicPassword": {
-          "description": "The password used to authenticate incoming Cluster Links when using basic internal authentication. The same password is also used by outgoing Cluster Links if a per-Link password is not configured. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "description": "The password used to authenticate incoming Cluster Links when using basic internal authentication. The same password is also used by outgoing Cluster Links if a per-Link password is not configured. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
           "type": "string"
         },
         "authenticationBasicType": {
@@ -983,7 +996,7 @@
           "type": "string"
         },
         "authenticationClientCertContent": {
-          "description": "The PEM formatted content for the client certificate used to login to the remote node. It must consist of a private key and between one and three certificates comprising the certificate trust chain. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changing this attribute requires an HTTPS connection. The default value is `\"\"`.",
+          "description": "The PEM formatted content for the client certificate used to login to the remote node. It must consist of a private key and between one and three certificates comprising the certificate trust chain. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changing this attribute requires an HTTPS connection. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `\"\"`.",
           "type": "string",
           "x-requires-https": true
         },
@@ -992,7 +1005,7 @@
           "type": "boolean"
         },
         "authenticationClientCertPassword": {
-          "description": "The password for the client certificate. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changing this attribute requires an HTTPS connection. The default value is `\"\"`.",
+          "description": "The password for the client certificate. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changing this attribute requires an HTTPS connection. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `\"\"`.",
           "type": "string",
           "x-requires-https": true
         },
@@ -1032,14 +1045,251 @@
       },
       "type": "object"
     },
+    "DmrClusterCertMatchingRule": {
+      "properties": {
+        "dmrClusterName": {
+          "description": "The name of the Cluster.",
+          "type": "string"
+        },
+        "enabled": {
+          "description": "Enable or disable a certificate matching rule. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+          "type": "boolean"
+        },
+        "ruleName": {
+          "description": "The name of the rule.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleAttributeFilter": {
+      "properties": {
+        "attributeName": {
+          "description": "Link Attribute to be tested. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "type": "string"
+        },
+        "attributeValue": {
+          "description": "Expected attribute value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "type": "string"
+        },
+        "dmrClusterName": {
+          "description": "The name of the Cluster.",
+          "type": "string"
+        },
+        "filterName": {
+          "description": "The name of the filter.",
+          "type": "string"
+        },
+        "ruleName": {
+          "description": "The name of the rule.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleAttributeFilterLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Certificate Matching Rule Attribute Filter object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleAttributeFilterResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilter"
+        },
+        "links": {
+          "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilterLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleAttributeFiltersResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilter"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilterLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleCondition": {
+      "properties": {
+        "attribute": {
+          "description": "Link Attribute to be compared with certificate content. Either an attribute or an expression must be provided on creation, but not both. The default value is `\"\"`.",
+          "type": "string"
+        },
+        "dmrClusterName": {
+          "description": "The name of the Cluster.",
+          "type": "string"
+        },
+        "expression": {
+          "description": "Glob expression to be matched with certificate content. Either an expression or an attribute must be provided on creation, but not both. The default value is `\"\"`.",
+          "type": "string"
+        },
+        "ruleName": {
+          "description": "The name of the rule.",
+          "type": "string"
+        },
+        "source": {
+          "description": "Certificate field to be compared with the Attribute. The allowed values and their meaning are:\n\n<pre>\n\"certificate-thumbprint\" - The attribute is computed as the SHA-1 hash over the entire DER-encoded contents of the client certificate.\n\"common-name\" - The attribute is extracted from the certificate's first instance of the Common Name attribute in the Subject DN.\n\"common-name-last\" - The attribute is extracted from the certificate's last instance of the Common Name attribute in the Subject DN.\n\"subject-alternate-name-msupn\" - The attribute is extracted from the certificate's Other Name type of the Subject Alternative Name and must have the msUPN signature.\n\"uid\" - The attribute is extracted from the certificate's first instance of the User Identifier attribute in the Subject DN.\n\"uid-last\" - The attribute is extracted from the certificate's last instance of the User Identifier attribute in the Subject DN.\n\"org-unit\" - The attribute is extracted from the certificate's first instance of the Org Unit attribute in the Subject DN.\n\"org-unit-last\" - The attribute is extracted from the certificate's last instance of the Org Unit attribute in the Subject DN.\n\"issuer\" - The attribute is extracted from the certificate's Issuer DN.\n\"subject\" - The attribute is extracted from the certificate's Subject DN.\n\"serial-number\" - The attribute is extracted from the certificate's Serial Number.\n\"dns-name\" - The attribute is extracted from the certificate's Subject Alt Name DNSName.\n\"ip-address\" - The attribute is extracted from the certificate's Subject Alt Name IPAddress.\n</pre>\n",
+          "enum": [
+            "certificate-thumbprint",
+            "common-name",
+            "common-name-last",
+            "subject-alternate-name-msupn",
+            "uid",
+            "uid-last",
+            "org-unit",
+            "org-unit-last",
+            "issuer",
+            "subject",
+            "serial-number",
+            "dns-name",
+            "ip-address"
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleConditionLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Certificate Matching Rule Condition object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleConditionResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/DmrClusterCertMatchingRuleCondition"
+        },
+        "links": {
+          "$ref": "#/definitions/DmrClusterCertMatchingRuleConditionLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleConditionsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterCertMatchingRuleCondition"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterCertMatchingRuleConditionLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleLinks": {
+      "properties": {
+        "attributeFiltersUri": {
+          "description": "The URI of this Certificate Matching Rule's collection of Certificate Matching Rule Attribute Filter objects.",
+          "type": "string"
+        },
+        "conditionsUri": {
+          "description": "The URI of this Certificate Matching Rule's collection of Certificate Matching Rule Condition objects.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Certificate Matching Rule object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/DmrClusterCertMatchingRule"
+        },
+        "links": {
+          "$ref": "#/definitions/DmrClusterCertMatchingRuleLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRulesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterCertMatchingRule"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterCertMatchingRuleLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
     "DmrClusterLink": {
       "properties": {
         "authenticationBasicPassword": {
-          "description": "The password used to authenticate with the remote node when using basic internal authentication. If this per-Link password is not configured, the Cluster's password is used instead. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "description": "The password used to authenticate with the remote node when using basic internal authentication. If this per-Link password is not configured, the Cluster's password is used instead. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
           "type": "string"
         },
         "authenticationScheme": {
-          "description": "The authentication scheme to be used by the Link which initiates connections to the remote node. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"basic\"`. The allowed values and their meaning are:\n\n<pre>\n\"basic\" - Basic Authentication Scheme (via username and password).\n\"client-certificate\" - Client Certificate Authentication Scheme (via certificate file or content).\n</pre>\n",
+          "description": "The authentication scheme to be used by the Link which initiates connections to the remote node. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"basic\"`. The allowed values and their meaning are:\n\n<pre>\n\"basic\" - Basic Authentication Scheme (via username and password).\n\"client-certificate\" - Client Certificate Authentication Scheme (via certificate file or content).\n</pre>\n",
           "enum": [
             "basic",
             "client-certificate"
@@ -1131,7 +1381,7 @@
           "type": "string"
         },
         "egressFlowWindowSize": {
-          "description": "The number of outstanding guaranteed messages that can be sent over the Link before acknowledgement is received by the sender. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `255`.",
+          "description": "The number of outstanding guaranteed messages that can be sent over the Link before acknowledgement is received by the sender. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `255`.",
           "format": "int64",
           "type": "integer"
         },
@@ -1140,7 +1390,7 @@
           "type": "boolean"
         },
         "initiator": {
-          "description": "The initiator of the Link's TCP connections. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"lexical\"`. The allowed values and their meaning are:\n\n<pre>\n\"lexical\" - The \"higher\" node-name initiates.\n\"local\" - The local node initiates.\n\"remote\" - The remote node initiates.\n</pre>\n",
+          "description": "The initiator of the Link's TCP connections. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"lexical\"`. The allowed values and their meaning are:\n\n<pre>\n\"lexical\" - The \"higher\" node-name initiates.\n\"local\" - The local node initiates.\n\"remote\" - The remote node initiates.\n</pre>\n",
           "enum": [
             "lexical",
             "local",
@@ -1193,7 +1443,7 @@
           "type": "string"
         },
         "span": {
-          "description": "The span of the Link, either internal or external. Internal Links connect nodes within the same Cluster. External Links connect nodes within different Clusters. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"external\"`. The allowed values and their meaning are:\n\n<pre>\n\"internal\" - Link to same cluster.\n\"external\" - Link to other cluster.\n</pre>\n",
+          "description": "The span of the Link, either internal or external. Internal Links connect nodes within the same Cluster. External Links connect nodes within different Clusters. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"external\"`. The allowed values and their meaning are:\n\n<pre>\n\"internal\" - Link to same cluster.\n\"external\" - Link to other cluster.\n</pre>\n",
           "enum": [
             "internal",
             "external"
@@ -1201,18 +1451,92 @@
           "type": "string"
         },
         "transportCompressedEnabled": {
-          "description": "Enable or disable compression on the Link. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+          "description": "Enable or disable compression on the Link. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
           "type": "boolean"
         },
         "transportTlsEnabled": {
-          "description": "Enable or disable encryption (TLS) on the Link. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+          "description": "Enable or disable encryption (TLS) on the Link. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
           "type": "boolean"
         }
       },
       "type": "object"
     },
+    "DmrClusterLinkAttribute": {
+      "properties": {
+        "attributeName": {
+          "description": "The name of the Attribute.",
+          "type": "string"
+        },
+        "attributeValue": {
+          "description": "The value of the Attribute.",
+          "type": "string"
+        },
+        "dmrClusterName": {
+          "description": "The name of the Cluster.",
+          "type": "string"
+        },
+        "remoteNodeName": {
+          "description": "The name of the node at the remote end of the Link.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterLinkAttributeLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Link Attribute object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterLinkAttributeResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/DmrClusterLinkAttribute"
+        },
+        "links": {
+          "$ref": "#/definitions/DmrClusterLinkAttributeLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClusterLinkAttributesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterLinkAttribute"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterLinkAttributeLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
     "DmrClusterLinkLinks": {
       "properties": {
+        "attributesUri": {
+          "description": "The URI of this Link's collection of Link Attribute objects. Available since 2.28.",
+          "type": "string"
+        },
         "remoteAddressesUri": {
           "description": "The URI of this Link's collection of Remote Address objects.",
           "type": "string"
@@ -1379,6 +1703,10 @@
     },
     "DmrClusterLinks": {
       "properties": {
+        "certMatchingRulesUri": {
+          "description": "The URI of this Cluster's collection of Certificate Matching Rule objects. Available since 2.28.",
+          "type": "string"
+        },
         "linksUri": {
           "description": "The URI of this Cluster's collection of Link objects.",
           "type": "string"
@@ -1602,6 +1930,10 @@
           "description": "Enable or disable allowing a client to specify a Client Username via the API connect method. When disabled, the certificate CN (Common Name) is always used. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
           "type": "boolean"
         },
+        "authenticationClientCertCertificateMatchingRulesEnabled": {
+          "description": "Enable or disable certificate matching rules. When disabled, any valid certificate is accepted. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.27.",
+          "type": "boolean"
+        },
         "authenticationClientCertEnabled": {
           "description": "Enable or disable client certificate authentication in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
           "type": "boolean"
@@ -1694,7 +2026,7 @@
           "type": "boolean"
         },
         "distributedCacheManagementEnabled": {
-          "description": "Enable or disable managing of cache instances over the message bus. The default value is `true`.",
+          "description": "Enable or disable managing of cache instances over the message bus. The default value is `true`. Deprecated since 2.28. Distributed cache mangement is now redundancy aware and thus no longer requires administrative intervention for operational state.",
           "type": "boolean"
         },
         "dmrEnabled": {
@@ -1985,7 +2317,7 @@
           "type": "boolean"
         },
         "serviceAmqpPlainTextListenPort": {
-          "description": "The port number for plain-text AMQP clients that connect to the Message VPN. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.7.",
+          "description": "The port number for plain-text AMQP clients that connect to the Message VPN. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceAmqpPlainTextEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.7.",
           "format": "int64",
           "type": "integer"
         },
@@ -1994,7 +2326,7 @@
           "type": "boolean"
         },
         "serviceAmqpTlsListenPort": {
-          "description": "The port number for AMQP clients that connect to the Message VPN over TLS. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.7.",
+          "description": "The port number for AMQP clients that connect to the Message VPN over TLS. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceAmqpTlsEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.7.",
           "format": "int64",
           "type": "integer"
         },
@@ -2017,7 +2349,7 @@
           "type": "boolean"
         },
         "serviceMqttPlainTextListenPort": {
-          "description": "The port number for plain-text MQTT clients that connect to the Message VPN. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.1.",
+          "description": "The port number for plain-text MQTT clients that connect to the Message VPN. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceMqttPlainTextEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.1.",
           "format": "int64",
           "type": "integer"
         },
@@ -2026,7 +2358,7 @@
           "type": "boolean"
         },
         "serviceMqttTlsListenPort": {
-          "description": "The port number for MQTT clients that connect to the Message VPN over TLS. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.1.",
+          "description": "The port number for MQTT clients that connect to the Message VPN over TLS. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceMqttTlsEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.1.",
           "format": "int64",
           "type": "integer"
         },
@@ -2035,7 +2367,7 @@
           "type": "boolean"
         },
         "serviceMqttTlsWebSocketListenPort": {
-          "description": "The port number for MQTT clients that connect to the Message VPN using WebSocket over TLS. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.1.",
+          "description": "The port number for MQTT clients that connect to the Message VPN using WebSocket over TLS. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceMqttTlsWebSocketEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.1.",
           "format": "int64",
           "type": "integer"
         },
@@ -2044,7 +2376,7 @@
           "type": "boolean"
         },
         "serviceMqttWebSocketListenPort": {
-          "description": "The port number for plain-text MQTT clients that connect to the Message VPN using WebSocket. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.1.",
+          "description": "The port number for plain-text MQTT clients that connect to the Message VPN using WebSocket. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceMqttWebSocketEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.1.",
           "format": "int64",
           "type": "integer"
         },
@@ -2076,7 +2408,7 @@
           "type": "boolean"
         },
         "serviceRestIncomingPlainTextListenPort": {
-          "description": "The port number for incoming plain-text REST clients that connect to the Message VPN. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "description": "The port number for incoming plain-text REST clients that connect to the Message VPN. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceRestIncomingPlainTextEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
           "format": "int64",
           "type": "integer"
         },
@@ -2085,7 +2417,7 @@
           "type": "boolean"
         },
         "serviceRestIncomingTlsListenPort": {
-          "description": "The port number for incoming REST clients that connect to the Message VPN over TLS. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "description": "The port number for incoming REST clients that connect to the Message VPN over TLS. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceRestIncomingTlsEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
           "format": "int64",
           "type": "integer"
         },
@@ -2196,7 +2528,7 @@
           "type": "string"
         },
         "clientConnectExceptionAddress": {
-          "description": "The IP address/netmask of the client connect exception in CIDR form.",
+          "description": "The IP address/netmask of the client connect exception in canonical CIDR form.",
           "type": "string"
         },
         "msgVpnName": {
@@ -2704,6 +3036,14 @@
           "description": "The name of the groups claim. If non-empty, the specified claim will be used to determine groups for authorization. If empty, the authorizationType attribute of the Message VPN will be used to determine authorization. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"groups\"`.",
           "type": "string"
         },
+        "authorizationGroupsClaimStringFormat": {
+          "description": "The format of the authorization groups claim value when it is a string. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"single\"`. The allowed values and their meaning are:\n\n<pre>\n\"single\" - When the claim is a string, it is interpreted as a single group.\n\"space-delimited\" - When the claim is a string, it is interpreted as a space-delimited list of groups, similar to the \"scope\" claim.\n</pre>\n Available since 2.32.",
+          "enum": [
+            "single",
+            "space-delimited"
+          ],
+          "type": "string"
+        },
         "clientId": {
           "description": "The OAuth client id. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
           "type": "string"
@@ -3190,7 +3530,7 @@
     "MsgVpnAuthorizationGroup": {
       "properties": {
         "aclProfileName": {
-          "description": "The ACL Profile of the Authorization Group. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
+          "description": "The ACL Profile of the Authorization Group. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
           "type": "string"
         },
         "authorizationGroupName": {
@@ -3198,7 +3538,7 @@
           "type": "string"
         },
         "clientProfileName": {
-          "description": "The Client Profile of the Authorization Group. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
+          "description": "The Client Profile of the Authorization Group. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
           "type": "string"
         },
         "enabled": {
@@ -3289,7 +3629,7 @@
           "type": "boolean"
         },
         "maxTtl": {
-          "description": "The maximum time-to-live (TTL) in hops. Messages are discarded if their TTL exceeds this value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `8`.",
+          "description": "The maximum time-to-live (TTL) in hops. Messages are discarded if their TTL exceeds this value. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `8`.",
           "format": "int64",
           "type": "integer"
         },
@@ -3298,25 +3638,25 @@
           "type": "string"
         },
         "remoteAuthenticationBasicClientUsername": {
-          "description": "The Client Username the Bridge uses to login to the remote Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "description": "The Client Username the Bridge uses to login to the remote Message VPN. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
           "type": "string"
         },
         "remoteAuthenticationBasicPassword": {
-          "description": "The password for the Client Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "description": "The password for the Client Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
           "type": "string"
         },
         "remoteAuthenticationClientCertContent": {
-          "description": "The PEM formatted content for the client certificate used by the Bridge to login to the remote Message VPN. It must consist of a private key and between one and three certificates comprising the certificate trust chain. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changing this attribute requires an HTTPS connection. The default value is `\"\"`. Available since 2.9.",
+          "description": "The PEM formatted content for the client certificate used by the Bridge to login to the remote Message VPN. It must consist of a private key and between one and three certificates comprising the certificate trust chain. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changing this attribute requires an HTTPS connection. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `\"\"`. Available since 2.9.",
           "type": "string",
           "x-requires-https": true
         },
         "remoteAuthenticationClientCertPassword": {
-          "description": "The password for the client certificate. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changing this attribute requires an HTTPS connection. The default value is `\"\"`. Available since 2.9.",
+          "description": "The password for the client certificate. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changing this attribute requires an HTTPS connection. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `\"\"`. Available since 2.9.",
           "type": "string",
           "x-requires-https": true
         },
         "remoteAuthenticationScheme": {
-          "description": "The authentication scheme for the remote Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"basic\"`. The allowed values and their meaning are:\n\n<pre>\n\"basic\" - Basic Authentication Scheme (via username and password).\n\"client-certificate\" - Client Certificate Authentication Scheme (via certificate file or content).\n</pre>\n",
+          "description": "The authentication scheme for the remote Message VPN. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"basic\"`. The allowed values and their meaning are:\n\n<pre>\n\"basic\" - Basic Authentication Scheme (via username and password).\n\"client-certificate\" - Client Certificate Authentication Scheme (via certificate file or content).\n</pre>\n",
           "enum": [
             "basic",
             "client-certificate"
@@ -3334,7 +3674,7 @@
           "type": "integer"
         },
         "remoteDeliverToOnePriority": {
-          "description": "The priority for deliver-to-one (DTO) messages transmitted from the remote Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"p1\"`. The allowed values and their meaning are:\n\n<pre>\n\"p1\" - The 1st or highest priority.\n\"p2\" - The 2nd highest priority.\n\"p3\" - The 3rd highest priority.\n\"p4\" - The 4th highest priority.\n\"da\" - Ignore priority and deliver always.\n</pre>\n",
+          "description": "The priority for deliver-to-one (DTO) messages transmitted from the remote Message VPN. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"p1\"`. The allowed values and their meaning are:\n\n<pre>\n\"p1\" - The 1st or highest priority.\n\"p2\" - The 2nd highest priority.\n\"p3\" - The 3rd highest priority.\n\"p4\" - The 4th highest priority.\n\"da\" - Ignore priority and deliver always.\n</pre>\n",
           "enum": [
             "p1",
             "p2",
@@ -3388,11 +3728,11 @@
           "type": "string"
         },
         "clientUsername": {
-          "description": "The Client Username the Bridge uses to login to the remote Message VPN. This per remote Message VPN value overrides the value provided for the Bridge overall. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "description": "The Client Username the Bridge uses to login to the remote Message VPN. This per remote Message VPN value overrides the value provided for the Bridge overall. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
           "type": "string"
         },
         "compressedDataEnabled": {
-          "description": "Enable or disable data compression for the remote Message VPN connection. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "description": "Enable or disable data compression for the remote Message VPN connection. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
           "type": "boolean"
         },
         "connectOrder": {
@@ -3401,7 +3741,7 @@
           "type": "integer"
         },
         "egressFlowWindowSize": {
-          "description": "The number of outstanding guaranteed messages that can be transmitted over the remote Message VPN connection before an acknowledgement is received. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `255`.",
+          "description": "The number of outstanding guaranteed messages that can be transmitted over the remote Message VPN connection before an acknowledgement is received. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `255`.",
           "format": "int64",
           "type": "integer"
         },
@@ -3414,7 +3754,7 @@
           "type": "string"
         },
         "password": {
-          "description": "The password for the Client Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "description": "The password for the Client Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
           "type": "string"
         },
         "queueBinding": {
@@ -3434,7 +3774,7 @@
           "type": "string"
         },
         "tlsEnabled": {
-          "description": "Enable or disable encryption (TLS) for the remote Message VPN connection. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "description": "Enable or disable encryption (TLS) for the remote Message VPN connection. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
           "type": "boolean"
         },
         "unidirectionalClientProfile": {
@@ -3687,6 +4027,243 @@
       ],
       "type": "object"
     },
+    "MsgVpnCertMatchingRule": {
+      "properties": {
+        "enabled": {
+          "description": "Enable or disable a certificate matching rule. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean"
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "type": "string"
+        },
+        "ruleName": {
+          "description": "The name of the rule.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleAttributeFilter": {
+      "properties": {
+        "attributeName": {
+          "description": "Client Username Attribute to be tested. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "type": "string"
+        },
+        "attributeValue": {
+          "description": "Expected attribute value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "type": "string"
+        },
+        "filterName": {
+          "description": "The name of the filter.",
+          "type": "string"
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "type": "string"
+        },
+        "ruleName": {
+          "description": "The name of the rule.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleAttributeFilterLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Certificate Matching Rule Attribute Filter object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleAttributeFilterResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilter"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilterLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleAttributeFiltersResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilter"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilterLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleCondition": {
+      "properties": {
+        "attribute": {
+          "description": "Client Username Attribute to be compared with certificate content. Either an attribute or an expression must be provided on creation, but not both. The default value is `\"\"`.",
+          "type": "string"
+        },
+        "expression": {
+          "description": "Glob expression to be matched with certificate content. Either an expression or an attribute must be provided on creation, but not both. The default value is `\"\"`.",
+          "type": "string"
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "type": "string"
+        },
+        "ruleName": {
+          "description": "The name of the rule.",
+          "type": "string"
+        },
+        "source": {
+          "description": "Certificate field to be compared with the Attribute. The allowed values and their meaning are:\n\n<pre>\n\"certificate-thumbprint\" - The attribute is computed as the SHA-1 hash over the entire DER-encoded contents of the client certificate.\n\"common-name\" - The attribute is extracted from the certificate's first instance of the Common Name attribute in the Subject DN.\n\"common-name-last\" - The attribute is extracted from the certificate's last instance of the Common Name attribute in the Subject DN.\n\"subject-alternate-name-msupn\" - The attribute is extracted from the certificate's Other Name type of the Subject Alternative Name and must have the msUPN signature.\n\"uid\" - The attribute is extracted from the certificate's first instance of the User Identifier attribute in the Subject DN.\n\"uid-last\" - The attribute is extracted from the certificate's last instance of the User Identifier attribute in the Subject DN.\n\"org-unit\" - The attribute is extracted from the certificate's first instance of the Org Unit attribute in the Subject DN.\n\"org-unit-last\" - The attribute is extracted from the certificate's last instance of the Org Unit attribute in the Subject DN.\n\"issuer\" - The attribute is extracted from the certificate's Issuer DN.\n\"subject\" - The attribute is extracted from the certificate's Subject DN.\n\"serial-number\" - The attribute is extracted from the certificate's Serial Number.\n\"dns-name\" - The attribute is extracted from the certificate's Subject Alt Name DNSName.\n\"ip-address\" - The attribute is extracted from the certificate's Subject Alt Name IPAddress.\n</pre>\n",
+          "enum": [
+            "certificate-thumbprint",
+            "common-name",
+            "common-name-last",
+            "subject-alternate-name-msupn",
+            "uid",
+            "uid-last",
+            "org-unit",
+            "org-unit-last",
+            "issuer",
+            "subject",
+            "serial-number",
+            "dns-name",
+            "ip-address"
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleConditionLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Certificate Matching Rule Condition object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleConditionResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnCertMatchingRuleCondition"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnCertMatchingRuleConditionLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleConditionsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnCertMatchingRuleCondition"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnCertMatchingRuleConditionLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleLinks": {
+      "properties": {
+        "attributeFiltersUri": {
+          "description": "The URI of this Certificate Matching Rule's collection of Certificate Matching Rule Attribute Filter objects. Available since 2.28.",
+          "type": "string"
+        },
+        "conditionsUri": {
+          "description": "The URI of this Certificate Matching Rule's collection of Certificate Matching Rule Condition objects.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Certificate Matching Rule object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnCertMatchingRule"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnCertMatchingRuleLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRulesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnCertMatchingRule"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnCertMatchingRuleLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
     "MsgVpnClientProfile": {
       "properties": {
         "allowBridgeConnectionsEnabled": {
@@ -4014,11 +4591,11 @@
     "MsgVpnClientUsername": {
       "properties": {
         "aclProfileName": {
-          "description": "The ACL Profile of the Client Username. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
+          "description": "The ACL Profile of the Client Username. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
           "type": "string"
         },
         "clientProfileName": {
-          "description": "The Client Profile of the Client Username. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
+          "description": "The Client Profile of the Client Username. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
           "type": "string"
         },
         "clientUsername": {
@@ -4048,8 +4625,82 @@
       },
       "type": "object"
     },
+    "MsgVpnClientUsernameAttribute": {
+      "properties": {
+        "attributeName": {
+          "description": "The name of the Attribute.",
+          "type": "string"
+        },
+        "attributeValue": {
+          "description": "The value of the Attribute.",
+          "type": "string"
+        },
+        "clientUsername": {
+          "description": "The name of the Client Username.",
+          "type": "string"
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnClientUsernameAttributeLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Client Username Attribute object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnClientUsernameAttributeResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnClientUsernameAttribute"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnClientUsernameAttributeLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnClientUsernameAttributesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnClientUsernameAttribute"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnClientUsernameAttributeLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
     "MsgVpnClientUsernameLinks": {
       "properties": {
+        "attributesUri": {
+          "description": "The URI of this Client Username's collection of Client Username Attribute objects. Available since 2.27.",
+          "type": "string"
+        },
         "uri": {
           "description": "The URI of this Client Username object.",
           "type": "string"
@@ -4103,6 +4754,13 @@
           "description": "The name of the Distributed Cache.",
           "type": "string"
         },
+        "cacheVirtualRouter": {
+          "description": "The virtual router of the Distributed Cache. The default value is `\"auto\"`. The allowed values and their meaning are:\n\n<pre>\n\"auto\" - The Distributed Cache is automatically assigned a virtual router at creation, depending on the broker's active-standby role.\n</pre>\n Available since 2.28.",
+          "enum": [
+            "auto"
+          ],
+          "type": "string"
+        },
         "enabled": {
           "description": "Enable or disable the Distributed Cache. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
           "type": "boolean"
@@ -4117,11 +4775,11 @@
           "type": "string"
         },
         "scheduledDeleteMsgDayList": {
-          "description": "The scheduled delete message day(s), specified as \"daily\" or a comma-separated list of days. Days must be specified as \"Sun\", \"Mon\", \"Tue\", \"Wed\", \"Thu\", \"Fri\", or \"Sat\", with no spaces, and in sorted order from Sunday to Saturday. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "description": "The scheduled delete message day(s), specified as \"daily\" or a comma-separated list of days. Days must be specified as \"Sun\", \"Mon\", \"Tue\", \"Wed\", \"Thu\", \"Fri\", or \"Sat\", with no spaces, and in sorted order from Sunday to Saturday. The empty-string (\"\") can also be specified, indicating no schedule is configured (\"scheduledDeleteMsgTimeList\" must also be configured to the empty-string). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
           "type": "string"
         },
         "scheduledDeleteMsgTimeList": {
-          "description": "The scheduled delete message time(s), specified as \"hourly\" or a comma-separated list of 24-hour times in the form hh:mm, or h:mm. There must be no spaces, and times (up to 4) must be in sorted order from 0:00 to 23:59. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "description": "The scheduled delete message time(s), specified as \"hourly\" or a comma-separated list of 24-hour times in the form hh:mm, or h:mm. There must be no spaces, and times (up to 4) must be in sorted order from 0:00 to 23:59. The empty-string (\"\") can also be specified, indicating no schedule is configured (\"scheduledDeleteMsgDayList\" must also be configured to the empty-string). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
           "type": "string"
         }
       },
@@ -4138,7 +4796,7 @@
           "type": "string"
         },
         "deliverToOneOverrideEnabled": {
-          "description": "Enable or disable deliver-to-one override for the Cache Cluster. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "description": "Enable or disable deliver-to-one override for the Cache Cluster. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
           "type": "boolean"
         },
         "enabled": {
@@ -4847,7 +5505,7 @@
           "type": "integer"
         },
         "transportDirectTransportEnabled": {
-          "description": "Enable or disable usage of the Direct Transport mode for sending non-persistent messages. When disabled, the Guaranteed Transport mode is used. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "description": "Enable or disable usage of Direct Transport mode. When enabled, NON-PERSISTENT messages are sent as direct messages and non-durable topic consumers and temporary queue consumers consume using direct subscriptions rather than from guaranteed endpoints. If disabled all messaging uses guaranteed transport. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
           "type": "boolean"
         },
         "transportKeepaliveCount": {
@@ -5093,6 +5751,10 @@
           "description": "The URI of this Message VPN's collection of Bridge objects.",
           "type": "string"
         },
+        "certMatchingRulesUri": {
+          "description": "The URI of this Message VPN's collection of Certificate Matching Rule objects. Available since 2.27.",
+          "type": "string"
+        },
         "clientProfilesUri": {
           "description": "The URI of this Message VPN's collection of Client Profile objects.",
           "type": "string"
@@ -5153,6 +5815,10 @@
           "description": "The URI of this Message VPN's collection of Sequenced Topic objects.",
           "type": "string"
         },
+        "telemetryProfilesUri": {
+          "description": "The URI of this Message VPN's collection of Telemetry Profile objects. Available since 2.31.",
+          "type": "string"
+        },
         "topicEndpointTemplatesUri": {
           "description": "The URI of this Message VPN's collection of Topic Endpoint Template objects. Available since 2.14.",
           "type": "string"
@@ -5179,7 +5845,7 @@
           "type": "boolean"
         },
         "msgLifetime": {
-          "description": "The message lifetime, in seconds. If a message remains cached for the duration of its lifetime, the cache will remove the message. A lifetime of 0 results in the message being retained indefinitely. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "description": "The message lifetime, in seconds. If a message remains cached for the duration of its lifetime, the cache will remove the message. A lifetime of 0 results in the message being retained indefinitely, otherwise it must be 3 seconds or more. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
           "format": "int64",
           "type": "integer"
         },
@@ -5263,7 +5929,7 @@
           "type": "string"
         },
         "owner": {
-          "description": "The owner of the MQTT Session. For externally-created sessions this defaults to the Client Username of the connecting client. For management-created sessions this defaults to empty. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "description": "The owner of the MQTT Session. For externally-created sessions this defaults to the Client Username of the connecting client. For management-created sessions this defaults to empty. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
           "type": "string"
         },
         "queueConsumerAckPropagationEnabled": {
@@ -5323,7 +5989,7 @@
           "type": "integer"
         },
         "queueRejectMsgToSenderOnDiscardBehavior": {
-          "description": "Determines when to return negative acknowledgements (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"when-queue-enabled\"`. The allowed values and their meaning are:\n\n<pre>\n\"always\" - Always return a negative acknowledgment (NACK) to the sending client on message discard.\n\"when-queue-enabled\" - Only return a negative acknowledgment (NACK) to the sending client on message discard when the Queue is enabled.\n\"never\" - Never return a negative acknowledgment (NACK) to the sending client on message discard.\n</pre>\n Available since 2.14.",
+          "description": "Determines when to return negative acknowledgements (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as queueRejectLowPriorityMsgEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"when-queue-enabled\"`. The allowed values and their meaning are:\n\n<pre>\n\"always\" - Always return a negative acknowledgment (NACK) to the sending client on message discard.\n\"when-queue-enabled\" - Only return a negative acknowledgment (NACK) to the sending client on message discard when the Queue is enabled.\n\"never\" - Never return a negative acknowledgment (NACK) to the sending client on message discard.\n</pre>\n Available since 2.14.",
           "enum": [
             "always",
             "when-queue-enabled",
@@ -5474,7 +6140,7 @@
     "MsgVpnQueue": {
       "properties": {
         "accessType": {
-          "description": "The access type for delivering messages to consumer flows bound to the Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"exclusive\"`. The allowed values and their meaning are:\n\n<pre>\n\"exclusive\" - Exclusive delivery of messages to the first bound consumer flow.\n\"non-exclusive\" - Non-exclusive delivery of messages to all bound consumer flows in a round-robin fashion.\n</pre>\n",
+          "description": "The access type for delivering messages to consumer flows bound to the Queue. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"exclusive\"`. The allowed values and their meaning are:\n\n<pre>\n\"exclusive\" - Exclusive delivery of messages to the first bound consumer flow.\n\"non-exclusive\" - Non-exclusive delivery of messages to all bound consumer flows in a round-robin fashion.\n</pre>\n",
           "enum": [
             "exclusive",
             "non-exclusive"
@@ -5550,11 +6216,11 @@
           "type": "string"
         },
         "owner": {
-          "description": "The Client Username that owns the Queue and has permission equivalent to `\"delete\"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "description": "The Client Username that owns the Queue and has permission equivalent to `\"delete\"`. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
           "type": "string"
         },
         "permission": {
-          "description": "The permission level for all consumers of the Queue, excluding the owner. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"no-access\"`. The allowed values and their meaning are:\n\n<pre>\n\"no-access\" - Disallows all access.\n\"read-only\" - Read-only access to the messages.\n\"consume\" - Consume (read and remove) messages.\n\"modify-topic\" - Consume messages or modify the topic/selector.\n\"delete\" - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.\n</pre>\n",
+          "description": "The permission level for all consumers of the Queue, excluding the owner. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"no-access\"`. The allowed values and their meaning are:\n\n<pre>\n\"no-access\" - Disallows all access.\n\"read-only\" - Read-only access to the messages.\n\"consume\" - Consume (read and remove) messages.\n\"modify-topic\" - Consume messages or modify the topic/selector.\n\"delete\" - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.\n</pre>\n",
           "enum": [
             "no-access",
             "read-only",
@@ -5568,21 +6234,40 @@
           "description": "The name of the Queue.",
           "type": "string"
         },
-        "redeliveryEnabled": {
-          "description": "Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by maxRedeliveryCount. When disabled, the message will never be delivered from the queue more than once. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since 2.18.",
+        "redeliveryDelayEnabled": {
+          "description": "Enable or disable a message redelivery delay. When false, messages are redelivered as soon as possible.  When true, messages are redelivered according to the initial, max and multiplier.  This should only be enabled when redelivery is enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.33.",
           "type": "boolean"
         },
-        "rejectLowPriorityMsgEnabled": {
-          "description": "Enable or disable the checking of low priority messages against the `rejectLowPriorityMsgLimit`. This may only be enabled if `rejectMsgToSenderOnDiscardBehavior` does not have a value of `\"never\"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
-          "type": "boolean"
+        "redeliveryDelayInitialInterval": {
+          "description": "The delay to be used between the first 2 redelivery attempts.  This value is in milliseconds. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`. Available since 2.33.",
+          "format": "int32",
+          "type": "integer"
         },
-        "rejectLowPriorityMsgLimit": {
-          "description": "The number of messages of any priority in the Queue above which low priority messages are not admitted but higher priority messages are allowed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+        "redeliveryDelayMaxInterval": {
+          "description": "The maximum delay to be used between any 2 redelivery attempts.  This value is in milliseconds.  Due to technical limitations, some redelivery attempt delays may slightly exceed this value. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `64000`. Available since 2.33.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "redeliveryDelayMultiplier": {
+          "description": "The amount each delay interval is multiplied by after each failed delivery attempt.  This number is in a fixed-point decimal format in which you must divide by 100 to get the floating point value. For example, a value of 125 would cause the delay to be multiplied by 1.25. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `200`. Available since 2.33.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "redeliveryEnabled": {
+          "description": "Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by maxRedeliveryCount. When disabled, the message will never be delivered from the queue more than once. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since 2.18.",
+          "type": "boolean"
+        },
+        "rejectLowPriorityMsgEnabled": {
+          "description": "Enable or disable the checking of low priority messages against the `rejectLowPriorityMsgLimit`. This may only be enabled if `rejectMsgToSenderOnDiscardBehavior` does not have a value of `\"never\"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean"
+        },
+        "rejectLowPriorityMsgLimit": {
+          "description": "The number of messages of any priority in the Queue above which low priority messages are not admitted but higher priority messages are allowed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
           "format": "int64",
           "type": "integer"
         },
         "rejectMsgToSenderOnDiscardBehavior": {
-          "description": "Determines when to return negative acknowledgements (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"when-queue-enabled\"`. The allowed values and their meaning are:\n\n<pre>\n\"always\" - Always return a negative acknowledgment (NACK) to the sending client on message discard.\n\"when-queue-enabled\" - Only return a negative acknowledgment (NACK) to the sending client on message discard when the Queue is enabled.\n\"never\" - Never return a negative acknowledgment (NACK) to the sending client on message discard.\n</pre>\n Available since 2.1.",
+          "description": "Determines when to return negative acknowledgements (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as rejectLowPriorityMsgEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"when-queue-enabled\"`. The allowed values and their meaning are:\n\n<pre>\n\"always\" - Always return a negative acknowledgment (NACK) to the sending client on message discard.\n\"when-queue-enabled\" - Only return a negative acknowledgment (NACK) to the sending client on message discard when the Queue is enabled.\n\"never\" - Never return a negative acknowledgment (NACK) to the sending client on message discard.\n</pre>\n Available since 2.1.",
           "enum": [
             "always",
             "when-queue-enabled",
@@ -5591,7 +6276,7 @@
           "type": "string"
         },
         "respectMsgPriorityEnabled": {
-          "description": "Enable or disable the respecting of message priority. When enabled, messages contained in the Queue are delivered in priority order, from 9 (highest) to 0 (lowest). MQTT queues do not support enabling message priority. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.8.",
+          "description": "Enable or disable the respecting of message priority. When enabled, messages contained in the Queue are delivered in priority order, from 9 (highest) to 0 (lowest). MQTT queues do not support enabling message priority. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled and ingressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.8.",
           "type": "boolean"
         },
         "respectTtlEnabled": {
@@ -5790,6 +6475,25 @@
           "description": "The name of the Queue Template.",
           "type": "string"
         },
+        "redeliveryDelayEnabled": {
+          "description": "Enable or disable a message redelivery delay. When false, messages are redelivered as soon as possible.  When true, messages are redelivered according to the initial, max and multiplier.  This should only be enabled when redelivery is enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.33.",
+          "type": "boolean"
+        },
+        "redeliveryDelayInitialInterval": {
+          "description": "The delay to be used between the first 2 redelivery attempts.  This value is in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`. Available since 2.33.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "redeliveryDelayMaxInterval": {
+          "description": "The maximum delay to be used between any 2 redelivery attempts.  This value is in milliseconds.  Due to technical limitations, some redelivery attempt delays may slightly exceed this value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `64000`. Available since 2.33.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "redeliveryDelayMultiplier": {
+          "description": "The amount each delay interval is multiplied by after each failed delivery attempt.  This number is in a fixed-point decimal format in which you must divide by 100 to get the floating point value. For example, a value of 125 would cause the delay to be multiplied by 1.25. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `200`. Available since 2.33.",
+          "format": "int32",
+          "type": "integer"
+        },
         "redeliveryEnabled": {
           "description": "Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by maxRedeliveryCount. When disabled, the message will never be delivered from the queue more than once. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since 2.18.",
           "type": "boolean"
@@ -5804,7 +6508,7 @@
           "type": "integer"
         },
         "rejectMsgToSenderOnDiscardBehavior": {
-          "description": "Determines when to return negative acknowledgements (NACKs) to sending clients on message discards. Note that NACKs prevent the message from being delivered to any destination and Transacted Session commits to fail. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"when-queue-enabled\"`. The allowed values and their meaning are:\n\n<pre>\n\"always\" - Always return a negative acknowledgment (NACK) to the sending client on message discard.\n\"when-queue-enabled\" - Only return a negative acknowledgment (NACK) to the sending client on message discard when the Queue is enabled.\n\"never\" - Never return a negative acknowledgment (NACK) to the sending client on message discard.\n</pre>\n",
+          "description": "Determines when to return negative acknowledgements (NACKs) to sending clients on message discards. Note that NACKs prevent the message from being delivered to any destination and Transacted Session commits to fail. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as rejectLowPriorityMsgEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"when-queue-enabled\"`. The allowed values and their meaning are:\n\n<pre>\n\"always\" - Always return a negative acknowledgment (NACK) to the sending client on message discard.\n\"when-queue-enabled\" - Only return a negative acknowledgment (NACK) to the sending client on message discard when the Queue is enabled.\n\"never\" - Never return a negative acknowledgment (NACK) to the sending client on message discard.\n</pre>\n",
           "enum": [
             "always",
             "when-queue-enabled",
@@ -5917,12 +6621,20 @@
         "replayLogName": {
           "description": "The name of the Replay Log.",
           "type": "string"
+        },
+        "topicFilterEnabled": {
+          "description": "Enable or disable topic filtering for the Replay Log. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.27.",
+          "type": "boolean"
         }
       },
       "type": "object"
     },
     "MsgVpnReplayLogLinks": {
       "properties": {
+        "topicFilterSubscriptionsUri": {
+          "description": "The URI of this Replay Log's collection of Topic Filter Subscription objects. Available since 2.27.",
+          "type": "string"
+        },
         "uri": {
           "description": "The URI of this Replay Log object.",
           "type": "string"
@@ -5947,6 +6659,72 @@
       ],
       "type": "object"
     },
+    "MsgVpnReplayLogTopicFilterSubscription": {
+      "properties": {
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "type": "string"
+        },
+        "replayLogName": {
+          "description": "The name of the Replay Log.",
+          "type": "string"
+        },
+        "topicFilterSubscription": {
+          "description": "The topic of the Subscription.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnReplayLogTopicFilterSubscriptionLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Topic Filter Subscription object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnReplayLogTopicFilterSubscriptionResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnReplayLogTopicFilterSubscription"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnReplayLogTopicFilterSubscriptionLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnReplayLogTopicFilterSubscriptionsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnReplayLogTopicFilterSubscription"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnReplayLogTopicFilterSubscriptionLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
     "MsgVpnReplayLogsResponse": {
       "properties": {
         "data": {
@@ -6060,7 +6838,7 @@
     "MsgVpnRestDeliveryPoint": {
       "properties": {
         "clientProfileName": {
-          "description": "The Client Profile of the REST Delivery Point. It must exist in the local Message VPN. Its TCP parameters are used for all REST Consumers in this RDP. Its queue properties are used by the RDP client. The Client Profile is used inside the auto-generated Client Username for this RDP. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
+          "description": "The Client Profile of the REST Delivery Point. It must exist in the local Message VPN. Its TCP parameters are used for all REST Consumers in this RDP. Its queue properties are used by the RDP client. The Client Profile is used inside the auto-generated Client Username for this RDP. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
           "type": "string"
         },
         "enabled": {
@@ -6138,6 +6916,10 @@
     },
     "MsgVpnRestDeliveryPointQueueBindingLinks": {
       "properties": {
+        "protectedRequestHeadersUri": {
+          "description": "The URI of this Queue Binding's collection of Protected Request Header objects. Available since 2.30.",
+          "type": "string"
+        },
         "requestHeadersUri": {
           "description": "The URI of this Queue Binding's collection of Request Header objects. Available since 2.23.",
           "type": "string"
@@ -6149,6 +6931,80 @@
       },
       "type": "object"
     },
+    "MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader": {
+      "properties": {
+        "headerName": {
+          "description": "The name of the protected HTTP request header.",
+          "type": "string"
+        },
+        "headerValue": {
+          "description": "The value of the protected HTTP request header. Unlike a non-protected request header, this value cannot be displayed after it is set, and does not support substitution expressions. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "type": "string"
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "type": "string"
+        },
+        "queueBindingName": {
+          "description": "The name of a queue in the Message VPN.",
+          "type": "string"
+        },
+        "restDeliveryPointName": {
+          "description": "The name of the REST Delivery Point.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaderLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Protected Request Header object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaderResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaderLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeadersResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaderLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
     "MsgVpnRestDeliveryPointQueueBindingRequestHeader": {
       "properties": {
         "headerName": {
@@ -6299,21 +7155,21 @@
           "type": "string"
         },
         "authenticationClientCertContent": {
-          "description": "The PEM formatted content for the client certificate that the REST Consumer will present to the REST host. It must consist of a private key and between one and three certificates comprising the certificate trust chain. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changing this attribute requires an HTTPS connection. The default value is `\"\"`. Available since 2.9.",
+          "description": "The PEM formatted content for the client certificate that the REST Consumer will present to the REST host. It must consist of a private key and between one and three certificates comprising the certificate trust chain. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changing this attribute requires an HTTPS connection. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `\"\"`. Available since 2.9.",
           "type": "string",
           "x-requires-https": true
         },
         "authenticationClientCertPassword": {
-          "description": "The password for the client certificate. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changing this attribute requires an HTTPS connection. The default value is `\"\"`. Available since 2.9.",
+          "description": "The password for the client certificate. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changing this attribute requires an HTTPS connection. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `\"\"`. Available since 2.9.",
           "type": "string",
           "x-requires-https": true
         },
         "authenticationHttpBasicPassword": {
-          "description": "The password for the username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "description": "The password for the username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
           "type": "string"
         },
         "authenticationHttpBasicUsername": {
-          "description": "The username that the REST Consumer will use to login to the REST host. Normally a username is only configured when basic authentication is selected for the REST Consumer. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "description": "The username that the REST Consumer will use to login to the REST host. Normally a username is only configured when basic authentication is selected for the REST Consumer. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
           "type": "string"
         },
         "authenticationHttpHeaderName": {
@@ -6325,31 +7181,41 @@
           "type": "string"
         },
         "authenticationOauthClientId": {
-          "description": "The OAuth client ID. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.19.",
+          "description": "The OAuth client ID. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.19.",
           "type": "string"
         },
         "authenticationOauthClientScope": {
-          "description": "The OAuth scope. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.19.",
+          "description": "The OAuth scope. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.19.",
           "type": "string"
         },
         "authenticationOauthClientSecret": {
-          "description": "The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.19.",
+          "description": "The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.19.",
           "type": "string"
         },
         "authenticationOauthClientTokenEndpoint": {
-          "description": "The OAuth token endpoint URL that the REST Consumer will use to request a token for login to the REST host. Must begin with \"https\". Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.19.",
+          "description": "The OAuth token endpoint URL that the REST Consumer will use to request a token for login to the REST host. Must begin with \"https\". Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.19.",
           "type": "string"
         },
+        "authenticationOauthClientTokenExpiryDefault": {
+          "description": "The default expiry time for a token, in seconds. Only used when the token endpoint does not return an expiry time. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `900`. Available since 2.30.",
+          "format": "int32",
+          "type": "integer"
+        },
         "authenticationOauthJwtSecretKey": {
-          "description": "The OAuth secret key used to sign the token request JWT. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.21.",
+          "description": "The OAuth secret key used to sign the token request JWT. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.21.",
           "type": "string"
         },
         "authenticationOauthJwtTokenEndpoint": {
-          "description": "The OAuth token endpoint URL that the REST Consumer will use to request a token for login to the REST host. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.21.",
+          "description": "The OAuth token endpoint URL that the REST Consumer will use to request a token for login to the REST host. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.21.",
           "type": "string"
         },
+        "authenticationOauthJwtTokenExpiryDefault": {
+          "description": "The default expiry time for a token, in seconds. Only used when the token endpoint does not return an expiry time. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `900`. Available since 2.30.",
+          "format": "int32",
+          "type": "integer"
+        },
         "authenticationScheme": {
-          "description": "The authentication scheme used by the REST Consumer to login to the REST host. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - Login with no authentication. This may be useful for anonymous connections or when a REST Consumer does not require authentication.\n\"http-basic\" - Login with a username and optional password according to HTTP Basic authentication as per RFC2616.\n\"client-certificate\" - Login with a client TLS certificate as per RFC5246. Client certificate authentication is only available on TLS connections.\n\"http-header\" - Login with a specified HTTP header.\n\"oauth-client\" - Login with OAuth 2.0 client credentials.\n\"oauth-jwt\" - Login with OAuth (RFC 7523 JWT Profile).\n\"transparent\" - Login using the Authorization header from the message properties, if present. Transparent authentication passes along existing Authorization header metadata instead of discarding it. Note that if the message is coming from a REST producer, the REST service must be configured to forward the Authorization header.\n\"aws\" - Login using AWS Signature Version 4 authentication (AWS4-HMAC-SHA256).\n</pre>\n",
+          "description": "The authentication scheme used by the REST Consumer to login to the REST host. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - Login with no authentication. This may be useful for anonymous connections or when a REST Consumer does not require authentication.\n\"http-basic\" - Login with a username and optional password according to HTTP Basic authentication as per RFC2616.\n\"client-certificate\" - Login with a client TLS certificate as per RFC5246. Client certificate authentication is only available on TLS connections.\n\"http-header\" - Login with a specified HTTP header.\n\"oauth-client\" - Login with OAuth 2.0 client credentials.\n\"oauth-jwt\" - Login with OAuth (RFC 7523 JWT Profile).\n\"transparent\" - Login using the Authorization header from the message properties, if present. Transparent authentication passes along existing Authorization header metadata instead of discarding it. Note that if the message is coming from a REST producer, the REST service must be configured to forward the Authorization header.\n\"aws\" - Login using AWS Signature Version 4 authentication (AWS4-HMAC-SHA256).\n</pre>\n",
           "enum": [
             "none",
             "http-basic",
@@ -6388,16 +7254,16 @@
           "type": "string"
         },
         "outgoingConnectionCount": {
-          "description": "The number of concurrent TCP connections open to the REST Consumer. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.",
+          "description": "The number of concurrent TCP connections open to the REST Consumer. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.",
           "format": "int32",
           "type": "integer"
         },
         "remoteHost": {
-          "description": "The IP address or DNS name to which the broker is to connect to deliver messages for the REST Consumer. A host value must be configured for the REST Consumer to be operationally up. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "description": "The IP address or DNS name to which the broker is to connect to deliver messages for the REST Consumer. A host value must be configured for the REST Consumer to be operationally up. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
           "type": "string"
         },
         "remotePort": {
-          "description": "The port associated with the host of the REST Consumer. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `8080`.",
+          "description": "The port associated with the host of the REST Consumer. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `8080`.",
           "format": "int64",
           "type": "integer"
         },
@@ -6415,11 +7281,11 @@
           "type": "integer"
         },
         "tlsCipherSuiteList": {
-          "description": "The colon-separated list of cipher suites the REST Consumer uses in its encrypted connection. The value `\"default\"` implies all supported suites ordered from most secure to least secure. The list of default cipher suites is available in the `tlsCipherSuiteMsgBackboneDefaultList` attribute of the Broker object in the Monitoring API. The REST Consumer should choose the first suite from this list that it supports. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
+          "description": "The colon-separated list of cipher suites the REST Consumer uses in its encrypted connection. The value `\"default\"` implies all supported suites ordered from most secure to least secure. The list of default cipher suites is available in the `tlsCipherSuiteMsgBackboneDefaultList` attribute of the Broker object in the Monitoring API. The REST Consumer should choose the first suite from this list that it supports. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
           "type": "string"
         },
         "tlsEnabled": {
-          "description": "Enable or disable encryption (TLS) for the REST Consumer. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "description": "Enable or disable encryption (TLS) for the REST Consumer. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
           "type": "boolean"
         }
       },
@@ -6711,152 +7577,139 @@
       ],
       "type": "object"
     },
-    "MsgVpnTopicEndpoint": {
+    "MsgVpnTelemetryProfile": {
       "properties": {
-        "accessType": {
-          "description": "The access type for delivering messages to consumer flows bound to the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"exclusive\"`. The allowed values and their meaning are:\n\n<pre>\n\"exclusive\" - Exclusive delivery of messages to the first bound consumer flow.\n\"non-exclusive\" - Non-exclusive delivery of messages to all bound consumer flows in a round-robin fashion.\n</pre>\n Available since 2.4.",
-          "enum": [
-            "exclusive",
-            "non-exclusive"
-          ],
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
           "type": "string"
         },
-        "consumerAckPropagationEnabled": {
-          "description": "Enable or disable the propagation of consumer acknowledgements (ACKs) received on the active replication Message VPN to the standby replication Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
-          "type": "boolean"
-        },
-        "deadMsgQueue": {
-          "description": "The name of the Dead Message Queue (DMQ) used by the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"#DEAD_MSG_QUEUE\"`. Available since 2.2.",
-          "type": "string"
+        "queueEventBindCountThreshold": {
+          "$ref": "#/definitions/EventThreshold"
         },
-        "deliveryCountEnabled": {
-          "description": "Enable or disable the ability for client applications to query the message delivery count of messages received from the Topic Endpoint. This is a controlled availability feature. Please contact support to find out if this feature is supported for your use case. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.19.",
-          "type": "boolean"
+        "queueEventMsgSpoolUsageThreshold": {
+          "$ref": "#/definitions/EventThreshold"
         },
-        "deliveryDelay": {
-          "description": "The delay, in seconds, to apply to messages arriving on the Topic Endpoint before the messages are eligible for delivery. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.22.",
+        "queueMaxBindCount": {
+          "description": "The maximum number of consumer flows that can bind to the Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.",
           "format": "int64",
           "type": "integer"
         },
-        "egressEnabled": {
-          "description": "Enable or disable the transmission of messages from the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
-          "type": "boolean"
+        "queueMaxMsgSpoolUsage": {
+          "description": "The maximum message spool usage allowed by the Queue, in megabytes (MB). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `800000`.",
+          "format": "int64",
+          "type": "integer"
         },
-        "eventBindCountThreshold": {
-          "$ref": "#/definitions/EventThreshold"
+        "receiverAclConnectDefaultAction": {
+          "description": "The default action to take when a receiver client connects to the broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"disallow\"`. The allowed values and their meaning are:\n\n<pre>\n\"allow\" - Allow client connection unless an exception is found for it.\n\"disallow\" - Disallow client connection unless an exception is found for it.\n</pre>\n",
+          "enum": [
+            "allow",
+            "disallow"
+          ],
+          "type": "string"
         },
-        "eventRejectLowPriorityMsgLimitThreshold": {
-          "$ref": "#/definitions/EventThreshold"
+        "receiverEnabled": {
+          "description": "Enable or disable the ability for receiver clients to consume from the #telemetry queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean"
         },
-        "eventSpoolUsageThreshold": {
+        "receiverEventConnectionCountPerClientUsernameThreshold": {
           "$ref": "#/definitions/EventThreshold"
         },
-        "ingressEnabled": {
-          "description": "Enable or disable the reception of messages to the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
-          "type": "boolean"
+        "receiverMaxConnectionCountPerClientUsername": {
+          "description": "The maximum number of receiver connections per Client Username. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.",
+          "format": "int64",
+          "type": "integer"
         },
-        "maxBindCount": {
-          "description": "The maximum number of consumer flows that can bind to the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`. Available since 2.4.",
+        "receiverTcpCongestionWindowSize": {
+          "description": "The TCP initial congestion window size for clients using the Client Profile, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `2`.",
           "format": "int64",
           "type": "integer"
         },
-        "maxDeliveredUnackedMsgsPerFlow": {
-          "description": "The maximum number of messages delivered but not acknowledged per flow for the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.",
+        "receiverTcpKeepaliveCount": {
+          "description": "The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5`.",
           "format": "int64",
           "type": "integer"
         },
-        "maxMsgSize": {
-          "description": "The maximum message size allowed in the Topic Endpoint, in bytes (B). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000000`.",
-          "format": "int32",
+        "receiverTcpKeepaliveIdleTime": {
+          "description": "The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.",
+          "format": "int64",
           "type": "integer"
         },
-        "maxRedeliveryCount": {
-          "description": "The maximum number of times the Topic Endpoint will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+        "receiverTcpKeepaliveInterval": {
+          "description": "The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgement is received, in seconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.",
           "format": "int64",
           "type": "integer"
         },
-        "maxSpoolUsage": {
-          "description": "The maximum message spool usage allowed by the Topic Endpoint, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5000`.",
+        "receiverTcpMaxSegmentSize": {
+          "description": "The TCP maximum segment size for clients using the Client Profile, in bytes. Changes are applied to all existing connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1460`.",
           "format": "int64",
           "type": "integer"
         },
-        "maxTtl": {
-          "description": "The maximum time in seconds a message can stay in the Topic Endpoint when `respectTtlEnabled` is `\"true\"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `maxTtl` configured for the Topic Endpoint, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+        "receiverTcpMaxWindowSize": {
+          "description": "The TCP maximum window size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `256`.",
           "format": "int64",
           "type": "integer"
         },
+        "telemetryProfileName": {
+          "description": "The name of the Telemetry Profile.",
+          "type": "string"
+        },
+        "traceEnabled": {
+          "description": "Enable or disable generation of all trace span data messages. When enabled, the state of configured trace filters control which messages get traced. When disabled, trace span data messages are never generated, regardless of the state of trace filters. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileLinks": {
+      "properties": {
+        "receiverAclConnectExceptionsUri": {
+          "description": "The URI of this Telemetry Profile's collection of Receiver ACL Connect Exception objects.",
+          "type": "string"
+        },
+        "traceFiltersUri": {
+          "description": "The URI of this Telemetry Profile's collection of Trace Filter objects.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Telemetry Profile object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileReceiverAclConnectException": {
+      "properties": {
         "msgVpnName": {
           "description": "The name of the Message VPN.",
           "type": "string"
         },
-        "owner": {
-          "description": "The Client Username that owns the Topic Endpoint and has permission equivalent to `\"delete\"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+        "receiverAclConnectExceptionAddress": {
+          "description": "The IP address/netmask of the receiver connect exception in CIDR form.",
           "type": "string"
         },
-        "permission": {
-          "description": "The permission level for all consumers of the Topic Endpoint, excluding the owner. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"no-access\"`. The allowed values and their meaning are:\n\n<pre>\n\"no-access\" - Disallows all access.\n\"read-only\" - Read-only access to the messages.\n\"consume\" - Consume (read and remove) messages.\n\"modify-topic\" - Consume messages or modify the topic/selector.\n\"delete\" - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.\n</pre>\n",
-          "enum": [
-            "no-access",
-            "read-only",
-            "consume",
-            "modify-topic",
-            "delete"
-          ],
-          "type": "string"
-        },
-        "redeliveryEnabled": {
-          "description": "Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by maxRedeliveryCount. When disabled, the message will never be delivered from the topic-endpoint more than once. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since 2.18.",
-          "type": "boolean"
-        },
-        "rejectLowPriorityMsgEnabled": {
-          "description": "Enable or disable the checking of low priority messages against the `rejectLowPriorityMsgLimit`. This may only be enabled if `rejectMsgToSenderOnDiscardBehavior` does not have a value of `\"never\"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
-          "type": "boolean"
-        },
-        "rejectLowPriorityMsgLimit": {
-          "description": "The number of messages of any priority in the Topic Endpoint above which low priority messages are not admitted but higher priority messages are allowed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "rejectMsgToSenderOnDiscardBehavior": {
-          "description": "Determines when to return negative acknowledgements (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"never\"`. The allowed values and their meaning are:\n\n<pre>\n\"always\" - Always return a negative acknowledgment (NACK) to the sending client on message discard.\n\"when-topic-endpoint-enabled\" - Only return a negative acknowledgment (NACK) to the sending client on message discard when the Topic Endpoint is enabled.\n\"never\" - Never return a negative acknowledgment (NACK) to the sending client on message discard.\n</pre>\n",
-          "enum": [
-            "always",
-            "when-topic-endpoint-enabled",
-            "never"
-          ],
-          "type": "string"
-        },
-        "respectMsgPriorityEnabled": {
-          "description": "Enable or disable the respecting of message priority. When enabled, messages contained in the Topic Endpoint are delivered in priority order, from 9 (highest) to 0 (lowest). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.8.",
-          "type": "boolean"
-        },
-        "respectTtlEnabled": {
-          "description": "Enable or disable the respecting of the time-to-live (TTL) for messages in the Topic Endpoint. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
-          "type": "boolean"
-        },
-        "topicEndpointName": {
-          "description": "The name of the Topic Endpoint.",
+        "telemetryProfileName": {
+          "description": "The name of the Telemetry Profile.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "MsgVpnTopicEndpointLinks": {
+    "MsgVpnTelemetryProfileReceiverAclConnectExceptionLinks": {
       "properties": {
         "uri": {
-          "description": "The URI of this Topic Endpoint object.",
+          "description": "The URI of this Receiver ACL Connect Exception object.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "MsgVpnTopicEndpointResponse": {
+    "MsgVpnTelemetryProfileReceiverAclConnectExceptionResponse": {
       "properties": {
         "data": {
-          "$ref": "#/definitions/MsgVpnTopicEndpoint"
+          "$ref": "#/definitions/MsgVpnTelemetryProfileReceiverAclConnectException"
         },
         "links": {
-          "$ref": "#/definitions/MsgVpnTopicEndpointLinks"
+          "$ref": "#/definitions/MsgVpnTelemetryProfileReceiverAclConnectExceptionLinks"
         },
         "meta": {
           "$ref": "#/definitions/SempMeta"
@@ -6867,140 +7720,142 @@
       ],
       "type": "object"
     },
-    "MsgVpnTopicEndpointTemplate": {
+    "MsgVpnTelemetryProfileReceiverAclConnectExceptionsResponse": {
       "properties": {
-        "accessType": {
-          "description": "The access type for delivering messages to consumer flows. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"exclusive\"`. The allowed values and their meaning are:\n\n<pre>\n\"exclusive\" - Exclusive delivery of messages to the first bound consumer flow.\n\"non-exclusive\" - Non-exclusive delivery of messages to all bound consumer flows in a round-robin fashion.\n</pre>\n",
-          "enum": [
-            "exclusive",
-            "non-exclusive"
-          ],
-          "type": "string"
-        },
-        "consumerAckPropagationEnabled": {
-          "description": "Enable or disable the propagation of consumer acknowledgements (ACKs) received on the active replication Message VPN to the standby replication Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
-          "type": "boolean"
-        },
-        "deadMsgQueue": {
-          "description": "The name of the Dead Message Queue (DMQ). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"#DEAD_MSG_QUEUE\"`.",
-          "type": "string"
-        },
-        "deliveryDelay": {
-          "description": "The delay, in seconds, to apply to messages arriving on the Topic Endpoint before the messages are eligible for delivery. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.22.",
-          "format": "int64",
-          "type": "integer"
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTelemetryProfileReceiverAclConnectException"
+          },
+          "type": "array"
         },
-        "eventBindCountThreshold": {
-          "$ref": "#/definitions/EventThreshold"
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTelemetryProfileReceiverAclConnectExceptionLinks"
+          },
+          "type": "array"
         },
-        "eventMsgSpoolUsageThreshold": {
-          "$ref": "#/definitions/EventThreshold"
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfile"
         },
-        "eventRejectLowPriorityMsgLimitThreshold": {
-          "$ref": "#/definitions/EventThreshold"
+        "links": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileLinks"
         },
-        "maxBindCount": {
-          "description": "The maximum number of consumer flows that can bind. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.",
-          "format": "int64",
-          "type": "integer"
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileTraceFilter": {
+      "properties": {
+        "enabled": {
+          "description": "Enable or disable the trace filter. When the filter is disabled, the filter's subscriptions will not trigger a message to be traced. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean"
         },
-        "maxDeliveredUnackedMsgsPerFlow": {
-          "description": "The maximum number of messages delivered but not acknowledged per flow. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.",
-          "format": "int64",
-          "type": "integer"
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "type": "string"
         },
-        "maxMsgSize": {
-          "description": "The maximum message size allowed, in bytes (B). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000000`.",
-          "format": "int32",
-          "type": "integer"
+        "telemetryProfileName": {
+          "description": "The name of the Telemetry Profile.",
+          "type": "string"
         },
-        "maxMsgSpoolUsage": {
-          "description": "The maximum message spool usage allowed, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5000`.",
-          "format": "int64",
-          "type": "integer"
+        "traceFilterName": {
+          "description": "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileTraceFilterLinks": {
+      "properties": {
+        "subscriptionsUri": {
+          "description": "The URI of this Trace Filter's collection of Telemetry Trace Filter Subscription objects.",
+          "type": "string"
         },
-        "maxRedeliveryCount": {
-          "description": "The maximum number of message redelivery attempts that will occur prior to the message being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
-          "format": "int64",
-          "type": "integer"
+        "uri": {
+          "description": "The URI of this Trace Filter object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileTraceFilterResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilter"
         },
-        "maxTtl": {
-          "description": "The maximum time in seconds a message can stay in the Topic Endpoint when `respectTtlEnabled` is `\"true\"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `maxTtl` configured for the Topic Endpoint, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
-          "format": "int64",
-          "type": "integer"
+        "links": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterLinks"
         },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileTraceFilterSubscription": {
+      "properties": {
         "msgVpnName": {
           "description": "The name of the Message VPN.",
           "type": "string"
         },
-        "permission": {
-          "description": "The permission level for all consumers, excluding the owner. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"no-access\"`. The allowed values and their meaning are:\n\n<pre>\n\"no-access\" - Disallows all access.\n\"read-only\" - Read-only access to the messages.\n\"consume\" - Consume (read and remove) messages.\n\"modify-topic\" - Consume messages or modify the topic/selector.\n\"delete\" - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.\n</pre>\n",
-          "enum": [
-            "no-access",
-            "read-only",
-            "consume",
-            "modify-topic",
-            "delete"
-          ],
+        "subscription": {
+          "description": "Messages matching this subscription will follow this filter's configuration.",
           "type": "string"
         },
-        "redeliveryEnabled": {
-          "description": "Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by maxRedeliveryCount. When disabled, the message will never be delivered from the topic-endpoint more than once. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since 2.18.",
-          "type": "boolean"
-        },
-        "rejectLowPriorityMsgEnabled": {
-          "description": "Enable or disable the checking of low priority messages against the `rejectLowPriorityMsgLimit`. This may only be enabled if `rejectMsgToSenderOnDiscardBehavior` does not have a value of `\"never\"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
-          "type": "boolean"
-        },
-        "rejectLowPriorityMsgLimit": {
-          "description": "The number of messages that are permitted before low priority messages are rejected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "rejectMsgToSenderOnDiscardBehavior": {
-          "description": "Determines when to return negative acknowledgements (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"never\"`. The allowed values and their meaning are:\n\n<pre>\n\"always\" - Always return a negative acknowledgment (NACK) to the sending client on message discard.\n\"when-topic-endpoint-enabled\" - Only return a negative acknowledgment (NACK) to the sending client on message discard when the Topic Endpoint is enabled.\n\"never\" - Never return a negative acknowledgment (NACK) to the sending client on message discard.\n</pre>\n",
+        "subscriptionSyntax": {
+          "description": "The syntax of the trace filter subscription. The allowed values and their meaning are:\n\n<pre>\n\"smf\" - Subscription uses SMF syntax.\n\"mqtt\" - Subscription uses MQTT syntax.\n</pre>\n",
           "enum": [
-            "always",
-            "when-topic-endpoint-enabled",
-            "never"
+            "smf",
+            "mqtt"
           ],
           "type": "string"
         },
-        "respectMsgPriorityEnabled": {
-          "description": "Enable or disable the respecting of message priority. When enabled, messages are delivered in priority order, from 9 (highest) to 0 (lowest). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
-          "type": "boolean"
-        },
-        "respectTtlEnabled": {
-          "description": "Enable or disable the respecting of the time-to-live (TTL) for messages. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
-          "type": "boolean"
-        },
-        "topicEndpointNameFilter": {
-          "description": "A wildcardable pattern used to determine which Topic Endpoints use settings from this Template. Two different wildcards are supported: * and >. Similar to topic filters or subscription patterns, a > matches anything (but only when used at the end), and a * matches zero or more characters but never a slash (/). A > is only a wildcard when used at the end, after a /. A * is only allowed at the end, after a slash (/). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+        "telemetryProfileName": {
+          "description": "The name of the Telemetry Profile.",
           "type": "string"
         },
-        "topicEndpointTemplateName": {
-          "description": "The name of the Topic Endpoint Template.",
+        "traceFilterName": {
+          "description": "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "MsgVpnTopicEndpointTemplateLinks": {
+    "MsgVpnTelemetryProfileTraceFilterSubscriptionLinks": {
       "properties": {
         "uri": {
-          "description": "The URI of this Topic Endpoint Template object.",
+          "description": "The URI of this Telemetry Trace Filter Subscription object.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "MsgVpnTopicEndpointTemplateResponse": {
+    "MsgVpnTelemetryProfileTraceFilterSubscriptionResponse": {
       "properties": {
         "data": {
-          "$ref": "#/definitions/MsgVpnTopicEndpointTemplate"
+          "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterSubscription"
         },
         "links": {
-          "$ref": "#/definitions/MsgVpnTopicEndpointTemplateLinks"
+          "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterSubscriptionLinks"
         },
         "meta": {
           "$ref": "#/definitions/SempMeta"
@@ -7011,17 +7866,17 @@
       ],
       "type": "object"
     },
-    "MsgVpnTopicEndpointTemplatesResponse": {
+    "MsgVpnTelemetryProfileTraceFilterSubscriptionsResponse": {
       "properties": {
         "data": {
           "items": {
-            "$ref": "#/definitions/MsgVpnTopicEndpointTemplate"
+            "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterSubscription"
           },
           "type": "array"
         },
         "links": {
           "items": {
-            "$ref": "#/definitions/MsgVpnTopicEndpointTemplateLinks"
+            "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterSubscriptionLinks"
           },
           "type": "array"
         },
@@ -7034,17 +7889,17 @@
       ],
       "type": "object"
     },
-    "MsgVpnTopicEndpointsResponse": {
+    "MsgVpnTelemetryProfileTraceFiltersResponse": {
       "properties": {
         "data": {
           "items": {
-            "$ref": "#/definitions/MsgVpnTopicEndpoint"
+            "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilter"
           },
           "type": "array"
         },
         "links": {
           "items": {
-            "$ref": "#/definitions/MsgVpnTopicEndpointLinks"
+            "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterLinks"
           },
           "type": "array"
         },
@@ -7057,17 +7912,17 @@
       ],
       "type": "object"
     },
-    "MsgVpnsResponse": {
+    "MsgVpnTelemetryProfilesResponse": {
       "properties": {
         "data": {
           "items": {
-            "$ref": "#/definitions/MsgVpn"
+            "$ref": "#/definitions/MsgVpnTelemetryProfile"
           },
           "type": "array"
         },
         "links": {
           "items": {
-            "$ref": "#/definitions/MsgVpnLinks"
+            "$ref": "#/definitions/MsgVpnTelemetryProfileLinks"
           },
           "type": "array"
         },
@@ -7080,278 +7935,171 @@
       ],
       "type": "object"
     },
-    "OauthProfile": {
+    "MsgVpnTopicEndpoint": {
       "properties": {
-        "accessLevelGroupsClaimName": {
-          "description": "The name of the groups claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"groups\"`.",
-          "type": "string"
-        },
-        "clientId": {
-          "description": "The OAuth client id. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+        "accessType": {
+          "description": "The access type for delivering messages to consumer flows bound to the Topic Endpoint. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"exclusive\"`. The allowed values and their meaning are:\n\n<pre>\n\"exclusive\" - Exclusive delivery of messages to the first bound consumer flow.\n\"non-exclusive\" - Non-exclusive delivery of messages to all bound consumer flows in a round-robin fashion.\n</pre>\n Available since 2.4.",
+          "enum": [
+            "exclusive",
+            "non-exclusive"
+          ],
           "type": "string"
         },
-        "clientRedirectUri": {
-          "description": "The OAuth redirect URI. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
-          "type": "string"
+        "consumerAckPropagationEnabled": {
+          "description": "Enable or disable the propagation of consumer acknowledgements (ACKs) received on the active replication Message VPN to the standby replication Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean"
         },
-        "clientRequiredType": {
-          "description": "The required value for the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"JWT\"`.",
+        "deadMsgQueue": {
+          "description": "The name of the Dead Message Queue (DMQ) used by the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"#DEAD_MSG_QUEUE\"`. Available since 2.2.",
           "type": "string"
         },
-        "clientScope": {
-          "description": "The OAuth scope. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"openid email\"`.",
-          "type": "string"
+        "deliveryCountEnabled": {
+          "description": "Enable or disable the ability for client applications to query the message delivery count of messages received from the Topic Endpoint. This is a controlled availability feature. Please contact support to find out if this feature is supported for your use case. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.19.",
+          "type": "boolean"
         },
-        "clientSecret": {
-          "description": "The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
-          "type": "string"
+        "deliveryDelay": {
+          "description": "The delay, in seconds, to apply to messages arriving on the Topic Endpoint before the messages are eligible for delivery. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.22.",
+          "format": "int64",
+          "type": "integer"
         },
-        "clientValidateTypeEnabled": {
-          "description": "Enable or disable verification of the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+        "egressEnabled": {
+          "description": "Enable or disable the transmission of messages from the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
           "type": "boolean"
         },
-        "defaultGlobalAccessLevel": {
-          "description": "The default global access level for this OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to global data.\n\"read-only\" - User has read-only access to global data.\n\"read-write\" - User has read-write access to most global data.\n\"admin\" - User has read-write access to all global data.\n</pre>\n",
-          "enum": [
-            "none",
-            "read-only",
-            "read-write",
-            "admin"
-          ],
-          "type": "string"
+        "eventBindCountThreshold": {
+          "$ref": "#/definitions/EventThreshold"
         },
-        "defaultMsgVpnAccessLevel": {
-          "description": "The default message VPN access level for the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to a Message VPN.\n\"read-only\" - User has read-only access to a Message VPN.\n\"read-write\" - User has read-write access to most Message VPN settings.\n</pre>\n",
-          "enum": [
-            "none",
-            "read-only",
-            "read-write"
-          ],
-          "type": "string"
+        "eventRejectLowPriorityMsgLimitThreshold": {
+          "$ref": "#/definitions/EventThreshold"
         },
-        "displayName": {
-          "description": "The user friendly name for the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
-          "type": "string"
+        "eventSpoolUsageThreshold": {
+          "$ref": "#/definitions/EventThreshold"
         },
-        "enabled": {
-          "description": "Enable or disable the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+        "ingressEnabled": {
+          "description": "Enable or disable the reception of messages to the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
           "type": "boolean"
         },
-        "endpointAuthorization": {
-          "description": "The OAuth authorization endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
-          "type": "string"
-        },
-        "endpointDiscovery": {
-          "description": "The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
-          "type": "string"
-        },
-        "endpointDiscoveryRefreshInterval": {
-          "description": "The number of seconds between discovery endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`.",
-          "format": "int32",
+        "maxBindCount": {
+          "description": "The maximum number of consumer flows that can bind to the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`. Available since 2.4.",
+          "format": "int64",
           "type": "integer"
         },
-        "endpointIntrospection": {
-          "description": "The OAuth introspection endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
-          "type": "string"
-        },
-        "endpointIntrospectionTimeout": {
-          "description": "The maximum time in seconds a token introspection request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.",
-          "format": "int32",
+        "maxDeliveredUnackedMsgsPerFlow": {
+          "description": "The maximum number of messages delivered but not acknowledged per flow for the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.",
+          "format": "int64",
           "type": "integer"
         },
-        "endpointJwks": {
-          "description": "The OAuth JWKS endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
-          "type": "string"
-        },
-        "endpointJwksRefreshInterval": {
-          "description": "The number of seconds between JWKS endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`.",
+        "maxMsgSize": {
+          "description": "The maximum message size allowed in the Topic Endpoint, in bytes (B). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000000`.",
           "format": "int32",
           "type": "integer"
         },
-        "endpointToken": {
-          "description": "The OAuth token endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
-          "type": "string"
-        },
-        "endpointTokenTimeout": {
-          "description": "The maximum time in seconds a token request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.",
-          "format": "int32",
+        "maxRedeliveryCount": {
+          "description": "The maximum number of times the Topic Endpoint will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
           "type": "integer"
         },
-        "endpointUserinfo": {
-          "description": "The OpenID Connect Userinfo endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
-          "type": "string"
-        },
-        "endpointUserinfoTimeout": {
-          "description": "The maximum time in seconds a userinfo request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.",
-          "format": "int32",
+        "maxSpoolUsage": {
+          "description": "The maximum message spool usage allowed by the Topic Endpoint, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5000`.",
+          "format": "int64",
           "type": "integer"
         },
-        "interactiveEnabled": {
-          "description": "Enable or disable interactive logins via this OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
-          "type": "boolean"
-        },
-        "interactivePromptForExpiredSession": {
-          "description": "The value of the prompt parameter provided to the OAuth authorization server for login requests where the session has expired. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
-          "type": "string"
-        },
-        "interactivePromptForNewSession": {
-          "description": "The value of the prompt parameter provided to the OAuth authorization server for login requests where the session is new or the user has explicitly logged out. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"select_account\"`.",
-          "type": "string"
+        "maxTtl": {
+          "description": "The maximum time in seconds a message can stay in the Topic Endpoint when `respectTtlEnabled` is `\"true\"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `maxTtl` configured for the Topic Endpoint, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "type": "integer"
         },
-        "issuer": {
-          "description": "The Issuer Identifier for the OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
           "type": "string"
         },
-        "oauthProfileName": {
-          "description": "The name of the OAuth profile.",
+        "owner": {
+          "description": "The Client Username that owns the Topic Endpoint and has permission equivalent to `\"delete\"`. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
           "type": "string"
         },
-        "oauthRole": {
-          "description": "The OAuth role of the broker. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"client\"`. The allowed values and their meaning are:\n\n<pre>\n\"client\" - The broker is in the OAuth client role.\n\"resource-server\" - The broker is in the OAuth resource server role.\n</pre>\n",
+        "permission": {
+          "description": "The permission level for all consumers of the Topic Endpoint, excluding the owner. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"no-access\"`. The allowed values and their meaning are:\n\n<pre>\n\"no-access\" - Disallows all access.\n\"read-only\" - Read-only access to the messages.\n\"consume\" - Consume (read and remove) messages.\n\"modify-topic\" - Consume messages or modify the topic/selector.\n\"delete\" - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.\n</pre>\n",
           "enum": [
-            "client",
-            "resource-server"
+            "no-access",
+            "read-only",
+            "consume",
+            "modify-topic",
+            "delete"
           ],
           "type": "string"
         },
-        "resourceServerParseAccessTokenEnabled": {
-          "description": "Enable or disable parsing of the access token as a JWT. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+        "redeliveryDelayEnabled": {
+          "description": "Enable or disable a message redelivery delay. When false, messages are redelivered as-soon-as-possible.  When true, messages are redelivered according to the initial, max and multiplier.  This should only be enabled when redelivery is enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.33.",
           "type": "boolean"
         },
-        "resourceServerRequiredAudience": {
-          "description": "The required audience value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
-          "type": "string"
-        },
-        "resourceServerRequiredIssuer": {
-          "description": "The required issuer value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
-          "type": "string"
-        },
-        "resourceServerRequiredScope": {
-          "description": "A space-separated list of scopes that must be present in the scope claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
-          "type": "string"
-        },
-        "resourceServerRequiredType": {
-          "description": "The required TYP value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"at+jwt\"`.",
-          "type": "string"
-        },
-        "resourceServerValidateAudienceEnabled": {
-          "description": "Enable or disable verification of the audience claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
-          "type": "boolean"
+        "redeliveryDelayInitialInterval": {
+          "description": "The delay to be used between the first 2 redelivery attempts.  This value is in milliseconds. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`. Available since 2.33.",
+          "format": "int32",
+          "type": "integer"
         },
-        "resourceServerValidateIssuerEnabled": {
-          "description": "Enable or disable verification of the issuer claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
-          "type": "boolean"
+        "redeliveryDelayMaxInterval": {
+          "description": "The maximum delay to be used between any 2 redelivery attempts.  This value is in milliseconds.  Due to technical limitations, some redelivery attempt delays may slightly exceed this value. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `64000`. Available since 2.33.",
+          "format": "int32",
+          "type": "integer"
         },
-        "resourceServerValidateScopeEnabled": {
-          "description": "Enable or disable verification of the scope claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
-          "type": "boolean"
+        "redeliveryDelayMultiplier": {
+          "description": "The amount each delay interval is multiplied by after each failed delivery attempt.  This number is in a fixed-point decimal format in which you must divide by 100 to get the floating point value. For example, a value of 125 would cause the delay to be multiplied by 1.25. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `200`. Available since 2.33.",
+          "format": "int32",
+          "type": "integer"
         },
-        "resourceServerValidateTypeEnabled": {
-          "description": "Enable or disable verification of the TYP field in the access token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+        "redeliveryEnabled": {
+          "description": "Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by maxRedeliveryCount. When disabled, the message will never be delivered from the topic-endpoint more than once. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since 2.18.",
           "type": "boolean"
         },
-        "sempEnabled": {
-          "description": "Enable or disable authentication of SEMP requests with OAuth tokens. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+        "rejectLowPriorityMsgEnabled": {
+          "description": "Enable or disable the checking of low priority messages against the `rejectLowPriorityMsgLimit`. This may only be enabled if `rejectMsgToSenderOnDiscardBehavior` does not have a value of `\"never\"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
           "type": "boolean"
         },
-        "usernameClaimName": {
-          "description": "The name of the username claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"sub\"`.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "OauthProfileAccessLevelGroup": {
-      "properties": {
-        "description": {
-          "description": "A description for the group. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
-          "type": "string"
-        },
-        "globalAccessLevel": {
-          "description": "The global access level for this group. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to global data.\n\"read-only\" - User has read-only access to global data.\n\"read-write\" - User has read-write access to most global data.\n\"admin\" - User has read-write access to all global data.\n</pre>\n",
-          "enum": [
-            "none",
-            "read-only",
-            "read-write",
-            "admin"
-          ],
-          "type": "string"
-        },
-        "groupName": {
-          "description": "The name of the group.",
-          "type": "string"
-        },
-        "msgVpnAccessLevel": {
-          "description": "The default message VPN access level for this group. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to a Message VPN.\n\"read-only\" - User has read-only access to a Message VPN.\n\"read-write\" - User has read-write access to most Message VPN settings.\n</pre>\n",
-          "enum": [
-            "none",
-            "read-only",
-            "read-write"
-          ],
-          "type": "string"
-        },
-        "oauthProfileName": {
-          "description": "The name of the OAuth profile.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "OauthProfileAccessLevelGroupLinks": {
-      "properties": {
-        "msgVpnAccessLevelExceptionsUri": {
-          "description": "The URI of this Group Access Level's collection of Message VPN Access-Level Exception objects.",
-          "type": "string"
+        "rejectLowPriorityMsgLimit": {
+          "description": "The number of messages of any priority in the Topic Endpoint above which low priority messages are not admitted but higher priority messages are allowed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "type": "integer"
         },
-        "uri": {
-          "description": "The URI of this Group Access Level object.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "OauthProfileAccessLevelGroupMsgVpnAccessLevelException": {
-      "properties": {
-        "accessLevel": {
-          "description": "The message VPN access level. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to a Message VPN.\n\"read-only\" - User has read-only access to a Message VPN.\n\"read-write\" - User has read-write access to most Message VPN settings.\n</pre>\n",
+        "rejectMsgToSenderOnDiscardBehavior": {
+          "description": "Determines when to return negative acknowledgements (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as rejectLowPriorityMsgEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"never\"`. The allowed values and their meaning are:\n\n<pre>\n\"always\" - Always return a negative acknowledgment (NACK) to the sending client on message discard.\n\"when-topic-endpoint-enabled\" - Only return a negative acknowledgment (NACK) to the sending client on message discard when the Topic Endpoint is enabled.\n\"never\" - Never return a negative acknowledgment (NACK) to the sending client on message discard.\n</pre>\n",
           "enum": [
-            "none",
-            "read-only",
-            "read-write"
+            "always",
+            "when-topic-endpoint-enabled",
+            "never"
           ],
           "type": "string"
         },
-        "groupName": {
-          "description": "The name of the group.",
-          "type": "string"
+        "respectMsgPriorityEnabled": {
+          "description": "Enable or disable the respecting of message priority. When enabled, messages contained in the Topic Endpoint are delivered in priority order, from 9 (highest) to 0 (lowest). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled and ingressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.8.",
+          "type": "boolean"
         },
-        "msgVpnName": {
-          "description": "The name of the message VPN.",
-          "type": "string"
+        "respectTtlEnabled": {
+          "description": "Enable or disable the respecting of the time-to-live (TTL) for messages in the Topic Endpoint. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean"
         },
-        "oauthProfileName": {
-          "description": "The name of the OAuth profile.",
+        "topicEndpointName": {
+          "description": "The name of the Topic Endpoint.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionLinks": {
+    "MsgVpnTopicEndpointLinks": {
       "properties": {
         "uri": {
-          "description": "The URI of this Message VPN Access-Level Exception object.",
+          "description": "The URI of this Topic Endpoint object.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionResponse": {
+    "MsgVpnTopicEndpointResponse": {
       "properties": {
         "data": {
-          "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelException"
+          "$ref": "#/definitions/MsgVpnTopicEndpoint"
         },
         "links": {
-          "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionLinks"
+          "$ref": "#/definitions/MsgVpnTopicEndpointLinks"
         },
         "meta": {
           "$ref": "#/definitions/SempMeta"
@@ -7362,98 +8110,159 @@
       ],
       "type": "object"
     },
-    "OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionsResponse": {
+    "MsgVpnTopicEndpointTemplate": {
       "properties": {
-        "data": {
-          "items": {
-            "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelException"
-          },
-          "type": "array"
+        "accessType": {
+          "description": "The access type for delivering messages to consumer flows. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"exclusive\"`. The allowed values and their meaning are:\n\n<pre>\n\"exclusive\" - Exclusive delivery of messages to the first bound consumer flow.\n\"non-exclusive\" - Non-exclusive delivery of messages to all bound consumer flows in a round-robin fashion.\n</pre>\n",
+          "enum": [
+            "exclusive",
+            "non-exclusive"
+          ],
+          "type": "string"
         },
-        "links": {
-          "items": {
-            "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionLinks"
-          },
-          "type": "array"
+        "consumerAckPropagationEnabled": {
+          "description": "Enable or disable the propagation of consumer acknowledgements (ACKs) received on the active replication Message VPN to the standby replication Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean"
         },
-        "meta": {
-          "$ref": "#/definitions/SempMeta"
-        }
-      },
-      "required": [
-        "meta"
-      ],
-      "type": "object"
-    },
-    "OauthProfileAccessLevelGroupResponse": {
-      "properties": {
-        "data": {
-          "$ref": "#/definitions/OauthProfileAccessLevelGroup"
+        "deadMsgQueue": {
+          "description": "The name of the Dead Message Queue (DMQ). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"#DEAD_MSG_QUEUE\"`.",
+          "type": "string"
         },
-        "links": {
-          "$ref": "#/definitions/OauthProfileAccessLevelGroupLinks"
+        "deliveryDelay": {
+          "description": "The delay, in seconds, to apply to messages arriving on the Topic Endpoint before the messages are eligible for delivery. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.22.",
+          "format": "int64",
+          "type": "integer"
         },
-        "meta": {
-          "$ref": "#/definitions/SempMeta"
-        }
-      },
-      "required": [
-        "meta"
-      ],
-      "type": "object"
-    },
-    "OauthProfileAccessLevelGroupsResponse": {
-      "properties": {
-        "data": {
-          "items": {
-            "$ref": "#/definitions/OauthProfileAccessLevelGroup"
-          },
-          "type": "array"
+        "eventBindCountThreshold": {
+          "$ref": "#/definitions/EventThreshold"
         },
-        "links": {
-          "items": {
-            "$ref": "#/definitions/OauthProfileAccessLevelGroupLinks"
-          },
-          "type": "array"
+        "eventMsgSpoolUsageThreshold": {
+          "$ref": "#/definitions/EventThreshold"
         },
-        "meta": {
-          "$ref": "#/definitions/SempMeta"
-        }
-      },
-      "required": [
-        "meta"
-      ],
-      "type": "object"
-    },
-    "OauthProfileClientAllowedHost": {
-      "properties": {
-        "allowedHost": {
-          "description": "An allowed value for the Host header.",
+        "eventRejectLowPriorityMsgLimitThreshold": {
+          "$ref": "#/definitions/EventThreshold"
+        },
+        "maxBindCount": {
+          "description": "The maximum number of consumer flows that can bind. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "maxDeliveredUnackedMsgsPerFlow": {
+          "description": "The maximum number of messages delivered but not acknowledged per flow. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "maxMsgSize": {
+          "description": "The maximum message size allowed, in bytes (B). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000000`.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "maxMsgSpoolUsage": {
+          "description": "The maximum message spool usage allowed, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5000`.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "maxRedeliveryCount": {
+          "description": "The maximum number of message redelivery attempts that will occur prior to the message being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "maxTtl": {
+          "description": "The maximum time in seconds a message can stay in the Topic Endpoint when `respectTtlEnabled` is `\"true\"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `maxTtl` configured for the Topic Endpoint, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
           "type": "string"
         },
-        "oauthProfileName": {
-          "description": "The name of the OAuth profile.",
+        "permission": {
+          "description": "The permission level for all consumers, excluding the owner. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"no-access\"`. The allowed values and their meaning are:\n\n<pre>\n\"no-access\" - Disallows all access.\n\"read-only\" - Read-only access to the messages.\n\"consume\" - Consume (read and remove) messages.\n\"modify-topic\" - Consume messages or modify the topic/selector.\n\"delete\" - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.\n</pre>\n",
+          "enum": [
+            "no-access",
+            "read-only",
+            "consume",
+            "modify-topic",
+            "delete"
+          ],
+          "type": "string"
+        },
+        "redeliveryDelayEnabled": {
+          "description": "Enable or disable a message redelivery delay. When false, messages are redelivered as-soon-as-possible.  When true, messages are redelivered according to the initial, max and multiplier.  This should only be enabled when redelivery is enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.33.",
+          "type": "boolean"
+        },
+        "redeliveryDelayInitialInterval": {
+          "description": "The delay to be used between the first 2 redelivery attempts.  This value is in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`. Available since 2.33.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "redeliveryDelayMaxInterval": {
+          "description": "The maximum delay to be used between any 2 redelivery attempts.  This value is in milliseconds.  Due to technical limitations, some redelivery attempt delays may slightly exceed this value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `64000`. Available since 2.33.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "redeliveryDelayMultiplier": {
+          "description": "The amount each delay interval is multiplied by after each failed delivery attempt.  This number is in a fixed-point decimal format in which you must divide by 100 to get the floating point value. For example, a value of 125 would cause the delay to be multiplied by 1.25. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `200`. Available since 2.33.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "redeliveryEnabled": {
+          "description": "Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by maxRedeliveryCount. When disabled, the message will never be delivered from the topic-endpoint more than once. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since 2.18.",
+          "type": "boolean"
+        },
+        "rejectLowPriorityMsgEnabled": {
+          "description": "Enable or disable the checking of low priority messages against the `rejectLowPriorityMsgLimit`. This may only be enabled if `rejectMsgToSenderOnDiscardBehavior` does not have a value of `\"never\"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean"
+        },
+        "rejectLowPriorityMsgLimit": {
+          "description": "The number of messages that are permitted before low priority messages are rejected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "rejectMsgToSenderOnDiscardBehavior": {
+          "description": "Determines when to return negative acknowledgements (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as rejectLowPriorityMsgEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"never\"`. The allowed values and their meaning are:\n\n<pre>\n\"always\" - Always return a negative acknowledgment (NACK) to the sending client on message discard.\n\"when-topic-endpoint-enabled\" - Only return a negative acknowledgment (NACK) to the sending client on message discard when the Topic Endpoint is enabled.\n\"never\" - Never return a negative acknowledgment (NACK) to the sending client on message discard.\n</pre>\n",
+          "enum": [
+            "always",
+            "when-topic-endpoint-enabled",
+            "never"
+          ],
+          "type": "string"
+        },
+        "respectMsgPriorityEnabled": {
+          "description": "Enable or disable the respecting of message priority. When enabled, messages are delivered in priority order, from 9 (highest) to 0 (lowest). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean"
+        },
+        "respectTtlEnabled": {
+          "description": "Enable or disable the respecting of the time-to-live (TTL) for messages. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean"
+        },
+        "topicEndpointNameFilter": {
+          "description": "A wildcardable pattern used to determine which Topic Endpoints use settings from this Template. Two different wildcards are supported: * and >. Similar to topic filters or subscription patterns, a > matches anything (but only when used at the end), and a * matches zero or more characters but never a slash (/). A > is only a wildcard when used at the end, after a /. A * is only allowed at the end, after a slash (/). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "type": "string"
+        },
+        "topicEndpointTemplateName": {
+          "description": "The name of the Topic Endpoint Template.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "OauthProfileClientAllowedHostLinks": {
+    "MsgVpnTopicEndpointTemplateLinks": {
       "properties": {
         "uri": {
-          "description": "The URI of this Allowed Host Value object.",
+          "description": "The URI of this Topic Endpoint Template object.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "OauthProfileClientAllowedHostResponse": {
+    "MsgVpnTopicEndpointTemplateResponse": {
       "properties": {
         "data": {
-          "$ref": "#/definitions/OauthProfileClientAllowedHost"
+          "$ref": "#/definitions/MsgVpnTopicEndpointTemplate"
         },
         "links": {
-          "$ref": "#/definitions/OauthProfileClientAllowedHostLinks"
+          "$ref": "#/definitions/MsgVpnTopicEndpointTemplateLinks"
         },
         "meta": {
           "$ref": "#/definitions/SempMeta"
@@ -7464,17 +8273,17 @@
       ],
       "type": "object"
     },
-    "OauthProfileClientAllowedHostsResponse": {
+    "MsgVpnTopicEndpointTemplatesResponse": {
       "properties": {
         "data": {
           "items": {
-            "$ref": "#/definitions/OauthProfileClientAllowedHost"
+            "$ref": "#/definitions/MsgVpnTopicEndpointTemplate"
           },
           "type": "array"
         },
         "links": {
           "items": {
-            "$ref": "#/definitions/OauthProfileClientAllowedHostLinks"
+            "$ref": "#/definitions/MsgVpnTopicEndpointTemplateLinks"
           },
           "type": "array"
         },
@@ -7487,39 +8296,19 @@
       ],
       "type": "object"
     },
-    "OauthProfileClientAuthorizationParameter": {
-      "properties": {
-        "authorizationParameterName": {
-          "description": "The name of the authorization parameter.",
-          "type": "string"
-        },
-        "authorizationParameterValue": {
-          "description": "The authorization parameter value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
-          "type": "string"
-        },
-        "oauthProfileName": {
-          "description": "The name of the OAuth profile.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "OauthProfileClientAuthorizationParameterLinks": {
-      "properties": {
-        "uri": {
-          "description": "The URI of this Authorization Parameter object.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "OauthProfileClientAuthorizationParameterResponse": {
+    "MsgVpnTopicEndpointsResponse": {
       "properties": {
         "data": {
-          "$ref": "#/definitions/OauthProfileClientAuthorizationParameter"
+          "items": {
+            "$ref": "#/definitions/MsgVpnTopicEndpoint"
+          },
+          "type": "array"
         },
         "links": {
-          "$ref": "#/definitions/OauthProfileClientAuthorizationParameterLinks"
+          "items": {
+            "$ref": "#/definitions/MsgVpnTopicEndpointLinks"
+          },
+          "type": "array"
         },
         "meta": {
           "$ref": "#/definitions/SempMeta"
@@ -7530,17 +8319,17 @@
       ],
       "type": "object"
     },
-    "OauthProfileClientAuthorizationParametersResponse": {
+    "MsgVpnsResponse": {
       "properties": {
         "data": {
           "items": {
-            "$ref": "#/definitions/OauthProfileClientAuthorizationParameter"
+            "$ref": "#/definitions/MsgVpn"
           },
           "type": "array"
         },
         "links": {
           "items": {
-            "$ref": "#/definitions/OauthProfileClientAuthorizationParameterLinks"
+            "$ref": "#/definitions/MsgVpnLinks"
           },
           "type": "array"
         },
@@ -7553,73 +8342,245 @@
       ],
       "type": "object"
     },
-    "OauthProfileClientRequiredClaim": {
+    "OauthProfile": {
       "properties": {
-        "clientRequiredClaimName": {
-          "description": "The name of the ID token claim to verify.",
+        "accessLevelGroupsClaimName": {
+          "description": "The name of the groups claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"groups\"`.",
           "type": "string"
         },
-        "clientRequiredClaimValue": {
-          "description": "The required claim value, which must be a string containing a valid JSON value.",
+        "accessLevelGroupsClaimStringFormat": {
+          "description": "The format of the access level groups claim value when it is a string. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"single\"`. The allowed values and their meaning are:\n\n<pre>\n\"single\" - When the claim is a string, it is interpreted as a single group.\n\"space-delimited\" - When the claim is a string, it is interpreted as a space-delimited list of groups, similar to the \"scope\" claim.\n</pre>\n Available since 2.32.",
+          "enum": [
+            "single",
+            "space-delimited"
+          ],
           "type": "string"
         },
-        "oauthProfileName": {
-          "description": "The name of the OAuth profile.",
+        "clientId": {
+          "description": "The OAuth client id. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "OauthProfileClientRequiredClaimLinks": {
-      "properties": {
-        "uri": {
-          "description": "The URI of this Required Claim object.",
+        },
+        "clientRedirectUri": {
+          "description": "The OAuth redirect URI. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "OauthProfileClientRequiredClaimResponse": {
-      "properties": {
-        "data": {
-          "$ref": "#/definitions/OauthProfileClientRequiredClaim"
         },
-        "links": {
-          "$ref": "#/definitions/OauthProfileClientRequiredClaimLinks"
+        "clientRequiredType": {
+          "description": "The required value for the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"JWT\"`.",
+          "type": "string"
         },
-        "meta": {
-          "$ref": "#/definitions/SempMeta"
+        "clientScope": {
+          "description": "The OAuth scope. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"openid email\"`.",
+          "type": "string"
+        },
+        "clientSecret": {
+          "description": "The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "type": "string"
+        },
+        "clientValidateTypeEnabled": {
+          "description": "Enable or disable verification of the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+          "type": "boolean"
+        },
+        "defaultGlobalAccessLevel": {
+          "description": "The default global access level for this OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to global data.\n\"read-only\" - User has read-only access to global data.\n\"read-write\" - User has read-write access to most global data.\n\"admin\" - User has read-write access to all global data.\n</pre>\n",
+          "enum": [
+            "none",
+            "read-only",
+            "read-write",
+            "admin"
+          ],
+          "type": "string"
+        },
+        "defaultMsgVpnAccessLevel": {
+          "description": "The default message VPN access level for the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to a Message VPN.\n\"read-only\" - User has read-only access to a Message VPN.\n\"read-write\" - User has read-write access to most Message VPN settings.\n</pre>\n",
+          "enum": [
+            "none",
+            "read-only",
+            "read-write"
+          ],
+          "type": "string"
+        },
+        "displayName": {
+          "description": "The user friendly name for the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "type": "string"
+        },
+        "enabled": {
+          "description": "Enable or disable the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+          "type": "boolean"
+        },
+        "endpointAuthorization": {
+          "description": "The OAuth authorization endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "type": "string"
+        },
+        "endpointDiscovery": {
+          "description": "The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "type": "string"
+        },
+        "endpointDiscoveryRefreshInterval": {
+          "description": "The number of seconds between discovery endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "endpointIntrospection": {
+          "description": "The OAuth introspection endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "type": "string"
+        },
+        "endpointIntrospectionTimeout": {
+          "description": "The maximum time in seconds a token introspection request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "endpointJwks": {
+          "description": "The OAuth JWKS endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "type": "string"
+        },
+        "endpointJwksRefreshInterval": {
+          "description": "The number of seconds between JWKS endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "endpointToken": {
+          "description": "The OAuth token endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "type": "string"
+        },
+        "endpointTokenTimeout": {
+          "description": "The maximum time in seconds a token request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "endpointUserinfo": {
+          "description": "The OpenID Connect Userinfo endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "type": "string"
+        },
+        "endpointUserinfoTimeout": {
+          "description": "The maximum time in seconds a userinfo request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "interactiveEnabled": {
+          "description": "Enable or disable interactive logins via this OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+          "type": "boolean"
+        },
+        "interactivePromptForExpiredSession": {
+          "description": "The value of the prompt parameter provided to the OAuth authorization server for login requests where the session has expired. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "type": "string"
+        },
+        "interactivePromptForNewSession": {
+          "description": "The value of the prompt parameter provided to the OAuth authorization server for login requests where the session is new or the user has explicitly logged out. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"select_account\"`.",
+          "type": "string"
+        },
+        "issuer": {
+          "description": "The Issuer Identifier for the OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "type": "string"
+        },
+        "oauthProfileName": {
+          "description": "The name of the OAuth profile.",
+          "type": "string"
+        },
+        "oauthRole": {
+          "description": "The OAuth role of the broker. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"client\"`. The allowed values and their meaning are:\n\n<pre>\n\"client\" - The broker is in the OAuth client role.\n\"resource-server\" - The broker is in the OAuth resource server role.\n</pre>\n",
+          "enum": [
+            "client",
+            "resource-server"
+          ],
+          "type": "string"
+        },
+        "resourceServerParseAccessTokenEnabled": {
+          "description": "Enable or disable parsing of the access token as a JWT. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+          "type": "boolean"
+        },
+        "resourceServerRequiredAudience": {
+          "description": "The required audience value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "type": "string"
+        },
+        "resourceServerRequiredIssuer": {
+          "description": "The required issuer value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "type": "string"
+        },
+        "resourceServerRequiredScope": {
+          "description": "A space-separated list of scopes that must be present in the scope claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "type": "string"
+        },
+        "resourceServerRequiredType": {
+          "description": "The required TYP value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"at+jwt\"`.",
+          "type": "string"
+        },
+        "resourceServerValidateAudienceEnabled": {
+          "description": "Enable or disable verification of the audience claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+          "type": "boolean"
+        },
+        "resourceServerValidateIssuerEnabled": {
+          "description": "Enable or disable verification of the issuer claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+          "type": "boolean"
+        },
+        "resourceServerValidateScopeEnabled": {
+          "description": "Enable or disable verification of the scope claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+          "type": "boolean"
+        },
+        "resourceServerValidateTypeEnabled": {
+          "description": "Enable or disable verification of the TYP field in the access token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+          "type": "boolean"
+        },
+        "sempEnabled": {
+          "description": "Enable or disable authentication of SEMP requests with OAuth tokens. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+          "type": "boolean"
+        },
+        "usernameClaimName": {
+          "description": "The name of the username claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"sub\"`.",
+          "type": "string"
         }
       },
-      "required": [
-        "meta"
-      ],
       "type": "object"
     },
-    "OauthProfileClientRequiredClaimsResponse": {
+    "OauthProfileAccessLevelGroup": {
       "properties": {
-        "data": {
-          "items": {
-            "$ref": "#/definitions/OauthProfileClientRequiredClaim"
-          },
-          "type": "array"
+        "description": {
+          "description": "A description for the group. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "type": "string"
         },
-        "links": {
-          "items": {
-            "$ref": "#/definitions/OauthProfileClientRequiredClaimLinks"
-          },
-          "type": "array"
+        "globalAccessLevel": {
+          "description": "The global access level for this group. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to global data.\n\"read-only\" - User has read-only access to global data.\n\"read-write\" - User has read-write access to most global data.\n\"admin\" - User has read-write access to all global data.\n</pre>\n",
+          "enum": [
+            "none",
+            "read-only",
+            "read-write",
+            "admin"
+          ],
+          "type": "string"
         },
-        "meta": {
-          "$ref": "#/definitions/SempMeta"
+        "groupName": {
+          "description": "The name of the group.",
+          "type": "string"
+        },
+        "msgVpnAccessLevel": {
+          "description": "The default message VPN access level for this group. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to a Message VPN.\n\"read-only\" - User has read-only access to a Message VPN.\n\"read-write\" - User has read-write access to most Message VPN settings.\n</pre>\n",
+          "enum": [
+            "none",
+            "read-only",
+            "read-write"
+          ],
+          "type": "string"
+        },
+        "oauthProfileName": {
+          "description": "The name of the OAuth profile.",
+          "type": "string"
         }
       },
-      "required": [
-        "meta"
-      ],
       "type": "object"
     },
-    "OauthProfileDefaultMsgVpnAccessLevelException": {
+    "OauthProfileAccessLevelGroupLinks": {
+      "properties": {
+        "msgVpnAccessLevelExceptionsUri": {
+          "description": "The URI of this Group Access Level's collection of Message VPN Access-Level Exception objects.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Group Access Level object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "OauthProfileAccessLevelGroupMsgVpnAccessLevelException": {
       "properties": {
         "accessLevel": {
           "description": "The message VPN access level. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to a Message VPN.\n\"read-only\" - User has read-only access to a Message VPN.\n\"read-write\" - User has read-write access to most Message VPN settings.\n</pre>\n",
@@ -7630,6 +8591,10 @@
           ],
           "type": "string"
         },
+        "groupName": {
+          "description": "The name of the group.",
+          "type": "string"
+        },
         "msgVpnName": {
           "description": "The name of the message VPN.",
           "type": "string"
@@ -7641,7 +8606,7 @@
       },
       "type": "object"
     },
-    "OauthProfileDefaultMsgVpnAccessLevelExceptionLinks": {
+    "OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionLinks": {
       "properties": {
         "uri": {
           "description": "The URI of this Message VPN Access-Level Exception object.",
@@ -7650,13 +8615,13 @@
       },
       "type": "object"
     },
-    "OauthProfileDefaultMsgVpnAccessLevelExceptionResponse": {
+    "OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionResponse": {
       "properties": {
         "data": {
-          "$ref": "#/definitions/OauthProfileDefaultMsgVpnAccessLevelException"
+          "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelException"
         },
         "links": {
-          "$ref": "#/definitions/OauthProfileDefaultMsgVpnAccessLevelExceptionLinks"
+          "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionLinks"
         },
         "meta": {
           "$ref": "#/definitions/SempMeta"
@@ -7667,17 +8632,17 @@
       ],
       "type": "object"
     },
-    "OauthProfileDefaultMsgVpnAccessLevelExceptionsResponse": {
+    "OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionsResponse": {
       "properties": {
         "data": {
           "items": {
-            "$ref": "#/definitions/OauthProfileDefaultMsgVpnAccessLevelException"
+            "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelException"
           },
           "type": "array"
         },
         "links": {
           "items": {
-            "$ref": "#/definitions/OauthProfileDefaultMsgVpnAccessLevelExceptionLinks"
+            "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionLinks"
           },
           "type": "array"
         },
@@ -7690,72 +8655,75 @@
       ],
       "type": "object"
     },
-    "OauthProfileLinks": {
+    "OauthProfileAccessLevelGroupResponse": {
       "properties": {
-        "accessLevelGroupsUri": {
-          "description": "The URI of this OAuth Profile's collection of Group Access Level objects.",
-          "type": "string"
+        "data": {
+          "$ref": "#/definitions/OauthProfileAccessLevelGroup"
         },
-        "clientAllowedHostsUri": {
-          "description": "The URI of this OAuth Profile's collection of Allowed Host Value objects.",
-          "type": "string"
+        "links": {
+          "$ref": "#/definitions/OauthProfileAccessLevelGroupLinks"
         },
-        "clientAuthorizationParametersUri": {
-          "description": "The URI of this OAuth Profile's collection of Authorization Parameter objects.",
-          "type": "string"
-        },
-        "clientRequiredClaimsUri": {
-          "description": "The URI of this OAuth Profile's collection of Required Claim objects.",
-          "type": "string"
-        },
-        "defaultMsgVpnAccessLevelExceptionsUri": {
-          "description": "The URI of this OAuth Profile's collection of Message VPN Access-Level Exception objects.",
-          "type": "string"
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfileAccessLevelGroupsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileAccessLevelGroup"
+          },
+          "type": "array"
         },
-        "resourceServerRequiredClaimsUri": {
-          "description": "The URI of this OAuth Profile's collection of Required Claim objects.",
-          "type": "string"
+        "links": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileAccessLevelGroupLinks"
+          },
+          "type": "array"
         },
-        "uri": {
-          "description": "The URI of this OAuth Profile object.",
-          "type": "string"
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
         }
       },
+      "required": [
+        "meta"
+      ],
       "type": "object"
     },
-    "OauthProfileResourceServerRequiredClaim": {
+    "OauthProfileClientAllowedHost": {
       "properties": {
-        "oauthProfileName": {
-          "description": "The name of the OAuth profile.",
-          "type": "string"
-        },
-        "resourceServerRequiredClaimName": {
-          "description": "The name of the access token claim to verify.",
+        "allowedHost": {
+          "description": "An allowed value for the Host header.",
           "type": "string"
         },
-        "resourceServerRequiredClaimValue": {
-          "description": "The required claim value, which must be a string containing a valid JSON value.",
+        "oauthProfileName": {
+          "description": "The name of the OAuth profile.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "OauthProfileResourceServerRequiredClaimLinks": {
+    "OauthProfileClientAllowedHostLinks": {
       "properties": {
         "uri": {
-          "description": "The URI of this Required Claim object.",
+          "description": "The URI of this Allowed Host Value object.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "OauthProfileResourceServerRequiredClaimResponse": {
+    "OauthProfileClientAllowedHostResponse": {
       "properties": {
         "data": {
-          "$ref": "#/definitions/OauthProfileResourceServerRequiredClaim"
+          "$ref": "#/definitions/OauthProfileClientAllowedHost"
         },
         "links": {
-          "$ref": "#/definitions/OauthProfileResourceServerRequiredClaimLinks"
+          "$ref": "#/definitions/OauthProfileClientAllowedHostLinks"
         },
         "meta": {
           "$ref": "#/definitions/SempMeta"
@@ -7766,17 +8734,17 @@
       ],
       "type": "object"
     },
-    "OauthProfileResourceServerRequiredClaimsResponse": {
+    "OauthProfileClientAllowedHostsResponse": {
       "properties": {
         "data": {
           "items": {
-            "$ref": "#/definitions/OauthProfileResourceServerRequiredClaim"
+            "$ref": "#/definitions/OauthProfileClientAllowedHost"
           },
           "type": "array"
         },
         "links": {
           "items": {
-            "$ref": "#/definitions/OauthProfileResourceServerRequiredClaimLinks"
+            "$ref": "#/definitions/OauthProfileClientAllowedHostLinks"
           },
           "type": "array"
         },
@@ -7789,13 +8757,39 @@
       ],
       "type": "object"
     },
-    "OauthProfileResponse": {
+    "OauthProfileClientAuthorizationParameter": {
+      "properties": {
+        "authorizationParameterName": {
+          "description": "The name of the authorization parameter.",
+          "type": "string"
+        },
+        "authorizationParameterValue": {
+          "description": "The authorization parameter value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "type": "string"
+        },
+        "oauthProfileName": {
+          "description": "The name of the OAuth profile.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "OauthProfileClientAuthorizationParameterLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Authorization Parameter object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "OauthProfileClientAuthorizationParameterResponse": {
       "properties": {
         "data": {
-          "$ref": "#/definitions/OauthProfile"
+          "$ref": "#/definitions/OauthProfileClientAuthorizationParameter"
         },
         "links": {
-          "$ref": "#/definitions/OauthProfileLinks"
+          "$ref": "#/definitions/OauthProfileClientAuthorizationParameterLinks"
         },
         "meta": {
           "$ref": "#/definitions/SempMeta"
@@ -7806,17 +8800,17 @@
       ],
       "type": "object"
     },
-    "OauthProfilesResponse": {
+    "OauthProfileClientAuthorizationParametersResponse": {
       "properties": {
         "data": {
           "items": {
-            "$ref": "#/definitions/OauthProfile"
+            "$ref": "#/definitions/OauthProfileClientAuthorizationParameter"
           },
           "type": "array"
         },
         "links": {
           "items": {
-            "$ref": "#/definitions/OauthProfileLinks"
+            "$ref": "#/definitions/OauthProfileClientAuthorizationParameterLinks"
           },
           "type": "array"
         },
@@ -7829,59 +8823,40 @@
       ],
       "type": "object"
     },
-    "SempError": {
+    "OauthProfileClientRequiredClaim": {
       "properties": {
-        "code": {
-          "description": "The error code which uniquely identifies the error that has occurred.",
-          "format": "int32",
-          "type": "integer"
+        "clientRequiredClaimName": {
+          "description": "The name of the ID token claim to verify.",
+          "type": "string"
         },
-        "description": {
-          "description": "The verbose description of the problem.",
+        "clientRequiredClaimValue": {
+          "description": "The required claim value, which must be a string containing a valid JSON value.",
           "type": "string"
         },
-        "status": {
-          "description": "The terse status string associated with `code`.",
+        "oauthProfileName": {
+          "description": "The name of the OAuth profile.",
           "type": "string"
         }
       },
-      "required": [
-        "code",
-        "status",
-        "description"
-      ],
       "type": "object"
     },
-    "SempMeta": {
+    "OauthProfileClientRequiredClaimLinks": {
       "properties": {
-        "count": {
-          "description": "The total number of objects requested, irrespective of page size. This may be a count of all objects in a collection or a filtered subset. It represents a snapshot in time and may change when paging through results.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "error": {
-          "$ref": "#/definitions/SempError"
-        },
-        "paging": {
-          "$ref": "#/definitions/SempPaging"
-        },
-        "request": {
-          "$ref": "#/definitions/SempRequest"
-        },
-        "responseCode": {
-          "description": "The HTTP response code, one of 200 (success), 4xx (client error), or 5xx (server error).",
-          "format": "int32",
-          "type": "integer"
+        "uri": {
+          "description": "The URI of this Required Claim object.",
+          "type": "string"
         }
       },
-      "required": [
-        "request",
-        "responseCode"
-      ],
       "type": "object"
     },
-    "SempMetaOnlyResponse": {
+    "OauthProfileClientRequiredClaimResponse": {
       "properties": {
+        "data": {
+          "$ref": "#/definitions/OauthProfileClientRequiredClaim"
+        },
+        "links": {
+          "$ref": "#/definitions/OauthProfileClientRequiredClaimLinks"
+        },
         "meta": {
           "$ref": "#/definitions/SempMeta"
         }
@@ -7891,69 +8866,67 @@
       ],
       "type": "object"
     },
-    "SempPaging": {
+    "OauthProfileClientRequiredClaimsResponse": {
       "properties": {
-        "cursorQuery": {
-          "description": "The cursor, or position, for the next page of objects. Use this as the `cursor` query parameter of the next request.",
-          "type": "string"
+        "data": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileClientRequiredClaim"
+          },
+          "type": "array"
         },
-        "nextPageUri": {
-          "description": "The URI of the next page of objects. `cursorQuery` is already embedded within this URI.",
-          "type": "string"
+        "links": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileClientRequiredClaimLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
         }
       },
       "required": [
-        "cursorQuery",
-        "nextPageUri"
+        "meta"
       ],
       "type": "object"
     },
-    "SempRequest": {
+    "OauthProfileDefaultMsgVpnAccessLevelException": {
       "properties": {
-        "method": {
-          "description": "The HTTP method of the request which resulted in this response.",
+        "accessLevel": {
+          "description": "The message VPN access level. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to a Message VPN.\n\"read-only\" - User has read-only access to a Message VPN.\n\"read-write\" - User has read-write access to most Message VPN settings.\n</pre>\n",
+          "enum": [
+            "none",
+            "read-only",
+            "read-write"
+          ],
           "type": "string"
         },
-        "uri": {
-          "description": "The URI of the request which resulted in this response.",
-          "type": "string"
-        }
-      },
-      "required": [
-        "uri",
-        "method"
-      ],
-      "type": "object"
-    },
-    "SystemInformation": {
-      "properties": {
-        "platform": {
-          "description": "The platform running the SEMP API. Deprecated since 2.2. /systemInformation was replaced by /about/api.",
+        "msgVpnName": {
+          "description": "The name of the message VPN.",
           "type": "string"
         },
-        "sempVersion": {
-          "description": "The version of the SEMP API. Deprecated since 2.2. /systemInformation was replaced by /about/api.",
+        "oauthProfileName": {
+          "description": "The name of the OAuth profile.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "SystemInformationLinks": {
+    "OauthProfileDefaultMsgVpnAccessLevelExceptionLinks": {
       "properties": {
         "uri": {
-          "description": "The URI of this System Information object.",
+          "description": "The URI of this Message VPN Access-Level Exception object.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "SystemInformationResponse": {
+    "OauthProfileDefaultMsgVpnAccessLevelExceptionResponse": {
       "properties": {
         "data": {
-          "$ref": "#/definitions/SystemInformation"
+          "$ref": "#/definitions/OauthProfileDefaultMsgVpnAccessLevelException"
         },
         "links": {
-          "$ref": "#/definitions/SystemInformationLinks"
+          "$ref": "#/definitions/OauthProfileDefaultMsgVpnAccessLevelExceptionLinks"
         },
         "meta": {
           "$ref": "#/definitions/SempMeta"
@@ -7964,39 +8937,158 @@
       ],
       "type": "object"
     },
-    "VirtualHostname": {
+    "OauthProfileDefaultMsgVpnAccessLevelExceptionsResponse": {
       "properties": {
-        "enabled": {
-          "description": "Enable or disable Virtual Hostname to Message VPN mapping. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
-          "type": "boolean"
+        "data": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileDefaultMsgVpnAccessLevelException"
+          },
+          "type": "array"
         },
-        "msgVpnName": {
-          "description": "The message VPN to which this virtual hostname is mapped. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
-          "type": "string"
+        "links": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileDefaultMsgVpnAccessLevelExceptionLinks"
+          },
+          "type": "array"
         },
-        "virtualHostname": {
-          "description": "The virtual hostname.",
-          "type": "string"
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
         }
       },
-      "type": "object"
-    },
-    "VirtualHostnameLinks": {
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfileLinks": {
       "properties": {
+        "accessLevelGroupsUri": {
+          "description": "The URI of this OAuth Profile's collection of Group Access Level objects.",
+          "type": "string"
+        },
+        "clientAllowedHostsUri": {
+          "description": "The URI of this OAuth Profile's collection of Allowed Host Value objects.",
+          "type": "string"
+        },
+        "clientAuthorizationParametersUri": {
+          "description": "The URI of this OAuth Profile's collection of Authorization Parameter objects.",
+          "type": "string"
+        },
+        "clientRequiredClaimsUri": {
+          "description": "The URI of this OAuth Profile's collection of Required Claim objects.",
+          "type": "string"
+        },
+        "defaultMsgVpnAccessLevelExceptionsUri": {
+          "description": "The URI of this OAuth Profile's collection of Message VPN Access-Level Exception objects.",
+          "type": "string"
+        },
+        "resourceServerRequiredClaimsUri": {
+          "description": "The URI of this OAuth Profile's collection of Required Claim objects.",
+          "type": "string"
+        },
         "uri": {
-          "description": "The URI of this Virtual Hostname object.",
+          "description": "The URI of this OAuth Profile object.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "VirtualHostnameResponse": {
+    "OauthProfileResourceServerRequiredClaim": {
+      "properties": {
+        "oauthProfileName": {
+          "description": "The name of the OAuth profile.",
+          "type": "string"
+        },
+        "resourceServerRequiredClaimName": {
+          "description": "The name of the access token claim to verify.",
+          "type": "string"
+        },
+        "resourceServerRequiredClaimValue": {
+          "description": "The required claim value, which must be a string containing a valid JSON value.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "OauthProfileResourceServerRequiredClaimLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Required Claim object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "OauthProfileResourceServerRequiredClaimResponse": {
       "properties": {
         "data": {
-          "$ref": "#/definitions/VirtualHostname"
+          "$ref": "#/definitions/OauthProfileResourceServerRequiredClaim"
         },
         "links": {
-          "$ref": "#/definitions/VirtualHostnameLinks"
+          "$ref": "#/definitions/OauthProfileResourceServerRequiredClaimLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfileResourceServerRequiredClaimsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileResourceServerRequiredClaim"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileResourceServerRequiredClaimLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfileResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/OauthProfile"
+        },
+        "links": {
+          "$ref": "#/definitions/OauthProfileLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfilesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/OauthProfile"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileLinks"
+          },
+          "type": "array"
         },
         "meta": {
           "$ref": "#/definitions/SempMeta"
@@ -8007,94 +9099,4068 @@
       ],
       "type": "object"
     },
-    "VirtualHostnamesResponse": {
-      "properties": {
-        "data": {
-          "items": {
-            "$ref": "#/definitions/VirtualHostname"
+    "SempError": {
+      "properties": {
+        "code": {
+          "description": "The error code which uniquely identifies the error that has occurred.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "description": {
+          "description": "The verbose description of the problem.",
+          "type": "string"
+        },
+        "status": {
+          "description": "The terse status string associated with `code`.",
+          "type": "string"
+        }
+      },
+      "required": [
+        "code",
+        "status",
+        "description"
+      ],
+      "type": "object"
+    },
+    "SempMeta": {
+      "properties": {
+        "count": {
+          "description": "The total number of objects requested, irrespective of page size. This may be a count of all objects in a collection or a filtered subset. It represents a snapshot in time and may change when paging through results.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "error": {
+          "$ref": "#/definitions/SempError"
+        },
+        "paging": {
+          "$ref": "#/definitions/SempPaging"
+        },
+        "request": {
+          "$ref": "#/definitions/SempRequest"
+        },
+        "responseCode": {
+          "description": "The HTTP response code, one of 200 (success), 4xx (client error), or 5xx (server error).",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "required": [
+        "request",
+        "responseCode"
+      ],
+      "type": "object"
+    },
+    "SempMetaOnlyResponse": {
+      "properties": {
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "SempPaging": {
+      "properties": {
+        "cursorQuery": {
+          "description": "The cursor, or position, for the next page of objects. Use this as the `cursor` query parameter of the next request.",
+          "type": "string"
+        },
+        "nextPageUri": {
+          "description": "The URI of the next page of objects. `cursorQuery` is already embedded within this URI.",
+          "type": "string"
+        }
+      },
+      "required": [
+        "cursorQuery",
+        "nextPageUri"
+      ],
+      "type": "object"
+    },
+    "SempRequest": {
+      "properties": {
+        "method": {
+          "description": "The HTTP method of the request which resulted in this response.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of the request which resulted in this response.",
+          "type": "string"
+        }
+      },
+      "required": [
+        "method"
+      ],
+      "type": "object"
+    },
+    "SystemInformation": {
+      "properties": {
+        "platform": {
+          "description": "The platform running the SEMP API. Deprecated since 2.2. /systemInformation was replaced by /about/api.",
+          "type": "string"
+        },
+        "sempVersion": {
+          "description": "The version of the SEMP API. Deprecated since 2.2. /systemInformation was replaced by /about/api.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "SystemInformationLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this System Information object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "SystemInformationResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/SystemInformation"
+        },
+        "links": {
+          "$ref": "#/definitions/SystemInformationLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "VirtualHostname": {
+      "properties": {
+        "enabled": {
+          "description": "Enable or disable Virtual Hostname to Message VPN mapping. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+          "type": "boolean"
+        },
+        "msgVpnName": {
+          "description": "The message VPN to which this virtual hostname is mapped. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "type": "string"
+        },
+        "virtualHostname": {
+          "description": "The virtual hostname.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "VirtualHostnameLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Virtual Hostname object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "VirtualHostnameResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/VirtualHostname"
+        },
+        "links": {
+          "$ref": "#/definitions/VirtualHostnameLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "VirtualHostnamesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/VirtualHostname"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/VirtualHostnameLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    }
+  },
+  "host": "www.solace.com",
+  "info": {
+    "contact": {
+      "email": "support@solace.com",
+      "name": "Solace",
+      "url": "http://www.solace.com"
+    },
+    "description": "SEMP (starting in `v2`, see note 1) is a RESTful API for configuring, monitoring, and administering a Solace PubSub+ broker.\n\nSEMP uses URIs to address manageable **resources** of the Solace PubSub+ broker. Resources are individual **objects**, **collections** of objects, or (exclusively in the action API) **actions**. This document applies to the following API:\n\n\nAPI|Base Path|Purpose|Comments\n:---|:---|:---|:---\nConfiguration|/SEMP/v2/config|Reading and writing config state|See note 2\n\n\n\nThe following APIs are also available:\n\n\nAPI|Base Path|Purpose|Comments\n:---|:---|:---|:---\nAction|/SEMP/v2/action|Performing actions|See note 2\nMonitoring|/SEMP/v2/monitor|Querying operational parameters|See note 2\n\n\n\nResources are always nouns, with individual objects being singular and collections being plural.\n\nObjects within a collection are identified by an `obj-id`, which follows the collection name with the form `collection-name/obj-id`.\n\nActions within an object are identified by an `action-id`, which follows the object name with the form `obj-id/action-id`.\n\nSome examples:\n\n```\n/SEMP/v2/config/msgVpns                        ; MsgVpn collection\n/SEMP/v2/config/msgVpns/a                      ; MsgVpn object named \"a\"\n/SEMP/v2/config/msgVpns/a/queues               ; Queue collection in MsgVpn \"a\"\n/SEMP/v2/config/msgVpns/a/queues/b             ; Queue object named \"b\" in MsgVpn \"a\"\n/SEMP/v2/action/msgVpns/a/queues/b/startReplay ; Action that starts a replay on Queue \"b\" in MsgVpn \"a\"\n/SEMP/v2/monitor/msgVpns/a/clients             ; Client collection in MsgVpn \"a\"\n/SEMP/v2/monitor/msgVpns/a/clients/c           ; Client object named \"c\" in MsgVpn \"a\"\n```\n\n## Collection Resources\n\nCollections are unordered lists of objects (unless described as otherwise), and are described by JSON arrays. Each item in the array represents an object in the same manner as the individual object would normally be represented. In the configuration API, the creation of a new object is done through its collection resource.\n\n## Object and Action Resources\n\nObjects are composed of attributes, actions, collections, and other objects. They are described by JSON objects as name/value pairs. The collections and actions of an object are not contained directly in the object's JSON content; rather the content includes an attribute containing a URI which points to the collections and actions. These contained resources must be managed through this URI. At a minimum, every object has one or more identifying attributes, and its own `uri` attribute which contains the URI pointing to itself.\n\nActions are also composed of attributes, and are described by JSON objects as name/value pairs. Unlike objects, however, they are not members of a collection and cannot be retrieved, only performed. Actions only exist in the action API.\n\nAttributes in an object or action may have any combination of the following properties:\n\n\nProperty|Meaning|Comments\n:---|:---|:---\nIdentifying|Attribute is involved in unique identification of the object, and appears in its URI|\nConst|Attribute value can only be chosen during object creation|\nRequired|Attribute must be provided in the request|\nRead-Only|Attribute can only be read, not written.|See note 3\nWrite-Only|Attribute can only be written, not read, unless the attribute is also opaque|See the documentation for the opaque property\nRequires-Disable|Attribute cannot be changed while the object (or the relevant part of the object) is administratively enabled|\nAuto-Disable|Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as one or more attributes will be temporarily disabled to apply the change|\nDeprecated|Attribute is deprecated, and will disappear in the next SEMP version|\nOpaque|Attribute can be set or retrieved in opaque form when the `opaquePassword` query parameter is present|See the `opaquePassword` query parameter documentation\n\n\n\nIn some requests, certain attributes may only be provided in certain combinations with other attributes:\n\n\nRelationship|Meaning\n:---|:---\nRequires|Attribute may only be changed by a request if a particular attribute or combination of attributes is also provided in the request\nConflicts|Attribute may only be provided in a request if a particular attribute or combination of attributes is not also provided in the request\n\n\n\nIn the monitoring API, any non-identifying attribute may not be returned in a GET.\n\n## HTTP Methods\n\nThe following HTTP methods manipulate resources in accordance with these general principles. Note that some methods are only used in certain APIs:\n\n\nMethod|Resource|Meaning|Request Body|Response Body|Notes\n:---|:---|:---|:---|:---|:---\nPOST|Collection|Create object|Initial attribute values|Object attributes and metadata|Absent attributes are set to default. If object already exists, a 400 error is returned\nPUT|Object|Update object|New attribute values|Object attributes and metadata|If does not exist, the object is first created. Absent attributes are set to default, with certain exceptions (see note 4)\nPUT|Action|Performs action|Action arguments|Action metadata|\nPATCH|Object|Update object|New attribute values|Object attributes and metadata|Absent attributes are left unchanged. If the object does not exist, a 404 error is returned\nDELETE|Object|Delete object|Empty|Object metadata|If the object does not exist, a 404 is returned\nGET|Object|Get object|Empty|Object attributes and metadata|If the object does not exist, a 404 is returned\nGET|Collection|Get collection|Empty|Object attributes and collection metadata|If the collection is empty, then an empty collection is returned with a 200 code\n\n\n\n## Common Query Parameters\n\nThe following are some common query parameters that are supported by many method/URI combinations. Individual URIs may document additional parameters. Note that multiple query parameters can be used together in a single URI, separated by the ampersand character. For example:\n\n```\n; Request for the MsgVpns collection using two hypothetical query parameters\n; \"q1\" and \"q2\" with values \"val1\" and \"val2\" respectively\n/SEMP/v2/config/msgVpns?q1=val1&q2=val2\n```\n\n### select\n\nInclude in the response only selected attributes of the object, or exclude from the response selected attributes of the object. Use this query parameter to limit the size of the returned data for each returned object, return only those fields that are desired, or exclude fields that are not desired.\n\nThe value of `select` is a comma-separated list of attribute names. If the list contains attribute names that are not prefaced by `-`, only those attributes are included in the response. If the list contains attribute names that are prefaced by `-`, those attributes are excluded from the response. If the list contains both types, then the difference of the first set of attributes and the second set of attributes is returned. If the list is empty (i.e. `select=`), it is treated the same as if no `select` was provided: all attribute are returned.\n\nAll attributes that are prefaced by `-` must follow all attributes that are not prefaced by `-`. In addition, each attribute name in the list must match at least one attribute in the object.\n\nNames may include the `*` wildcard (zero or more characters). Nested attribute names are supported using periods (e.g. `parentName.childName`).\n\nSome examples:\n\n```\n; List of all MsgVpn names\n/SEMP/v2/config/msgVpns?select=msgVpnName\n; List of all MsgVpn and their attributes except for their names\n/SEMP/v2/config/msgVpns?select=-msgVpnName\n; Authentication attributes of MsgVpn \"finance\"\n/SEMP/v2/config/msgVpns/finance?select=authentication%2A\n; All attributes of MsgVpn \"finance\" except for authentication attributes\n/SEMP/v2/config/msgVpns/finance?select=-authentication%2A\n; Access related attributes of Queue \"orderQ\" of MsgVpn \"finance\"\n/SEMP/v2/config/msgVpns/finance/queues/orderQ?select=owner,permission\n```\n\n### where\n\nInclude in the response only objects where certain conditions are true. Use this query parameter to limit which objects are returned to those whose attribute values meet the given conditions.\n\nThe value of `where` is a comma-separated list of expressions. All expressions must be true for the object to be included in the response. Each expression takes the form:\n\n```\nexpression  = attribute-name OP value\nOP          = '==' | '!=' | '<' | '>' | '<=' | '>='\n```\n\n`value` may be a number, string, `true`, or `false`, as appropriate for the type of `attribute-name`. Greater-than and less-than comparisons only work for numbers. A `*` in a string `value` is interpreted as a wildcard (zero or more characters). Some examples:\n\n```\n; Only enabled MsgVpns\n/SEMP/v2/config/msgVpns?where=enabled%3D%3Dtrue\n; Only MsgVpns using basic non-LDAP authentication\n/SEMP/v2/config/msgVpns?where=authenticationBasicEnabled%3D%3Dtrue,authenticationBasicType%21%3Dldap\n; Only MsgVpns that allow more than 100 client connections\n/SEMP/v2/config/msgVpns?where=maxConnectionCount%3E100\n; Only MsgVpns with msgVpnName starting with \"B\":\n/SEMP/v2/config/msgVpns?where=msgVpnName%3D%3DB%2A\n```\n\n### count\n\nLimit the count of objects in the response. This can be useful to limit the size of the response for large collections. The minimum value for `count` is `1` and the default is `10`. There is also a per-collection maximum value to limit request handling time.\n\n`count` does not guarantee that a minimum number of objects will be returned. A page may contain fewer than `count` objects or even be empty. Additional objects may nonetheless be available for retrieval on subsequent pages. See the `cursor` query parameter documentation for more information on paging.\n\nFor example:\n```\n; Up to 25 MsgVpns\n/SEMP/v2/config/msgVpns?count=25\n```\n\n### cursor\n\nThe cursor, or position, for the next page of objects. Cursors are opaque data that should not be created or interpreted by SEMP clients, and should only be used as described below.\n\nWhen a request is made for a collection and there may be additional objects available for retrieval that are not included in the initial response, the response will include a `cursorQuery` field containing a cursor. The value of this field can be specified in the `cursor` query parameter of a subsequent request to retrieve the next page of objects.\n\nApplications must continue to use the `cursorQuery` if one is provided in order to retrieve the full set of objects associated with the request, even if a page contains fewer than the requested number of objects (see the `count` query parameter documentation) or is empty.\n\n### opaquePassword\n\nAttributes with the opaque property are also write-only and so cannot normally be retrieved in a GET. However, when a password is provided in the `opaquePassword` query parameter, attributes with the opaque property are retrieved in a GET in opaque form, encrypted with this password. The query parameter can also be used on a POST, PATCH, or PUT to set opaque attributes using opaque attribute values retrieved in a GET, so long as:\n\n1. the same password that was used to retrieve the opaque attribute values is provided; and\n\n2. the broker to which the request is being sent has the same major and minor SEMP version as the broker that produced the opaque attribute values.\n\nThe password provided in the query parameter must be a minimum of 8 characters and a maximum of 128 characters.\n\nThe query parameter can only be used in the configuration API, and only over HTTPS.\n\n## Authentication\n\nWhen a client makes its first SEMPv2 request, it must supply a username and password using HTTP Basic authentication, or an OAuth token or tokens using HTTP Bearer authentication.\n\nWhen HTTP Basic authentication is used, the broker returns a cookie containing a session key. The client can omit the username and password from subsequent requests, because the broker can use the session cookie for authentication instead. When the session expires or is deleted, the client must provide the username and password again, and the broker creates a new session.\n\nThere are a limited number of session slots available on the broker. The broker returns 529 No SEMP Session Available if it is not able to allocate a session.\n\nIf certain attributes\u2014such as a user's password\u2014are changed, the broker automatically deletes the affected sessions. These attributes are documented below. However, changes in external user configuration data stored on a RADIUS or LDAP server do not trigger the broker to delete the associated session(s), therefore you must do this manually, if required.\n\nA client can retrieve its current session information using the /about/user endpoint and delete its own session using the /about/user/logout endpoint. A client with appropriate permissions can also manage all sessions using the /sessions endpoint.\n\nSessions are not created when authenticating with an OAuth token or tokens using HTTP Bearer authentication. If a session cookie is provided, it is ignored.\n\n## Help\n\nVisit [our website](https://solace.com) to learn more about Solace.\n\nYou can also download the SEMP API specifications by clicking [here](https://solace.com/downloads/).\n\nIf you need additional support, please contact us at [support@solace.com](mailto:support@solace.com).\n\n## Notes\n\nNote|Description\n:---:|:---\n1|This specification defines SEMP starting in \"v2\", and not the original SEMP \"v1\" interface. Request and response formats between \"v1\" and \"v2\" are entirely incompatible, although both protocols share a common port configuration on the Solace PubSub+ broker. They are differentiated by the initial portion of the URI path, one of either \"/SEMP/\" or \"/SEMP/v2/\"\n2|This API is partially implemented. Only a subset of all objects are available.\n3|Read-only attributes may appear in POST and PUT/PATCH requests. However, if a read-only attribute is not marked as identifying, it will be ignored during a PUT/PATCH.\n4|On a PUT, if the SEMP user is not authorized to modify the attribute, its value is left unchanged rather than set to default. In addition, the values of write-only attributes are not set to their defaults on a PUT, except in the following two cases: there is a mutual requires relationship with another non-write-only attribute, both attributes are absent from the request, and the non-write-only attribute is not currently set to its default value; or the attribute is also opaque and the `opaquePassword` query parameter is provided in the request.\n\n",
+    "title": "SEMP (Solace Element Management Protocol)",
+    "version": "2.34"
+  },
+  "parameters": {
+    "countQuery": {
+      "default": 10,
+      "description": "Limit the count of objects in the response. See the documentation for the `count` parameter.",
+      "in": "query",
+      "minimum": 1,
+      "name": "count",
+      "required": false,
+      "type": "integer"
+    },
+    "cursorQuery": {
+      "description": "The cursor, or position, for the next page of objects. See the documentation for the `cursor` parameter.",
+      "in": "query",
+      "name": "cursor",
+      "required": false,
+      "type": "string"
+    },
+    "opaquePasswordQuery": {
+      "description": "Accept opaque attributes in the request or return opaque attributes in the response, encrypted with the specified password. See the documentation for the `opaquePassword` parameter.",
+      "in": "query",
+      "name": "opaquePassword",
+      "required": false,
+      "type": "string"
+    },
+    "selectQuery": {
+      "collectionFormat": "csv",
+      "description": "Include in the response only selected attributes of the object, or exclude from the response selected attributes of the object. See the documentation for the `select` parameter.",
+      "in": "query",
+      "items": {
+        "type": "string"
+      },
+      "name": "select",
+      "required": false,
+      "type": "array"
+    },
+    "whereQuery": {
+      "collectionFormat": "csv",
+      "description": "Include in the response only objects where certain conditions are true. See the the documentation for the `where` parameter.",
+      "in": "query",
+      "items": {
+        "type": "string"
+      },
+      "name": "where",
+      "required": false,
+      "type": "array"
+    }
+  },
+  "paths": {
+    "/": {
+      "get": {
+        "description": "Get a Broker object.\n\nThis object contains global configuration for the message broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ntlsServerCertContent||x||x\ntlsServerCertPassword||x||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\nconfigSyncAuthenticationClientCertMaxChainDepth|global/read-only\nconfigSyncAuthenticationClientCertValidateDateEnabled|global/read-only\nconfigSyncClientProfileTcpInitialCongestionWindow|global/read-only\nconfigSyncClientProfileTcpKeepaliveCount|global/read-only\nconfigSyncClientProfileTcpKeepaliveIdle|global/read-only\nconfigSyncClientProfileTcpKeepaliveInterval|global/read-only\nconfigSyncClientProfileTcpMaxWindow|global/read-only\nconfigSyncClientProfileTcpMss|global/read-only\nconfigSyncEnabled|global/read-only\nconfigSyncSynchronizeUsernameEnabled|global/read-only\nconfigSyncTlsEnabled|global/read-only\nguaranteedMsgingDefragmentationScheduleDayList|global/read-only\nguaranteedMsgingDefragmentationScheduleEnabled|global/read-only\nguaranteedMsgingDefragmentationScheduleTimeList|global/read-only\nguaranteedMsgingDefragmentationThresholdEnabled|global/read-only\nguaranteedMsgingDefragmentationThresholdFragmentationPercentage|global/read-only\nguaranteedMsgingDefragmentationThresholdMinInterval|global/read-only\nguaranteedMsgingDefragmentationThresholdUsagePercentage|global/read-only\nguaranteedMsgingEnabled|global/read-only\nguaranteedMsgingEventCacheUsageThreshold.clearPercent|global/read-only\nguaranteedMsgingEventCacheUsageThreshold.clearValue|global/read-only\nguaranteedMsgingEventCacheUsageThreshold.setPercent|global/read-only\nguaranteedMsgingEventCacheUsageThreshold.setValue|global/read-only\nguaranteedMsgingEventDeliveredUnackedThreshold.clearPercent|global/read-only\nguaranteedMsgingEventDeliveredUnackedThreshold.setPercent|global/read-only\nguaranteedMsgingEventDiskUsageThreshold.clearPercent|global/read-only\nguaranteedMsgingEventDiskUsageThreshold.setPercent|global/read-only\nguaranteedMsgingEventEgressFlowCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventEgressFlowCountThreshold.clearValue|global/read-only\nguaranteedMsgingEventEgressFlowCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventEgressFlowCountThreshold.setValue|global/read-only\nguaranteedMsgingEventEndpointCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventEndpointCountThreshold.clearValue|global/read-only\nguaranteedMsgingEventEndpointCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventEndpointCountThreshold.setValue|global/read-only\nguaranteedMsgingEventIngressFlowCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventIngressFlowCountThreshold.clearValue|global/read-only\nguaranteedMsgingEventIngressFlowCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventIngressFlowCountThreshold.setValue|global/read-only\nguaranteedMsgingEventMsgCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventMsgCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventMsgSpoolFileCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventMsgSpoolFileCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventMsgSpoolUsageThreshold.clearPercent|global/read-only\nguaranteedMsgingEventMsgSpoolUsageThreshold.clearValue|global/read-only\nguaranteedMsgingEventMsgSpoolUsageThreshold.setPercent|global/read-only\nguaranteedMsgingEventMsgSpoolUsageThreshold.setValue|global/read-only\nguaranteedMsgingEventTransactedSessionCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventTransactedSessionCountThreshold.clearValue|global/read-only\nguaranteedMsgingEventTransactedSessionCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventTransactedSessionCountThreshold.setValue|global/read-only\nguaranteedMsgingEventTransactedSessionResourceCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventTransactedSessionResourceCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventTransactionCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventTransactionCountThreshold.clearValue|global/read-only\nguaranteedMsgingEventTransactionCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventTransactionCountThreshold.setValue|global/read-only\nguaranteedMsgingMaxCacheUsage|global/read-only\nguaranteedMsgingMaxMsgSpoolUsage|global/read-only\nguaranteedMsgingMsgSpoolSyncMirroredMsgAckTimeout|global/read-only\nguaranteedMsgingMsgSpoolSyncMirroredSpoolFileAckTimeout|global/read-only\nguaranteedMsgingTransactionReplicationCompatibilityMode|global/read-only\noauthProfileDefault|global/read-only\nserviceAmqpEnabled|global/read-only\nserviceAmqpTlsListenPort|global/read-only\nserviceEventConnectionCountThreshold.clearPercent|global/read-only\nserviceEventConnectionCountThreshold.clearValue|global/read-only\nserviceEventConnectionCountThreshold.setPercent|global/read-only\nserviceEventConnectionCountThreshold.setValue|global/read-only\nserviceHealthCheckEnabled|global/read-only\nserviceHealthCheckListenPort|global/read-only\nserviceHealthCheckTlsEnabled|global/read-only\nserviceHealthCheckTlsListenPort|global/read-only\nserviceMateLinkEnabled|global/read-only\nserviceMateLinkListenPort|global/read-only\nserviceMqttEnabled|global/read-only\nserviceMsgBackboneEnabled|global/read-only\nserviceRedundancyEnabled|global/read-only\nserviceRedundancyFirstListenPort|global/read-only\nserviceRestEventOutgoingConnectionCountThreshold.clearPercent|global/read-only\nserviceRestEventOutgoingConnectionCountThreshold.clearValue|global/read-only\nserviceRestEventOutgoingConnectionCountThreshold.setPercent|global/read-only\nserviceRestEventOutgoingConnectionCountThreshold.setValue|global/read-only\nserviceRestIncomingEnabled|global/read-only\nserviceRestOutgoingEnabled|global/read-only\nserviceSempCorsAllowAnyHostEnabled|global/read-only\nserviceSempLegacyTimeoutEnabled|global/read-only\nserviceSempPlainTextEnabled|global/read-only\nserviceSempPlainTextListenPort|global/read-only\nserviceSempSessionIdleTimeout|global/read-only\nserviceSempSessionMaxLifetime|global/read-only\nserviceSempTlsEnabled|global/read-only\nserviceSempTlsListenPort|global/read-only\nserviceSmfCompressionListenPort|global/read-only\nserviceSmfEnabled|global/read-only\nserviceSmfEventConnectionCountThreshold.clearPercent|global/read-only\nserviceSmfEventConnectionCountThreshold.clearValue|global/read-only\nserviceSmfEventConnectionCountThreshold.setPercent|global/read-only\nserviceSmfEventConnectionCountThreshold.setValue|global/read-only\nserviceSmfPlainTextListenPort|global/read-only\nserviceSmfRoutingControlListenPort|global/read-only\nserviceSmfTlsListenPort|global/read-only\nserviceTlsEventConnectionCountThreshold.clearPercent|global/read-only\nserviceTlsEventConnectionCountThreshold.clearValue|global/read-only\nserviceTlsEventConnectionCountThreshold.setPercent|global/read-only\nserviceTlsEventConnectionCountThreshold.setValue|global/read-only\nserviceWebTransportEnabled|global/read-only\nserviceWebTransportPlainTextListenPort|global/read-only\nserviceWebTransportTlsListenPort|global/read-only\nserviceWebTransportWebUrlSuffix|global/read-only\ntlsBlockVersion11Enabled|global/read-only\ntlsCipherSuiteManagementList|global/read-only\ntlsCipherSuiteMsgBackboneList|global/read-only\ntlsCipherSuiteSecureShellList|global/read-only\ntlsCrimeExploitProtectionEnabled|global/read-only\ntlsServerCertContent|global/read-only\ntlsStandardDomainCertificateAuthoritiesEnabled|vpn/read-only\ntlsTicketLifetime|global/read-only\nwebManagerAllowUnencryptedWizardsEnabled|vpn/read-only\nwebManagerCustomization|vpn/read-only\nwebManagerRedirectHttpEnabled|vpn/read-only\nwebManagerRedirectHttpOverrideTlsPort|vpn/read-only\n\n\n\nThis has been available since 2.13.",
+        "operationId": "getBroker",
+        "parameters": [
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Broker object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/BrokerResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Broker object.",
+        "tags": [
+          "all"
+        ]
+      },
+      "patch": {
+        "description": "Update a Broker object. Any attribute missing from the request will be left unchanged.\n\nThis object contains global configuration for the message broker.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nserviceAmqpTlsListenPort|||||x||\nserviceHealthCheckListenPort|||||x||\nserviceHealthCheckTlsListenPort|||||x||\nserviceMateLinkListenPort|||||x||\nserviceRedundancyFirstListenPort|||||x||\nserviceSempPlainTextListenPort||||x|||\nserviceSempTlsListenPort||||x|||\nserviceSmfCompressionListenPort|||||x||\nserviceSmfPlainTextListenPort|||||x||\nserviceSmfRoutingControlListenPort|||||x||\nserviceSmfTlsListenPort|||||x||\nserviceWebTransportPlainTextListenPort|||||x||\nserviceWebTransportTlsListenPort|||||x||\nserviceWebTransportWebUrlSuffix|||||x||\ntlsServerCertContent|||x||||x\ntlsServerCertPassword|||x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nBroker|tlsServerCertPassword|tlsServerCertContent|\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\nEventThresholdByPercent|clearPercent|setPercent|\nEventThresholdByPercent|setPercent|clearPercent|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\nauthClientCertRevocationCheckMode|global/admin\nconfigSyncAuthenticationClientCertMaxChainDepth|global/read-write\nconfigSyncAuthenticationClientCertValidateDateEnabled|global/read-write\nconfigSyncClientProfileTcpInitialCongestionWindow|global/read-write\nconfigSyncClientProfileTcpKeepaliveCount|global/read-write\nconfigSyncClientProfileTcpKeepaliveIdle|global/read-write\nconfigSyncClientProfileTcpKeepaliveInterval|global/read-write\nconfigSyncClientProfileTcpMaxWindow|global/read-write\nconfigSyncClientProfileTcpMss|global/read-write\nconfigSyncEnabled|global/read-write\nconfigSyncSynchronizeUsernameEnabled|global/read-write\nconfigSyncTlsEnabled|global/read-write\nguaranteedMsgingDefragmentationScheduleDayList|global/read-write\nguaranteedMsgingDefragmentationScheduleEnabled|global/read-write\nguaranteedMsgingDefragmentationScheduleTimeList|global/read-write\nguaranteedMsgingDefragmentationThresholdEnabled|global/read-write\nguaranteedMsgingDefragmentationThresholdFragmentationPercentage|global/read-write\nguaranteedMsgingDefragmentationThresholdMinInterval|global/read-write\nguaranteedMsgingDefragmentationThresholdUsagePercentage|global/read-write\nguaranteedMsgingEnabled|global/read-write\nguaranteedMsgingEventCacheUsageThreshold.clearPercent|global/read-write\nguaranteedMsgingEventCacheUsageThreshold.clearValue|global/read-write\nguaranteedMsgingEventCacheUsageThreshold.setPercent|global/read-write\nguaranteedMsgingEventCacheUsageThreshold.setValue|global/read-write\nguaranteedMsgingEventDeliveredUnackedThreshold.clearPercent|global/read-write\nguaranteedMsgingEventDeliveredUnackedThreshold.setPercent|global/read-write\nguaranteedMsgingEventDiskUsageThreshold.clearPercent|global/read-write\nguaranteedMsgingEventDiskUsageThreshold.setPercent|global/read-write\nguaranteedMsgingEventEgressFlowCountThreshold.clearPercent|global/read-write\nguaranteedMsgingEventEgressFlowCountThreshold.clearValue|global/read-write\nguaranteedMsgingEventEgressFlowCountThreshold.setPercent|global/read-write\nguaranteedMsgingEventEgressFlowCountThreshold.setValue|global/read-write\nguaranteedMsgingEventEndpointCountThreshold.clearPercent|global/read-write\nguaranteedMsgingEventEndpointCountThreshold.clearValue|global/read-write\nguaranteedMsgingEventEndpointCountThreshold.setPercent|global/read-write\nguaranteedMsgingEventEndpointCountThreshold.setValue|global/read-write\nguaranteedMsgingEventIngressFlowCountThreshold.clearPercent|global/read-write\nguaranteedMsgingEventIngressFlowCountThreshold.clearValue|global/read-write\nguaranteedMsgingEventIngressFlowCountThreshold.setPercent|global/read-write\nguaranteedMsgingEventIngressFlowCountThreshold.setValue|global/read-write\nguaranteedMsgingEventMsgCountThreshold.clearPercent|global/read-write\nguaranteedMsgingEventMsgCountThreshold.setPercent|global/read-write\nguaranteedMsgingEventMsgSpoolFileCountThreshold.clearPercent|global/read-write\nguaranteedMsgingEventMsgSpoolFileCountThreshold.setPercent|global/read-write\nguaranteedMsgingEventMsgSpoolUsageThreshold.clearPercent|global/read-write\nguaranteedMsgingEventMsgSpoolUsageThreshold.clearValue|global/read-write\nguaranteedMsgingEventMsgSpoolUsageThreshold.setPercent|global/read-write\nguaranteedMsgingEventMsgSpoolUsageThreshold.setValue|global/read-write\nguaranteedMsgingEventTransactedSessionCountThreshold.clearPercent|global/read-write\nguaranteedMsgingEventTransactedSessionCountThreshold.clearValue|global/read-write\nguaranteedMsgingEventTransactedSessionCountThreshold.setPercent|global/read-write\nguaranteedMsgingEventTransactedSessionCountThreshold.setValue|global/read-write\nguaranteedMsgingEventTransactedSessionResourceCountThreshold.clearPercent|global/read-write\nguaranteedMsgingEventTransactedSessionResourceCountThreshold.setPercent|global/read-write\nguaranteedMsgingEventTransactionCountThreshold.clearPercent|global/read-write\nguaranteedMsgingEventTransactionCountThreshold.clearValue|global/read-write\nguaranteedMsgingEventTransactionCountThreshold.setPercent|global/read-write\nguaranteedMsgingEventTransactionCountThreshold.setValue|global/read-write\nguaranteedMsgingMaxCacheUsage|global/read-write\nguaranteedMsgingMaxMsgSpoolUsage|global/read-write\nguaranteedMsgingMsgSpoolSyncMirroredMsgAckTimeout|global/read-write\nguaranteedMsgingMsgSpoolSyncMirroredSpoolFileAckTimeout|global/read-write\nguaranteedMsgingTransactionReplicationCompatibilityMode|global/read-write\noauthProfileDefault|global/admin\nserviceAmqpEnabled|global/read-write\nserviceAmqpTlsListenPort|global/read-write\nserviceEventConnectionCountThreshold.clearPercent|global/read-write\nserviceEventConnectionCountThreshold.clearValue|global/read-write\nserviceEventConnectionCountThreshold.setPercent|global/read-write\nserviceEventConnectionCountThreshold.setValue|global/read-write\nserviceHealthCheckEnabled|global/read-write\nserviceHealthCheckListenPort|global/read-write\nserviceHealthCheckTlsEnabled|global/read-write\nserviceHealthCheckTlsListenPort|global/read-write\nserviceMateLinkEnabled|global/read-write\nserviceMateLinkListenPort|global/read-write\nserviceMqttEnabled|global/read-write\nserviceMsgBackboneEnabled|global/read-write\nserviceRedundancyEnabled|global/read-write\nserviceRedundancyFirstListenPort|global/read-write\nserviceRestEventOutgoingConnectionCountThreshold.clearPercent|global/read-write\nserviceRestEventOutgoingConnectionCountThreshold.clearValue|global/read-write\nserviceRestEventOutgoingConnectionCountThreshold.setPercent|global/read-write\nserviceRestEventOutgoingConnectionCountThreshold.setValue|global/read-write\nserviceRestIncomingEnabled|global/read-write\nserviceRestOutgoingEnabled|global/read-write\nserviceSempCorsAllowAnyHostEnabled|global/read-write\nserviceSempLegacyTimeoutEnabled|global/read-write\nserviceSempPlainTextEnabled|global/read-write\nserviceSempPlainTextListenPort|global/read-write\nserviceSempSessionIdleTimeout|global/read-write\nserviceSempSessionMaxLifetime|global/read-write\nserviceSempTlsEnabled|global/read-write\nserviceSempTlsListenPort|global/read-write\nserviceSmfCompressionListenPort|global/read-write\nserviceSmfEnabled|global/read-write\nserviceSmfEventConnectionCountThreshold.clearPercent|global/read-write\nserviceSmfEventConnectionCountThreshold.clearValue|global/read-write\nserviceSmfEventConnectionCountThreshold.setPercent|global/read-write\nserviceSmfEventConnectionCountThreshold.setValue|global/read-write\nserviceSmfPlainTextListenPort|global/read-write\nserviceSmfRoutingControlListenPort|global/read-write\nserviceSmfTlsListenPort|global/read-write\nserviceTlsEventConnectionCountThreshold.clearPercent|global/read-write\nserviceTlsEventConnectionCountThreshold.clearValue|global/read-write\nserviceTlsEventConnectionCountThreshold.setPercent|global/read-write\nserviceTlsEventConnectionCountThreshold.setValue|global/read-write\nserviceWebTransportEnabled|global/read-write\nserviceWebTransportPlainTextListenPort|global/read-write\nserviceWebTransportTlsListenPort|global/read-write\nserviceWebTransportWebUrlSuffix|global/read-write\ntlsBlockVersion11Enabled|global/read-write\ntlsCipherSuiteManagementList|global/read-write\ntlsCipherSuiteMsgBackboneList|global/read-write\ntlsCipherSuiteSecureShellList|global/read-write\ntlsCrimeExploitProtectionEnabled|global/read-write\ntlsServerCertContent|global/read-write\ntlsServerCertPassword|global/read-write\ntlsStandardDomainCertificateAuthoritiesEnabled|global/read-write\ntlsTicketLifetime|global/read-write\nwebManagerAllowUnencryptedWizardsEnabled|global/read-write\nwebManagerCustomization|vpn/read-write\nwebManagerRedirectHttpEnabled|global/read-write\nwebManagerRedirectHttpOverrideTlsPort|global/read-write\n\n\n\nThis has been available since 2.13.",
+        "operationId": "updateBroker",
+        "parameters": [
+          {
+            "description": "The Broker object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/Broker"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Broker object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/BrokerResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Broker object.",
+        "tags": [
+          "all"
+        ]
+      }
+    },
+    "/about": {
+      "get": {
+        "description": "Get an About object.\n\nThis provides metadata about the SEMP API, such as the version of the API supported by the broker.\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.13.",
+        "operationId": "getAbout",
+        "parameters": [
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The About object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/AboutResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get an About object.",
+        "tags": [
+          "all",
+          "about"
+        ]
+      }
+    },
+    "/about/api": {
+      "get": {
+        "description": "Get an API Description object.\n\nThe API Description object provides metadata about the SEMP API.\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "getAboutApi",
+        "parameters": [
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The API Description object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/AboutApiResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get an API Description object.",
+        "tags": [
+          "all",
+          "about"
+        ]
+      }
+    },
+    "/about/user": {
+      "get": {
+        "description": "Get a User object.\n\nSession and access level information about the user accessing the SEMP API.\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "getAboutUser",
+        "parameters": [
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The User object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/AboutUserResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a User object.",
+        "tags": [
+          "all",
+          "about"
+        ]
+      }
+    },
+    "/about/user/msgVpns": {
+      "get": {
+        "description": "Get a list of User Message VPN objects.\n\nThis provides information about the Message VPN access level for the username used to access the SEMP API.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "getAboutUserMsgVpns",
+        "parameters": [
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of User Message VPN objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/AboutUserMsgVpnsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of User Message VPN objects.",
+        "tags": [
+          "all",
+          "about"
+        ]
+      }
+    },
+    "/about/user/msgVpns/{msgVpnName}": {
+      "get": {
+        "description": "Get a User Message VPN object.\n\nThis provides information about the Message VPN access level for the username used to access the SEMP API.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "getAboutUserMsgVpn",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The User Message VPN object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/AboutUserMsgVpnResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a User Message VPN object.",
+        "tags": [
+          "all",
+          "about"
+        ]
+      }
+    },
+    "/certAuthorities": {
+      "get": {
+        "deprecated": true,
+        "description": "Get a list of Certificate Authority objects.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x||x|\ncertContent|||x|\ncrlDayList|||x|\ncrlTimeList|||x|\ncrlUrl|||x|\nocspNonResponderCertEnabled|||x|\nocspOverrideUrl|||x|\nocspTimeout|||x|\nrevocationCheckEnabled|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities and domainCertAuthorities.",
+        "operationId": "getCertAuthorities",
+        "parameters": [
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Certificate Authority objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/CertAuthoritiesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Certificate Authority objects.",
+        "tags": [
+          "all",
+          "certAuthority"
+        ]
+      },
+      "post": {
+        "deprecated": true,
+        "description": "Create a Certificate Authority object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x|x|||x|\ncertContent|||||x|\ncrlDayList|||||x|\ncrlTimeList|||||x|\ncrlUrl|||||x|\nocspNonResponderCertEnabled|||||x|\nocspOverrideUrl|||||x|\nocspTimeout|||||x|\nrevocationCheckEnabled|||||x|\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nCertAuthority|crlDayList|crlTimeList|\nCertAuthority|crlTimeList|crlDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities and domainCertAuthorities.",
+        "operationId": "createCertAuthority",
+        "parameters": [
+          {
+            "description": "The Certificate Authority object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/CertAuthority"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Authority object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/CertAuthorityResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Certificate Authority object.",
+        "tags": [
+          "all",
+          "certAuthority"
+        ]
+      }
+    },
+    "/certAuthorities/{certAuthorityName}": {
+      "delete": {
+        "deprecated": true,
+        "description": "Delete a Certificate Authority object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities and domainCertAuthorities.",
+        "operationId": "deleteCertAuthority",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Certificate Authority object.",
+        "tags": [
+          "all",
+          "certAuthority"
+        ]
+      },
+      "get": {
+        "deprecated": true,
+        "description": "Get a Certificate Authority object.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x||x|\ncertContent|||x|\ncrlDayList|||x|\ncrlTimeList|||x|\ncrlUrl|||x|\nocspNonResponderCertEnabled|||x|\nocspOverrideUrl|||x|\nocspTimeout|||x|\nrevocationCheckEnabled|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities and domainCertAuthorities.",
+        "operationId": "getCertAuthority",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Authority object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/CertAuthorityResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Certificate Authority object.",
+        "tags": [
+          "all",
+          "certAuthority"
+        ]
+      },
+      "patch": {
+        "deprecated": true,
+        "description": "Update a Certificate Authority object. Any attribute missing from the request will be left unchanged.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\ncertAuthorityName|x|x||||x|\ncertContent||||||x|\ncrlDayList||||||x|\ncrlTimeList||||||x|\ncrlUrl|||||x|x|\nocspNonResponderCertEnabled||||||x|\nocspOverrideUrl||||||x|\nocspTimeout||||||x|\nrevocationCheckEnabled||||||x|\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nCertAuthority|crlDayList|crlTimeList|\nCertAuthority|crlTimeList|crlDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities and domainCertAuthorities.",
+        "operationId": "updateCertAuthority",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Certificate Authority object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/CertAuthority"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Authority object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/CertAuthorityResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Certificate Authority object.",
+        "tags": [
+          "all",
+          "certAuthority"
+        ]
+      },
+      "put": {
+        "deprecated": true,
+        "description": "Replace a Certificate Authority object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\ncertAuthorityName|x||x||||x|\ncertContent|||||||x|\ncrlDayList|||||||x|\ncrlTimeList|||||||x|\ncrlUrl||||||x|x|\nocspNonResponderCertEnabled|||||||x|\nocspOverrideUrl|||||||x|\nocspTimeout|||||||x|\nrevocationCheckEnabled|||||||x|\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nCertAuthority|crlDayList|crlTimeList|\nCertAuthority|crlTimeList|crlDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities and domainCertAuthorities.",
+        "operationId": "replaceCertAuthority",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Certificate Authority object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/CertAuthority"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Authority object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/CertAuthorityResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Certificate Authority object.",
+        "tags": [
+          "all",
+          "certAuthority"
+        ]
+      }
+    },
+    "/certAuthorities/{certAuthorityName}/ocspTlsTrustedCommonNames": {
+      "get": {
+        "deprecated": true,
+        "description": "Get a list of OCSP Responder Trusted Common Name objects.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x||x|\nocspTlsTrustedCommonName|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities.",
+        "operationId": "getCertAuthorityOcspTlsTrustedCommonNames",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of OCSP Responder Trusted Common Name objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/CertAuthorityOcspTlsTrustedCommonNamesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of OCSP Responder Trusted Common Name objects.",
+        "tags": [
+          "all",
+          "certAuthority"
+        ]
+      },
+      "post": {
+        "deprecated": true,
+        "description": "Create an OCSP Responder Trusted Common Name object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x||x||x|\nocspTlsTrustedCommonName|x|x|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities.",
+        "operationId": "createCertAuthorityOcspTlsTrustedCommonName",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The OCSP Responder Trusted Common Name object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/CertAuthorityOcspTlsTrustedCommonName"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The OCSP Responder Trusted Common Name object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/CertAuthorityOcspTlsTrustedCommonNameResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create an OCSP Responder Trusted Common Name object.",
+        "tags": [
+          "all",
+          "certAuthority"
+        ]
+      }
+    },
+    "/certAuthorities/{certAuthorityName}/ocspTlsTrustedCommonNames/{ocspTlsTrustedCommonName}": {
+      "delete": {
+        "deprecated": true,
+        "description": "Delete an OCSP Responder Trusted Common Name object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities.",
+        "operationId": "deleteCertAuthorityOcspTlsTrustedCommonName",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The expected Trusted Common Name of the OCSP responder remote certificate.",
+            "in": "path",
+            "name": "ocspTlsTrustedCommonName",
+            "required": true,
+            "type": "string"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete an OCSP Responder Trusted Common Name object.",
+        "tags": [
+          "all",
+          "certAuthority"
+        ]
+      },
+      "get": {
+        "deprecated": true,
+        "description": "Get an OCSP Responder Trusted Common Name object.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x||x|\nocspTlsTrustedCommonName|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities.",
+        "operationId": "getCertAuthorityOcspTlsTrustedCommonName",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The expected Trusted Common Name of the OCSP responder remote certificate.",
+            "in": "path",
+            "name": "ocspTlsTrustedCommonName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The OCSP Responder Trusted Common Name object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/CertAuthorityOcspTlsTrustedCommonNameResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get an OCSP Responder Trusted Common Name object.",
+        "tags": [
+          "all",
+          "certAuthority"
+        ]
+      }
+    },
+    "/clientCertAuthorities": {
+      "get": {
+        "description": "Get a list of Client Certificate Authority objects.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "getClientCertAuthorities",
+        "parameters": [
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Client Certificate Authority objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthoritiesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Client Certificate Authority objects.",
+        "tags": [
+          "all",
+          "clientCertAuthority"
+        ]
+      },
+      "post": {
+        "description": "Create a Client Certificate Authority object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nClientCertAuthority|crlDayList|crlTimeList|\nClientCertAuthority|crlTimeList|crlDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "createClientCertAuthority",
+        "parameters": [
+          {
+            "description": "The Client Certificate Authority object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthority"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Client Certificate Authority object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthorityResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Client Certificate Authority object.",
+        "tags": [
+          "all",
+          "clientCertAuthority"
+        ]
+      }
+    },
+    "/clientCertAuthorities/{certAuthorityName}": {
+      "delete": {
+        "description": "Delete a Client Certificate Authority object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "deleteClientCertAuthority",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Client Certificate Authority object.",
+        "tags": [
+          "all",
+          "clientCertAuthority"
+        ]
+      },
+      "get": {
+        "description": "Get a Client Certificate Authority object.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "getClientCertAuthority",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Client Certificate Authority object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthorityResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Client Certificate Authority object.",
+        "tags": [
+          "all",
+          "clientCertAuthority"
+        ]
+      },
+      "patch": {
+        "description": "Update a Client Certificate Authority object. Any attribute missing from the request will be left unchanged.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\ncertAuthorityName|x|x|||||\ncrlUrl|||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nClientCertAuthority|crlDayList|crlTimeList|\nClientCertAuthority|crlTimeList|crlDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "updateClientCertAuthority",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Client Certificate Authority object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthority"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Client Certificate Authority object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthorityResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Client Certificate Authority object.",
+        "tags": [
+          "all",
+          "clientCertAuthority"
+        ]
+      },
+      "put": {
+        "description": "Replace a Client Certificate Authority object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\ncertAuthorityName|x||x|||||\ncrlUrl||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nClientCertAuthority|crlDayList|crlTimeList|\nClientCertAuthority|crlTimeList|crlDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "replaceClientCertAuthority",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Client Certificate Authority object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthority"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Client Certificate Authority object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthorityResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Client Certificate Authority object.",
+        "tags": [
+          "all",
+          "clientCertAuthority"
+        ]
+      }
+    },
+    "/clientCertAuthorities/{certAuthorityName}/ocspTlsTrustedCommonNames": {
+      "get": {
+        "description": "Get a list of OCSP Responder Trusted Common Name objects.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x|||\nocspTlsTrustedCommonName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "getClientCertAuthorityOcspTlsTrustedCommonNames",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of OCSP Responder Trusted Common Name objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthorityOcspTlsTrustedCommonNamesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of OCSP Responder Trusted Common Name objects.",
+        "tags": [
+          "all",
+          "clientCertAuthority"
+        ]
+      },
+      "post": {
+        "description": "Create an OCSP Responder Trusted Common Name object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x||x|||\nocspTlsTrustedCommonName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "createClientCertAuthorityOcspTlsTrustedCommonName",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The OCSP Responder Trusted Common Name object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthorityOcspTlsTrustedCommonName"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The OCSP Responder Trusted Common Name object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthorityOcspTlsTrustedCommonNameResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create an OCSP Responder Trusted Common Name object.",
+        "tags": [
+          "all",
+          "clientCertAuthority"
+        ]
+      }
+    },
+    "/clientCertAuthorities/{certAuthorityName}/ocspTlsTrustedCommonNames/{ocspTlsTrustedCommonName}": {
+      "delete": {
+        "description": "Delete an OCSP Responder Trusted Common Name object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "deleteClientCertAuthorityOcspTlsTrustedCommonName",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The expected Trusted Common Name of the OCSP responder remote certificate.",
+            "in": "path",
+            "name": "ocspTlsTrustedCommonName",
+            "required": true,
+            "type": "string"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete an OCSP Responder Trusted Common Name object.",
+        "tags": [
+          "all",
+          "clientCertAuthority"
+        ]
+      },
+      "get": {
+        "description": "Get an OCSP Responder Trusted Common Name object.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x|||\nocspTlsTrustedCommonName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "getClientCertAuthorityOcspTlsTrustedCommonName",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The expected Trusted Common Name of the OCSP responder remote certificate.",
+            "in": "path",
+            "name": "ocspTlsTrustedCommonName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The OCSP Responder Trusted Common Name object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthorityOcspTlsTrustedCommonNameResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get an OCSP Responder Trusted Common Name object.",
+        "tags": [
+          "all",
+          "clientCertAuthority"
+        ]
+      }
+    },
+    "/dmrClusters": {
+      "get": {
+        "description": "Get a list of Cluster objects.\n\nA Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||x||x\nauthenticationClientCertContent||x||x\nauthenticationClientCertPassword||x||\ndmrClusterName|x|||\ntlsServerCertEnforceTrustedCommonNameEnabled|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getDmrClusters",
+        "parameters": [
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Cluster objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClustersResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Cluster objects.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      },
+      "post": {
+        "description": "Create a Cluster object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nA Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||||x||x\nauthenticationClientCertContent||||x||x\nauthenticationClientCertPassword||||x||\ndmrClusterName|x|x||||\nnodeName|||x|||\ntlsServerCertEnforceTrustedCommonNameEnabled|||||x|\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nDmrCluster|authenticationClientCertPassword|authenticationClientCertContent|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "createDmrCluster",
+        "parameters": [
+          {
+            "description": "The Cluster object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrCluster"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Cluster object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Cluster object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}": {
+      "delete": {
+        "description": "Delete a Cluster object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nA Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "deleteDmrCluster",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Cluster object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      },
+      "get": {
+        "description": "Get a Cluster object.\n\nA Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||x||x\nauthenticationClientCertContent||x||x\nauthenticationClientCertPassword||x||\ndmrClusterName|x|||\ntlsServerCertEnforceTrustedCommonNameEnabled|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getDmrCluster",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Cluster object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Cluster object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      },
+      "patch": {
+        "description": "Update a Cluster object. Any attribute missing from the request will be left unchanged.\n\nA Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nauthenticationBasicPassword|||x||x||x\nauthenticationClientCertContent|||x||x||x\nauthenticationClientCertPassword|||x||x||\ndirectOnlyEnabled||x|||||\ndmrClusterName|x|x|||||\nnodeName||x|||||\ntlsServerCertEnforceTrustedCommonNameEnabled||||||x|\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nDmrCluster|authenticationClientCertPassword|authenticationClientCertContent|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "updateDmrCluster",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Cluster object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrCluster"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Cluster object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Cluster object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      },
+      "put": {
+        "description": "Replace a Cluster object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nauthenticationBasicPassword||||x||x||x\nauthenticationClientCertContent||||x||x||x\nauthenticationClientCertPassword||||x||x||\ndirectOnlyEnabled||x||||||\ndmrClusterName|x||x|||||\nnodeName|||x|||||\ntlsServerCertEnforceTrustedCommonNameEnabled|||||||x|\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nDmrCluster|authenticationClientCertPassword|authenticationClientCertContent|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "replaceDmrCluster",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Cluster object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrCluster"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Cluster object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Cluster object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/certMatchingRules": {
+      "get": {
+        "description": "Get a list of Certificate Matching Rule objects.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given link.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmrClusterName|x|||\nruleName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "getDmrClusterCertMatchingRules",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Certificate Matching Rule objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRulesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Certificate Matching Rule objects.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      },
+      "post": {
+        "description": "Create a Certificate Matching Rule object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given link.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ndmrClusterName|x||x|||\nruleName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "createDmrClusterCertMatchingRule",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Certificate Matching Rule object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRule"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Certificate Matching Rule object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/certMatchingRules/{ruleName}": {
+      "delete": {
+        "description": "Delete a Certificate Matching Rule object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given link.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "deleteDmrClusterCertMatchingRule",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Certificate Matching Rule object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      },
+      "get": {
+        "description": "Get a Certificate Matching Rule object.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given link.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmrClusterName|x|||\nruleName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "getDmrClusterCertMatchingRule",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Certificate Matching Rule object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      },
+      "patch": {
+        "description": "Update a Certificate Matching Rule object. Any attribute missing from the request will be left unchanged.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given link.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\ndmrClusterName|x|x|||||\nruleName|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "updateDmrClusterCertMatchingRule",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Certificate Matching Rule object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRule"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Certificate Matching Rule object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      },
+      "put": {
+        "description": "Replace a Certificate Matching Rule object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given link.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\ndmrClusterName|x||x|||||\nruleName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "replaceDmrClusterCertMatchingRule",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Certificate Matching Rule object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRule"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Certificate Matching Rule object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/certMatchingRules/{ruleName}/attributeFilters": {
+      "get": {
+        "description": "Get a list of Certificate Matching Rule Attribute Filter objects.\n\nA Cert Matching Rule Attribute Filter compares a link attribute to a string.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmrClusterName|x|||\nfilterName|x|||\nruleName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "getDmrClusterCertMatchingRuleAttributeFilters",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Certificate Matching Rule Attribute Filter objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFiltersResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Certificate Matching Rule Attribute Filter objects.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      },
+      "post": {
+        "description": "Create a Certificate Matching Rule Attribute Filter object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nA Cert Matching Rule Attribute Filter compares a link attribute to a string.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ndmrClusterName|x||x|||\nfilterName|x|x||||\nruleName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "createDmrClusterCertMatchingRuleAttributeFilter",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilter"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Certificate Matching Rule Attribute Filter object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/certMatchingRules/{ruleName}/attributeFilters/{filterName}": {
+      "delete": {
+        "description": "Delete a Certificate Matching Rule Attribute Filter object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nA Cert Matching Rule Attribute Filter compares a link attribute to a string.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "deleteDmrClusterCertMatchingRuleAttributeFilter",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the filter.",
+            "in": "path",
+            "name": "filterName",
+            "required": true,
+            "type": "string"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Certificate Matching Rule Attribute Filter object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      },
+      "get": {
+        "description": "Get a Certificate Matching Rule Attribute Filter object.\n\nA Cert Matching Rule Attribute Filter compares a link attribute to a string.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmrClusterName|x|||\nfilterName|x|||\nruleName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "getDmrClusterCertMatchingRuleAttributeFilter",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the filter.",
+            "in": "path",
+            "name": "filterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Certificate Matching Rule Attribute Filter object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      },
+      "patch": {
+        "description": "Update a Certificate Matching Rule Attribute Filter object. Any attribute missing from the request will be left unchanged.\n\nA Cert Matching Rule Attribute Filter compares a link attribute to a string.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\ndmrClusterName|x|x|||||\nfilterName|x|x|||||\nruleName|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "updateDmrClusterCertMatchingRuleAttributeFilter",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the filter.",
+            "in": "path",
+            "name": "filterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilter"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Certificate Matching Rule Attribute Filter object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      },
+      "put": {
+        "description": "Replace a Certificate Matching Rule Attribute Filter object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Cert Matching Rule Attribute Filter compares a link attribute to a string.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\ndmrClusterName|x||x|||||\nfilterName|x||x|||||\nruleName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "replaceDmrClusterCertMatchingRuleAttributeFilter",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the filter.",
+            "in": "path",
+            "name": "filterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilter"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Certificate Matching Rule Attribute Filter object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/certMatchingRules/{ruleName}/conditions": {
+      "get": {
+        "description": "Get a list of Certificate Matching Rule Condition objects.\n\nA Cert Matching Rule Condition compares data extracted from a certificate to a link attribute or an expression.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmrClusterName|x|||\nruleName|x|||\nsource|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "getDmrClusterCertMatchingRuleConditions",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Certificate Matching Rule Condition objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleConditionsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Certificate Matching Rule Condition objects.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      },
+      "post": {
+        "description": "Create a Certificate Matching Rule Condition object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nA Cert Matching Rule Condition compares data extracted from a certificate to a link attribute or an expression.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ndmrClusterName|x||x|||\nruleName|x||x|||\nsource|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "createDmrClusterCertMatchingRuleCondition",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Certificate Matching Rule Condition object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleCondition"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule Condition object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleConditionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Certificate Matching Rule Condition object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/certMatchingRules/{ruleName}/conditions/{source}": {
+      "delete": {
+        "description": "Delete a Certificate Matching Rule Condition object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nA Cert Matching Rule Condition compares data extracted from a certificate to a link attribute or an expression.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "deleteDmrClusterCertMatchingRuleCondition",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "Certificate field to be compared with the Attribute.",
+            "in": "path",
+            "name": "source",
+            "required": true,
+            "type": "string"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Certificate Matching Rule Condition object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      },
+      "get": {
+        "description": "Get a Certificate Matching Rule Condition object.\n\nA Cert Matching Rule Condition compares data extracted from a certificate to a link attribute or an expression.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmrClusterName|x|||\nruleName|x|||\nsource|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "getDmrClusterCertMatchingRuleCondition",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "Certificate field to be compared with the Attribute.",
+            "in": "path",
+            "name": "source",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule Condition object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleConditionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Certificate Matching Rule Condition object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/links": {
+      "get": {
+        "description": "Get a list of Link objects.\n\nA Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||x||x\ndmrClusterName|x|||\nremoteNodeName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getDmrClusterLinks",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Link objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinksResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Link objects.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      },
+      "post": {
+        "description": "Create a Link object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nA Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||||x||x\ndmrClusterName|x||x|||\nremoteNodeName|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "createDmrClusterLink",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Link object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLink"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Link object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Link object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}": {
+      "delete": {
+        "description": "Delete a Link object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nA Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "deleteDmrClusterLink",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Link object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      },
+      "get": {
+        "description": "Get a Link object.\n\nA Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||x||x\ndmrClusterName|x|||\nremoteNodeName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getDmrClusterLink",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Link object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Link object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      },
+      "patch": {
+        "description": "Update a Link object. Any attribute missing from the request will be left unchanged.\n\nA Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nauthenticationBasicPassword|||x||x||x\nauthenticationScheme|||||x||\ndmrClusterName|x|x|||||\negressFlowWindowSize|||||x||\ninitiator|||||x||\nremoteNodeName|x|x|||||\nspan|||||x||\ntransportCompressedEnabled|||||x||\ntransportTlsEnabled|||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "updateDmrClusterLink",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Link object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLink"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Link object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Link object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      },
+      "put": {
+        "description": "Replace a Link object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nauthenticationBasicPassword||||x||x||x\nauthenticationScheme||||||x||\ndmrClusterName|x||x|||||\negressFlowWindowSize||||||x||\ninitiator||||||x||\nremoteNodeName|x||x|||||\nspan||||||x||\ntransportCompressedEnabled||||||x||\ntransportTlsEnabled||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "replaceDmrClusterLink",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Link object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLink"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Link object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Link object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/attributes": {
+      "get": {
+        "description": "Get a list of Link Attribute objects.\n\nA Link Attribute is a key+value pair that can be used to locate a DMR Cluster Link, for example when using client certificate mapping.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nattributeName|x|||\nattributeValue|x|||\ndmrClusterName|x|||\nremoteNodeName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "getDmrClusterLinkAttributes",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Link Attribute objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkAttributesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Link Attribute objects.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      },
+      "post": {
+        "description": "Create a Link Attribute object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nA Link Attribute is a key+value pair that can be used to locate a DMR Cluster Link, for example when using client certificate mapping.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nattributeName|x|x||||\nattributeValue|x|x||||\ndmrClusterName|x||x|||\nremoteNodeName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "createDmrClusterLinkAttribute",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Link Attribute object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkAttribute"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Link Attribute object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkAttributeResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Link Attribute object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/attributes/{attributeName},{attributeValue}": {
+      "delete": {
+        "description": "Delete a Link Attribute object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nA Link Attribute is a key+value pair that can be used to locate a DMR Cluster Link, for example when using client certificate mapping.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "deleteDmrClusterLinkAttribute",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Attribute.",
+            "in": "path",
+            "name": "attributeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The value of the Attribute.",
+            "in": "path",
+            "name": "attributeValue",
+            "required": true,
+            "type": "string"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Link Attribute object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      },
+      "get": {
+        "description": "Get a Link Attribute object.\n\nA Link Attribute is a key+value pair that can be used to locate a DMR Cluster Link, for example when using client certificate mapping.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nattributeName|x|||\nattributeValue|x|||\ndmrClusterName|x|||\nremoteNodeName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "getDmrClusterLinkAttribute",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Attribute.",
+            "in": "path",
+            "name": "attributeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The value of the Attribute.",
+            "in": "path",
+            "name": "attributeValue",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Link Attribute object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkAttributeResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Link Attribute object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/remoteAddresses": {
+      "get": {
+        "description": "Get a list of Remote Address objects.\n\nEach Remote Address, consisting of a FQDN or IP address and optional port, is used to connect to the remote node for this Link. Up to 4 addresses may be provided for each Link, and will be tried on a round-robin basis.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmrClusterName|x|||\nremoteAddress|x|||\nremoteNodeName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getDmrClusterLinkRemoteAddresses",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Remote Address objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkRemoteAddressesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Remote Address objects.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      },
+      "post": {
+        "description": "Create a Remote Address object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nEach Remote Address, consisting of a FQDN or IP address and optional port, is used to connect to the remote node for this Link. Up to 4 addresses may be provided for each Link, and will be tried on a round-robin basis.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ndmrClusterName|x||x|||\nremoteAddress|x|x||||\nremoteNodeName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "createDmrClusterLinkRemoteAddress",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Remote Address object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkRemoteAddress"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Remote Address object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkRemoteAddressResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Remote Address object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/remoteAddresses/{remoteAddress}": {
+      "delete": {
+        "description": "Delete a Remote Address object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nEach Remote Address, consisting of a FQDN or IP address and optional port, is used to connect to the remote node for this Link. Up to 4 addresses may be provided for each Link, and will be tried on a round-robin basis.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "deleteDmrClusterLinkRemoteAddress",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The FQDN or IP address (and optional port) of the remote node. If a port is not provided, it will vary based on the transport encoding: 55555 (plain-text), 55443 (encrypted), or 55003 (compressed).",
+            "in": "path",
+            "name": "remoteAddress",
+            "required": true,
+            "type": "string"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Remote Address object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      },
+      "get": {
+        "description": "Get a Remote Address object.\n\nEach Remote Address, consisting of a FQDN or IP address and optional port, is used to connect to the remote node for this Link. Up to 4 addresses may be provided for each Link, and will be tried on a round-robin basis.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmrClusterName|x|||\nremoteAddress|x|||\nremoteNodeName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getDmrClusterLinkRemoteAddress",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The FQDN or IP address (and optional port) of the remote node. If a port is not provided, it will vary based on the transport encoding: 55555 (plain-text), 55443 (encrypted), or 55003 (compressed).",
+            "in": "path",
+            "name": "remoteAddress",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Remote Address object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkRemoteAddressResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Remote Address object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/tlsTrustedCommonNames": {
+      "get": {
+        "deprecated": true,
+        "description": "Get a list of Trusted Common Name objects.\n\nThe Trusted Common Names for the Link are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmrClusterName|x||x|\nremoteNodeName|x||x|\ntlsTrustedCommonName|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "getDmrClusterLinkTlsTrustedCommonNames",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Trusted Common Name objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonNamesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Trusted Common Name objects.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      },
+      "post": {
+        "deprecated": true,
+        "description": "Create a Trusted Common Name object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nThe Trusted Common Names for the Link are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ndmrClusterName|x||x||x|\nremoteNodeName|x||x||x|\ntlsTrustedCommonName|x|x|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "createDmrClusterLinkTlsTrustedCommonName",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Trusted Common Name object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonName"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Trusted Common Name object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonNameResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Trusted Common Name object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/tlsTrustedCommonNames/{tlsTrustedCommonName}": {
+      "delete": {
+        "deprecated": true,
+        "description": "Delete a Trusted Common Name object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nThe Trusted Common Names for the Link are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "deleteDmrClusterLinkTlsTrustedCommonName",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The expected trusted common name of the remote certificate.",
+            "in": "path",
+            "name": "tlsTrustedCommonName",
+            "required": true,
+            "type": "string"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Trusted Common Name object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      },
+      "get": {
+        "deprecated": true,
+        "description": "Get a Trusted Common Name object.\n\nThe Trusted Common Names for the Link are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmrClusterName|x||x|\nremoteNodeName|x||x|\ntlsTrustedCommonName|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "getDmrClusterLinkTlsTrustedCommonName",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The expected trusted common name of the remote certificate.",
+            "in": "path",
+            "name": "tlsTrustedCommonName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Trusted Common Name object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonNameResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Trusted Common Name object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/domainCertAuthorities": {
+      "get": {
+        "description": "Get a list of Domain Certificate Authority objects.\n\nCertificate Authorities trusted for domain verification.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "getDomainCertAuthorities",
+        "parameters": [
+          {
+            "$ref": "#/parameters/countQuery"
           },
-          "type": "array"
-        },
-        "links": {
-          "items": {
-            "$ref": "#/definitions/VirtualHostnameLinks"
+          {
+            "$ref": "#/parameters/cursorQuery"
           },
-          "type": "array"
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Domain Certificate Authority objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DomainCertAuthoritiesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
         },
-        "meta": {
-          "$ref": "#/definitions/SempMeta"
-        }
-      },
-      "required": [
-        "meta"
-      ],
-      "type": "object"
-    }
-  },
-  "host": "www.solace.com",
-  "info": {
-    "contact": {
-      "email": "support@solace.com",
-      "name": "Solace",
-      "url": "http://www.solace.com"
-    },
-    "description": "SEMP (starting in `v2`, see note 1) is a RESTful API for configuring, monitoring, and administering a Solace PubSub+ broker.\n\nSEMP uses URIs to address manageable **resources** of the Solace PubSub+ broker. Resources are individual **objects**, **collections** of objects, or (exclusively in the action API) **actions**. This document applies to the following API:\n\n\nAPI|Base Path|Purpose|Comments\n:---|:---|:---|:---\nConfiguration|/SEMP/v2/config|Reading and writing config state|See note 2\n\n\n\nThe following APIs are also available:\n\n\nAPI|Base Path|Purpose|Comments\n:---|:---|:---|:---\nAction|/SEMP/v2/action|Performing actions|See note 2\nMonitoring|/SEMP/v2/monitor|Querying operational parameters|See note 2\n\n\n\nResources are always nouns, with individual objects being singular and collections being plural.\n\nObjects within a collection are identified by an `obj-id`, which follows the collection name with the form `collection-name/obj-id`.\n\nActions within an object are identified by an `action-id`, which follows the object name with the form `obj-id/action-id`.\n\nSome examples:\n\n```\n/SEMP/v2/config/msgVpns                        ; MsgVpn collection\n/SEMP/v2/config/msgVpns/a                      ; MsgVpn object named \"a\"\n/SEMP/v2/config/msgVpns/a/queues               ; Queue collection in MsgVpn \"a\"\n/SEMP/v2/config/msgVpns/a/queues/b             ; Queue object named \"b\" in MsgVpn \"a\"\n/SEMP/v2/action/msgVpns/a/queues/b/startReplay ; Action that starts a replay on Queue \"b\" in MsgVpn \"a\"\n/SEMP/v2/monitor/msgVpns/a/clients             ; Client collection in MsgVpn \"a\"\n/SEMP/v2/monitor/msgVpns/a/clients/c           ; Client object named \"c\" in MsgVpn \"a\"\n```\n\n## Collection Resources\n\nCollections are unordered lists of objects (unless described as otherwise), and are described by JSON arrays. Each item in the array represents an object in the same manner as the individual object would normally be represented. In the configuration API, the creation of a new object is done through its collection resource.\n\n## Object and Action Resources\n\nObjects are composed of attributes, actions, collections, and other objects. They are described by JSON objects as name/value pairs. The collections and actions of an object are not contained directly in the object's JSON content; rather the content includes an attribute containing a URI which points to the collections and actions. These contained resources must be managed through this URI. At a minimum, every object has one or more identifying attributes, and its own `uri` attribute which contains the URI pointing to itself.\n\nActions are also composed of attributes, and are described by JSON objects as name/value pairs. Unlike objects, however, they are not members of a collection and cannot be retrieved, only performed. Actions only exist in the action API.\n\nAttributes in an object or action may have any combination of the following properties:\n\n\nProperty|Meaning|Comments\n:---|:---|:---\nIdentifying|Attribute is involved in unique identification of the object, and appears in its URI|\nRequired|Attribute must be provided in the request|\nRead-Only|Attribute can only be read, not written.|See note 3\nWrite-Only|Attribute can only be written, not read, unless the attribute is also opaque|See the documentation for the opaque property\nRequires-Disable|Attribute can only be changed when object is disabled|\nDeprecated|Attribute is deprecated, and will disappear in the next SEMP version|\nOpaque|Attribute can be set or retrieved in opaque form when the `opaquePassword` query parameter is present|See the `opaquePassword` query parameter documentation\n\n\n\nIn some requests, certain attributes may only be provided in certain combinations with other attributes:\n\n\nRelationship|Meaning\n:---|:---\nRequires|Attribute may only be changed by a request if a particular attribute or combination of attributes is also provided in the request\nConflicts|Attribute may only be provided in a request if a particular attribute or combination of attributes is not also provided in the request\n\n\n\nIn the monitoring API, any non-identifying attribute may not be returned in a GET.\n\n## HTTP Methods\n\nThe following HTTP methods manipulate resources in accordance with these general principles. Note that some methods are only used in certain APIs:\n\n\nMethod|Resource|Meaning|Request Body|Response Body|Missing Request Attributes\n:---|:---|:---|:---|:---|:---\nPOST|Collection|Create object|Initial attribute values|Object attributes and metadata|Set to default\nPUT|Object|Create or replace object (see note 5)|New attribute values|Object attributes and metadata|Set to default, with certain exceptions (see note 4)\nPUT|Action|Performs action|Action arguments|Action metadata|N/A\nPATCH|Object|Update object|New attribute values|Object attributes and metadata|unchanged\nDELETE|Object|Delete object|Empty|Object metadata|N/A\nGET|Object|Get object|Empty|Object attributes and metadata|N/A\nGET|Collection|Get collection|Empty|Object attributes and collection metadata|N/A\n\n\n\n## Common Query Parameters\n\nThe following are some common query parameters that are supported by many method/URI combinations. Individual URIs may document additional parameters. Note that multiple query parameters can be used together in a single URI, separated by the ampersand character. For example:\n\n```\n; Request for the MsgVpns collection using two hypothetical query parameters\n; \"q1\" and \"q2\" with values \"val1\" and \"val2\" respectively\n/SEMP/v2/config/msgVpns?q1=val1&q2=val2\n```\n\n### select\n\nInclude in the response only selected attributes of the object, or exclude from the response selected attributes of the object. Use this query parameter to limit the size of the returned data for each returned object, return only those fields that are desired, or exclude fields that are not desired.\n\nThe value of `select` is a comma-separated list of attribute names. If the list contains attribute names that are not prefaced by `-`, only those attributes are included in the response. If the list contains attribute names that are prefaced by `-`, those attributes are excluded from the response. If the list contains both types, then the difference of the first set of attributes and the second set of attributes is returned. If the list is empty (i.e. `select=`), no attributes are returned.\n\nAll attributes that are prefaced by `-` must follow all attributes that are not prefaced by `-`. In addition, each attribute name in the list must match at least one attribute in the object.\n\nNames may include the `*` wildcard (zero or more characters). Nested attribute names are supported using periods (e.g. `parentName.childName`).\n\nSome examples:\n\n```\n; List of all MsgVpn names\n/SEMP/v2/config/msgVpns?select=msgVpnName\n; List of all MsgVpn and their attributes except for their names\n/SEMP/v2/config/msgVpns?select=-msgVpnName\n; Authentication attributes of MsgVpn \"finance\"\n/SEMP/v2/config/msgVpns/finance?select=authentication*\n; All attributes of MsgVpn \"finance\" except for authentication attributes\n/SEMP/v2/config/msgVpns/finance?select=-authentication*\n; Access related attributes of Queue \"orderQ\" of MsgVpn \"finance\"\n/SEMP/v2/config/msgVpns/finance/queues/orderQ?select=owner,permission\n```\n\n### where\n\nInclude in the response only objects where certain conditions are true. Use this query parameter to limit which objects are returned to those whose attribute values meet the given conditions.\n\nThe value of `where` is a comma-separated list of expressions. All expressions must be true for the object to be included in the response. Each expression takes the form:\n\n```\nexpression  = attribute-name OP value\nOP          = '==' | '!=' | '&lt;' | '&gt;' | '&lt;=' | '&gt;='\n```\n\n`value` may be a number, string, `true`, or `false`, as appropriate for the type of `attribute-name`. Greater-than and less-than comparisons only work for numbers. A `*` in a string `value` is interpreted as a wildcard (zero or more characters). Some examples:\n\n```\n; Only enabled MsgVpns\n/SEMP/v2/config/msgVpns?where=enabled==true\n; Only MsgVpns using basic non-LDAP authentication\n/SEMP/v2/config/msgVpns?where=authenticationBasicEnabled==true,authenticationBasicType!=ldap\n; Only MsgVpns that allow more than 100 client connections\n/SEMP/v2/config/msgVpns?where=maxConnectionCount>100\n; Only MsgVpns with msgVpnName starting with \"B\":\n/SEMP/v2/config/msgVpns?where=msgVpnName==B*\n```\n\n### count\n\nLimit the count of objects in the response. This can be useful to limit the size of the response for large collections. The minimum value for `count` is `1` and the default is `10`. There is also a per-collection maximum value to limit request handling time.\n\n`count` does not guarantee that a minimum number of objects will be returned. A page may contain fewer than `count` objects or even be empty. Additional objects may nonetheless be available for retrieval on subsequent pages. See the `cursor` query parameter documentation for more information on paging.\n\nFor example:\n```\n; Up to 25 MsgVpns\n/SEMP/v2/config/msgVpns?count=25\n```\n\n### cursor\n\nThe cursor, or position, for the next page of objects. Cursors are opaque data that should not be created or interpreted by SEMP clients, and should only be used as described below.\n\nWhen a request is made for a collection and there may be additional objects available for retrieval that are not included in the initial response, the response will include a `cursorQuery` field containing a cursor. The value of this field can be specified in the `cursor` query parameter of a subsequent request to retrieve the next page of objects. For convenience, an appropriate URI is constructed automatically by the broker and included in the `nextPageUri` field of the response. This URI can be used directly to retrieve the next page of objects.\n\nApplications must continue to follow the `nextPageUri` if one is provided in order to retrieve the full set of objects associated with the request, even if a page contains fewer than the requested number of objects (see the `count` query parameter documentation) or is empty.\n\n### opaquePassword\n\nAttributes with the opaque property are also write-only and so cannot normally be retrieved in a GET. However, when a password is provided in the `opaquePassword` query parameter, attributes with the opaque property are retrieved in a GET in opaque form, encrypted with this password. The query parameter can also be used on a POST, PATCH, or PUT to set opaque attributes using opaque attribute values retrieved in a GET, so long as:\n\n1. the same password that was used to retrieve the opaque attribute values is provided; and\n\n2. the broker to which the request is being sent has the same major and minor SEMP version as the broker that produced the opaque attribute values.\n\nThe password provided in the query parameter must be a minimum of 8 characters and a maximum of 128 characters.\n\nThe query parameter can only be used in the configuration API, and only over HTTPS.\n\n## Authentication\n\nWhen a client makes its first SEMPv2 request, it must supply a username and password using HTTP Basic authentication, or an OAuth token or tokens using HTTP Bearer authentication.\n\nWhen HTTP Basic authentication is used, the broker returns a cookie containing a session key. The client can omit the username and password from subsequent requests, because the broker can use the session cookie for authentication instead. When the session expires or is deleted, the client must provide the username and password again, and the broker creates a new session.\n\nThere are a limited number of session slots available on the broker. The broker returns 529 No SEMP Session Available if it is not able to allocate a session.\n\nIf certain attributes\u2014such as a user's password\u2014are changed, the broker automatically deletes the affected sessions. These attributes are documented below. However, changes in external user configuration data stored on a RADIUS or LDAP server do not trigger the broker to delete the associated session(s), therefore you must do this manually, if required.\n\nA client can retrieve its current session information using the /about/user endpoint and delete its own session using the /about/user/logout endpoint. A client with appropriate permissions can also manage all sessions using the /sessions endpoint.\n\nSessions are not created when authenticating with an OAuth token or tokens using HTTP Bearer authentication. If a session cookie is provided, it is ignored.\n\n## Help\n\nVisit [our website](https://solace.com) to learn more about Solace.\n\nYou can also download the SEMP API specifications by clicking [here](https://solace.com/downloads/).\n\nIf you need additional support, please contact us at [support@solace.com](mailto:support@solace.com).\n\n## Notes\n\nNote|Description\n:---:|:---\n1|This specification defines SEMP starting in \"v2\", and not the original SEMP \"v1\" interface. Request and response formats between \"v1\" and \"v2\" are entirely incompatible, although both protocols share a common port configuration on the Solace PubSub+ broker. They are differentiated by the initial portion of the URI path, one of either \"/SEMP/\" or \"/SEMP/v2/\"\n2|This API is partially implemented. Only a subset of all objects are available.\n3|Read-only attributes may appear in POST and PUT/PATCH requests. However, if a read-only attribute is not marked as identifying, it will be ignored during a PUT/PATCH.\n4|On a PUT, if the SEMP user is not authorized to modify the attribute, its value is left unchanged rather than set to default. In addition, the values of write-only attributes are not set to their defaults on a PUT, except in the following two cases: there is a mutual requires relationship with another non-write-only attribute, both attributes are absent from the request, and the non-write-only attribute is not currently set to its default value; or the attribute is also opaque and the `opaquePassword` query parameter is provided in the request.\n5|On a PUT, if the object does not exist, it is created first.\n\n",
-    "title": "SEMP (Solace Element Management Protocol)",
-    "version": "2.26"
-  },
-  "parameters": {
-    "countQuery": {
-      "default": 10,
-      "description": "Limit the count of objects in the response. See the documentation for the `count` parameter.",
-      "in": "query",
-      "minimum": 1,
-      "name": "count",
-      "required": false,
-      "type": "integer"
-    },
-    "cursorQuery": {
-      "description": "The cursor, or position, for the next page of objects. See the documentation for the `cursor` parameter.",
-      "in": "query",
-      "name": "cursor",
-      "required": false,
-      "type": "string"
-    },
-    "opaquePasswordQuery": {
-      "description": "Accept opaque attributes in the request or return opaque attributes in the response, encrypted with the specified password. See the documentation for the `opaquePassword` parameter.",
-      "in": "query",
-      "name": "opaquePassword",
-      "required": false,
-      "type": "string"
-    },
-    "selectQuery": {
-      "collectionFormat": "csv",
-      "description": "Include in the response only selected attributes of the object, or exclude from the response selected attributes of the object. See the documentation for the `select` parameter.",
-      "in": "query",
-      "items": {
-        "type": "string"
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Domain Certificate Authority objects.",
+        "tags": [
+          "all",
+          "domainCertAuthority"
+        ]
       },
-      "name": "select",
-      "required": false,
-      "type": "array"
+      "post": {
+        "description": "Create a Domain Certificate Authority object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nCertificate Authorities trusted for domain verification.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "createDomainCertAuthority",
+        "parameters": [
+          {
+            "description": "The Domain Certificate Authority object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DomainCertAuthority"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Domain Certificate Authority object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DomainCertAuthorityResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Domain Certificate Authority object.",
+        "tags": [
+          "all",
+          "domainCertAuthority"
+        ]
+      }
     },
-    "whereQuery": {
-      "collectionFormat": "csv",
-      "description": "Include in the response only objects where certain conditions are true. See the the documentation for the `where` parameter.",
-      "in": "query",
-      "items": {
-        "type": "string"
+    "/domainCertAuthorities/{certAuthorityName}": {
+      "delete": {
+        "description": "Delete a Domain Certificate Authority object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nCertificate Authorities trusted for domain verification.\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "deleteDomainCertAuthority",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Domain Certificate Authority object.",
+        "tags": [
+          "all",
+          "domainCertAuthority"
+        ]
       },
-      "name": "where",
-      "required": false,
-      "type": "array"
-    }
-  },
-  "paths": {
-    "/": {
       "get": {
-        "description": "Get a Broker object.\n\nThis object contains global configuration for the message broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ntlsServerCertContent||x||x\ntlsServerCertPassword||x||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\nconfigSyncAuthenticationClientCertMaxChainDepth|global/read-only\nconfigSyncAuthenticationClientCertValidateDateEnabled|global/read-only\nconfigSyncClientProfileTcpInitialCongestionWindow|global/read-only\nconfigSyncClientProfileTcpKeepaliveCount|global/read-only\nconfigSyncClientProfileTcpKeepaliveIdle|global/read-only\nconfigSyncClientProfileTcpKeepaliveInterval|global/read-only\nconfigSyncClientProfileTcpMaxWindow|global/read-only\nconfigSyncClientProfileTcpMss|global/read-only\nconfigSyncEnabled|global/read-only\nconfigSyncSynchronizeUsernameEnabled|global/read-only\nconfigSyncTlsEnabled|global/read-only\nguaranteedMsgingDefragmentationScheduleDayList|global/read-only\nguaranteedMsgingDefragmentationScheduleEnabled|global/read-only\nguaranteedMsgingDefragmentationScheduleTimeList|global/read-only\nguaranteedMsgingDefragmentationThresholdEnabled|global/read-only\nguaranteedMsgingDefragmentationThresholdFragmentationPercentage|global/read-only\nguaranteedMsgingDefragmentationThresholdMinInterval|global/read-only\nguaranteedMsgingDefragmentationThresholdUsagePercentage|global/read-only\nguaranteedMsgingEnabled|global/read-only\nguaranteedMsgingEventCacheUsageThreshold.clearPercent|global/read-only\nguaranteedMsgingEventCacheUsageThreshold.clearValue|global/read-only\nguaranteedMsgingEventCacheUsageThreshold.setPercent|global/read-only\nguaranteedMsgingEventCacheUsageThreshold.setValue|global/read-only\nguaranteedMsgingEventDeliveredUnackedThreshold.clearPercent|global/read-only\nguaranteedMsgingEventDeliveredUnackedThreshold.setPercent|global/read-only\nguaranteedMsgingEventDiskUsageThreshold.clearPercent|global/read-only\nguaranteedMsgingEventDiskUsageThreshold.setPercent|global/read-only\nguaranteedMsgingEventEgressFlowCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventEgressFlowCountThreshold.clearValue|global/read-only\nguaranteedMsgingEventEgressFlowCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventEgressFlowCountThreshold.setValue|global/read-only\nguaranteedMsgingEventEndpointCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventEndpointCountThreshold.clearValue|global/read-only\nguaranteedMsgingEventEndpointCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventEndpointCountThreshold.setValue|global/read-only\nguaranteedMsgingEventIngressFlowCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventIngressFlowCountThreshold.clearValue|global/read-only\nguaranteedMsgingEventIngressFlowCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventIngressFlowCountThreshold.setValue|global/read-only\nguaranteedMsgingEventMsgCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventMsgCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventMsgSpoolFileCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventMsgSpoolFileCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventMsgSpoolUsageThreshold.clearPercent|global/read-only\nguaranteedMsgingEventMsgSpoolUsageThreshold.clearValue|global/read-only\nguaranteedMsgingEventMsgSpoolUsageThreshold.setPercent|global/read-only\nguaranteedMsgingEventMsgSpoolUsageThreshold.setValue|global/read-only\nguaranteedMsgingEventTransactedSessionCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventTransactedSessionCountThreshold.clearValue|global/read-only\nguaranteedMsgingEventTransactedSessionCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventTransactedSessionCountThreshold.setValue|global/read-only\nguaranteedMsgingEventTransactedSessionResourceCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventTransactedSessionResourceCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventTransactionCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventTransactionCountThreshold.clearValue|global/read-only\nguaranteedMsgingEventTransactionCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventTransactionCountThreshold.setValue|global/read-only\nguaranteedMsgingMaxCacheUsage|global/read-only\nguaranteedMsgingMaxMsgSpoolUsage|global/read-only\nguaranteedMsgingMsgSpoolSyncMirroredMsgAckTimeout|global/read-only\nguaranteedMsgingMsgSpoolSyncMirroredSpoolFileAckTimeout|global/read-only\nguaranteedMsgingTransactionReplicationCompatibilityMode|global/read-only\noauthProfileDefault|global/read-only\nserviceAmqpEnabled|global/read-only\nserviceAmqpTlsListenPort|global/read-only\nserviceEventConnectionCountThreshold.clearPercent|global/read-only\nserviceEventConnectionCountThreshold.clearValue|global/read-only\nserviceEventConnectionCountThreshold.setPercent|global/read-only\nserviceEventConnectionCountThreshold.setValue|global/read-only\nserviceHealthCheckEnabled|global/read-only\nserviceHealthCheckListenPort|global/read-only\nserviceMateLinkEnabled|global/read-only\nserviceMateLinkListenPort|global/read-only\nserviceMqttEnabled|global/read-only\nserviceMsgBackboneEnabled|global/read-only\nserviceRedundancyEnabled|global/read-only\nserviceRedundancyFirstListenPort|global/read-only\nserviceRestEventOutgoingConnectionCountThreshold.clearPercent|global/read-only\nserviceRestEventOutgoingConnectionCountThreshold.clearValue|global/read-only\nserviceRestEventOutgoingConnectionCountThreshold.setPercent|global/read-only\nserviceRestEventOutgoingConnectionCountThreshold.setValue|global/read-only\nserviceRestIncomingEnabled|global/read-only\nserviceRestOutgoingEnabled|global/read-only\nserviceSempCorsAllowAnyHostEnabled|global/read-only\nserviceSempLegacyTimeoutEnabled|global/read-only\nserviceSempPlainTextEnabled|global/read-only\nserviceSempPlainTextListenPort|global/read-only\nserviceSempSessionIdleTimeout|global/read-only\nserviceSempSessionMaxLifetime|global/read-only\nserviceSempTlsEnabled|global/read-only\nserviceSempTlsListenPort|global/read-only\nserviceSmfCompressionListenPort|global/read-only\nserviceSmfEnabled|global/read-only\nserviceSmfEventConnectionCountThreshold.clearPercent|global/read-only\nserviceSmfEventConnectionCountThreshold.clearValue|global/read-only\nserviceSmfEventConnectionCountThreshold.setPercent|global/read-only\nserviceSmfEventConnectionCountThreshold.setValue|global/read-only\nserviceSmfPlainTextListenPort|global/read-only\nserviceSmfRoutingControlListenPort|global/read-only\nserviceSmfTlsListenPort|global/read-only\nserviceTlsEventConnectionCountThreshold.clearPercent|global/read-only\nserviceTlsEventConnectionCountThreshold.clearValue|global/read-only\nserviceTlsEventConnectionCountThreshold.setPercent|global/read-only\nserviceTlsEventConnectionCountThreshold.setValue|global/read-only\nserviceWebTransportEnabled|global/read-only\nserviceWebTransportPlainTextListenPort|global/read-only\nserviceWebTransportTlsListenPort|global/read-only\nserviceWebTransportWebUrlSuffix|global/read-only\ntlsBlockVersion11Enabled|global/read-only\ntlsCipherSuiteManagementList|global/read-only\ntlsCipherSuiteMsgBackboneList|global/read-only\ntlsCipherSuiteSecureShellList|global/read-only\ntlsCrimeExploitProtectionEnabled|global/read-only\ntlsServerCertContent|global/read-only\ntlsStandardDomainCertificateAuthoritiesEnabled|vpn/read-only\ntlsTicketLifetime|global/read-only\nwebManagerCustomization|vpn/read-only\nwebManagerRedirectHttpEnabled|vpn/read-only\nwebManagerRedirectHttpOverrideTlsPort|vpn/read-only\n\n\n\nThis has been available since 2.13.",
-        "operationId": "getBroker",
+        "description": "Get a Domain Certificate Authority object.\n\nCertificate Authorities trusted for domain verification.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "getDomainCertAuthority",
         "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
@@ -8107,9 +13173,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Broker object's attributes, and the request metadata.",
+            "description": "The Domain Certificate Authority object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/BrokerResponse"
+              "$ref": "#/definitions/DomainCertAuthorityResponse"
             }
           },
           "default": {
@@ -8124,22 +13190,30 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Broker object.",
+        "summary": "Get a Domain Certificate Authority object.",
         "tags": [
-          "all"
+          "all",
+          "domainCertAuthority"
         ]
       },
       "patch": {
-        "description": "Update a Broker object. Any attribute missing from the request will be left unchanged.\n\nThis object contains global configuration for the message broker.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nserviceAmqpTlsListenPort||||x||\nserviceHealthCheckListenPort||||x||\nserviceMateLinkListenPort||||x||\nserviceRedundancyFirstListenPort||||x||\nserviceSempPlainTextListenPort||||x||\nserviceSempTlsListenPort||||x||\nserviceSmfCompressionListenPort||||x||\nserviceSmfPlainTextListenPort||||x||\nserviceSmfRoutingControlListenPort||||x||\nserviceSmfTlsListenPort||||x||\nserviceWebTransportPlainTextListenPort||||x||\nserviceWebTransportTlsListenPort||||x||\nserviceWebTransportWebUrlSuffix||||x||\ntlsServerCertContent|||x|||x\ntlsServerCertPassword|||x|||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nBroker|tlsServerCertPassword|tlsServerCertContent|\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\nEventThresholdByPercent|clearPercent|setPercent|\nEventThresholdByPercent|setPercent|clearPercent|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\nauthClientCertRevocationCheckMode|global/admin\nconfigSyncAuthenticationClientCertMaxChainDepth|global/read-write\nconfigSyncAuthenticationClientCertValidateDateEnabled|global/read-write\nconfigSyncClientProfileTcpInitialCongestionWindow|global/read-write\nconfigSyncClientProfileTcpKeepaliveCount|global/read-write\nconfigSyncClientProfileTcpKeepaliveIdle|global/read-write\nconfigSyncClientProfileTcpKeepaliveInterval|global/read-write\nconfigSyncClientProfileTcpMaxWindow|global/read-write\nconfigSyncClientProfileTcpMss|global/read-write\nconfigSyncEnabled|global/read-write\nconfigSyncSynchronizeUsernameEnabled|global/read-write\nconfigSyncTlsEnabled|global/read-write\nguaranteedMsgingDefragmentationScheduleDayList|global/read-write\nguaranteedMsgingDefragmentationScheduleEnabled|global/read-write\nguaranteedMsgingDefragmentationScheduleTimeList|global/read-write\nguaranteedMsgingDefragmentationThresholdEnabled|global/read-write\nguaranteedMsgingDefragmentationThresholdFragmentationPercentage|global/read-write\nguaranteedMsgingDefragmentationThresholdMinInterval|global/read-write\nguaranteedMsgingDefragmentationThresholdUsagePercentage|global/read-write\nguaranteedMsgingEnabled|global/read-write\nguaranteedMsgingEventCacheUsageThreshold.clearPercent|global/read-write\nguaranteedMsgingEventCacheUsageThreshold.clearValue|global/read-write\nguaranteedMsgingEventCacheUsageThreshold.setPercent|global/read-write\nguaranteedMsgingEventCacheUsageThreshold.setValue|global/read-write\nguaranteedMsgingEventDeliveredUnackedThreshold.clearPercent|global/read-write\nguaranteedMsgingEventDeliveredUnackedThreshold.setPercent|global/read-write\nguaranteedMsgingEventDiskUsageThreshold.clearPercent|global/read-write\nguaranteedMsgingEventDiskUsageThreshold.setPercent|global/read-write\nguaranteedMsgingEventEgressFlowCountThreshold.clearPercent|global/read-write\nguaranteedMsgingEventEgressFlowCountThreshold.clearValue|global/read-write\nguaranteedMsgingEventEgressFlowCountThreshold.setPercent|global/read-write\nguaranteedMsgingEventEgressFlowCountThreshold.setValue|global/read-write\nguaranteedMsgingEventEndpointCountThreshold.clearPercent|global/read-write\nguaranteedMsgingEventEndpointCountThreshold.clearValue|global/read-write\nguaranteedMsgingEventEndpointCountThreshold.setPercent|global/read-write\nguaranteedMsgingEventEndpointCountThreshold.setValue|global/read-write\nguaranteedMsgingEventIngressFlowCountThreshold.clearPercent|global/read-write\nguaranteedMsgingEventIngressFlowCountThreshold.clearValue|global/read-write\nguaranteedMsgingEventIngressFlowCountThreshold.setPercent|global/read-write\nguaranteedMsgingEventIngressFlowCountThreshold.setValue|global/read-write\nguaranteedMsgingEventMsgCountThreshold.clearPercent|global/read-write\nguaranteedMsgingEventMsgCountThreshold.setPercent|global/read-write\nguaranteedMsgingEventMsgSpoolFileCountThreshold.clearPercent|global/read-write\nguaranteedMsgingEventMsgSpoolFileCountThreshold.setPercent|global/read-write\nguaranteedMsgingEventMsgSpoolUsageThreshold.clearPercent|global/read-write\nguaranteedMsgingEventMsgSpoolUsageThreshold.clearValue|global/read-write\nguaranteedMsgingEventMsgSpoolUsageThreshold.setPercent|global/read-write\nguaranteedMsgingEventMsgSpoolUsageThreshold.setValue|global/read-write\nguaranteedMsgingEventTransactedSessionCountThreshold.clearPercent|global/read-write\nguaranteedMsgingEventTransactedSessionCountThreshold.clearValue|global/read-write\nguaranteedMsgingEventTransactedSessionCountThreshold.setPercent|global/read-write\nguaranteedMsgingEventTransactedSessionCountThreshold.setValue|global/read-write\nguaranteedMsgingEventTransactedSessionResourceCountThreshold.clearPercent|global/read-write\nguaranteedMsgingEventTransactedSessionResourceCountThreshold.setPercent|global/read-write\nguaranteedMsgingEventTransactionCountThreshold.clearPercent|global/read-write\nguaranteedMsgingEventTransactionCountThreshold.clearValue|global/read-write\nguaranteedMsgingEventTransactionCountThreshold.setPercent|global/read-write\nguaranteedMsgingEventTransactionCountThreshold.setValue|global/read-write\nguaranteedMsgingMaxCacheUsage|global/read-write\nguaranteedMsgingMaxMsgSpoolUsage|global/read-write\nguaranteedMsgingMsgSpoolSyncMirroredMsgAckTimeout|global/read-write\nguaranteedMsgingMsgSpoolSyncMirroredSpoolFileAckTimeout|global/read-write\nguaranteedMsgingTransactionReplicationCompatibilityMode|global/read-write\noauthProfileDefault|global/admin\nserviceAmqpEnabled|global/read-write\nserviceAmqpTlsListenPort|global/read-write\nserviceEventConnectionCountThreshold.clearPercent|global/read-write\nserviceEventConnectionCountThreshold.clearValue|global/read-write\nserviceEventConnectionCountThreshold.setPercent|global/read-write\nserviceEventConnectionCountThreshold.setValue|global/read-write\nserviceHealthCheckEnabled|global/read-write\nserviceHealthCheckListenPort|global/read-write\nserviceMateLinkEnabled|global/read-write\nserviceMateLinkListenPort|global/read-write\nserviceMqttEnabled|global/read-write\nserviceMsgBackboneEnabled|global/read-write\nserviceRedundancyEnabled|global/read-write\nserviceRedundancyFirstListenPort|global/read-write\nserviceRestEventOutgoingConnectionCountThreshold.clearPercent|global/read-write\nserviceRestEventOutgoingConnectionCountThreshold.clearValue|global/read-write\nserviceRestEventOutgoingConnectionCountThreshold.setPercent|global/read-write\nserviceRestEventOutgoingConnectionCountThreshold.setValue|global/read-write\nserviceRestIncomingEnabled|global/read-write\nserviceRestOutgoingEnabled|global/read-write\nserviceSempCorsAllowAnyHostEnabled|global/read-write\nserviceSempLegacyTimeoutEnabled|global/read-write\nserviceSempPlainTextEnabled|global/read-write\nserviceSempPlainTextListenPort|global/read-write\nserviceSempSessionIdleTimeout|global/read-write\nserviceSempSessionMaxLifetime|global/read-write\nserviceSempTlsEnabled|global/read-write\nserviceSempTlsListenPort|global/read-write\nserviceSmfCompressionListenPort|global/read-write\nserviceSmfEnabled|global/read-write\nserviceSmfEventConnectionCountThreshold.clearPercent|global/read-write\nserviceSmfEventConnectionCountThreshold.clearValue|global/read-write\nserviceSmfEventConnectionCountThreshold.setPercent|global/read-write\nserviceSmfEventConnectionCountThreshold.setValue|global/read-write\nserviceSmfPlainTextListenPort|global/read-write\nserviceSmfRoutingControlListenPort|global/read-write\nserviceSmfTlsListenPort|global/read-write\nserviceTlsEventConnectionCountThreshold.clearPercent|global/read-write\nserviceTlsEventConnectionCountThreshold.clearValue|global/read-write\nserviceTlsEventConnectionCountThreshold.setPercent|global/read-write\nserviceTlsEventConnectionCountThreshold.setValue|global/read-write\nserviceWebTransportEnabled|global/read-write\nserviceWebTransportPlainTextListenPort|global/read-write\nserviceWebTransportTlsListenPort|global/read-write\nserviceWebTransportWebUrlSuffix|global/read-write\ntlsBlockVersion11Enabled|global/read-write\ntlsCipherSuiteManagementList|global/read-write\ntlsCipherSuiteMsgBackboneList|global/read-write\ntlsCipherSuiteSecureShellList|global/read-write\ntlsCrimeExploitProtectionEnabled|global/read-write\ntlsServerCertContent|global/read-write\ntlsServerCertPassword|global/read-write\ntlsStandardDomainCertificateAuthoritiesEnabled|global/read-write\ntlsTicketLifetime|global/read-write\nwebManagerCustomization|vpn/read-write\nwebManagerRedirectHttpEnabled|global/read-write\nwebManagerRedirectHttpOverrideTlsPort|global/read-write\n\n\n\nThis has been available since 2.13.",
-        "operationId": "updateBroker",
+        "description": "Update a Domain Certificate Authority object. Any attribute missing from the request will be left unchanged.\n\nCertificate Authorities trusted for domain verification.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\ncertAuthorityName|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "updateDomainCertAuthority",
         "parameters": [
           {
-            "description": "The Broker object's attributes.",
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Domain Certificate Authority object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/Broker"
+              "$ref": "#/definitions/DomainCertAuthority"
             }
           },
           {
@@ -8154,9 +13228,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Broker object's attributes after being updated, and the request metadata.",
+            "description": "The Domain Certificate Authority object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/BrokerResponse"
+              "$ref": "#/definitions/DomainCertAuthorityResponse"
             }
           },
           "default": {
@@ -8171,17 +13245,32 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a Broker object.",
+        "summary": "Update a Domain Certificate Authority object.",
         "tags": [
-          "all"
+          "all",
+          "domainCertAuthority"
         ]
-      }
-    },
-    "/about": {
-      "get": {
-        "description": "Get an About object.\n\nThis provides metadata about the SEMP API, such as the version of the API supported by the broker.\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.13.",
-        "operationId": "getAbout",
+      },
+      "put": {
+        "description": "Replace a Domain Certificate Authority object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nCertificate Authorities trusted for domain verification.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\ncertAuthorityName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "replaceDomainCertAuthority",
         "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Domain Certificate Authority object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DomainCertAuthority"
+            }
+          },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
@@ -8194,9 +13283,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The About object's attributes, and the request metadata.",
+            "description": "The Domain Certificate Authority object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/AboutResponse"
+              "$ref": "#/definitions/DomainCertAuthorityResponse"
             }
           },
           "default": {
@@ -8211,21 +13300,30 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get an About object.",
+        "summary": "Replace a Domain Certificate Authority object.",
         "tags": [
           "all",
-          "about"
+          "domainCertAuthority"
         ]
       }
     },
-    "/about/api": {
+    "/msgVpns": {
       "get": {
-        "description": "Get an API Description object.\n\nThe API Description object provides metadata about the SEMP API.\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.2.",
-        "operationId": "getAboutApi",
+        "description": "Get a list of Message VPN objects.\n\nMessage VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationOauthDefaultProviderName|||x|\nbridgingTlsServerCertEnforceTrustedCommonNameEnabled|||x|\ndistributedCacheManagementEnabled|||x|\nmsgVpnName|x|||\nreplicationBridgeAuthenticationBasicPassword||x||x\nreplicationBridgeAuthenticationClientCertContent||x||x\nreplicationBridgeAuthenticationClientCertPassword||x||\nreplicationEnabledQueueBehavior||x||\nrestTlsServerCertEnforceTrustedCommonNameEnabled|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpns",
         "parameters": [
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
           {
             "$ref": "#/parameters/selectQuery"
           }
@@ -8235,9 +13333,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The API Description object's attributes, and the request metadata.",
+            "description": "The list of Message VPN objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/AboutApiResponse"
+              "$ref": "#/definitions/MsgVpnsResponse"
             }
           },
           "default": {
@@ -8252,18 +13350,25 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get an API Description object.",
+        "summary": "Get a list of Message VPN objects.",
         "tags": [
           "all",
-          "about"
+          "msgVpn"
         ]
-      }
-    },
-    "/about/user": {
-      "get": {
-        "description": "Get a User object.\n\nSession and access level information about the user accessing the SEMP API.\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.2.",
-        "operationId": "getAboutUser",
+      },
+      "post": {
+        "description": "Create a Message VPN object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nMessage VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationOauthDefaultProviderName|||||x|\nbridgingTlsServerCertEnforceTrustedCommonNameEnabled|||||x|\ndistributedCacheManagementEnabled|||||x|\nmsgVpnName|x|x||||\nreplicationBridgeAuthenticationBasicPassword||||x||x\nreplicationBridgeAuthenticationClientCertContent||||x||x\nreplicationBridgeAuthenticationClientCertPassword||||x||\nreplicationEnabledQueueBehavior||||x||\nrestTlsServerCertEnforceTrustedCommonNameEnabled|||||x|\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\nEventThresholdByValue|clearValue|setValue|\nEventThresholdByValue|setValue|clearValue|\nMsgVpn|authenticationBasicProfileName|authenticationBasicType|\nMsgVpn|authorizationProfileName|authorizationType|\nMsgVpn|eventPublishTopicFormatMqttEnabled|eventPublishTopicFormatSmfEnabled|\nMsgVpn|eventPublishTopicFormatSmfEnabled|eventPublishTopicFormatMqttEnabled|\nMsgVpn|replicationBridgeAuthenticationBasicClientUsername|replicationBridgeAuthenticationBasicPassword|\nMsgVpn|replicationBridgeAuthenticationBasicPassword|replicationBridgeAuthenticationBasicClientUsername|\nMsgVpn|replicationBridgeAuthenticationClientCertPassword|replicationBridgeAuthenticationClientCertContent|\nMsgVpn|replicationEnabledQueueBehavior|replicationEnabled|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpn",
         "parameters": [
+          {
+            "description": "The Message VPN object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpn"
+            }
+          },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
@@ -8276,9 +13381,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The User object's attributes, and the request metadata.",
+            "description": "The Message VPN object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/AboutUserResponse"
+              "$ref": "#/definitions/MsgVpnResponse"
             }
           },
           "default": {
@@ -8293,32 +13398,24 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a User object.",
+        "summary": "Create a Message VPN object.",
         "tags": [
           "all",
-          "about"
+          "msgVpn"
         ]
       }
     },
-    "/about/user/msgVpns": {
-      "get": {
-        "description": "Get a list of User Message VPN objects.\n\nThis provides information about the Message VPN access level for the username used to access the SEMP API.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.2.",
-        "operationId": "getAboutUserMsgVpns",
+    "/msgVpns/{msgVpnName}": {
+      "delete": {
+        "description": "Delete a Message VPN object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nMessage VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpn",
         "parameters": [
           {
-            "$ref": "#/parameters/countQuery"
-          },
-          {
-            "$ref": "#/parameters/cursorQuery"
-          },
-          {
-            "$ref": "#/parameters/opaquePasswordQuery"
-          },
-          {
-            "$ref": "#/parameters/whereQuery"
-          },
-          {
-            "$ref": "#/parameters/selectQuery"
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
           }
         ],
         "produces": [
@@ -8326,9 +13423,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of User Message VPN objects' attributes, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/AboutUserMsgVpnsResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -8343,17 +13440,15 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of User Message VPN objects.",
+        "summary": "Delete a Message VPN object.",
         "tags": [
           "all",
-          "about"
+          "msgVpn"
         ]
-      }
-    },
-    "/about/user/msgVpns/{msgVpnName}": {
+      },
       "get": {
-        "description": "Get a User Message VPN object.\n\nThis provides information about the Message VPN access level for the username used to access the SEMP API.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.2.",
-        "operationId": "getAboutUserMsgVpn",
+        "description": "Get a Message VPN object.\n\nMessage VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationOauthDefaultProviderName|||x|\nbridgingTlsServerCertEnforceTrustedCommonNameEnabled|||x|\ndistributedCacheManagementEnabled|||x|\nmsgVpnName|x|||\nreplicationBridgeAuthenticationBasicPassword||x||x\nreplicationBridgeAuthenticationClientCertContent||x||x\nreplicationBridgeAuthenticationClientCertPassword||x||\nreplicationEnabledQueueBehavior||x||\nrestTlsServerCertEnforceTrustedCommonNameEnabled|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpn",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -8374,9 +13469,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The User Message VPN object's attributes, and the request metadata.",
+            "description": "The Message VPN object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/AboutUserMsgVpnResponse"
+              "$ref": "#/definitions/MsgVpnResponse"
             }
           },
           "default": {
@@ -8391,31 +13486,35 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a User Message VPN object.",
+        "summary": "Get a Message VPN object.",
         "tags": [
           "all",
-          "about"
+          "msgVpn"
         ]
-      }
-    },
-    "/certAuthorities": {
-      "get": {
-        "deprecated": true,
-        "description": "Get a list of Certificate Authority objects.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x||x|\ncertContent|||x|\ncrlDayList|||x|\ncrlTimeList|||x|\ncrlUrl|||x|\nocspNonResponderCertEnabled|||x|\nocspOverrideUrl|||x|\nocspTimeout|||x|\nrevocationCheckEnabled|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities and domainCertAuthorities.",
-        "operationId": "getCertAuthorities",
+      },
+      "patch": {
+        "description": "Update a Message VPN object. Any attribute missing from the request will be left unchanged.\n\nMessage VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nauthenticationOauthDefaultProviderName||||||x|\nbridgingTlsServerCertEnforceTrustedCommonNameEnabled||||||x|\ndistributedCacheManagementEnabled||||||x|\nmsgVpnName|x|x|||||\nreplicationBridgeAuthenticationBasicPassword|||x||||x\nreplicationBridgeAuthenticationClientCertContent|||x||||x\nreplicationBridgeAuthenticationClientCertPassword|||x||||\nreplicationEnabledQueueBehavior|||x||||\nrestTlsServerCertEnforceTrustedCommonNameEnabled||||||x|\nserviceAmqpPlainTextListenPort|||||x||\nserviceAmqpTlsListenPort|||||x||\nserviceMqttPlainTextListenPort|||||x||\nserviceMqttTlsListenPort|||||x||\nserviceMqttTlsWebSocketListenPort|||||x||\nserviceMqttWebSocketListenPort|||||x||\nserviceRestIncomingPlainTextListenPort|||||x||\nserviceRestIncomingTlsListenPort|||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\nEventThresholdByValue|clearValue|setValue|\nEventThresholdByValue|setValue|clearValue|\nMsgVpn|authenticationBasicProfileName|authenticationBasicType|\nMsgVpn|authorizationProfileName|authorizationType|\nMsgVpn|eventPublishTopicFormatMqttEnabled|eventPublishTopicFormatSmfEnabled|\nMsgVpn|eventPublishTopicFormatSmfEnabled|eventPublishTopicFormatMqttEnabled|\nMsgVpn|replicationBridgeAuthenticationBasicClientUsername|replicationBridgeAuthenticationBasicPassword|\nMsgVpn|replicationBridgeAuthenticationBasicPassword|replicationBridgeAuthenticationBasicClientUsername|\nMsgVpn|replicationBridgeAuthenticationClientCertPassword|replicationBridgeAuthenticationClientCertContent|\nMsgVpn|replicationEnabledQueueBehavior|replicationEnabled|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\nalias|global/read-write\nauthenticationBasicEnabled|global/read-write\nauthenticationBasicProfileName|global/read-write\nauthenticationBasicRadiusDomain|global/read-write\nauthenticationBasicType|global/read-write\nauthenticationClientCertAllowApiProvidedUsernameEnabled|global/read-write\nauthenticationClientCertCertificateMatchingRulesEnabled|global/read-write\nauthenticationClientCertEnabled|global/read-write\nauthenticationClientCertMaxChainDepth|global/read-write\nauthenticationClientCertRevocationCheckMode|global/read-write\nauthenticationClientCertUsernameSource|global/read-write\nauthenticationClientCertValidateDateEnabled|global/read-write\nauthenticationKerberosAllowApiProvidedUsernameEnabled|global/read-write\nauthenticationKerberosEnabled|global/read-write\nauthenticationOauthEnabled|global/read-write\nbridgingTlsServerCertEnforceTrustedCommonNameEnabled|global/read-write\nbridgingTlsServerCertMaxChainDepth|global/read-write\nbridgingTlsServerCertValidateDateEnabled|global/read-write\nbridgingTlsServerCertValidateNameEnabled|global/read-write\ndmrEnabled|global/read-write\nexportSubscriptionsEnabled|global/read-write\nmaxConnectionCount|global/read-write\nmaxEgressFlowCount|global/read-write\nmaxEndpointCount|global/read-write\nmaxIngressFlowCount|global/read-write\nmaxMsgSpoolUsage|global/read-write\nmaxSubscriptionCount|global/read-write\nmaxTransactedSessionCount|global/read-write\nmaxTransactionCount|global/read-write\nmqttRetainMaxMemory|global/read-write\nreplicationBridgeAuthenticationBasicClientUsername|global/read-write\nreplicationBridgeAuthenticationBasicPassword|global/read-write\nreplicationBridgeAuthenticationClientCertContent|global/read-write\nreplicationBridgeAuthenticationClientCertPassword|global/read-write\nreplicationBridgeAuthenticationScheme|global/read-write\nreplicationBridgeCompressedDataEnabled|global/read-write\nreplicationBridgeEgressFlowWindowSize|global/read-write\nreplicationBridgeRetryDelay|global/read-write\nreplicationBridgeTlsEnabled|global/read-write\nreplicationBridgeUnidirectionalClientProfileName|global/read-write\nreplicationEnabled|global/read-write\nreplicationEnabledQueueBehavior|global/read-write\nreplicationQueueMaxMsgSpoolUsage|global/read-write\nreplicationRole|global/read-write\nrestTlsServerCertEnforceTrustedCommonNameEnabled|global/read-write\nrestTlsServerCertMaxChainDepth|global/read-write\nrestTlsServerCertValidateDateEnabled|global/read-write\nrestTlsServerCertValidateNameEnabled|global/read-write\nsempOverMsgBusAdminClientEnabled|global/read-write\nsempOverMsgBusAdminDistributedCacheEnabled|global/read-write\nsempOverMsgBusAdminEnabled|global/read-write\nsempOverMsgBusEnabled|global/read-write\nsempOverMsgBusShowEnabled|global/read-write\nserviceAmqpMaxConnectionCount|global/read-write\nserviceAmqpPlainTextListenPort|global/read-write\nserviceAmqpTlsListenPort|global/read-write\nserviceMqttMaxConnectionCount|global/read-write\nserviceMqttPlainTextListenPort|global/read-write\nserviceMqttTlsListenPort|global/read-write\nserviceMqttTlsWebSocketListenPort|global/read-write\nserviceMqttWebSocketListenPort|global/read-write\nserviceRestIncomingMaxConnectionCount|global/read-write\nserviceRestIncomingPlainTextListenPort|global/read-write\nserviceRestIncomingTlsListenPort|global/read-write\nserviceRestOutgoingMaxConnectionCount|global/read-write\nserviceSmfMaxConnectionCount|global/read-write\nserviceWebMaxConnectionCount|global/read-write\n\n\n\nThis has been available since 2.0.",
+        "operationId": "updateMsgVpn",
         "parameters": [
           {
-            "$ref": "#/parameters/countQuery"
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/cursorQuery"
+            "description": "The Message VPN object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpn"
+            }
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
-          {
-            "$ref": "#/parameters/whereQuery"
-          },
           {
             "$ref": "#/parameters/selectQuery"
           }
@@ -8425,9 +13524,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Certificate Authority objects' attributes, and the request metadata.",
+            "description": "The Message VPN object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/CertAuthoritiesResponse"
+              "$ref": "#/definitions/MsgVpnResponse"
             }
           },
           "default": {
@@ -8442,24 +13541,30 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Certificate Authority objects.",
+        "summary": "Update a Message VPN object.",
         "tags": [
           "all",
-          "certAuthority"
+          "msgVpn"
         ]
       },
-      "post": {
-        "deprecated": true,
-        "description": "Create a Certificate Authority object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x|x|||x|\ncertContent|||||x|\ncrlDayList|||||x|\ncrlTimeList|||||x|\ncrlUrl|||||x|\nocspNonResponderCertEnabled|||||x|\nocspOverrideUrl|||||x|\nocspTimeout|||||x|\nrevocationCheckEnabled|||||x|\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nCertAuthority|crlDayList|crlTimeList|\nCertAuthority|crlTimeList|crlDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities and domainCertAuthorities.",
-        "operationId": "createCertAuthority",
+      "put": {
+        "description": "Replace a Message VPN object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nMessage VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nauthenticationOauthDefaultProviderName|||||||x|\nbridgingTlsServerCertEnforceTrustedCommonNameEnabled|||||||x|\ndistributedCacheManagementEnabled|||||||x|\nmsgVpnName|x||x|||||\nreplicationBridgeAuthenticationBasicPassword||||x||||x\nreplicationBridgeAuthenticationClientCertContent||||x||||x\nreplicationBridgeAuthenticationClientCertPassword||||x||||\nreplicationEnabledQueueBehavior||||x||||\nrestTlsServerCertEnforceTrustedCommonNameEnabled|||||||x|\nserviceAmqpPlainTextListenPort||||||x||\nserviceAmqpTlsListenPort||||||x||\nserviceMqttPlainTextListenPort||||||x||\nserviceMqttTlsListenPort||||||x||\nserviceMqttTlsWebSocketListenPort||||||x||\nserviceMqttWebSocketListenPort||||||x||\nserviceRestIncomingPlainTextListenPort||||||x||\nserviceRestIncomingTlsListenPort||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\nEventThresholdByValue|clearValue|setValue|\nEventThresholdByValue|setValue|clearValue|\nMsgVpn|authenticationBasicProfileName|authenticationBasicType|\nMsgVpn|authorizationProfileName|authorizationType|\nMsgVpn|eventPublishTopicFormatMqttEnabled|eventPublishTopicFormatSmfEnabled|\nMsgVpn|eventPublishTopicFormatSmfEnabled|eventPublishTopicFormatMqttEnabled|\nMsgVpn|replicationBridgeAuthenticationBasicClientUsername|replicationBridgeAuthenticationBasicPassword|\nMsgVpn|replicationBridgeAuthenticationBasicPassword|replicationBridgeAuthenticationBasicClientUsername|\nMsgVpn|replicationBridgeAuthenticationClientCertPassword|replicationBridgeAuthenticationClientCertContent|\nMsgVpn|replicationEnabledQueueBehavior|replicationEnabled|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\nalias|global/read-write\nauthenticationBasicEnabled|global/read-write\nauthenticationBasicProfileName|global/read-write\nauthenticationBasicRadiusDomain|global/read-write\nauthenticationBasicType|global/read-write\nauthenticationClientCertAllowApiProvidedUsernameEnabled|global/read-write\nauthenticationClientCertCertificateMatchingRulesEnabled|global/read-write\nauthenticationClientCertEnabled|global/read-write\nauthenticationClientCertMaxChainDepth|global/read-write\nauthenticationClientCertRevocationCheckMode|global/read-write\nauthenticationClientCertUsernameSource|global/read-write\nauthenticationClientCertValidateDateEnabled|global/read-write\nauthenticationKerberosAllowApiProvidedUsernameEnabled|global/read-write\nauthenticationKerberosEnabled|global/read-write\nauthenticationOauthEnabled|global/read-write\nbridgingTlsServerCertEnforceTrustedCommonNameEnabled|global/read-write\nbridgingTlsServerCertMaxChainDepth|global/read-write\nbridgingTlsServerCertValidateDateEnabled|global/read-write\nbridgingTlsServerCertValidateNameEnabled|global/read-write\ndmrEnabled|global/read-write\nexportSubscriptionsEnabled|global/read-write\nmaxConnectionCount|global/read-write\nmaxEgressFlowCount|global/read-write\nmaxEndpointCount|global/read-write\nmaxIngressFlowCount|global/read-write\nmaxMsgSpoolUsage|global/read-write\nmaxSubscriptionCount|global/read-write\nmaxTransactedSessionCount|global/read-write\nmaxTransactionCount|global/read-write\nmqttRetainMaxMemory|global/read-write\nreplicationBridgeAuthenticationBasicClientUsername|global/read-write\nreplicationBridgeAuthenticationBasicPassword|global/read-write\nreplicationBridgeAuthenticationClientCertContent|global/read-write\nreplicationBridgeAuthenticationClientCertPassword|global/read-write\nreplicationBridgeAuthenticationScheme|global/read-write\nreplicationBridgeCompressedDataEnabled|global/read-write\nreplicationBridgeEgressFlowWindowSize|global/read-write\nreplicationBridgeRetryDelay|global/read-write\nreplicationBridgeTlsEnabled|global/read-write\nreplicationBridgeUnidirectionalClientProfileName|global/read-write\nreplicationEnabled|global/read-write\nreplicationEnabledQueueBehavior|global/read-write\nreplicationQueueMaxMsgSpoolUsage|global/read-write\nreplicationRole|global/read-write\nrestTlsServerCertEnforceTrustedCommonNameEnabled|global/read-write\nrestTlsServerCertMaxChainDepth|global/read-write\nrestTlsServerCertValidateDateEnabled|global/read-write\nrestTlsServerCertValidateNameEnabled|global/read-write\nsempOverMsgBusAdminClientEnabled|global/read-write\nsempOverMsgBusAdminDistributedCacheEnabled|global/read-write\nsempOverMsgBusAdminEnabled|global/read-write\nsempOverMsgBusEnabled|global/read-write\nsempOverMsgBusShowEnabled|global/read-write\nserviceAmqpMaxConnectionCount|global/read-write\nserviceAmqpPlainTextListenPort|global/read-write\nserviceAmqpTlsListenPort|global/read-write\nserviceMqttMaxConnectionCount|global/read-write\nserviceMqttPlainTextListenPort|global/read-write\nserviceMqttTlsListenPort|global/read-write\nserviceMqttTlsWebSocketListenPort|global/read-write\nserviceMqttWebSocketListenPort|global/read-write\nserviceRestIncomingMaxConnectionCount|global/read-write\nserviceRestIncomingPlainTextListenPort|global/read-write\nserviceRestIncomingTlsListenPort|global/read-write\nserviceRestOutgoingMaxConnectionCount|global/read-write\nserviceSmfMaxConnectionCount|global/read-write\nserviceWebMaxConnectionCount|global/read-write\n\n\n\nThis has been available since 2.0.",
+        "operationId": "replaceMsgVpn",
         "parameters": [
           {
-            "description": "The Certificate Authority object's attributes.",
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Message VPN object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/CertAuthority"
+              "$ref": "#/definitions/MsgVpn"
             }
           },
           {
@@ -8474,9 +13579,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Certificate Authority object's attributes after being created, and the request metadata.",
+            "description": "The Message VPN object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/CertAuthorityResponse"
+              "$ref": "#/definitions/MsgVpnResponse"
             }
           },
           "default": {
@@ -8491,25 +13596,39 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Certificate Authority object.",
+        "summary": "Replace a Message VPN object.",
         "tags": [
           "all",
-          "certAuthority"
+          "msgVpn"
         ]
       }
     },
-    "/certAuthorities/{certAuthorityName}": {
-      "delete": {
-        "deprecated": true,
-        "description": "Delete a Certificate Authority object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities and domainCertAuthorities.",
-        "operationId": "deleteCertAuthority",
+    "/msgVpns/{msgVpnName}/aclProfiles": {
+      "get": {
+        "description": "Get a list of ACL Profile objects.\n\nAn ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnAclProfiles",
         "parameters": [
           {
-            "description": "The name of the Certificate Authority.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "certAuthorityName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -8517,9 +13636,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The request metadata.",
+            "description": "The list of ACL Profile objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
+              "$ref": "#/definitions/MsgVpnAclProfilesResponse"
             }
           },
           "default": {
@@ -8534,24 +13653,33 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Certificate Authority object.",
+        "summary": "Get a list of ACL Profile objects.",
         "tags": [
           "all",
-          "certAuthority"
+          "msgVpn",
+          "aclProfile"
         ]
       },
-      "get": {
-        "deprecated": true,
-        "description": "Get a Certificate Authority object.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x||x|\ncertContent|||x|\ncrlDayList|||x|\ncrlTimeList|||x|\ncrlUrl|||x|\nocspNonResponderCertEnabled|||x|\nocspOverrideUrl|||x|\nocspTimeout|||x|\nrevocationCheckEnabled|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities and domainCertAuthorities.",
-        "operationId": "getCertAuthority",
+      "post": {
+        "description": "Create an ACL Profile object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAn ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName|x|x||||\nmsgVpnName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnAclProfile",
         "parameters": [
           {
-            "description": "The name of the Certificate Authority.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "certAuthorityName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The ACL Profile object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfile"
+            }
+          },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
@@ -8564,9 +13692,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Certificate Authority object's attributes, and the request metadata.",
+            "description": "The ACL Profile object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/CertAuthorityResponse"
+              "$ref": "#/definitions/MsgVpnAclProfileResponse"
             }
           },
           "default": {
@@ -8581,38 +13709,32 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Certificate Authority object.",
+        "summary": "Create an ACL Profile object.",
         "tags": [
           "all",
-          "certAuthority"
+          "msgVpn",
+          "aclProfile"
         ]
-      },
-      "patch": {
-        "deprecated": true,
-        "description": "Update a Certificate Authority object. Any attribute missing from the request will be left unchanged.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x|x|||x|\ncertContent|||||x|\ncrlDayList|||||x|\ncrlTimeList|||||x|\ncrlUrl||||x|x|\nocspNonResponderCertEnabled|||||x|\nocspOverrideUrl|||||x|\nocspTimeout|||||x|\nrevocationCheckEnabled|||||x|\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nCertAuthority|crlDayList|crlTimeList|\nCertAuthority|crlTimeList|crlDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities and domainCertAuthorities.",
-        "operationId": "updateCertAuthority",
+      }
+    },
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}": {
+      "delete": {
+        "description": "Delete an ACL Profile object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAn ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnAclProfile",
         "parameters": [
           {
-            "description": "The name of the Certificate Authority.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "certAuthorityName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Certificate Authority object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/CertAuthority"
-            }
-          },
-          {
-            "$ref": "#/parameters/opaquePasswordQuery"
-          },
-          {
-            "$ref": "#/parameters/selectQuery"
+            "type": "string"
           }
         ],
         "produces": [
@@ -8620,9 +13742,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Certificate Authority object's attributes after being updated, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/CertAuthorityResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -8637,32 +13759,30 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a Certificate Authority object.",
+        "summary": "Delete an ACL Profile object.",
         "tags": [
           "all",
-          "certAuthority"
+          "msgVpn",
+          "aclProfile"
         ]
       },
-      "put": {
-        "deprecated": true,
-        "description": "Replace a Certificate Authority object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x|x|||x|\ncertContent|||||x|\ncrlDayList|||||x|\ncrlTimeList|||||x|\ncrlUrl||||x|x|\nocspNonResponderCertEnabled|||||x|\nocspOverrideUrl|||||x|\nocspTimeout|||||x|\nrevocationCheckEnabled|||||x|\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nCertAuthority|crlDayList|crlTimeList|\nCertAuthority|crlTimeList|crlDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities and domainCertAuthorities.",
-        "operationId": "replaceCertAuthority",
+      "get": {
+        "description": "Get an ACL Profile object.\n\nAn ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnAclProfile",
         "parameters": [
           {
-            "description": "The name of the Certificate Authority.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "certAuthorityName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Certificate Authority object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/CertAuthority"
-            }
+            "type": "string"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -8676,9 +13796,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Certificate Authority object's attributes after being replaced, and the request metadata.",
+            "description": "The ACL Profile object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/CertAuthorityResponse"
+              "$ref": "#/definitions/MsgVpnAclProfileResponse"
             }
           },
           "default": {
@@ -8693,31 +13813,42 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace a Certificate Authority object.",
+        "summary": "Get an ACL Profile object.",
         "tags": [
           "all",
-          "certAuthority"
+          "msgVpn",
+          "aclProfile"
         ]
-      }
-    },
-    "/certAuthorities/{certAuthorityName}/ocspTlsTrustedCommonNames": {
-      "get": {
-        "deprecated": true,
-        "description": "Get a list of OCSP Responder Trusted Common Name objects.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x||x|\nocspTlsTrustedCommonName|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities.",
-        "operationId": "getCertAuthorityOcspTlsTrustedCommonNames",
+      },
+      "patch": {
+        "description": "Update an ACL Profile object. Any attribute missing from the request will be left unchanged.\n\nAn ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\naclProfileName|x|x|||||\nmsgVpnName|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "updateMsgVpnAclProfile",
         "parameters": [
           {
-            "description": "The name of the Certificate Authority.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "certAuthorityName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "$ref": "#/parameters/opaquePasswordQuery"
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/whereQuery"
+            "description": "The ACL Profile object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfile"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
           },
           {
             "$ref": "#/parameters/selectQuery"
@@ -8728,9 +13859,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of OCSP Responder Trusted Common Name objects' attributes, and the request metadata.",
+            "description": "The ACL Profile object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/CertAuthorityOcspTlsTrustedCommonNamesResponse"
+              "$ref": "#/definitions/MsgVpnAclProfileResponse"
             }
           },
           "default": {
@@ -8745,31 +13876,38 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of OCSP Responder Trusted Common Name objects.",
+        "summary": "Update an ACL Profile object.",
         "tags": [
           "all",
-          "certAuthority"
+          "msgVpn",
+          "aclProfile"
         ]
       },
-      "post": {
-        "deprecated": true,
-        "description": "Create an OCSP Responder Trusted Common Name object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x||x||x|\nocspTlsTrustedCommonName|x|x|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities.",
-        "operationId": "createCertAuthorityOcspTlsTrustedCommonName",
+      "put": {
+        "description": "Replace an ACL Profile object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nAn ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\naclProfileName|x||x|||||\nmsgVpnName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "replaceMsgVpnAclProfile",
         "parameters": [
           {
-            "description": "The name of the Certificate Authority.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "certAuthorityName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The OCSP Responder Trusted Common Name object's attributes.",
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The ACL Profile object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/CertAuthorityOcspTlsTrustedCommonName"
+              "$ref": "#/definitions/MsgVpnAclProfile"
             }
           },
           {
@@ -8784,9 +13922,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The OCSP Responder Trusted Common Name object's attributes after being created, and the request metadata.",
+            "description": "The ACL Profile object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/CertAuthorityOcspTlsTrustedCommonNameResponse"
+              "$ref": "#/definitions/MsgVpnAclProfileResponse"
             }
           },
           "default": {
@@ -8801,32 +13939,47 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create an OCSP Responder Trusted Common Name object.",
+        "summary": "Replace an ACL Profile object.",
         "tags": [
           "all",
-          "certAuthority"
+          "msgVpn",
+          "aclProfile"
         ]
       }
     },
-    "/certAuthorities/{certAuthorityName}/ocspTlsTrustedCommonNames/{ocspTlsTrustedCommonName}": {
-      "delete": {
-        "deprecated": true,
-        "description": "Delete an OCSP Responder Trusted Common Name object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities.",
-        "operationId": "deleteCertAuthorityOcspTlsTrustedCommonName",
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/clientConnectExceptions": {
+      "get": {
+        "description": "Get a list of Client Connect Exception objects.\n\nA Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nclientConnectExceptionAddress|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnAclProfileClientConnectExceptions",
         "parameters": [
           {
-            "description": "The name of the Certificate Authority.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "certAuthorityName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The expected Trusted Common Name of the OCSP responder remote certificate.",
+            "description": "The name of the ACL Profile.",
             "in": "path",
-            "name": "ocspTlsTrustedCommonName",
+            "name": "aclProfileName",
             "required": true,
             "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -8834,9 +13987,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The request metadata.",
+            "description": "The list of Client Connect Exception objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
+              "$ref": "#/definitions/MsgVpnAclProfileClientConnectExceptionsResponse"
             }
           },
           "default": {
@@ -8851,31 +14004,40 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete an OCSP Responder Trusted Common Name object.",
+        "summary": "Get a list of Client Connect Exception objects.",
         "tags": [
           "all",
-          "certAuthority"
+          "msgVpn",
+          "aclProfile"
         ]
       },
-      "get": {
-        "deprecated": true,
-        "description": "Get an OCSP Responder Trusted Common Name object.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x||x|\nocspTlsTrustedCommonName|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities.",
-        "operationId": "getCertAuthorityOcspTlsTrustedCommonName",
+      "post": {
+        "description": "Create a Client Connect Exception object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName|x||x|||\nclientConnectExceptionAddress|x|x||||\nmsgVpnName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnAclProfileClientConnectException",
         "parameters": [
           {
-            "description": "The name of the Certificate Authority.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "certAuthorityName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The expected Trusted Common Name of the OCSP responder remote certificate.",
+            "description": "The name of the ACL Profile.",
             "in": "path",
-            "name": "ocspTlsTrustedCommonName",
+            "name": "aclProfileName",
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The Client Connect Exception object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfileClientConnectException"
+            }
+          },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
@@ -8888,9 +14050,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The OCSP Responder Trusted Common Name object's attributes, and the request metadata.",
+            "description": "The Client Connect Exception object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/CertAuthorityOcspTlsTrustedCommonNameResponse"
+              "$ref": "#/definitions/MsgVpnAclProfileClientConnectExceptionResponse"
             }
           },
           "default": {
@@ -8905,32 +14067,39 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get an OCSP Responder Trusted Common Name object.",
+        "summary": "Create a Client Connect Exception object.",
         "tags": [
           "all",
-          "certAuthority"
+          "msgVpn",
+          "aclProfile"
         ]
       }
     },
-    "/clientCertAuthorities": {
-      "get": {
-        "description": "Get a list of Client Certificate Authority objects.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
-        "operationId": "getClientCertAuthorities",
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/clientConnectExceptions/{clientConnectExceptionAddress}": {
+      "delete": {
+        "description": "Delete a Client Connect Exception object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnAclProfileClientConnectException",
         "parameters": [
           {
-            "$ref": "#/parameters/countQuery"
-          },
-          {
-            "$ref": "#/parameters/cursorQuery"
-          },
-          {
-            "$ref": "#/parameters/opaquePasswordQuery"
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/whereQuery"
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/selectQuery"
+            "description": "The IP address/netmask of the client connect exception in canonical CIDR form.",
+            "in": "path",
+            "name": "clientConnectExceptionAddress",
+            "required": true,
+            "type": "string"
           }
         ],
         "produces": [
@@ -8938,9 +14107,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Client Certificate Authority objects' attributes, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/ClientCertAuthoritiesResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -8955,24 +14124,37 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Client Certificate Authority objects.",
+        "summary": "Delete a Client Connect Exception object.",
         "tags": [
           "all",
-          "clientCertAuthority"
+          "msgVpn",
+          "aclProfile"
         ]
       },
-      "post": {
-        "description": "Create a Client Certificate Authority object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nClientCertAuthority|crlDayList|crlTimeList|\nClientCertAuthority|crlTimeList|crlDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
-        "operationId": "createClientCertAuthority",
+      "get": {
+        "description": "Get a Client Connect Exception object.\n\nA Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nclientConnectExceptionAddress|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnAclProfileClientConnectException",
         "parameters": [
           {
-            "description": "The Client Certificate Authority object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/ClientCertAuthority"
-            }
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The IP address/netmask of the client connect exception in canonical CIDR form.",
+            "in": "path",
+            "name": "clientConnectExceptionAddress",
+            "required": true,
+            "type": "string"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -8986,9 +14168,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Client Certificate Authority object's attributes after being created, and the request metadata.",
+            "description": "The Client Connect Exception object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/ClientCertAuthorityResponse"
+              "$ref": "#/definitions/MsgVpnAclProfileClientConnectExceptionResponse"
             }
           },
           "default": {
@@ -9003,24 +14185,48 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Client Certificate Authority object.",
+        "summary": "Get a Client Connect Exception object.",
         "tags": [
           "all",
-          "clientCertAuthority"
+          "msgVpn",
+          "aclProfile"
         ]
       }
     },
-    "/clientCertAuthorities/{certAuthorityName}": {
-      "delete": {
-        "description": "Delete a Client Certificate Authority object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
-        "operationId": "deleteClientCertAuthority",
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/publishExceptions": {
+      "get": {
+        "deprecated": true,
+        "description": "Get a list of Publish Topic Exception objects.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x||x|\nmsgVpnName|x||x|\npublishExceptionTopic|x||x|\ntopicSyntax|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by publishTopicExceptions.",
+        "operationId": "getMsgVpnAclProfilePublishExceptions",
         "parameters": [
           {
-            "description": "The name of the Certificate Authority.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "certAuthorityName",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
             "required": true,
             "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -9028,9 +14234,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The request metadata.",
+            "description": "The list of Publish Topic Exception objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
+              "$ref": "#/definitions/MsgVpnAclProfilePublishExceptionsResponse"
             }
           },
           "default": {
@@ -9045,23 +14251,41 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Client Certificate Authority object.",
+        "summary": "Get a list of Publish Topic Exception objects.",
         "tags": [
           "all",
-          "clientCertAuthority"
+          "msgVpn",
+          "aclProfile"
         ]
       },
-      "get": {
-        "description": "Get a Client Certificate Authority object.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
-        "operationId": "getClientCertAuthority",
+      "post": {
+        "deprecated": true,
+        "description": "Create a Publish Topic Exception object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName|x||x||x|\nmsgVpnName|x||x||x|\npublishExceptionTopic|x|x|||x|\ntopicSyntax|x|x|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by publishTopicExceptions.",
+        "operationId": "createMsgVpnAclProfilePublishException",
         "parameters": [
           {
-            "description": "The name of the Certificate Authority.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "certAuthorityName",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The Publish Topic Exception object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfilePublishException"
+            }
+          },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
@@ -9074,9 +14298,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Client Certificate Authority object's attributes, and the request metadata.",
+            "description": "The Publish Topic Exception object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/ClientCertAuthorityResponse"
+              "$ref": "#/definitions/MsgVpnAclProfilePublishExceptionResponse"
             }
           },
           "default": {
@@ -9091,37 +14315,47 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Client Certificate Authority object.",
+        "summary": "Create a Publish Topic Exception object.",
         "tags": [
           "all",
-          "clientCertAuthority"
+          "msgVpn",
+          "aclProfile"
         ]
-      },
-      "patch": {
-        "description": "Update a Client Certificate Authority object. Any attribute missing from the request will be left unchanged.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x|x||||\ncrlUrl||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nClientCertAuthority|crlDayList|crlTimeList|\nClientCertAuthority|crlTimeList|crlDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
-        "operationId": "updateClientCertAuthority",
+      }
+    },
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/publishExceptions/{topicSyntax},{publishExceptionTopic}": {
+      "delete": {
+        "deprecated": true,
+        "description": "Delete a Publish Topic Exception object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by publishTopicExceptions.",
+        "operationId": "deleteMsgVpnAclProfilePublishException",
         "parameters": [
           {
-            "description": "The name of the Certificate Authority.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "certAuthorityName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Client Certificate Authority object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/ClientCertAuthority"
-            }
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/opaquePasswordQuery"
+            "description": "The syntax of the topic for the exception to the default action taken.",
+            "in": "path",
+            "name": "topicSyntax",
+            "required": true,
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/selectQuery"
+            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "in": "path",
+            "name": "publishExceptionTopic",
+            "required": true,
+            "type": "string"
           }
         ],
         "produces": [
@@ -9129,9 +14363,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Client Certificate Authority object's attributes after being updated, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/ClientCertAuthorityResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -9146,31 +14380,45 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a Client Certificate Authority object.",
+        "summary": "Delete a Publish Topic Exception object.",
         "tags": [
           "all",
-          "clientCertAuthority"
+          "msgVpn",
+          "aclProfile"
         ]
       },
-      "put": {
-        "description": "Replace a Client Certificate Authority object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x|x||||\ncrlUrl||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nClientCertAuthority|crlDayList|crlTimeList|\nClientCertAuthority|crlTimeList|crlDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
-        "operationId": "replaceClientCertAuthority",
+      "get": {
+        "deprecated": true,
+        "description": "Get a Publish Topic Exception object.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x||x|\nmsgVpnName|x||x|\npublishExceptionTopic|x||x|\ntopicSyntax|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by publishTopicExceptions.",
+        "operationId": "getMsgVpnAclProfilePublishException",
         "parameters": [
           {
-            "description": "The name of the Certificate Authority.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "certAuthorityName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Client Certificate Authority object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/ClientCertAuthority"
-            }
+            "type": "string"
+          },
+          {
+            "description": "The syntax of the topic for the exception to the default action taken.",
+            "in": "path",
+            "name": "topicSyntax",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "in": "path",
+            "name": "publishExceptionTopic",
+            "required": true,
+            "type": "string"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -9184,9 +14432,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Client Certificate Authority object's attributes after being replaced, and the request metadata.",
+            "description": "The Publish Topic Exception object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/ClientCertAuthorityResponse"
+              "$ref": "#/definitions/MsgVpnAclProfilePublishExceptionResponse"
             }
           },
           "default": {
@@ -9201,25 +14449,39 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace a Client Certificate Authority object.",
+        "summary": "Get a Publish Topic Exception object.",
         "tags": [
           "all",
-          "clientCertAuthority"
+          "msgVpn",
+          "aclProfile"
         ]
       }
     },
-    "/clientCertAuthorities/{certAuthorityName}/ocspTlsTrustedCommonNames": {
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/publishTopicExceptions": {
       "get": {
-        "description": "Get a list of OCSP Responder Trusted Common Name objects.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x|||\nocspTlsTrustedCommonName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
-        "operationId": "getClientCertAuthorityOcspTlsTrustedCommonNames",
+        "description": "Get a list of Publish Topic Exception objects.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nmsgVpnName|x|||\npublishTopicException|x|||\npublishTopicExceptionSyntax|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "getMsgVpnAclProfilePublishTopicExceptions",
         "parameters": [
           {
-            "description": "The name of the Certificate Authority.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "certAuthorityName",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
             "required": true,
             "type": "string"
           },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
@@ -9235,9 +14497,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of OCSP Responder Trusted Common Name objects' attributes, and the request metadata.",
+            "description": "The list of Publish Topic Exception objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/ClientCertAuthorityOcspTlsTrustedCommonNamesResponse"
+              "$ref": "#/definitions/MsgVpnAclProfilePublishTopicExceptionsResponse"
             }
           },
           "default": {
@@ -9252,30 +14514,38 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of OCSP Responder Trusted Common Name objects.",
+        "summary": "Get a list of Publish Topic Exception objects.",
         "tags": [
           "all",
-          "clientCertAuthority"
+          "msgVpn",
+          "aclProfile"
         ]
       },
       "post": {
-        "description": "Create an OCSP Responder Trusted Common Name object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x||x|||\nocspTlsTrustedCommonName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
-        "operationId": "createClientCertAuthorityOcspTlsTrustedCommonName",
+        "description": "Create a Publish Topic Exception object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName|x||x|||\nmsgVpnName|x||x|||\npublishTopicException|x|x||||\npublishTopicExceptionSyntax|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "createMsgVpnAclProfilePublishTopicException",
         "parameters": [
           {
-            "description": "The name of the Certificate Authority.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "certAuthorityName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The OCSP Responder Trusted Common Name object's attributes.",
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Publish Topic Exception object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/ClientCertAuthorityOcspTlsTrustedCommonName"
+              "$ref": "#/definitions/MsgVpnAclProfilePublishTopicException"
             }
           },
           {
@@ -9290,9 +14560,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The OCSP Responder Trusted Common Name object's attributes after being created, and the request metadata.",
+            "description": "The Publish Topic Exception object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/ClientCertAuthorityOcspTlsTrustedCommonNameResponse"
+              "$ref": "#/definitions/MsgVpnAclProfilePublishTopicExceptionResponse"
             }
           },
           "default": {
@@ -9307,29 +14577,44 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create an OCSP Responder Trusted Common Name object.",
+        "summary": "Create a Publish Topic Exception object.",
         "tags": [
           "all",
-          "clientCertAuthority"
+          "msgVpn",
+          "aclProfile"
         ]
       }
     },
-    "/clientCertAuthorities/{certAuthorityName}/ocspTlsTrustedCommonNames/{ocspTlsTrustedCommonName}": {
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/publishTopicExceptions/{publishTopicExceptionSyntax},{publishTopicException}": {
       "delete": {
-        "description": "Delete an OCSP Responder Trusted Common Name object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
-        "operationId": "deleteClientCertAuthorityOcspTlsTrustedCommonName",
+        "description": "Delete a Publish Topic Exception object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "deleteMsgVpnAclProfilePublishTopicException",
         "parameters": [
           {
-            "description": "The name of the Certificate Authority.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "certAuthorityName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The expected Trusted Common Name of the OCSP responder remote certificate.",
+            "description": "The name of the ACL Profile.",
             "in": "path",
-            "name": "ocspTlsTrustedCommonName",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The syntax of the topic for the exception to the default action taken.",
+            "in": "path",
+            "name": "publishTopicExceptionSyntax",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "in": "path",
+            "name": "publishTopicException",
             "required": true,
             "type": "string"
           }
@@ -9356,27 +14641,42 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete an OCSP Responder Trusted Common Name object.",
+        "summary": "Delete a Publish Topic Exception object.",
         "tags": [
           "all",
-          "clientCertAuthority"
+          "msgVpn",
+          "aclProfile"
         ]
       },
       "get": {
-        "description": "Get an OCSP Responder Trusted Common Name object.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x|||\nocspTlsTrustedCommonName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
-        "operationId": "getClientCertAuthorityOcspTlsTrustedCommonName",
+        "description": "Get a Publish Topic Exception object.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nmsgVpnName|x|||\npublishTopicException|x|||\npublishTopicExceptionSyntax|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "getMsgVpnAclProfilePublishTopicException",
         "parameters": [
           {
-            "description": "The name of the Certificate Authority.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "certAuthorityName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The expected Trusted Common Name of the OCSP responder remote certificate.",
+            "description": "The name of the ACL Profile.",
             "in": "path",
-            "name": "ocspTlsTrustedCommonName",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The syntax of the topic for the exception to the default action taken.",
+            "in": "path",
+            "name": "publishTopicExceptionSyntax",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "in": "path",
+            "name": "publishTopicException",
             "required": true,
             "type": "string"
           },
@@ -9392,9 +14692,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The OCSP Responder Trusted Common Name object's attributes, and the request metadata.",
+            "description": "The Publish Topic Exception object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/ClientCertAuthorityOcspTlsTrustedCommonNameResponse"
+              "$ref": "#/definitions/MsgVpnAclProfilePublishTopicExceptionResponse"
             }
           },
           "default": {
@@ -9409,18 +14709,34 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get an OCSP Responder Trusted Common Name object.",
+        "summary": "Get a Publish Topic Exception object.",
         "tags": [
           "all",
-          "clientCertAuthority"
+          "msgVpn",
+          "aclProfile"
         ]
       }
     },
-    "/dmrClusters": {
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeExceptions": {
       "get": {
-        "description": "Get a list of Cluster objects.\n\nA Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||x||x\nauthenticationClientCertContent||x||x\nauthenticationClientCertPassword||x||\ndmrClusterName|x|||\ntlsServerCertEnforceTrustedCommonNameEnabled|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getDmrClusters",
+        "deprecated": true,
+        "description": "Get a list of Subscribe Topic Exception objects.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x||x|\nmsgVpnName|x||x|\nsubscribeExceptionTopic|x||x|\ntopicSyntax|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by subscribeTopicExceptions.",
+        "operationId": "getMsgVpnAclProfileSubscribeExceptions",
         "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -9442,9 +14758,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Cluster objects' attributes, and the request metadata.",
+            "description": "The list of Subscribe Topic Exception objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClustersResponse"
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeExceptionsResponse"
             }
           },
           "default": {
@@ -9459,23 +14775,39 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Cluster objects.",
+        "summary": "Get a list of Subscribe Topic Exception objects.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "aclProfile"
         ]
       },
       "post": {
-        "description": "Create a Cluster object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nA Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||||x||x\nauthenticationClientCertContent||||x||x\nauthenticationClientCertPassword||||x||\ndmrClusterName|x|x||||\nnodeName|||x|||\ntlsServerCertEnforceTrustedCommonNameEnabled|||||x|\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nDmrCluster|authenticationClientCertPassword|authenticationClientCertContent|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "createDmrCluster",
+        "deprecated": true,
+        "description": "Create a Subscribe Topic Exception object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName|x||x||x|\nmsgVpnName|x||x||x|\nsubscribeExceptionTopic|x|x|||x|\ntopicSyntax|x|x|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by subscribeTopicExceptions.",
+        "operationId": "createMsgVpnAclProfileSubscribeException",
         "parameters": [
           {
-            "description": "The Cluster object's attributes.",
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Subscribe Topic Exception object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/DmrCluster"
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeException"
             }
           },
           {
@@ -9490,9 +14822,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Cluster object's attributes after being created, and the request metadata.",
+            "description": "The Subscribe Topic Exception object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClusterResponse"
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeExceptionResponse"
             }
           },
           "default": {
@@ -9507,125 +14839,47 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Cluster object.",
+        "summary": "Create a Subscribe Topic Exception object.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "aclProfile"
         ]
       }
     },
-    "/dmrClusters/{dmrClusterName}": {
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeExceptions/{topicSyntax},{subscribeExceptionTopic}": {
       "delete": {
-        "description": "Delete a Cluster object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nA Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "deleteDmrCluster",
+        "deprecated": true,
+        "description": "Delete a Subscribe Topic Exception object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by subscribeTopicExceptions.",
+        "operationId": "deleteMsgVpnAclProfileSubscribeException",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
-          }
-        ],
-        "produces": [
-          "application/json"
-        ],
-        "responses": {
-          "200": {
-            "description": "The request metadata.",
-            "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
-            }
           },
-          "default": {
-            "description": "The error response.",
-            "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
-            }
-          }
-        },
-        "security": [
-          {
-            "basicAuth": []
-          }
-        ],
-        "summary": "Delete a Cluster object.",
-        "tags": [
-          "all",
-          "dmrCluster"
-        ]
-      },
-      "get": {
-        "description": "Get a Cluster object.\n\nA Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||x||x\nauthenticationClientCertContent||x||x\nauthenticationClientCertPassword||x||\ndmrClusterName|x|||\ntlsServerCertEnforceTrustedCommonNameEnabled|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getDmrCluster",
-        "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the ACL Profile.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "aclProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "$ref": "#/parameters/opaquePasswordQuery"
-          },
-          {
-            "$ref": "#/parameters/selectQuery"
-          }
-        ],
-        "produces": [
-          "application/json"
-        ],
-        "responses": {
-          "200": {
-            "description": "The Cluster object's attributes, and the request metadata.",
-            "schema": {
-              "$ref": "#/definitions/DmrClusterResponse"
-            }
-          },
-          "default": {
-            "description": "The error response.",
-            "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
-            }
-          }
-        },
-        "security": [
-          {
-            "basicAuth": []
-          }
-        ],
-        "summary": "Get a Cluster object.",
-        "tags": [
-          "all",
-          "dmrCluster"
-        ]
-      },
-      "patch": {
-        "description": "Update a Cluster object. Any attribute missing from the request will be left unchanged.\n\nA Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationBasicPassword|||x|x||x\nauthenticationClientCertContent|||x|x||x\nauthenticationClientCertPassword|||x|x||\ndirectOnlyEnabled||x||||\ndmrClusterName|x|x||||\nnodeName||x||||\ntlsServerCertEnforceTrustedCommonNameEnabled|||||x|\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nDmrCluster|authenticationClientCertPassword|authenticationClientCertContent|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "updateDmrCluster",
-        "parameters": [
-          {
-            "description": "The name of the Cluster.",
+            "description": "The syntax of the topic for the exception to the default action taken.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "topicSyntax",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Cluster object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "in": "path",
+            "name": "subscribeExceptionTopic",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/DmrCluster"
-            }
-          },
-          {
-            "$ref": "#/parameters/opaquePasswordQuery"
-          },
-          {
-            "$ref": "#/parameters/selectQuery"
+            "type": "string"
           }
         ],
         "produces": [
@@ -9633,9 +14887,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Cluster object's attributes after being updated, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClusterResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -9650,31 +14904,45 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a Cluster object.",
+        "summary": "Delete a Subscribe Topic Exception object.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "aclProfile"
         ]
       },
-      "put": {
-        "description": "Replace a Cluster object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationBasicPassword|||x|x||x\nauthenticationClientCertContent|||x|x||x\nauthenticationClientCertPassword|||x|x||\ndirectOnlyEnabled||x||||\ndmrClusterName|x|x||||\nnodeName||x||||\ntlsServerCertEnforceTrustedCommonNameEnabled|||||x|\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nDmrCluster|authenticationClientCertPassword|authenticationClientCertContent|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "replaceDmrCluster",
+      "get": {
+        "deprecated": true,
+        "description": "Get a Subscribe Topic Exception object.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x||x|\nmsgVpnName|x||x|\nsubscribeExceptionTopic|x||x|\ntopicSyntax|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by subscribeTopicExceptions.",
+        "operationId": "getMsgVpnAclProfileSubscribeException",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Cluster object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/DmrCluster"
-            }
+            "type": "string"
+          },
+          {
+            "description": "The syntax of the topic for the exception to the default action taken.",
+            "in": "path",
+            "name": "topicSyntax",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "in": "path",
+            "name": "subscribeExceptionTopic",
+            "required": true,
+            "type": "string"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -9688,9 +14956,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Cluster object's attributes after being replaced, and the request metadata.",
+            "description": "The Subscribe Topic Exception object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClusterResponse"
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeExceptionResponse"
             }
           },
           "default": {
@@ -9705,22 +14973,30 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace a Cluster object.",
+        "summary": "Get a Subscribe Topic Exception object.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "aclProfile"
         ]
       }
     },
-    "/dmrClusters/{dmrClusterName}/links": {
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeShareNameExceptions": {
       "get": {
-        "description": "Get a list of Link objects.\n\nA Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||x||x\ndmrClusterName|x|||\nremoteNodeName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getDmrClusterLinks",
+        "description": "Get a list of Subscribe Share Name Exception objects.\n\nA Subscribe Share Name Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nmsgVpnName|x|||\nsubscribeShareNameException|x|||\nsubscribeShareNameExceptionSyntax|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "getMsgVpnAclProfileSubscribeShareNameExceptions",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
             "required": true,
             "type": "string"
           },
@@ -9745,9 +15021,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Link objects' attributes, and the request metadata.",
+            "description": "The list of Subscribe Share Name Exception objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClusterLinksResponse"
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeShareNameExceptionsResponse"
             }
           },
           "default": {
@@ -9762,30 +15038,38 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Link objects.",
+        "summary": "Get a list of Subscribe Share Name Exception objects.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "aclProfile"
         ]
       },
       "post": {
-        "description": "Create a Link object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nA Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||||x||x\ndmrClusterName|x||x|||\nremoteNodeName|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "createDmrClusterLink",
+        "description": "Create a Subscribe Share Name Exception object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Subscribe Share Name Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName|x||x|||\nmsgVpnName|x||x|||\nsubscribeShareNameException|x|x||||\nsubscribeShareNameExceptionSyntax|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "createMsgVpnAclProfileSubscribeShareNameException",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Link object's attributes.",
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Subscribe Share Name Exception object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/DmrClusterLink"
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeShareNameException"
             }
           },
           {
@@ -9800,9 +15084,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Link object's attributes after being created, and the request metadata.",
+            "description": "The Subscribe Share Name Exception object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClusterLinkResponse"
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeShareNameExceptionResponse"
             }
           },
           "default": {
@@ -9817,29 +15101,44 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Link object.",
+        "summary": "Create a Subscribe Share Name Exception object.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "aclProfile"
         ]
       }
     },
-    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}": {
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeShareNameExceptions/{subscribeShareNameExceptionSyntax},{subscribeShareNameException}": {
       "delete": {
-        "description": "Delete a Link object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nA Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "deleteDmrClusterLink",
+        "description": "Delete a Subscribe Share Name Exception object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Subscribe Share Name Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Exceptions must be expressed as a topic.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "deleteMsgVpnAclProfileSubscribeShareNameException",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the node at the remote end of the Link.",
+            "description": "The name of the ACL Profile.",
             "in": "path",
-            "name": "remoteNodeName",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The syntax of the subscribe share name for the exception to the default action taken.",
+            "in": "path",
+            "name": "subscribeShareNameExceptionSyntax",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The subscribe share name exception to the default action taken. May include wildcard characters.",
+            "in": "path",
+            "name": "subscribeShareNameException",
             "required": true,
             "type": "string"
           }
@@ -9866,27 +15165,42 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Link object.",
+        "summary": "Delete a Subscribe Share Name Exception object.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "aclProfile"
         ]
       },
       "get": {
-        "description": "Get a Link object.\n\nA Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||x||x\ndmrClusterName|x|||\nremoteNodeName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getDmrClusterLink",
+        "description": "Get a Subscribe Share Name Exception object.\n\nA Subscribe Share Name Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nmsgVpnName|x|||\nsubscribeShareNameException|x|||\nsubscribeShareNameExceptionSyntax|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "getMsgVpnAclProfileSubscribeShareNameException",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the node at the remote end of the Link.",
+            "description": "The name of the ACL Profile.",
             "in": "path",
-            "name": "remoteNodeName",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The syntax of the subscribe share name for the exception to the default action taken.",
+            "in": "path",
+            "name": "subscribeShareNameExceptionSyntax",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The subscribe share name exception to the default action taken. May include wildcard characters.",
+            "in": "path",
+            "name": "subscribeShareNameException",
             "required": true,
             "type": "string"
           },
@@ -9902,9 +15216,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Link object's attributes, and the request metadata.",
+            "description": "The Subscribe Share Name Exception object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClusterLinkResponse"
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeShareNameExceptionResponse"
             }
           },
           "default": {
@@ -9919,42 +15233,45 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Link object.",
+        "summary": "Get a Subscribe Share Name Exception object.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "aclProfile"
         ]
-      },
-      "patch": {
-        "description": "Update a Link object. Any attribute missing from the request will be left unchanged.\n\nA Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationBasicPassword|||x|x||x\nauthenticationScheme||||x||\ndmrClusterName|x|x||||\negressFlowWindowSize||||x||\ninitiator||||x||\nremoteNodeName|x|x||||\nspan||||x||\ntransportCompressedEnabled||||x||\ntransportTlsEnabled||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "updateDmrClusterLink",
+      }
+    },
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeTopicExceptions": {
+      "get": {
+        "description": "Get a list of Subscribe Topic Exception objects.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nmsgVpnName|x|||\nsubscribeTopicException|x|||\nsubscribeTopicExceptionSyntax|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "getMsgVpnAclProfileSubscribeTopicExceptions",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the node at the remote end of the Link.",
+            "description": "The name of the ACL Profile.",
             "in": "path",
-            "name": "remoteNodeName",
+            "name": "aclProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Link object's attributes.",
-            "in": "body",
-            "name": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/DmrClusterLink"
-            }
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
           {
             "$ref": "#/parameters/selectQuery"
           }
@@ -9964,9 +15281,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Link object's attributes after being updated, and the request metadata.",
+            "description": "The list of Subscribe Topic Exception objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClusterLinkResponse"
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeTopicExceptionsResponse"
             }
           },
           "default": {
@@ -9981,37 +15298,38 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a Link object.",
+        "summary": "Get a list of Subscribe Topic Exception objects.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "aclProfile"
         ]
       },
-      "put": {
-        "description": "Replace a Link object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationBasicPassword|||x|x||x\nauthenticationScheme||||x||\ndmrClusterName|x|x||||\negressFlowWindowSize||||x||\ninitiator||||x||\nremoteNodeName|x|x||||\nspan||||x||\ntransportCompressedEnabled||||x||\ntransportTlsEnabled||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "replaceDmrClusterLink",
+      "post": {
+        "description": "Create a Subscribe Topic Exception object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName|x||x|||\nmsgVpnName|x||x|||\nsubscribeTopicException|x|x||||\nsubscribeTopicExceptionSyntax|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "createMsgVpnAclProfileSubscribeTopicException",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the node at the remote end of the Link.",
+            "description": "The name of the ACL Profile.",
             "in": "path",
-            "name": "remoteNodeName",
+            "name": "aclProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Link object's attributes.",
+            "description": "The Subscribe Topic Exception object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/DmrClusterLink"
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeTopicException"
             }
           },
           {
@@ -10026,9 +15344,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Link object's attributes after being replaced, and the request metadata.",
+            "description": "The Subscribe Topic Exception object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClusterLinkResponse"
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeTopicExceptionResponse"
             }
           },
           "default": {
@@ -10043,40 +15361,46 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace a Link object.",
+        "summary": "Create a Subscribe Topic Exception object.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "aclProfile"
         ]
       }
     },
-    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/remoteAddresses": {
-      "get": {
-        "description": "Get a list of Remote Address objects.\n\nEach Remote Address, consisting of a FQDN or IP address and optional port, is used to connect to the remote node for this Link. Up to 4 addresses may be provided for each Link, and will be tried on a round-robin basis.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmrClusterName|x|||\nremoteAddress|x|||\nremoteNodeName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getDmrClusterLinkRemoteAddresses",
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeTopicExceptions/{subscribeTopicExceptionSyntax},{subscribeTopicException}": {
+      "delete": {
+        "description": "Delete a Subscribe Topic Exception object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "deleteMsgVpnAclProfileSubscribeTopicException",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The syntax of the topic for the exception to the default action taken.",
+            "in": "path",
+            "name": "subscribeTopicExceptionSyntax",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the node at the remote end of the Link.",
+            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
             "in": "path",
-            "name": "remoteNodeName",
+            "name": "subscribeTopicException",
             "required": true,
             "type": "string"
-          },
-          {
-            "$ref": "#/parameters/opaquePasswordQuery"
-          },
-          {
-            "$ref": "#/parameters/whereQuery"
-          },
-          {
-            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -10084,9 +15408,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Remote Address objects' attributes, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClusterLinkRemoteAddressesResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -10101,38 +15425,44 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Remote Address objects.",
+        "summary": "Delete a Subscribe Topic Exception object.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "aclProfile"
         ]
       },
-      "post": {
-        "description": "Create a Remote Address object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nEach Remote Address, consisting of a FQDN or IP address and optional port, is used to connect to the remote node for this Link. Up to 4 addresses may be provided for each Link, and will be tried on a round-robin basis.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ndmrClusterName|x||x|||\nremoteAddress|x|x||||\nremoteNodeName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "createDmrClusterLinkRemoteAddress",
+      "get": {
+        "description": "Get a Subscribe Topic Exception object.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nmsgVpnName|x|||\nsubscribeTopicException|x|||\nsubscribeTopicExceptionSyntax|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "getMsgVpnAclProfileSubscribeTopicException",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the node at the remote end of the Link.",
+            "description": "The name of the ACL Profile.",
             "in": "path",
-            "name": "remoteNodeName",
+            "name": "aclProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Remote Address object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The syntax of the topic for the exception to the default action taken.",
+            "in": "path",
+            "name": "subscribeTopicExceptionSyntax",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/DmrClusterLinkRemoteAddress"
-            }
+            "type": "string"
+          },
+          {
+            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "in": "path",
+            "name": "subscribeTopicException",
+            "required": true,
+            "type": "string"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -10146,9 +15476,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Remote Address object's attributes after being created, and the request metadata.",
+            "description": "The Subscribe Topic Exception object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClusterLinkRemoteAddressResponse"
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeTopicExceptionResponse"
             }
           },
           "default": {
@@ -10163,38 +15493,40 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Remote Address object.",
+        "summary": "Get a Subscribe Topic Exception object.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "aclProfile"
         ]
       }
     },
-    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/remoteAddresses/{remoteAddress}": {
-      "delete": {
-        "description": "Delete a Remote Address object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nEach Remote Address, consisting of a FQDN or IP address and optional port, is used to connect to the remote node for this Link. Up to 4 addresses may be provided for each Link, and will be tried on a round-robin basis.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "deleteDmrClusterLinkRemoteAddress",
+    "/msgVpns/{msgVpnName}/authenticationOauthProfiles": {
+      "get": {
+        "description": "Get a list of OAuth Profile objects.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclientSecret||x||x\nmsgVpnName|x|||\noauthProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "getMsgVpnAuthenticationOauthProfiles",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the node at the remote end of the Link.",
-            "in": "path",
-            "name": "remoteNodeName",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/countQuery"
           },
           {
-            "description": "The FQDN or IP address (and optional port) of the remote node. If a port is not provided, it will vary based on the transport encoding: 55555 (plain-text), 55443 (encrypted), or 55003 (compressed).",
-            "in": "path",
-            "name": "remoteAddress",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -10202,9 +15534,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The request metadata.",
+            "description": "The list of OAuth Profile objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfilesResponse"
             }
           },
           "default": {
@@ -10219,36 +15551,32 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Remote Address object.",
+        "summary": "Get a list of OAuth Profile objects.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "authenticationOauthProfile"
         ]
       },
-      "get": {
-        "description": "Get a Remote Address object.\n\nEach Remote Address, consisting of a FQDN or IP address and optional port, is used to connect to the remote node for this Link. Up to 4 addresses may be provided for each Link, and will be tried on a round-robin basis.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmrClusterName|x|||\nremoteAddress|x|||\nremoteNodeName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getDmrClusterLinkRemoteAddress",
+      "post": {
+        "description": "Create an OAuth Profile object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nclientSecret||||x||x\nmsgVpnName|x||x|||\noauthProfileName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "createMsgVpnAuthenticationOauthProfile",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
-            "in": "path",
-            "name": "dmrClusterName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the node at the remote end of the Link.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "remoteNodeName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The FQDN or IP address (and optional port) of the remote node. If a port is not provided, it will vary based on the transport encoding: 55555 (plain-text), 55443 (encrypted), or 55003 (compressed).",
-            "in": "path",
-            "name": "remoteAddress",
+            "description": "The OAuth Profile object's attributes.",
+            "in": "body",
+            "name": "body",
             "required": true,
-            "type": "string"
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfile"
+            }
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -10262,9 +15590,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Remote Address object's attributes, and the request metadata.",
+            "description": "The OAuth Profile object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClusterLinkRemoteAddressResponse"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResponse"
             }
           },
           "default": {
@@ -10279,41 +15607,32 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Remote Address object.",
+        "summary": "Create an OAuth Profile object.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "authenticationOauthProfile"
         ]
       }
     },
-    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/tlsTrustedCommonNames": {
-      "get": {
-        "deprecated": true,
-        "description": "Get a list of Trusted Common Name objects.\n\nThe Trusted Common Names for the Link are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmrClusterName|x||x|\nremoteNodeName|x||x|\ntlsTrustedCommonName|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
-        "operationId": "getDmrClusterLinkTlsTrustedCommonNames",
+    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}": {
+      "delete": {
+        "description": "Delete an OAuth Profile object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "deleteMsgVpnAuthenticationOauthProfile",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the node at the remote end of the Link.",
+            "description": "The name of the OAuth profile.",
             "in": "path",
-            "name": "remoteNodeName",
+            "name": "oauthProfileName",
             "required": true,
             "type": "string"
-          },
-          {
-            "$ref": "#/parameters/opaquePasswordQuery"
-          },
-          {
-            "$ref": "#/parameters/whereQuery"
-          },
-          {
-            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -10321,9 +15640,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Trusted Common Name objects' attributes, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonNamesResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -10338,40 +15657,31 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Trusted Common Name objects.",
+        "summary": "Delete an OAuth Profile object.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "authenticationOauthProfile"
         ]
       },
-      "post": {
-        "deprecated": true,
-        "description": "Create a Trusted Common Name object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nThe Trusted Common Names for the Link are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ndmrClusterName|x||x||x|\nremoteNodeName|x||x||x|\ntlsTrustedCommonName|x|x|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
-        "operationId": "createDmrClusterLinkTlsTrustedCommonName",
+      "get": {
+        "description": "Get an OAuth Profile object.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclientSecret||x||x\nmsgVpnName|x|||\noauthProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "getMsgVpnAuthenticationOauthProfile",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the node at the remote end of the Link.",
+            "description": "The name of the OAuth profile.",
             "in": "path",
-            "name": "remoteNodeName",
+            "name": "oauthProfileName",
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The Trusted Common Name object's attributes.",
-            "in": "body",
-            "name": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonName"
-            }
-          },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
@@ -10384,9 +15694,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Trusted Common Name object's attributes after being created, and the request metadata.",
+            "description": "The OAuth Profile object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonNameResponse"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResponse"
             }
           },
           "default": {
@@ -10401,39 +15711,45 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Trusted Common Name object.",
+        "summary": "Get an OAuth Profile object.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "authenticationOauthProfile"
         ]
-      }
-    },
-    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/tlsTrustedCommonNames/{tlsTrustedCommonName}": {
-      "delete": {
-        "deprecated": true,
-        "description": "Delete a Trusted Common Name object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nThe Trusted Common Names for the Link are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
-        "operationId": "deleteDmrClusterLinkTlsTrustedCommonName",
+      },
+      "patch": {
+        "description": "Update an OAuth Profile object. Any attribute missing from the request will be left unchanged.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nclientSecret|||x||||x\nmsgVpnName|x|x|||||\noauthProfileName|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "updateMsgVpnAuthenticationOauthProfile",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the node at the remote end of the Link.",
+            "description": "The name of the OAuth profile.",
             "in": "path",
-            "name": "remoteNodeName",
+            "name": "oauthProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The expected trusted common name of the remote certificate.",
-            "in": "path",
-            "name": "tlsTrustedCommonName",
+            "description": "The OAuth Profile object's attributes.",
+            "in": "body",
+            "name": "body",
             "required": true,
-            "type": "string"
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfile"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -10441,9 +15757,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The request metadata.",
+            "description": "The OAuth Profile object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResponse"
             }
           },
           "default": {
@@ -10458,37 +15774,39 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Trusted Common Name object.",
+        "summary": "Update an OAuth Profile object.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "authenticationOauthProfile"
         ]
       },
-      "get": {
-        "deprecated": true,
-        "description": "Get a Trusted Common Name object.\n\nThe Trusted Common Names for the Link are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmrClusterName|x||x|\nremoteNodeName|x||x|\ntlsTrustedCommonName|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
-        "operationId": "getDmrClusterLinkTlsTrustedCommonName",
+      "put": {
+        "description": "Replace an OAuth Profile object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nclientSecret||||x||||x\nmsgVpnName|x||x|||||\noauthProfileName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "replaceMsgVpnAuthenticationOauthProfile",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the node at the remote end of the Link.",
+            "description": "The name of the OAuth profile.",
             "in": "path",
-            "name": "remoteNodeName",
+            "name": "oauthProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The expected trusted common name of the remote certificate.",
-            "in": "path",
-            "name": "tlsTrustedCommonName",
+            "description": "The OAuth Profile object's attributes.",
+            "in": "body",
+            "name": "body",
             "required": true,
-            "type": "string"
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfile"
+            }
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -10502,9 +15820,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Trusted Common Name object's attributes, and the request metadata.",
+            "description": "The OAuth Profile object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonNameResponse"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResponse"
             }
           },
           "default": {
@@ -10519,18 +15837,33 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Trusted Common Name object.",
+        "summary": "Replace an OAuth Profile object.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "authenticationOauthProfile"
         ]
       }
     },
-    "/domainCertAuthorities": {
+    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}/clientRequiredClaims": {
       "get": {
-        "description": "Get a list of Domain Certificate Authority objects.\n\nCertificate Authorities trusted for domain verification.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
-        "operationId": "getDomainCertAuthorities",
+        "description": "Get a list of Required Claim objects.\n\nAdditional claims to be verified in the ID token.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclientRequiredClaimName|x|||\nmsgVpnName|x|||\noauthProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "getMsgVpnAuthenticationOauthProfileClientRequiredClaims",
         "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -10552,9 +15885,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Domain Certificate Authority objects' attributes, and the request metadata.",
+            "description": "The list of Required Claim objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DomainCertAuthoritiesResponse"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileClientRequiredClaimsResponse"
             }
           },
           "default": {
@@ -10569,23 +15902,38 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Domain Certificate Authority objects.",
+        "summary": "Get a list of Required Claim objects.",
         "tags": [
           "all",
-          "domainCertAuthority"
+          "msgVpn",
+          "authenticationOauthProfile"
         ]
       },
       "post": {
-        "description": "Create a Domain Certificate Authority object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nCertificate Authorities trusted for domain verification.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
-        "operationId": "createDomainCertAuthority",
+        "description": "Create a Required Claim object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAdditional claims to be verified in the ID token.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nclientRequiredClaimName|x|x||||\nclientRequiredClaimValue||x||||\nmsgVpnName|x||x|||\noauthProfileName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "createMsgVpnAuthenticationOauthProfileClientRequiredClaim",
         "parameters": [
           {
-            "description": "The Domain Certificate Authority object's attributes.",
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Required Claim object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/DomainCertAuthority"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileClientRequiredClaim"
             }
           },
           {
@@ -10600,9 +15948,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Domain Certificate Authority object's attributes after being created, and the request metadata.",
+            "description": "The Required Claim object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DomainCertAuthorityResponse"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileClientRequiredClaimResponse"
             }
           },
           "default": {
@@ -10617,22 +15965,37 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Domain Certificate Authority object.",
+        "summary": "Create a Required Claim object.",
         "tags": [
           "all",
-          "domainCertAuthority"
+          "msgVpn",
+          "authenticationOauthProfile"
         ]
       }
     },
-    "/domainCertAuthorities/{certAuthorityName}": {
+    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}/clientRequiredClaims/{clientRequiredClaimName}": {
       "delete": {
-        "description": "Delete a Domain Certificate Authority object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nCertificate Authorities trusted for domain verification.\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
-        "operationId": "deleteDomainCertAuthority",
+        "description": "Delete a Required Claim object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAdditional claims to be verified in the ID token.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "deleteMsgVpnAuthenticationOauthProfileClientRequiredClaim",
         "parameters": [
           {
-            "description": "The name of the Certificate Authority.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "certAuthorityName",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ID token claim to verify.",
+            "in": "path",
+            "name": "clientRequiredClaimName",
             "required": true,
             "type": "string"
           }
@@ -10659,20 +16022,35 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Domain Certificate Authority object.",
+        "summary": "Delete a Required Claim object.",
         "tags": [
           "all",
-          "domainCertAuthority"
+          "msgVpn",
+          "authenticationOauthProfile"
         ]
       },
       "get": {
-        "description": "Get a Domain Certificate Authority object.\n\nCertificate Authorities trusted for domain verification.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
-        "operationId": "getDomainCertAuthority",
+        "description": "Get a Required Claim object.\n\nAdditional claims to be verified in the ID token.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclientRequiredClaimName|x|||\nmsgVpnName|x|||\noauthProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "getMsgVpnAuthenticationOauthProfileClientRequiredClaim",
         "parameters": [
           {
-            "description": "The name of the Certificate Authority.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "certAuthorityName",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ID token claim to verify.",
+            "in": "path",
+            "name": "clientRequiredClaimName",
             "required": true,
             "type": "string"
           },
@@ -10688,9 +16066,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Domain Certificate Authority object's attributes, and the request metadata.",
+            "description": "The Required Claim object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DomainCertAuthorityResponse"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileClientRequiredClaimResponse"
             }
           },
           "default": {
@@ -10705,35 +16083,45 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Domain Certificate Authority object.",
+        "summary": "Get a Required Claim object.",
         "tags": [
           "all",
-          "domainCertAuthority"
+          "msgVpn",
+          "authenticationOauthProfile"
         ]
-      },
-      "patch": {
-        "description": "Update a Domain Certificate Authority object. Any attribute missing from the request will be left unchanged.\n\nCertificate Authorities trusted for domain verification.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
-        "operationId": "updateDomainCertAuthority",
+      }
+    },
+    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}/resourceServerRequiredClaims": {
+      "get": {
+        "description": "Get a list of Required Claim objects.\n\nAdditional claims to be verified in the access token.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\noauthProfileName|x|||\nresourceServerRequiredClaimName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "getMsgVpnAuthenticationOauthProfileResourceServerRequiredClaims",
         "parameters": [
           {
-            "description": "The name of the Certificate Authority.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "certAuthorityName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Domain Certificate Authority object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/DomainCertAuthority"
-            }
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
           {
             "$ref": "#/parameters/selectQuery"
           }
@@ -10743,9 +16131,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Domain Certificate Authority object's attributes after being updated, and the request metadata.",
+            "description": "The list of Required Claim objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DomainCertAuthorityResponse"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResourceServerRequiredClaimsResponse"
             }
           },
           "default": {
@@ -10760,30 +16148,38 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a Domain Certificate Authority object.",
+        "summary": "Get a list of Required Claim objects.",
         "tags": [
           "all",
-          "domainCertAuthority"
+          "msgVpn",
+          "authenticationOauthProfile"
         ]
       },
-      "put": {
-        "description": "Replace a Domain Certificate Authority object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nCertificate Authorities trusted for domain verification.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
-        "operationId": "replaceDomainCertAuthority",
+      "post": {
+        "description": "Create a Required Claim object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAdditional claims to be verified in the access token.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\noauthProfileName|x||x|||\nresourceServerRequiredClaimName|x|x||||\nresourceServerRequiredClaimValue||x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "createMsgVpnAuthenticationOauthProfileResourceServerRequiredClaim",
         "parameters": [
           {
-            "description": "The name of the Certificate Authority.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "certAuthorityName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Domain Certificate Authority object's attributes.",
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Required Claim object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/DomainCertAuthority"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResourceServerRequiredClaim"
             }
           },
           {
@@ -10798,9 +16194,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Domain Certificate Authority object's attributes after being replaced, and the request metadata.",
+            "description": "The Required Claim object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DomainCertAuthorityResponse"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResourceServerRequiredClaimResponse"
             }
           },
           "default": {
@@ -10815,32 +16211,39 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace a Domain Certificate Authority object.",
+        "summary": "Create a Required Claim object.",
         "tags": [
           "all",
-          "domainCertAuthority"
+          "msgVpn",
+          "authenticationOauthProfile"
         ]
       }
     },
-    "/msgVpns": {
-      "get": {
-        "description": "Get a list of Message VPN objects.\n\nMessage VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationOauthDefaultProviderName|||x|\nbridgingTlsServerCertEnforceTrustedCommonNameEnabled|||x|\nmsgVpnName|x|||\nreplicationBridgeAuthenticationBasicPassword||x||x\nreplicationBridgeAuthenticationClientCertContent||x||x\nreplicationBridgeAuthenticationClientCertPassword||x||\nreplicationEnabledQueueBehavior||x||\nrestTlsServerCertEnforceTrustedCommonNameEnabled|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpns",
+    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}/resourceServerRequiredClaims/{resourceServerRequiredClaimName}": {
+      "delete": {
+        "description": "Delete a Required Claim object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAdditional claims to be verified in the access token.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "deleteMsgVpnAuthenticationOauthProfileResourceServerRequiredClaim",
         "parameters": [
           {
-            "$ref": "#/parameters/countQuery"
-          },
-          {
-            "$ref": "#/parameters/cursorQuery"
-          },
-          {
-            "$ref": "#/parameters/opaquePasswordQuery"
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/whereQuery"
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/selectQuery"
+            "description": "The name of the access token claim to verify.",
+            "in": "path",
+            "name": "resourceServerRequiredClaimName",
+            "required": true,
+            "type": "string"
           }
         ],
         "produces": [
@@ -10848,9 +16251,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Message VPN objects' attributes, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnsResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -10865,24 +16268,37 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Message VPN objects.",
+        "summary": "Delete a Required Claim object.",
         "tags": [
           "all",
-          "msgVpn"
+          "msgVpn",
+          "authenticationOauthProfile"
         ]
       },
-      "post": {
-        "description": "Create a Message VPN object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nMessage VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationOauthDefaultProviderName|||||x|\nbridgingTlsServerCertEnforceTrustedCommonNameEnabled|||||x|\nmsgVpnName|x|x||||\nreplicationBridgeAuthenticationBasicPassword||||x||x\nreplicationBridgeAuthenticationClientCertContent||||x||x\nreplicationBridgeAuthenticationClientCertPassword||||x||\nreplicationEnabledQueueBehavior||||x||\nrestTlsServerCertEnforceTrustedCommonNameEnabled|||||x|\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\nEventThresholdByValue|clearValue|setValue|\nEventThresholdByValue|setValue|clearValue|\nMsgVpn|authenticationBasicProfileName|authenticationBasicType|\nMsgVpn|authorizationProfileName|authorizationType|\nMsgVpn|eventPublishTopicFormatMqttEnabled|eventPublishTopicFormatSmfEnabled|\nMsgVpn|eventPublishTopicFormatSmfEnabled|eventPublishTopicFormatMqttEnabled|\nMsgVpn|replicationBridgeAuthenticationBasicClientUsername|replicationBridgeAuthenticationBasicPassword|\nMsgVpn|replicationBridgeAuthenticationBasicPassword|replicationBridgeAuthenticationBasicClientUsername|\nMsgVpn|replicationBridgeAuthenticationClientCertPassword|replicationBridgeAuthenticationClientCertContent|\nMsgVpn|replicationEnabledQueueBehavior|replicationEnabled|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "createMsgVpn",
+      "get": {
+        "description": "Get a Required Claim object.\n\nAdditional claims to be verified in the access token.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\noauthProfileName|x|||\nresourceServerRequiredClaimName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "getMsgVpnAuthenticationOauthProfileResourceServerRequiredClaim",
         "parameters": [
           {
-            "description": "The Message VPN object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpn"
-            }
+            "type": "string"
+          },
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the access token claim to verify.",
+            "in": "path",
+            "name": "resourceServerRequiredClaimName",
+            "required": true,
+            "type": "string"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -10896,9 +16312,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Message VPN object's attributes after being created, and the request metadata.",
+            "description": "The Required Claim object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnResponse"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResourceServerRequiredClaimResponse"
             }
           },
           "default": {
@@ -10913,17 +16329,19 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Message VPN object.",
+        "summary": "Get a Required Claim object.",
         "tags": [
           "all",
-          "msgVpn"
+          "msgVpn",
+          "authenticationOauthProfile"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}": {
-      "delete": {
-        "description": "Delete a Message VPN object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nMessage VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "deleteMsgVpn",
+    "/msgVpns/{msgVpnName}/authenticationOauthProviders": {
+      "get": {
+        "deprecated": true,
+        "description": "Get a list of OAuth Provider objects.\n\nOAuth Providers contain information about the issuer of an OAuth token that is needed to validate the token and derive a client username from it.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naudienceClaimName|||x|\naudienceClaimSource|||x|\naudienceClaimValue|||x|\naudienceValidationEnabled|||x|\nauthorizationGroupClaimName|||x|\nauthorizationGroupClaimSource|||x|\nauthorizationGroupEnabled|||x|\ndisconnectOnTokenExpirationEnabled|||x|\nenabled|||x|\njwksRefreshInterval|||x|\njwksUri|||x|\nmsgVpnName|x||x|\noauthProviderName|x||x|\ntokenIgnoreTimeLimitsEnabled|||x|\ntokenIntrospectionParameterName|||x|\ntokenIntrospectionPassword||x|x|x\ntokenIntrospectionTimeout|||x|\ntokenIntrospectionUri|||x|\ntokenIntrospectionUsername|||x|\nusernameClaimName|||x|\nusernameClaimSource|||x|\nusernameValidateEnabled|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.25. Replaced by authenticationOauthProfiles.",
+        "operationId": "getMsgVpnAuthenticationOauthProviders",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -10931,6 +16349,21 @@
             "name": "msgVpnName",
             "required": true,
             "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -10938,9 +16371,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The request metadata.",
+            "description": "The list of OAuth Provider objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProvidersResponse"
             }
           },
           "default": {
@@ -10955,15 +16388,17 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Message VPN object.",
+        "summary": "Get a list of OAuth Provider objects.",
         "tags": [
           "all",
-          "msgVpn"
+          "msgVpn",
+          "authenticationOauthProvider"
         ]
       },
-      "get": {
-        "description": "Get a Message VPN object.\n\nMessage VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationOauthDefaultProviderName|||x|\nbridgingTlsServerCertEnforceTrustedCommonNameEnabled|||x|\nmsgVpnName|x|||\nreplicationBridgeAuthenticationBasicPassword||x||x\nreplicationBridgeAuthenticationClientCertContent||x||x\nreplicationBridgeAuthenticationClientCertPassword||x||\nreplicationEnabledQueueBehavior||x||\nrestTlsServerCertEnforceTrustedCommonNameEnabled|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpn",
+      "post": {
+        "deprecated": true,
+        "description": "Create an OAuth Provider object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nOAuth Providers contain information about the issuer of an OAuth token that is needed to validate the token and derive a client username from it.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naudienceClaimName|||||x|\naudienceClaimSource|||||x|\naudienceClaimValue|||||x|\naudienceValidationEnabled|||||x|\nauthorizationGroupClaimName|||||x|\nauthorizationGroupClaimSource|||||x|\nauthorizationGroupEnabled|||||x|\ndisconnectOnTokenExpirationEnabled|||||x|\nenabled|||||x|\njwksRefreshInterval|||||x|\njwksUri|||||x|\nmsgVpnName|x||x||x|\noauthProviderName|x|x|||x|\ntokenIgnoreTimeLimitsEnabled|||||x|\ntokenIntrospectionParameterName|||||x|\ntokenIntrospectionPassword||||x|x|x\ntokenIntrospectionTimeout|||||x|\ntokenIntrospectionUri|||||x|\ntokenIntrospectionUsername|||||x|\nusernameClaimName|||||x|\nusernameClaimSource|||||x|\nusernameValidateEnabled|||||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.25. Replaced by authenticationOauthProfiles.",
+        "operationId": "createMsgVpnAuthenticationOauthProvider",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -10972,6 +16407,15 @@
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The OAuth Provider object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProvider"
+            }
+          },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
@@ -10984,9 +16428,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Message VPN object's attributes, and the request metadata.",
+            "description": "The OAuth Provider object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnResponse"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProviderResponse"
             }
           },
           "default": {
@@ -11001,15 +16445,19 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Message VPN object.",
+        "summary": "Create an OAuth Provider object.",
         "tags": [
           "all",
-          "msgVpn"
+          "msgVpn",
+          "authenticationOauthProvider"
         ]
-      },
-      "patch": {
-        "description": "Update a Message VPN object. Any attribute missing from the request will be left unchanged.\n\nMessage VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationOauthDefaultProviderName|||||x|\nbridgingTlsServerCertEnforceTrustedCommonNameEnabled|||||x|\nmsgVpnName|x|x||||\nreplicationBridgeAuthenticationBasicPassword|||x|||x\nreplicationBridgeAuthenticationClientCertContent|||x|||x\nreplicationBridgeAuthenticationClientCertPassword|||x|||\nreplicationEnabledQueueBehavior|||x|||\nrestTlsServerCertEnforceTrustedCommonNameEnabled|||||x|\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\nEventThresholdByValue|clearValue|setValue|\nEventThresholdByValue|setValue|clearValue|\nMsgVpn|authenticationBasicProfileName|authenticationBasicType|\nMsgVpn|authorizationProfileName|authorizationType|\nMsgVpn|eventPublishTopicFormatMqttEnabled|eventPublishTopicFormatSmfEnabled|\nMsgVpn|eventPublishTopicFormatSmfEnabled|eventPublishTopicFormatMqttEnabled|\nMsgVpn|replicationBridgeAuthenticationBasicClientUsername|replicationBridgeAuthenticationBasicPassword|\nMsgVpn|replicationBridgeAuthenticationBasicPassword|replicationBridgeAuthenticationBasicClientUsername|\nMsgVpn|replicationBridgeAuthenticationClientCertPassword|replicationBridgeAuthenticationClientCertContent|\nMsgVpn|replicationEnabledQueueBehavior|replicationEnabled|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\nalias|global/read-write\nauthenticationBasicEnabled|global/read-write\nauthenticationBasicProfileName|global/read-write\nauthenticationBasicRadiusDomain|global/read-write\nauthenticationBasicType|global/read-write\nauthenticationClientCertAllowApiProvidedUsernameEnabled|global/read-write\nauthenticationClientCertEnabled|global/read-write\nauthenticationClientCertMaxChainDepth|global/read-write\nauthenticationClientCertRevocationCheckMode|global/read-write\nauthenticationClientCertUsernameSource|global/read-write\nauthenticationClientCertValidateDateEnabled|global/read-write\nauthenticationKerberosAllowApiProvidedUsernameEnabled|global/read-write\nauthenticationKerberosEnabled|global/read-write\nauthenticationOauthEnabled|global/read-write\nbridgingTlsServerCertEnforceTrustedCommonNameEnabled|global/read-write\nbridgingTlsServerCertMaxChainDepth|global/read-write\nbridgingTlsServerCertValidateDateEnabled|global/read-write\nbridgingTlsServerCertValidateNameEnabled|global/read-write\ndmrEnabled|global/read-write\nexportSubscriptionsEnabled|global/read-write\nmaxConnectionCount|global/read-write\nmaxEgressFlowCount|global/read-write\nmaxEndpointCount|global/read-write\nmaxIngressFlowCount|global/read-write\nmaxMsgSpoolUsage|global/read-write\nmaxSubscriptionCount|global/read-write\nmaxTransactedSessionCount|global/read-write\nmaxTransactionCount|global/read-write\nmqttRetainMaxMemory|global/read-write\nreplicationBridgeAuthenticationBasicClientUsername|global/read-write\nreplicationBridgeAuthenticationBasicPassword|global/read-write\nreplicationBridgeAuthenticationClientCertContent|global/read-write\nreplicationBridgeAuthenticationClientCertPassword|global/read-write\nreplicationBridgeAuthenticationScheme|global/read-write\nreplicationBridgeCompressedDataEnabled|global/read-write\nreplicationBridgeEgressFlowWindowSize|global/read-write\nreplicationBridgeRetryDelay|global/read-write\nreplicationBridgeTlsEnabled|global/read-write\nreplicationBridgeUnidirectionalClientProfileName|global/read-write\nreplicationEnabled|global/read-write\nreplicationEnabledQueueBehavior|global/read-write\nreplicationQueueMaxMsgSpoolUsage|global/read-write\nreplicationRole|global/read-write\nrestTlsServerCertEnforceTrustedCommonNameEnabled|global/read-write\nrestTlsServerCertMaxChainDepth|global/read-write\nrestTlsServerCertValidateDateEnabled|global/read-write\nrestTlsServerCertValidateNameEnabled|global/read-write\nsempOverMsgBusAdminClientEnabled|global/read-write\nsempOverMsgBusAdminDistributedCacheEnabled|global/read-write\nsempOverMsgBusAdminEnabled|global/read-write\nsempOverMsgBusEnabled|global/read-write\nsempOverMsgBusShowEnabled|global/read-write\nserviceAmqpMaxConnectionCount|global/read-write\nserviceAmqpPlainTextListenPort|global/read-write\nserviceAmqpTlsListenPort|global/read-write\nserviceMqttMaxConnectionCount|global/read-write\nserviceMqttPlainTextListenPort|global/read-write\nserviceMqttTlsListenPort|global/read-write\nserviceMqttTlsWebSocketListenPort|global/read-write\nserviceMqttWebSocketListenPort|global/read-write\nserviceRestIncomingMaxConnectionCount|global/read-write\nserviceRestIncomingPlainTextListenPort|global/read-write\nserviceRestIncomingTlsListenPort|global/read-write\nserviceRestOutgoingMaxConnectionCount|global/read-write\nserviceSmfMaxConnectionCount|global/read-write\nserviceWebMaxConnectionCount|global/read-write\n\n\n\nThis has been available since 2.0.",
-        "operationId": "updateMsgVpn",
+      }
+    },
+    "/msgVpns/{msgVpnName}/authenticationOauthProviders/{oauthProviderName}": {
+      "delete": {
+        "deprecated": true,
+        "description": "Delete an OAuth Provider object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nOAuth Providers contain information about the issuer of an OAuth token that is needed to validate the token and derive a client username from it.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.25. Replaced by authenticationOauthProfiles.",
+        "operationId": "deleteMsgVpnAuthenticationOauthProvider",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -11019,19 +16467,11 @@
             "type": "string"
           },
           {
-            "description": "The Message VPN object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The name of the OAuth Provider.",
+            "in": "path",
+            "name": "oauthProviderName",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpn"
-            }
-          },
-          {
-            "$ref": "#/parameters/opaquePasswordQuery"
-          },
-          {
-            "$ref": "#/parameters/selectQuery"
+            "type": "string"
           }
         ],
         "produces": [
@@ -11039,9 +16479,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Message VPN object's attributes after being updated, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -11056,15 +16496,17 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a Message VPN object.",
+        "summary": "Delete an OAuth Provider object.",
         "tags": [
           "all",
-          "msgVpn"
+          "msgVpn",
+          "authenticationOauthProvider"
         ]
       },
-      "put": {
-        "description": "Replace a Message VPN object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nMessage VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationOauthDefaultProviderName|||||x|\nbridgingTlsServerCertEnforceTrustedCommonNameEnabled|||||x|\nmsgVpnName|x|x||||\nreplicationBridgeAuthenticationBasicPassword|||x|||x\nreplicationBridgeAuthenticationClientCertContent|||x|||x\nreplicationBridgeAuthenticationClientCertPassword|||x|||\nreplicationEnabledQueueBehavior|||x|||\nrestTlsServerCertEnforceTrustedCommonNameEnabled|||||x|\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\nEventThresholdByValue|clearValue|setValue|\nEventThresholdByValue|setValue|clearValue|\nMsgVpn|authenticationBasicProfileName|authenticationBasicType|\nMsgVpn|authorizationProfileName|authorizationType|\nMsgVpn|eventPublishTopicFormatMqttEnabled|eventPublishTopicFormatSmfEnabled|\nMsgVpn|eventPublishTopicFormatSmfEnabled|eventPublishTopicFormatMqttEnabled|\nMsgVpn|replicationBridgeAuthenticationBasicClientUsername|replicationBridgeAuthenticationBasicPassword|\nMsgVpn|replicationBridgeAuthenticationBasicPassword|replicationBridgeAuthenticationBasicClientUsername|\nMsgVpn|replicationBridgeAuthenticationClientCertPassword|replicationBridgeAuthenticationClientCertContent|\nMsgVpn|replicationEnabledQueueBehavior|replicationEnabled|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\nalias|global/read-write\nauthenticationBasicEnabled|global/read-write\nauthenticationBasicProfileName|global/read-write\nauthenticationBasicRadiusDomain|global/read-write\nauthenticationBasicType|global/read-write\nauthenticationClientCertAllowApiProvidedUsernameEnabled|global/read-write\nauthenticationClientCertEnabled|global/read-write\nauthenticationClientCertMaxChainDepth|global/read-write\nauthenticationClientCertRevocationCheckMode|global/read-write\nauthenticationClientCertUsernameSource|global/read-write\nauthenticationClientCertValidateDateEnabled|global/read-write\nauthenticationKerberosAllowApiProvidedUsernameEnabled|global/read-write\nauthenticationKerberosEnabled|global/read-write\nauthenticationOauthEnabled|global/read-write\nbridgingTlsServerCertEnforceTrustedCommonNameEnabled|global/read-write\nbridgingTlsServerCertMaxChainDepth|global/read-write\nbridgingTlsServerCertValidateDateEnabled|global/read-write\nbridgingTlsServerCertValidateNameEnabled|global/read-write\ndmrEnabled|global/read-write\nexportSubscriptionsEnabled|global/read-write\nmaxConnectionCount|global/read-write\nmaxEgressFlowCount|global/read-write\nmaxEndpointCount|global/read-write\nmaxIngressFlowCount|global/read-write\nmaxMsgSpoolUsage|global/read-write\nmaxSubscriptionCount|global/read-write\nmaxTransactedSessionCount|global/read-write\nmaxTransactionCount|global/read-write\nmqttRetainMaxMemory|global/read-write\nreplicationBridgeAuthenticationBasicClientUsername|global/read-write\nreplicationBridgeAuthenticationBasicPassword|global/read-write\nreplicationBridgeAuthenticationClientCertContent|global/read-write\nreplicationBridgeAuthenticationClientCertPassword|global/read-write\nreplicationBridgeAuthenticationScheme|global/read-write\nreplicationBridgeCompressedDataEnabled|global/read-write\nreplicationBridgeEgressFlowWindowSize|global/read-write\nreplicationBridgeRetryDelay|global/read-write\nreplicationBridgeTlsEnabled|global/read-write\nreplicationBridgeUnidirectionalClientProfileName|global/read-write\nreplicationEnabled|global/read-write\nreplicationEnabledQueueBehavior|global/read-write\nreplicationQueueMaxMsgSpoolUsage|global/read-write\nreplicationRole|global/read-write\nrestTlsServerCertEnforceTrustedCommonNameEnabled|global/read-write\nrestTlsServerCertMaxChainDepth|global/read-write\nrestTlsServerCertValidateDateEnabled|global/read-write\nrestTlsServerCertValidateNameEnabled|global/read-write\nsempOverMsgBusAdminClientEnabled|global/read-write\nsempOverMsgBusAdminDistributedCacheEnabled|global/read-write\nsempOverMsgBusAdminEnabled|global/read-write\nsempOverMsgBusEnabled|global/read-write\nsempOverMsgBusShowEnabled|global/read-write\nserviceAmqpMaxConnectionCount|global/read-write\nserviceAmqpPlainTextListenPort|global/read-write\nserviceAmqpTlsListenPort|global/read-write\nserviceMqttMaxConnectionCount|global/read-write\nserviceMqttPlainTextListenPort|global/read-write\nserviceMqttTlsListenPort|global/read-write\nserviceMqttTlsWebSocketListenPort|global/read-write\nserviceMqttWebSocketListenPort|global/read-write\nserviceRestIncomingMaxConnectionCount|global/read-write\nserviceRestIncomingPlainTextListenPort|global/read-write\nserviceRestIncomingTlsListenPort|global/read-write\nserviceRestOutgoingMaxConnectionCount|global/read-write\nserviceSmfMaxConnectionCount|global/read-write\nserviceWebMaxConnectionCount|global/read-write\n\n\n\nThis has been available since 2.0.",
-        "operationId": "replaceMsgVpn",
+      "get": {
+        "deprecated": true,
+        "description": "Get an OAuth Provider object.\n\nOAuth Providers contain information about the issuer of an OAuth token that is needed to validate the token and derive a client username from it.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naudienceClaimName|||x|\naudienceClaimSource|||x|\naudienceClaimValue|||x|\naudienceValidationEnabled|||x|\nauthorizationGroupClaimName|||x|\nauthorizationGroupClaimSource|||x|\nauthorizationGroupEnabled|||x|\ndisconnectOnTokenExpirationEnabled|||x|\nenabled|||x|\njwksRefreshInterval|||x|\njwksUri|||x|\nmsgVpnName|x||x|\noauthProviderName|x||x|\ntokenIgnoreTimeLimitsEnabled|||x|\ntokenIntrospectionParameterName|||x|\ntokenIntrospectionPassword||x|x|x\ntokenIntrospectionTimeout|||x|\ntokenIntrospectionUri|||x|\ntokenIntrospectionUsername|||x|\nusernameClaimName|||x|\nusernameClaimSource|||x|\nusernameValidateEnabled|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.25. Replaced by authenticationOauthProfiles.",
+        "operationId": "getMsgVpnAuthenticationOauthProvider",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -11074,13 +16516,11 @@
             "type": "string"
           },
           {
-            "description": "The Message VPN object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The name of the OAuth Provider.",
+            "in": "path",
+            "name": "oauthProviderName",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpn"
-            }
+            "type": "string"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -11094,9 +16534,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Message VPN object's attributes after being replaced, and the request metadata.",
+            "description": "The OAuth Provider object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnResponse"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProviderResponse"
             }
           },
           "default": {
@@ -11111,17 +16551,17 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace a Message VPN object.",
+        "summary": "Get an OAuth Provider object.",
         "tags": [
           "all",
-          "msgVpn"
+          "msgVpn",
+          "authenticationOauthProvider"
         ]
-      }
-    },
-    "/msgVpns/{msgVpnName}/aclProfiles": {
-      "get": {
-        "description": "Get a list of ACL Profile objects.\n\nAn ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnAclProfiles",
+      },
+      "patch": {
+        "deprecated": true,
+        "description": "Update an OAuth Provider object. Any attribute missing from the request will be left unchanged.\n\nOAuth Providers contain information about the issuer of an OAuth token that is needed to validate the token and derive a client username from it.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\naudienceClaimName||||||x|\naudienceClaimSource||||||x|\naudienceClaimValue||||||x|\naudienceValidationEnabled||||||x|\nauthorizationGroupClaimName||||||x|\nauthorizationGroupClaimSource||||||x|\nauthorizationGroupEnabled||||||x|\ndisconnectOnTokenExpirationEnabled||||||x|\nenabled||||||x|\njwksRefreshInterval||||||x|\njwksUri||||||x|\nmsgVpnName|x|x||||x|\noauthProviderName|x|x||||x|\ntokenIgnoreTimeLimitsEnabled||||||x|\ntokenIntrospectionParameterName||||||x|\ntokenIntrospectionPassword|||x|||x|x\ntokenIntrospectionTimeout||||||x|\ntokenIntrospectionUri||||||x|\ntokenIntrospectionUsername||||||x|\nusernameClaimName||||||x|\nusernameClaimSource||||||x|\nusernameValidateEnabled||||||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.25. Replaced by authenticationOauthProfiles.",
+        "operationId": "updateMsgVpnAuthenticationOauthProvider",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -11131,17 +16571,24 @@
             "type": "string"
           },
           {
-            "$ref": "#/parameters/countQuery"
+            "description": "The name of the OAuth Provider.",
+            "in": "path",
+            "name": "oauthProviderName",
+            "required": true,
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/cursorQuery"
+            "description": "The OAuth Provider object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProvider"
+            }
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
-          {
-            "$ref": "#/parameters/whereQuery"
-          },
           {
             "$ref": "#/parameters/selectQuery"
           }
@@ -11151,9 +16598,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of ACL Profile objects' attributes, and the request metadata.",
+            "description": "The OAuth Provider object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfilesResponse"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProviderResponse"
             }
           },
           "default": {
@@ -11168,16 +16615,17 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of ACL Profile objects.",
+        "summary": "Update an OAuth Provider object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "authenticationOauthProvider"
         ]
       },
-      "post": {
-        "description": "Create an ACL Profile object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAn ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName|x|x||||\nmsgVpnName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "createMsgVpnAclProfile",
+      "put": {
+        "deprecated": true,
+        "description": "Replace an OAuth Provider object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nOAuth Providers contain information about the issuer of an OAuth token that is needed to validate the token and derive a client username from it.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\naudienceClaimName|||||||x|\naudienceClaimSource|||||||x|\naudienceClaimValue|||||||x|\naudienceValidationEnabled|||||||x|\nauthorizationGroupClaimName|||||||x|\nauthorizationGroupClaimSource|||||||x|\nauthorizationGroupEnabled|||||||x|\ndisconnectOnTokenExpirationEnabled|||||||x|\nenabled|||||||x|\njwksRefreshInterval|||||||x|\njwksUri|||||||x|\nmsgVpnName|x||x||||x|\noauthProviderName|x||x||||x|\ntokenIgnoreTimeLimitsEnabled|||||||x|\ntokenIntrospectionParameterName|||||||x|\ntokenIntrospectionPassword||||x|||x|x\ntokenIntrospectionTimeout|||||||x|\ntokenIntrospectionUri|||||||x|\ntokenIntrospectionUsername|||||||x|\nusernameClaimName|||||||x|\nusernameClaimSource|||||||x|\nusernameValidateEnabled|||||||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.25. Replaced by authenticationOauthProfiles.",
+        "operationId": "replaceMsgVpnAuthenticationOauthProvider",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -11187,12 +16635,19 @@
             "type": "string"
           },
           {
-            "description": "The ACL Profile object's attributes.",
+            "description": "The name of the OAuth Provider.",
+            "in": "path",
+            "name": "oauthProviderName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The OAuth Provider object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfile"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProvider"
             }
           },
           {
@@ -11207,9 +16662,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The ACL Profile object's attributes after being created, and the request metadata.",
+            "description": "The OAuth Provider object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileResponse"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProviderResponse"
             }
           },
           "default": {
@@ -11224,18 +16679,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create an ACL Profile object.",
+        "summary": "Replace an OAuth Provider object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "authenticationOauthProvider"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}": {
-      "delete": {
-        "description": "Delete an ACL Profile object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAn ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "deleteMsgVpnAclProfile",
+    "/msgVpns/{msgVpnName}/authorizationGroups": {
+      "get": {
+        "description": "Get a list of Authorization Group objects.\n\nTo use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthorizationGroupName|x|||\nmsgVpnName|x|||\norderAfterAuthorizationGroupName||x||\norderBeforeAuthorizationGroupName||x||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnAuthorizationGroups",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -11245,11 +16700,19 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
-            "in": "path",
-            "name": "aclProfileName",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -11257,9 +16720,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The request metadata.",
+            "description": "The list of Authorization Group objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
+              "$ref": "#/definitions/MsgVpnAuthorizationGroupsResponse"
             }
           },
           "default": {
@@ -11274,16 +16737,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete an ACL Profile object.",
+        "summary": "Get a list of Authorization Group objects.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "authorizationGroup"
         ]
-      },
-      "get": {
-        "description": "Get an ACL Profile object.\n\nAn ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnAclProfile",
+      },
+      "post": {
+        "description": "Create an Authorization Group object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nTo use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nauthorizationGroupName|x|x||||\nmsgVpnName|x||x|||\norderAfterAuthorizationGroupName||||x||\norderBeforeAuthorizationGroupName||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnAuthorizationGroup|orderAfterAuthorizationGroupName||orderBeforeAuthorizationGroupName\nMsgVpnAuthorizationGroup|orderBeforeAuthorizationGroupName||orderAfterAuthorizationGroupName\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnAuthorizationGroup",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -11293,11 +16756,13 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
-            "in": "path",
-            "name": "aclProfileName",
+            "description": "The Authorization Group object's attributes.",
+            "in": "body",
+            "name": "body",
             "required": true,
-            "type": "string"
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthorizationGroup"
+            }
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -11311,9 +16776,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The ACL Profile object's attributes, and the request metadata.",
+            "description": "The Authorization Group object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileResponse"
+              "$ref": "#/definitions/MsgVpnAuthorizationGroupResponse"
             }
           },
           "default": {
@@ -11328,16 +16793,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get an ACL Profile object.",
+        "summary": "Create an Authorization Group object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "authorizationGroup"
         ]
-      },
-      "patch": {
-        "description": "Update an ACL Profile object. Any attribute missing from the request will be left unchanged.\n\nAn ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName|x|x||||\nmsgVpnName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "updateMsgVpnAclProfile",
+      }
+    },
+    "/msgVpns/{msgVpnName}/authorizationGroups/{authorizationGroupName}": {
+      "delete": {
+        "description": "Delete an Authorization Group object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nTo use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnAuthorizationGroup",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -11347,26 +16814,11 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Authorization Group. For LDAP groups, special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\\#,lab,com'.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "authorizationGroupName",
             "required": true,
             "type": "string"
-          },
-          {
-            "description": "The ACL Profile object's attributes.",
-            "in": "body",
-            "name": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfile"
-            }
-          },
-          {
-            "$ref": "#/parameters/opaquePasswordQuery"
-          },
-          {
-            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -11374,9 +16826,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The ACL Profile object's attributes after being updated, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -11391,16 +16843,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update an ACL Profile object.",
+        "summary": "Delete an Authorization Group object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "authorizationGroup"
         ]
       },
-      "put": {
-        "description": "Replace an ACL Profile object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nAn ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName|x|x||||\nmsgVpnName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "replaceMsgVpnAclProfile",
+      "get": {
+        "description": "Get an Authorization Group object.\n\nTo use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthorizationGroupName|x|||\nmsgVpnName|x|||\norderAfterAuthorizationGroupName||x||\norderBeforeAuthorizationGroupName||x||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnAuthorizationGroup",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -11410,21 +16862,12 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Authorization Group. For LDAP groups, special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\\#,lab,com'.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "authorizationGroupName",
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The ACL Profile object's attributes.",
-            "in": "body",
-            "name": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfile"
-            }
-          },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
@@ -11437,9 +16880,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The ACL Profile object's attributes after being replaced, and the request metadata.",
+            "description": "The Authorization Group object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileResponse"
+              "$ref": "#/definitions/MsgVpnAuthorizationGroupResponse"
             }
           },
           "default": {
@@ -11454,18 +16897,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace an ACL Profile object.",
+        "summary": "Get an Authorization Group object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "authorizationGroup"
         ]
-      }
-    },
-    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/clientConnectExceptions": {
-      "get": {
-        "description": "Get a list of Client Connect Exception objects.\n\nA Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nclientConnectExceptionAddress|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnAclProfileClientConnectExceptions",
+      },
+      "patch": {
+        "description": "Update an Authorization Group object. Any attribute missing from the request will be left unchanged.\n\nTo use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\naclProfileName|||||x||\nauthorizationGroupName|x|x|||||\nclientProfileName|||||x||\nmsgVpnName|x|x|||||\norderAfterAuthorizationGroupName|||x||||\norderBeforeAuthorizationGroupName|||x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnAuthorizationGroup|orderAfterAuthorizationGroupName||orderBeforeAuthorizationGroupName\nMsgVpnAuthorizationGroup|orderBeforeAuthorizationGroupName||orderAfterAuthorizationGroupName\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "updateMsgVpnAuthorizationGroup",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -11475,24 +16916,24 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Authorization Group. For LDAP groups, special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\\#,lab,com'.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "authorizationGroupName",
             "required": true,
             "type": "string"
           },
           {
-            "$ref": "#/parameters/countQuery"
-          },
-          {
-            "$ref": "#/parameters/cursorQuery"
+            "description": "The Authorization Group object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthorizationGroup"
+            }
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
-          {
-            "$ref": "#/parameters/whereQuery"
-          },
           {
             "$ref": "#/parameters/selectQuery"
           }
@@ -11502,9 +16943,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Client Connect Exception objects' attributes, and the request metadata.",
+            "description": "The Authorization Group object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileClientConnectExceptionsResponse"
+              "$ref": "#/definitions/MsgVpnAuthorizationGroupResponse"
             }
           },
           "default": {
@@ -11519,16 +16960,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Client Connect Exception objects.",
+        "summary": "Update an Authorization Group object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "authorizationGroup"
         ]
       },
-      "post": {
-        "description": "Create a Client Connect Exception object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName|x||x|||\nclientConnectExceptionAddress|x|x||||\nmsgVpnName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "createMsgVpnAclProfileClientConnectException",
+      "put": {
+        "description": "Replace an Authorization Group object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nTo use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\naclProfileName||||||x||\nauthorizationGroupName|x||x|||||\nclientProfileName||||||x||\nmsgVpnName|x||x|||||\norderAfterAuthorizationGroupName||||x||||\norderBeforeAuthorizationGroupName||||x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnAuthorizationGroup|orderAfterAuthorizationGroupName||orderBeforeAuthorizationGroupName\nMsgVpnAuthorizationGroup|orderBeforeAuthorizationGroupName||orderAfterAuthorizationGroupName\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "replaceMsgVpnAuthorizationGroup",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -11538,19 +16979,19 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Authorization Group. For LDAP groups, special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\\#,lab,com'.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "authorizationGroupName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Client Connect Exception object's attributes.",
+            "description": "The Authorization Group object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileClientConnectException"
+              "$ref": "#/definitions/MsgVpnAuthorizationGroup"
             }
           },
           {
@@ -11565,9 +17006,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Client Connect Exception object's attributes after being created, and the request metadata.",
+            "description": "The Authorization Group object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileClientConnectExceptionResponse"
+              "$ref": "#/definitions/MsgVpnAuthorizationGroupResponse"
             }
           },
           "default": {
@@ -11582,18 +17023,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Client Connect Exception object.",
+        "summary": "Replace an Authorization Group object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "authorizationGroup"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/clientConnectExceptions/{clientConnectExceptionAddress}": {
-      "delete": {
-        "description": "Delete a Client Connect Exception object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "deleteMsgVpnAclProfileClientConnectException",
+    "/msgVpns/{msgVpnName}/bridges": {
+      "get": {
+        "description": "Get a list of Bridge objects.\n\nBridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridgeName|x|||\nbridgeVirtualRouter|x|||\nmsgVpnName|x|||\nremoteAuthenticationBasicPassword||x||x\nremoteAuthenticationClientCertContent||x||x\nremoteAuthenticationClientCertPassword||x||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnBridges",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -11603,18 +17044,19 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
-            "in": "path",
-            "name": "aclProfileName",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/countQuery"
           },
           {
-            "description": "The IP address/netmask of the client connect exception in CIDR form.",
-            "in": "path",
-            "name": "clientConnectExceptionAddress",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -11622,9 +17064,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The request metadata.",
+            "description": "The list of Bridge objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
+              "$ref": "#/definitions/MsgVpnBridgesResponse"
             }
           },
           "default": {
@@ -11639,16 +17081,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Client Connect Exception object.",
+        "summary": "Get a list of Bridge objects.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       },
-      "get": {
-        "description": "Get a Client Connect Exception object.\n\nA Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nclientConnectExceptionAddress|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnAclProfileClientConnectException",
+      "post": {
+        "description": "Create a Bridge object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nBridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nbridgeName|x|x||||\nbridgeVirtualRouter|x|x||||\nmsgVpnName|x||x|||\nremoteAuthenticationBasicPassword||||x||x\nremoteAuthenticationClientCertContent||||x||x\nremoteAuthenticationClientCertPassword||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnBridge|remoteAuthenticationBasicClientUsername|remoteAuthenticationBasicPassword|\nMsgVpnBridge|remoteAuthenticationBasicPassword|remoteAuthenticationBasicClientUsername|\nMsgVpnBridge|remoteAuthenticationClientCertPassword|remoteAuthenticationClientCertContent|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnBridge",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -11658,18 +17100,13 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
-            "in": "path",
-            "name": "aclProfileName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The IP address/netmask of the client connect exception in CIDR form.",
-            "in": "path",
-            "name": "clientConnectExceptionAddress",
+            "description": "The Bridge object's attributes.",
+            "in": "body",
+            "name": "body",
             "required": true,
-            "type": "string"
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridge"
+            }
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -11683,9 +17120,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Client Connect Exception object's attributes, and the request metadata.",
+            "description": "The Bridge object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileClientConnectExceptionResponse"
+              "$ref": "#/definitions/MsgVpnBridgeResponse"
             }
           },
           "default": {
@@ -11700,19 +17137,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Client Connect Exception object.",
+        "summary": "Create a Bridge object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/publishExceptions": {
-      "get": {
-        "deprecated": true,
-        "description": "Get a list of Publish Topic Exception objects.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x||x|\nmsgVpnName|x||x|\npublishExceptionTopic|x||x|\ntopicSyntax|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by publishTopicExceptions.",
-        "operationId": "getMsgVpnAclProfilePublishExceptions",
+    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}": {
+      "delete": {
+        "description": "Delete a Bridge object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nBridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnBridge",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -11722,26 +17158,18 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "bridgeName",
             "required": true,
             "type": "string"
           },
           {
-            "$ref": "#/parameters/countQuery"
-          },
-          {
-            "$ref": "#/parameters/cursorQuery"
-          },
-          {
-            "$ref": "#/parameters/opaquePasswordQuery"
-          },
-          {
-            "$ref": "#/parameters/whereQuery"
-          },
-          {
-            "$ref": "#/parameters/selectQuery"
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
           }
         ],
         "produces": [
@@ -11749,9 +17177,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Publish Topic Exception objects' attributes, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfilePublishExceptionsResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -11766,17 +17194,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Publish Topic Exception objects.",
+        "summary": "Delete a Bridge object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       },
-      "post": {
-        "deprecated": true,
-        "description": "Create a Publish Topic Exception object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName|x||x||x|\nmsgVpnName|x||x||x|\npublishExceptionTopic|x|x|||x|\ntopicSyntax|x|x|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by publishTopicExceptions.",
-        "operationId": "createMsgVpnAclProfilePublishException",
+      "get": {
+        "description": "Get a Bridge object.\n\nBridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridgeName|x|||\nbridgeVirtualRouter|x|||\nmsgVpnName|x|||\nremoteAuthenticationBasicPassword||x||x\nremoteAuthenticationClientCertContent||x||x\nremoteAuthenticationClientCertPassword||x||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnBridge",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -11786,20 +17213,18 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "bridgeName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Publish Topic Exception object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfilePublishException"
-            }
+            "type": "string"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -11813,9 +17238,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Publish Topic Exception object's attributes after being created, and the request metadata.",
+            "description": "The Bridge object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfilePublishExceptionResponse"
+              "$ref": "#/definitions/MsgVpnBridgeResponse"
             }
           },
           "default": {
@@ -11830,19 +17255,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Publish Topic Exception object.",
+        "summary": "Get a Bridge object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
-      }
-    },
-    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/publishExceptions/{topicSyntax},{publishExceptionTopic}": {
-      "delete": {
-        "deprecated": true,
-        "description": "Delete a Publish Topic Exception object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by publishTopicExceptions.",
-        "operationId": "deleteMsgVpnAclProfilePublishException",
+      },
+      "patch": {
+        "description": "Update a Bridge object. Any attribute missing from the request will be left unchanged.\n\nBridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nbridgeName|x|x|||||\nbridgeVirtualRouter|x|x|||||\nmaxTtl|||||x||\nmsgVpnName|x|x|||||\nremoteAuthenticationBasicClientUsername|||||x||\nremoteAuthenticationBasicPassword|||x||x||x\nremoteAuthenticationClientCertContent|||x||x||x\nremoteAuthenticationClientCertPassword|||x||x||\nremoteAuthenticationScheme|||||x||\nremoteDeliverToOnePriority|||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnBridge|remoteAuthenticationBasicClientUsername|remoteAuthenticationBasicPassword|\nMsgVpnBridge|remoteAuthenticationBasicPassword|remoteAuthenticationBasicClientUsername|\nMsgVpnBridge|remoteAuthenticationClientCertPassword|remoteAuthenticationClientCertContent|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "updateMsgVpnBridge",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -11852,25 +17274,33 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "bridgeName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The syntax of the topic for the exception to the default action taken.",
+            "description": "The virtual router of the Bridge.",
             "in": "path",
-            "name": "topicSyntax",
+            "name": "bridgeVirtualRouter",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
-            "in": "path",
-            "name": "publishExceptionTopic",
+            "description": "The Bridge object's attributes.",
+            "in": "body",
+            "name": "body",
             "required": true,
-            "type": "string"
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridge"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -11878,9 +17308,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The request metadata.",
+            "description": "The Bridge object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
+              "$ref": "#/definitions/MsgVpnBridgeResponse"
             }
           },
           "default": {
@@ -11895,17 +17325,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Publish Topic Exception object.",
+        "summary": "Update a Bridge object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       },
-      "get": {
-        "deprecated": true,
-        "description": "Get a Publish Topic Exception object.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x||x|\nmsgVpnName|x||x|\npublishExceptionTopic|x||x|\ntopicSyntax|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by publishTopicExceptions.",
-        "operationId": "getMsgVpnAclProfilePublishException",
+      "put": {
+        "description": "Replace a Bridge object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nBridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nbridgeName|x||x|||||\nbridgeVirtualRouter|x||x|||||\nmaxTtl||||||x||\nmsgVpnName|x||x|||||\nremoteAuthenticationBasicClientUsername||||||x||\nremoteAuthenticationBasicPassword||||x||x||x\nremoteAuthenticationClientCertContent||||x||x||x\nremoteAuthenticationClientCertPassword||||x||x||\nremoteAuthenticationScheme||||||x||\nremoteDeliverToOnePriority||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnBridge|remoteAuthenticationBasicClientUsername|remoteAuthenticationBasicPassword|\nMsgVpnBridge|remoteAuthenticationBasicPassword|remoteAuthenticationBasicClientUsername|\nMsgVpnBridge|remoteAuthenticationClientCertPassword|remoteAuthenticationClientCertContent|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "replaceMsgVpnBridge",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -11915,25 +17344,27 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "bridgeName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The syntax of the topic for the exception to the default action taken.",
+            "description": "The virtual router of the Bridge.",
             "in": "path",
-            "name": "topicSyntax",
+            "name": "bridgeVirtualRouter",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
-            "in": "path",
-            "name": "publishExceptionTopic",
+            "description": "The Bridge object's attributes.",
+            "in": "body",
+            "name": "body",
             "required": true,
-            "type": "string"
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridge"
+            }
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -11947,9 +17378,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Publish Topic Exception object's attributes, and the request metadata.",
+            "description": "The Bridge object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfilePublishExceptionResponse"
+              "$ref": "#/definitions/MsgVpnBridgeResponse"
             }
           },
           "default": {
@@ -11964,18 +17395,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Publish Topic Exception object.",
+        "summary": "Replace a Bridge object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/publishTopicExceptions": {
+    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/remoteMsgVpns": {
       "get": {
-        "description": "Get a list of Publish Topic Exception objects.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nmsgVpnName|x|||\npublishTopicException|x|||\npublishTopicExceptionSyntax|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
-        "operationId": "getMsgVpnAclProfilePublishTopicExceptions",
+        "description": "Get a list of Remote Message VPN objects.\n\nThe Remote Message VPN is the Message VPN that the Bridge connects to.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridgeName|x|||\nbridgeVirtualRouter|x|||\nmsgVpnName|x|||\npassword||x||x\nremoteMsgVpnInterface|x|||\nremoteMsgVpnLocation|x|||\nremoteMsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnBridgeRemoteMsgVpns",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -11985,17 +17416,18 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "bridgeName",
             "required": true,
             "type": "string"
           },
           {
-            "$ref": "#/parameters/countQuery"
-          },
-          {
-            "$ref": "#/parameters/cursorQuery"
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -12012,9 +17444,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Publish Topic Exception objects' attributes, and the request metadata.",
+            "description": "The list of Remote Message VPN objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfilePublishTopicExceptionsResponse"
+              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpnsResponse"
             }
           },
           "default": {
@@ -12029,16 +17461,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Publish Topic Exception objects.",
+        "summary": "Get a list of Remote Message VPN objects.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       },
       "post": {
-        "description": "Create a Publish Topic Exception object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName|x||x|||\nmsgVpnName|x||x|||\npublishTopicException|x|x||||\npublishTopicExceptionSyntax|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
-        "operationId": "createMsgVpnAclProfilePublishTopicException",
+        "description": "Create a Remote Message VPN object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe Remote Message VPN is the Message VPN that the Bridge connects to.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nbridgeName|x||x|||\nbridgeVirtualRouter|x||x|||\nmsgVpnName|x||x|||\npassword||||x||x\nremoteMsgVpnInterface|x|||||\nremoteMsgVpnLocation|x|x||||\nremoteMsgVpnName|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnBridgeRemoteMsgVpn|clientUsername|password|\nMsgVpnBridgeRemoteMsgVpn|password|clientUsername|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnBridgeRemoteMsgVpn",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -12048,19 +17480,26 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "bridgeName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Publish Topic Exception object's attributes.",
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Remote Message VPN object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfilePublishTopicException"
+              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpn"
             }
           },
           {
@@ -12075,9 +17514,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Publish Topic Exception object's attributes after being created, and the request metadata.",
+            "description": "The Remote Message VPN object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfilePublishTopicExceptionResponse"
+              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpnResponse"
             }
           },
           "default": {
@@ -12092,18 +17531,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Publish Topic Exception object.",
+        "summary": "Create a Remote Message VPN object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/publishTopicExceptions/{publishTopicExceptionSyntax},{publishTopicException}": {
+    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/remoteMsgVpns/{remoteMsgVpnName},{remoteMsgVpnLocation},{remoteMsgVpnInterface}": {
       "delete": {
-        "description": "Delete a Publish Topic Exception object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
-        "operationId": "deleteMsgVpnAclProfilePublishTopicException",
+        "description": "Delete a Remote Message VPN object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe Remote Message VPN is the Message VPN that the Bridge connects to.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnBridgeRemoteMsgVpn",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -12113,23 +17552,37 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "bridgeName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The syntax of the topic for the exception to the default action taken.",
+            "description": "The virtual router of the Bridge.",
             "in": "path",
-            "name": "publishTopicExceptionSyntax",
+            "name": "bridgeVirtualRouter",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "description": "The name of the remote Message VPN.",
             "in": "path",
-            "name": "publishTopicException",
+            "name": "remoteMsgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The location of the remote Message VPN as either an FQDN with port, IP address with port, or virtual router name (starting with \"v:\").",
+            "in": "path",
+            "name": "remoteMsgVpnLocation",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The physical interface on the local Message VPN host for connecting to the remote Message VPN. By default, an interface is chosen automatically (recommended), but if specified, `remoteMsgVpnLocation` must not be a virtual router name.",
+            "in": "path",
+            "name": "remoteMsgVpnInterface",
             "required": true,
             "type": "string"
           }
@@ -12156,16 +17609,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Publish Topic Exception object.",
+        "summary": "Delete a Remote Message VPN object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       },
       "get": {
-        "description": "Get a Publish Topic Exception object.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nmsgVpnName|x|||\npublishTopicException|x|||\npublishTopicExceptionSyntax|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
-        "operationId": "getMsgVpnAclProfilePublishTopicException",
+        "description": "Get a Remote Message VPN object.\n\nThe Remote Message VPN is the Message VPN that the Bridge connects to.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridgeName|x|||\nbridgeVirtualRouter|x|||\nmsgVpnName|x|||\npassword||x||x\nremoteMsgVpnInterface|x|||\nremoteMsgVpnLocation|x|||\nremoteMsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnBridgeRemoteMsgVpn",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -12175,95 +17628,43 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "bridgeName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The syntax of the topic for the exception to the default action taken.",
+            "description": "The virtual router of the Bridge.",
             "in": "path",
-            "name": "publishTopicExceptionSyntax",
+            "name": "bridgeVirtualRouter",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "description": "The name of the remote Message VPN.",
             "in": "path",
-            "name": "publishTopicException",
+            "name": "remoteMsgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "$ref": "#/parameters/opaquePasswordQuery"
-          },
-          {
-            "$ref": "#/parameters/selectQuery"
-          }
-        ],
-        "produces": [
-          "application/json"
-        ],
-        "responses": {
-          "200": {
-            "description": "The Publish Topic Exception object's attributes, and the request metadata.",
-            "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfilePublishTopicExceptionResponse"
-            }
-          },
-          "default": {
-            "description": "The error response.",
-            "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
-            }
-          }
-        },
-        "security": [
-          {
-            "basicAuth": []
-          }
-        ],
-        "summary": "Get a Publish Topic Exception object.",
-        "tags": [
-          "all",
-          "msgVpn",
-          "aclProfile"
-        ]
-      }
-    },
-    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeExceptions": {
-      "get": {
-        "deprecated": true,
-        "description": "Get a list of Subscribe Topic Exception objects.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x||x|\nmsgVpnName|x||x|\nsubscribeExceptionTopic|x||x|\ntopicSyntax|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by subscribeTopicExceptions.",
-        "operationId": "getMsgVpnAclProfileSubscribeExceptions",
-        "parameters": [
-          {
-            "description": "The name of the Message VPN.",
+            "description": "The location of the remote Message VPN as either an FQDN with port, IP address with port, or virtual router name (starting with \"v:\").",
             "in": "path",
-            "name": "msgVpnName",
+            "name": "remoteMsgVpnLocation",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The physical interface on the local Message VPN host for connecting to the remote Message VPN. By default, an interface is chosen automatically (recommended), but if specified, `remoteMsgVpnLocation` must not be a virtual router name.",
             "in": "path",
-            "name": "aclProfileName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "$ref": "#/parameters/countQuery"
-          },
-          {
-            "$ref": "#/parameters/cursorQuery"
+            "name": "remoteMsgVpnInterface",
+            "required": true,
+            "type": "string"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
-          {
-            "$ref": "#/parameters/whereQuery"
-          },
           {
             "$ref": "#/parameters/selectQuery"
           }
@@ -12273,9 +17674,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Subscribe Topic Exception objects' attributes, and the request metadata.",
+            "description": "The Remote Message VPN object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileSubscribeExceptionsResponse"
+              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpnResponse"
             }
           },
           "default": {
@@ -12290,17 +17691,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Subscribe Topic Exception objects.",
+        "summary": "Get a Remote Message VPN object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       },
-      "post": {
-        "deprecated": true,
-        "description": "Create a Subscribe Topic Exception object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName|x||x||x|\nmsgVpnName|x||x||x|\nsubscribeExceptionTopic|x|x|||x|\ntopicSyntax|x|x|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by subscribeTopicExceptions.",
-        "operationId": "createMsgVpnAclProfileSubscribeException",
+      "patch": {
+        "description": "Update a Remote Message VPN object. Any attribute missing from the request will be left unchanged.\n\nThe Remote Message VPN is the Message VPN that the Bridge connects to.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nbridgeName|x|x|||||\nbridgeVirtualRouter|x|x|||||\nclientUsername|||||x||\ncompressedDataEnabled|||||x||\negressFlowWindowSize|||||x||\nmsgVpnName|x|x|||||\npassword|||x||x||x\nremoteMsgVpnInterface|x|x|||||\nremoteMsgVpnLocation|x|x|||||\nremoteMsgVpnName|x|x|||||\ntlsEnabled|||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnBridgeRemoteMsgVpn|clientUsername|password|\nMsgVpnBridgeRemoteMsgVpn|password|clientUsername|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "updateMsgVpnBridgeRemoteMsgVpn",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -12310,19 +17710,47 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "bridgeName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Subscribe Topic Exception object's attributes.",
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the remote Message VPN.",
+            "in": "path",
+            "name": "remoteMsgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The location of the remote Message VPN as either an FQDN with port, IP address with port, or virtual router name (starting with \"v:\").",
+            "in": "path",
+            "name": "remoteMsgVpnLocation",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The physical interface on the local Message VPN host for connecting to the remote Message VPN. By default, an interface is chosen automatically (recommended), but if specified, `remoteMsgVpnLocation` must not be a virtual router name.",
+            "in": "path",
+            "name": "remoteMsgVpnInterface",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Remote Message VPN object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileSubscribeException"
+              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpn"
             }
           },
           {
@@ -12337,9 +17765,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Subscribe Topic Exception object's attributes after being created, and the request metadata.",
+            "description": "The Remote Message VPN object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileSubscribeExceptionResponse"
+              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpnResponse"
             }
           },
           "default": {
@@ -12354,19 +17782,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Subscribe Topic Exception object.",
+        "summary": "Update a Remote Message VPN object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
-      }
-    },
-    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeExceptions/{topicSyntax},{subscribeExceptionTopic}": {
-      "delete": {
-        "deprecated": true,
-        "description": "Delete a Subscribe Topic Exception object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by subscribeTopicExceptions.",
-        "operationId": "deleteMsgVpnAclProfileSubscribeException",
+      },
+      "put": {
+        "description": "Replace a Remote Message VPN object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nThe Remote Message VPN is the Message VPN that the Bridge connects to.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nbridgeName|x||x|||||\nbridgeVirtualRouter|x||x|||||\nclientUsername||||||x||\ncompressedDataEnabled||||||x||\negressFlowWindowSize||||||x||\nmsgVpnName|x||x|||||\npassword||||x||x||x\nremoteMsgVpnInterface|x||x|||||\nremoteMsgVpnLocation|x||x|||||\nremoteMsgVpnName|x||x|||||\ntlsEnabled||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnBridgeRemoteMsgVpn|clientUsername|password|\nMsgVpnBridgeRemoteMsgVpn|password|clientUsername|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "replaceMsgVpnBridgeRemoteMsgVpn",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -12376,88 +17801,48 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
-            "in": "path",
-            "name": "aclProfileName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The syntax of the topic for the exception to the default action taken.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "topicSyntax",
+            "name": "bridgeName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "description": "The virtual router of the Bridge.",
             "in": "path",
-            "name": "subscribeExceptionTopic",
+            "name": "bridgeVirtualRouter",
             "required": true,
             "type": "string"
-          }
-        ],
-        "produces": [
-          "application/json"
-        ],
-        "responses": {
-          "200": {
-            "description": "The request metadata.",
-            "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
-            }
           },
-          "default": {
-            "description": "The error response.",
-            "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
-            }
-          }
-        },
-        "security": [
-          {
-            "basicAuth": []
-          }
-        ],
-        "summary": "Delete a Subscribe Topic Exception object.",
-        "tags": [
-          "all",
-          "msgVpn",
-          "aclProfile"
-        ]
-      },
-      "get": {
-        "deprecated": true,
-        "description": "Get a Subscribe Topic Exception object.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x||x|\nmsgVpnName|x||x|\nsubscribeExceptionTopic|x||x|\ntopicSyntax|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by subscribeTopicExceptions.",
-        "operationId": "getMsgVpnAclProfileSubscribeException",
-        "parameters": [
           {
-            "description": "The name of the Message VPN.",
+            "description": "The name of the remote Message VPN.",
             "in": "path",
-            "name": "msgVpnName",
+            "name": "remoteMsgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The location of the remote Message VPN as either an FQDN with port, IP address with port, or virtual router name (starting with \"v:\").",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "remoteMsgVpnLocation",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The syntax of the topic for the exception to the default action taken.",
+            "description": "The physical interface on the local Message VPN host for connecting to the remote Message VPN. By default, an interface is chosen automatically (recommended), but if specified, `remoteMsgVpnLocation` must not be a virtual router name.",
             "in": "path",
-            "name": "topicSyntax",
+            "name": "remoteMsgVpnInterface",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
-            "in": "path",
-            "name": "subscribeExceptionTopic",
+            "description": "The Remote Message VPN object's attributes.",
+            "in": "body",
+            "name": "body",
             "required": true,
-            "type": "string"
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpn"
+            }
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -12471,9 +17856,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Subscribe Topic Exception object's attributes, and the request metadata.",
+            "description": "The Remote Message VPN object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileSubscribeExceptionResponse"
+              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpnResponse"
             }
           },
           "default": {
@@ -12488,18 +17873,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Subscribe Topic Exception object.",
+        "summary": "Replace a Remote Message VPN object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeShareNameExceptions": {
+    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/remoteSubscriptions": {
       "get": {
-        "description": "Get a list of Subscribe Share Name Exception objects.\n\nA Subscribe Share Name Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nmsgVpnName|x|||\nsubscribeShareNameException|x|||\nsubscribeShareNameExceptionSyntax|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
-        "operationId": "getMsgVpnAclProfileSubscribeShareNameExceptions",
+        "description": "Get a list of Remote Subscription objects.\n\nA Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridgeName|x|||\nbridgeVirtualRouter|x|||\nmsgVpnName|x|||\nremoteSubscriptionTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnBridgeRemoteSubscriptions",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -12509,9 +17894,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "bridgeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
             "required": true,
             "type": "string"
           },
@@ -12536,9 +17928,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Subscribe Share Name Exception objects' attributes, and the request metadata.",
+            "description": "The list of Remote Subscription objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileSubscribeShareNameExceptionsResponse"
+              "$ref": "#/definitions/MsgVpnBridgeRemoteSubscriptionsResponse"
             }
           },
           "default": {
@@ -12553,16 +17945,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Subscribe Share Name Exception objects.",
+        "summary": "Get a list of Remote Subscription objects.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       },
       "post": {
-        "description": "Create a Subscribe Share Name Exception object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Subscribe Share Name Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName|x||x|||\nmsgVpnName|x||x|||\nsubscribeShareNameException|x|x||||\nsubscribeShareNameExceptionSyntax|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
-        "operationId": "createMsgVpnAclProfileSubscribeShareNameException",
+        "description": "Create a Remote Subscription object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nbridgeName|x||x|||\nbridgeVirtualRouter|x||x|||\ndeliverAlwaysEnabled||x||||\nmsgVpnName|x||x|||\nremoteSubscriptionTopic|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnBridgeRemoteSubscription",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -12572,19 +17964,26 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "bridgeName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Subscribe Share Name Exception object's attributes.",
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Remote Subscription object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileSubscribeShareNameException"
+              "$ref": "#/definitions/MsgVpnBridgeRemoteSubscription"
             }
           },
           {
@@ -12599,9 +17998,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Subscribe Share Name Exception object's attributes after being created, and the request metadata.",
+            "description": "The Remote Subscription object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileSubscribeShareNameExceptionResponse"
+              "$ref": "#/definitions/MsgVpnBridgeRemoteSubscriptionResponse"
             }
           },
           "default": {
@@ -12616,18 +18015,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Subscribe Share Name Exception object.",
+        "summary": "Create a Remote Subscription object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeShareNameExceptions/{subscribeShareNameExceptionSyntax},{subscribeShareNameException}": {
+    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/remoteSubscriptions/{remoteSubscriptionTopic}": {
       "delete": {
-        "description": "Delete a Subscribe Share Name Exception object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Subscribe Share Name Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Exceptions must be expressed as a topic.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
-        "operationId": "deleteMsgVpnAclProfileSubscribeShareNameException",
+        "description": "Delete a Remote Subscription object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnBridgeRemoteSubscription",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -12637,23 +18036,23 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "bridgeName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The syntax of the subscribe share name for the exception to the default action taken.",
+            "description": "The virtual router of the Bridge.",
             "in": "path",
-            "name": "subscribeShareNameExceptionSyntax",
+            "name": "bridgeVirtualRouter",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The subscribe share name exception to the default action taken. May include wildcard characters.",
+            "description": "The topic of the Bridge remote subscription.",
             "in": "path",
-            "name": "subscribeShareNameException",
+            "name": "remoteSubscriptionTopic",
             "required": true,
             "type": "string"
           }
@@ -12680,16 +18079,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Subscribe Share Name Exception object.",
+        "summary": "Delete a Remote Subscription object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       },
       "get": {
-        "description": "Get a Subscribe Share Name Exception object.\n\nA Subscribe Share Name Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nmsgVpnName|x|||\nsubscribeShareNameException|x|||\nsubscribeShareNameExceptionSyntax|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
-        "operationId": "getMsgVpnAclProfileSubscribeShareNameException",
+        "description": "Get a Remote Subscription object.\n\nA Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridgeName|x|||\nbridgeVirtualRouter|x|||\nmsgVpnName|x|||\nremoteSubscriptionTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnBridgeRemoteSubscription",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -12699,23 +18098,23 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "bridgeName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The syntax of the subscribe share name for the exception to the default action taken.",
+            "description": "The virtual router of the Bridge.",
             "in": "path",
-            "name": "subscribeShareNameExceptionSyntax",
+            "name": "bridgeVirtualRouter",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The subscribe share name exception to the default action taken. May include wildcard characters.",
+            "description": "The topic of the Bridge remote subscription.",
             "in": "path",
-            "name": "subscribeShareNameException",
+            "name": "remoteSubscriptionTopic",
             "required": true,
             "type": "string"
           },
@@ -12731,9 +18130,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Subscribe Share Name Exception object's attributes, and the request metadata.",
+            "description": "The Remote Subscription object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileSubscribeShareNameExceptionResponse"
+              "$ref": "#/definitions/MsgVpnBridgeRemoteSubscriptionResponse"
             }
           },
           "default": {
@@ -12748,18 +18147,19 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Subscribe Share Name Exception object.",
+        "summary": "Get a Remote Subscription object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeTopicExceptions": {
+    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/tlsTrustedCommonNames": {
       "get": {
-        "description": "Get a list of Subscribe Topic Exception objects.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nmsgVpnName|x|||\nsubscribeTopicException|x|||\nsubscribeTopicExceptionSyntax|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
-        "operationId": "getMsgVpnAclProfileSubscribeTopicExceptions",
+        "deprecated": true,
+        "description": "Get a list of Trusted Common Name objects.\n\nThe Trusted Common Names for the Bridge are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridgeName|x||x|\nbridgeVirtualRouter|x||x|\nmsgVpnName|x||x|\ntlsTrustedCommonName|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "getMsgVpnBridgeTlsTrustedCommonNames",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -12769,17 +18169,18 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "bridgeName",
             "required": true,
             "type": "string"
           },
           {
-            "$ref": "#/parameters/countQuery"
-          },
-          {
-            "$ref": "#/parameters/cursorQuery"
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -12796,9 +18197,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Subscribe Topic Exception objects' attributes, and the request metadata.",
+            "description": "The list of Trusted Common Name objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileSubscribeTopicExceptionsResponse"
+              "$ref": "#/definitions/MsgVpnBridgeTlsTrustedCommonNamesResponse"
             }
           },
           "default": {
@@ -12813,16 +18214,17 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Subscribe Topic Exception objects.",
+        "summary": "Get a list of Trusted Common Name objects.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       },
       "post": {
-        "description": "Create a Subscribe Topic Exception object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName|x||x|||\nmsgVpnName|x||x|||\nsubscribeTopicException|x|x||||\nsubscribeTopicExceptionSyntax|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
-        "operationId": "createMsgVpnAclProfileSubscribeTopicException",
+        "deprecated": true,
+        "description": "Create a Trusted Common Name object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe Trusted Common Names for the Bridge are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nbridgeName|x||x||x|\nbridgeVirtualRouter|x||x||x|\nmsgVpnName|x||x||x|\ntlsTrustedCommonName|x|x|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "createMsgVpnBridgeTlsTrustedCommonName",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -12832,19 +18234,26 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "bridgeName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Subscribe Topic Exception object's attributes.",
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Trusted Common Name object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileSubscribeTopicException"
+              "$ref": "#/definitions/MsgVpnBridgeTlsTrustedCommonName"
             }
           },
           {
@@ -12859,9 +18268,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Subscribe Topic Exception object's attributes after being created, and the request metadata.",
+            "description": "The Trusted Common Name object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileSubscribeTopicExceptionResponse"
+              "$ref": "#/definitions/MsgVpnBridgeTlsTrustedCommonNameResponse"
             }
           },
           "default": {
@@ -12876,18 +18285,19 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Subscribe Topic Exception object.",
+        "summary": "Create a Trusted Common Name object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeTopicExceptions/{subscribeTopicExceptionSyntax},{subscribeTopicException}": {
+    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/tlsTrustedCommonNames/{tlsTrustedCommonName}": {
       "delete": {
-        "description": "Delete a Subscribe Topic Exception object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
-        "operationId": "deleteMsgVpnAclProfileSubscribeTopicException",
+        "deprecated": true,
+        "description": "Delete a Trusted Common Name object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe Trusted Common Names for the Bridge are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "deleteMsgVpnBridgeTlsTrustedCommonName",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -12897,23 +18307,23 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "bridgeName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The syntax of the topic for the exception to the default action taken.",
+            "description": "The virtual router of the Bridge.",
             "in": "path",
-            "name": "subscribeTopicExceptionSyntax",
+            "name": "bridgeVirtualRouter",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "description": "The expected trusted common name of the remote certificate.",
             "in": "path",
-            "name": "subscribeTopicException",
+            "name": "tlsTrustedCommonName",
             "required": true,
             "type": "string"
           }
@@ -12940,16 +18350,17 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Subscribe Topic Exception object.",
+        "summary": "Delete a Trusted Common Name object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       },
       "get": {
-        "description": "Get a Subscribe Topic Exception object.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nmsgVpnName|x|||\nsubscribeTopicException|x|||\nsubscribeTopicExceptionSyntax|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
-        "operationId": "getMsgVpnAclProfileSubscribeTopicException",
+        "deprecated": true,
+        "description": "Get a Trusted Common Name object.\n\nThe Trusted Common Names for the Bridge are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridgeName|x||x|\nbridgeVirtualRouter|x||x|\nmsgVpnName|x||x|\ntlsTrustedCommonName|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "getMsgVpnBridgeTlsTrustedCommonName",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -12959,23 +18370,23 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "bridgeName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The syntax of the topic for the exception to the default action taken.",
+            "description": "The virtual router of the Bridge.",
             "in": "path",
-            "name": "subscribeTopicExceptionSyntax",
+            "name": "bridgeVirtualRouter",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "description": "The expected trusted common name of the remote certificate.",
             "in": "path",
-            "name": "subscribeTopicException",
+            "name": "tlsTrustedCommonName",
             "required": true,
             "type": "string"
           },
@@ -12991,9 +18402,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Subscribe Topic Exception object's attributes, and the request metadata.",
+            "description": "The Trusted Common Name object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileSubscribeTopicExceptionResponse"
+              "$ref": "#/definitions/MsgVpnBridgeTlsTrustedCommonNameResponse"
             }
           },
           "default": {
@@ -13008,18 +18419,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Subscribe Topic Exception object.",
+        "summary": "Get a Trusted Common Name object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/authenticationOauthProfiles": {
+    "/msgVpns/{msgVpnName}/certMatchingRules": {
       "get": {
-        "description": "Get a list of OAuth Profile objects.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclientSecret||x||x\nmsgVpnName|x|||\noauthProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
-        "operationId": "getMsgVpnAuthenticationOauthProfiles",
+        "description": "Get a list of Certificate Matching Rule objects.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given username.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nruleName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "getMsgVpnCertMatchingRules",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -13049,9 +18460,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of OAuth Profile objects' attributes, and the request metadata.",
+            "description": "The list of Certificate Matching Rule objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfilesResponse"
+              "$ref": "#/definitions/MsgVpnCertMatchingRulesResponse"
             }
           },
           "default": {
@@ -13066,16 +18477,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of OAuth Profile objects.",
+        "summary": "Get a list of Certificate Matching Rule objects.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProfile"
+          "certMatchingRule"
         ]
       },
       "post": {
-        "description": "Create an OAuth Profile object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nclientSecret||||x||x\nmsgVpnName|x||x|||\noauthProfileName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.25.",
-        "operationId": "createMsgVpnAuthenticationOauthProfile",
+        "description": "Create a Certificate Matching Rule object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given username.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\nruleName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "createMsgVpnCertMatchingRule",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -13085,12 +18496,12 @@
             "type": "string"
           },
           {
-            "description": "The OAuth Profile object's attributes.",
+            "description": "The Certificate Matching Rule object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfile"
+              "$ref": "#/definitions/MsgVpnCertMatchingRule"
             }
           },
           {
@@ -13105,9 +18516,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The OAuth Profile object's attributes after being created, and the request metadata.",
+            "description": "The Certificate Matching Rule object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResponse"
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleResponse"
             }
           },
           "default": {
@@ -13122,18 +18533,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create an OAuth Profile object.",
+        "summary": "Create a Certificate Matching Rule object.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProfile"
+          "certMatchingRule"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}": {
+    "/msgVpns/{msgVpnName}/certMatchingRules/{ruleName}": {
       "delete": {
-        "description": "Delete an OAuth Profile object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.25.",
-        "operationId": "deleteMsgVpnAuthenticationOauthProfile",
+        "description": "Delete a Certificate Matching Rule object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given username.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "deleteMsgVpnCertMatchingRule",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -13143,9 +18554,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the OAuth profile.",
+            "description": "The name of the rule.",
             "in": "path",
-            "name": "oauthProfileName",
+            "name": "ruleName",
             "required": true,
             "type": "string"
           }
@@ -13172,16 +18583,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete an OAuth Profile object.",
+        "summary": "Delete a Certificate Matching Rule object.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProfile"
+          "certMatchingRule"
         ]
       },
       "get": {
-        "description": "Get an OAuth Profile object.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclientSecret||x||x\nmsgVpnName|x|||\noauthProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
-        "operationId": "getMsgVpnAuthenticationOauthProfile",
+        "description": "Get a Certificate Matching Rule object.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given username.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nruleName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "getMsgVpnCertMatchingRule",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -13191,9 +18602,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the OAuth profile.",
+            "description": "The name of the rule.",
             "in": "path",
-            "name": "oauthProfileName",
+            "name": "ruleName",
             "required": true,
             "type": "string"
           },
@@ -13209,9 +18620,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The OAuth Profile object's attributes, and the request metadata.",
+            "description": "The Certificate Matching Rule object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResponse"
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleResponse"
             }
           },
           "default": {
@@ -13226,16 +18637,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get an OAuth Profile object.",
+        "summary": "Get a Certificate Matching Rule object.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProfile"
+          "certMatchingRule"
         ]
       },
       "patch": {
-        "description": "Update an OAuth Profile object. Any attribute missing from the request will be left unchanged.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nclientSecret|||x|||x\nmsgVpnName|x|x||||\noauthProfileName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.25.",
-        "operationId": "updateMsgVpnAuthenticationOauthProfile",
+        "description": "Update a Certificate Matching Rule object. Any attribute missing from the request will be left unchanged.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given username.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nmsgVpnName|x|x|||||\nruleName|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "updateMsgVpnCertMatchingRule",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -13245,19 +18656,19 @@
             "type": "string"
           },
           {
-            "description": "The name of the OAuth profile.",
+            "description": "The name of the rule.",
             "in": "path",
-            "name": "oauthProfileName",
+            "name": "ruleName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The OAuth Profile object's attributes.",
+            "description": "The Certificate Matching Rule object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfile"
+              "$ref": "#/definitions/MsgVpnCertMatchingRule"
             }
           },
           {
@@ -13272,9 +18683,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The OAuth Profile object's attributes after being updated, and the request metadata.",
+            "description": "The Certificate Matching Rule object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResponse"
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleResponse"
             }
           },
           "default": {
@@ -13289,16 +18700,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update an OAuth Profile object.",
+        "summary": "Update a Certificate Matching Rule object.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProfile"
+          "certMatchingRule"
         ]
       },
       "put": {
-        "description": "Replace an OAuth Profile object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nclientSecret|||x|||x\nmsgVpnName|x|x||||\noauthProfileName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.25.",
-        "operationId": "replaceMsgVpnAuthenticationOauthProfile",
+        "description": "Replace a Certificate Matching Rule object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given username.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nmsgVpnName|x||x|||||\nruleName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "replaceMsgVpnCertMatchingRule",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -13308,19 +18719,19 @@
             "type": "string"
           },
           {
-            "description": "The name of the OAuth profile.",
+            "description": "The name of the rule.",
             "in": "path",
-            "name": "oauthProfileName",
+            "name": "ruleName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The OAuth Profile object's attributes.",
+            "description": "The Certificate Matching Rule object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfile"
+              "$ref": "#/definitions/MsgVpnCertMatchingRule"
             }
           },
           {
@@ -13335,9 +18746,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The OAuth Profile object's attributes after being replaced, and the request metadata.",
+            "description": "The Certificate Matching Rule object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResponse"
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleResponse"
             }
           },
           "default": {
@@ -13352,18 +18763,146 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace an OAuth Profile object.",
+        "summary": "Replace a Certificate Matching Rule object.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProfile"
+          "certMatchingRule"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}/clientRequiredClaims": {
+    "/msgVpns/{msgVpnName}/certMatchingRules/{ruleName}/attributeFilters": {
       "get": {
-        "description": "Get a list of Required Claim objects.\n\nAdditional claims to be verified in the ID token.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclientRequiredClaimName|x|||\nmsgVpnName|x|||\noauthProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
-        "operationId": "getMsgVpnAuthenticationOauthProfileClientRequiredClaims",
+        "description": "Get a list of Certificate Matching Rule Attribute Filter objects.\n\nA Cert Matching Rule Attribute Filter compares a username attribute to a string.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nfilterName|x|||\nmsgVpnName|x|||\nruleName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "getMsgVpnCertMatchingRuleAttributeFilters",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Certificate Matching Rule Attribute Filter objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFiltersResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Certificate Matching Rule Attribute Filter objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "certMatchingRule"
+        ]
+      },
+      "post": {
+        "description": "Create a Certificate Matching Rule Attribute Filter object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Cert Matching Rule Attribute Filter compares a username attribute to a string.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nfilterName|x|x||||\nmsgVpnName|x||x|||\nruleName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "createMsgVpnCertMatchingRuleAttributeFilter",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilter"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Certificate Matching Rule Attribute Filter object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "certMatchingRule"
+        ]
+      }
+    },
+    "/msgVpns/{msgVpnName}/certMatchingRules/{ruleName}/attributeFilters/{filterName}": {
+      "delete": {
+        "description": "Delete a Certificate Matching Rule Attribute Filter object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Cert Matching Rule Attribute Filter compares a username attribute to a string.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "deleteMsgVpnCertMatchingRuleAttributeFilter",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -13373,26 +18912,18 @@
             "type": "string"
           },
           {
-            "description": "The name of the OAuth profile.",
+            "description": "The name of the rule.",
             "in": "path",
-            "name": "oauthProfileName",
+            "name": "ruleName",
             "required": true,
             "type": "string"
           },
           {
-            "$ref": "#/parameters/countQuery"
-          },
-          {
-            "$ref": "#/parameters/cursorQuery"
-          },
-          {
-            "$ref": "#/parameters/opaquePasswordQuery"
-          },
-          {
-            "$ref": "#/parameters/whereQuery"
-          },
-          {
-            "$ref": "#/parameters/selectQuery"
+            "description": "The name of the filter.",
+            "in": "path",
+            "name": "filterName",
+            "required": true,
+            "type": "string"
           }
         ],
         "produces": [
@@ -13400,9 +18931,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Required Claim objects' attributes, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileClientRequiredClaimsResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -13417,16 +18948,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Required Claim objects.",
+        "summary": "Delete a Certificate Matching Rule Attribute Filter object.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProfile"
+          "certMatchingRule"
         ]
       },
-      "post": {
-        "description": "Create a Required Claim object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAdditional claims to be verified in the ID token.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nclientRequiredClaimName|x|x||||\nclientRequiredClaimValue||x||||\nmsgVpnName|x||x|||\noauthProfileName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.25.",
-        "operationId": "createMsgVpnAuthenticationOauthProfileClientRequiredClaim",
+      "get": {
+        "description": "Get a Certificate Matching Rule Attribute Filter object.\n\nA Cert Matching Rule Attribute Filter compares a username attribute to a string.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nfilterName|x|||\nmsgVpnName|x|||\nruleName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "getMsgVpnCertMatchingRuleAttributeFilter",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -13436,20 +18967,18 @@
             "type": "string"
           },
           {
-            "description": "The name of the OAuth profile.",
+            "description": "The name of the rule.",
             "in": "path",
-            "name": "oauthProfileName",
+            "name": "ruleName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Required Claim object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The name of the filter.",
+            "in": "path",
+            "name": "filterName",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileClientRequiredClaim"
-            }
+            "type": "string"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -13463,9 +18992,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Required Claim object's attributes after being created, and the request metadata.",
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileClientRequiredClaimResponse"
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilterResponse"
             }
           },
           "default": {
@@ -13480,18 +19009,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Required Claim object.",
+        "summary": "Get a Certificate Matching Rule Attribute Filter object.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProfile"
+          "certMatchingRule"
         ]
-      }
-    },
-    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}/clientRequiredClaims/{clientRequiredClaimName}": {
-      "delete": {
-        "description": "Delete a Required Claim object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAdditional claims to be verified in the ID token.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.25.",
-        "operationId": "deleteMsgVpnAuthenticationOauthProfileClientRequiredClaim",
+      },
+      "patch": {
+        "description": "Update a Certificate Matching Rule Attribute Filter object. Any attribute missing from the request will be left unchanged.\n\nA Cert Matching Rule Attribute Filter compares a username attribute to a string.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nfilterName|x|x|||||\nmsgVpnName|x|x|||||\nruleName|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "updateMsgVpnCertMatchingRuleAttributeFilter",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -13501,18 +19028,33 @@
             "type": "string"
           },
           {
-            "description": "The name of the OAuth profile.",
+            "description": "The name of the rule.",
             "in": "path",
-            "name": "oauthProfileName",
+            "name": "ruleName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the ID token claim to verify.",
+            "description": "The name of the filter.",
             "in": "path",
-            "name": "clientRequiredClaimName",
+            "name": "filterName",
             "required": true,
             "type": "string"
+          },
+          {
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilter"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -13520,9 +19062,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The request metadata.",
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilterResponse"
             }
           },
           "default": {
@@ -13537,16 +19079,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Required Claim object.",
+        "summary": "Update a Certificate Matching Rule Attribute Filter object.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProfile"
+          "certMatchingRule"
         ]
       },
-      "get": {
-        "description": "Get a Required Claim object.\n\nAdditional claims to be verified in the ID token.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclientRequiredClaimName|x|||\nmsgVpnName|x|||\noauthProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
-        "operationId": "getMsgVpnAuthenticationOauthProfileClientRequiredClaim",
+      "put": {
+        "description": "Replace a Certificate Matching Rule Attribute Filter object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Cert Matching Rule Attribute Filter compares a username attribute to a string.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nfilterName|x||x|||||\nmsgVpnName|x||x|||||\nruleName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "replaceMsgVpnCertMatchingRuleAttributeFilter",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -13556,19 +19098,28 @@
             "type": "string"
           },
           {
-            "description": "The name of the OAuth profile.",
+            "description": "The name of the rule.",
             "in": "path",
-            "name": "oauthProfileName",
+            "name": "ruleName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the ID token claim to verify.",
+            "description": "The name of the filter.",
             "in": "path",
-            "name": "clientRequiredClaimName",
+            "name": "filterName",
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilter"
+            }
+          },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
@@ -13581,9 +19132,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Required Claim object's attributes, and the request metadata.",
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileClientRequiredClaimResponse"
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilterResponse"
             }
           },
           "default": {
@@ -13598,18 +19149,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Required Claim object.",
+        "summary": "Replace a Certificate Matching Rule Attribute Filter object.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProfile"
+          "certMatchingRule"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}/resourceServerRequiredClaims": {
+    "/msgVpns/{msgVpnName}/certMatchingRules/{ruleName}/conditions": {
       "get": {
-        "description": "Get a list of Required Claim objects.\n\nAdditional claims to be verified in the access token.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\noauthProfileName|x|||\nresourceServerRequiredClaimName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
-        "operationId": "getMsgVpnAuthenticationOauthProfileResourceServerRequiredClaims",
+        "description": "Get a list of Certificate Matching Rule Condition objects.\n\nA Cert Matching Rule Condition compares data extracted from a certificate to a username attribute or an expression.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nruleName|x|||\nsource|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "getMsgVpnCertMatchingRuleConditions",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -13619,9 +19170,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the OAuth profile.",
+            "description": "The name of the rule.",
             "in": "path",
-            "name": "oauthProfileName",
+            "name": "ruleName",
             "required": true,
             "type": "string"
           },
@@ -13646,9 +19197,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Required Claim objects' attributes, and the request metadata.",
+            "description": "The list of Certificate Matching Rule Condition objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResourceServerRequiredClaimsResponse"
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleConditionsResponse"
             }
           },
           "default": {
@@ -13663,16 +19214,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Required Claim objects.",
+        "summary": "Get a list of Certificate Matching Rule Condition objects.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProfile"
+          "certMatchingRule"
         ]
       },
       "post": {
-        "description": "Create a Required Claim object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAdditional claims to be verified in the access token.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\noauthProfileName|x||x|||\nresourceServerRequiredClaimName|x|x||||\nresourceServerRequiredClaimValue||x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.25.",
-        "operationId": "createMsgVpnAuthenticationOauthProfileResourceServerRequiredClaim",
+        "description": "Create a Certificate Matching Rule Condition object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Cert Matching Rule Condition compares data extracted from a certificate to a username attribute or an expression.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\nruleName|x||x|||\nsource|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "createMsgVpnCertMatchingRuleCondition",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -13682,19 +19233,19 @@
             "type": "string"
           },
           {
-            "description": "The name of the OAuth profile.",
+            "description": "The name of the rule.",
             "in": "path",
-            "name": "oauthProfileName",
+            "name": "ruleName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Required Claim object's attributes.",
+            "description": "The Certificate Matching Rule Condition object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResourceServerRequiredClaim"
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleCondition"
             }
           },
           {
@@ -13709,9 +19260,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Required Claim object's attributes after being created, and the request metadata.",
+            "description": "The Certificate Matching Rule Condition object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResourceServerRequiredClaimResponse"
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleConditionResponse"
             }
           },
           "default": {
@@ -13726,18 +19277,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Required Claim object.",
+        "summary": "Create a Certificate Matching Rule Condition object.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProfile"
+          "certMatchingRule"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}/resourceServerRequiredClaims/{resourceServerRequiredClaimName}": {
+    "/msgVpns/{msgVpnName}/certMatchingRules/{ruleName}/conditions/{source}": {
       "delete": {
-        "description": "Delete a Required Claim object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAdditional claims to be verified in the access token.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.25.",
-        "operationId": "deleteMsgVpnAuthenticationOauthProfileResourceServerRequiredClaim",
+        "description": "Delete a Certificate Matching Rule Condition object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Cert Matching Rule Condition compares data extracted from a certificate to a username attribute or an expression.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "deleteMsgVpnCertMatchingRuleCondition",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -13747,16 +19298,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the OAuth profile.",
+            "description": "The name of the rule.",
             "in": "path",
-            "name": "oauthProfileName",
+            "name": "ruleName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the access token claim to verify.",
+            "description": "Certificate field to be compared with the Attribute.",
             "in": "path",
-            "name": "resourceServerRequiredClaimName",
+            "name": "source",
             "required": true,
             "type": "string"
           }
@@ -13783,16 +19334,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Required Claim object.",
+        "summary": "Delete a Certificate Matching Rule Condition object.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProfile"
+          "certMatchingRule"
         ]
       },
       "get": {
-        "description": "Get a Required Claim object.\n\nAdditional claims to be verified in the access token.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\noauthProfileName|x|||\nresourceServerRequiredClaimName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
-        "operationId": "getMsgVpnAuthenticationOauthProfileResourceServerRequiredClaim",
+        "description": "Get a Certificate Matching Rule Condition object.\n\nA Cert Matching Rule Condition compares data extracted from a certificate to a username attribute or an expression.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nruleName|x|||\nsource|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "getMsgVpnCertMatchingRuleCondition",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -13802,16 +19353,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the OAuth profile.",
+            "description": "The name of the rule.",
             "in": "path",
-            "name": "oauthProfileName",
+            "name": "ruleName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the access token claim to verify.",
+            "description": "Certificate field to be compared with the Attribute.",
             "in": "path",
-            "name": "resourceServerRequiredClaimName",
+            "name": "source",
             "required": true,
             "type": "string"
           },
@@ -13827,9 +19378,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Required Claim object's attributes, and the request metadata.",
+            "description": "The Certificate Matching Rule Condition object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResourceServerRequiredClaimResponse"
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleConditionResponse"
             }
           },
           "default": {
@@ -13844,19 +19395,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Required Claim object.",
+        "summary": "Get a Certificate Matching Rule Condition object.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProfile"
+          "certMatchingRule"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/authenticationOauthProviders": {
+    "/msgVpns/{msgVpnName}/clientProfiles": {
       "get": {
-        "deprecated": true,
-        "description": "Get a list of OAuth Provider objects.\n\nOAuth Providers contain information about the issuer of an OAuth token that is needed to validate the token and derive a client username from it.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naudienceClaimName|||x|\naudienceClaimSource|||x|\naudienceClaimValue|||x|\naudienceValidationEnabled|||x|\nauthorizationGroupClaimName|||x|\nauthorizationGroupClaimSource|||x|\nauthorizationGroupEnabled|||x|\ndisconnectOnTokenExpirationEnabled|||x|\nenabled|||x|\njwksRefreshInterval|||x|\njwksUri|||x|\nmsgVpnName|x||x|\noauthProviderName|x||x|\ntokenIgnoreTimeLimitsEnabled|||x|\ntokenIntrospectionParameterName|||x|\ntokenIntrospectionPassword||x|x|x\ntokenIntrospectionTimeout|||x|\ntokenIntrospectionUri|||x|\ntokenIntrospectionUsername|||x|\nusernameClaimName|||x|\nusernameClaimSource|||x|\nusernameValidateEnabled|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.25. Replaced by authenticationOauthProfiles.",
-        "operationId": "getMsgVpnAuthenticationOauthProviders",
+        "description": "Get a list of Client Profile objects.\n\nClient Profiles are used to assign common configuration properties to clients that have been successfully authorized.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nallowCutThroughForwardingEnabled|||x|\napiQueueManagementCopyFromOnCreateName|||x|\napiTopicEndpointManagementCopyFromOnCreateName|||x|\nclientProfileName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnClientProfiles",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -13886,9 +19436,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of OAuth Provider objects' attributes, and the request metadata.",
+            "description": "The list of Client Profile objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProvidersResponse"
+              "$ref": "#/definitions/MsgVpnClientProfilesResponse"
             }
           },
           "default": {
@@ -13903,17 +19453,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of OAuth Provider objects.",
+        "summary": "Get a list of Client Profile objects.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProvider"
+          "clientProfile"
         ]
       },
       "post": {
-        "deprecated": true,
-        "description": "Create an OAuth Provider object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nOAuth Providers contain information about the issuer of an OAuth token that is needed to validate the token and derive a client username from it.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naudienceClaimName|||||x|\naudienceClaimSource|||||x|\naudienceClaimValue|||||x|\naudienceValidationEnabled|||||x|\nauthorizationGroupClaimName|||||x|\nauthorizationGroupClaimSource|||||x|\nauthorizationGroupEnabled|||||x|\ndisconnectOnTokenExpirationEnabled|||||x|\nenabled|||||x|\njwksRefreshInterval|||||x|\njwksUri|||||x|\nmsgVpnName|x||x||x|\noauthProviderName|x|x|||x|\ntokenIgnoreTimeLimitsEnabled|||||x|\ntokenIntrospectionParameterName|||||x|\ntokenIntrospectionPassword||||x|x|x\ntokenIntrospectionTimeout|||||x|\ntokenIntrospectionUri|||||x|\ntokenIntrospectionUsername|||||x|\nusernameClaimName|||||x|\nusernameClaimSource|||||x|\nusernameValidateEnabled|||||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.25. Replaced by authenticationOauthProfiles.",
-        "operationId": "createMsgVpnAuthenticationOauthProvider",
+        "description": "Create a Client Profile object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nClient Profiles are used to assign common configuration properties to clients that have been successfully authorized.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nallowCutThroughForwardingEnabled|||||x|\napiQueueManagementCopyFromOnCreateName|||||x|\napiTopicEndpointManagementCopyFromOnCreateName|||||x|\nclientProfileName|x|x||||\nmsgVpnName|x||x|||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\nEventThresholdByPercent|clearPercent|setPercent|\nEventThresholdByPercent|setPercent|clearPercent|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnClientProfile",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -13923,12 +19472,12 @@
             "type": "string"
           },
           {
-            "description": "The OAuth Provider object's attributes.",
+            "description": "The Client Profile object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProvider"
+              "$ref": "#/definitions/MsgVpnClientProfile"
             }
           },
           {
@@ -13943,9 +19492,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The OAuth Provider object's attributes after being created, and the request metadata.",
+            "description": "The Client Profile object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProviderResponse"
+              "$ref": "#/definitions/MsgVpnClientProfileResponse"
             }
           },
           "default": {
@@ -13960,19 +19509,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create an OAuth Provider object.",
+        "summary": "Create a Client Profile object.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProvider"
+          "clientProfile"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/authenticationOauthProviders/{oauthProviderName}": {
+    "/msgVpns/{msgVpnName}/clientProfiles/{clientProfileName}": {
       "delete": {
-        "deprecated": true,
-        "description": "Delete an OAuth Provider object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nOAuth Providers contain information about the issuer of an OAuth token that is needed to validate the token and derive a client username from it.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.25. Replaced by authenticationOauthProfiles.",
-        "operationId": "deleteMsgVpnAuthenticationOauthProvider",
+        "description": "Delete a Client Profile object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nClient Profiles are used to assign common configuration properties to clients that have been successfully authorized.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnClientProfile",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -13982,9 +19530,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the OAuth Provider.",
+            "description": "The name of the Client Profile.",
             "in": "path",
-            "name": "oauthProviderName",
+            "name": "clientProfileName",
             "required": true,
             "type": "string"
           }
@@ -14011,17 +19559,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete an OAuth Provider object.",
+        "summary": "Delete a Client Profile object.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProvider"
+          "clientProfile"
         ]
       },
       "get": {
-        "deprecated": true,
-        "description": "Get an OAuth Provider object.\n\nOAuth Providers contain information about the issuer of an OAuth token that is needed to validate the token and derive a client username from it.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naudienceClaimName|||x|\naudienceClaimSource|||x|\naudienceClaimValue|||x|\naudienceValidationEnabled|||x|\nauthorizationGroupClaimName|||x|\nauthorizationGroupClaimSource|||x|\nauthorizationGroupEnabled|||x|\ndisconnectOnTokenExpirationEnabled|||x|\nenabled|||x|\njwksRefreshInterval|||x|\njwksUri|||x|\nmsgVpnName|x||x|\noauthProviderName|x||x|\ntokenIgnoreTimeLimitsEnabled|||x|\ntokenIntrospectionParameterName|||x|\ntokenIntrospectionPassword||x|x|x\ntokenIntrospectionTimeout|||x|\ntokenIntrospectionUri|||x|\ntokenIntrospectionUsername|||x|\nusernameClaimName|||x|\nusernameClaimSource|||x|\nusernameValidateEnabled|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.25. Replaced by authenticationOauthProfiles.",
-        "operationId": "getMsgVpnAuthenticationOauthProvider",
+        "description": "Get a Client Profile object.\n\nClient Profiles are used to assign common configuration properties to clients that have been successfully authorized.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nallowCutThroughForwardingEnabled|||x|\napiQueueManagementCopyFromOnCreateName|||x|\napiTopicEndpointManagementCopyFromOnCreateName|||x|\nclientProfileName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnClientProfile",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -14031,9 +19578,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the OAuth Provider.",
+            "description": "The name of the Client Profile.",
             "in": "path",
-            "name": "oauthProviderName",
+            "name": "clientProfileName",
             "required": true,
             "type": "string"
           },
@@ -14049,9 +19596,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The OAuth Provider object's attributes, and the request metadata.",
+            "description": "The Client Profile object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProviderResponse"
+              "$ref": "#/definitions/MsgVpnClientProfileResponse"
             }
           },
           "default": {
@@ -14066,17 +19613,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get an OAuth Provider object.",
+        "summary": "Get a Client Profile object.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProvider"
+          "clientProfile"
         ]
       },
       "patch": {
-        "deprecated": true,
-        "description": "Update an OAuth Provider object. Any attribute missing from the request will be left unchanged.\n\nOAuth Providers contain information about the issuer of an OAuth token that is needed to validate the token and derive a client username from it.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naudienceClaimName|||||x|\naudienceClaimSource|||||x|\naudienceClaimValue|||||x|\naudienceValidationEnabled|||||x|\nauthorizationGroupClaimName|||||x|\nauthorizationGroupClaimSource|||||x|\nauthorizationGroupEnabled|||||x|\ndisconnectOnTokenExpirationEnabled|||||x|\nenabled|||||x|\njwksRefreshInterval|||||x|\njwksUri|||||x|\nmsgVpnName|x|x|||x|\noauthProviderName|x|x|||x|\ntokenIgnoreTimeLimitsEnabled|||||x|\ntokenIntrospectionParameterName|||||x|\ntokenIntrospectionPassword|||x||x|x\ntokenIntrospectionTimeout|||||x|\ntokenIntrospectionUri|||||x|\ntokenIntrospectionUsername|||||x|\nusernameClaimName|||||x|\nusernameClaimSource|||||x|\nusernameValidateEnabled|||||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.25. Replaced by authenticationOauthProfiles.",
-        "operationId": "updateMsgVpnAuthenticationOauthProvider",
+        "description": "Update a Client Profile object. Any attribute missing from the request will be left unchanged.\n\nClient Profiles are used to assign common configuration properties to clients that have been successfully authorized.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nallowCutThroughForwardingEnabled||||||x|\napiQueueManagementCopyFromOnCreateName||||||x|\napiTopicEndpointManagementCopyFromOnCreateName||||||x|\nclientProfileName|x|x|||||\nmsgVpnName|x|x|||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\nEventThresholdByPercent|clearPercent|setPercent|\nEventThresholdByPercent|setPercent|clearPercent|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "updateMsgVpnClientProfile",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -14086,19 +19632,19 @@
             "type": "string"
           },
           {
-            "description": "The name of the OAuth Provider.",
+            "description": "The name of the Client Profile.",
             "in": "path",
-            "name": "oauthProviderName",
+            "name": "clientProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The OAuth Provider object's attributes.",
+            "description": "The Client Profile object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProvider"
+              "$ref": "#/definitions/MsgVpnClientProfile"
             }
           },
           {
@@ -14113,9 +19659,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The OAuth Provider object's attributes after being updated, and the request metadata.",
+            "description": "The Client Profile object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProviderResponse"
+              "$ref": "#/definitions/MsgVpnClientProfileResponse"
             }
           },
           "default": {
@@ -14130,17 +19676,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update an OAuth Provider object.",
+        "summary": "Update a Client Profile object.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProvider"
+          "clientProfile"
         ]
       },
       "put": {
-        "deprecated": true,
-        "description": "Replace an OAuth Provider object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nOAuth Providers contain information about the issuer of an OAuth token that is needed to validate the token and derive a client username from it.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naudienceClaimName|||||x|\naudienceClaimSource|||||x|\naudienceClaimValue|||||x|\naudienceValidationEnabled|||||x|\nauthorizationGroupClaimName|||||x|\nauthorizationGroupClaimSource|||||x|\nauthorizationGroupEnabled|||||x|\ndisconnectOnTokenExpirationEnabled|||||x|\nenabled|||||x|\njwksRefreshInterval|||||x|\njwksUri|||||x|\nmsgVpnName|x|x|||x|\noauthProviderName|x|x|||x|\ntokenIgnoreTimeLimitsEnabled|||||x|\ntokenIntrospectionParameterName|||||x|\ntokenIntrospectionPassword|||x||x|x\ntokenIntrospectionTimeout|||||x|\ntokenIntrospectionUri|||||x|\ntokenIntrospectionUsername|||||x|\nusernameClaimName|||||x|\nusernameClaimSource|||||x|\nusernameValidateEnabled|||||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.25. Replaced by authenticationOauthProfiles.",
-        "operationId": "replaceMsgVpnAuthenticationOauthProvider",
+        "description": "Replace a Client Profile object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nClient Profiles are used to assign common configuration properties to clients that have been successfully authorized.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nallowCutThroughForwardingEnabled|||||||x|\napiQueueManagementCopyFromOnCreateName|||||||x|\napiTopicEndpointManagementCopyFromOnCreateName|||||||x|\nclientProfileName|x||x|||||\nmsgVpnName|x||x|||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\nEventThresholdByPercent|clearPercent|setPercent|\nEventThresholdByPercent|setPercent|clearPercent|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "replaceMsgVpnClientProfile",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -14150,19 +19695,19 @@
             "type": "string"
           },
           {
-            "description": "The name of the OAuth Provider.",
+            "description": "The name of the Client Profile.",
             "in": "path",
-            "name": "oauthProviderName",
+            "name": "clientProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The OAuth Provider object's attributes.",
+            "description": "The Client Profile object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProvider"
+              "$ref": "#/definitions/MsgVpnClientProfile"
             }
           },
           {
@@ -14177,9 +19722,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The OAuth Provider object's attributes after being replaced, and the request metadata.",
+            "description": "The Client Profile object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProviderResponse"
+              "$ref": "#/definitions/MsgVpnClientProfileResponse"
             }
           },
           "default": {
@@ -14194,18 +19739,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace an OAuth Provider object.",
+        "summary": "Replace a Client Profile object.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProvider"
+          "clientProfile"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/authorizationGroups": {
+    "/msgVpns/{msgVpnName}/clientUsernames": {
       "get": {
-        "description": "Get a list of Authorization Group objects.\n\nTo use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthorizationGroupName|x|||\nmsgVpnName|x|||\norderAfterAuthorizationGroupName||x||\norderBeforeAuthorizationGroupName||x||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnAuthorizationGroups",
+        "description": "Get a list of Client Username objects.\n\nA client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclientUsername|x|||\nmsgVpnName|x|||\npassword||x||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnClientUsernames",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -14235,9 +19780,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Authorization Group objects' attributes, and the request metadata.",
+            "description": "The list of Client Username objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthorizationGroupsResponse"
+              "$ref": "#/definitions/MsgVpnClientUsernamesResponse"
             }
           },
           "default": {
@@ -14252,16 +19797,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Authorization Group objects.",
+        "summary": "Get a list of Client Username objects.",
         "tags": [
           "all",
           "msgVpn",
-          "authorizationGroup"
+          "clientUsername"
         ]
       },
       "post": {
-        "description": "Create an Authorization Group object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nTo use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nauthorizationGroupName|x|x||||\nmsgVpnName|x||x|||\norderAfterAuthorizationGroupName||||x||\norderBeforeAuthorizationGroupName||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnAuthorizationGroup|orderAfterAuthorizationGroupName||orderBeforeAuthorizationGroupName\nMsgVpnAuthorizationGroup|orderBeforeAuthorizationGroupName||orderAfterAuthorizationGroupName\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "createMsgVpnAuthorizationGroup",
+        "description": "Create a Client Username object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nclientUsername|x|x||||\nmsgVpnName|x||x|||\npassword||||x||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnClientUsername",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -14271,12 +19816,12 @@
             "type": "string"
           },
           {
-            "description": "The Authorization Group object's attributes.",
+            "description": "The Client Username object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthorizationGroup"
+              "$ref": "#/definitions/MsgVpnClientUsername"
             }
           },
           {
@@ -14291,9 +19836,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Authorization Group object's attributes after being created, and the request metadata.",
+            "description": "The Client Username object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthorizationGroupResponse"
+              "$ref": "#/definitions/MsgVpnClientUsernameResponse"
             }
           },
           "default": {
@@ -14308,18 +19853,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create an Authorization Group object.",
+        "summary": "Create a Client Username object.",
         "tags": [
           "all",
           "msgVpn",
-          "authorizationGroup"
+          "clientUsername"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/authorizationGroups/{authorizationGroupName}": {
+    "/msgVpns/{msgVpnName}/clientUsernames/{clientUsername}": {
       "delete": {
-        "description": "Delete an Authorization Group object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nTo use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "deleteMsgVpnAuthorizationGroup",
+        "description": "Delete a Client Username object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnClientUsername",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -14329,9 +19874,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the Authorization Group. For LDAP groups, special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\\#,lab,com'.",
+            "description": "The name of the Client Username.",
             "in": "path",
-            "name": "authorizationGroupName",
+            "name": "clientUsername",
             "required": true,
             "type": "string"
           }
@@ -14358,16 +19903,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete an Authorization Group object.",
+        "summary": "Delete a Client Username object.",
         "tags": [
           "all",
           "msgVpn",
-          "authorizationGroup"
+          "clientUsername"
         ]
       },
       "get": {
-        "description": "Get an Authorization Group object.\n\nTo use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthorizationGroupName|x|||\nmsgVpnName|x|||\norderAfterAuthorizationGroupName||x||\norderBeforeAuthorizationGroupName||x||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnAuthorizationGroup",
+        "description": "Get a Client Username object.\n\nA client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclientUsername|x|||\nmsgVpnName|x|||\npassword||x||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnClientUsername",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -14377,9 +19922,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the Authorization Group. For LDAP groups, special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\\#,lab,com'.",
+            "description": "The name of the Client Username.",
             "in": "path",
-            "name": "authorizationGroupName",
+            "name": "clientUsername",
             "required": true,
             "type": "string"
           },
@@ -14395,9 +19940,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Authorization Group object's attributes, and the request metadata.",
+            "description": "The Client Username object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthorizationGroupResponse"
+              "$ref": "#/definitions/MsgVpnClientUsernameResponse"
             }
           },
           "default": {
@@ -14412,16 +19957,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get an Authorization Group object.",
+        "summary": "Get a Client Username object.",
         "tags": [
           "all",
           "msgVpn",
-          "authorizationGroup"
+          "clientUsername"
         ]
       },
       "patch": {
-        "description": "Update an Authorization Group object. Any attribute missing from the request will be left unchanged.\n\nTo use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName||||x||\nauthorizationGroupName|x|x||||\nclientProfileName||||x||\nmsgVpnName|x|x||||\norderAfterAuthorizationGroupName|||x|||\norderBeforeAuthorizationGroupName|||x|||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnAuthorizationGroup|orderAfterAuthorizationGroupName||orderBeforeAuthorizationGroupName\nMsgVpnAuthorizationGroup|orderBeforeAuthorizationGroupName||orderAfterAuthorizationGroupName\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "updateMsgVpnAuthorizationGroup",
+        "description": "Update a Client Username object. Any attribute missing from the request will be left unchanged.\n\nA client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\naclProfileName|||||x||\nclientProfileName|||||x||\nclientUsername|x|x|||||\nmsgVpnName|x|x|||||\npassword|||x||||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "updateMsgVpnClientUsername",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -14431,19 +19976,19 @@
             "type": "string"
           },
           {
-            "description": "The name of the Authorization Group. For LDAP groups, special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\\#,lab,com'.",
+            "description": "The name of the Client Username.",
             "in": "path",
-            "name": "authorizationGroupName",
+            "name": "clientUsername",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Authorization Group object's attributes.",
+            "description": "The Client Username object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthorizationGroup"
+              "$ref": "#/definitions/MsgVpnClientUsername"
             }
           },
           {
@@ -14458,9 +20003,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Authorization Group object's attributes after being updated, and the request metadata.",
+            "description": "The Client Username object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthorizationGroupResponse"
+              "$ref": "#/definitions/MsgVpnClientUsernameResponse"
             }
           },
           "default": {
@@ -14475,16 +20020,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update an Authorization Group object.",
+        "summary": "Update a Client Username object.",
         "tags": [
           "all",
           "msgVpn",
-          "authorizationGroup"
+          "clientUsername"
         ]
       },
       "put": {
-        "description": "Replace an Authorization Group object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nTo use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName||||x||\nauthorizationGroupName|x|x||||\nclientProfileName||||x||\nmsgVpnName|x|x||||\norderAfterAuthorizationGroupName|||x|||\norderBeforeAuthorizationGroupName|||x|||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnAuthorizationGroup|orderAfterAuthorizationGroupName||orderBeforeAuthorizationGroupName\nMsgVpnAuthorizationGroup|orderBeforeAuthorizationGroupName||orderAfterAuthorizationGroupName\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "replaceMsgVpnAuthorizationGroup",
+        "description": "Replace a Client Username object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\naclProfileName||||||x||\nclientProfileName||||||x||\nclientUsername|x||x|||||\nmsgVpnName|x||x|||||\npassword||||x||||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "replaceMsgVpnClientUsername",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -14494,19 +20039,19 @@
             "type": "string"
           },
           {
-            "description": "The name of the Authorization Group. For LDAP groups, special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\\#,lab,com'.",
+            "description": "The name of the Client Username.",
             "in": "path",
-            "name": "authorizationGroupName",
+            "name": "clientUsername",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Authorization Group object's attributes.",
+            "description": "The Client Username object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthorizationGroup"
+              "$ref": "#/definitions/MsgVpnClientUsername"
             }
           },
           {
@@ -14521,9 +20066,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Authorization Group object's attributes after being replaced, and the request metadata.",
+            "description": "The Client Username object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthorizationGroupResponse"
+              "$ref": "#/definitions/MsgVpnClientUsernameResponse"
             }
           },
           "default": {
@@ -14538,18 +20083,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace an Authorization Group object.",
+        "summary": "Replace a Client Username object.",
         "tags": [
           "all",
           "msgVpn",
-          "authorizationGroup"
+          "clientUsername"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/bridges": {
+    "/msgVpns/{msgVpnName}/clientUsernames/{clientUsername}/attributes": {
       "get": {
-        "description": "Get a list of Bridge objects.\n\nBridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridgeName|x|||\nbridgeVirtualRouter|x|||\nmsgVpnName|x|||\nremoteAuthenticationBasicPassword||x||x\nremoteAuthenticationClientCertContent||x||x\nremoteAuthenticationClientCertPassword||x||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnBridges",
+        "description": "Get a list of Client Username Attribute objects.\n\nA ClientUsername Attribute is a key+value pair that can be used to locate a client username, for example when using client certificate mapping.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nattributeName|x|||\nattributeValue|x|||\nclientUsername|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "getMsgVpnClientUsernameAttributes",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -14558,6 +20103,13 @@
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The name of the Client Username.",
+            "in": "path",
+            "name": "clientUsername",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -14579,9 +20131,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Bridge objects' attributes, and the request metadata.",
+            "description": "The list of Client Username Attribute objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgesResponse"
+              "$ref": "#/definitions/MsgVpnClientUsernameAttributesResponse"
             }
           },
           "default": {
@@ -14596,16 +20148,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Bridge objects.",
+        "summary": "Get a list of Client Username Attribute objects.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "clientUsername"
         ]
       },
       "post": {
-        "description": "Create a Bridge object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nBridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nbridgeName|x|x||||\nbridgeVirtualRouter|x|x||||\nmsgVpnName|x||x|||\nremoteAuthenticationBasicPassword||||x||x\nremoteAuthenticationClientCertContent||||x||x\nremoteAuthenticationClientCertPassword||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnBridge|remoteAuthenticationBasicClientUsername|remoteAuthenticationBasicPassword|\nMsgVpnBridge|remoteAuthenticationBasicPassword|remoteAuthenticationBasicClientUsername|\nMsgVpnBridge|remoteAuthenticationClientCertPassword|remoteAuthenticationClientCertContent|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "createMsgVpnBridge",
+        "description": "Create a Client Username Attribute object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA ClientUsername Attribute is a key+value pair that can be used to locate a client username, for example when using client certificate mapping.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nattributeName|x|x||||\nattributeValue|x|x||||\nclientUsername|x||x|||\nmsgVpnName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "createMsgVpnClientUsernameAttribute",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -14615,12 +20167,19 @@
             "type": "string"
           },
           {
-            "description": "The Bridge object's attributes.",
+            "description": "The name of the Client Username.",
+            "in": "path",
+            "name": "clientUsername",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Client Username Attribute object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridge"
+              "$ref": "#/definitions/MsgVpnClientUsernameAttribute"
             }
           },
           {
@@ -14635,9 +20194,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Bridge object's attributes after being created, and the request metadata.",
+            "description": "The Client Username Attribute object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeResponse"
+              "$ref": "#/definitions/MsgVpnClientUsernameAttributeResponse"
             }
           },
           "default": {
@@ -14652,18 +20211,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Bridge object.",
+        "summary": "Create a Client Username Attribute object.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "clientUsername"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}": {
+    "/msgVpns/{msgVpnName}/clientUsernames/{clientUsername}/attributes/{attributeName},{attributeValue}": {
       "delete": {
-        "description": "Delete a Bridge object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nBridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "deleteMsgVpnBridge",
+        "description": "Delete a Client Username Attribute object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA ClientUsername Attribute is a key+value pair that can be used to locate a client username, for example when using client certificate mapping.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "deleteMsgVpnClientUsernameAttribute",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -14673,16 +20232,23 @@
             "type": "string"
           },
           {
-            "description": "The name of the Bridge.",
+            "description": "The name of the Client Username.",
             "in": "path",
-            "name": "bridgeName",
+            "name": "clientUsername",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The virtual router of the Bridge.",
+            "description": "The name of the Attribute.",
             "in": "path",
-            "name": "bridgeVirtualRouter",
+            "name": "attributeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The value of the Attribute.",
+            "in": "path",
+            "name": "attributeValue",
             "required": true,
             "type": "string"
           }
@@ -14709,16 +20275,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Bridge object.",
+        "summary": "Delete a Client Username Attribute object.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "clientUsername"
         ]
       },
       "get": {
-        "description": "Get a Bridge object.\n\nBridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridgeName|x|||\nbridgeVirtualRouter|x|||\nmsgVpnName|x|||\nremoteAuthenticationBasicPassword||x||x\nremoteAuthenticationClientCertContent||x||x\nremoteAuthenticationClientCertPassword||x||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnBridge",
+        "description": "Get a Client Username Attribute object.\n\nA ClientUsername Attribute is a key+value pair that can be used to locate a client username, for example when using client certificate mapping.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nattributeName|x|||\nattributeValue|x|||\nclientUsername|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "getMsgVpnClientUsernameAttribute",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -14728,16 +20294,23 @@
             "type": "string"
           },
           {
-            "description": "The name of the Bridge.",
+            "description": "The name of the Client Username.",
             "in": "path",
-            "name": "bridgeName",
+            "name": "clientUsername",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The virtual router of the Bridge.",
+            "description": "The name of the Attribute.",
             "in": "path",
-            "name": "bridgeVirtualRouter",
+            "name": "attributeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The value of the Attribute.",
+            "in": "path",
+            "name": "attributeValue",
             "required": true,
             "type": "string"
           },
@@ -14753,9 +20326,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Bridge object's attributes, and the request metadata.",
+            "description": "The Client Username Attribute object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeResponse"
+              "$ref": "#/definitions/MsgVpnClientUsernameAttributeResponse"
             }
           },
           "default": {
@@ -14770,16 +20343,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Bridge object.",
+        "summary": "Get a Client Username Attribute object.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "clientUsername"
         ]
-      },
-      "patch": {
-        "description": "Update a Bridge object. Any attribute missing from the request will be left unchanged.\n\nBridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nbridgeName|x|x||||\nbridgeVirtualRouter|x|x||||\nmaxTtl||||x||\nmsgVpnName|x|x||||\nremoteAuthenticationBasicClientUsername||||x||\nremoteAuthenticationBasicPassword|||x|x||x\nremoteAuthenticationClientCertContent|||x|x||x\nremoteAuthenticationClientCertPassword|||x|x||\nremoteAuthenticationScheme||||x||\nremoteDeliverToOnePriority||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnBridge|remoteAuthenticationBasicClientUsername|remoteAuthenticationBasicPassword|\nMsgVpnBridge|remoteAuthenticationBasicPassword|remoteAuthenticationBasicClientUsername|\nMsgVpnBridge|remoteAuthenticationClientCertPassword|remoteAuthenticationClientCertContent|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "updateMsgVpnBridge",
+      }
+    },
+    "/msgVpns/{msgVpnName}/distributedCaches": {
+      "get": {
+        "description": "Get a list of Distributed Cache objects.\n\nA Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCaches",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -14789,26 +20364,68 @@
             "type": "string"
           },
           {
-            "description": "The name of the Bridge.",
-            "in": "path",
-            "name": "bridgeName",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/countQuery"
           },
           {
-            "description": "The virtual router of the Bridge.",
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Distributed Cache objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCachesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Distributed Cache objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ]
+      },
+      "post": {
+        "description": "Create a Distributed Cache object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x|x||||\nmsgVpnName|x||x|||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnDistributedCache|scheduledDeleteMsgDayList|scheduledDeleteMsgTimeList|\nMsgVpnDistributedCache|scheduledDeleteMsgTimeList|scheduledDeleteMsgDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "createMsgVpnDistributedCache",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "bridgeVirtualRouter",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Bridge object's attributes.",
+            "description": "The Distributed Cache object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridge"
+              "$ref": "#/definitions/MsgVpnDistributedCache"
             }
           },
           {
@@ -14823,9 +20440,59 @@
         ],
         "responses": {
           "200": {
-            "description": "The Bridge object's attributes after being updated, and the request metadata.",
+            "description": "The Distributed Cache object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Distributed Cache object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ]
+      }
+    },
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}": {
+      "delete": {
+        "description": "Delete a Distributed Cache object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "deleteMsgVpnDistributedCache",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -14840,16 +20507,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a Bridge object.",
+        "summary": "Delete a Distributed Cache object.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "distributedCache"
         ]
       },
-      "put": {
-        "description": "Replace a Bridge object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nBridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nbridgeName|x|x||||\nbridgeVirtualRouter|x|x||||\nmaxTtl||||x||\nmsgVpnName|x|x||||\nremoteAuthenticationBasicClientUsername||||x||\nremoteAuthenticationBasicPassword|||x|x||x\nremoteAuthenticationClientCertContent|||x|x||x\nremoteAuthenticationClientCertPassword|||x|x||\nremoteAuthenticationScheme||||x||\nremoteDeliverToOnePriority||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnBridge|remoteAuthenticationBasicClientUsername|remoteAuthenticationBasicPassword|\nMsgVpnBridge|remoteAuthenticationBasicPassword|remoteAuthenticationBasicClientUsername|\nMsgVpnBridge|remoteAuthenticationClientCertPassword|remoteAuthenticationClientCertContent|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "replaceMsgVpnBridge",
+      "get": {
+        "description": "Get a Distributed Cache object.\n\nA Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCache",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -14859,28 +20526,12 @@
             "type": "string"
           },
           {
-            "description": "The name of the Bridge.",
-            "in": "path",
-            "name": "bridgeName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The virtual router of the Bridge.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "bridgeVirtualRouter",
+            "name": "cacheName",
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The Bridge object's attributes.",
-            "in": "body",
-            "name": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnBridge"
-            }
-          },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
@@ -14893,9 +20544,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Bridge object's attributes after being replaced, and the request metadata.",
+            "description": "The Distributed Cache object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheResponse"
             }
           },
           "default": {
@@ -14910,18 +20561,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace a Bridge object.",
+        "summary": "Get a Distributed Cache object.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "distributedCache"
         ]
-      }
-    },
-    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/remoteMsgVpns": {
-      "get": {
-        "description": "Get a list of Remote Message VPN objects.\n\nThe Remote Message VPN is the Message VPN that the Bridge connects to.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridgeName|x|||\nbridgeVirtualRouter|x|||\nmsgVpnName|x|||\npassword||x||x\nremoteMsgVpnInterface|x|||\nremoteMsgVpnLocation|x|||\nremoteMsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnBridgeRemoteMsgVpns",
+      },
+      "patch": {
+        "description": "Update a Distributed Cache object. Any attribute missing from the request will be left unchanged.\n\nA Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\ncacheName|x|x|||||\ncacheVirtualRouter||x|||||\nmsgVpnName|x|x|||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnDistributedCache|scheduledDeleteMsgDayList|scheduledDeleteMsgTimeList|\nMsgVpnDistributedCache|scheduledDeleteMsgTimeList|scheduledDeleteMsgDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "updateMsgVpnDistributedCache",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -14931,25 +20580,24 @@
             "type": "string"
           },
           {
-            "description": "The name of the Bridge.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "bridgeName",
+            "name": "cacheName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The virtual router of the Bridge.",
-            "in": "path",
-            "name": "bridgeVirtualRouter",
+            "description": "The Distributed Cache object's attributes.",
+            "in": "body",
+            "name": "body",
             "required": true,
-            "type": "string"
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCache"
+            }
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
-          {
-            "$ref": "#/parameters/whereQuery"
-          },
           {
             "$ref": "#/parameters/selectQuery"
           }
@@ -14959,9 +20607,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Remote Message VPN objects' attributes, and the request metadata.",
+            "description": "The Distributed Cache object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpnsResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheResponse"
             }
           },
           "default": {
@@ -14976,16 +20624,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Remote Message VPN objects.",
+        "summary": "Update a Distributed Cache object.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "distributedCache"
         ]
       },
-      "post": {
-        "description": "Create a Remote Message VPN object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe Remote Message VPN is the Message VPN that the Bridge connects to.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nbridgeName|x||x|||\nbridgeVirtualRouter|x||x|||\nmsgVpnName|x||x|||\npassword||||x||x\nremoteMsgVpnInterface|x|||||\nremoteMsgVpnLocation|x|x||||\nremoteMsgVpnName|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnBridgeRemoteMsgVpn|clientUsername|password|\nMsgVpnBridgeRemoteMsgVpn|password|clientUsername|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "createMsgVpnBridgeRemoteMsgVpn",
+      "put": {
+        "description": "Replace a Distributed Cache object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\ncacheName|x||x|||||\ncacheVirtualRouter||x||||||\nmsgVpnName|x||x|||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnDistributedCache|scheduledDeleteMsgDayList|scheduledDeleteMsgTimeList|\nMsgVpnDistributedCache|scheduledDeleteMsgTimeList|scheduledDeleteMsgDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "replaceMsgVpnDistributedCache",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -14995,26 +20643,19 @@
             "type": "string"
           },
           {
-            "description": "The name of the Bridge.",
-            "in": "path",
-            "name": "bridgeName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The virtual router of the Bridge.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "bridgeVirtualRouter",
+            "name": "cacheName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Remote Message VPN object's attributes.",
+            "description": "The Distributed Cache object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpn"
+              "$ref": "#/definitions/MsgVpnDistributedCache"
             }
           },
           {
@@ -15029,9 +20670,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Remote Message VPN object's attributes after being created, and the request metadata.",
+            "description": "The Distributed Cache object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpnResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheResponse"
             }
           },
           "default": {
@@ -15046,18 +20687,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Remote Message VPN object.",
+        "summary": "Replace a Distributed Cache object.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "distributedCache"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/remoteMsgVpns/{remoteMsgVpnName},{remoteMsgVpnLocation},{remoteMsgVpnInterface}": {
-      "delete": {
-        "description": "Delete a Remote Message VPN object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe Remote Message VPN is the Message VPN that the Bridge connects to.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "deleteMsgVpnBridgeRemoteMsgVpn",
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters": {
+      "get": {
+        "description": "Get a list of Cache Cluster objects.\n\nA Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusters",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -15067,39 +20708,26 @@
             "type": "string"
           },
           {
-            "description": "The name of the Bridge.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "bridgeName",
+            "name": "cacheName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The virtual router of the Bridge.",
-            "in": "path",
-            "name": "bridgeVirtualRouter",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/countQuery"
           },
           {
-            "description": "The name of the remote Message VPN.",
-            "in": "path",
-            "name": "remoteMsgVpnName",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/cursorQuery"
           },
           {
-            "description": "The location of the remote Message VPN as either an FQDN with port, IP address with port, or virtual router name (starting with \"v:\").",
-            "in": "path",
-            "name": "remoteMsgVpnLocation",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/opaquePasswordQuery"
           },
           {
-            "description": "The physical interface on the local Message VPN host for connecting to the remote Message VPN. By default, an interface is chosen automatically (recommended), but if specified, `remoteMsgVpnLocation` must not be a virtual router name.",
-            "in": "path",
-            "name": "remoteMsgVpnInterface",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -15107,9 +20735,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The request metadata.",
+            "description": "The list of Cache Cluster objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClustersResponse"
             }
           },
           "default": {
@@ -15124,16 +20752,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Remote Message VPN object.",
+        "summary": "Get a list of Cache Cluster objects.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "distributedCache"
         ]
       },
-      "get": {
-        "description": "Get a Remote Message VPN object.\n\nThe Remote Message VPN is the Message VPN that the Bridge connects to.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridgeName|x|||\nbridgeVirtualRouter|x|||\nmsgVpnName|x|||\npassword||x||x\nremoteMsgVpnInterface|x|||\nremoteMsgVpnLocation|x|||\nremoteMsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnBridgeRemoteMsgVpn",
+      "post": {
+        "description": "Create a Cache Cluster object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x||x|||\nclusterName|x|x||||\nmsgVpnName|x||x|||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThresholdByPercent|clearPercent|setPercent|\nEventThresholdByPercent|setPercent|clearPercent|\nEventThresholdByValue|clearValue|setValue|\nEventThresholdByValue|setValue|clearValue|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "createMsgVpnDistributedCacheCluster",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -15143,39 +20771,20 @@
             "type": "string"
           },
           {
-            "description": "The name of the Bridge.",
-            "in": "path",
-            "name": "bridgeName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The virtual router of the Bridge.",
-            "in": "path",
-            "name": "bridgeVirtualRouter",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the remote Message VPN.",
-            "in": "path",
-            "name": "remoteMsgVpnName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The location of the remote Message VPN as either an FQDN with port, IP address with port, or virtual router name (starting with \"v:\").",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "remoteMsgVpnLocation",
+            "name": "cacheName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The physical interface on the local Message VPN host for connecting to the remote Message VPN. By default, an interface is chosen automatically (recommended), but if specified, `remoteMsgVpnLocation` must not be a virtual router name.",
-            "in": "path",
-            "name": "remoteMsgVpnInterface",
+            "description": "The Cache Cluster object's attributes.",
+            "in": "body",
+            "name": "body",
             "required": true,
-            "type": "string"
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheCluster"
+            }
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -15189,9 +20798,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Remote Message VPN object's attributes, and the request metadata.",
+            "description": "The Cache Cluster object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpnResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterResponse"
             }
           },
           "default": {
@@ -15206,16 +20815,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Remote Message VPN object.",
+        "summary": "Create a Cache Cluster object.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "distributedCache"
         ]
-      },
-      "patch": {
-        "description": "Update a Remote Message VPN object. Any attribute missing from the request will be left unchanged.\n\nThe Remote Message VPN is the Message VPN that the Bridge connects to.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nbridgeName|x|x||||\nbridgeVirtualRouter|x|x||||\nclientUsername||||x||\ncompressedDataEnabled||||x||\negressFlowWindowSize||||x||\nmsgVpnName|x|x||||\npassword|||x|x||x\nremoteMsgVpnInterface|x|x||||\nremoteMsgVpnLocation|x|x||||\nremoteMsgVpnName|x|x||||\ntlsEnabled||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnBridgeRemoteMsgVpn|clientUsername|password|\nMsgVpnBridgeRemoteMsgVpn|password|clientUsername|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "updateMsgVpnBridgeRemoteMsgVpn",
+      }
+    },
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}": {
+      "delete": {
+        "description": "Delete a Cache Cluster object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "deleteMsgVpnDistributedCacheCluster",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -15225,54 +20836,18 @@
             "type": "string"
           },
           {
-            "description": "The name of the Bridge.",
-            "in": "path",
-            "name": "bridgeName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The virtual router of the Bridge.",
-            "in": "path",
-            "name": "bridgeVirtualRouter",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the remote Message VPN.",
-            "in": "path",
-            "name": "remoteMsgVpnName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The location of the remote Message VPN as either an FQDN with port, IP address with port, or virtual router name (starting with \"v:\").",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "remoteMsgVpnLocation",
+            "name": "cacheName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The physical interface on the local Message VPN host for connecting to the remote Message VPN. By default, an interface is chosen automatically (recommended), but if specified, `remoteMsgVpnLocation` must not be a virtual router name.",
+            "description": "The name of the Cache Cluster.",
             "in": "path",
-            "name": "remoteMsgVpnInterface",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The Remote Message VPN object's attributes.",
-            "in": "body",
-            "name": "body",
+            "name": "clusterName",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpn"
-            }
-          },
-          {
-            "$ref": "#/parameters/opaquePasswordQuery"
-          },
-          {
-            "$ref": "#/parameters/selectQuery"
+            "type": "string"
           }
         ],
         "produces": [
@@ -15280,9 +20855,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Remote Message VPN object's attributes after being updated, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpnResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -15297,16 +20872,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a Remote Message VPN object.",
+        "summary": "Delete a Cache Cluster object.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "distributedCache"
         ]
       },
-      "put": {
-        "description": "Replace a Remote Message VPN object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nThe Remote Message VPN is the Message VPN that the Bridge connects to.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nbridgeName|x|x||||\nbridgeVirtualRouter|x|x||||\nclientUsername||||x||\ncompressedDataEnabled||||x||\negressFlowWindowSize||||x||\nmsgVpnName|x|x||||\npassword|||x|x||x\nremoteMsgVpnInterface|x|x||||\nremoteMsgVpnLocation|x|x||||\nremoteMsgVpnName|x|x||||\ntlsEnabled||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnBridgeRemoteMsgVpn|clientUsername|password|\nMsgVpnBridgeRemoteMsgVpn|password|clientUsername|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "replaceMsgVpnBridgeRemoteMsgVpn",
+      "get": {
+        "description": "Get a Cache Cluster object.\n\nA Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheCluster",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -15316,49 +20891,19 @@
             "type": "string"
           },
           {
-            "description": "The name of the Bridge.",
-            "in": "path",
-            "name": "bridgeName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The virtual router of the Bridge.",
-            "in": "path",
-            "name": "bridgeVirtualRouter",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the remote Message VPN.",
-            "in": "path",
-            "name": "remoteMsgVpnName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The location of the remote Message VPN as either an FQDN with port, IP address with port, or virtual router name (starting with \"v:\").",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "remoteMsgVpnLocation",
+            "name": "cacheName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The physical interface on the local Message VPN host for connecting to the remote Message VPN. By default, an interface is chosen automatically (recommended), but if specified, `remoteMsgVpnLocation` must not be a virtual router name.",
+            "description": "The name of the Cache Cluster.",
             "in": "path",
-            "name": "remoteMsgVpnInterface",
+            "name": "clusterName",
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The Remote Message VPN object's attributes.",
-            "in": "body",
-            "name": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpn"
-            }
-          },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
@@ -15371,9 +20916,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Remote Message VPN object's attributes after being replaced, and the request metadata.",
+            "description": "The Cache Cluster object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpnResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterResponse"
             }
           },
           "default": {
@@ -15388,18 +20933,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace a Remote Message VPN object.",
+        "summary": "Get a Cache Cluster object.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "distributedCache"
         ]
-      }
-    },
-    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/remoteSubscriptions": {
-      "get": {
-        "description": "Get a list of Remote Subscription objects.\n\nA Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridgeName|x|||\nbridgeVirtualRouter|x|||\nmsgVpnName|x|||\nremoteSubscriptionTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnBridgeRemoteSubscriptions",
+      },
+      "patch": {
+        "description": "Update a Cache Cluster object. Any attribute missing from the request will be left unchanged.\n\nA Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\ncacheName|x|x|||||\nclusterName|x|x|||||\ndeliverToOneOverrideEnabled|||||x||\nmsgVpnName|x|x|||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThresholdByPercent|clearPercent|setPercent|\nEventThresholdByPercent|setPercent|clearPercent|\nEventThresholdByValue|clearValue|setValue|\nEventThresholdByValue|setValue|clearValue|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "updateMsgVpnDistributedCacheCluster",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -15409,31 +20952,31 @@
             "type": "string"
           },
           {
-            "description": "The name of the Bridge.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "bridgeName",
+            "name": "cacheName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The virtual router of the Bridge.",
+            "description": "The name of the Cache Cluster.",
             "in": "path",
-            "name": "bridgeVirtualRouter",
+            "name": "clusterName",
             "required": true,
             "type": "string"
           },
           {
-            "$ref": "#/parameters/countQuery"
-          },
-          {
-            "$ref": "#/parameters/cursorQuery"
+            "description": "The Cache Cluster object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheCluster"
+            }
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
-          {
-            "$ref": "#/parameters/whereQuery"
-          },
           {
             "$ref": "#/parameters/selectQuery"
           }
@@ -15443,9 +20986,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Remote Subscription objects' attributes, and the request metadata.",
+            "description": "The Cache Cluster object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeRemoteSubscriptionsResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterResponse"
             }
           },
           "default": {
@@ -15460,16 +21003,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Remote Subscription objects.",
+        "summary": "Update a Cache Cluster object.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "distributedCache"
         ]
       },
-      "post": {
-        "description": "Create a Remote Subscription object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nbridgeName|x||x|||\nbridgeVirtualRouter|x||x|||\ndeliverAlwaysEnabled||x||||\nmsgVpnName|x||x|||\nremoteSubscriptionTopic|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "createMsgVpnBridgeRemoteSubscription",
+      "put": {
+        "description": "Replace a Cache Cluster object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\ncacheName|x||x|||||\nclusterName|x||x|||||\ndeliverToOneOverrideEnabled||||||x||\nmsgVpnName|x||x|||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThresholdByPercent|clearPercent|setPercent|\nEventThresholdByPercent|setPercent|clearPercent|\nEventThresholdByValue|clearValue|setValue|\nEventThresholdByValue|setValue|clearValue|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "replaceMsgVpnDistributedCacheCluster",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -15479,26 +21022,26 @@
             "type": "string"
           },
           {
-            "description": "The name of the Bridge.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "bridgeName",
+            "name": "cacheName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The virtual router of the Bridge.",
+            "description": "The name of the Cache Cluster.",
             "in": "path",
-            "name": "bridgeVirtualRouter",
+            "name": "clusterName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Remote Subscription object's attributes.",
+            "description": "The Cache Cluster object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeRemoteSubscription"
+              "$ref": "#/definitions/MsgVpnDistributedCacheCluster"
             }
           },
           {
@@ -15513,9 +21056,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Remote Subscription object's attributes after being created, and the request metadata.",
+            "description": "The Cache Cluster object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeRemoteSubscriptionResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterResponse"
             }
           },
           "default": {
@@ -15530,18 +21073,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Remote Subscription object.",
+        "summary": "Replace a Cache Cluster object.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "distributedCache"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/remoteSubscriptions/{remoteSubscriptionTopic}": {
-      "delete": {
-        "description": "Delete a Remote Subscription object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "deleteMsgVpnBridgeRemoteSubscription",
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/globalCachingHomeClusters": {
+      "get": {
+        "description": "Get a list of Home Cache Cluster objects.\n\nA Home Cache Cluster is a Cache Cluster that is the \"definitive\" Cache Cluster for a given topic in the context of the Global Caching feature.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\nhomeClusterName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterGlobalCachingHomeClusters",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -15551,25 +21094,33 @@
             "type": "string"
           },
           {
-            "description": "The name of the Bridge.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "bridgeName",
+            "name": "cacheName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The virtual router of the Bridge.",
+            "description": "The name of the Cache Cluster.",
             "in": "path",
-            "name": "bridgeVirtualRouter",
+            "name": "clusterName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The topic of the Bridge remote subscription.",
-            "in": "path",
-            "name": "remoteSubscriptionTopic",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -15577,9 +21128,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The request metadata.",
+            "description": "The list of Home Cache Cluster objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClustersResponse"
             }
           },
           "default": {
@@ -15594,16 +21145,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Remote Subscription object.",
+        "summary": "Get a list of Home Cache Cluster objects.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "distributedCache"
         ]
       },
-      "get": {
-        "description": "Get a Remote Subscription object.\n\nA Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridgeName|x|||\nbridgeVirtualRouter|x|||\nmsgVpnName|x|||\nremoteSubscriptionTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnBridgeRemoteSubscription",
+      "post": {
+        "description": "Create a Home Cache Cluster object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Home Cache Cluster is a Cache Cluster that is the \"definitive\" Cache Cluster for a given topic in the context of the Global Caching feature.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x||x|||\nclusterName|x||x|||\nhomeClusterName|x|x||||\nmsgVpnName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "createMsgVpnDistributedCacheClusterGlobalCachingHomeCluster",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -15613,25 +21164,27 @@
             "type": "string"
           },
           {
-            "description": "The name of the Bridge.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "bridgeName",
+            "name": "cacheName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The virtual router of the Bridge.",
+            "description": "The name of the Cache Cluster.",
             "in": "path",
-            "name": "bridgeVirtualRouter",
+            "name": "clusterName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The topic of the Bridge remote subscription.",
-            "in": "path",
-            "name": "remoteSubscriptionTopic",
+            "description": "The Home Cache Cluster object's attributes.",
+            "in": "body",
+            "name": "body",
             "required": true,
-            "type": "string"
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeCluster"
+            }
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -15645,9 +21198,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Remote Subscription object's attributes, and the request metadata.",
+            "description": "The Home Cache Cluster object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeRemoteSubscriptionResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterResponse"
             }
           },
           "default": {
@@ -15662,19 +21215,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Remote Subscription object.",
+        "summary": "Create a Home Cache Cluster object.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "distributedCache"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/tlsTrustedCommonNames": {
-      "get": {
-        "deprecated": true,
-        "description": "Get a list of Trusted Common Name objects.\n\nThe Trusted Common Names for the Bridge are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridgeName|x||x|\nbridgeVirtualRouter|x||x|\nmsgVpnName|x||x|\ntlsTrustedCommonName|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
-        "operationId": "getMsgVpnBridgeTlsTrustedCommonNames",
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/globalCachingHomeClusters/{homeClusterName}": {
+      "delete": {
+        "description": "Delete a Home Cache Cluster object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Home Cache Cluster is a Cache Cluster that is the \"definitive\" Cache Cluster for a given topic in the context of the Global Caching feature.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "deleteMsgVpnDistributedCacheClusterGlobalCachingHomeCluster",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -15684,27 +21236,25 @@
             "type": "string"
           },
           {
-            "description": "The name of the Bridge.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "bridgeName",
+            "name": "cacheName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The virtual router of the Bridge.",
+            "description": "The name of the Cache Cluster.",
             "in": "path",
-            "name": "bridgeVirtualRouter",
+            "name": "clusterName",
             "required": true,
             "type": "string"
           },
           {
-            "$ref": "#/parameters/opaquePasswordQuery"
-          },
-          {
-            "$ref": "#/parameters/whereQuery"
-          },
-          {
-            "$ref": "#/parameters/selectQuery"
+            "description": "The name of the remote Home Cache Cluster.",
+            "in": "path",
+            "name": "homeClusterName",
+            "required": true,
+            "type": "string"
           }
         ],
         "produces": [
@@ -15712,9 +21262,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Trusted Common Name objects' attributes, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeTlsTrustedCommonNamesResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -15729,17 +21279,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Trusted Common Name objects.",
+        "summary": "Delete a Home Cache Cluster object.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "distributedCache"
         ]
       },
-      "post": {
-        "deprecated": true,
-        "description": "Create a Trusted Common Name object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe Trusted Common Names for the Bridge are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nbridgeName|x||x||x|\nbridgeVirtualRouter|x||x||x|\nmsgVpnName|x||x||x|\ntlsTrustedCommonName|x|x|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
-        "operationId": "createMsgVpnBridgeTlsTrustedCommonName",
+      "get": {
+        "description": "Get a Home Cache Cluster object.\n\nA Home Cache Cluster is a Cache Cluster that is the \"definitive\" Cache Cluster for a given topic in the context of the Global Caching feature.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\nhomeClusterName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterGlobalCachingHomeCluster",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -15749,27 +21298,25 @@
             "type": "string"
           },
           {
-            "description": "The name of the Bridge.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "bridgeName",
+            "name": "cacheName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The virtual router of the Bridge.",
+            "description": "The name of the Cache Cluster.",
             "in": "path",
-            "name": "bridgeVirtualRouter",
+            "name": "clusterName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Trusted Common Name object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The name of the remote Home Cache Cluster.",
+            "in": "path",
+            "name": "homeClusterName",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeTlsTrustedCommonName"
-            }
+            "type": "string"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -15783,9 +21330,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Trusted Common Name object's attributes after being created, and the request metadata.",
+            "description": "The Home Cache Cluster object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeTlsTrustedCommonNameResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterResponse"
             }
           },
           "default": {
@@ -15800,19 +21347,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Trusted Common Name object.",
+        "summary": "Get a Home Cache Cluster object.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "distributedCache"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/tlsTrustedCommonNames/{tlsTrustedCommonName}": {
-      "delete": {
-        "deprecated": true,
-        "description": "Delete a Trusted Common Name object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe Trusted Common Names for the Bridge are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
-        "operationId": "deleteMsgVpnBridgeTlsTrustedCommonName",
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/globalCachingHomeClusters/{homeClusterName}/topicPrefixes": {
+      "get": {
+        "description": "Get a list of Topic Prefix objects.\n\nA Topic Prefix is a prefix for a global topic that is available from the containing Home Cache Cluster.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\nhomeClusterName|x|||\nmsgVpnName|x|||\ntopicPrefix|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefixes",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -15822,25 +21368,40 @@
             "type": "string"
           },
           {
-            "description": "The name of the Bridge.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "bridgeName",
+            "name": "cacheName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The virtual router of the Bridge.",
+            "description": "The name of the Cache Cluster.",
             "in": "path",
-            "name": "bridgeVirtualRouter",
+            "name": "clusterName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The expected trusted common name of the remote certificate.",
+            "description": "The name of the remote Home Cache Cluster.",
             "in": "path",
-            "name": "tlsTrustedCommonName",
+            "name": "homeClusterName",
             "required": true,
             "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -15848,9 +21409,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The request metadata.",
+            "description": "The list of Topic Prefix objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefixesResponse"
             }
           },
           "default": {
@@ -15865,17 +21426,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Trusted Common Name object.",
+        "summary": "Get a list of Topic Prefix objects.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "distributedCache"
         ]
       },
-      "get": {
-        "deprecated": true,
-        "description": "Get a Trusted Common Name object.\n\nThe Trusted Common Names for the Bridge are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridgeName|x||x|\nbridgeVirtualRouter|x||x|\nmsgVpnName|x||x|\ntlsTrustedCommonName|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
-        "operationId": "getMsgVpnBridgeTlsTrustedCommonName",
+      "post": {
+        "description": "Create a Topic Prefix object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Topic Prefix is a prefix for a global topic that is available from the containing Home Cache Cluster.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x||x|||\nclusterName|x||x|||\nhomeClusterName|x||x|||\nmsgVpnName|x||x|||\ntopicPrefix|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "createMsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefix",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -15885,26 +21445,35 @@
             "type": "string"
           },
           {
-            "description": "The name of the Bridge.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "bridgeName",
+            "name": "cacheName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The virtual router of the Bridge.",
+            "description": "The name of the Cache Cluster.",
             "in": "path",
-            "name": "bridgeVirtualRouter",
+            "name": "clusterName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The expected trusted common name of the remote certificate.",
+            "description": "The name of the remote Home Cache Cluster.",
             "in": "path",
-            "name": "tlsTrustedCommonName",
+            "name": "homeClusterName",
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The Topic Prefix object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefix"
+            }
+          },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
@@ -15917,9 +21486,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Trusted Common Name object's attributes, and the request metadata.",
+            "description": "The Topic Prefix object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeTlsTrustedCommonNameResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefixResponse"
             }
           },
           "default": {
@@ -15934,18 +21503,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Trusted Common Name object.",
+        "summary": "Create a Topic Prefix object.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "distributedCache"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/clientProfiles": {
-      "get": {
-        "description": "Get a list of Client Profile objects.\n\nClient Profiles are used to assign common configuration properties to clients that have been successfully authorized.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nallowCutThroughForwardingEnabled|||x|\napiQueueManagementCopyFromOnCreateName|||x|\napiTopicEndpointManagementCopyFromOnCreateName|||x|\nclientProfileName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnClientProfiles",
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/globalCachingHomeClusters/{homeClusterName}/topicPrefixes/{topicPrefix}": {
+      "delete": {
+        "description": "Delete a Topic Prefix object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Topic Prefix is a prefix for a global topic that is available from the containing Home Cache Cluster.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "deleteMsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefix",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -15955,19 +21524,32 @@
             "type": "string"
           },
           {
-            "$ref": "#/parameters/countQuery"
-          },
-          {
-            "$ref": "#/parameters/cursorQuery"
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/opaquePasswordQuery"
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/whereQuery"
+            "description": "The name of the remote Home Cache Cluster.",
+            "in": "path",
+            "name": "homeClusterName",
+            "required": true,
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/selectQuery"
+            "description": "A topic prefix for global topics available from the remote Home Cache Cluster. A wildcard (/>) is implied at the end of the prefix.",
+            "in": "path",
+            "name": "topicPrefix",
+            "required": true,
+            "type": "string"
           }
         ],
         "produces": [
@@ -15975,9 +21557,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Client Profile objects' attributes, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientProfilesResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -15992,16 +21574,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Client Profile objects.",
+        "summary": "Delete a Topic Prefix object.",
         "tags": [
           "all",
           "msgVpn",
-          "clientProfile"
+          "distributedCache"
         ]
       },
-      "post": {
-        "description": "Create a Client Profile object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nClient Profiles are used to assign common configuration properties to clients that have been successfully authorized.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nallowCutThroughForwardingEnabled|||||x|\napiQueueManagementCopyFromOnCreateName|||||x|\napiTopicEndpointManagementCopyFromOnCreateName|||||x|\nclientProfileName|x|x||||\nmsgVpnName|x||x|||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\nEventThresholdByPercent|clearPercent|setPercent|\nEventThresholdByPercent|setPercent|clearPercent|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "createMsgVpnClientProfile",
+      "get": {
+        "description": "Get a Topic Prefix object.\n\nA Topic Prefix is a prefix for a global topic that is available from the containing Home Cache Cluster.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\nhomeClusterName|x|||\nmsgVpnName|x|||\ntopicPrefix|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefix",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -16011,13 +21593,32 @@
             "type": "string"
           },
           {
-            "description": "The Client Profile object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnClientProfile"
-            }
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the remote Home Cache Cluster.",
+            "in": "path",
+            "name": "homeClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "A topic prefix for global topics available from the remote Home Cache Cluster. A wildcard (/>) is implied at the end of the prefix.",
+            "in": "path",
+            "name": "topicPrefix",
+            "required": true,
+            "type": "string"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -16031,9 +21632,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Client Profile object's attributes after being created, and the request metadata.",
+            "description": "The Topic Prefix object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientProfileResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefixResponse"
             }
           },
           "default": {
@@ -16048,18 +21649,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Client Profile object.",
+        "summary": "Get a Topic Prefix object.",
         "tags": [
           "all",
           "msgVpn",
-          "clientProfile"
+          "distributedCache"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/clientProfiles/{clientProfileName}": {
-      "delete": {
-        "description": "Delete a Client Profile object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nClient Profiles are used to assign common configuration properties to clients that have been successfully authorized.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "deleteMsgVpnClientProfile",
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/instances": {
+      "get": {
+        "description": "Get a list of Cache Instance objects.\n\nA Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\ninstanceName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterInstances",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -16069,11 +21670,33 @@
             "type": "string"
           },
           {
-            "description": "The name of the Client Profile.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "clientProfileName",
+            "name": "cacheName",
             "required": true,
             "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -16081,9 +21704,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The request metadata.",
+            "description": "The list of Cache Instance objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstancesResponse"
             }
           },
           "default": {
@@ -16098,16 +21721,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Client Profile object.",
+        "summary": "Get a list of Cache Instance objects.",
         "tags": [
           "all",
           "msgVpn",
-          "clientProfile"
+          "distributedCache"
         ]
       },
-      "get": {
-        "description": "Get a Client Profile object.\n\nClient Profiles are used to assign common configuration properties to clients that have been successfully authorized.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nallowCutThroughForwardingEnabled|||x|\napiQueueManagementCopyFromOnCreateName|||x|\napiTopicEndpointManagementCopyFromOnCreateName|||x|\nclientProfileName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnClientProfile",
+      "post": {
+        "description": "Create a Cache Instance object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x||x|||\nclusterName|x||x|||\ninstanceName|x|x||||\nmsgVpnName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "createMsgVpnDistributedCacheClusterInstance",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -16117,12 +21740,28 @@
             "type": "string"
           },
           {
-            "description": "The name of the Client Profile.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "clientProfileName",
+            "name": "cacheName",
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Cache Instance object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstance"
+            }
+          },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
@@ -16135,9 +21774,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Client Profile object's attributes, and the request metadata.",
+            "description": "The Cache Instance object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientProfileResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceResponse"
             }
           },
           "default": {
@@ -16152,16 +21791,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Client Profile object.",
+        "summary": "Create a Cache Instance object.",
         "tags": [
           "all",
           "msgVpn",
-          "clientProfile"
+          "distributedCache"
         ]
-      },
-      "patch": {
-        "description": "Update a Client Profile object. Any attribute missing from the request will be left unchanged.\n\nClient Profiles are used to assign common configuration properties to clients that have been successfully authorized.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nallowCutThroughForwardingEnabled|||||x|\napiQueueManagementCopyFromOnCreateName|||||x|\napiTopicEndpointManagementCopyFromOnCreateName|||||x|\nclientProfileName|x|x||||\nmsgVpnName|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\nEventThresholdByPercent|clearPercent|setPercent|\nEventThresholdByPercent|setPercent|clearPercent|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "updateMsgVpnClientProfile",
+      }
+    },
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/instances/{instanceName}": {
+      "delete": {
+        "description": "Delete a Cache Instance object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "deleteMsgVpnDistributedCacheClusterInstance",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -16171,26 +21812,25 @@
             "type": "string"
           },
           {
-            "description": "The name of the Client Profile.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "clientProfileName",
+            "name": "cacheName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Client Profile object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnClientProfile"
-            }
-          },
-          {
-            "$ref": "#/parameters/opaquePasswordQuery"
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/selectQuery"
+            "description": "The name of the Cache Instance.",
+            "in": "path",
+            "name": "instanceName",
+            "required": true,
+            "type": "string"
           }
         ],
         "produces": [
@@ -16198,9 +21838,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Client Profile object's attributes after being updated, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientProfileResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -16215,16 +21855,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a Client Profile object.",
+        "summary": "Delete a Cache Instance object.",
         "tags": [
           "all",
           "msgVpn",
-          "clientProfile"
+          "distributedCache"
         ]
       },
-      "put": {
-        "description": "Replace a Client Profile object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nClient Profiles are used to assign common configuration properties to clients that have been successfully authorized.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nallowCutThroughForwardingEnabled|||||x|\napiQueueManagementCopyFromOnCreateName|||||x|\napiTopicEndpointManagementCopyFromOnCreateName|||||x|\nclientProfileName|x|x||||\nmsgVpnName|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\nEventThresholdByPercent|clearPercent|setPercent|\nEventThresholdByPercent|setPercent|clearPercent|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "replaceMsgVpnClientProfile",
+      "get": {
+        "description": "Get a Cache Instance object.\n\nA Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\ninstanceName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterInstance",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -16234,20 +21874,25 @@
             "type": "string"
           },
           {
-            "description": "The name of the Client Profile.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "clientProfileName",
+            "name": "cacheName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Client Profile object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnClientProfile"
-            }
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Instance.",
+            "in": "path",
+            "name": "instanceName",
+            "required": true,
+            "type": "string"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -16261,9 +21906,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Client Profile object's attributes after being replaced, and the request metadata.",
+            "description": "The Cache Instance object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientProfileResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceResponse"
             }
           },
           "default": {
@@ -16278,18 +21923,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace a Client Profile object.",
+        "summary": "Get a Cache Instance object.",
         "tags": [
           "all",
           "msgVpn",
-          "clientProfile"
+          "distributedCache"
         ]
-      }
-    },
-    "/msgVpns/{msgVpnName}/clientUsernames": {
-      "get": {
-        "description": "Get a list of Client Username objects.\n\nA client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclientUsername|x|||\nmsgVpnName|x|||\npassword||x||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnClientUsernames",
+      },
+      "patch": {
+        "description": "Update a Cache Instance object. Any attribute missing from the request will be left unchanged.\n\nA Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\ncacheName|x|x|||||\nclusterName|x|x|||||\ninstanceName|x|x|||||\nmsgVpnName|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "updateMsgVpnDistributedCacheClusterInstance",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -16299,16 +21942,37 @@
             "type": "string"
           },
           {
-            "$ref": "#/parameters/countQuery"
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/cursorQuery"
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/opaquePasswordQuery"
+            "description": "The name of the Cache Instance.",
+            "in": "path",
+            "name": "instanceName",
+            "required": true,
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/whereQuery"
+            "description": "The Cache Instance object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstance"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
           },
           {
             "$ref": "#/parameters/selectQuery"
@@ -16319,9 +21983,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Client Username objects' attributes, and the request metadata.",
+            "description": "The Cache Instance object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientUsernamesResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceResponse"
             }
           },
           "default": {
@@ -16336,16 +22000,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Client Username objects.",
+        "summary": "Update a Cache Instance object.",
         "tags": [
           "all",
           "msgVpn",
-          "clientUsername"
+          "distributedCache"
         ]
       },
-      "post": {
-        "description": "Create a Client Username object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nclientUsername|x|x||||\nmsgVpnName|x||x|||\npassword||||x||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "createMsgVpnClientUsername",
+      "put": {
+        "description": "Replace a Cache Instance object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\ncacheName|x||x|||||\nclusterName|x||x|||||\ninstanceName|x||x|||||\nmsgVpnName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "replaceMsgVpnDistributedCacheClusterInstance",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -16355,12 +22019,33 @@
             "type": "string"
           },
           {
-            "description": "The Client Username object's attributes.",
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Instance.",
+            "in": "path",
+            "name": "instanceName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Cache Instance object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientUsername"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstance"
             }
           },
           {
@@ -16375,9 +22060,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Client Username object's attributes after being created, and the request metadata.",
+            "description": "The Cache Instance object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientUsernameResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceResponse"
             }
           },
           "default": {
@@ -16392,18 +22077,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Client Username object.",
+        "summary": "Replace a Cache Instance object.",
         "tags": [
           "all",
           "msgVpn",
-          "clientUsername"
+          "distributedCache"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/clientUsernames/{clientUsername}": {
-      "delete": {
-        "description": "Delete a Client Username object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "deleteMsgVpnClientUsername",
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/topics": {
+      "get": {
+        "description": "Get a list of Topic objects.\n\nThe Cache Instances that belong to the containing Cache Cluster will cache any messages published to topics that match a Topic Subscription.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\nmsgVpnName|x|||\ntopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterTopics",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -16413,11 +22098,33 @@
             "type": "string"
           },
           {
-            "description": "The name of the Client Username.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "clientUsername",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
             "required": true,
             "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -16425,9 +22132,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The request metadata.",
+            "description": "The list of Topic objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterTopicsResponse"
             }
           },
           "default": {
@@ -16442,16 +22149,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Client Username object.",
+        "summary": "Get a list of Topic objects.",
         "tags": [
           "all",
           "msgVpn",
-          "clientUsername"
+          "distributedCache"
         ]
       },
-      "get": {
-        "description": "Get a Client Username object.\n\nA client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclientUsername|x|||\nmsgVpnName|x|||\npassword||x||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnClientUsername",
+      "post": {
+        "description": "Create a Topic object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe Cache Instances that belong to the containing Cache Cluster will cache any messages published to topics that match a Topic Subscription.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x||x|||\nclusterName|x||x|||\nmsgVpnName|x||x|||\ntopic|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "createMsgVpnDistributedCacheClusterTopic",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -16461,12 +22168,28 @@
             "type": "string"
           },
           {
-            "description": "The name of the Client Username.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "clientUsername",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The Topic object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterTopic"
+            }
+          },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
@@ -16479,9 +22202,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Client Username object's attributes, and the request metadata.",
+            "description": "The Topic object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientUsernameResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterTopicResponse"
             }
           },
           "default": {
@@ -16496,16 +22219,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Client Username object.",
+        "summary": "Create a Topic object.",
         "tags": [
           "all",
           "msgVpn",
-          "clientUsername"
+          "distributedCache"
         ]
-      },
-      "patch": {
-        "description": "Update a Client Username object. Any attribute missing from the request will be left unchanged.\n\nA client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName||||x||\nclientProfileName||||x||\nclientUsername|x|x||||\nmsgVpnName|x|x||||\npassword|||x|||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "updateMsgVpnClientUsername",
+      }
+    },
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/topics/{topic}": {
+      "delete": {
+        "description": "Delete a Topic object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe Cache Instances that belong to the containing Cache Cluster will cache any messages published to topics that match a Topic Subscription.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "deleteMsgVpnDistributedCacheClusterTopic",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -16515,26 +22240,25 @@
             "type": "string"
           },
           {
-            "description": "The name of the Client Username.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "clientUsername",
+            "name": "cacheName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Client Username object's attributes.",
-            "in": "body",
-            "name": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnClientUsername"
-            }
-          },
-          {
-            "$ref": "#/parameters/opaquePasswordQuery"
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/selectQuery"
+            "description": "The value of the Topic in the form a/b/c.",
+            "in": "path",
+            "name": "topic",
+            "required": true,
+            "type": "string"
           }
         ],
         "produces": [
@@ -16542,9 +22266,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Client Username object's attributes after being updated, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientUsernameResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -16559,16 +22283,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a Client Username object.",
+        "summary": "Delete a Topic object.",
         "tags": [
           "all",
           "msgVpn",
-          "clientUsername"
+          "distributedCache"
         ]
       },
-      "put": {
-        "description": "Replace a Client Username object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName||||x||\nclientProfileName||||x||\nclientUsername|x|x||||\nmsgVpnName|x|x||||\npassword|||x|||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "replaceMsgVpnClientUsername",
+      "get": {
+        "description": "Get a Topic object.\n\nThe Cache Instances that belong to the containing Cache Cluster will cache any messages published to topics that match a Topic Subscription.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\nmsgVpnName|x|||\ntopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterTopic",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -16578,20 +22302,25 @@
             "type": "string"
           },
           {
-            "description": "The name of the Client Username.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "clientUsername",
+            "name": "cacheName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Client Username object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnClientUsername"
-            }
+            "type": "string"
+          },
+          {
+            "description": "The value of the Topic in the form a/b/c.",
+            "in": "path",
+            "name": "topic",
+            "required": true,
+            "type": "string"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -16605,9 +22334,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Client Username object's attributes after being replaced, and the request metadata.",
+            "description": "The Topic object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientUsernameResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterTopicResponse"
             }
           },
           "default": {
@@ -16622,18 +22351,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace a Client Username object.",
+        "summary": "Get a Topic object.",
         "tags": [
           "all",
           "msgVpn",
-          "clientUsername"
+          "distributedCache"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/distributedCaches": {
+    "/msgVpns/{msgVpnName}/dmrBridges": {
       "get": {
-        "description": "Get a list of Distributed Cache objects.\n\nA Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCaches",
+        "description": "Get a list of DMR Bridge objects.\n\nA DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nremoteNodeName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDmrBridges",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -16663,9 +22392,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Distributed Cache objects' attributes, and the request metadata.",
+            "description": "The list of DMR Bridge objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCachesResponse"
+              "$ref": "#/definitions/MsgVpnDmrBridgesResponse"
             }
           },
           "default": {
@@ -16680,16 +22409,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Distributed Cache objects.",
+        "summary": "Get a list of DMR Bridge objects.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "dmrBridge"
         ]
       },
       "post": {
-        "description": "Create a Distributed Cache object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x|x||||\nmsgVpnName|x||x|||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnDistributedCache|scheduledDeleteMsgDayList|scheduledDeleteMsgTimeList|\nMsgVpnDistributedCache|scheduledDeleteMsgTimeList|scheduledDeleteMsgDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "createMsgVpnDistributedCache",
+        "description": "Create a DMR Bridge object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\nremoteNodeName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "createMsgVpnDmrBridge",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -16699,12 +22428,12 @@
             "type": "string"
           },
           {
-            "description": "The Distributed Cache object's attributes.",
+            "description": "The DMR Bridge object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCache"
+              "$ref": "#/definitions/MsgVpnDmrBridge"
             }
           },
           {
@@ -16719,9 +22448,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Distributed Cache object's attributes after being created, and the request metadata.",
+            "description": "The DMR Bridge object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheResponse"
+              "$ref": "#/definitions/MsgVpnDmrBridgeResponse"
             }
           },
           "default": {
@@ -16736,18 +22465,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Distributed Cache object.",
+        "summary": "Create a DMR Bridge object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "dmrBridge"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}": {
+    "/msgVpns/{msgVpnName}/dmrBridges/{remoteNodeName}": {
       "delete": {
-        "description": "Delete a Distributed Cache object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "deleteMsgVpnDistributedCache",
+        "description": "Delete a DMR Bridge object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "deleteMsgVpnDmrBridge",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -16757,9 +22486,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
+            "description": "The name of the node at the remote end of the DMR Bridge.",
             "in": "path",
-            "name": "cacheName",
+            "name": "remoteNodeName",
             "required": true,
             "type": "string"
           }
@@ -16786,16 +22515,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Distributed Cache object.",
+        "summary": "Delete a DMR Bridge object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "dmrBridge"
         ]
       },
       "get": {
-        "description": "Get a Distributed Cache object.\n\nA Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCache",
+        "description": "Get a DMR Bridge object.\n\nA DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nremoteNodeName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDmrBridge",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -16805,9 +22534,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
+            "description": "The name of the node at the remote end of the DMR Bridge.",
             "in": "path",
-            "name": "cacheName",
+            "name": "remoteNodeName",
             "required": true,
             "type": "string"
           },
@@ -16823,9 +22552,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Distributed Cache object's attributes, and the request metadata.",
+            "description": "The DMR Bridge object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheResponse"
+              "$ref": "#/definitions/MsgVpnDmrBridgeResponse"
             }
           },
           "default": {
@@ -16840,16 +22569,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Distributed Cache object.",
+        "summary": "Get a DMR Bridge object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "dmrBridge"
         ]
       },
       "patch": {
-        "description": "Update a Distributed Cache object. Any attribute missing from the request will be left unchanged.\n\nA Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x|x||||\nmsgVpnName|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnDistributedCache|scheduledDeleteMsgDayList|scheduledDeleteMsgTimeList|\nMsgVpnDistributedCache|scheduledDeleteMsgTimeList|scheduledDeleteMsgDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "updateMsgVpnDistributedCache",
+        "description": "Update a DMR Bridge object. Any attribute missing from the request will be left unchanged.\n\nA DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nmsgVpnName|x|x|||||\nremoteNodeName|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "updateMsgVpnDmrBridge",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -16859,19 +22588,19 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
+            "description": "The name of the node at the remote end of the DMR Bridge.",
             "in": "path",
-            "name": "cacheName",
+            "name": "remoteNodeName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Distributed Cache object's attributes.",
+            "description": "The DMR Bridge object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCache"
+              "$ref": "#/definitions/MsgVpnDmrBridge"
             }
           },
           {
@@ -16886,9 +22615,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Distributed Cache object's attributes after being updated, and the request metadata.",
+            "description": "The DMR Bridge object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheResponse"
+              "$ref": "#/definitions/MsgVpnDmrBridgeResponse"
             }
           },
           "default": {
@@ -16903,16 +22632,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a Distributed Cache object.",
+        "summary": "Update a DMR Bridge object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "dmrBridge"
         ]
       },
       "put": {
-        "description": "Replace a Distributed Cache object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x|x||||\nmsgVpnName|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnDistributedCache|scheduledDeleteMsgDayList|scheduledDeleteMsgTimeList|\nMsgVpnDistributedCache|scheduledDeleteMsgTimeList|scheduledDeleteMsgDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "replaceMsgVpnDistributedCache",
+        "description": "Replace a DMR Bridge object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nmsgVpnName|x||x|||||\nremoteNodeName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "replaceMsgVpnDmrBridge",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -16922,19 +22651,19 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
+            "description": "The name of the node at the remote end of the DMR Bridge.",
             "in": "path",
-            "name": "cacheName",
+            "name": "remoteNodeName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Distributed Cache object's attributes.",
+            "description": "The DMR Bridge object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCache"
+              "$ref": "#/definitions/MsgVpnDmrBridge"
             }
           },
           {
@@ -16949,9 +22678,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Distributed Cache object's attributes after being replaced, and the request metadata.",
+            "description": "The DMR Bridge object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheResponse"
+              "$ref": "#/definitions/MsgVpnDmrBridgeResponse"
             }
           },
           "default": {
@@ -16966,18 +22695,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace a Distributed Cache object.",
+        "summary": "Replace a DMR Bridge object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "dmrBridge"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters": {
+    "/msgVpns/{msgVpnName}/jndiConnectionFactories": {
       "get": {
-        "description": "Get a list of Cache Cluster objects.\n\nA Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCacheClusters",
+        "description": "Get a list of JNDI Connection Factory objects.\n\nThe message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nconnectionFactoryName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "getMsgVpnJndiConnectionFactories",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -16986,13 +22715,6 @@
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -17014,9 +22736,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Cache Cluster objects' attributes, and the request metadata.",
+            "description": "The list of JNDI Connection Factory objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClustersResponse"
+              "$ref": "#/definitions/MsgVpnJndiConnectionFactoriesResponse"
             }
           },
           "default": {
@@ -17031,16 +22753,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Cache Cluster objects.",
+        "summary": "Get a list of JNDI Connection Factory objects.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "jndi"
         ]
       },
       "post": {
-        "description": "Create a Cache Cluster object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x||x|||\nclusterName|x|x||||\nmsgVpnName|x||x|||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThresholdByPercent|clearPercent|setPercent|\nEventThresholdByPercent|setPercent|clearPercent|\nEventThresholdByValue|clearValue|setValue|\nEventThresholdByValue|setValue|clearValue|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "createMsgVpnDistributedCacheCluster",
+        "description": "Create a JNDI Connection Factory object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nconnectionFactoryName|x|x||||\nmsgVpnName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "createMsgVpnJndiConnectionFactory",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -17050,19 +22772,12 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The Cache Cluster object's attributes.",
+            "description": "The JNDI Connection Factory object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheCluster"
+              "$ref": "#/definitions/MsgVpnJndiConnectionFactory"
             }
           },
           {
@@ -17077,9 +22792,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Cache Cluster object's attributes after being created, and the request metadata.",
+            "description": "The JNDI Connection Factory object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterResponse"
+              "$ref": "#/definitions/MsgVpnJndiConnectionFactoryResponse"
             }
           },
           "default": {
@@ -17094,18 +22809,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Cache Cluster object.",
+        "summary": "Create a JNDI Connection Factory object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "jndi"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}": {
+    "/msgVpns/{msgVpnName}/jndiConnectionFactories/{connectionFactoryName}": {
       "delete": {
-        "description": "Delete a Cache Cluster object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "deleteMsgVpnDistributedCacheCluster",
+        "description": "Delete a JNDI Connection Factory object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "deleteMsgVpnJndiConnectionFactory",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -17115,16 +22830,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
+            "description": "The name of the JMS Connection Factory.",
             "in": "path",
-            "name": "clusterName",
+            "name": "connectionFactoryName",
             "required": true,
             "type": "string"
           }
@@ -17151,16 +22859,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Cache Cluster object.",
+        "summary": "Delete a JNDI Connection Factory object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "jndi"
         ]
       },
       "get": {
-        "description": "Get a Cache Cluster object.\n\nA Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCacheCluster",
+        "description": "Get a JNDI Connection Factory object.\n\nThe message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nconnectionFactoryName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "getMsgVpnJndiConnectionFactory",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -17170,16 +22878,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
+            "description": "The name of the JMS Connection Factory.",
             "in": "path",
-            "name": "clusterName",
+            "name": "connectionFactoryName",
             "required": true,
             "type": "string"
           },
@@ -17195,9 +22896,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Cache Cluster object's attributes, and the request metadata.",
+            "description": "The JNDI Connection Factory object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterResponse"
+              "$ref": "#/definitions/MsgVpnJndiConnectionFactoryResponse"
             }
           },
           "default": {
@@ -17212,16 +22913,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Cache Cluster object.",
+        "summary": "Get a JNDI Connection Factory object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "jndi"
         ]
       },
       "patch": {
-        "description": "Update a Cache Cluster object. Any attribute missing from the request will be left unchanged.\n\nA Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x|x||||\nclusterName|x|x||||\nmsgVpnName|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThresholdByPercent|clearPercent|setPercent|\nEventThresholdByPercent|setPercent|clearPercent|\nEventThresholdByValue|clearValue|setValue|\nEventThresholdByValue|setValue|clearValue|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "updateMsgVpnDistributedCacheCluster",
+        "description": "Update a JNDI Connection Factory object. Any attribute missing from the request will be left unchanged.\n\nThe message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nconnectionFactoryName|x|x|||||\nmsgVpnName|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "updateMsgVpnJndiConnectionFactory",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -17231,26 +22932,19 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
+            "description": "The name of the JMS Connection Factory.",
             "in": "path",
-            "name": "clusterName",
+            "name": "connectionFactoryName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Cache Cluster object's attributes.",
+            "description": "The JNDI Connection Factory object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheCluster"
+              "$ref": "#/definitions/MsgVpnJndiConnectionFactory"
             }
           },
           {
@@ -17265,9 +22959,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Cache Cluster object's attributes after being updated, and the request metadata.",
+            "description": "The JNDI Connection Factory object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterResponse"
+              "$ref": "#/definitions/MsgVpnJndiConnectionFactoryResponse"
             }
           },
           "default": {
@@ -17282,16 +22976,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a Cache Cluster object.",
+        "summary": "Update a JNDI Connection Factory object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "jndi"
         ]
       },
       "put": {
-        "description": "Replace a Cache Cluster object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x|x||||\nclusterName|x|x||||\nmsgVpnName|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThresholdByPercent|clearPercent|setPercent|\nEventThresholdByPercent|setPercent|clearPercent|\nEventThresholdByValue|clearValue|setValue|\nEventThresholdByValue|setValue|clearValue|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "replaceMsgVpnDistributedCacheCluster",
+        "description": "Replace a JNDI Connection Factory object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nThe message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nconnectionFactoryName|x||x|||||\nmsgVpnName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "replaceMsgVpnJndiConnectionFactory",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -17301,26 +22995,19 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
+            "description": "The name of the JMS Connection Factory.",
             "in": "path",
-            "name": "clusterName",
+            "name": "connectionFactoryName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Cache Cluster object's attributes.",
+            "description": "The JNDI Connection Factory object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheCluster"
+              "$ref": "#/definitions/MsgVpnJndiConnectionFactory"
             }
           },
           {
@@ -17335,9 +23022,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Cache Cluster object's attributes after being replaced, and the request metadata.",
+            "description": "The JNDI Connection Factory object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterResponse"
+              "$ref": "#/definitions/MsgVpnJndiConnectionFactoryResponse"
             }
           },
           "default": {
@@ -17352,18 +23039,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace a Cache Cluster object.",
+        "summary": "Replace a JNDI Connection Factory object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "jndi"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/globalCachingHomeClusters": {
+    "/msgVpns/{msgVpnName}/jndiQueues": {
       "get": {
-        "description": "Get a list of Home Cache Cluster objects.\n\nA Home Cache Cluster is a Cache Cluster that is the \"definitive\" Cache Cluster for a given topic in the context of the Global Caching feature.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\nhomeClusterName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCacheClusterGlobalCachingHomeClusters",
+        "description": "Get a list of JNDI Queue objects.\n\nThe message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "getMsgVpnJndiQueues",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -17372,20 +23059,6 @@
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
-            "in": "path",
-            "name": "clusterName",
-            "required": true,
-            "type": "string"
-          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -17407,9 +23080,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Home Cache Cluster objects' attributes, and the request metadata.",
+            "description": "The list of JNDI Queue objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClustersResponse"
+              "$ref": "#/definitions/MsgVpnJndiQueuesResponse"
             }
           },
           "default": {
@@ -17424,16 +23097,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Home Cache Cluster objects.",
+        "summary": "Get a list of JNDI Queue objects.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "jndi"
         ]
       },
       "post": {
-        "description": "Create a Home Cache Cluster object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Home Cache Cluster is a Cache Cluster that is the \"definitive\" Cache Cluster for a given topic in the context of the Global Caching feature.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x||x|||\nclusterName|x||x|||\nhomeClusterName|x|x||||\nmsgVpnName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "createMsgVpnDistributedCacheClusterGlobalCachingHomeCluster",
+        "description": "Create a JNDI Queue object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\nqueueName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "createMsgVpnJndiQueue",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -17443,26 +23116,12 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
-            "in": "path",
-            "name": "clusterName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The Home Cache Cluster object's attributes.",
+            "description": "The JNDI Queue object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeCluster"
+              "$ref": "#/definitions/MsgVpnJndiQueue"
             }
           },
           {
@@ -17477,9 +23136,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Home Cache Cluster object's attributes after being created, and the request metadata.",
+            "description": "The JNDI Queue object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterResponse"
+              "$ref": "#/definitions/MsgVpnJndiQueueResponse"
             }
           },
           "default": {
@@ -17494,18 +23153,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Home Cache Cluster object.",
+        "summary": "Create a JNDI Queue object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "jndi"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/globalCachingHomeClusters/{homeClusterName}": {
+    "/msgVpns/{msgVpnName}/jndiQueues/{queueName}": {
       "delete": {
-        "description": "Delete a Home Cache Cluster object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Home Cache Cluster is a Cache Cluster that is the \"definitive\" Cache Cluster for a given topic in the context of the Global Caching feature.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "deleteMsgVpnDistributedCacheClusterGlobalCachingHomeCluster",
+        "description": "Delete a JNDI Queue object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "deleteMsgVpnJndiQueue",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -17515,23 +23174,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
-            "in": "path",
-            "name": "clusterName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the remote Home Cache Cluster.",
+            "description": "The JNDI name of the JMS Queue.",
             "in": "path",
-            "name": "homeClusterName",
+            "name": "queueName",
             "required": true,
             "type": "string"
           }
@@ -17558,16 +23203,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Home Cache Cluster object.",
+        "summary": "Delete a JNDI Queue object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "jndi"
         ]
       },
       "get": {
-        "description": "Get a Home Cache Cluster object.\n\nA Home Cache Cluster is a Cache Cluster that is the \"definitive\" Cache Cluster for a given topic in the context of the Global Caching feature.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\nhomeClusterName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCacheClusterGlobalCachingHomeCluster",
+        "description": "Get a JNDI Queue object.\n\nThe message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "getMsgVpnJndiQueue",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -17577,23 +23222,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
-            "in": "path",
-            "name": "clusterName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the remote Home Cache Cluster.",
+            "description": "The JNDI name of the JMS Queue.",
             "in": "path",
-            "name": "homeClusterName",
+            "name": "queueName",
             "required": true,
             "type": "string"
           },
@@ -17609,9 +23240,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Home Cache Cluster object's attributes, and the request metadata.",
+            "description": "The JNDI Queue object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterResponse"
+              "$ref": "#/definitions/MsgVpnJndiQueueResponse"
             }
           },
           "default": {
@@ -17626,18 +23257,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Home Cache Cluster object.",
+        "summary": "Get a JNDI Queue object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "jndi"
         ]
-      }
-    },
-    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/globalCachingHomeClusters/{homeClusterName}/topicPrefixes": {
-      "get": {
-        "description": "Get a list of Topic Prefix objects.\n\nA Topic Prefix is a prefix for a global topic that is available from the containing Home Cache Cluster.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\nhomeClusterName|x|||\nmsgVpnName|x|||\ntopicPrefix|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefixes",
+      },
+      "patch": {
+        "description": "Update a JNDI Queue object. Any attribute missing from the request will be left unchanged.\n\nThe message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nmsgVpnName|x|x|||||\nqueueName|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "updateMsgVpnJndiQueue",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -17647,38 +23276,24 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
+            "description": "The JNDI name of the JMS Queue.",
             "in": "path",
-            "name": "clusterName",
+            "name": "queueName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the remote Home Cache Cluster.",
-            "in": "path",
-            "name": "homeClusterName",
+            "description": "The JNDI Queue object's attributes.",
+            "in": "body",
+            "name": "body",
             "required": true,
-            "type": "string"
-          },
-          {
-            "$ref": "#/parameters/countQuery"
-          },
-          {
-            "$ref": "#/parameters/cursorQuery"
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiQueue"
+            }
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
-          {
-            "$ref": "#/parameters/whereQuery"
-          },
           {
             "$ref": "#/parameters/selectQuery"
           }
@@ -17688,9 +23303,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Topic Prefix objects' attributes, and the request metadata.",
+            "description": "The JNDI Queue object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefixesResponse"
+              "$ref": "#/definitions/MsgVpnJndiQueueResponse"
             }
           },
           "default": {
@@ -17705,16 +23320,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Topic Prefix objects.",
+        "summary": "Update a JNDI Queue object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "jndi"
         ]
       },
-      "post": {
-        "description": "Create a Topic Prefix object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Topic Prefix is a prefix for a global topic that is available from the containing Home Cache Cluster.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x||x|||\nclusterName|x||x|||\nhomeClusterName|x||x|||\nmsgVpnName|x||x|||\ntopicPrefix|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "createMsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefix",
+      "put": {
+        "description": "Replace a JNDI Queue object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nThe message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nmsgVpnName|x||x|||||\nqueueName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "replaceMsgVpnJndiQueue",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -17724,33 +23339,19 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
-            "in": "path",
-            "name": "clusterName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the remote Home Cache Cluster.",
+            "description": "The JNDI name of the JMS Queue.",
             "in": "path",
-            "name": "homeClusterName",
+            "name": "queueName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Topic Prefix object's attributes.",
+            "description": "The JNDI Queue object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefix"
+              "$ref": "#/definitions/MsgVpnJndiQueue"
             }
           },
           {
@@ -17765,9 +23366,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Topic Prefix object's attributes after being created, and the request metadata.",
+            "description": "The JNDI Queue object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefixResponse"
+              "$ref": "#/definitions/MsgVpnJndiQueueResponse"
             }
           },
           "default": {
@@ -17782,18 +23383,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Topic Prefix object.",
+        "summary": "Replace a JNDI Queue object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "jndi"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/globalCachingHomeClusters/{homeClusterName}/topicPrefixes/{topicPrefix}": {
-      "delete": {
-        "description": "Delete a Topic Prefix object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Topic Prefix is a prefix for a global topic that is available from the containing Home Cache Cluster.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "deleteMsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefix",
+    "/msgVpns/{msgVpnName}/jndiTopics": {
+      "get": {
+        "description": "Get a list of JNDI Topic objects.\n\nThe message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\ntopicName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "getMsgVpnJndiTopics",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -17803,32 +23404,19 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/countQuery"
           },
           {
-            "description": "The name of the Cache Cluster.",
-            "in": "path",
-            "name": "clusterName",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/cursorQuery"
           },
           {
-            "description": "The name of the remote Home Cache Cluster.",
-            "in": "path",
-            "name": "homeClusterName",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/opaquePasswordQuery"
           },
           {
-            "description": "A topic prefix for global topics available from the remote Home Cache Cluster. A wildcard (/>) is implied at the end of the prefix.",
-            "in": "path",
-            "name": "topicPrefix",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -17836,9 +23424,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The request metadata.",
+            "description": "The list of JNDI Topic objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
+              "$ref": "#/definitions/MsgVpnJndiTopicsResponse"
             }
           },
           "default": {
@@ -17853,16 +23441,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Topic Prefix object.",
+        "summary": "Get a list of JNDI Topic objects.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "jndi"
         ]
       },
-      "get": {
-        "description": "Get a Topic Prefix object.\n\nA Topic Prefix is a prefix for a global topic that is available from the containing Home Cache Cluster.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\nhomeClusterName|x|||\nmsgVpnName|x|||\ntopicPrefix|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefix",
+      "post": {
+        "description": "Create a JNDI Topic object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\ntopicName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "createMsgVpnJndiTopic",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -17872,32 +23460,13 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
-            "in": "path",
-            "name": "clusterName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the remote Home Cache Cluster.",
-            "in": "path",
-            "name": "homeClusterName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "A topic prefix for global topics available from the remote Home Cache Cluster. A wildcard (/>) is implied at the end of the prefix.",
-            "in": "path",
-            "name": "topicPrefix",
+            "description": "The JNDI Topic object's attributes.",
+            "in": "body",
+            "name": "body",
             "required": true,
-            "type": "string"
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiTopic"
+            }
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -17911,9 +23480,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Topic Prefix object's attributes, and the request metadata.",
+            "description": "The JNDI Topic object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefixResponse"
+              "$ref": "#/definitions/MsgVpnJndiTopicResponse"
             }
           },
           "default": {
@@ -17928,18 +23497,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Topic Prefix object.",
+        "summary": "Create a JNDI Topic object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "jndi"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/instances": {
-      "get": {
-        "description": "Get a list of Cache Instance objects.\n\nA Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\ninstanceName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCacheClusterInstances",
+    "/msgVpns/{msgVpnName}/jndiTopics/{topicName}": {
+      "delete": {
+        "description": "Delete a JNDI Topic object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "deleteMsgVpnJndiTopic",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -17949,33 +23518,11 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
+            "description": "The JNDI name of the JMS Topic.",
             "in": "path",
-            "name": "clusterName",
+            "name": "topicName",
             "required": true,
             "type": "string"
-          },
-          {
-            "$ref": "#/parameters/countQuery"
-          },
-          {
-            "$ref": "#/parameters/cursorQuery"
-          },
-          {
-            "$ref": "#/parameters/opaquePasswordQuery"
-          },
-          {
-            "$ref": "#/parameters/whereQuery"
-          },
-          {
-            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -17983,9 +23530,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Cache Instance objects' attributes, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstancesResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -18000,16 +23547,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Cache Instance objects.",
+        "summary": "Delete a JNDI Topic object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "jndi"
         ]
       },
-      "post": {
-        "description": "Create a Cache Instance object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x||x|||\nclusterName|x||x|||\ninstanceName|x|x||||\nmsgVpnName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "createMsgVpnDistributedCacheClusterInstance",
+      "get": {
+        "description": "Get a JNDI Topic object.\n\nThe message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\ntopicName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "getMsgVpnJndiTopic",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -18019,28 +23566,12 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
+            "description": "The JNDI name of the JMS Topic.",
             "in": "path",
-            "name": "clusterName",
+            "name": "topicName",
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The Cache Instance object's attributes.",
-            "in": "body",
-            "name": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstance"
-            }
-          },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
@@ -18053,9 +23584,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Cache Instance object's attributes after being created, and the request metadata.",
+            "description": "The JNDI Topic object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceResponse"
+              "$ref": "#/definitions/MsgVpnJndiTopicResponse"
             }
           },
           "default": {
@@ -18070,18 +23601,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Cache Instance object.",
+        "summary": "Get a JNDI Topic object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "jndi"
         ]
-      }
-    },
-    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/instances/{instanceName}": {
-      "delete": {
-        "description": "Delete a Cache Instance object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "deleteMsgVpnDistributedCacheClusterInstance",
+      },
+      "patch": {
+        "description": "Update a JNDI Topic object. Any attribute missing from the request will be left unchanged.\n\nThe message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nmsgVpnName|x|x|||||\ntopicName|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "updateMsgVpnJndiTopic",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -18091,25 +23620,26 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
+            "description": "The JNDI name of the JMS Topic.",
             "in": "path",
-            "name": "cacheName",
+            "name": "topicName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the Cache Cluster.",
-            "in": "path",
-            "name": "clusterName",
+            "description": "The JNDI Topic object's attributes.",
+            "in": "body",
+            "name": "body",
             "required": true,
-            "type": "string"
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiTopic"
+            }
           },
           {
-            "description": "The name of the Cache Instance.",
-            "in": "path",
-            "name": "instanceName",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -18117,9 +23647,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The request metadata.",
+            "description": "The JNDI Topic object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
+              "$ref": "#/definitions/MsgVpnJndiTopicResponse"
             }
           },
           "default": {
@@ -18134,16 +23664,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Cache Instance object.",
+        "summary": "Update a JNDI Topic object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "jndi"
         ]
       },
-      "get": {
-        "description": "Get a Cache Instance object.\n\nA Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\ninstanceName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCacheClusterInstance",
+      "put": {
+        "description": "Replace a JNDI Topic object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nThe message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nmsgVpnName|x||x|||||\ntopicName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "replaceMsgVpnJndiTopic",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -18153,25 +23683,20 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
+            "description": "The JNDI name of the JMS Topic.",
             "in": "path",
-            "name": "clusterName",
+            "name": "topicName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the Cache Instance.",
-            "in": "path",
-            "name": "instanceName",
+            "description": "The JNDI Topic object's attributes.",
+            "in": "body",
+            "name": "body",
             "required": true,
-            "type": "string"
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiTopic"
+            }
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -18185,9 +23710,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Cache Instance object's attributes, and the request metadata.",
+            "description": "The JNDI Topic object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceResponse"
+              "$ref": "#/definitions/MsgVpnJndiTopicResponse"
             }
           },
           "default": {
@@ -18202,16 +23727,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Cache Instance object.",
+        "summary": "Replace a JNDI Topic object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "jndi"
         ]
-      },
-      "patch": {
-        "description": "Update a Cache Instance object. Any attribute missing from the request will be left unchanged.\n\nA Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x|x||||\nclusterName|x|x||||\ninstanceName|x|x||||\nmsgVpnName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "updateMsgVpnDistributedCacheClusterInstance",
+      }
+    },
+    "/msgVpns/{msgVpnName}/mqttRetainCaches": {
+      "get": {
+        "description": "Get a list of MQTT Retain Cache objects.\n\nUsing MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnMqttRetainCaches",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -18221,37 +23748,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
-            "in": "path",
-            "name": "clusterName",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/countQuery"
           },
           {
-            "description": "The name of the Cache Instance.",
-            "in": "path",
-            "name": "instanceName",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/cursorQuery"
           },
           {
-            "description": "The Cache Instance object's attributes.",
-            "in": "body",
-            "name": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstance"
-            }
+            "$ref": "#/parameters/opaquePasswordQuery"
           },
           {
-            "$ref": "#/parameters/opaquePasswordQuery"
+            "$ref": "#/parameters/whereQuery"
           },
           {
             "$ref": "#/parameters/selectQuery"
@@ -18262,9 +23768,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Cache Instance object's attributes after being updated, and the request metadata.",
+            "description": "The list of MQTT Retain Cache objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceResponse"
+              "$ref": "#/definitions/MsgVpnMqttRetainCachesResponse"
             }
           },
           "default": {
@@ -18279,16 +23785,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a Cache Instance object.",
+        "summary": "Get a list of MQTT Retain Cache objects.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "mqttRetainCache"
         ]
       },
-      "put": {
-        "description": "Replace a Cache Instance object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x|x||||\nclusterName|x|x||||\ninstanceName|x|x||||\nmsgVpnName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "replaceMsgVpnDistributedCacheClusterInstance",
+      "post": {
+        "description": "Create an MQTT Retain Cache object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nUsing MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x|x||||\nmsgVpnName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "createMsgVpnMqttRetainCache",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -18298,33 +23804,12 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
-            "in": "path",
-            "name": "clusterName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Instance.",
-            "in": "path",
-            "name": "instanceName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The Cache Instance object's attributes.",
+            "description": "The MQTT Retain Cache object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstance"
+              "$ref": "#/definitions/MsgVpnMqttRetainCache"
             }
           },
           {
@@ -18339,9 +23824,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Cache Instance object's attributes after being replaced, and the request metadata.",
+            "description": "The MQTT Retain Cache object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceResponse"
+              "$ref": "#/definitions/MsgVpnMqttRetainCacheResponse"
             }
           },
           "default": {
@@ -18356,18 +23841,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace a Cache Instance object.",
+        "summary": "Create an MQTT Retain Cache object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "mqttRetainCache"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/topics": {
-      "get": {
-        "description": "Get a list of Topic objects.\n\nThe Cache Instances that belong to the containing Cache Cluster will cache any messages published to topics that match a Topic Subscription.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\nmsgVpnName|x|||\ntopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCacheClusterTopics",
+    "/msgVpns/{msgVpnName}/mqttRetainCaches/{cacheName}": {
+      "delete": {
+        "description": "Delete an MQTT Retain Cache object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nUsing MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "deleteMsgVpnMqttRetainCache",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -18377,33 +23862,11 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
+            "description": "The name of the MQTT Retain Cache.",
             "in": "path",
             "name": "cacheName",
             "required": true,
             "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
-            "in": "path",
-            "name": "clusterName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "$ref": "#/parameters/countQuery"
-          },
-          {
-            "$ref": "#/parameters/cursorQuery"
-          },
-          {
-            "$ref": "#/parameters/opaquePasswordQuery"
-          },
-          {
-            "$ref": "#/parameters/whereQuery"
-          },
-          {
-            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -18411,9 +23874,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Topic objects' attributes, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterTopicsResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -18428,16 +23891,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Topic objects.",
+        "summary": "Delete an MQTT Retain Cache object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "mqttRetainCache"
         ]
       },
-      "post": {
-        "description": "Create a Topic object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe Cache Instances that belong to the containing Cache Cluster will cache any messages published to topics that match a Topic Subscription.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x||x|||\nclusterName|x||x|||\nmsgVpnName|x||x|||\ntopic|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "createMsgVpnDistributedCacheClusterTopic",
+      "get": {
+        "description": "Get an MQTT Retain Cache object.\n\nUsing MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnMqttRetainCache",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -18447,28 +23910,12 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
+            "description": "The name of the MQTT Retain Cache.",
             "in": "path",
             "name": "cacheName",
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The name of the Cache Cluster.",
-            "in": "path",
-            "name": "clusterName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The Topic object's attributes.",
-            "in": "body",
-            "name": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterTopic"
-            }
-          },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
@@ -18481,9 +23928,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Topic object's attributes after being created, and the request metadata.",
+            "description": "The MQTT Retain Cache object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterTopicResponse"
+              "$ref": "#/definitions/MsgVpnMqttRetainCacheResponse"
             }
           },
           "default": {
@@ -18498,18 +23945,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Topic object.",
+        "summary": "Get an MQTT Retain Cache object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "mqttRetainCache"
         ]
-      }
-    },
-    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/topics/{topic}": {
-      "delete": {
-        "description": "Delete a Topic object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe Cache Instances that belong to the containing Cache Cluster will cache any messages published to topics that match a Topic Subscription.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "deleteMsgVpnDistributedCacheClusterTopic",
+      },
+      "patch": {
+        "description": "Update an MQTT Retain Cache object. Any attribute missing from the request will be left unchanged.\n\nUsing MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\ncacheName|x|x|||||\nmsgVpnName|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "updateMsgVpnMqttRetainCache",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -18519,25 +23964,26 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
+            "description": "The name of the MQTT Retain Cache.",
             "in": "path",
             "name": "cacheName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the Cache Cluster.",
-            "in": "path",
-            "name": "clusterName",
+            "description": "The MQTT Retain Cache object's attributes.",
+            "in": "body",
+            "name": "body",
             "required": true,
-            "type": "string"
+            "schema": {
+              "$ref": "#/definitions/MsgVpnMqttRetainCache"
+            }
           },
           {
-            "description": "The value of the Topic in the form a/b/c.",
-            "in": "path",
-            "name": "topic",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -18545,9 +23991,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The request metadata.",
+            "description": "The MQTT Retain Cache object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
+              "$ref": "#/definitions/MsgVpnMqttRetainCacheResponse"
             }
           },
           "default": {
@@ -18562,16 +24008,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Topic object.",
+        "summary": "Update an MQTT Retain Cache object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "mqttRetainCache"
         ]
       },
-      "get": {
-        "description": "Get a Topic object.\n\nThe Cache Instances that belong to the containing Cache Cluster will cache any messages published to topics that match a Topic Subscription.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\nmsgVpnName|x|||\ntopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCacheClusterTopic",
+      "put": {
+        "description": "Replace an MQTT Retain Cache object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nUsing MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\ncacheName|x||x|||||\nmsgVpnName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "replaceMsgVpnMqttRetainCache",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -18581,25 +24027,20 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
+            "description": "The name of the MQTT Retain Cache.",
             "in": "path",
             "name": "cacheName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the Cache Cluster.",
-            "in": "path",
-            "name": "clusterName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The value of the Topic in the form a/b/c.",
-            "in": "path",
-            "name": "topic",
+            "description": "The MQTT Retain Cache object's attributes.",
+            "in": "body",
+            "name": "body",
             "required": true,
-            "type": "string"
+            "schema": {
+              "$ref": "#/definitions/MsgVpnMqttRetainCache"
+            }
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -18613,9 +24054,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Topic object's attributes, and the request metadata.",
+            "description": "The MQTT Retain Cache object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterTopicResponse"
+              "$ref": "#/definitions/MsgVpnMqttRetainCacheResponse"
             }
           },
           "default": {
@@ -18630,18 +24071,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Topic object.",
+        "summary": "Replace an MQTT Retain Cache object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "mqttRetainCache"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/dmrBridges": {
+    "/msgVpns/{msgVpnName}/mqttSessions": {
       "get": {
-        "description": "Get a list of DMR Bridge objects.\n\nA DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nremoteNodeName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDmrBridges",
+        "description": "Get a list of MQTT Session objects.\n\nAn MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmqttSessionClientId|x|||\nmqttSessionVirtualRouter|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "getMsgVpnMqttSessions",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -18671,9 +24112,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of DMR Bridge objects' attributes, and the request metadata.",
+            "description": "The list of MQTT Session objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDmrBridgesResponse"
+              "$ref": "#/definitions/MsgVpnMqttSessionsResponse"
             }
           },
           "default": {
@@ -18688,16 +24129,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of DMR Bridge objects.",
+        "summary": "Get a list of MQTT Session objects.",
         "tags": [
           "all",
           "msgVpn",
-          "dmrBridge"
+          "mqttSession"
         ]
       },
       "post": {
-        "description": "Create a DMR Bridge object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\nremoteNodeName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "createMsgVpnDmrBridge",
+        "description": "Create an MQTT Session object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAn MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmqttSessionClientId|x|x||||\nmqttSessionVirtualRouter|x|x||||\nmsgVpnName|x||x|||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "createMsgVpnMqttSession",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -18707,12 +24148,12 @@
             "type": "string"
           },
           {
-            "description": "The DMR Bridge object's attributes.",
+            "description": "The MQTT Session object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnDmrBridge"
+              "$ref": "#/definitions/MsgVpnMqttSession"
             }
           },
           {
@@ -18727,9 +24168,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The DMR Bridge object's attributes after being created, and the request metadata.",
+            "description": "The MQTT Session object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDmrBridgeResponse"
+              "$ref": "#/definitions/MsgVpnMqttSessionResponse"
             }
           },
           "default": {
@@ -18744,18 +24185,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a DMR Bridge object.",
+        "summary": "Create an MQTT Session object.",
         "tags": [
           "all",
           "msgVpn",
-          "dmrBridge"
+          "mqttSession"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/dmrBridges/{remoteNodeName}": {
+    "/msgVpns/{msgVpnName}/mqttSessions/{mqttSessionClientId},{mqttSessionVirtualRouter}": {
       "delete": {
-        "description": "Delete a DMR Bridge object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "deleteMsgVpnDmrBridge",
+        "description": "Delete an MQTT Session object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAn MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "deleteMsgVpnMqttSession",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -18765,9 +24206,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the node at the remote end of the DMR Bridge.",
+            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
             "in": "path",
-            "name": "remoteNodeName",
+            "name": "mqttSessionClientId",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the MQTT Session.",
+            "in": "path",
+            "name": "mqttSessionVirtualRouter",
             "required": true,
             "type": "string"
           }
@@ -18794,16 +24242,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a DMR Bridge object.",
+        "summary": "Delete an MQTT Session object.",
         "tags": [
           "all",
           "msgVpn",
-          "dmrBridge"
+          "mqttSession"
         ]
       },
       "get": {
-        "description": "Get a DMR Bridge object.\n\nA DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nremoteNodeName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDmrBridge",
+        "description": "Get an MQTT Session object.\n\nAn MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmqttSessionClientId|x|||\nmqttSessionVirtualRouter|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "getMsgVpnMqttSession",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -18813,9 +24261,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the node at the remote end of the DMR Bridge.",
+            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
             "in": "path",
-            "name": "remoteNodeName",
+            "name": "mqttSessionClientId",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the MQTT Session.",
+            "in": "path",
+            "name": "mqttSessionVirtualRouter",
             "required": true,
             "type": "string"
           },
@@ -18831,9 +24286,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The DMR Bridge object's attributes, and the request metadata.",
+            "description": "The MQTT Session object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDmrBridgeResponse"
+              "$ref": "#/definitions/MsgVpnMqttSessionResponse"
             }
           },
           "default": {
@@ -18848,16 +24303,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a DMR Bridge object.",
+        "summary": "Get an MQTT Session object.",
         "tags": [
           "all",
           "msgVpn",
-          "dmrBridge"
+          "mqttSession"
         ]
       },
       "patch": {
-        "description": "Update a DMR Bridge object. Any attribute missing from the request will be left unchanged.\n\nA DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|x||||\nremoteNodeName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "updateMsgVpnDmrBridge",
+        "description": "Update an MQTT Session object. Any attribute missing from the request will be left unchanged.\n\nAn MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nmqttSessionClientId|x|x|||||\nmqttSessionVirtualRouter|x|x|||||\nmsgVpnName|x|x|||||\nowner|||||x||\nqueueRejectMsgToSenderOnDiscardBehavior|||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "updateMsgVpnMqttSession",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -18867,19 +24322,26 @@
             "type": "string"
           },
           {
-            "description": "The name of the node at the remote end of the DMR Bridge.",
+            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
             "in": "path",
-            "name": "remoteNodeName",
+            "name": "mqttSessionClientId",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The DMR Bridge object's attributes.",
+            "description": "The virtual router of the MQTT Session.",
+            "in": "path",
+            "name": "mqttSessionVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The MQTT Session object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnDmrBridge"
+              "$ref": "#/definitions/MsgVpnMqttSession"
             }
           },
           {
@@ -18894,9 +24356,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The DMR Bridge object's attributes after being updated, and the request metadata.",
+            "description": "The MQTT Session object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDmrBridgeResponse"
+              "$ref": "#/definitions/MsgVpnMqttSessionResponse"
             }
           },
           "default": {
@@ -18911,16 +24373,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a DMR Bridge object.",
+        "summary": "Update an MQTT Session object.",
         "tags": [
           "all",
           "msgVpn",
-          "dmrBridge"
+          "mqttSession"
         ]
       },
       "put": {
-        "description": "Replace a DMR Bridge object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|x||||\nremoteNodeName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "replaceMsgVpnDmrBridge",
+        "description": "Replace an MQTT Session object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nAn MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nmqttSessionClientId|x||x|||||\nmqttSessionVirtualRouter|x||x|||||\nmsgVpnName|x||x|||||\nowner||||||x||\nqueueRejectMsgToSenderOnDiscardBehavior||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "replaceMsgVpnMqttSession",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -18930,19 +24392,26 @@
             "type": "string"
           },
           {
-            "description": "The name of the node at the remote end of the DMR Bridge.",
+            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
             "in": "path",
-            "name": "remoteNodeName",
+            "name": "mqttSessionClientId",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The DMR Bridge object's attributes.",
+            "description": "The virtual router of the MQTT Session.",
+            "in": "path",
+            "name": "mqttSessionVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The MQTT Session object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnDmrBridge"
+              "$ref": "#/definitions/MsgVpnMqttSession"
             }
           },
           {
@@ -18957,9 +24426,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The DMR Bridge object's attributes after being replaced, and the request metadata.",
+            "description": "The MQTT Session object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDmrBridgeResponse"
+              "$ref": "#/definitions/MsgVpnMqttSessionResponse"
             }
           },
           "default": {
@@ -18974,18 +24443,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace a DMR Bridge object.",
+        "summary": "Replace an MQTT Session object.",
         "tags": [
           "all",
           "msgVpn",
-          "dmrBridge"
+          "mqttSession"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/jndiConnectionFactories": {
+    "/msgVpns/{msgVpnName}/mqttSessions/{mqttSessionClientId},{mqttSessionVirtualRouter}/subscriptions": {
       "get": {
-        "description": "Get a list of JNDI Connection Factory objects.\n\nThe message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nconnectionFactoryName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.2.",
-        "operationId": "getMsgVpnJndiConnectionFactories",
+        "description": "Get a list of Subscription objects.\n\nAn MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmqttSessionClientId|x|||\nmqttSessionVirtualRouter|x|||\nmsgVpnName|x|||\nsubscriptionTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "getMsgVpnMqttSessionSubscriptions",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -18994,6 +24463,20 @@
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
+            "in": "path",
+            "name": "mqttSessionClientId",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the MQTT Session.",
+            "in": "path",
+            "name": "mqttSessionVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -19015,9 +24498,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of JNDI Connection Factory objects' attributes, and the request metadata.",
+            "description": "The list of Subscription objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiConnectionFactoriesResponse"
+              "$ref": "#/definitions/MsgVpnMqttSessionSubscriptionsResponse"
             }
           },
           "default": {
@@ -19032,16 +24515,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of JNDI Connection Factory objects.",
+        "summary": "Get a list of Subscription objects.",
         "tags": [
           "all",
           "msgVpn",
-          "jndi"
+          "mqttSession"
         ]
       },
       "post": {
-        "description": "Create a JNDI Connection Factory object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nconnectionFactoryName|x|x||||\nmsgVpnName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
-        "operationId": "createMsgVpnJndiConnectionFactory",
+        "description": "Create a Subscription object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAn MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmqttSessionClientId|x||x|||\nmqttSessionVirtualRouter|x||x|||\nmsgVpnName|x||x|||\nsubscriptionTopic|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "createMsgVpnMqttSessionSubscription",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19051,12 +24534,26 @@
             "type": "string"
           },
           {
-            "description": "The JNDI Connection Factory object's attributes.",
+            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
+            "in": "path",
+            "name": "mqttSessionClientId",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the MQTT Session.",
+            "in": "path",
+            "name": "mqttSessionVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Subscription object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiConnectionFactory"
+              "$ref": "#/definitions/MsgVpnMqttSessionSubscription"
             }
           },
           {
@@ -19071,9 +24568,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The JNDI Connection Factory object's attributes after being created, and the request metadata.",
+            "description": "The Subscription object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiConnectionFactoryResponse"
+              "$ref": "#/definitions/MsgVpnMqttSessionSubscriptionResponse"
             }
           },
           "default": {
@@ -19088,18 +24585,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a JNDI Connection Factory object.",
+        "summary": "Create a Subscription object.",
         "tags": [
           "all",
           "msgVpn",
-          "jndi"
+          "mqttSession"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/jndiConnectionFactories/{connectionFactoryName}": {
+    "/msgVpns/{msgVpnName}/mqttSessions/{mqttSessionClientId},{mqttSessionVirtualRouter}/subscriptions/{subscriptionTopic}": {
       "delete": {
-        "description": "Delete a JNDI Connection Factory object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
-        "operationId": "deleteMsgVpnJndiConnectionFactory",
+        "description": "Delete a Subscription object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAn MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "deleteMsgVpnMqttSessionSubscription",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19109,9 +24606,23 @@
             "type": "string"
           },
           {
-            "description": "The name of the JMS Connection Factory.",
+            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
             "in": "path",
-            "name": "connectionFactoryName",
+            "name": "mqttSessionClientId",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the MQTT Session.",
+            "in": "path",
+            "name": "mqttSessionVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The MQTT subscription topic.",
+            "in": "path",
+            "name": "subscriptionTopic",
             "required": true,
             "type": "string"
           }
@@ -19138,16 +24649,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a JNDI Connection Factory object.",
+        "summary": "Delete a Subscription object.",
         "tags": [
           "all",
           "msgVpn",
-          "jndi"
+          "mqttSession"
         ]
       },
       "get": {
-        "description": "Get a JNDI Connection Factory object.\n\nThe message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nconnectionFactoryName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.2.",
-        "operationId": "getMsgVpnJndiConnectionFactory",
+        "description": "Get a Subscription object.\n\nAn MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmqttSessionClientId|x|||\nmqttSessionVirtualRouter|x|||\nmsgVpnName|x|||\nsubscriptionTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "getMsgVpnMqttSessionSubscription",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19157,9 +24668,23 @@
             "type": "string"
           },
           {
-            "description": "The name of the JMS Connection Factory.",
+            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
             "in": "path",
-            "name": "connectionFactoryName",
+            "name": "mqttSessionClientId",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the MQTT Session.",
+            "in": "path",
+            "name": "mqttSessionVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The MQTT subscription topic.",
+            "in": "path",
+            "name": "subscriptionTopic",
             "required": true,
             "type": "string"
           },
@@ -19175,9 +24700,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The JNDI Connection Factory object's attributes, and the request metadata.",
+            "description": "The Subscription object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiConnectionFactoryResponse"
+              "$ref": "#/definitions/MsgVpnMqttSessionSubscriptionResponse"
             }
           },
           "default": {
@@ -19192,16 +24717,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a JNDI Connection Factory object.",
+        "summary": "Get a Subscription object.",
         "tags": [
           "all",
           "msgVpn",
-          "jndi"
+          "mqttSession"
         ]
       },
       "patch": {
-        "description": "Update a JNDI Connection Factory object. Any attribute missing from the request will be left unchanged.\n\nThe message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nconnectionFactoryName|x|x||||\nmsgVpnName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
-        "operationId": "updateMsgVpnJndiConnectionFactory",
+        "description": "Update a Subscription object. Any attribute missing from the request will be left unchanged.\n\nAn MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nmqttSessionClientId|x|x|||||\nmqttSessionVirtualRouter|x|x|||||\nmsgVpnName|x|x|||||\nsubscriptionTopic|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "updateMsgVpnMqttSessionSubscription",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19211,19 +24736,33 @@
             "type": "string"
           },
           {
-            "description": "The name of the JMS Connection Factory.",
+            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
             "in": "path",
-            "name": "connectionFactoryName",
+            "name": "mqttSessionClientId",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The JNDI Connection Factory object's attributes.",
+            "description": "The virtual router of the MQTT Session.",
+            "in": "path",
+            "name": "mqttSessionVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The MQTT subscription topic.",
+            "in": "path",
+            "name": "subscriptionTopic",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Subscription object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiConnectionFactory"
+              "$ref": "#/definitions/MsgVpnMqttSessionSubscription"
             }
           },
           {
@@ -19238,9 +24777,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The JNDI Connection Factory object's attributes after being updated, and the request metadata.",
+            "description": "The Subscription object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiConnectionFactoryResponse"
+              "$ref": "#/definitions/MsgVpnMqttSessionSubscriptionResponse"
             }
           },
           "default": {
@@ -19255,16 +24794,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a JNDI Connection Factory object.",
+        "summary": "Update a Subscription object.",
         "tags": [
           "all",
           "msgVpn",
-          "jndi"
+          "mqttSession"
         ]
       },
       "put": {
-        "description": "Replace a JNDI Connection Factory object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nThe message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nconnectionFactoryName|x|x||||\nmsgVpnName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
-        "operationId": "replaceMsgVpnJndiConnectionFactory",
+        "description": "Replace a Subscription object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nAn MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nmqttSessionClientId|x||x|||||\nmqttSessionVirtualRouter|x||x|||||\nmsgVpnName|x||x|||||\nsubscriptionTopic|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "replaceMsgVpnMqttSessionSubscription",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19274,19 +24813,33 @@
             "type": "string"
           },
           {
-            "description": "The name of the JMS Connection Factory.",
+            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
             "in": "path",
-            "name": "connectionFactoryName",
+            "name": "mqttSessionClientId",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The JNDI Connection Factory object's attributes.",
+            "description": "The virtual router of the MQTT Session.",
+            "in": "path",
+            "name": "mqttSessionVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The MQTT subscription topic.",
+            "in": "path",
+            "name": "subscriptionTopic",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Subscription object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiConnectionFactory"
+              "$ref": "#/definitions/MsgVpnMqttSessionSubscription"
             }
           },
           {
@@ -19301,9 +24854,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The JNDI Connection Factory object's attributes after being replaced, and the request metadata.",
+            "description": "The Subscription object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiConnectionFactoryResponse"
+              "$ref": "#/definitions/MsgVpnMqttSessionSubscriptionResponse"
             }
           },
           "default": {
@@ -19318,18 +24871,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace a JNDI Connection Factory object.",
+        "summary": "Replace a Subscription object.",
         "tags": [
           "all",
           "msgVpn",
-          "jndi"
+          "mqttSession"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/jndiQueues": {
+    "/msgVpns/{msgVpnName}/queueTemplates": {
       "get": {
-        "description": "Get a list of JNDI Queue objects.\n\nThe message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.2.",
-        "operationId": "getMsgVpnJndiQueues",
+        "description": "Get a list of Queue Template objects.\n\nA Queue Template provides a mechanism for specifying the initial state for client created queues.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueTemplateName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "getMsgVpnQueueTemplates",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19359,9 +24912,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of JNDI Queue objects' attributes, and the request metadata.",
+            "description": "The list of Queue Template objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiQueuesResponse"
+              "$ref": "#/definitions/MsgVpnQueueTemplatesResponse"
             }
           },
           "default": {
@@ -19376,16 +24929,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of JNDI Queue objects.",
+        "summary": "Get a list of Queue Template objects.",
         "tags": [
           "all",
           "msgVpn",
-          "jndi"
+          "queueTemplate"
         ]
       },
       "post": {
-        "description": "Create a JNDI Queue object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\nqueueName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
-        "operationId": "createMsgVpnJndiQueue",
+        "description": "Create a Queue Template object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Queue Template provides a mechanism for specifying the initial state for client created queues.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\nqueueTemplateName|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "createMsgVpnQueueTemplate",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19395,12 +24948,12 @@
             "type": "string"
           },
           {
-            "description": "The JNDI Queue object's attributes.",
+            "description": "The Queue Template object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiQueue"
+              "$ref": "#/definitions/MsgVpnQueueTemplate"
             }
           },
           {
@@ -19415,9 +24968,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The JNDI Queue object's attributes after being created, and the request metadata.",
+            "description": "The Queue Template object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiQueueResponse"
+              "$ref": "#/definitions/MsgVpnQueueTemplateResponse"
             }
           },
           "default": {
@@ -19432,18 +24985,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a JNDI Queue object.",
+        "summary": "Create a Queue Template object.",
         "tags": [
           "all",
           "msgVpn",
-          "jndi"
+          "queueTemplate"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/jndiQueues/{queueName}": {
+    "/msgVpns/{msgVpnName}/queueTemplates/{queueTemplateName}": {
       "delete": {
-        "description": "Delete a JNDI Queue object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
-        "operationId": "deleteMsgVpnJndiQueue",
+        "description": "Delete a Queue Template object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Queue Template provides a mechanism for specifying the initial state for client created queues.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "deleteMsgVpnQueueTemplate",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19453,9 +25006,9 @@
             "type": "string"
           },
           {
-            "description": "The JNDI name of the JMS Queue.",
+            "description": "The name of the Queue Template.",
             "in": "path",
-            "name": "queueName",
+            "name": "queueTemplateName",
             "required": true,
             "type": "string"
           }
@@ -19482,16 +25035,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a JNDI Queue object.",
+        "summary": "Delete a Queue Template object.",
         "tags": [
           "all",
           "msgVpn",
-          "jndi"
+          "queueTemplate"
         ]
       },
       "get": {
-        "description": "Get a JNDI Queue object.\n\nThe message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.2.",
-        "operationId": "getMsgVpnJndiQueue",
+        "description": "Get a Queue Template object.\n\nA Queue Template provides a mechanism for specifying the initial state for client created queues.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueTemplateName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "getMsgVpnQueueTemplate",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19501,9 +25054,9 @@
             "type": "string"
           },
           {
-            "description": "The JNDI name of the JMS Queue.",
+            "description": "The name of the Queue Template.",
             "in": "path",
-            "name": "queueName",
+            "name": "queueTemplateName",
             "required": true,
             "type": "string"
           },
@@ -19519,9 +25072,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The JNDI Queue object's attributes, and the request metadata.",
+            "description": "The Queue Template object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiQueueResponse"
+              "$ref": "#/definitions/MsgVpnQueueTemplateResponse"
             }
           },
           "default": {
@@ -19536,16 +25089,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a JNDI Queue object.",
+        "summary": "Get a Queue Template object.",
         "tags": [
           "all",
           "msgVpn",
-          "jndi"
+          "queueTemplate"
         ]
       },
       "patch": {
-        "description": "Update a JNDI Queue object. Any attribute missing from the request will be left unchanged.\n\nThe message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|x||||\nqueueName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
-        "operationId": "updateMsgVpnJndiQueue",
+        "description": "Update a Queue Template object. Any attribute missing from the request will be left unchanged.\n\nA Queue Template provides a mechanism for specifying the initial state for client created queues.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nmsgVpnName|x|x|||||\nqueueTemplateName|x|x|||||\nrejectMsgToSenderOnDiscardBehavior|||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "updateMsgVpnQueueTemplate",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19555,19 +25108,19 @@
             "type": "string"
           },
           {
-            "description": "The JNDI name of the JMS Queue.",
+            "description": "The name of the Queue Template.",
             "in": "path",
-            "name": "queueName",
+            "name": "queueTemplateName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The JNDI Queue object's attributes.",
+            "description": "The Queue Template object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiQueue"
+              "$ref": "#/definitions/MsgVpnQueueTemplate"
             }
           },
           {
@@ -19582,9 +25135,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The JNDI Queue object's attributes after being updated, and the request metadata.",
+            "description": "The Queue Template object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiQueueResponse"
+              "$ref": "#/definitions/MsgVpnQueueTemplateResponse"
             }
           },
           "default": {
@@ -19599,16 +25152,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a JNDI Queue object.",
+        "summary": "Update a Queue Template object.",
         "tags": [
           "all",
           "msgVpn",
-          "jndi"
+          "queueTemplate"
         ]
       },
       "put": {
-        "description": "Replace a JNDI Queue object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nThe message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|x||||\nqueueName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
-        "operationId": "replaceMsgVpnJndiQueue",
+        "description": "Replace a Queue Template object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Queue Template provides a mechanism for specifying the initial state for client created queues.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nmsgVpnName|x||x|||||\nqueueTemplateName|x||x|||||\nrejectMsgToSenderOnDiscardBehavior||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "replaceMsgVpnQueueTemplate",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19618,19 +25171,19 @@
             "type": "string"
           },
           {
-            "description": "The JNDI name of the JMS Queue.",
+            "description": "The name of the Queue Template.",
             "in": "path",
-            "name": "queueName",
+            "name": "queueTemplateName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The JNDI Queue object's attributes.",
+            "description": "The Queue Template object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiQueue"
+              "$ref": "#/definitions/MsgVpnQueueTemplate"
             }
           },
           {
@@ -19645,9 +25198,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The JNDI Queue object's attributes after being replaced, and the request metadata.",
+            "description": "The Queue Template object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiQueueResponse"
+              "$ref": "#/definitions/MsgVpnQueueTemplateResponse"
             }
           },
           "default": {
@@ -19662,18 +25215,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace a JNDI Queue object.",
+        "summary": "Replace a Queue Template object.",
         "tags": [
           "all",
           "msgVpn",
-          "jndi"
+          "queueTemplate"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/jndiTopics": {
+    "/msgVpns/{msgVpnName}/queues": {
       "get": {
-        "description": "Get a list of JNDI Topic objects.\n\nThe message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\ntopicName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.2.",
-        "operationId": "getMsgVpnJndiTopics",
+        "description": "Get a list of Queue objects.\n\nA Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnQueues",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19703,9 +25256,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of JNDI Topic objects' attributes, and the request metadata.",
+            "description": "The list of Queue objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiTopicsResponse"
+              "$ref": "#/definitions/MsgVpnQueuesResponse"
             }
           },
           "default": {
@@ -19720,16 +25273,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of JNDI Topic objects.",
+        "summary": "Get a list of Queue objects.",
         "tags": [
           "all",
           "msgVpn",
-          "jndi"
+          "queue"
         ]
       },
       "post": {
-        "description": "Create a JNDI Topic object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\ntopicName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
-        "operationId": "createMsgVpnJndiTopic",
+        "description": "Create a Queue object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\nqueueName|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnQueue",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19739,12 +25292,12 @@
             "type": "string"
           },
           {
-            "description": "The JNDI Topic object's attributes.",
+            "description": "The Queue object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiTopic"
+              "$ref": "#/definitions/MsgVpnQueue"
             }
           },
           {
@@ -19759,9 +25312,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The JNDI Topic object's attributes after being created, and the request metadata.",
+            "description": "The Queue object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiTopicResponse"
+              "$ref": "#/definitions/MsgVpnQueueResponse"
             }
           },
           "default": {
@@ -19776,18 +25329,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a JNDI Topic object.",
+        "summary": "Create a Queue object.",
         "tags": [
           "all",
           "msgVpn",
-          "jndi"
+          "queue"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/jndiTopics/{topicName}": {
+    "/msgVpns/{msgVpnName}/queues/{queueName}": {
       "delete": {
-        "description": "Delete a JNDI Topic object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
-        "operationId": "deleteMsgVpnJndiTopic",
+        "description": "Delete a Queue object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnQueue",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19797,9 +25350,9 @@
             "type": "string"
           },
           {
-            "description": "The JNDI name of the JMS Topic.",
+            "description": "The name of the Queue.",
             "in": "path",
-            "name": "topicName",
+            "name": "queueName",
             "required": true,
             "type": "string"
           }
@@ -19826,16 +25379,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a JNDI Topic object.",
+        "summary": "Delete a Queue object.",
         "tags": [
           "all",
           "msgVpn",
-          "jndi"
+          "queue"
         ]
       },
       "get": {
-        "description": "Get a JNDI Topic object.\n\nThe message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\ntopicName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.2.",
-        "operationId": "getMsgVpnJndiTopic",
+        "description": "Get a Queue object.\n\nA Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnQueue",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19845,9 +25398,9 @@
             "type": "string"
           },
           {
-            "description": "The JNDI name of the JMS Topic.",
+            "description": "The name of the Queue.",
             "in": "path",
-            "name": "topicName",
+            "name": "queueName",
             "required": true,
             "type": "string"
           },
@@ -19863,9 +25416,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The JNDI Topic object's attributes, and the request metadata.",
+            "description": "The Queue object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiTopicResponse"
+              "$ref": "#/definitions/MsgVpnQueueResponse"
             }
           },
           "default": {
@@ -19880,16 +25433,144 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a JNDI Topic object.",
+        "summary": "Get a Queue object.",
         "tags": [
           "all",
           "msgVpn",
-          "jndi"
+          "queue"
         ]
       },
       "patch": {
-        "description": "Update a JNDI Topic object. Any attribute missing from the request will be left unchanged.\n\nThe message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|x||||\ntopicName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
-        "operationId": "updateMsgVpnJndiTopic",
+        "description": "Update a Queue object. Any attribute missing from the request will be left unchanged.\n\nA Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\naccessType|||||x||\nmsgVpnName|x|x|||||\nowner|||||x||\npermission|||||x||\nqueueName|x|x|||||\nredeliveryDelayEnabled|||||x||\nredeliveryDelayInitialInterval|||||x||\nredeliveryDelayMaxInterval|||||x||\nredeliveryDelayMultiplier|||||x||\nrejectMsgToSenderOnDiscardBehavior|||||x||\nrespectMsgPriorityEnabled|||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "updateMsgVpnQueue",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Queue object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueue"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Queue object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueueResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Queue object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "queue"
+        ]
+      },
+      "put": {
+        "description": "Replace a Queue object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\naccessType||||||x||\nmsgVpnName|x||x|||||\nowner||||||x||\npermission||||||x||\nqueueName|x||x|||||\nredeliveryDelayEnabled||||||x||\nredeliveryDelayInitialInterval||||||x||\nredeliveryDelayMaxInterval||||||x||\nredeliveryDelayMultiplier||||||x||\nrejectMsgToSenderOnDiscardBehavior||||||x||\nrespectMsgPriorityEnabled||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "replaceMsgVpnQueue",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Queue object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueue"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Queue object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueueResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Queue object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "queue"
+        ]
+      }
+    },
+    "/msgVpns/{msgVpnName}/queues/{queueName}/subscriptions": {
+      "get": {
+        "description": "Get a list of Queue Subscription objects.\n\nOne or more Queue Subscriptions can be added to a durable queue so that Guaranteed messages published to matching topics are also delivered to and spooled by the queue.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueName|x|||\nsubscriptionTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnQueueSubscriptions",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19899,24 +25580,24 @@
             "type": "string"
           },
           {
-            "description": "The JNDI name of the JMS Topic.",
+            "description": "The name of the Queue.",
             "in": "path",
-            "name": "topicName",
+            "name": "queueName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The JNDI Topic object's attributes.",
-            "in": "body",
-            "name": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnJndiTopic"
-            }
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
           {
             "$ref": "#/parameters/selectQuery"
           }
@@ -19926,9 +25607,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The JNDI Topic object's attributes after being updated, and the request metadata.",
+            "description": "The list of Queue Subscription objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiTopicResponse"
+              "$ref": "#/definitions/MsgVpnQueueSubscriptionsResponse"
             }
           },
           "default": {
@@ -19943,16 +25624,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a JNDI Topic object.",
+        "summary": "Get a list of Queue Subscription objects.",
         "tags": [
           "all",
           "msgVpn",
-          "jndi"
+          "queue"
         ]
       },
-      "put": {
-        "description": "Replace a JNDI Topic object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nThe message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|x||||\ntopicName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
-        "operationId": "replaceMsgVpnJndiTopic",
+      "post": {
+        "description": "Create a Queue Subscription object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nOne or more Queue Subscriptions can be added to a durable queue so that Guaranteed messages published to matching topics are also delivered to and spooled by the queue.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\nqueueName|x||x|||\nsubscriptionTopic|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnQueueSubscription",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19962,19 +25643,19 @@
             "type": "string"
           },
           {
-            "description": "The JNDI name of the JMS Topic.",
+            "description": "The name of the Queue.",
             "in": "path",
-            "name": "topicName",
+            "name": "queueName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The JNDI Topic object's attributes.",
+            "description": "The Queue Subscription object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiTopic"
+              "$ref": "#/definitions/MsgVpnQueueSubscription"
             }
           },
           {
@@ -19989,9 +25670,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The JNDI Topic object's attributes after being replaced, and the request metadata.",
+            "description": "The Queue Subscription object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiTopicResponse"
+              "$ref": "#/definitions/MsgVpnQueueSubscriptionResponse"
             }
           },
           "default": {
@@ -20006,18 +25687,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace a JNDI Topic object.",
+        "summary": "Create a Queue Subscription object.",
         "tags": [
           "all",
           "msgVpn",
-          "jndi"
+          "queue"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/mqttRetainCaches": {
-      "get": {
-        "description": "Get a list of MQTT Retain Cache objects.\n\nUsing MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnMqttRetainCaches",
+    "/msgVpns/{msgVpnName}/queues/{queueName}/subscriptions/{subscriptionTopic}": {
+      "delete": {
+        "description": "Delete a Queue Subscription object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nOne or more Queue Subscriptions can be added to a durable queue so that Guaranteed messages published to matching topics are also delivered to and spooled by the queue.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnQueueSubscription",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20027,19 +25708,18 @@
             "type": "string"
           },
           {
-            "$ref": "#/parameters/countQuery"
-          },
-          {
-            "$ref": "#/parameters/cursorQuery"
-          },
-          {
-            "$ref": "#/parameters/opaquePasswordQuery"
-          },
-          {
-            "$ref": "#/parameters/whereQuery"
+            "description": "The name of the Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/selectQuery"
+            "description": "The topic of the Subscription.",
+            "in": "path",
+            "name": "subscriptionTopic",
+            "required": true,
+            "type": "string"
           }
         ],
         "produces": [
@@ -20047,9 +25727,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of MQTT Retain Cache objects' attributes, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnMqttRetainCachesResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -20064,16 +25744,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of MQTT Retain Cache objects.",
+        "summary": "Delete a Queue Subscription object.",
         "tags": [
           "all",
           "msgVpn",
-          "mqttRetainCache"
+          "queue"
         ]
       },
-      "post": {
-        "description": "Create an MQTT Retain Cache object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nUsing MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x|x||||\nmsgVpnName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "createMsgVpnMqttRetainCache",
+      "get": {
+        "description": "Get a Queue Subscription object.\n\nOne or more Queue Subscriptions can be added to a durable queue so that Guaranteed messages published to matching topics are also delivered to and spooled by the queue.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueName|x|||\nsubscriptionTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnQueueSubscription",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20083,13 +25763,18 @@
             "type": "string"
           },
           {
-            "description": "The MQTT Retain Cache object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The name of the Queue.",
+            "in": "path",
+            "name": "queueName",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnMqttRetainCache"
-            }
+            "type": "string"
+          },
+          {
+            "description": "The topic of the Subscription.",
+            "in": "path",
+            "name": "subscriptionTopic",
+            "required": true,
+            "type": "string"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -20103,9 +25788,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The MQTT Retain Cache object's attributes after being created, and the request metadata.",
+            "description": "The Queue Subscription object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnMqttRetainCacheResponse"
+              "$ref": "#/definitions/MsgVpnQueueSubscriptionResponse"
             }
           },
           "default": {
@@ -20120,18 +25805,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create an MQTT Retain Cache object.",
+        "summary": "Get a Queue Subscription object.",
         "tags": [
           "all",
           "msgVpn",
-          "mqttRetainCache"
+          "queue"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/mqttRetainCaches/{cacheName}": {
-      "delete": {
-        "description": "Delete an MQTT Retain Cache object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nUsing MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "deleteMsgVpnMqttRetainCache",
+    "/msgVpns/{msgVpnName}/replayLogs": {
+      "get": {
+        "description": "Get a list of Replay Log objects.\n\nWhen the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nreplayLogName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.10.",
+        "operationId": "getMsgVpnReplayLogs",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20141,11 +25826,19 @@
             "type": "string"
           },
           {
-            "description": "The name of the MQTT Retain Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -20153,9 +25846,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The request metadata.",
+            "description": "The list of Replay Log objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
+              "$ref": "#/definitions/MsgVpnReplayLogsResponse"
             }
           },
           "default": {
@@ -20170,16 +25863,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete an MQTT Retain Cache object.",
+        "summary": "Get a list of Replay Log objects.",
         "tags": [
           "all",
           "msgVpn",
-          "mqttRetainCache"
+          "replayLog"
         ]
       },
-      "get": {
-        "description": "Get an MQTT Retain Cache object.\n\nUsing MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnMqttRetainCache",
+      "post": {
+        "description": "Create a Replay Log object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nWhen the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\nreplayLogName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.10.",
+        "operationId": "createMsgVpnReplayLog",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20189,11 +25882,13 @@
             "type": "string"
           },
           {
-            "description": "The name of the MQTT Retain Cache.",
-            "in": "path",
-            "name": "cacheName",
+            "description": "The Replay Log object's attributes.",
+            "in": "body",
+            "name": "body",
             "required": true,
-            "type": "string"
+            "schema": {
+              "$ref": "#/definitions/MsgVpnReplayLog"
+            }
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -20207,9 +25902,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The MQTT Retain Cache object's attributes, and the request metadata.",
+            "description": "The Replay Log object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnMqttRetainCacheResponse"
+              "$ref": "#/definitions/MsgVpnReplayLogResponse"
             }
           },
           "default": {
@@ -20224,16 +25919,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get an MQTT Retain Cache object.",
+        "summary": "Create a Replay Log object.",
         "tags": [
           "all",
           "msgVpn",
-          "mqttRetainCache"
+          "replayLog"
         ]
-      },
-      "patch": {
-        "description": "Update an MQTT Retain Cache object. Any attribute missing from the request will be left unchanged.\n\nUsing MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x|x||||\nmsgVpnName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "updateMsgVpnMqttRetainCache",
+      }
+    },
+    "/msgVpns/{msgVpnName}/replayLogs/{replayLogName}": {
+      "delete": {
+        "description": "Delete a Replay Log object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nWhen the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.10.",
+        "operationId": "deleteMsgVpnReplayLog",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20243,26 +25940,11 @@
             "type": "string"
           },
           {
-            "description": "The name of the MQTT Retain Cache.",
+            "description": "The name of the Replay Log.",
             "in": "path",
-            "name": "cacheName",
+            "name": "replayLogName",
             "required": true,
             "type": "string"
-          },
-          {
-            "description": "The MQTT Retain Cache object's attributes.",
-            "in": "body",
-            "name": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnMqttRetainCache"
-            }
-          },
-          {
-            "$ref": "#/parameters/opaquePasswordQuery"
-          },
-          {
-            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -20270,9 +25952,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The MQTT Retain Cache object's attributes after being updated, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnMqttRetainCacheResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -20287,16 +25969,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update an MQTT Retain Cache object.",
+        "summary": "Delete a Replay Log object.",
         "tags": [
           "all",
           "msgVpn",
-          "mqttRetainCache"
+          "replayLog"
         ]
       },
-      "put": {
-        "description": "Replace an MQTT Retain Cache object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nUsing MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x|x||||\nmsgVpnName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "replaceMsgVpnMqttRetainCache",
+      "get": {
+        "description": "Get a Replay Log object.\n\nWhen the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nreplayLogName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.10.",
+        "operationId": "getMsgVpnReplayLog",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20306,21 +25988,12 @@
             "type": "string"
           },
           {
-            "description": "The name of the MQTT Retain Cache.",
+            "description": "The name of the Replay Log.",
             "in": "path",
-            "name": "cacheName",
+            "name": "replayLogName",
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The MQTT Retain Cache object's attributes.",
-            "in": "body",
-            "name": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnMqttRetainCache"
-            }
-          },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
@@ -20333,9 +26006,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The MQTT Retain Cache object's attributes after being replaced, and the request metadata.",
+            "description": "The Replay Log object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnMqttRetainCacheResponse"
+              "$ref": "#/definitions/MsgVpnReplayLogResponse"
             }
           },
           "default": {
@@ -20350,18 +26023,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace an MQTT Retain Cache object.",
+        "summary": "Get a Replay Log object.",
         "tags": [
           "all",
           "msgVpn",
-          "mqttRetainCache"
+          "replayLog"
         ]
-      }
-    },
-    "/msgVpns/{msgVpnName}/mqttSessions": {
-      "get": {
-        "description": "Get a list of MQTT Session objects.\n\nAn MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmqttSessionClientId|x|||\nmqttSessionVirtualRouter|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.1.",
-        "operationId": "getMsgVpnMqttSessions",
+      },
+      "patch": {
+        "description": "Update a Replay Log object. Any attribute missing from the request will be left unchanged.\n\nWhen the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nmsgVpnName|x|x|||||\nreplayLogName|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.10.",
+        "operationId": "updateMsgVpnReplayLog",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20371,17 +26042,24 @@
             "type": "string"
           },
           {
-            "$ref": "#/parameters/countQuery"
+            "description": "The name of the Replay Log.",
+            "in": "path",
+            "name": "replayLogName",
+            "required": true,
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/cursorQuery"
+            "description": "The Replay Log object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnReplayLog"
+            }
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
-          {
-            "$ref": "#/parameters/whereQuery"
-          },
           {
             "$ref": "#/parameters/selectQuery"
           }
@@ -20391,9 +26069,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of MQTT Session objects' attributes, and the request metadata.",
+            "description": "The Replay Log object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnMqttSessionsResponse"
+              "$ref": "#/definitions/MsgVpnReplayLogResponse"
             }
           },
           "default": {
@@ -20408,16 +26086,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of MQTT Session objects.",
+        "summary": "Update a Replay Log object.",
         "tags": [
           "all",
           "msgVpn",
-          "mqttSession"
+          "replayLog"
         ]
       },
-      "post": {
-        "description": "Create an MQTT Session object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAn MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmqttSessionClientId|x|x||||\nmqttSessionVirtualRouter|x|x||||\nmsgVpnName|x||x|||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
-        "operationId": "createMsgVpnMqttSession",
+      "put": {
+        "description": "Replace a Replay Log object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nWhen the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nmsgVpnName|x||x|||||\nreplayLogName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.10.",
+        "operationId": "replaceMsgVpnReplayLog",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20427,12 +26105,19 @@
             "type": "string"
           },
           {
-            "description": "The MQTT Session object's attributes.",
+            "description": "The name of the Replay Log.",
+            "in": "path",
+            "name": "replayLogName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Replay Log object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnMqttSession"
+              "$ref": "#/definitions/MsgVpnReplayLog"
             }
           },
           {
@@ -20447,9 +26132,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The MQTT Session object's attributes after being created, and the request metadata.",
+            "description": "The Replay Log object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnMqttSessionResponse"
+              "$ref": "#/definitions/MsgVpnReplayLogResponse"
             }
           },
           "default": {
@@ -20464,18 +26149,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create an MQTT Session object.",
+        "summary": "Replace a Replay Log object.",
         "tags": [
           "all",
           "msgVpn",
-          "mqttSession"
+          "replayLog"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/mqttSessions/{mqttSessionClientId},{mqttSessionVirtualRouter}": {
-      "delete": {
-        "description": "Delete an MQTT Session object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAn MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
-        "operationId": "deleteMsgVpnMqttSession",
+    "/msgVpns/{msgVpnName}/replayLogs/{replayLogName}/topicFilterSubscriptions": {
+      "get": {
+        "description": "Get a list of Topic Filter Subscription objects.\n\nOne or more Subscriptions can be added to a replay-log so that only guaranteed messages published to matching topics are stored in the Replay Log.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nreplayLogName|x|||\ntopicFilterSubscription|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "getMsgVpnReplayLogTopicFilterSubscriptions",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20485,18 +26170,26 @@
             "type": "string"
           },
           {
-            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
+            "description": "The name of the Replay Log.",
             "in": "path",
-            "name": "mqttSessionClientId",
+            "name": "replayLogName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The virtual router of the MQTT Session.",
-            "in": "path",
-            "name": "mqttSessionVirtualRouter",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -20504,9 +26197,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The request metadata.",
+            "description": "The list of Topic Filter Subscription objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
+              "$ref": "#/definitions/MsgVpnReplayLogTopicFilterSubscriptionsResponse"
             }
           },
           "default": {
@@ -20521,16 +26214,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete an MQTT Session object.",
+        "summary": "Get a list of Topic Filter Subscription objects.",
         "tags": [
           "all",
           "msgVpn",
-          "mqttSession"
+          "replayLog"
         ]
       },
-      "get": {
-        "description": "Get an MQTT Session object.\n\nAn MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmqttSessionClientId|x|||\nmqttSessionVirtualRouter|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.1.",
-        "operationId": "getMsgVpnMqttSession",
+      "post": {
+        "description": "Create a Topic Filter Subscription object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nOne or more Subscriptions can be added to a replay-log so that only guaranteed messages published to matching topics are stored in the Replay Log.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\nreplayLogName|x||x|||\ntopicFilterSubscription|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "createMsgVpnReplayLogTopicFilterSubscription",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20540,18 +26233,20 @@
             "type": "string"
           },
           {
-            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
+            "description": "The name of the Replay Log.",
             "in": "path",
-            "name": "mqttSessionClientId",
+            "name": "replayLogName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The virtual router of the MQTT Session.",
-            "in": "path",
-            "name": "mqttSessionVirtualRouter",
+            "description": "The Topic Filter Subscription object's attributes.",
+            "in": "body",
+            "name": "body",
             "required": true,
-            "type": "string"
+            "schema": {
+              "$ref": "#/definitions/MsgVpnReplayLogTopicFilterSubscription"
+            }
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -20565,9 +26260,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The MQTT Session object's attributes, and the request metadata.",
+            "description": "The Topic Filter Subscription object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnMqttSessionResponse"
+              "$ref": "#/definitions/MsgVpnReplayLogTopicFilterSubscriptionResponse"
             }
           },
           "default": {
@@ -20582,16 +26277,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get an MQTT Session object.",
+        "summary": "Create a Topic Filter Subscription object.",
         "tags": [
           "all",
           "msgVpn",
-          "mqttSession"
+          "replayLog"
         ]
-      },
-      "patch": {
-        "description": "Update an MQTT Session object. Any attribute missing from the request will be left unchanged.\n\nAn MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmqttSessionClientId|x|x||||\nmqttSessionVirtualRouter|x|x||||\nmsgVpnName|x|x||||\nowner||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
-        "operationId": "updateMsgVpnMqttSession",
+      }
+    },
+    "/msgVpns/{msgVpnName}/replayLogs/{replayLogName}/topicFilterSubscriptions/{topicFilterSubscription}": {
+      "delete": {
+        "description": "Delete a Topic Filter Subscription object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nOne or more Subscriptions can be added to a replay-log so that only guaranteed messages published to matching topics are stored in the Replay Log.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "deleteMsgVpnReplayLogTopicFilterSubscription",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20601,33 +26298,18 @@
             "type": "string"
           },
           {
-            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
+            "description": "The name of the Replay Log.",
             "in": "path",
-            "name": "mqttSessionClientId",
+            "name": "replayLogName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The virtual router of the MQTT Session.",
+            "description": "The topic of the Subscription.",
             "in": "path",
-            "name": "mqttSessionVirtualRouter",
+            "name": "topicFilterSubscription",
             "required": true,
             "type": "string"
-          },
-          {
-            "description": "The MQTT Session object's attributes.",
-            "in": "body",
-            "name": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnMqttSession"
-            }
-          },
-          {
-            "$ref": "#/parameters/opaquePasswordQuery"
-          },
-          {
-            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -20635,9 +26317,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The MQTT Session object's attributes after being updated, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnMqttSessionResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -20652,16 +26334,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update an MQTT Session object.",
+        "summary": "Delete a Topic Filter Subscription object.",
         "tags": [
           "all",
           "msgVpn",
-          "mqttSession"
+          "replayLog"
         ]
       },
-      "put": {
-        "description": "Replace an MQTT Session object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nAn MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmqttSessionClientId|x|x||||\nmqttSessionVirtualRouter|x|x||||\nmsgVpnName|x|x||||\nowner||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
-        "operationId": "replaceMsgVpnMqttSession",
+      "get": {
+        "description": "Get a Topic Filter Subscription object.\n\nOne or more Subscriptions can be added to a replay-log so that only guaranteed messages published to matching topics are stored in the Replay Log.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nreplayLogName|x|||\ntopicFilterSubscription|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "getMsgVpnReplayLogTopicFilterSubscription",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20671,28 +26353,19 @@
             "type": "string"
           },
           {
-            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
+            "description": "The name of the Replay Log.",
             "in": "path",
-            "name": "mqttSessionClientId",
+            "name": "replayLogName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The virtual router of the MQTT Session.",
+            "description": "The topic of the Subscription.",
             "in": "path",
-            "name": "mqttSessionVirtualRouter",
+            "name": "topicFilterSubscription",
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The MQTT Session object's attributes.",
-            "in": "body",
-            "name": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnMqttSession"
-            }
-          },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
@@ -20705,9 +26378,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The MQTT Session object's attributes after being replaced, and the request metadata.",
+            "description": "The Topic Filter Subscription object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnMqttSessionResponse"
+              "$ref": "#/definitions/MsgVpnReplayLogTopicFilterSubscriptionResponse"
             }
           },
           "default": {
@@ -20722,18 +26395,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace an MQTT Session object.",
+        "summary": "Get a Topic Filter Subscription object.",
         "tags": [
           "all",
           "msgVpn",
-          "mqttSession"
+          "replayLog"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/mqttSessions/{mqttSessionClientId},{mqttSessionVirtualRouter}/subscriptions": {
+    "/msgVpns/{msgVpnName}/replicatedTopics": {
       "get": {
-        "description": "Get a list of Subscription objects.\n\nAn MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmqttSessionClientId|x|||\nmqttSessionVirtualRouter|x|||\nmsgVpnName|x|||\nsubscriptionTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.1.",
-        "operationId": "getMsgVpnMqttSessionSubscriptions",
+        "description": "Get a list of Replicated Topic objects.\n\nTo indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nreplicatedTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "getMsgVpnReplicatedTopics",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20742,20 +26415,6 @@
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
-            "in": "path",
-            "name": "mqttSessionClientId",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The virtual router of the MQTT Session.",
-            "in": "path",
-            "name": "mqttSessionVirtualRouter",
-            "required": true,
-            "type": "string"
-          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -20777,9 +26436,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Subscription objects' attributes, and the request metadata.",
+            "description": "The list of Replicated Topic objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnMqttSessionSubscriptionsResponse"
+              "$ref": "#/definitions/MsgVpnReplicatedTopicsResponse"
             }
           },
           "default": {
@@ -20794,16 +26453,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Subscription objects.",
+        "summary": "Get a list of Replicated Topic objects.",
         "tags": [
           "all",
           "msgVpn",
-          "mqttSession"
+          "replicatedTopic"
         ]
       },
       "post": {
-        "description": "Create a Subscription object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAn MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmqttSessionClientId|x||x|||\nmqttSessionVirtualRouter|x||x|||\nmsgVpnName|x||x|||\nsubscriptionTopic|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
-        "operationId": "createMsgVpnMqttSessionSubscription",
+        "description": "Create a Replicated Topic object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nTo indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\nreplicatedTopic|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "createMsgVpnReplicatedTopic",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20813,26 +26472,12 @@
             "type": "string"
           },
           {
-            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
-            "in": "path",
-            "name": "mqttSessionClientId",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The virtual router of the MQTT Session.",
-            "in": "path",
-            "name": "mqttSessionVirtualRouter",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The Subscription object's attributes.",
+            "description": "The Replicated Topic object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnMqttSessionSubscription"
+              "$ref": "#/definitions/MsgVpnReplicatedTopic"
             }
           },
           {
@@ -20847,9 +26492,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Subscription object's attributes after being created, and the request metadata.",
+            "description": "The Replicated Topic object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnMqttSessionSubscriptionResponse"
+              "$ref": "#/definitions/MsgVpnReplicatedTopicResponse"
             }
           },
           "default": {
@@ -20864,18 +26509,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Subscription object.",
+        "summary": "Create a Replicated Topic object.",
         "tags": [
           "all",
           "msgVpn",
-          "mqttSession"
+          "replicatedTopic"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/mqttSessions/{mqttSessionClientId},{mqttSessionVirtualRouter}/subscriptions/{subscriptionTopic}": {
+    "/msgVpns/{msgVpnName}/replicatedTopics/{replicatedTopic}": {
       "delete": {
-        "description": "Delete a Subscription object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAn MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
-        "operationId": "deleteMsgVpnMqttSessionSubscription",
+        "description": "Delete a Replicated Topic object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nTo indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "deleteMsgVpnReplicatedTopic",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20885,23 +26530,9 @@
             "type": "string"
           },
           {
-            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
-            "in": "path",
-            "name": "mqttSessionClientId",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The virtual router of the MQTT Session.",
-            "in": "path",
-            "name": "mqttSessionVirtualRouter",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The MQTT subscription topic.",
+            "description": "The topic for applying replication. Published messages matching this topic will be replicated to the standby site.",
             "in": "path",
-            "name": "subscriptionTopic",
+            "name": "replicatedTopic",
             "required": true,
             "type": "string"
           }
@@ -20928,42 +26559,28 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Subscription object.",
+        "summary": "Delete a Replicated Topic object.",
         "tags": [
           "all",
           "msgVpn",
-          "mqttSession"
+          "replicatedTopic"
         ]
       },
       "get": {
-        "description": "Get a Subscription object.\n\nAn MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmqttSessionClientId|x|||\nmqttSessionVirtualRouter|x|||\nmsgVpnName|x|||\nsubscriptionTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.1.",
-        "operationId": "getMsgVpnMqttSessionSubscription",
+        "description": "Get a Replicated Topic object.\n\nTo indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nreplicatedTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "getMsgVpnReplicatedTopic",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "msgVpnName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
-            "in": "path",
-            "name": "mqttSessionClientId",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The virtual router of the MQTT Session.",
-            "in": "path",
-            "name": "mqttSessionVirtualRouter",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The MQTT subscription topic.",
+            "description": "The topic for applying replication. Published messages matching this topic will be replicated to the standby site.",
             "in": "path",
-            "name": "subscriptionTopic",
+            "name": "replicatedTopic",
             "required": true,
             "type": "string"
           },
@@ -20979,9 +26596,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Subscription object's attributes, and the request metadata.",
+            "description": "The Replicated Topic object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnMqttSessionSubscriptionResponse"
+              "$ref": "#/definitions/MsgVpnReplicatedTopicResponse"
             }
           },
           "default": {
@@ -20996,16 +26613,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Subscription object.",
+        "summary": "Get a Replicated Topic object.",
         "tags": [
           "all",
           "msgVpn",
-          "mqttSession"
+          "replicatedTopic"
         ]
       },
       "patch": {
-        "description": "Update a Subscription object. Any attribute missing from the request will be left unchanged.\n\nAn MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmqttSessionClientId|x|x||||\nmqttSessionVirtualRouter|x|x||||\nmsgVpnName|x|x||||\nsubscriptionTopic|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
-        "operationId": "updateMsgVpnMqttSessionSubscription",
+        "description": "Update a Replicated Topic object. Any attribute missing from the request will be left unchanged.\n\nTo indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nmsgVpnName|x|x|||||\nreplicatedTopic|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "updateMsgVpnReplicatedTopic",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21015,33 +26632,19 @@
             "type": "string"
           },
           {
-            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
-            "in": "path",
-            "name": "mqttSessionClientId",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The virtual router of the MQTT Session.",
-            "in": "path",
-            "name": "mqttSessionVirtualRouter",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The MQTT subscription topic.",
+            "description": "The topic for applying replication. Published messages matching this topic will be replicated to the standby site.",
             "in": "path",
-            "name": "subscriptionTopic",
+            "name": "replicatedTopic",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Subscription object's attributes.",
+            "description": "The Replicated Topic object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnMqttSessionSubscription"
+              "$ref": "#/definitions/MsgVpnReplicatedTopic"
             }
           },
           {
@@ -21056,9 +26659,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Subscription object's attributes after being updated, and the request metadata.",
+            "description": "The Replicated Topic object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnMqttSessionSubscriptionResponse"
+              "$ref": "#/definitions/MsgVpnReplicatedTopicResponse"
             }
           },
           "default": {
@@ -21073,16 +26676,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a Subscription object.",
+        "summary": "Update a Replicated Topic object.",
         "tags": [
           "all",
           "msgVpn",
-          "mqttSession"
+          "replicatedTopic"
         ]
       },
       "put": {
-        "description": "Replace a Subscription object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nAn MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmqttSessionClientId|x|x||||\nmqttSessionVirtualRouter|x|x||||\nmsgVpnName|x|x||||\nsubscriptionTopic|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
-        "operationId": "replaceMsgVpnMqttSessionSubscription",
+        "description": "Replace a Replicated Topic object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nTo indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nmsgVpnName|x||x|||||\nreplicatedTopic|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "replaceMsgVpnReplicatedTopic",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21092,33 +26695,19 @@
             "type": "string"
           },
           {
-            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
-            "in": "path",
-            "name": "mqttSessionClientId",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The virtual router of the MQTT Session.",
-            "in": "path",
-            "name": "mqttSessionVirtualRouter",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The MQTT subscription topic.",
+            "description": "The topic for applying replication. Published messages matching this topic will be replicated to the standby site.",
             "in": "path",
-            "name": "subscriptionTopic",
+            "name": "replicatedTopic",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Subscription object's attributes.",
+            "description": "The Replicated Topic object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnMqttSessionSubscription"
+              "$ref": "#/definitions/MsgVpnReplicatedTopic"
             }
           },
           {
@@ -21133,9 +26722,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Subscription object's attributes after being replaced, and the request metadata.",
+            "description": "The Replicated Topic object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnMqttSessionSubscriptionResponse"
+              "$ref": "#/definitions/MsgVpnReplicatedTopicResponse"
             }
           },
           "default": {
@@ -21150,18 +26739,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace a Subscription object.",
+        "summary": "Replace a Replicated Topic object.",
         "tags": [
           "all",
           "msgVpn",
-          "mqttSession"
+          "replicatedTopic"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/queueTemplates": {
+    "/msgVpns/{msgVpnName}/restDeliveryPoints": {
       "get": {
-        "description": "Get a list of Queue Template objects.\n\nA Queue Template provides a mechanism for specifying the initial state for client created queues.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueTemplateName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
-        "operationId": "getMsgVpnQueueTemplates",
+        "description": "Get a list of REST Delivery Point objects.\n\nA REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnRestDeliveryPoints",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21191,9 +26780,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Queue Template objects' attributes, and the request metadata.",
+            "description": "The list of REST Delivery Point objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueueTemplatesResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointsResponse"
             }
           },
           "default": {
@@ -21208,16 +26797,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Queue Template objects.",
+        "summary": "Get a list of REST Delivery Point objects.",
         "tags": [
           "all",
           "msgVpn",
-          "queueTemplate"
+          "restDeliveryPoint"
         ]
       },
       "post": {
-        "description": "Create a Queue Template object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Queue Template provides a mechanism for specifying the initial state for client created queues.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\nqueueTemplateName|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
-        "operationId": "createMsgVpnQueueTemplate",
+        "description": "Create a REST Delivery Point object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\nrestDeliveryPointName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnRestDeliveryPoint",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21227,12 +26816,12 @@
             "type": "string"
           },
           {
-            "description": "The Queue Template object's attributes.",
+            "description": "The REST Delivery Point object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueueTemplate"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPoint"
             }
           },
           {
@@ -21247,9 +26836,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Queue Template object's attributes after being created, and the request metadata.",
+            "description": "The REST Delivery Point object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueueTemplateResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointResponse"
             }
           },
           "default": {
@@ -21264,18 +26853,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Queue Template object.",
+        "summary": "Create a REST Delivery Point object.",
         "tags": [
           "all",
           "msgVpn",
-          "queueTemplate"
+          "restDeliveryPoint"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/queueTemplates/{queueTemplateName}": {
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}": {
       "delete": {
-        "description": "Delete a Queue Template object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Queue Template provides a mechanism for specifying the initial state for client created queues.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
-        "operationId": "deleteMsgVpnQueueTemplate",
+        "description": "Delete a REST Delivery Point object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnRestDeliveryPoint",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21285,9 +26874,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the Queue Template.",
+            "description": "The name of the REST Delivery Point.",
             "in": "path",
-            "name": "queueTemplateName",
+            "name": "restDeliveryPointName",
             "required": true,
             "type": "string"
           }
@@ -21314,16 +26903,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Queue Template object.",
+        "summary": "Delete a REST Delivery Point object.",
         "tags": [
           "all",
           "msgVpn",
-          "queueTemplate"
+          "restDeliveryPoint"
         ]
       },
       "get": {
-        "description": "Get a Queue Template object.\n\nA Queue Template provides a mechanism for specifying the initial state for client created queues.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueTemplateName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
-        "operationId": "getMsgVpnQueueTemplate",
+        "description": "Get a REST Delivery Point object.\n\nA REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnRestDeliveryPoint",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21333,9 +26922,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the Queue Template.",
+            "description": "The name of the REST Delivery Point.",
             "in": "path",
-            "name": "queueTemplateName",
+            "name": "restDeliveryPointName",
             "required": true,
             "type": "string"
           },
@@ -21351,9 +26940,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Queue Template object's attributes, and the request metadata.",
+            "description": "The REST Delivery Point object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueueTemplateResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointResponse"
             }
           },
           "default": {
@@ -21368,16 +26957,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Queue Template object.",
+        "summary": "Get a REST Delivery Point object.",
         "tags": [
           "all",
           "msgVpn",
-          "queueTemplate"
+          "restDeliveryPoint"
         ]
       },
       "patch": {
-        "description": "Update a Queue Template object. Any attribute missing from the request will be left unchanged.\n\nA Queue Template provides a mechanism for specifying the initial state for client created queues.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|x||||\nqueueTemplateName|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
-        "operationId": "updateMsgVpnQueueTemplate",
+        "description": "Update a REST Delivery Point object. Any attribute missing from the request will be left unchanged.\n\nA REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nclientProfileName|||||x||\nmsgVpnName|x|x|||||\nrestDeliveryPointName|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "updateMsgVpnRestDeliveryPoint",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21387,19 +26976,19 @@
             "type": "string"
           },
           {
-            "description": "The name of the Queue Template.",
+            "description": "The name of the REST Delivery Point.",
             "in": "path",
-            "name": "queueTemplateName",
+            "name": "restDeliveryPointName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Queue Template object's attributes.",
+            "description": "The REST Delivery Point object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueueTemplate"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPoint"
             }
           },
           {
@@ -21414,9 +27003,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Queue Template object's attributes after being updated, and the request metadata.",
+            "description": "The REST Delivery Point object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueueTemplateResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointResponse"
             }
           },
           "default": {
@@ -21431,16 +27020,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a Queue Template object.",
+        "summary": "Update a REST Delivery Point object.",
         "tags": [
           "all",
           "msgVpn",
-          "queueTemplate"
+          "restDeliveryPoint"
         ]
       },
       "put": {
-        "description": "Replace a Queue Template object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Queue Template provides a mechanism for specifying the initial state for client created queues.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|x||||\nqueueTemplateName|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
-        "operationId": "replaceMsgVpnQueueTemplate",
+        "description": "Replace a REST Delivery Point object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nclientProfileName||||||x||\nmsgVpnName|x||x|||||\nrestDeliveryPointName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "replaceMsgVpnRestDeliveryPoint",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21450,19 +27039,19 @@
             "type": "string"
           },
           {
-            "description": "The name of the Queue Template.",
+            "description": "The name of the REST Delivery Point.",
             "in": "path",
-            "name": "queueTemplateName",
+            "name": "restDeliveryPointName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Queue Template object's attributes.",
+            "description": "The REST Delivery Point object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueueTemplate"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPoint"
             }
           },
           {
@@ -21477,9 +27066,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Queue Template object's attributes after being replaced, and the request metadata.",
+            "description": "The REST Delivery Point object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueueTemplateResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointResponse"
             }
           },
           "default": {
@@ -21494,18 +27083,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace a Queue Template object.",
+        "summary": "Replace a REST Delivery Point object.",
         "tags": [
           "all",
           "msgVpn",
-          "queueTemplate"
+          "restDeliveryPoint"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/queues": {
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings": {
       "get": {
-        "description": "Get a list of Queue objects.\n\nA Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnQueues",
+        "description": "Get a list of Queue Binding objects.\n\nA Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueBindingName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnRestDeliveryPointQueueBindings",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21514,6 +27103,13 @@
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -21535,9 +27131,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Queue objects' attributes, and the request metadata.",
+            "description": "The list of Queue Binding objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueuesResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingsResponse"
             }
           },
           "default": {
@@ -21552,16 +27148,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Queue objects.",
+        "summary": "Get a list of Queue Binding objects.",
         "tags": [
           "all",
           "msgVpn",
-          "queue"
+          "restDeliveryPoint"
         ]
       },
       "post": {
-        "description": "Create a Queue object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\nqueueName|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "createMsgVpnQueue",
+        "description": "Create a Queue Binding object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\nqueueBindingName|x|x||||\nrestDeliveryPointName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnRestDeliveryPointQueueBinding",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21571,12 +27167,19 @@
             "type": "string"
           },
           {
-            "description": "The Queue object's attributes.",
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Queue Binding object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueue"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBinding"
             }
           },
           {
@@ -21591,9 +27194,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Queue object's attributes after being created, and the request metadata.",
+            "description": "The Queue Binding object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueueResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingResponse"
             }
           },
           "default": {
@@ -21608,18 +27211,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Queue object.",
+        "summary": "Create a Queue Binding object.",
         "tags": [
           "all",
           "msgVpn",
-          "queue"
+          "restDeliveryPoint"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/queues/{queueName}": {
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings/{queueBindingName}": {
       "delete": {
-        "description": "Delete a Queue object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "deleteMsgVpnQueue",
+        "description": "Delete a Queue Binding object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnRestDeliveryPointQueueBinding",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21629,9 +27232,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the Queue.",
+            "description": "The name of the REST Delivery Point.",
             "in": "path",
-            "name": "queueName",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
             "required": true,
             "type": "string"
           }
@@ -21658,16 +27268,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Queue object.",
+        "summary": "Delete a Queue Binding object.",
         "tags": [
           "all",
           "msgVpn",
-          "queue"
+          "restDeliveryPoint"
         ]
       },
       "get": {
-        "description": "Get a Queue object.\n\nA Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnQueue",
+        "description": "Get a Queue Binding object.\n\nA Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueBindingName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnRestDeliveryPointQueueBinding",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21677,9 +27287,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the Queue.",
+            "description": "The name of the REST Delivery Point.",
             "in": "path",
-            "name": "queueName",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
             "required": true,
             "type": "string"
           },
@@ -21695,9 +27312,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Queue object's attributes, and the request metadata.",
+            "description": "The Queue Binding object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueueResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingResponse"
             }
           },
           "default": {
@@ -21712,16 +27329,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Queue object.",
+        "summary": "Get a Queue Binding object.",
         "tags": [
           "all",
           "msgVpn",
-          "queue"
+          "restDeliveryPoint"
         ]
       },
       "patch": {
-        "description": "Update a Queue object. Any attribute missing from the request will be left unchanged.\n\nA Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naccessType||||x||\nmsgVpnName|x|x||||\nowner||||x||\npermission||||x||\nqueueName|x|x||||\nrespectMsgPriorityEnabled||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "updateMsgVpnQueue",
+        "description": "Update a Queue Binding object. Any attribute missing from the request will be left unchanged.\n\nA Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nmsgVpnName|x|x|||||\nqueueBindingName|x|x|||||\nrestDeliveryPointName|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "updateMsgVpnRestDeliveryPointQueueBinding",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21731,19 +27348,26 @@
             "type": "string"
           },
           {
-            "description": "The name of the Queue.",
+            "description": "The name of the REST Delivery Point.",
             "in": "path",
-            "name": "queueName",
+            "name": "restDeliveryPointName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Queue object's attributes.",
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Queue Binding object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueue"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBinding"
             }
           },
           {
@@ -21758,9 +27382,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Queue object's attributes after being updated, and the request metadata.",
+            "description": "The Queue Binding object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueueResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingResponse"
             }
           },
           "default": {
@@ -21775,16 +27399,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a Queue object.",
+        "summary": "Update a Queue Binding object.",
         "tags": [
           "all",
           "msgVpn",
-          "queue"
+          "restDeliveryPoint"
         ]
       },
       "put": {
-        "description": "Replace a Queue object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naccessType||||x||\nmsgVpnName|x|x||||\nowner||||x||\npermission||||x||\nqueueName|x|x||||\nrespectMsgPriorityEnabled||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "replaceMsgVpnQueue",
+        "description": "Replace a Queue Binding object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nmsgVpnName|x||x|||||\nqueueBindingName|x||x|||||\nrestDeliveryPointName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "replaceMsgVpnRestDeliveryPointQueueBinding",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21794,19 +27418,26 @@
             "type": "string"
           },
           {
-            "description": "The name of the Queue.",
+            "description": "The name of the REST Delivery Point.",
             "in": "path",
-            "name": "queueName",
+            "name": "restDeliveryPointName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Queue object's attributes.",
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Queue Binding object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueue"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBinding"
             }
           },
           {
@@ -21821,9 +27452,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Queue object's attributes after being replaced, and the request metadata.",
+            "description": "The Queue Binding object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueueResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingResponse"
             }
           },
           "default": {
@@ -21838,18 +27469,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace a Queue object.",
+        "summary": "Replace a Queue Binding object.",
         "tags": [
           "all",
           "msgVpn",
-          "queue"
+          "restDeliveryPoint"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/queues/{queueName}/subscriptions": {
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings/{queueBindingName}/protectedRequestHeaders": {
       "get": {
-        "description": "Get a list of Queue Subscription objects.\n\nOne or more Queue Subscriptions can be added to a durable queue so that Guaranteed messages published to matching topics are also delivered to and spooled by the queue.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueName|x|||\nsubscriptionTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnQueueSubscriptions",
+        "description": "Get a list of Protected Request Header objects.\n\nA protected request header to be added to the HTTP request. Unlike a non-protected request header, the header value cannot be displayed after it is set.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nheaderName|x|||\nheaderValue||x||x\nmsgVpnName|x|||\nqueueBindingName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.30.",
+        "operationId": "getMsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaders",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21859,9 +27490,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the Queue.",
+            "description": "The name of the REST Delivery Point.",
             "in": "path",
-            "name": "queueName",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
             "required": true,
             "type": "string"
           },
@@ -21886,9 +27524,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Queue Subscription objects' attributes, and the request metadata.",
+            "description": "The list of Protected Request Header objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueueSubscriptionsResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeadersResponse"
             }
           },
           "default": {
@@ -21903,16 +27541,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Queue Subscription objects.",
+        "summary": "Get a list of Protected Request Header objects.",
         "tags": [
           "all",
           "msgVpn",
-          "queue"
+          "restDeliveryPoint"
         ]
       },
       "post": {
-        "description": "Create a Queue Subscription object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nOne or more Queue Subscriptions can be added to a durable queue so that Guaranteed messages published to matching topics are also delivered to and spooled by the queue.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\nqueueName|x||x|||\nsubscriptionTopic|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "createMsgVpnQueueSubscription",
+        "description": "Create a Protected Request Header object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA protected request header to be added to the HTTP request. Unlike a non-protected request header, the header value cannot be displayed after it is set.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nheaderName|x|x||||\nheaderValue||||x||x\nmsgVpnName|x||x|||\nqueueBindingName|x||x|||\nrestDeliveryPointName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.30.",
+        "operationId": "createMsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21922,19 +27560,26 @@
             "type": "string"
           },
           {
-            "description": "The name of the Queue.",
+            "description": "The name of the REST Delivery Point.",
             "in": "path",
-            "name": "queueName",
+            "name": "restDeliveryPointName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Queue Subscription object's attributes.",
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Protected Request Header object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueueSubscription"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader"
             }
           },
           {
@@ -21949,9 +27594,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Queue Subscription object's attributes after being created, and the request metadata.",
+            "description": "The Protected Request Header object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueueSubscriptionResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaderResponse"
             }
           },
           "default": {
@@ -21966,18 +27611,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Queue Subscription object.",
+        "summary": "Create a Protected Request Header object.",
         "tags": [
           "all",
           "msgVpn",
-          "queue"
+          "restDeliveryPoint"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/queues/{queueName}/subscriptions/{subscriptionTopic}": {
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings/{queueBindingName}/protectedRequestHeaders/{headerName}": {
       "delete": {
-        "description": "Delete a Queue Subscription object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nOne or more Queue Subscriptions can be added to a durable queue so that Guaranteed messages published to matching topics are also delivered to and spooled by the queue.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "deleteMsgVpnQueueSubscription",
+        "description": "Delete a Protected Request Header object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA protected request header to be added to the HTTP request. Unlike a non-protected request header, the header value cannot be displayed after it is set.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.30.",
+        "operationId": "deleteMsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21987,16 +27632,23 @@
             "type": "string"
           },
           {
-            "description": "The name of the Queue.",
+            "description": "The name of the REST Delivery Point.",
             "in": "path",
-            "name": "queueName",
+            "name": "restDeliveryPointName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The topic of the Subscription.",
+            "description": "The name of a queue in the Message VPN.",
             "in": "path",
-            "name": "subscriptionTopic",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the protected HTTP request header.",
+            "in": "path",
+            "name": "headerName",
             "required": true,
             "type": "string"
           }
@@ -22023,16 +27675,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Queue Subscription object.",
+        "summary": "Delete a Protected Request Header object.",
         "tags": [
           "all",
           "msgVpn",
-          "queue"
+          "restDeliveryPoint"
         ]
       },
       "get": {
-        "description": "Get a Queue Subscription object.\n\nOne or more Queue Subscriptions can be added to a durable queue so that Guaranteed messages published to matching topics are also delivered to and spooled by the queue.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueName|x|||\nsubscriptionTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnQueueSubscription",
+        "description": "Get a Protected Request Header object.\n\nA protected request header to be added to the HTTP request. Unlike a non-protected request header, the header value cannot be displayed after it is set.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nheaderName|x|||\nheaderValue||x||x\nmsgVpnName|x|||\nqueueBindingName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.30.",
+        "operationId": "getMsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22042,16 +27694,23 @@
             "type": "string"
           },
           {
-            "description": "The name of the Queue.",
+            "description": "The name of the REST Delivery Point.",
             "in": "path",
-            "name": "queueName",
+            "name": "restDeliveryPointName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The topic of the Subscription.",
+            "description": "The name of a queue in the Message VPN.",
             "in": "path",
-            "name": "subscriptionTopic",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the protected HTTP request header.",
+            "in": "path",
+            "name": "headerName",
             "required": true,
             "type": "string"
           },
@@ -22067,9 +27726,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Queue Subscription object's attributes, and the request metadata.",
+            "description": "The Protected Request Header object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueueSubscriptionResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaderResponse"
             }
           },
           "default": {
@@ -22084,18 +27743,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Queue Subscription object.",
+        "summary": "Get a Protected Request Header object.",
         "tags": [
           "all",
           "msgVpn",
-          "queue"
+          "restDeliveryPoint"
         ]
-      }
-    },
-    "/msgVpns/{msgVpnName}/replayLogs": {
-      "get": {
-        "description": "Get a list of Replay Log objects.\n\nWhen the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nreplayLogName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.10.",
-        "operationId": "getMsgVpnReplayLogs",
+      },
+      "patch": {
+        "description": "Update a Protected Request Header object. Any attribute missing from the request will be left unchanged.\n\nA protected request header to be added to the HTTP request. Unlike a non-protected request header, the header value cannot be displayed after it is set.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nheaderName|x|x|||||\nheaderValue|||x||||x\nmsgVpnName|x|x|||||\nqueueBindingName|x|x|||||\nrestDeliveryPointName|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.30.",
+        "operationId": "updateMsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22105,16 +27762,37 @@
             "type": "string"
           },
           {
-            "$ref": "#/parameters/countQuery"
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/cursorQuery"
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/opaquePasswordQuery"
+            "description": "The name of the protected HTTP request header.",
+            "in": "path",
+            "name": "headerName",
+            "required": true,
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/whereQuery"
+            "description": "The Protected Request Header object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
           },
           {
             "$ref": "#/parameters/selectQuery"
@@ -22125,9 +27803,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Replay Log objects' attributes, and the request metadata.",
+            "description": "The Protected Request Header object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnReplayLogsResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaderResponse"
             }
           },
           "default": {
@@ -22142,16 +27820,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Replay Log objects.",
+        "summary": "Update a Protected Request Header object.",
         "tags": [
           "all",
           "msgVpn",
-          "replayLog"
+          "restDeliveryPoint"
         ]
       },
-      "post": {
-        "description": "Create a Replay Log object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nWhen the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\nreplayLogName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.10.",
-        "operationId": "createMsgVpnReplayLog",
+      "put": {
+        "description": "Replace a Protected Request Header object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA protected request header to be added to the HTTP request. Unlike a non-protected request header, the header value cannot be displayed after it is set.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nheaderName|x||x|||||\nheaderValue||||x||||x\nmsgVpnName|x||x|||||\nqueueBindingName|x||x|||||\nrestDeliveryPointName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.30.",
+        "operationId": "replaceMsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22161,12 +27839,33 @@
             "type": "string"
           },
           {
-            "description": "The Replay Log object's attributes.",
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the protected HTTP request header.",
+            "in": "path",
+            "name": "headerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Protected Request Header object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnReplayLog"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader"
             }
           },
           {
@@ -22181,9 +27880,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Replay Log object's attributes after being created, and the request metadata.",
+            "description": "The Protected Request Header object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnReplayLogResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaderResponse"
             }
           },
           "default": {
@@ -22198,18 +27897,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Replay Log object.",
+        "summary": "Replace a Protected Request Header object.",
         "tags": [
           "all",
           "msgVpn",
-          "replayLog"
+          "restDeliveryPoint"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/replayLogs/{replayLogName}": {
-      "delete": {
-        "description": "Delete a Replay Log object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nWhen the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.10.",
-        "operationId": "deleteMsgVpnReplayLog",
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings/{queueBindingName}/requestHeaders": {
+      "get": {
+        "description": "Get a list of Request Header objects.\n\nA request header to be added to the HTTP request.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nheaderName|x|||\nmsgVpnName|x|||\nqueueBindingName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.23.",
+        "operationId": "getMsgVpnRestDeliveryPointQueueBindingRequestHeaders",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22219,63 +27918,31 @@
             "type": "string"
           },
           {
-            "description": "The name of the Replay Log.",
+            "description": "The name of the REST Delivery Point.",
             "in": "path",
-            "name": "replayLogName",
+            "name": "restDeliveryPointName",
             "required": true,
             "type": "string"
-          }
-        ],
-        "produces": [
-          "application/json"
-        ],
-        "responses": {
-          "200": {
-            "description": "The request metadata.",
-            "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
-            }
           },
-          "default": {
-            "description": "The error response.",
-            "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
-            }
-          }
-        },
-        "security": [
-          {
-            "basicAuth": []
-          }
-        ],
-        "summary": "Delete a Replay Log object.",
-        "tags": [
-          "all",
-          "msgVpn",
-          "replayLog"
-        ]
-      },
-      "get": {
-        "description": "Get a Replay Log object.\n\nWhen the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nreplayLogName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.10.",
-        "operationId": "getMsgVpnReplayLog",
-        "parameters": [
           {
-            "description": "The name of the Message VPN.",
+            "description": "The name of a queue in the Message VPN.",
             "in": "path",
-            "name": "msgVpnName",
+            "name": "queueBindingName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the Replay Log.",
-            "in": "path",
-            "name": "replayLogName",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
           {
             "$ref": "#/parameters/selectQuery"
           }
@@ -22285,9 +27952,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Replay Log object's attributes, and the request metadata.",
+            "description": "The list of Request Header objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnReplayLogResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeadersResponse"
             }
           },
           "default": {
@@ -22302,16 +27969,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Replay Log object.",
+        "summary": "Get a list of Request Header objects.",
         "tags": [
           "all",
           "msgVpn",
-          "replayLog"
+          "restDeliveryPoint"
         ]
       },
-      "patch": {
-        "description": "Update a Replay Log object. Any attribute missing from the request will be left unchanged.\n\nWhen the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|x||||\nreplayLogName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.10.",
-        "operationId": "updateMsgVpnReplayLog",
+      "post": {
+        "description": "Create a Request Header object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA request header to be added to the HTTP request.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nheaderName|x|x||||\nmsgVpnName|x||x|||\nqueueBindingName|x||x|||\nrestDeliveryPointName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.23.",
+        "operationId": "createMsgVpnRestDeliveryPointQueueBindingRequestHeader",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22321,19 +27988,26 @@
             "type": "string"
           },
           {
-            "description": "The name of the Replay Log.",
+            "description": "The name of the REST Delivery Point.",
             "in": "path",
-            "name": "replayLogName",
+            "name": "restDeliveryPointName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Replay Log object's attributes.",
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Request Header object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnReplayLog"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeader"
             }
           },
           {
@@ -22348,9 +28022,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Replay Log object's attributes after being updated, and the request metadata.",
+            "description": "The Request Header object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnReplayLogResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeaderResponse"
             }
           },
           "default": {
@@ -22365,16 +28039,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a Replay Log object.",
+        "summary": "Create a Request Header object.",
         "tags": [
           "all",
           "msgVpn",
-          "replayLog"
+          "restDeliveryPoint"
         ]
-      },
-      "put": {
-        "description": "Replace a Replay Log object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nWhen the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|x||||\nreplayLogName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.10.",
-        "operationId": "replaceMsgVpnReplayLog",
+      }
+    },
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings/{queueBindingName}/requestHeaders/{headerName}": {
+      "delete": {
+        "description": "Delete a Request Header object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA request header to be added to the HTTP request.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.23.",
+        "operationId": "deleteMsgVpnRestDeliveryPointQueueBindingRequestHeader",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22384,26 +28060,25 @@
             "type": "string"
           },
           {
-            "description": "The name of the Replay Log.",
+            "description": "The name of the REST Delivery Point.",
             "in": "path",
-            "name": "replayLogName",
+            "name": "restDeliveryPointName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Replay Log object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnReplayLog"
-            }
-          },
-          {
-            "$ref": "#/parameters/opaquePasswordQuery"
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/selectQuery"
+            "description": "The name of the HTTP request header.",
+            "in": "path",
+            "name": "headerName",
+            "required": true,
+            "type": "string"
           }
         ],
         "produces": [
@@ -22411,9 +28086,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Replay Log object's attributes after being replaced, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnReplayLogResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -22428,18 +28103,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace a Replay Log object.",
+        "summary": "Delete a Request Header object.",
         "tags": [
           "all",
           "msgVpn",
-          "replayLog"
+          "restDeliveryPoint"
         ]
-      }
-    },
-    "/msgVpns/{msgVpnName}/replicatedTopics": {
+      },
       "get": {
-        "description": "Get a list of Replicated Topic objects.\n\nTo indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nreplicatedTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.1.",
-        "operationId": "getMsgVpnReplicatedTopics",
+        "description": "Get a Request Header object.\n\nA request header to be added to the HTTP request.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nheaderName|x|||\nmsgVpnName|x|||\nqueueBindingName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.23.",
+        "operationId": "getMsgVpnRestDeliveryPointQueueBindingRequestHeader",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22449,16 +28122,28 @@
             "type": "string"
           },
           {
-            "$ref": "#/parameters/countQuery"
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/cursorQuery"
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/opaquePasswordQuery"
+            "description": "The name of the HTTP request header.",
+            "in": "path",
+            "name": "headerName",
+            "required": true,
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/whereQuery"
+            "$ref": "#/parameters/opaquePasswordQuery"
           },
           {
             "$ref": "#/parameters/selectQuery"
@@ -22469,9 +28154,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Replicated Topic objects' attributes, and the request metadata.",
+            "description": "The Request Header object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnReplicatedTopicsResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeaderResponse"
             }
           },
           "default": {
@@ -22486,16 +28171,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Replicated Topic objects.",
+        "summary": "Get a Request Header object.",
         "tags": [
           "all",
           "msgVpn",
-          "replicatedTopic"
+          "restDeliveryPoint"
         ]
       },
-      "post": {
-        "description": "Create a Replicated Topic object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nTo indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\nreplicatedTopic|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
-        "operationId": "createMsgVpnReplicatedTopic",
+      "patch": {
+        "description": "Update a Request Header object. Any attribute missing from the request will be left unchanged.\n\nA request header to be added to the HTTP request.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nheaderName|x|x|||||\nmsgVpnName|x|x|||||\nqueueBindingName|x|x|||||\nrestDeliveryPointName|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.23.",
+        "operationId": "updateMsgVpnRestDeliveryPointQueueBindingRequestHeader",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22505,12 +28190,33 @@
             "type": "string"
           },
           {
-            "description": "The Replicated Topic object's attributes.",
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the HTTP request header.",
+            "in": "path",
+            "name": "headerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Request Header object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnReplicatedTopic"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeader"
             }
           },
           {
@@ -22525,9 +28231,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Replicated Topic object's attributes after being created, and the request metadata.",
+            "description": "The Request Header object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnReplicatedTopicResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeaderResponse"
             }
           },
           "default": {
@@ -22542,18 +28248,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Replicated Topic object.",
+        "summary": "Update a Request Header object.",
         "tags": [
           "all",
           "msgVpn",
-          "replicatedTopic"
+          "restDeliveryPoint"
         ]
-      }
-    },
-    "/msgVpns/{msgVpnName}/replicatedTopics/{replicatedTopic}": {
-      "delete": {
-        "description": "Delete a Replicated Topic object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nTo indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
-        "operationId": "deleteMsgVpnReplicatedTopic",
+      },
+      "put": {
+        "description": "Replace a Request Header object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA request header to be added to the HTTP request.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nheaderName|x||x|||||\nmsgVpnName|x||x|||||\nqueueBindingName|x||x|||||\nrestDeliveryPointName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.23.",
+        "operationId": "replaceMsgVpnRestDeliveryPointQueueBindingRequestHeader",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22563,60 +28267,35 @@
             "type": "string"
           },
           {
-            "description": "The topic for applying replication. Published messages matching this topic will be replicated to the standby site.",
+            "description": "The name of the REST Delivery Point.",
             "in": "path",
-            "name": "replicatedTopic",
+            "name": "restDeliveryPointName",
             "required": true,
             "type": "string"
-          }
-        ],
-        "produces": [
-          "application/json"
-        ],
-        "responses": {
-          "200": {
-            "description": "The request metadata.",
-            "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
-            }
           },
-          "default": {
-            "description": "The error response.",
-            "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
-            }
-          }
-        },
-        "security": [
-          {
-            "basicAuth": []
-          }
-        ],
-        "summary": "Delete a Replicated Topic object.",
-        "tags": [
-          "all",
-          "msgVpn",
-          "replicatedTopic"
-        ]
-      },
-      "get": {
-        "description": "Get a Replicated Topic object.\n\nTo indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nreplicatedTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.1.",
-        "operationId": "getMsgVpnReplicatedTopic",
-        "parameters": [
           {
-            "description": "The name of the Message VPN.",
+            "description": "The name of a queue in the Message VPN.",
             "in": "path",
-            "name": "msgVpnName",
+            "name": "queueBindingName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The topic for applying replication. Published messages matching this topic will be replicated to the standby site.",
+            "description": "The name of the HTTP request header.",
             "in": "path",
-            "name": "replicatedTopic",
+            "name": "headerName",
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The Request Header object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeader"
+            }
+          },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
@@ -22629,9 +28308,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Replicated Topic object's attributes, and the request metadata.",
+            "description": "The Request Header object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnReplicatedTopicResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeaderResponse"
             }
           },
           "default": {
@@ -22646,16 +28325,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Replicated Topic object.",
+        "summary": "Replace a Request Header object.",
         "tags": [
           "all",
           "msgVpn",
-          "replicatedTopic"
+          "restDeliveryPoint"
         ]
-      },
-      "patch": {
-        "description": "Update a Replicated Topic object. Any attribute missing from the request will be left unchanged.\n\nTo indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|x||||\nreplicatedTopic|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
-        "operationId": "updateMsgVpnReplicatedTopic",
+      }
+    },
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers": {
+      "get": {
+        "description": "Get a list of REST Consumer objects.\n\nREST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationAwsSecretAccessKey||x||x\nauthenticationClientCertContent||x||x\nauthenticationClientCertPassword||x||\nauthenticationHttpBasicPassword||x||x\nauthenticationHttpHeaderValue||x||x\nauthenticationOauthClientSecret||x||x\nauthenticationOauthJwtSecretKey||x||x\nmsgVpnName|x|||\nrestConsumerName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnRestDeliveryPointRestConsumers",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22665,24 +28346,24 @@
             "type": "string"
           },
           {
-            "description": "The topic for applying replication. Published messages matching this topic will be replicated to the standby site.",
+            "description": "The name of the REST Delivery Point.",
             "in": "path",
-            "name": "replicatedTopic",
+            "name": "restDeliveryPointName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Replicated Topic object's attributes.",
-            "in": "body",
-            "name": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnReplicatedTopic"
-            }
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
           {
             "$ref": "#/parameters/selectQuery"
           }
@@ -22692,9 +28373,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Replicated Topic object's attributes after being updated, and the request metadata.",
+            "description": "The list of REST Consumer objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnReplicatedTopicResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumersResponse"
             }
           },
           "default": {
@@ -22709,16 +28390,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a Replicated Topic object.",
+        "summary": "Get a list of REST Consumer objects.",
         "tags": [
           "all",
           "msgVpn",
-          "replicatedTopic"
+          "restDeliveryPoint"
         ]
       },
-      "put": {
-        "description": "Replace a Replicated Topic object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nTo indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|x||||\nreplicatedTopic|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
-        "operationId": "replaceMsgVpnReplicatedTopic",
+      "post": {
+        "description": "Create a REST Consumer object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nREST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationAwsSecretAccessKey||||x||x\nauthenticationClientCertContent||||x||x\nauthenticationClientCertPassword||||x||\nauthenticationHttpBasicPassword||||x||x\nauthenticationHttpHeaderValue||||x||x\nauthenticationOauthClientSecret||||x||x\nauthenticationOauthJwtSecretKey||||x||x\nmsgVpnName|x||x|||\nrestConsumerName|x|x||||\nrestDeliveryPointName|x||x|||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnRestDeliveryPointRestConsumer|authenticationClientCertPassword|authenticationClientCertContent|\nMsgVpnRestDeliveryPointRestConsumer|authenticationHttpBasicPassword|authenticationHttpBasicUsername|\nMsgVpnRestDeliveryPointRestConsumer|authenticationHttpBasicUsername|authenticationHttpBasicPassword|\nMsgVpnRestDeliveryPointRestConsumer|remotePort|tlsEnabled|\nMsgVpnRestDeliveryPointRestConsumer|tlsEnabled|remotePort|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnRestDeliveryPointRestConsumer",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22728,19 +28409,19 @@
             "type": "string"
           },
           {
-            "description": "The topic for applying replication. Published messages matching this topic will be replicated to the standby site.",
+            "description": "The name of the REST Delivery Point.",
             "in": "path",
-            "name": "replicatedTopic",
+            "name": "restDeliveryPointName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Replicated Topic object's attributes.",
+            "description": "The REST Consumer object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnReplicatedTopic"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumer"
             }
           },
           {
@@ -22755,9 +28436,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Replicated Topic object's attributes after being replaced, and the request metadata.",
+            "description": "The REST Consumer object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnReplicatedTopicResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerResponse"
             }
           },
           "default": {
@@ -22772,18 +28453,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace a Replicated Topic object.",
+        "summary": "Create a REST Consumer object.",
         "tags": [
           "all",
           "msgVpn",
-          "replicatedTopic"
+          "restDeliveryPoint"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/restDeliveryPoints": {
-      "get": {
-        "description": "Get a list of REST Delivery Point objects.\n\nA REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnRestDeliveryPoints",
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}": {
+      "delete": {
+        "description": "Delete a REST Consumer object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nREST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnRestDeliveryPointRestConsumer",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22793,19 +28474,18 @@
             "type": "string"
           },
           {
-            "$ref": "#/parameters/countQuery"
-          },
-          {
-            "$ref": "#/parameters/cursorQuery"
-          },
-          {
-            "$ref": "#/parameters/opaquePasswordQuery"
-          },
-          {
-            "$ref": "#/parameters/whereQuery"
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/selectQuery"
+            "description": "The name of the REST Consumer.",
+            "in": "path",
+            "name": "restConsumerName",
+            "required": true,
+            "type": "string"
           }
         ],
         "produces": [
@@ -22813,9 +28493,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of REST Delivery Point objects' attributes, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointsResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -22830,16 +28510,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of REST Delivery Point objects.",
+        "summary": "Delete a REST Consumer object.",
         "tags": [
           "all",
           "msgVpn",
           "restDeliveryPoint"
         ]
       },
-      "post": {
-        "description": "Create a REST Delivery Point object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\nrestDeliveryPointName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "createMsgVpnRestDeliveryPoint",
+      "get": {
+        "description": "Get a REST Consumer object.\n\nREST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationAwsSecretAccessKey||x||x\nauthenticationClientCertContent||x||x\nauthenticationClientCertPassword||x||\nauthenticationHttpBasicPassword||x||x\nauthenticationHttpHeaderValue||x||x\nauthenticationOauthClientSecret||x||x\nauthenticationOauthJwtSecretKey||x||x\nmsgVpnName|x|||\nrestConsumerName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnRestDeliveryPointRestConsumer",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22849,13 +28529,18 @@
             "type": "string"
           },
           {
-            "description": "The REST Delivery Point object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPoint"
-            }
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Consumer.",
+            "in": "path",
+            "name": "restConsumerName",
+            "required": true,
+            "type": "string"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -22869,9 +28554,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The REST Delivery Point object's attributes after being created, and the request metadata.",
+            "description": "The REST Consumer object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerResponse"
             }
           },
           "default": {
@@ -22886,18 +28571,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a REST Delivery Point object.",
+        "summary": "Get a REST Consumer object.",
         "tags": [
           "all",
           "msgVpn",
           "restDeliveryPoint"
         ]
-      }
-    },
-    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}": {
-      "delete": {
-        "description": "Delete a REST Delivery Point object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "deleteMsgVpnRestDeliveryPoint",
+      },
+      "patch": {
+        "description": "Update a REST Consumer object. Any attribute missing from the request will be left unchanged.\n\nREST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nauthenticationAwsSecretAccessKey|||x||||x\nauthenticationClientCertContent|||x||x||x\nauthenticationClientCertPassword|||x||x||\nauthenticationHttpBasicPassword|||x||x||x\nauthenticationHttpBasicUsername|||||x||\nauthenticationHttpHeaderValue|||x||||x\nauthenticationOauthClientId|||||x||\nauthenticationOauthClientScope|||||x||\nauthenticationOauthClientSecret|||x||x||x\nauthenticationOauthClientTokenEndpoint|||||x||\nauthenticationOauthClientTokenExpiryDefault|||||x||\nauthenticationOauthJwtSecretKey|||x||x||x\nauthenticationOauthJwtTokenEndpoint|||||x||\nauthenticationOauthJwtTokenExpiryDefault|||||x||\nauthenticationScheme|||||x||\nmsgVpnName|x|x|||||\noutgoingConnectionCount|||||x||\nremoteHost|||||x||\nremotePort|||||x||\nrestConsumerName|x|x|||||\nrestDeliveryPointName|x|x|||||\ntlsCipherSuiteList|||||x||\ntlsEnabled|||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnRestDeliveryPointRestConsumer|authenticationClientCertPassword|authenticationClientCertContent|\nMsgVpnRestDeliveryPointRestConsumer|authenticationHttpBasicPassword|authenticationHttpBasicUsername|\nMsgVpnRestDeliveryPointRestConsumer|authenticationHttpBasicUsername|authenticationHttpBasicPassword|\nMsgVpnRestDeliveryPointRestConsumer|remotePort|tlsEnabled|\nMsgVpnRestDeliveryPointRestConsumer|tlsEnabled|remotePort|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "updateMsgVpnRestDeliveryPointRestConsumer",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22912,6 +28595,28 @@
             "name": "restDeliveryPointName",
             "required": true,
             "type": "string"
+          },
+          {
+            "description": "The name of the REST Consumer.",
+            "in": "path",
+            "name": "restConsumerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The REST Consumer object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumer"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -22919,9 +28624,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The request metadata.",
+            "description": "The REST Consumer object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerResponse"
             }
           },
           "default": {
@@ -22936,16 +28641,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a REST Delivery Point object.",
+        "summary": "Update a REST Consumer object.",
         "tags": [
           "all",
           "msgVpn",
           "restDeliveryPoint"
         ]
       },
-      "get": {
-        "description": "Get a REST Delivery Point object.\n\nA REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnRestDeliveryPoint",
+      "put": {
+        "description": "Replace a REST Consumer object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nREST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nauthenticationAwsSecretAccessKey||||x||||x\nauthenticationClientCertContent||||x||x||x\nauthenticationClientCertPassword||||x||x||\nauthenticationHttpBasicPassword||||x||x||x\nauthenticationHttpBasicUsername||||||x||\nauthenticationHttpHeaderValue||||x||||x\nauthenticationOauthClientId||||||x||\nauthenticationOauthClientScope||||||x||\nauthenticationOauthClientSecret||||x||x||x\nauthenticationOauthClientTokenEndpoint||||||x||\nauthenticationOauthClientTokenExpiryDefault||||||x||\nauthenticationOauthJwtSecretKey||||x||x||x\nauthenticationOauthJwtTokenEndpoint||||||x||\nauthenticationOauthJwtTokenExpiryDefault||||||x||\nauthenticationScheme||||||x||\nmsgVpnName|x||x|||||\noutgoingConnectionCount||||||x||\nremoteHost||||||x||\nremotePort||||||x||\nrestConsumerName|x||x|||||\nrestDeliveryPointName|x||x|||||\ntlsCipherSuiteList||||||x||\ntlsEnabled||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnRestDeliveryPointRestConsumer|authenticationClientCertPassword|authenticationClientCertContent|\nMsgVpnRestDeliveryPointRestConsumer|authenticationHttpBasicPassword|authenticationHttpBasicUsername|\nMsgVpnRestDeliveryPointRestConsumer|authenticationHttpBasicUsername|authenticationHttpBasicPassword|\nMsgVpnRestDeliveryPointRestConsumer|remotePort|tlsEnabled|\nMsgVpnRestDeliveryPointRestConsumer|tlsEnabled|remotePort|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "replaceMsgVpnRestDeliveryPointRestConsumer",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22961,6 +28666,22 @@
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The name of the REST Consumer.",
+            "in": "path",
+            "name": "restConsumerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The REST Consumer object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumer"
+            }
+          },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
@@ -22973,9 +28694,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The REST Delivery Point object's attributes, and the request metadata.",
+            "description": "The REST Consumer object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerResponse"
             }
           },
           "default": {
@@ -22990,16 +28711,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a REST Delivery Point object.",
+        "summary": "Replace a REST Consumer object.",
         "tags": [
           "all",
           "msgVpn",
           "restDeliveryPoint"
         ]
-      },
-      "patch": {
-        "description": "Update a REST Delivery Point object. Any attribute missing from the request will be left unchanged.\n\nA REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nclientProfileName||||x||\nmsgVpnName|x|x||||\nrestDeliveryPointName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "updateMsgVpnRestDeliveryPoint",
+      }
+    },
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}/oauthJwtClaims": {
+      "get": {
+        "description": "Get a list of Claim objects.\n\nA Claim is added to the JWT sent to the OAuth token request endpoint.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\noauthJwtClaimName|x|||\nrestConsumerName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.21.",
+        "operationId": "getMsgVpnRestDeliveryPointRestConsumerOauthJwtClaims",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23016,17 +28739,24 @@
             "type": "string"
           },
           {
-            "description": "The REST Delivery Point object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The name of the REST Consumer.",
+            "in": "path",
+            "name": "restConsumerName",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPoint"
-            }
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
           {
             "$ref": "#/parameters/selectQuery"
           }
@@ -23036,9 +28766,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The REST Delivery Point object's attributes after being updated, and the request metadata.",
+            "description": "The list of Claim objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerOauthJwtClaimsResponse"
             }
           },
           "default": {
@@ -23053,16 +28783,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a REST Delivery Point object.",
+        "summary": "Get a list of Claim objects.",
         "tags": [
           "all",
           "msgVpn",
           "restDeliveryPoint"
         ]
       },
-      "put": {
-        "description": "Replace a REST Delivery Point object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nclientProfileName||||x||\nmsgVpnName|x|x||||\nrestDeliveryPointName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "replaceMsgVpnRestDeliveryPoint",
+      "post": {
+        "description": "Create a Claim object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Claim is added to the JWT sent to the OAuth token request endpoint.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\noauthJwtClaimName|x|x||||\noauthJwtClaimValue||x||||\nrestConsumerName|x||x|||\nrestDeliveryPointName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.21.",
+        "operationId": "createMsgVpnRestDeliveryPointRestConsumerOauthJwtClaim",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23079,12 +28809,19 @@
             "type": "string"
           },
           {
-            "description": "The REST Delivery Point object's attributes.",
+            "description": "The name of the REST Consumer.",
+            "in": "path",
+            "name": "restConsumerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Claim object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPoint"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerOauthJwtClaim"
             }
           },
           {
@@ -23099,9 +28836,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The REST Delivery Point object's attributes after being replaced, and the request metadata.",
+            "description": "The Claim object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerOauthJwtClaimResponse"
             }
           },
           "default": {
@@ -23116,7 +28853,7 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace a REST Delivery Point object.",
+        "summary": "Create a Claim object.",
         "tags": [
           "all",
           "msgVpn",
@@ -23124,10 +28861,10 @@
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings": {
-      "get": {
-        "description": "Get a list of Queue Binding objects.\n\nA Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueBindingName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnRestDeliveryPointQueueBindings",
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}/oauthJwtClaims/{oauthJwtClaimName}": {
+      "delete": {
+        "description": "Delete a Claim object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Claim is added to the JWT sent to the OAuth token request endpoint.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.21.",
+        "operationId": "deleteMsgVpnRestDeliveryPointRestConsumerOauthJwtClaim",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23144,19 +28881,18 @@
             "type": "string"
           },
           {
-            "$ref": "#/parameters/countQuery"
-          },
-          {
-            "$ref": "#/parameters/cursorQuery"
-          },
-          {
-            "$ref": "#/parameters/opaquePasswordQuery"
-          },
-          {
-            "$ref": "#/parameters/whereQuery"
+            "description": "The name of the REST Consumer.",
+            "in": "path",
+            "name": "restConsumerName",
+            "required": true,
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/selectQuery"
+            "description": "The name of the additional claim. Cannot be \"exp\", \"iat\", or \"jti\".",
+            "in": "path",
+            "name": "oauthJwtClaimName",
+            "required": true,
+            "type": "string"
           }
         ],
         "produces": [
@@ -23164,9 +28900,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Queue Binding objects' attributes, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingsResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -23181,16 +28917,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Queue Binding objects.",
+        "summary": "Delete a Claim object.",
         "tags": [
           "all",
           "msgVpn",
           "restDeliveryPoint"
         ]
       },
-      "post": {
-        "description": "Create a Queue Binding object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\nqueueBindingName|x|x||||\nrestDeliveryPointName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "createMsgVpnRestDeliveryPointQueueBinding",
+      "get": {
+        "description": "Get a Claim object.\n\nA Claim is added to the JWT sent to the OAuth token request endpoint.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\noauthJwtClaimName|x|||\nrestConsumerName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.21.",
+        "operationId": "getMsgVpnRestDeliveryPointRestConsumerOauthJwtClaim",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23207,13 +28943,18 @@
             "type": "string"
           },
           {
-            "description": "The Queue Binding object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The name of the REST Consumer.",
+            "in": "path",
+            "name": "restConsumerName",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBinding"
-            }
+            "type": "string"
+          },
+          {
+            "description": "The name of the additional claim. Cannot be \"exp\", \"iat\", or \"jti\".",
+            "in": "path",
+            "name": "oauthJwtClaimName",
+            "required": true,
+            "type": "string"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -23227,9 +28968,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Queue Binding object's attributes after being created, and the request metadata.",
+            "description": "The Claim object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerOauthJwtClaimResponse"
             }
           },
           "default": {
@@ -23244,7 +28985,7 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Queue Binding object.",
+        "summary": "Get a Claim object.",
         "tags": [
           "all",
           "msgVpn",
@@ -23252,10 +28993,11 @@
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings/{queueBindingName}": {
-      "delete": {
-        "description": "Delete a Queue Binding object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "deleteMsgVpnRestDeliveryPointQueueBinding",
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}/tlsTrustedCommonNames": {
+      "get": {
+        "deprecated": true,
+        "description": "Get a list of Trusted Common Name objects.\n\nThe Trusted Common Names for the REST Consumer are used by encrypted transports to verify the name in the certificate presented by the remote REST consumer. They must include the common name of the remote REST consumer's server certificate.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|\nrestConsumerName|x||x|\nrestDeliveryPointName|x||x|\ntlsTrustedCommonName|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since (will be deprecated in next SEMP version). Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "getMsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonNames",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23272,11 +29014,20 @@
             "type": "string"
           },
           {
-            "description": "The name of a queue in the Message VPN.",
+            "description": "The name of the REST Consumer.",
             "in": "path",
-            "name": "queueBindingName",
+            "name": "restConsumerName",
             "required": true,
             "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -23284,9 +29035,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The request metadata.",
+            "description": "The list of Trusted Common Name objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonNamesResponse"
             }
           },
           "default": {
@@ -23301,16 +29052,17 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Queue Binding object.",
+        "summary": "Get a list of Trusted Common Name objects.",
         "tags": [
           "all",
           "msgVpn",
           "restDeliveryPoint"
         ]
       },
-      "get": {
-        "description": "Get a Queue Binding object.\n\nA Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueBindingName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnRestDeliveryPointQueueBinding",
+      "post": {
+        "deprecated": true,
+        "description": "Create a Trusted Common Name object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe Trusted Common Names for the REST Consumer are used by encrypted transports to verify the name in the certificate presented by the remote REST consumer. They must include the common name of the remote REST consumer's server certificate.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x||x|\nrestConsumerName|x||x||x|\nrestDeliveryPointName|x||x||x|\ntlsTrustedCommonName|x|x|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since (will be deprecated in next SEMP version). Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "createMsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonName",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23327,12 +29079,21 @@
             "type": "string"
           },
           {
-            "description": "The name of a queue in the Message VPN.",
+            "description": "The name of the REST Consumer.",
             "in": "path",
-            "name": "queueBindingName",
+            "name": "restConsumerName",
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The Trusted Common Name object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonName"
+            }
+          },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
@@ -23345,9 +29106,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Queue Binding object's attributes, and the request metadata.",
+            "description": "The Trusted Common Name object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonNameResponse"
             }
           },
           "default": {
@@ -23362,16 +29123,19 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Queue Binding object.",
+        "summary": "Create a Trusted Common Name object.",
         "tags": [
           "all",
           "msgVpn",
           "restDeliveryPoint"
         ]
-      },
-      "patch": {
-        "description": "Update a Queue Binding object. Any attribute missing from the request will be left unchanged.\n\nA Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|x||||\nqueueBindingName|x|x||||\nrestDeliveryPointName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "updateMsgVpnRestDeliveryPointQueueBinding",
+      }
+    },
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}/tlsTrustedCommonNames/{tlsTrustedCommonName}": {
+      "delete": {
+        "deprecated": true,
+        "description": "Delete a Trusted Common Name object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe Trusted Common Names for the REST Consumer are used by encrypted transports to verify the name in the certificate presented by the remote REST consumer. They must include the common name of the remote REST consumer's server certificate.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since (will be deprecated in next SEMP version). Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "deleteMsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonName",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23388,26 +29152,18 @@
             "type": "string"
           },
           {
-            "description": "The name of a queue in the Message VPN.",
+            "description": "The name of the REST Consumer.",
             "in": "path",
-            "name": "queueBindingName",
+            "name": "restConsumerName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Queue Binding object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The expected trusted common name of the remote certificate.",
+            "in": "path",
+            "name": "tlsTrustedCommonName",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBinding"
-            }
-          },
-          {
-            "$ref": "#/parameters/opaquePasswordQuery"
-          },
-          {
-            "$ref": "#/parameters/selectQuery"
+            "type": "string"
           }
         ],
         "produces": [
@@ -23415,9 +29171,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Queue Binding object's attributes after being updated, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -23432,16 +29188,17 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a Queue Binding object.",
+        "summary": "Delete a Trusted Common Name object.",
         "tags": [
           "all",
           "msgVpn",
           "restDeliveryPoint"
         ]
       },
-      "put": {
-        "description": "Replace a Queue Binding object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|x||||\nqueueBindingName|x|x||||\nrestDeliveryPointName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "replaceMsgVpnRestDeliveryPointQueueBinding",
+      "get": {
+        "deprecated": true,
+        "description": "Get a Trusted Common Name object.\n\nThe Trusted Common Names for the REST Consumer are used by encrypted transports to verify the name in the certificate presented by the remote REST consumer. They must include the common name of the remote REST consumer's server certificate.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|\nrestConsumerName|x||x|\nrestDeliveryPointName|x||x|\ntlsTrustedCommonName|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since (will be deprecated in next SEMP version). Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "getMsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonName",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23458,20 +29215,18 @@
             "type": "string"
           },
           {
-            "description": "The name of a queue in the Message VPN.",
+            "description": "The name of the REST Consumer.",
             "in": "path",
-            "name": "queueBindingName",
+            "name": "restConsumerName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Queue Binding object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The expected trusted common name of the remote certificate.",
+            "in": "path",
+            "name": "tlsTrustedCommonName",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBinding"
-            }
+            "type": "string"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -23485,9 +29240,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Queue Binding object's attributes after being replaced, and the request metadata.",
+            "description": "The Trusted Common Name object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonNameResponse"
             }
           },
           "default": {
@@ -23502,7 +29257,7 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace a Queue Binding object.",
+        "summary": "Get a Trusted Common Name object.",
         "tags": [
           "all",
           "msgVpn",
@@ -23510,10 +29265,10 @@
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings/{queueBindingName}/requestHeaders": {
+    "/msgVpns/{msgVpnName}/sequencedTopics": {
       "get": {
-        "description": "Get a list of Request Header objects.\n\nA request header to be added to the HTTP request.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nheaderName|x|||\nmsgVpnName|x|||\nqueueBindingName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.23.",
-        "operationId": "getMsgVpnRestDeliveryPointQueueBindingRequestHeaders",
+        "description": "Get a list of Sequenced Topic objects.\n\nA Sequenced Topic is a topic subscription for which any matching messages received on the Message VPN are assigned a sequence number that is monotonically increased by a value of one per message.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nsequencedTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnSequencedTopics",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23522,20 +29277,6 @@
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The name of the REST Delivery Point.",
-            "in": "path",
-            "name": "restDeliveryPointName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of a queue in the Message VPN.",
-            "in": "path",
-            "name": "queueBindingName",
-            "required": true,
-            "type": "string"
-          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -23557,9 +29298,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Request Header objects' attributes, and the request metadata.",
+            "description": "The list of Sequenced Topic objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeadersResponse"
+              "$ref": "#/definitions/MsgVpnSequencedTopicsResponse"
             }
           },
           "default": {
@@ -23574,16 +29315,15 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Request Header objects.",
+        "summary": "Get a list of Sequenced Topic objects.",
         "tags": [
           "all",
-          "msgVpn",
-          "restDeliveryPoint"
+          "msgVpn"
         ]
       },
       "post": {
-        "description": "Create a Request Header object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA request header to be added to the HTTP request.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nheaderName|x|x||||\nmsgVpnName|x||x|||\nqueueBindingName|x||x|||\nrestDeliveryPointName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.23.",
-        "operationId": "createMsgVpnRestDeliveryPointQueueBindingRequestHeader",
+        "description": "Create a Sequenced Topic object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Sequenced Topic is a topic subscription for which any matching messages received on the Message VPN are assigned a sequence number that is monotonically increased by a value of one per message.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\nsequencedTopic|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnSequencedTopic",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23593,26 +29333,12 @@
             "type": "string"
           },
           {
-            "description": "The name of the REST Delivery Point.",
-            "in": "path",
-            "name": "restDeliveryPointName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of a queue in the Message VPN.",
-            "in": "path",
-            "name": "queueBindingName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The Request Header object's attributes.",
+            "description": "The Sequenced Topic object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeader"
+              "$ref": "#/definitions/MsgVpnSequencedTopic"
             }
           },
           {
@@ -23627,9 +29353,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Request Header object's attributes after being created, and the request metadata.",
+            "description": "The Sequenced Topic object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeaderResponse"
+              "$ref": "#/definitions/MsgVpnSequencedTopicResponse"
             }
           },
           "default": {
@@ -23644,18 +29370,17 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Request Header object.",
+        "summary": "Create a Sequenced Topic object.",
         "tags": [
           "all",
-          "msgVpn",
-          "restDeliveryPoint"
+          "msgVpn"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings/{queueBindingName}/requestHeaders/{headerName}": {
+    "/msgVpns/{msgVpnName}/sequencedTopics/{sequencedTopic}": {
       "delete": {
-        "description": "Delete a Request Header object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA request header to be added to the HTTP request.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.23.",
-        "operationId": "deleteMsgVpnRestDeliveryPointQueueBindingRequestHeader",
+        "description": "Delete a Sequenced Topic object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Sequenced Topic is a topic subscription for which any matching messages received on the Message VPN are assigned a sequence number that is monotonically increased by a value of one per message.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnSequencedTopic",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23665,23 +29390,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the REST Delivery Point.",
-            "in": "path",
-            "name": "restDeliveryPointName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of a queue in the Message VPN.",
-            "in": "path",
-            "name": "queueBindingName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the HTTP request header.",
+            "description": "Topic for applying sequence numbers.",
             "in": "path",
-            "name": "headerName",
+            "name": "sequencedTopic",
             "required": true,
             "type": "string"
           }
@@ -23708,16 +29419,15 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Request Header object.",
+        "summary": "Delete a Sequenced Topic object.",
         "tags": [
           "all",
-          "msgVpn",
-          "restDeliveryPoint"
+          "msgVpn"
         ]
       },
       "get": {
-        "description": "Get a Request Header object.\n\nA request header to be added to the HTTP request.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nheaderName|x|||\nmsgVpnName|x|||\nqueueBindingName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.23.",
-        "operationId": "getMsgVpnRestDeliveryPointQueueBindingRequestHeader",
+        "description": "Get a Sequenced Topic object.\n\nA Sequenced Topic is a topic subscription for which any matching messages received on the Message VPN are assigned a sequence number that is monotonically increased by a value of one per message.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nsequencedTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnSequencedTopic",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23727,23 +29437,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the REST Delivery Point.",
-            "in": "path",
-            "name": "restDeliveryPointName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of a queue in the Message VPN.",
-            "in": "path",
-            "name": "queueBindingName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the HTTP request header.",
+            "description": "Topic for applying sequence numbers.",
             "in": "path",
-            "name": "headerName",
+            "name": "sequencedTopic",
             "required": true,
             "type": "string"
           },
@@ -23759,9 +29455,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Request Header object's attributes, and the request metadata.",
+            "description": "The Sequenced Topic object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeaderResponse"
+              "$ref": "#/definitions/MsgVpnSequencedTopicResponse"
             }
           },
           "default": {
@@ -23776,16 +29472,17 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Request Header object.",
+        "summary": "Get a Sequenced Topic object.",
         "tags": [
           "all",
-          "msgVpn",
-          "restDeliveryPoint"
+          "msgVpn"
         ]
-      },
-      "patch": {
-        "description": "Update a Request Header object. Any attribute missing from the request will be left unchanged.\n\nA request header to be added to the HTTP request.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nheaderName|x|x||||\nmsgVpnName|x|x||||\nqueueBindingName|x|x||||\nrestDeliveryPointName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.23.",
-        "operationId": "updateMsgVpnRestDeliveryPointQueueBindingRequestHeader",
+      }
+    },
+    "/msgVpns/{msgVpnName}/telemetryProfiles": {
+      "get": {
+        "description": "Get a list of Telemetry Profile objects.\n\nUsing the Telemetry Profile allows trace spans to be generated as messages are processed by the broker. The generated spans are stored persistently on the broker and may be consumed by the Solace receiver component of an OpenTelemetry Collector.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\ntelemetryProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "getMsgVpnTelemetryProfiles",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23795,37 +29492,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the REST Delivery Point.",
-            "in": "path",
-            "name": "restDeliveryPointName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of a queue in the Message VPN.",
-            "in": "path",
-            "name": "queueBindingName",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/countQuery"
           },
           {
-            "description": "The name of the HTTP request header.",
-            "in": "path",
-            "name": "headerName",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/cursorQuery"
           },
           {
-            "description": "The Request Header object's attributes.",
-            "in": "body",
-            "name": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeader"
-            }
+            "$ref": "#/parameters/opaquePasswordQuery"
           },
           {
-            "$ref": "#/parameters/opaquePasswordQuery"
+            "$ref": "#/parameters/whereQuery"
           },
           {
             "$ref": "#/parameters/selectQuery"
@@ -23836,9 +29512,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Request Header object's attributes after being updated, and the request metadata.",
+            "description": "The list of Telemetry Profile objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeaderResponse"
+              "$ref": "#/definitions/MsgVpnTelemetryProfilesResponse"
             }
           },
           "default": {
@@ -23853,16 +29529,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a Request Header object.",
+        "summary": "Get a list of Telemetry Profile objects.",
         "tags": [
           "all",
           "msgVpn",
-          "restDeliveryPoint"
+          "telemetryProfile"
         ]
       },
-      "put": {
-        "description": "Replace a Request Header object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA request header to be added to the HTTP request.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nheaderName|x|x||||\nmsgVpnName|x|x||||\nqueueBindingName|x|x||||\nrestDeliveryPointName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.23.",
-        "operationId": "replaceMsgVpnRestDeliveryPointQueueBindingRequestHeader",
+      "post": {
+        "description": "Create a Telemetry Profile object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nUsing the Telemetry Profile allows trace spans to be generated as messages are processed by the broker. The generated spans are stored persistently on the broker and may be consumed by the Solace receiver component of an OpenTelemetry Collector.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\ntelemetryProfileName|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "createMsgVpnTelemetryProfile",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23872,33 +29548,12 @@
             "type": "string"
           },
           {
-            "description": "The name of the REST Delivery Point.",
-            "in": "path",
-            "name": "restDeliveryPointName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of a queue in the Message VPN.",
-            "in": "path",
-            "name": "queueBindingName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the HTTP request header.",
-            "in": "path",
-            "name": "headerName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The Request Header object's attributes.",
+            "description": "The Telemetry Profile object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeader"
+              "$ref": "#/definitions/MsgVpnTelemetryProfile"
             }
           },
           {
@@ -23913,9 +29568,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Request Header object's attributes after being replaced, and the request metadata.",
+            "description": "The Telemetry Profile object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeaderResponse"
+              "$ref": "#/definitions/MsgVpnTelemetryProfileResponse"
             }
           },
           "default": {
@@ -23930,18 +29585,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace a Request Header object.",
+        "summary": "Create a Telemetry Profile object.",
         "tags": [
           "all",
           "msgVpn",
-          "restDeliveryPoint"
+          "telemetryProfile"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers": {
-      "get": {
-        "description": "Get a list of REST Consumer objects.\n\nREST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationAwsSecretAccessKey||x||x\nauthenticationClientCertContent||x||x\nauthenticationClientCertPassword||x||\nauthenticationHttpBasicPassword||x||x\nauthenticationHttpHeaderValue||x||x\nauthenticationOauthClientSecret||x||x\nauthenticationOauthJwtSecretKey||x||x\nmsgVpnName|x|||\nrestConsumerName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnRestDeliveryPointRestConsumers",
+    "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}": {
+      "delete": {
+        "description": "Delete a Telemetry Profile object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nUsing the Telemetry Profile allows trace spans to be generated as messages are processed by the broker. The generated spans are stored persistently on the broker and may be consumed by the Solace receiver component of an OpenTelemetry Collector.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "deleteMsgVpnTelemetryProfile",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23951,26 +29606,11 @@
             "type": "string"
           },
           {
-            "description": "The name of the REST Delivery Point.",
+            "description": "The name of the Telemetry Profile.",
             "in": "path",
-            "name": "restDeliveryPointName",
+            "name": "telemetryProfileName",
             "required": true,
             "type": "string"
-          },
-          {
-            "$ref": "#/parameters/countQuery"
-          },
-          {
-            "$ref": "#/parameters/cursorQuery"
-          },
-          {
-            "$ref": "#/parameters/opaquePasswordQuery"
-          },
-          {
-            "$ref": "#/parameters/whereQuery"
-          },
-          {
-            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -23978,9 +29618,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of REST Consumer objects' attributes, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumersResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -23995,16 +29635,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of REST Consumer objects.",
+        "summary": "Delete a Telemetry Profile object.",
         "tags": [
           "all",
           "msgVpn",
-          "restDeliveryPoint"
+          "telemetryProfile"
         ]
       },
-      "post": {
-        "description": "Create a REST Consumer object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nREST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationAwsSecretAccessKey||||x||x\nauthenticationClientCertContent||||x||x\nauthenticationClientCertPassword||||x||\nauthenticationHttpBasicPassword||||x||x\nauthenticationHttpHeaderValue||||x||x\nauthenticationOauthClientSecret||||x||x\nauthenticationOauthJwtSecretKey||||x||x\nmsgVpnName|x||x|||\nrestConsumerName|x|x||||\nrestDeliveryPointName|x||x|||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnRestDeliveryPointRestConsumer|authenticationClientCertPassword|authenticationClientCertContent|\nMsgVpnRestDeliveryPointRestConsumer|authenticationHttpBasicPassword|authenticationHttpBasicUsername|\nMsgVpnRestDeliveryPointRestConsumer|authenticationHttpBasicUsername|authenticationHttpBasicPassword|\nMsgVpnRestDeliveryPointRestConsumer|remotePort|tlsEnabled|\nMsgVpnRestDeliveryPointRestConsumer|tlsEnabled|remotePort|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "createMsgVpnRestDeliveryPointRestConsumer",
+      "get": {
+        "description": "Get a Telemetry Profile object.\n\nUsing the Telemetry Profile allows trace spans to be generated as messages are processed by the broker. The generated spans are stored persistently on the broker and may be consumed by the Solace receiver component of an OpenTelemetry Collector.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\ntelemetryProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "getMsgVpnTelemetryProfile",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24014,21 +29654,12 @@
             "type": "string"
           },
           {
-            "description": "The name of the REST Delivery Point.",
+            "description": "The name of the Telemetry Profile.",
             "in": "path",
-            "name": "restDeliveryPointName",
+            "name": "telemetryProfileName",
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The REST Consumer object's attributes.",
-            "in": "body",
-            "name": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumer"
-            }
-          },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
@@ -24041,9 +29672,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The REST Consumer object's attributes after being created, and the request metadata.",
+            "description": "The Telemetry Profile object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerResponse"
+              "$ref": "#/definitions/MsgVpnTelemetryProfileResponse"
             }
           },
           "default": {
@@ -24058,18 +29689,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a REST Consumer object.",
+        "summary": "Get a Telemetry Profile object.",
         "tags": [
           "all",
           "msgVpn",
-          "restDeliveryPoint"
+          "telemetryProfile"
         ]
-      }
-    },
-    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}": {
-      "delete": {
-        "description": "Delete a REST Consumer object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nREST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "deleteMsgVpnRestDeliveryPointRestConsumer",
+      },
+      "patch": {
+        "description": "Update a Telemetry Profile object. Any attribute missing from the request will be left unchanged.\n\nUsing the Telemetry Profile allows trace spans to be generated as messages are processed by the broker. The generated spans are stored persistently on the broker and may be consumed by the Solace receiver component of an OpenTelemetry Collector.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nmsgVpnName|x|x|||||\ntelemetryProfileName|x|x|||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "updateMsgVpnTelemetryProfile",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24079,18 +29708,26 @@
             "type": "string"
           },
           {
-            "description": "The name of the REST Delivery Point.",
+            "description": "The name of the Telemetry Profile.",
             "in": "path",
-            "name": "restDeliveryPointName",
+            "name": "telemetryProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the REST Consumer.",
-            "in": "path",
-            "name": "restConsumerName",
+            "description": "The Telemetry Profile object's attributes.",
+            "in": "body",
+            "name": "body",
             "required": true,
-            "type": "string"
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfile"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -24098,9 +29735,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The request metadata.",
+            "description": "The Telemetry Profile object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
+              "$ref": "#/definitions/MsgVpnTelemetryProfileResponse"
             }
           },
           "default": {
@@ -24115,16 +29752,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a REST Consumer object.",
+        "summary": "Update a Telemetry Profile object.",
         "tags": [
           "all",
           "msgVpn",
-          "restDeliveryPoint"
+          "telemetryProfile"
         ]
       },
-      "get": {
-        "description": "Get a REST Consumer object.\n\nREST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationAwsSecretAccessKey||x||x\nauthenticationClientCertContent||x||x\nauthenticationClientCertPassword||x||\nauthenticationHttpBasicPassword||x||x\nauthenticationHttpHeaderValue||x||x\nauthenticationOauthClientSecret||x||x\nauthenticationOauthJwtSecretKey||x||x\nmsgVpnName|x|||\nrestConsumerName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnRestDeliveryPointRestConsumer",
+      "put": {
+        "description": "Replace a Telemetry Profile object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nUsing the Telemetry Profile allows trace spans to be generated as messages are processed by the broker. The generated spans are stored persistently on the broker and may be consumed by the Solace receiver component of an OpenTelemetry Collector.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nmsgVpnName|x||x|||||\ntelemetryProfileName|x||x|||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "replaceMsgVpnTelemetryProfile",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24134,18 +29771,20 @@
             "type": "string"
           },
           {
-            "description": "The name of the REST Delivery Point.",
+            "description": "The name of the Telemetry Profile.",
             "in": "path",
-            "name": "restDeliveryPointName",
+            "name": "telemetryProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the REST Consumer.",
-            "in": "path",
-            "name": "restConsumerName",
+            "description": "The Telemetry Profile object's attributes.",
+            "in": "body",
+            "name": "body",
             "required": true,
-            "type": "string"
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfile"
+            }
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -24159,9 +29798,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The REST Consumer object's attributes, and the request metadata.",
+            "description": "The Telemetry Profile object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerResponse"
+              "$ref": "#/definitions/MsgVpnTelemetryProfileResponse"
             }
           },
           "default": {
@@ -24176,16 +29815,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a REST Consumer object.",
+        "summary": "Replace a Telemetry Profile object.",
         "tags": [
           "all",
           "msgVpn",
-          "restDeliveryPoint"
+          "telemetryProfile"
         ]
-      },
-      "patch": {
-        "description": "Update a REST Consumer object. Any attribute missing from the request will be left unchanged.\n\nREST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationAwsSecretAccessKey|||x|||x\nauthenticationClientCertContent|||x|x||x\nauthenticationClientCertPassword|||x|x||\nauthenticationHttpBasicPassword|||x|x||x\nauthenticationHttpBasicUsername||||x||\nauthenticationHttpHeaderValue|||x|||x\nauthenticationOauthClientId||||x||\nauthenticationOauthClientScope||||x||\nauthenticationOauthClientSecret|||x|x||x\nauthenticationOauthClientTokenEndpoint||||x||\nauthenticationOauthJwtSecretKey|||x|x||x\nauthenticationOauthJwtTokenEndpoint||||x||\nauthenticationScheme||||x||\nmsgVpnName|x|x||||\noutgoingConnectionCount||||x||\nremoteHost||||x||\nremotePort||||x||\nrestConsumerName|x|x||||\nrestDeliveryPointName|x|x||||\ntlsCipherSuiteList||||x||\ntlsEnabled||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnRestDeliveryPointRestConsumer|authenticationClientCertPassword|authenticationClientCertContent|\nMsgVpnRestDeliveryPointRestConsumer|authenticationHttpBasicPassword|authenticationHttpBasicUsername|\nMsgVpnRestDeliveryPointRestConsumer|authenticationHttpBasicUsername|authenticationHttpBasicPassword|\nMsgVpnRestDeliveryPointRestConsumer|remotePort|tlsEnabled|\nMsgVpnRestDeliveryPointRestConsumer|tlsEnabled|remotePort|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "updateMsgVpnRestDeliveryPointRestConsumer",
+      }
+    },
+    "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}/receiverAclConnectExceptions": {
+      "get": {
+        "description": "Get a list of Receiver ACL Connect Exception objects.\n\nA Receiver ACL Connect Exception is an exception to the default action to take when a receiver connects to the broker. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nreceiverAclConnectExceptionAddress|x|||\ntelemetryProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "getMsgVpnTelemetryProfileReceiverAclConnectExceptions",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24195,31 +29836,24 @@
             "type": "string"
           },
           {
-            "description": "The name of the REST Delivery Point.",
+            "description": "The name of the Telemetry Profile.",
             "in": "path",
-            "name": "restDeliveryPointName",
+            "name": "telemetryProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the REST Consumer.",
-            "in": "path",
-            "name": "restConsumerName",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/countQuery"
           },
           {
-            "description": "The REST Consumer object's attributes.",
-            "in": "body",
-            "name": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumer"
-            }
+            "$ref": "#/parameters/cursorQuery"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
           {
             "$ref": "#/parameters/selectQuery"
           }
@@ -24229,9 +29863,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The REST Consumer object's attributes after being updated, and the request metadata.",
+            "description": "The list of Receiver ACL Connect Exception objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerResponse"
+              "$ref": "#/definitions/MsgVpnTelemetryProfileReceiverAclConnectExceptionsResponse"
             }
           },
           "default": {
@@ -24246,16 +29880,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Update a REST Consumer object.",
+        "summary": "Get a list of Receiver ACL Connect Exception objects.",
         "tags": [
           "all",
           "msgVpn",
-          "restDeliveryPoint"
+          "telemetryProfile"
         ]
       },
-      "put": {
-        "description": "Replace a REST Consumer object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nREST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationAwsSecretAccessKey|||x|||x\nauthenticationClientCertContent|||x|x||x\nauthenticationClientCertPassword|||x|x||\nauthenticationHttpBasicPassword|||x|x||x\nauthenticationHttpBasicUsername||||x||\nauthenticationHttpHeaderValue|||x|||x\nauthenticationOauthClientId||||x||\nauthenticationOauthClientScope||||x||\nauthenticationOauthClientSecret|||x|x||x\nauthenticationOauthClientTokenEndpoint||||x||\nauthenticationOauthJwtSecretKey|||x|x||x\nauthenticationOauthJwtTokenEndpoint||||x||\nauthenticationScheme||||x||\nmsgVpnName|x|x||||\noutgoingConnectionCount||||x||\nremoteHost||||x||\nremotePort||||x||\nrestConsumerName|x|x||||\nrestDeliveryPointName|x|x||||\ntlsCipherSuiteList||||x||\ntlsEnabled||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnRestDeliveryPointRestConsumer|authenticationClientCertPassword|authenticationClientCertContent|\nMsgVpnRestDeliveryPointRestConsumer|authenticationHttpBasicPassword|authenticationHttpBasicUsername|\nMsgVpnRestDeliveryPointRestConsumer|authenticationHttpBasicUsername|authenticationHttpBasicPassword|\nMsgVpnRestDeliveryPointRestConsumer|remotePort|tlsEnabled|\nMsgVpnRestDeliveryPointRestConsumer|tlsEnabled|remotePort|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "replaceMsgVpnRestDeliveryPointRestConsumer",
+      "post": {
+        "description": "Create a Receiver ACL Connect Exception object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Receiver ACL Connect Exception is an exception to the default action to take when a receiver connects to the broker. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\nreceiverAclConnectExceptionAddress|x|x||||\ntelemetryProfileName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "createMsgVpnTelemetryProfileReceiverAclConnectException",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24265,26 +29899,19 @@
             "type": "string"
           },
           {
-            "description": "The name of the REST Delivery Point.",
-            "in": "path",
-            "name": "restDeliveryPointName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the REST Consumer.",
+            "description": "The name of the Telemetry Profile.",
             "in": "path",
-            "name": "restConsumerName",
+            "name": "telemetryProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The REST Consumer object's attributes.",
+            "description": "The Receiver ACL Connect Exception object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumer"
+              "$ref": "#/definitions/MsgVpnTelemetryProfileReceiverAclConnectException"
             }
           },
           {
@@ -24299,9 +29926,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The REST Consumer object's attributes after being replaced, and the request metadata.",
+            "description": "The Receiver ACL Connect Exception object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerResponse"
+              "$ref": "#/definitions/MsgVpnTelemetryProfileReceiverAclConnectExceptionResponse"
             }
           },
           "default": {
@@ -24316,18 +29943,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Replace a REST Consumer object.",
+        "summary": "Create a Receiver ACL Connect Exception object.",
         "tags": [
           "all",
           "msgVpn",
-          "restDeliveryPoint"
+          "telemetryProfile"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}/oauthJwtClaims": {
-      "get": {
-        "description": "Get a list of Claim objects.\n\nA Claim is added to the JWT sent to the OAuth token request endpoint.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\noauthJwtClaimName|x|||\nrestConsumerName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.21.",
-        "operationId": "getMsgVpnRestDeliveryPointRestConsumerOauthJwtClaims",
+    "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}/receiverAclConnectExceptions/{receiverAclConnectExceptionAddress}": {
+      "delete": {
+        "description": "Delete a Receiver ACL Connect Exception object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Receiver ACL Connect Exception is an exception to the default action to take when a receiver connects to the broker. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "deleteMsgVpnTelemetryProfileReceiverAclConnectException",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24337,33 +29964,18 @@
             "type": "string"
           },
           {
-            "description": "The name of the REST Delivery Point.",
+            "description": "The name of the Telemetry Profile.",
             "in": "path",
-            "name": "restDeliveryPointName",
+            "name": "telemetryProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the REST Consumer.",
+            "description": "The IP address/netmask of the receiver connect exception in CIDR form.",
             "in": "path",
-            "name": "restConsumerName",
+            "name": "receiverAclConnectExceptionAddress",
             "required": true,
             "type": "string"
-          },
-          {
-            "$ref": "#/parameters/countQuery"
-          },
-          {
-            "$ref": "#/parameters/cursorQuery"
-          },
-          {
-            "$ref": "#/parameters/opaquePasswordQuery"
-          },
-          {
-            "$ref": "#/parameters/whereQuery"
-          },
-          {
-            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -24371,9 +29983,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Claim objects' attributes, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerOauthJwtClaimsResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -24388,46 +30000,37 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Claim objects.",
+        "summary": "Delete a Receiver ACL Connect Exception object.",
         "tags": [
           "all",
           "msgVpn",
-          "restDeliveryPoint"
+          "telemetryProfile"
         ]
       },
-      "post": {
-        "description": "Create a Claim object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Claim is added to the JWT sent to the OAuth token request endpoint.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\noauthJwtClaimName|x|x||||\noauthJwtClaimValue||x||||\nrestConsumerName|x||x|||\nrestDeliveryPointName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.21.",
-        "operationId": "createMsgVpnRestDeliveryPointRestConsumerOauthJwtClaim",
+      "get": {
+        "description": "Get a Receiver ACL Connect Exception object.\n\nA Receiver ACL Connect Exception is an exception to the default action to take when a receiver connects to the broker. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nreceiverAclConnectExceptionAddress|x|||\ntelemetryProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "getMsgVpnTelemetryProfileReceiverAclConnectException",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "msgVpnName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the REST Delivery Point.",
-            "in": "path",
-            "name": "restDeliveryPointName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the REST Consumer.",
+            "description": "The name of the Telemetry Profile.",
             "in": "path",
-            "name": "restConsumerName",
+            "name": "telemetryProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The Claim object's attributes.",
-            "in": "body",
-            "name": "body",
+            "description": "The IP address/netmask of the receiver connect exception in CIDR form.",
+            "in": "path",
+            "name": "receiverAclConnectExceptionAddress",
             "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerOauthJwtClaim"
-            }
+            "type": "string"
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -24441,9 +30044,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Claim object's attributes after being created, and the request metadata.",
+            "description": "The Receiver ACL Connect Exception object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerOauthJwtClaimResponse"
+              "$ref": "#/definitions/MsgVpnTelemetryProfileReceiverAclConnectExceptionResponse"
             }
           },
           "default": {
@@ -24458,18 +30061,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Claim object.",
+        "summary": "Get a Receiver ACL Connect Exception object.",
         "tags": [
           "all",
           "msgVpn",
-          "restDeliveryPoint"
+          "telemetryProfile"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}/oauthJwtClaims/{oauthJwtClaimName}": {
-      "delete": {
-        "description": "Delete a Claim object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Claim is added to the JWT sent to the OAuth token request endpoint.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.21.",
-        "operationId": "deleteMsgVpnRestDeliveryPointRestConsumerOauthJwtClaim",
+    "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}/traceFilters": {
+      "get": {
+        "description": "Get a list of Trace Filter objects.\n\nA Trace Filter controls which messages received by the broker will be traced. If an incoming message matches an enabled tracing filter's subscription, the message will be traced as it passes through the broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\ntelemetryProfileName|x|||\ntraceFilterName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "getMsgVpnTelemetryProfileTraceFilters",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24479,25 +30082,26 @@
             "type": "string"
           },
           {
-            "description": "The name of the REST Delivery Point.",
+            "description": "The name of the Telemetry Profile.",
             "in": "path",
-            "name": "restDeliveryPointName",
+            "name": "telemetryProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the REST Consumer.",
-            "in": "path",
-            "name": "restConsumerName",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/countQuery"
           },
           {
-            "description": "The name of the additional claim. Cannot be \"exp\", \"iat\", or \"jti\".",
-            "in": "path",
-            "name": "oauthJwtClaimName",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -24505,9 +30109,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The request metadata.",
+            "description": "The list of Trace Filter objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFiltersResponse"
             }
           },
           "default": {
@@ -24522,16 +30126,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Claim object.",
+        "summary": "Get a list of Trace Filter objects.",
         "tags": [
           "all",
           "msgVpn",
-          "restDeliveryPoint"
+          "telemetryProfile"
         ]
       },
-      "get": {
-        "description": "Get a Claim object.\n\nA Claim is added to the JWT sent to the OAuth token request endpoint.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\noauthJwtClaimName|x|||\nrestConsumerName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.21.",
-        "operationId": "getMsgVpnRestDeliveryPointRestConsumerOauthJwtClaim",
+      "post": {
+        "description": "Create a Trace Filter object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Trace Filter controls which messages received by the broker will be traced. If an incoming message matches an enabled tracing filter's subscription, the message will be traced as it passes through the broker.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\ntelemetryProfileName|x||x|||\ntraceFilterName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "createMsgVpnTelemetryProfileTraceFilter",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24541,25 +30145,20 @@
             "type": "string"
           },
           {
-            "description": "The name of the REST Delivery Point.",
-            "in": "path",
-            "name": "restDeliveryPointName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the REST Consumer.",
+            "description": "The name of the Telemetry Profile.",
             "in": "path",
-            "name": "restConsumerName",
+            "name": "telemetryProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the additional claim. Cannot be \"exp\", \"iat\", or \"jti\".",
-            "in": "path",
-            "name": "oauthJwtClaimName",
+            "description": "The Trace Filter object's attributes.",
+            "in": "body",
+            "name": "body",
             "required": true,
-            "type": "string"
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilter"
+            }
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -24573,9 +30172,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Claim object's attributes, and the request metadata.",
+            "description": "The Trace Filter object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerOauthJwtClaimResponse"
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterResponse"
             }
           },
           "default": {
@@ -24590,19 +30189,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Claim object.",
+        "summary": "Create a Trace Filter object.",
         "tags": [
           "all",
           "msgVpn",
-          "restDeliveryPoint"
+          "telemetryProfile"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}/tlsTrustedCommonNames": {
-      "get": {
-        "deprecated": true,
-        "description": "Get a list of Trusted Common Name objects.\n\nThe Trusted Common Names for the REST Consumer are used by encrypted transports to verify the name in the certificate presented by the remote REST consumer. They must include the common name of the remote REST consumer's server certificate.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|\nrestConsumerName|x||x|\nrestDeliveryPointName|x||x|\ntlsTrustedCommonName|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since (will be deprecated in next SEMP version). Common Name validation has been replaced by Server Certificate Name validation.",
-        "operationId": "getMsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonNames",
+    "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}/traceFilters/{traceFilterName}": {
+      "delete": {
+        "description": "Delete a Trace Filter object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Trace Filter controls which messages received by the broker will be traced. If an incoming message matches an enabled tracing filter's subscription, the message will be traced as it passes through the broker.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "deleteMsgVpnTelemetryProfileTraceFilter",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24612,27 +30210,18 @@
             "type": "string"
           },
           {
-            "description": "The name of the REST Delivery Point.",
+            "description": "The name of the Telemetry Profile.",
             "in": "path",
-            "name": "restDeliveryPointName",
+            "name": "telemetryProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the REST Consumer.",
+            "description": "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
             "in": "path",
-            "name": "restConsumerName",
+            "name": "traceFilterName",
             "required": true,
             "type": "string"
-          },
-          {
-            "$ref": "#/parameters/opaquePasswordQuery"
-          },
-          {
-            "$ref": "#/parameters/whereQuery"
-          },
-          {
-            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -24640,9 +30229,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Trusted Common Name objects' attributes, and the request metadata.",
+            "description": "The request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonNamesResponse"
+              "$ref": "#/definitions/SempMetaOnlyResponse"
             }
           },
           "default": {
@@ -24657,17 +30246,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Trusted Common Name objects.",
+        "summary": "Delete a Trace Filter object.",
         "tags": [
           "all",
           "msgVpn",
-          "restDeliveryPoint"
+          "telemetryProfile"
         ]
       },
-      "post": {
-        "deprecated": true,
-        "description": "Create a Trusted Common Name object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe Trusted Common Names for the REST Consumer are used by encrypted transports to verify the name in the certificate presented by the remote REST consumer. They must include the common name of the remote REST consumer's server certificate.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x||x|\nrestConsumerName|x||x||x|\nrestDeliveryPointName|x||x||x|\ntlsTrustedCommonName|x|x|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since (will be deprecated in next SEMP version). Common Name validation has been replaced by Server Certificate Name validation.",
-        "operationId": "createMsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonName",
+      "get": {
+        "description": "Get a Trace Filter object.\n\nA Trace Filter controls which messages received by the broker will be traced. If an incoming message matches an enabled tracing filter's subscription, the message will be traced as it passes through the broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\ntelemetryProfileName|x|||\ntraceFilterName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "getMsgVpnTelemetryProfileTraceFilter",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24677,28 +30265,19 @@
             "type": "string"
           },
           {
-            "description": "The name of the REST Delivery Point.",
+            "description": "The name of the Telemetry Profile.",
             "in": "path",
-            "name": "restDeliveryPointName",
+            "name": "telemetryProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the REST Consumer.",
+            "description": "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
             "in": "path",
-            "name": "restConsumerName",
+            "name": "traceFilterName",
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The Trusted Common Name object's attributes.",
-            "in": "body",
-            "name": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonName"
-            }
-          },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
           },
@@ -24711,9 +30290,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Trusted Common Name object's attributes after being created, and the request metadata.",
+            "description": "The Trace Filter object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonNameResponse"
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterResponse"
             }
           },
           "default": {
@@ -24728,19 +30307,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Trusted Common Name object.",
+        "summary": "Get a Trace Filter object.",
         "tags": [
           "all",
           "msgVpn",
-          "restDeliveryPoint"
+          "telemetryProfile"
         ]
-      }
-    },
-    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}/tlsTrustedCommonNames/{tlsTrustedCommonName}": {
-      "delete": {
-        "deprecated": true,
-        "description": "Delete a Trusted Common Name object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe Trusted Common Names for the REST Consumer are used by encrypted transports to verify the name in the certificate presented by the remote REST consumer. They must include the common name of the remote REST consumer's server certificate.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since (will be deprecated in next SEMP version). Common Name validation has been replaced by Server Certificate Name validation.",
-        "operationId": "deleteMsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonName",
+      },
+      "patch": {
+        "description": "Update a Trace Filter object. Any attribute missing from the request will be left unchanged.\n\nA Trace Filter controls which messages received by the broker will be traced. If an incoming message matches an enabled tracing filter's subscription, the message will be traced as it passes through the broker.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nmsgVpnName|x|x|||||\ntelemetryProfileName|x|x|||||\ntraceFilterName|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "updateMsgVpnTelemetryProfileTraceFilter",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24750,25 +30326,33 @@
             "type": "string"
           },
           {
-            "description": "The name of the REST Delivery Point.",
+            "description": "The name of the Telemetry Profile.",
             "in": "path",
-            "name": "restDeliveryPointName",
+            "name": "telemetryProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the REST Consumer.",
+            "description": "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
             "in": "path",
-            "name": "restConsumerName",
+            "name": "traceFilterName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The expected trusted common name of the remote certificate.",
-            "in": "path",
-            "name": "tlsTrustedCommonName",
+            "description": "The Trace Filter object's attributes.",
+            "in": "body",
+            "name": "body",
             "required": true,
-            "type": "string"
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilter"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
           }
         ],
         "produces": [
@@ -24776,9 +30360,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The request metadata.",
+            "description": "The Trace Filter object's attributes after being updated, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/SempMetaOnlyResponse"
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterResponse"
             }
           },
           "default": {
@@ -24793,17 +30377,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Trusted Common Name object.",
+        "summary": "Update a Trace Filter object.",
         "tags": [
           "all",
           "msgVpn",
-          "restDeliveryPoint"
+          "telemetryProfile"
         ]
       },
-      "get": {
-        "deprecated": true,
-        "description": "Get a Trusted Common Name object.\n\nThe Trusted Common Names for the REST Consumer are used by encrypted transports to verify the name in the certificate presented by the remote REST consumer. They must include the common name of the remote REST consumer's server certificate.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|\nrestConsumerName|x||x|\nrestDeliveryPointName|x||x|\ntlsTrustedCommonName|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since (will be deprecated in next SEMP version). Common Name validation has been replaced by Server Certificate Name validation.",
-        "operationId": "getMsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonName",
+      "put": {
+        "description": "Replace a Trace Filter object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Trace Filter controls which messages received by the broker will be traced. If an incoming message matches an enabled tracing filter's subscription, the message will be traced as it passes through the broker.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nmsgVpnName|x||x|||||\ntelemetryProfileName|x||x|||||\ntraceFilterName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "replaceMsgVpnTelemetryProfileTraceFilter",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24813,25 +30396,27 @@
             "type": "string"
           },
           {
-            "description": "The name of the REST Delivery Point.",
+            "description": "The name of the Telemetry Profile.",
             "in": "path",
-            "name": "restDeliveryPointName",
+            "name": "telemetryProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the REST Consumer.",
+            "description": "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
             "in": "path",
-            "name": "restConsumerName",
+            "name": "traceFilterName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The expected trusted common name of the remote certificate.",
-            "in": "path",
-            "name": "tlsTrustedCommonName",
+            "description": "The Trace Filter object's attributes.",
+            "in": "body",
+            "name": "body",
             "required": true,
-            "type": "string"
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilter"
+            }
           },
           {
             "$ref": "#/parameters/opaquePasswordQuery"
@@ -24845,9 +30430,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Trusted Common Name object's attributes, and the request metadata.",
+            "description": "The Trace Filter object's attributes after being replaced, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonNameResponse"
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterResponse"
             }
           },
           "default": {
@@ -24862,18 +30447,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Trusted Common Name object.",
+        "summary": "Replace a Trace Filter object.",
         "tags": [
           "all",
           "msgVpn",
-          "restDeliveryPoint"
+          "telemetryProfile"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/sequencedTopics": {
+    "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}/traceFilters/{traceFilterName}/subscriptions": {
       "get": {
-        "description": "Get a list of Sequenced Topic objects.\n\nA Sequenced Topic is a topic subscription for which any matching messages received on the Message VPN are assigned a sequence number that is monotonically increased by a value of one per message.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nsequencedTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnSequencedTopics",
+        "description": "Get a list of Telemetry Trace Filter Subscription objects.\n\nTrace filter subscriptions control which messages will be attracted by the tracing filter.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nsubscription|x|||\nsubscriptionSyntax|x|||\ntelemetryProfileName|x|||\ntraceFilterName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "getMsgVpnTelemetryProfileTraceFilterSubscriptions",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24882,6 +30467,20 @@
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The name of the Telemetry Profile.",
+            "in": "path",
+            "name": "telemetryProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
+            "in": "path",
+            "name": "traceFilterName",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -24903,9 +30502,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Sequenced Topic objects' attributes, and the request metadata.",
+            "description": "The list of Telemetry Trace Filter Subscription objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnSequencedTopicsResponse"
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterSubscriptionsResponse"
             }
           },
           "default": {
@@ -24920,15 +30519,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Sequenced Topic objects.",
+        "summary": "Get a list of Telemetry Trace Filter Subscription objects.",
         "tags": [
           "all",
-          "msgVpn"
+          "msgVpn",
+          "telemetryProfile"
         ]
       },
       "post": {
-        "description": "Create a Sequenced Topic object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Sequenced Topic is a topic subscription for which any matching messages received on the Message VPN are assigned a sequence number that is monotonically increased by a value of one per message.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\nsequencedTopic|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "createMsgVpnSequencedTopic",
+        "description": "Create a Telemetry Trace Filter Subscription object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nTrace filter subscriptions control which messages will be attracted by the tracing filter.\n\n\nAttribute|Identifying|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||\nsubscription|x|x||||\nsubscriptionSyntax|x|x||||\ntelemetryProfileName|x||x|||\ntraceFilterName|x||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "createMsgVpnTelemetryProfileTraceFilterSubscription",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24938,12 +30538,26 @@
             "type": "string"
           },
           {
-            "description": "The Sequenced Topic object's attributes.",
+            "description": "The name of the Telemetry Profile.",
+            "in": "path",
+            "name": "telemetryProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
+            "in": "path",
+            "name": "traceFilterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Telemetry Trace Filter Subscription object's attributes.",
             "in": "body",
             "name": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/MsgVpnSequencedTopic"
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterSubscription"
             }
           },
           {
@@ -24958,9 +30572,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Sequenced Topic object's attributes after being created, and the request metadata.",
+            "description": "The Telemetry Trace Filter Subscription object's attributes after being created, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnSequencedTopicResponse"
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterSubscriptionResponse"
             }
           },
           "default": {
@@ -24975,17 +30589,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Create a Sequenced Topic object.",
+        "summary": "Create a Telemetry Trace Filter Subscription object.",
         "tags": [
           "all",
-          "msgVpn"
+          "msgVpn",
+          "telemetryProfile"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/sequencedTopics/{sequencedTopic}": {
+    "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}/traceFilters/{traceFilterName}/subscriptions/{subscription},{subscriptionSyntax}": {
       "delete": {
-        "description": "Delete a Sequenced Topic object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Sequenced Topic is a topic subscription for which any matching messages received on the Message VPN are assigned a sequence number that is monotonically increased by a value of one per message.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "deleteMsgVpnSequencedTopic",
+        "description": "Delete a Telemetry Trace Filter Subscription object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nTrace filter subscriptions control which messages will be attracted by the tracing filter.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "deleteMsgVpnTelemetryProfileTraceFilterSubscription",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24995,9 +30610,30 @@
             "type": "string"
           },
           {
-            "description": "Topic for applying sequence numbers.",
+            "description": "The name of the Telemetry Profile.",
             "in": "path",
-            "name": "sequencedTopic",
+            "name": "telemetryProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
+            "in": "path",
+            "name": "traceFilterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "Messages matching this subscription will follow this filter's configuration.",
+            "in": "path",
+            "name": "subscription",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The syntax of the trace filter subscription.",
+            "in": "path",
+            "name": "subscriptionSyntax",
             "required": true,
             "type": "string"
           }
@@ -25024,15 +30660,16 @@
             "basicAuth": []
           }
         ],
-        "summary": "Delete a Sequenced Topic object.",
+        "summary": "Delete a Telemetry Trace Filter Subscription object.",
         "tags": [
           "all",
-          "msgVpn"
+          "msgVpn",
+          "telemetryProfile"
         ]
       },
       "get": {
-        "description": "Get a Sequenced Topic object.\n\nA Sequenced Topic is a topic subscription for which any matching messages received on the Message VPN are assigned a sequence number that is monotonically increased by a value of one per message.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nsequencedTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
-        "operationId": "getMsgVpnSequencedTopic",
+        "description": "Get a Telemetry Trace Filter Subscription object.\n\nTrace filter subscriptions control which messages will be attracted by the tracing filter.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nsubscription|x|||\nsubscriptionSyntax|x|||\ntelemetryProfileName|x|||\ntraceFilterName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "getMsgVpnTelemetryProfileTraceFilterSubscription",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -25042,9 +30679,30 @@
             "type": "string"
           },
           {
-            "description": "Topic for applying sequence numbers.",
+            "description": "The name of the Telemetry Profile.",
             "in": "path",
-            "name": "sequencedTopic",
+            "name": "telemetryProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
+            "in": "path",
+            "name": "traceFilterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "Messages matching this subscription will follow this filter's configuration.",
+            "in": "path",
+            "name": "subscription",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The syntax of the trace filter subscription.",
+            "in": "path",
+            "name": "subscriptionSyntax",
             "required": true,
             "type": "string"
           },
@@ -25060,9 +30718,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Sequenced Topic object's attributes, and the request metadata.",
+            "description": "The Telemetry Trace Filter Subscription object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnSequencedTopicResponse"
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterSubscriptionResponse"
             }
           },
           "default": {
@@ -25077,10 +30735,11 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Sequenced Topic object.",
+        "summary": "Get a Telemetry Trace Filter Subscription object.",
         "tags": [
           "all",
-          "msgVpn"
+          "msgVpn",
+          "telemetryProfile"
         ]
       }
     },
@@ -25302,7 +30961,7 @@
         ]
       },
       "patch": {
-        "description": "Update a Topic Endpoint Template object. Any attribute missing from the request will be left unchanged.\n\nA Topic Endpoint Template provides a mechanism for specifying the initial state for client created topic endpoints.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|x||||\ntopicEndpointTemplateName|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "description": "Update a Topic Endpoint Template object. Any attribute missing from the request will be left unchanged.\n\nA Topic Endpoint Template provides a mechanism for specifying the initial state for client created topic endpoints.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nmsgVpnName|x|x|||||\nrejectMsgToSenderOnDiscardBehavior|||||x||\ntopicEndpointTemplateName|x|x|||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
         "operationId": "updateMsgVpnTopicEndpointTemplate",
         "parameters": [
           {
@@ -25365,7 +31024,7 @@
         ]
       },
       "put": {
-        "description": "Replace a Topic Endpoint Template object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Topic Endpoint Template provides a mechanism for specifying the initial state for client created topic endpoints.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|x||||\ntopicEndpointTemplateName|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "description": "Replace a Topic Endpoint Template object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Topic Endpoint Template provides a mechanism for specifying the initial state for client created topic endpoints.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nmsgVpnName|x||x|||||\nrejectMsgToSenderOnDiscardBehavior||||||x||\ntopicEndpointTemplateName|x||x|||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
         "operationId": "replaceMsgVpnTopicEndpointTemplate",
         "parameters": [
           {
@@ -25646,7 +31305,7 @@
         ]
       },
       "patch": {
-        "description": "Update a Topic Endpoint object. Any attribute missing from the request will be left unchanged.\n\nA Topic Endpoint attracts messages published to a topic for which the Topic Endpoint has a matching topic subscription. The topic subscription for the Topic Endpoint is specified in the client request to bind a Flow to that Topic Endpoint. Queues are significantly more flexible than Topic Endpoints and are the recommended approach for most applications. The use of Topic Endpoints should be restricted to JMS applications.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naccessType||||x||\nmsgVpnName|x|x||||\nowner||||x||\npermission||||x||\nrespectMsgPriorityEnabled||||x||\ntopicEndpointName|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "description": "Update a Topic Endpoint object. Any attribute missing from the request will be left unchanged.\n\nA Topic Endpoint attracts messages published to a topic for which the Topic Endpoint has a matching topic subscription. The topic subscription for the Topic Endpoint is specified in the client request to bind a Flow to that Topic Endpoint. Queues are significantly more flexible than Topic Endpoints and are the recommended approach for most applications. The use of Topic Endpoints should be restricted to JMS applications.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\naccessType|||||x||\nmsgVpnName|x|x|||||\nowner|||||x||\npermission|||||x||\nredeliveryDelayEnabled|||||x||\nredeliveryDelayInitialInterval|||||x||\nredeliveryDelayMaxInterval|||||x||\nredeliveryDelayMultiplier|||||x||\nrejectMsgToSenderOnDiscardBehavior|||||x||\nrespectMsgPriorityEnabled|||||x||\ntopicEndpointName|x|x|||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
         "operationId": "updateMsgVpnTopicEndpoint",
         "parameters": [
           {
@@ -25709,7 +31368,7 @@
         ]
       },
       "put": {
-        "description": "Replace a Topic Endpoint object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Topic Endpoint attracts messages published to a topic for which the Topic Endpoint has a matching topic subscription. The topic subscription for the Topic Endpoint is specified in the client request to bind a Flow to that Topic Endpoint. Queues are significantly more flexible than Topic Endpoints and are the recommended approach for most applications. The use of Topic Endpoints should be restricted to JMS applications.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\naccessType||||x||\nmsgVpnName|x|x||||\nowner||||x||\npermission||||x||\nrespectMsgPriorityEnabled||||x||\ntopicEndpointName|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "description": "Replace a Topic Endpoint object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Topic Endpoint attracts messages published to a topic for which the Topic Endpoint has a matching topic subscription. The topic subscription for the Topic Endpoint is specified in the client request to bind a Flow to that Topic Endpoint. Queues are significantly more flexible than Topic Endpoints and are the recommended approach for most applications. The use of Topic Endpoints should be restricted to JMS applications.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\naccessType||||||x||\nmsgVpnName|x||x|||||\nowner||||||x||\npermission||||||x||\nredeliveryDelayEnabled||||||x||\nredeliveryDelayInitialInterval||||||x||\nredeliveryDelayMaxInterval||||||x||\nredeliveryDelayMultiplier||||||x||\nrejectMsgToSenderOnDiscardBehavior||||||x||\nrespectMsgPriorityEnabled||||||x||\ntopicEndpointName|x||x|||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nEventThreshold|clearPercent|setPercent|clearValue, setValue\nEventThreshold|clearValue|setValue|clearPercent, setPercent\nEventThreshold|setPercent|clearPercent|clearValue, setValue\nEventThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
         "operationId": "replaceMsgVpnTopicEndpoint",
         "parameters": [
           {
@@ -25958,7 +31617,7 @@
         ]
       },
       "patch": {
-        "description": "Update an OAuth Profile object. Any attribute missing from the request will be left unchanged.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nclientSecret|||x|||x\noauthProfileName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\naccessLevelGroupsClaimName|global/admin\nclientId|global/admin\nclientRedirectUri|global/admin\nclientRequiredType|global/admin\nclientScope|global/admin\nclientSecret|global/admin\nclientValidateTypeEnabled|global/admin\ndefaultGlobalAccessLevel|global/admin\ndisplayName|global/admin\nenabled|global/admin\nendpointAuthorization|global/admin\nendpointDiscovery|global/admin\nendpointDiscoveryRefreshInterval|global/admin\nendpointIntrospection|global/admin\nendpointIntrospectionTimeout|global/admin\nendpointJwks|global/admin\nendpointJwksRefreshInterval|global/admin\nendpointToken|global/admin\nendpointTokenTimeout|global/admin\nendpointUserinfo|global/admin\nendpointUserinfoTimeout|global/admin\ninteractiveEnabled|global/admin\ninteractivePromptForExpiredSession|global/admin\ninteractivePromptForNewSession|global/admin\nissuer|global/admin\noauthRole|global/admin\nresourceServerParseAccessTokenEnabled|global/admin\nresourceServerRequiredAudience|global/admin\nresourceServerRequiredIssuer|global/admin\nresourceServerRequiredScope|global/admin\nresourceServerRequiredType|global/admin\nresourceServerValidateAudienceEnabled|global/admin\nresourceServerValidateIssuerEnabled|global/admin\nresourceServerValidateScopeEnabled|global/admin\nresourceServerValidateTypeEnabled|global/admin\nsempEnabled|global/admin\nusernameClaimName|global/admin\n\n\n\nThis has been available since 2.24.",
+        "description": "Update an OAuth Profile object. Any attribute missing from the request will be left unchanged.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nclientSecret|||x||||x\noauthProfileName|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\naccessLevelGroupsClaimName|global/admin\naccessLevelGroupsClaimStringFormat|global/admin\nclientId|global/admin\nclientRedirectUri|global/admin\nclientRequiredType|global/admin\nclientScope|global/admin\nclientSecret|global/admin\nclientValidateTypeEnabled|global/admin\ndefaultGlobalAccessLevel|global/admin\ndisplayName|global/admin\nenabled|global/admin\nendpointAuthorization|global/admin\nendpointDiscovery|global/admin\nendpointDiscoveryRefreshInterval|global/admin\nendpointIntrospection|global/admin\nendpointIntrospectionTimeout|global/admin\nendpointJwks|global/admin\nendpointJwksRefreshInterval|global/admin\nendpointToken|global/admin\nendpointTokenTimeout|global/admin\nendpointUserinfo|global/admin\nendpointUserinfoTimeout|global/admin\ninteractiveEnabled|global/admin\ninteractivePromptForExpiredSession|global/admin\ninteractivePromptForNewSession|global/admin\nissuer|global/admin\noauthRole|global/admin\nresourceServerParseAccessTokenEnabled|global/admin\nresourceServerRequiredAudience|global/admin\nresourceServerRequiredIssuer|global/admin\nresourceServerRequiredScope|global/admin\nresourceServerRequiredType|global/admin\nresourceServerValidateAudienceEnabled|global/admin\nresourceServerValidateIssuerEnabled|global/admin\nresourceServerValidateScopeEnabled|global/admin\nresourceServerValidateTypeEnabled|global/admin\nsempEnabled|global/admin\nusernameClaimName|global/admin\n\n\n\nThis has been available since 2.24.",
         "operationId": "updateOauthProfile",
         "parameters": [
           {
@@ -26013,7 +31672,7 @@
         ]
       },
       "put": {
-        "description": "Replace an OAuth Profile object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nclientSecret|||x|||x\noauthProfileName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\naccessLevelGroupsClaimName|global/admin\nclientId|global/admin\nclientRedirectUri|global/admin\nclientRequiredType|global/admin\nclientScope|global/admin\nclientSecret|global/admin\nclientValidateTypeEnabled|global/admin\ndefaultGlobalAccessLevel|global/admin\ndisplayName|global/admin\nenabled|global/admin\nendpointAuthorization|global/admin\nendpointDiscovery|global/admin\nendpointDiscoveryRefreshInterval|global/admin\nendpointIntrospection|global/admin\nendpointIntrospectionTimeout|global/admin\nendpointJwks|global/admin\nendpointJwksRefreshInterval|global/admin\nendpointToken|global/admin\nendpointTokenTimeout|global/admin\nendpointUserinfo|global/admin\nendpointUserinfoTimeout|global/admin\ninteractiveEnabled|global/admin\ninteractivePromptForExpiredSession|global/admin\ninteractivePromptForNewSession|global/admin\nissuer|global/admin\noauthRole|global/admin\nresourceServerParseAccessTokenEnabled|global/admin\nresourceServerRequiredAudience|global/admin\nresourceServerRequiredIssuer|global/admin\nresourceServerRequiredScope|global/admin\nresourceServerRequiredType|global/admin\nresourceServerValidateAudienceEnabled|global/admin\nresourceServerValidateIssuerEnabled|global/admin\nresourceServerValidateScopeEnabled|global/admin\nresourceServerValidateTypeEnabled|global/admin\nsempEnabled|global/admin\nusernameClaimName|global/admin\n\n\n\nThis has been available since 2.24.",
+        "description": "Replace an OAuth Profile object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nclientSecret||||x||||x\noauthProfileName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\naccessLevelGroupsClaimName|global/admin\naccessLevelGroupsClaimStringFormat|global/admin\nclientId|global/admin\nclientRedirectUri|global/admin\nclientRequiredType|global/admin\nclientScope|global/admin\nclientSecret|global/admin\nclientValidateTypeEnabled|global/admin\ndefaultGlobalAccessLevel|global/admin\ndisplayName|global/admin\nenabled|global/admin\nendpointAuthorization|global/admin\nendpointDiscovery|global/admin\nendpointDiscoveryRefreshInterval|global/admin\nendpointIntrospection|global/admin\nendpointIntrospectionTimeout|global/admin\nendpointJwks|global/admin\nendpointJwksRefreshInterval|global/admin\nendpointToken|global/admin\nendpointTokenTimeout|global/admin\nendpointUserinfo|global/admin\nendpointUserinfoTimeout|global/admin\ninteractiveEnabled|global/admin\ninteractivePromptForExpiredSession|global/admin\ninteractivePromptForNewSession|global/admin\nissuer|global/admin\noauthRole|global/admin\nresourceServerParseAccessTokenEnabled|global/admin\nresourceServerRequiredAudience|global/admin\nresourceServerRequiredIssuer|global/admin\nresourceServerRequiredScope|global/admin\nresourceServerRequiredType|global/admin\nresourceServerValidateAudienceEnabled|global/admin\nresourceServerValidateIssuerEnabled|global/admin\nresourceServerValidateScopeEnabled|global/admin\nresourceServerValidateTypeEnabled|global/admin\nsempEnabled|global/admin\nusernameClaimName|global/admin\n\n\n\nThis has been available since 2.24.",
         "operationId": "replaceOauthProfile",
         "parameters": [
           {
@@ -26282,7 +31941,7 @@
         ]
       },
       "patch": {
-        "description": "Update a Group Access Level object. Any attribute missing from the request will be left unchanged.\n\nThe name of a group as it exists on the OAuth server being used to authenticate SEMP users.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ngroupName|x|x||||\noauthProfileName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\nglobalAccessLevel|global/admin\n\n\n\nThis has been available since 2.24.",
+        "description": "Update a Group Access Level object. Any attribute missing from the request will be left unchanged.\n\nThe name of a group as it exists on the OAuth server being used to authenticate SEMP users.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\ngroupName|x|x|||||\noauthProfileName|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\nglobalAccessLevel|global/admin\n\n\n\nThis has been available since 2.24.",
         "operationId": "updateOauthProfileAccessLevelGroup",
         "parameters": [
           {
@@ -26344,7 +32003,7 @@
         ]
       },
       "put": {
-        "description": "Replace a Group Access Level object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nThe name of a group as it exists on the OAuth server being used to authenticate SEMP users.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ngroupName|x|x||||\noauthProfileName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\nglobalAccessLevel|global/admin\n\n\n\nThis has been available since 2.24.",
+        "description": "Replace a Group Access Level object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nThe name of a group as it exists on the OAuth server being used to authenticate SEMP users.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\ngroupName|x||x|||||\noauthProfileName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\nglobalAccessLevel|global/admin\n\n\n\nThis has been available since 2.24.",
         "operationId": "replaceOauthProfileAccessLevelGroup",
         "parameters": [
           {
@@ -26648,7 +32307,7 @@
         ]
       },
       "patch": {
-        "description": "Update a Message VPN Access-Level Exception object. Any attribute missing from the request will be left unchanged.\n\nMessage VPN access-level exceptions for members of this group.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ngroupName|x|x||||\nmsgVpnName|x|x||||\noauthProfileName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "description": "Update a Message VPN Access-Level Exception object. Any attribute missing from the request will be left unchanged.\n\nMessage VPN access-level exceptions for members of this group.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\ngroupName|x|x|||||\nmsgVpnName|x|x|||||\noauthProfileName|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.24.",
         "operationId": "updateOauthProfileAccessLevelGroupMsgVpnAccessLevelException",
         "parameters": [
           {
@@ -26717,7 +32376,7 @@
         ]
       },
       "put": {
-        "description": "Replace a Message VPN Access-Level Exception object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nMessage VPN access-level exceptions for members of this group.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\ngroupName|x|x||||\nmsgVpnName|x|x||||\noauthProfileName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "description": "Replace a Message VPN Access-Level Exception object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nMessage VPN access-level exceptions for members of this group.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\ngroupName|x||x|||||\nmsgVpnName|x||x|||||\noauthProfileName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.24.",
         "operationId": "replaceOauthProfileAccessLevelGroupMsgVpnAccessLevelException",
         "parameters": [
           {
@@ -27214,7 +32873,7 @@
         ]
       },
       "patch": {
-        "description": "Update an Authorization Parameter object. Any attribute missing from the request will be left unchanged.\n\nAdditional parameters to be passed to the OAuth authorization endpoint.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nauthorizationParameterName|x|x||||\noauthProfileName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "description": "Update an Authorization Parameter object. Any attribute missing from the request will be left unchanged.\n\nAdditional parameters to be passed to the OAuth authorization endpoint.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nauthorizationParameterName|x|x|||||\noauthProfileName|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.24.",
         "operationId": "updateOauthProfileClientAuthorizationParameter",
         "parameters": [
           {
@@ -27276,7 +32935,7 @@
         ]
       },
       "put": {
-        "description": "Replace an Authorization Parameter object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nAdditional parameters to be passed to the OAuth authorization endpoint.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nauthorizationParameterName|x|x||||\noauthProfileName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "description": "Replace an Authorization Parameter object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nAdditional parameters to be passed to the OAuth authorization endpoint.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nauthorizationParameterName|x||x|||||\noauthProfileName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.24.",
         "operationId": "replaceOauthProfileClientAuthorizationParameter",
         "parameters": [
           {
@@ -27766,7 +33425,7 @@
         ]
       },
       "patch": {
-        "description": "Update a Message VPN Access-Level Exception object. Any attribute missing from the request will be left unchanged.\n\nDefault message VPN access-level exceptions.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|x||||\noauthProfileName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "description": "Update a Message VPN Access-Level Exception object. Any attribute missing from the request will be left unchanged.\n\nDefault message VPN access-level exceptions.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nmsgVpnName|x|x|||||\noauthProfileName|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.24.",
         "operationId": "updateOauthProfileDefaultMsgVpnAccessLevelException",
         "parameters": [
           {
@@ -27828,7 +33487,7 @@
         ]
       },
       "put": {
-        "description": "Replace a Message VPN Access-Level Exception object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nDefault message VPN access-level exceptions.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|x||||\noauthProfileName|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "description": "Replace a Message VPN Access-Level Exception object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nDefault message VPN access-level exceptions.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nmsgVpnName|x||x|||||\noauthProfileName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.24.",
         "operationId": "replaceOauthProfileDefaultMsgVpnAccessLevelException",
         "parameters": [
           {
@@ -28332,7 +33991,7 @@
         ]
       },
       "patch": {
-        "description": "Update a Virtual Hostname object. Any attribute missing from the request will be left unchanged.\n\nA Virtual Hostname is a provisioned object on a message broker that contains a Virtual Hostname to Message VPN mapping.\n\nClients which connect to a global (as opposed to per Message VPN) port and provides this hostname will be directed to its corresponding Message VPN. A case-insentive match is performed on the full client-provided hostname against the configured virtual-hostname.\n\nThis mechanism is only supported for hostnames provided through the Server Name Indication (SNI) extension of TLS.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nvirtualHostname|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.17.",
+        "description": "Update a Virtual Hostname object. Any attribute missing from the request will be left unchanged.\n\nA Virtual Hostname is a provisioned object on a message broker that contains a Virtual Hostname to Message VPN mapping.\n\nClients which connect to a global (as opposed to per Message VPN) port and provides this hostname will be directed to its corresponding Message VPN. A case-insentive match is performed on the full client-provided hostname against the configured virtual-hostname.\n\nThis mechanism is only supported for hostnames provided through the Server Name Indication (SNI) extension of TLS.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---\nvirtualHostname|x|x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.17.",
         "operationId": "updateVirtualHostname",
         "parameters": [
           {
@@ -28387,7 +34046,7 @@
         ]
       },
       "put": {
-        "description": "Replace a Virtual Hostname object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Virtual Hostname is a provisioned object on a message broker that contains a Virtual Hostname to Message VPN mapping.\n\nClients which connect to a global (as opposed to per Message VPN) port and provides this hostname will be directed to its corresponding Message VPN. A case-insentive match is performed on the full client-provided hostname against the configured virtual-hostname.\n\nThis mechanism is only supported for hostnames provided through the Server Name Indication (SNI) extension of TLS.\n\n\nAttribute|Identifying|Read-Only|Write-Only|Requires-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:\nvirtualHostname|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.17.",
+        "description": "Replace a Virtual Hostname object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Virtual Hostname is a provisioned object on a message broker that contains a Virtual Hostname to Message VPN mapping.\n\nClients which connect to a global (as opposed to per Message VPN) port and provides this hostname will be directed to its corresponding Message VPN. A case-insentive match is performed on the full client-provided hostname against the configured virtual-hostname.\n\nThis mechanism is only supported for hostnames provided through the Server Name Indication (SNI) extension of TLS.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---|:---|:---|:---|:---|:---|:---|:---\nvirtualHostname|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.17.",
         "operationId": "replaceVirtualHostname",
         "parameters": [
           {
diff --git a/test/sempclient/spec/spec_monitor.json b/test/sempclient/spec/spec_monitor.json
index 99ebee9..8783282 100644
--- a/test/sempclient/spec/spec_monitor.json
+++ b/test/sempclient/spec/spec_monitor.json
@@ -145,12 +145,12 @@
     "AboutUserCollections": {
       "properties": {
         "msgVpns": {
-          "$ref": "#/definitions/AboutUserCollectionsMsgvpns"
+          "$ref": "#/definitions/AboutUserCollectionsMsgVpns"
         }
       },
       "type": "object"
     },
-    "AboutUserCollectionsMsgvpns": {
+    "AboutUserCollectionsMsgVpns": {
       "properties": {
         "count": {
           "description": "The total number of objects in the msgVpns collection.",
@@ -600,11 +600,20 @@
           "$ref": "#/definitions/EventThreshold"
         },
         "serviceHealthCheckEnabled": {
-          "description": "Enable or disable the health-check service. Available since 2.17.",
+          "description": "Enable or disable the plain-text health-check service. Available since 2.17.",
           "type": "boolean"
         },
         "serviceHealthCheckListenPort": {
-          "description": "The port number for the health-check service. The port must be unique across the message backbone. The health-check service must be disabled to change the port. Available since 2.17.",
+          "description": "The port number for the plain-text health-check service. The port must be unique across the message backbone. The health-check service must be disabled to change the port. Available since 2.17.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "serviceHealthCheckTlsEnabled": {
+          "description": "Enable or disable the TLS health-check service. Available since 2.34.",
+          "type": "boolean"
+        },
+        "serviceHealthCheckTlsListenPort": {
+          "description": "The port number for the TLS health-check service. The port must be unique across the message backbone. The health-check service must be disabled to change the port. Available since 2.34.",
           "format": "int64",
           "type": "integer"
         },
@@ -729,6 +738,19 @@
           "description": "Used to specify the Web URL suffix that will be used by Web clients when communicating with the broker. Available since 2.17.",
           "type": "string"
         },
+        "telemetryTraceDemoExpiryTime": {
+          "description": "Indicates when the tracing demo will expire or has expired. When the tracing demo expires, tracing becomes inactive. For more details related to terms, demo mode extension, and purchase, please see: https://solace.com/dt-demo-mode. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time). Available since 2.31.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "telemetryTraceDemoState": {
+          "description": "Indicates whether the tracing demo is ready to be activated, active, or inactive. For more details related to the tracing demo, please see: https://solace.com/dt-demo-mode. The allowed values and their meaning are:\n\n<pre>\n\"active\" - The tracing demo is active. The demo expiry time indicates when tracing will become inactive if tracing is not licensed or the broker is not restarted before then. For more details related to terms, demo mode extension, and purchase, please see: https://solace.com/dt-demo-mode.\n\"inactive\" - The tracing demo is not active either because tracing is licensed, thereby enabling continuous tracing operation; or the tracing demo mode is not available on this broker.\n\"inactive-restart-required\" - The tracing demo mode was active, but the expiry time was reached without the installation of a tracing product key or a broker restart. Obtain a license and install the provided product key to enable continuous operation of tracing. Alternatively, restart the broker to reactivate tracing in demo mode. For more details related to terms, demo mode extension, and purchase, please see: https://solace.com/dt-demo-mode.\n\"ready\" - The broker is capable of providing tracing functionality in demo mode. To activate the demo, simply enable tracing. For more details related to terms, demo mode extension, and purchase, please see: https://solace.com/dt-demo-mode.\n</pre>\n Available since 2.31.",
+          "type": "string"
+        },
+        "telemetryTraceMode": {
+          "description": "Indicates whether tracing is licensed, requires a license, or is in demo mode. Installing a tracing product key results in licensed mode. The allowed values and their meaning are:\n\n<pre>\n\"demo\" - The free tracing demo mode allows for evaluation of tracing before purchasing a license. Please see https://solace.com/dt-demo-mode for more details.\n\"inactive-license-required\" - A tracing license is required for tracing to become operational.\n\"licensed\" - A tracing product key has been installed, enabling continuous operation of tracing.\n</pre>\n Available since 2.31.",
+          "type": "string"
+        },
         "tlsBlockVersion11Enabled": {
           "description": "Indicates whether TLS version 1.1 connections are blocked. When blocked, all existing incoming and outgoing TLS 1.1 connections with Clients, SEMP users, and LDAP servers remain connected while new connections are blocked. Note that support for TLS 1.1 will eventually be discontinued, at which time TLS 1.1 connections will be blocked regardless of this setting.",
           "type": "boolean"
@@ -830,6 +852,14 @@
           "format": "int64",
           "type": "integer"
         },
+        "version": {
+          "description": "The version of the broker. Available since 2.29.",
+          "type": "string"
+        },
+        "webManagerAllowUnencryptedWizardsEnabled": {
+          "description": "Enable or disable the use of unencrypted wizards in the Web-based Manager UI. This setting should be left at its default on all production systems or other systems that need to be secure.  Enabling this option will permit the broker to forward plain-text data to other brokers, making important information or credentials available for snooping. Available since 2.28.",
+          "type": "boolean"
+        },
         "webManagerCustomization": {
           "description": "Reserved for internal use by Solace. Available since 2.25.",
           "type": "string"
@@ -857,39 +887,39 @@
     "BrokerCollections": {
       "properties": {
         "certAuthorities": {
-          "$ref": "#/definitions/BrokerCollectionsCertauthorities"
+          "$ref": "#/definitions/BrokerCollectionsCertAuthorities"
         },
         "clientCertAuthorities": {
-          "$ref": "#/definitions/BrokerCollectionsClientcertauthorities"
+          "$ref": "#/definitions/BrokerCollectionsClientCertAuthorities"
         },
         "configSyncLocalDatabaseRows": {
-          "$ref": "#/definitions/BrokerCollectionsConfigsynclocaldatabaserows"
+          "$ref": "#/definitions/BrokerCollectionsConfigSyncLocalDatabaseRows"
         },
         "dmrClusters": {
-          "$ref": "#/definitions/BrokerCollectionsDmrclusters"
+          "$ref": "#/definitions/BrokerCollectionsDmrClusters"
         },
         "domainCertAuthorities": {
-          "$ref": "#/definitions/BrokerCollectionsDomaincertauthorities"
+          "$ref": "#/definitions/BrokerCollectionsDomainCertAuthorities"
         },
         "msgVpns": {
-          "$ref": "#/definitions/BrokerCollectionsMsgvpns"
+          "$ref": "#/definitions/BrokerCollectionsMsgVpns"
         },
         "oauthProfiles": {
-          "$ref": "#/definitions/BrokerCollectionsOauthprofiles"
+          "$ref": "#/definitions/BrokerCollectionsOauthProfiles"
         },
         "sessions": {
           "$ref": "#/definitions/BrokerCollectionsSessions"
         },
         "standardDomainCertAuthorities": {
-          "$ref": "#/definitions/BrokerCollectionsStandarddomaincertauthorities"
+          "$ref": "#/definitions/BrokerCollectionsStandardDomainCertAuthorities"
         },
         "virtualHostnames": {
-          "$ref": "#/definitions/BrokerCollectionsVirtualhostnames"
+          "$ref": "#/definitions/BrokerCollectionsVirtualHostnames"
         }
       },
       "type": "object"
     },
-    "BrokerCollectionsCertauthorities": {
+    "BrokerCollectionsCertAuthorities": {
       "properties": {
         "count": {
           "description": "The total number of objects in the certAuthorities collection. Deprecated since 2.19. Replaced by clientCertAuthorities and domainCertAuthorities.",
@@ -899,7 +929,7 @@
       },
       "type": "object"
     },
-    "BrokerCollectionsClientcertauthorities": {
+    "BrokerCollectionsClientCertAuthorities": {
       "properties": {
         "count": {
           "description": "The total number of objects in the clientCertAuthorities collection. Available since 2.19.",
@@ -909,7 +939,7 @@
       },
       "type": "object"
     },
-    "BrokerCollectionsConfigsynclocaldatabaserows": {
+    "BrokerCollectionsConfigSyncLocalDatabaseRows": {
       "properties": {
         "count": {
           "description": "The total number of objects in the configSyncLocalDatabaseRows collection. Available since 2.22.",
@@ -919,7 +949,7 @@
       },
       "type": "object"
     },
-    "BrokerCollectionsDmrclusters": {
+    "BrokerCollectionsDmrClusters": {
       "properties": {
         "count": {
           "description": "The total number of objects in the dmrClusters collection. Available since 2.11.",
@@ -929,7 +959,7 @@
       },
       "type": "object"
     },
-    "BrokerCollectionsDomaincertauthorities": {
+    "BrokerCollectionsDomainCertAuthorities": {
       "properties": {
         "count": {
           "description": "The total number of objects in the domainCertAuthorities collection. Available since 2.19.",
@@ -939,7 +969,7 @@
       },
       "type": "object"
     },
-    "BrokerCollectionsMsgvpns": {
+    "BrokerCollectionsMsgVpns": {
       "properties": {
         "count": {
           "description": "The total number of objects in the msgVpns collection. Available since 2.11.",
@@ -949,7 +979,7 @@
       },
       "type": "object"
     },
-    "BrokerCollectionsOauthprofiles": {
+    "BrokerCollectionsOauthProfiles": {
       "properties": {
         "count": {
           "description": "The total number of objects in the oauthProfiles collection. Available since 2.24.",
@@ -969,7 +999,7 @@
       },
       "type": "object"
     },
-    "BrokerCollectionsStandarddomaincertauthorities": {
+    "BrokerCollectionsStandardDomainCertAuthorities": {
       "properties": {
         "count": {
           "description": "The total number of objects in the standardDomainCertAuthorities collection. Available since 2.19.",
@@ -979,7 +1009,7 @@
       },
       "type": "object"
     },
-    "BrokerCollectionsVirtualhostnames": {
+    "BrokerCollectionsVirtualHostnames": {
       "properties": {
         "count": {
           "description": "The total number of objects in the virtualHostnames collection. Available since 2.17.",
@@ -1024,7 +1054,7 @@
           "type": "string"
         },
         "sessionsUri": {
-          "description": "The URI of this Broker's collection of Session objects. Available since 2.21.",
+          "description": "The URI of this Broker's collection of SEMP Session objects. Available since 2.21.",
           "type": "string"
         },
         "standardDomainCertAuthoritiesUri": {
@@ -1133,7 +1163,7 @@
           "type": "boolean"
         },
         "crlUrl": {
-          "description": "The URL for the CRL source. This is a required attribute for CRL to be operational and the URL must be complete with http:// included. Deprecated since 2.19. certAuthorities replaced by clientCertAuthorities and domainCertAuthorities.",
+          "description": "The URL for the CRL source. This is a required attribute for CRL to be operational and the URL must be complete with http:// included. IPv6 addresses must be enclosed in square-brackets. Deprecated since 2.19. certAuthorities replaced by clientCertAuthorities and domainCertAuthorities.",
           "type": "string"
         },
         "ocspLastFailureReason": {
@@ -1172,12 +1202,12 @@
     "CertAuthorityCollections": {
       "properties": {
         "ocspTlsTrustedCommonNames": {
-          "$ref": "#/definitions/CertAuthorityCollectionsOcsptlstrustedcommonnames"
+          "$ref": "#/definitions/CertAuthorityCollectionsOcspTlsTrustedCommonNames"
         }
       },
       "type": "object"
     },
-    "CertAuthorityCollectionsOcsptlstrustedcommonnames": {
+    "CertAuthorityCollectionsOcspTlsTrustedCommonNames": {
       "properties": {
         "count": {
           "description": "The total number of objects in the ocspTlsTrustedCommonNames collection. Deprecated since 2.19. Replaced by clientCertAuthorities.",
@@ -1335,7 +1365,7 @@
           "type": "string"
         },
         "crlDayList": {
-          "description": "The scheduled CRL refresh day(s), specified as \"daily\" or a comma-separated list of days. Days must be specified as \"Sun\", \"Mon\", \"Tue\", \"Wed\", \"Thu\", \"Fri\", or \"Sat\", with no spaces, and in sorted order from Sunday to Saturday.",
+          "description": "The scheduled CRL refresh day(s), specified as \"daily\" or a comma-separated list of days. Days must be specified as \"Sun\", \"Mon\", \"Tue\", \"Wed\", \"Thu\", \"Fri\", or \"Sat\", with no spaces, and in sorted order from Sunday to Saturday. The empty-string (\"\") can also be specified, indicating no schedule is configured (\"crlTimeList\" must also be configured to the empty-string).",
           "type": "string"
         },
         "crlLastDownloadTime": {
@@ -1358,7 +1388,7 @@
           "type": "integer"
         },
         "crlTimeList": {
-          "description": "The scheduled CRL refresh time(s), specified as \"hourly\" or a comma-separated list of 24-hour times in the form hh:mm, or h:mm. There must be no spaces, and times (up to 4) must be in sorted order from 0:00 to 23:59.",
+          "description": "The scheduled CRL refresh time(s), specified as \"hourly\" or a comma-separated list of 24-hour times in the form hh:mm, or h:mm. There must be no spaces, and times (up to 4) must be in sorted order from 0:00 to 23:59. The empty-string (\"\") can also be specified, indicating no schedule is configured (\"crlDayList\" must also be configured to the empty-string).",
           "type": "string"
         },
         "crlUp": {
@@ -1366,7 +1396,7 @@
           "type": "boolean"
         },
         "crlUrl": {
-          "description": "The URL for the CRL source. This is a required attribute for CRL to be operational and the URL must be complete with http:// included.",
+          "description": "The URL for the CRL source. This is a required attribute for CRL to be operational and the URL must be complete with http:// included. IPv6 addresses must be enclosed in square-brackets.",
           "type": "string"
         },
         "ocspLastFailureReason": {
@@ -1405,12 +1435,12 @@
     "ClientCertAuthorityCollections": {
       "properties": {
         "ocspTlsTrustedCommonNames": {
-          "$ref": "#/definitions/ClientCertAuthorityCollectionsOcsptlstrustedcommonnames"
+          "$ref": "#/definitions/ClientCertAuthorityCollectionsOcspTlsTrustedCommonNames"
         }
       },
       "type": "object"
     },
-    "ClientCertAuthorityCollectionsOcsptlstrustedcommonnames": {
+    "ClientCertAuthorityCollectionsOcspTlsTrustedCommonNames": {
       "properties": {
         "count": {
           "description": "The total number of objects in the ocspTlsTrustedCommonNames collection.",
@@ -1700,306 +1730,274 @@
       },
       "type": "object"
     },
-    "DmrClusterCollections": {
+    "DmrClusterCertMatchingRule": {
       "properties": {
-        "links": {
-          "$ref": "#/definitions/DmrClusterCollectionsLinks"
+        "dmrClusterName": {
+          "description": "The name of the Cluster.",
+          "type": "string"
         },
-        "topologyIssues": {
-          "$ref": "#/definitions/DmrClusterCollectionsTopologyissues"
+        "enabled": {
+          "description": "Indicates whether a certificate matching rule is enabled.",
+          "type": "boolean"
+        },
+        "ruleName": {
+          "description": "The name of the rule.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "DmrClusterCollectionsLinks": {
+    "DmrClusterCertMatchingRuleAttributeFilter": {
       "properties": {
-        "count": {
-          "description": "The total number of objects in the links collection.",
-          "format": "int64",
-          "type": "integer"
+        "attributeName": {
+          "description": "Link Attribute to be tested.",
+          "type": "string"
+        },
+        "attributeValue": {
+          "description": "Expected attribute value.",
+          "type": "string"
+        },
+        "dmrClusterName": {
+          "description": "The name of the Cluster.",
+          "type": "string"
+        },
+        "filterName": {
+          "description": "The name of the filter.",
+          "type": "string"
+        },
+        "ruleName": {
+          "description": "The name of the rule.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "DmrClusterCollectionsTopologyissues": {
+    "DmrClusterCertMatchingRuleAttributeFilterCollections": {
+      "properties": {},
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleAttributeFilterLinks": {
       "properties": {
-        "count": {
-          "description": "The total number of objects in the topologyIssues collection.",
-          "format": "int64",
-          "type": "integer"
+        "uri": {
+          "description": "The URI of this Certificate Matching Rule Attribute Filter object.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "DmrClusterLink": {
+    "DmrClusterCertMatchingRuleAttributeFilterResponse": {
       "properties": {
-        "authenticationScheme": {
-          "description": "The authentication scheme to be used by the Link which initiates connections to the remote node. The allowed values and their meaning are:\n\n<pre>\n\"basic\" - Basic Authentication Scheme (via username and password).\n\"client-certificate\" - Client Certificate Authentication Scheme (via certificate file or content).\n</pre>\n",
-          "enum": [
-            "basic",
-            "client-certificate"
-          ],
-          "type": "string"
-        },
-        "clientProfileName": {
-          "description": "The name of the Client Profile used by the Link.",
-          "type": "string"
-        },
-        "clientProfileQueueControl1MaxDepth": {
-          "description": "The maximum depth of the \"Control 1\" (C-1) priority queue, in work units. Each work unit is 2048 bytes of message data.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "clientProfileQueueControl1MinMsgBurst": {
-          "description": "The number of messages that are always allowed entry into the \"Control 1\" (C-1) priority queue, regardless of the `clientProfileQueueControl1MaxDepth` value.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "clientProfileQueueDirect1MaxDepth": {
-          "description": "The maximum depth of the \"Direct 1\" (D-1) priority queue, in work units. Each work unit is 2048 bytes of message data.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "clientProfileQueueDirect1MinMsgBurst": {
-          "description": "The number of messages that are always allowed entry into the \"Direct 1\" (D-1) priority queue, regardless of the `clientProfileQueueDirect1MaxDepth` value.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "clientProfileQueueDirect2MaxDepth": {
-          "description": "The maximum depth of the \"Direct 2\" (D-2) priority queue, in work units. Each work unit is 2048 bytes of message data.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "clientProfileQueueDirect2MinMsgBurst": {
-          "description": "The number of messages that are always allowed entry into the \"Direct 2\" (D-2) priority queue, regardless of the `clientProfileQueueDirect2MaxDepth` value.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "clientProfileQueueDirect3MaxDepth": {
-          "description": "The maximum depth of the \"Direct 3\" (D-3) priority queue, in work units. Each work unit is 2048 bytes of message data.",
-          "format": "int32",
-          "type": "integer"
+        "collections": {
+          "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilterCollections"
         },
-        "clientProfileQueueDirect3MinMsgBurst": {
-          "description": "The number of messages that are always allowed entry into the \"Direct 3\" (D-3) priority queue, regardless of the `clientProfileQueueDirect3MaxDepth` value.",
-          "format": "int32",
-          "type": "integer"
+        "data": {
+          "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilter"
         },
-        "clientProfileQueueGuaranteed1MaxDepth": {
-          "description": "The maximum depth of the \"Guaranteed 1\" (G-1) priority queue, in work units. Each work unit is 2048 bytes of message data.",
-          "format": "int32",
-          "type": "integer"
+        "links": {
+          "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilterLinks"
         },
-        "clientProfileQueueGuaranteed1MinMsgBurst": {
-          "description": "The number of messages that are always allowed entry into the \"Guaranteed 1\" (G-3) priority queue, regardless of the `clientProfileQueueGuaranteed1MaxDepth` value.",
-          "format": "int32",
-          "type": "integer"
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleAttributeFiltersResponse": {
+      "properties": {
+        "collections": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilterCollections"
+          },
+          "type": "array"
         },
-        "clientProfileTcpCongestionWindowSize": {
-          "description": "The TCP initial congestion window size, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value.",
-          "format": "int64",
-          "type": "integer"
+        "data": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilter"
+          },
+          "type": "array"
         },
-        "clientProfileTcpKeepaliveCount": {
-          "description": "The number of TCP keepalive retransmissions to be carried out before declaring that the remote end is not available.",
-          "format": "int64",
-          "type": "integer"
+        "links": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilterLinks"
+          },
+          "type": "array"
         },
-        "clientProfileTcpKeepaliveIdleTime": {
-          "description": "The amount of time a connection must remain idle before TCP begins sending keepalive probes, in seconds.",
-          "format": "int64",
-          "type": "integer"
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleCollections": {
+      "properties": {
+        "attributeFilters": {
+          "$ref": "#/definitions/DmrClusterCertMatchingRuleCollectionsAttributeFilters"
         },
-        "clientProfileTcpKeepaliveInterval": {
-          "description": "The amount of time between TCP keepalive retransmissions when no acknowledgement is received, in seconds.",
+        "conditions": {
+          "$ref": "#/definitions/DmrClusterCertMatchingRuleCollectionsConditions"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleCollectionsAttributeFilters": {
+      "properties": {
+        "count": {
+          "description": "The total number of objects in the attributeFilters collection.",
           "format": "int64",
           "type": "integer"
-        },
-        "clientProfileTcpMaxSegmentSize": {
-          "description": "The TCP maximum segment size, in bytes. Changes are applied to all existing connections.",
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleCollectionsConditions": {
+      "properties": {
+        "count": {
+          "description": "The total number of objects in the conditions collection.",
           "format": "int64",
           "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleCondition": {
+      "properties": {
+        "attribute": {
+          "description": "Link Attribute to be compared with certificate content. Either an attribute or an expression must be provided on creation, but not both.",
+          "type": "string"
         },
-        "clientProfileTcpMaxWindowSize": {
-          "description": "The TCP maximum window size, in kilobytes. Changes are applied to all existing connections.",
-          "format": "int64",
-          "type": "integer"
+        "comparisonMode": {
+          "description": "The comparison mode to use. The allowed values and their meaning are:\n\n<pre>\n\"matches-attribute\" - Certificate field matches an attribute value exactly.\n\"matches-expression\" - Certificate field matches a glob expression.\n</pre>\n",
+          "type": "string"
         },
         "dmrClusterName": {
           "description": "The name of the Cluster.",
           "type": "string"
         },
-        "egressFlowWindowSize": {
-          "description": "The number of outstanding guaranteed messages that can be sent over the Link before acknowledgement is received by the sender.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "enabled": {
-          "description": "Indicates whether the Link is enabled. When disabled, subscription sets of this and the remote node are not kept up-to-date, and messages are not exchanged with the remote node. Published guaranteed messages will be queued up for future delivery based on current subscription sets.",
-          "type": "boolean"
+        "expression": {
+          "description": "Glob expression to be matched with certificate content. Either an expression or an attribute must be provided on creation, but not both.",
+          "type": "string"
         },
-        "failureReason": {
-          "description": "The failure reason for the Link being down.",
+        "ruleName": {
+          "description": "The name of the rule.",
           "type": "string"
         },
-        "initiator": {
-          "description": "The initiator of the Link's TCP connections. The allowed values and their meaning are:\n\n<pre>\n\"lexical\" - The \"higher\" node-name initiates.\n\"local\" - The local node initiates.\n\"remote\" - The remote node initiates.\n</pre>\n",
+        "source": {
+          "description": "Certificate field to be compared with the Attribute. The allowed values and their meaning are:\n\n<pre>\n\"certificate-thumbprint\" - The attribute is computed as the SHA-1 hash over the entire DER-encoded contents of the client certificate.\n\"common-name\" - The attribute is extracted from the certificate's first instance of the Common Name attribute in the Subject DN.\n\"common-name-last\" - The attribute is extracted from the certificate's last instance of the Common Name attribute in the Subject DN.\n\"subject-alternate-name-msupn\" - The attribute is extracted from the certificate's Other Name type of the Subject Alternative Name and must have the msUPN signature.\n\"uid\" - The attribute is extracted from the certificate's first instance of the User Identifier attribute in the Subject DN.\n\"uid-last\" - The attribute is extracted from the certificate's last instance of the User Identifier attribute in the Subject DN.\n\"org-unit\" - The attribute is extracted from the certificate's first instance of the Org Unit attribute in the Subject DN.\n\"org-unit-last\" - The attribute is extracted from the certificate's last instance of the Org Unit attribute in the Subject DN.\n\"issuer\" - The attribute is extracted from the certificate's Issuer DN.\n\"subject\" - The attribute is extracted from the certificate's Subject DN.\n\"serial-number\" - The attribute is extracted from the certificate's Serial Number.\n\"dns-name\" - The attribute is extracted from the certificate's Subject Alt Name DNSName.\n\"ip-address\" - The attribute is extracted from the certificate's Subject Alt Name IPAddress.\n</pre>\n",
           "enum": [
-            "lexical",
-            "local",
-            "remote"
+            "certificate-thumbprint",
+            "common-name",
+            "common-name-last",
+            "subject-alternate-name-msupn",
+            "uid",
+            "uid-last",
+            "org-unit",
+            "org-unit-last",
+            "issuer",
+            "subject",
+            "serial-number",
+            "dns-name",
+            "ip-address"
           ],
           "type": "string"
-        },
-        "queueDeadMsgQueue": {
-          "description": "The name of the Dead Message Queue (DMQ) used by the Queue for discarded messages.",
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleConditionCollections": {
+      "properties": {},
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleConditionLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Certificate Matching Rule Condition object.",
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleConditionResponse": {
+      "properties": {
+        "collections": {
+          "$ref": "#/definitions/DmrClusterCertMatchingRuleConditionCollections"
         },
-        "queueEventSpoolUsageThreshold": {
-          "$ref": "#/definitions/EventThreshold"
-        },
-        "queueMaxDeliveredUnackedMsgsPerFlow": {
-          "description": "The maximum number of messages delivered but not acknowledged per flow for the Queue.",
-          "format": "int64",
-          "type": "integer"
+        "data": {
+          "$ref": "#/definitions/DmrClusterCertMatchingRuleCondition"
         },
-        "queueMaxMsgSpoolUsage": {
-          "description": "The maximum message spool usage by the Queue (quota), in megabytes (MB).",
-          "format": "int64",
-          "type": "integer"
+        "links": {
+          "$ref": "#/definitions/DmrClusterCertMatchingRuleConditionLinks"
         },
-        "queueMaxRedeliveryCount": {
-          "description": "The maximum number of times the Queue will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever.",
-          "format": "int64",
-          "type": "integer"
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleConditionsResponse": {
+      "properties": {
+        "collections": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterCertMatchingRuleConditionCollections"
+          },
+          "type": "array"
         },
-        "queueMaxTtl": {
-          "description": "The maximum time in seconds a message can stay in the Queue when `queueRespectTtlEnabled` is `true`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `queueMaxTtl` configured for the Queue, is exceeded. A value of 0 disables expiry.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "queueRejectMsgToSenderOnDiscardBehavior": {
-          "description": "Determines when to return negative acknowledgements (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. The allowed values and their meaning are:\n\n<pre>\n\"always\" - Always return a negative acknowledgment (NACK) to the sending client on message discard.\n\"when-queue-enabled\" - Only return a negative acknowledgment (NACK) to the sending client on message discard when the Queue is enabled.\n\"never\" - Never return a negative acknowledgment (NACK) to the sending client on message discard.\n</pre>\n",
-          "enum": [
-            "always",
-            "when-queue-enabled",
-            "never"
-          ],
-          "type": "string"
-        },
-        "queueRespectTtlEnabled": {
-          "description": "Indicates whether the the time-to-live (TTL) for messages in the Queue is respected. When enabled, expired messages are discarded or moved to the DMQ.",
-          "type": "boolean"
-        },
-        "remoteClusterName": {
-          "description": "The cluster name of the remote node. Available since 2.17.",
-          "type": "string"
-        },
-        "remoteNodeName": {
-          "description": "The name of the node at the remote end of the Link.",
-          "type": "string"
-        },
-        "span": {
-          "description": "The span of the Link, either internal or external. Internal Links connect nodes within the same Cluster. External Links connect nodes within different Clusters. The allowed values and their meaning are:\n\n<pre>\n\"internal\" - Link to same cluster.\n\"external\" - Link to other cluster.\n</pre>\n",
-          "enum": [
-            "internal",
-            "external"
-          ],
-          "type": "string"
-        },
-        "transportCompressedEnabled": {
-          "description": "Indicates whether compression is enabled on the Link.",
-          "type": "boolean"
-        },
-        "transportTlsEnabled": {
-          "description": "Indicates whether encryption (TLS) is enabled on the Link.",
-          "type": "boolean"
+        "data": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterCertMatchingRuleCondition"
+          },
+          "type": "array"
         },
-        "up": {
-          "description": "Indicates whether the Link is operationally up.",
-          "type": "boolean"
+        "links": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterCertMatchingRuleConditionLinks"
+          },
+          "type": "array"
         },
-        "uptime": {
-          "description": "The amount of time in seconds since the Link was up.",
-          "format": "int64",
-          "type": "integer"
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
         }
       },
+      "required": [
+        "meta"
+      ],
       "type": "object"
     },
-    "DmrClusterLinkChannel": {
+    "DmrClusterCertMatchingRuleLinks": {
       "properties": {
-        "bridgeName": {
-          "description": "The name of the Bridge used by the Channel.",
+        "attributeFiltersUri": {
+          "description": "The URI of this Certificate Matching Rule's collection of Certificate Matching Rule Attribute Filter objects.",
           "type": "string"
         },
-        "clientName": {
-          "description": "The name of the Client used by the Channel.",
-          "type": "string"
-        },
-        "dmrClusterName": {
-          "description": "The name of the Cluster.",
-          "type": "string"
-        },
-        "establisher": {
-          "description": "Indicates whether the local node established the Channel.",
-          "type": "boolean"
-        },
-        "failureReason": {
-          "description": "The failure reason for the Channel being down.",
-          "type": "string"
-        },
-        "msgVpnName": {
-          "description": "The name of the Message VPN.",
-          "type": "string"
-        },
-        "queueName": {
-          "description": "The name of the Queue used by the Channel.",
-          "type": "string"
-        },
-        "remoteAddress": {
-          "description": "The FQDN or IP address (and optional port) of the remote node.",
-          "type": "string"
-        },
-        "remoteNodeName": {
-          "description": "The name of the node at the remote end of the Link.",
+        "conditionsUri": {
+          "description": "The URI of this Certificate Matching Rule's collection of Certificate Matching Rule Condition objects.",
           "type": "string"
         },
-        "up": {
-          "description": "Indicates whether the Channel is operationally up.",
-          "type": "boolean"
-        },
-        "uptime": {
-          "description": "The amount of time in seconds since the Channel was up.",
-          "format": "int64",
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "DmrClusterLinkChannelCollections": {
-      "properties": {},
-      "type": "object"
-    },
-    "DmrClusterLinkChannelLinks": {
-      "properties": {
         "uri": {
-          "description": "The URI of this Cluster Link Channels object.",
+          "description": "The URI of this Certificate Matching Rule object.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "DmrClusterLinkChannelResponse": {
+    "DmrClusterCertMatchingRuleResponse": {
       "properties": {
         "collections": {
-          "$ref": "#/definitions/DmrClusterLinkChannelCollections"
+          "$ref": "#/definitions/DmrClusterCertMatchingRuleCollections"
         },
         "data": {
-          "$ref": "#/definitions/DmrClusterLinkChannel"
+          "$ref": "#/definitions/DmrClusterCertMatchingRule"
         },
         "links": {
-          "$ref": "#/definitions/DmrClusterLinkChannelLinks"
+          "$ref": "#/definitions/DmrClusterCertMatchingRuleLinks"
         },
         "meta": {
           "$ref": "#/definitions/SempMeta"
@@ -2010,23 +2008,23 @@
       ],
       "type": "object"
     },
-    "DmrClusterLinkChannelsResponse": {
+    "DmrClusterCertMatchingRulesResponse": {
       "properties": {
         "collections": {
           "items": {
-            "$ref": "#/definitions/DmrClusterLinkChannelCollections"
+            "$ref": "#/definitions/DmrClusterCertMatchingRuleCollections"
           },
           "type": "array"
         },
         "data": {
           "items": {
-            "$ref": "#/definitions/DmrClusterLinkChannel"
+            "$ref": "#/definitions/DmrClusterCertMatchingRule"
           },
           "type": "array"
         },
         "links": {
           "items": {
-            "$ref": "#/definitions/DmrClusterLinkChannelLinks"
+            "$ref": "#/definitions/DmrClusterCertMatchingRuleLinks"
           },
           "type": "array"
         },
@@ -2039,210 +2037,294 @@
       ],
       "type": "object"
     },
-    "DmrClusterLinkCollections": {
+    "DmrClusterCollections": {
       "properties": {
-        "channels": {
-          "$ref": "#/definitions/DmrClusterLinkCollectionsChannels"
+        "certMatchingRules": {
+          "$ref": "#/definitions/DmrClusterCollectionsCertMatchingRules"
         },
-        "remoteAddresses": {
-          "$ref": "#/definitions/DmrClusterLinkCollectionsRemoteaddresses"
+        "links": {
+          "$ref": "#/definitions/DmrClusterCollectionsLinks"
         },
-        "tlsTrustedCommonNames": {
-          "$ref": "#/definitions/DmrClusterLinkCollectionsTlstrustedcommonnames"
+        "topologyIssues": {
+          "$ref": "#/definitions/DmrClusterCollectionsTopologyIssues"
         }
       },
       "type": "object"
     },
-    "DmrClusterLinkCollectionsChannels": {
+    "DmrClusterCollectionsCertMatchingRules": {
       "properties": {
         "count": {
-          "description": "The total number of objects in the channels collection.",
+          "description": "The total number of objects in the certMatchingRules collection. Available since 2.28.",
           "format": "int64",
           "type": "integer"
         }
       },
       "type": "object"
     },
-    "DmrClusterLinkCollectionsRemoteaddresses": {
+    "DmrClusterCollectionsLinks": {
       "properties": {
         "count": {
-          "description": "The total number of objects in the remoteAddresses collection.",
+          "description": "The total number of objects in the links collection.",
           "format": "int64",
           "type": "integer"
         }
       },
       "type": "object"
     },
-    "DmrClusterLinkCollectionsTlstrustedcommonnames": {
+    "DmrClusterCollectionsTopologyIssues": {
       "properties": {
         "count": {
-          "description": "The total number of objects in the tlsTrustedCommonNames collection. Deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+          "description": "The total number of objects in the topologyIssues collection.",
           "format": "int64",
           "type": "integer"
         }
       },
       "type": "object"
     },
-    "DmrClusterLinkLinks": {
+    "DmrClusterLink": {
       "properties": {
-        "channelsUri": {
-          "description": "The URI of this Link's collection of Cluster Link Channels objects.",
+        "authenticationScheme": {
+          "description": "The authentication scheme to be used by the Link which initiates connections to the remote node. The allowed values and their meaning are:\n\n<pre>\n\"basic\" - Basic Authentication Scheme (via username and password).\n\"client-certificate\" - Client Certificate Authentication Scheme (via certificate file or content).\n</pre>\n",
+          "enum": [
+            "basic",
+            "client-certificate"
+          ],
           "type": "string"
         },
-        "remoteAddressesUri": {
-          "description": "The URI of this Link's collection of Remote Address objects.",
-          "type": "string"
+        "authenticationSchemeSecure": {
+          "description": "Indicates whether certificate matching rules are used. Available since 2.28.",
+          "type": "boolean"
         },
-        "tlsTrustedCommonNamesUri": {
-          "description": "The URI of this Link's collection of Trusted Common Name objects. Deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+        "clientProfileName": {
+          "description": "The name of the Client Profile used by the Link.",
           "type": "string"
         },
-        "uri": {
-          "description": "The URI of this Link object.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "DmrClusterLinkRemoteAddress": {
-      "properties": {
-        "dmrClusterName": {
-          "description": "The name of the Cluster.",
-          "type": "string"
+        "clientProfileQueueControl1MaxDepth": {
+          "description": "The maximum depth of the \"Control 1\" (C-1) priority queue, in work units. Each work unit is 2048 bytes of message data.",
+          "format": "int32",
+          "type": "integer"
         },
-        "remoteAddress": {
-          "description": "The FQDN or IP address (and optional port) of the remote node. If a port is not provided, it will vary based on the transport encoding: 55555 (plain-text), 55443 (encrypted), or 55003 (compressed).",
-          "type": "string"
+        "clientProfileQueueControl1MinMsgBurst": {
+          "description": "The number of messages that are always allowed entry into the \"Control 1\" (C-1) priority queue, regardless of the `clientProfileQueueControl1MaxDepth` value.",
+          "format": "int32",
+          "type": "integer"
         },
-        "remoteNodeName": {
-          "description": "The name of the node at the remote end of the Link.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "DmrClusterLinkRemoteAddressCollections": {
-      "properties": {},
-      "type": "object"
-    },
-    "DmrClusterLinkRemoteAddressLinks": {
-      "properties": {
-        "uri": {
-          "description": "The URI of this Remote Address object.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "DmrClusterLinkRemoteAddressResponse": {
-      "properties": {
-        "collections": {
-          "$ref": "#/definitions/DmrClusterLinkRemoteAddressCollections"
+        "clientProfileQueueDirect1MaxDepth": {
+          "description": "The maximum depth of the \"Direct 1\" (D-1) priority queue, in work units. Each work unit is 2048 bytes of message data.",
+          "format": "int32",
+          "type": "integer"
         },
-        "data": {
-          "$ref": "#/definitions/DmrClusterLinkRemoteAddress"
+        "clientProfileQueueDirect1MinMsgBurst": {
+          "description": "The number of messages that are always allowed entry into the \"Direct 1\" (D-1) priority queue, regardless of the `clientProfileQueueDirect1MaxDepth` value.",
+          "format": "int32",
+          "type": "integer"
         },
-        "links": {
-          "$ref": "#/definitions/DmrClusterLinkRemoteAddressLinks"
+        "clientProfileQueueDirect2MaxDepth": {
+          "description": "The maximum depth of the \"Direct 2\" (D-2) priority queue, in work units. Each work unit is 2048 bytes of message data.",
+          "format": "int32",
+          "type": "integer"
         },
-        "meta": {
-          "$ref": "#/definitions/SempMeta"
-        }
-      },
-      "required": [
-        "meta"
-      ],
-      "type": "object"
-    },
-    "DmrClusterLinkRemoteAddressesResponse": {
-      "properties": {
-        "collections": {
-          "items": {
-            "$ref": "#/definitions/DmrClusterLinkRemoteAddressCollections"
-          },
-          "type": "array"
+        "clientProfileQueueDirect2MinMsgBurst": {
+          "description": "The number of messages that are always allowed entry into the \"Direct 2\" (D-2) priority queue, regardless of the `clientProfileQueueDirect2MaxDepth` value.",
+          "format": "int32",
+          "type": "integer"
         },
-        "data": {
-          "items": {
-            "$ref": "#/definitions/DmrClusterLinkRemoteAddress"
-          },
-          "type": "array"
+        "clientProfileQueueDirect3MaxDepth": {
+          "description": "The maximum depth of the \"Direct 3\" (D-3) priority queue, in work units. Each work unit is 2048 bytes of message data.",
+          "format": "int32",
+          "type": "integer"
         },
-        "links": {
-          "items": {
-            "$ref": "#/definitions/DmrClusterLinkRemoteAddressLinks"
-          },
-          "type": "array"
+        "clientProfileQueueDirect3MinMsgBurst": {
+          "description": "The number of messages that are always allowed entry into the \"Direct 3\" (D-3) priority queue, regardless of the `clientProfileQueueDirect3MaxDepth` value.",
+          "format": "int32",
+          "type": "integer"
         },
-        "meta": {
-          "$ref": "#/definitions/SempMeta"
-        }
-      },
-      "required": [
-        "meta"
-      ],
-      "type": "object"
-    },
-    "DmrClusterLinkResponse": {
-      "properties": {
-        "collections": {
-          "$ref": "#/definitions/DmrClusterLinkCollections"
+        "clientProfileQueueGuaranteed1MaxDepth": {
+          "description": "The maximum depth of the \"Guaranteed 1\" (G-1) priority queue, in work units. Each work unit is 2048 bytes of message data.",
+          "format": "int32",
+          "type": "integer"
         },
-        "data": {
-          "$ref": "#/definitions/DmrClusterLink"
+        "clientProfileQueueGuaranteed1MinMsgBurst": {
+          "description": "The number of messages that are always allowed entry into the \"Guaranteed 1\" (G-3) priority queue, regardless of the `clientProfileQueueGuaranteed1MaxDepth` value.",
+          "format": "int32",
+          "type": "integer"
         },
-        "links": {
-          "$ref": "#/definitions/DmrClusterLinkLinks"
+        "clientProfileTcpCongestionWindowSize": {
+          "description": "The TCP initial congestion window size, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value.",
+          "format": "int64",
+          "type": "integer"
         },
-        "meta": {
-          "$ref": "#/definitions/SempMeta"
+        "clientProfileTcpKeepaliveCount": {
+          "description": "The number of TCP keepalive retransmissions to be carried out before declaring that the remote end is not available.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "clientProfileTcpKeepaliveIdleTime": {
+          "description": "The amount of time a connection must remain idle before TCP begins sending keepalive probes, in seconds.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "clientProfileTcpKeepaliveInterval": {
+          "description": "The amount of time between TCP keepalive retransmissions when no acknowledgement is received, in seconds.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "clientProfileTcpMaxSegmentSize": {
+          "description": "The TCP maximum segment size, in bytes. Changes are applied to all existing connections.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "clientProfileTcpMaxWindowSize": {
+          "description": "The TCP maximum window size, in kilobytes. Changes are applied to all existing connections.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "dmrClusterName": {
+          "description": "The name of the Cluster.",
+          "type": "string"
+        },
+        "egressFlowWindowSize": {
+          "description": "The number of outstanding guaranteed messages that can be sent over the Link before acknowledgement is received by the sender.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "enabled": {
+          "description": "Indicates whether the Link is enabled. When disabled, subscription sets of this and the remote node are not kept up-to-date, and messages are not exchanged with the remote node. Published guaranteed messages will be queued up for future delivery based on current subscription sets.",
+          "type": "boolean"
+        },
+        "failureReason": {
+          "description": "The failure reason for the Link being down.",
+          "type": "string"
+        },
+        "initiator": {
+          "description": "The initiator of the Link's TCP connections. The allowed values and their meaning are:\n\n<pre>\n\"lexical\" - The \"higher\" node-name initiates.\n\"local\" - The local node initiates.\n\"remote\" - The remote node initiates.\n</pre>\n",
+          "enum": [
+            "lexical",
+            "local",
+            "remote"
+          ],
+          "type": "string"
+        },
+        "queueDeadMsgQueue": {
+          "description": "The name of the Dead Message Queue (DMQ) used by the Queue for discarded messages.",
+          "type": "string"
+        },
+        "queueEventSpoolUsageThreshold": {
+          "$ref": "#/definitions/EventThreshold"
+        },
+        "queueMaxDeliveredUnackedMsgsPerFlow": {
+          "description": "The maximum number of messages delivered but not acknowledged per flow for the Queue.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "queueMaxMsgSpoolUsage": {
+          "description": "The maximum message spool usage by the Queue (quota), in megabytes (MB).",
+          "format": "int64",
+          "type": "integer"
+        },
+        "queueMaxRedeliveryCount": {
+          "description": "The maximum number of times the Queue will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "queueMaxTtl": {
+          "description": "The maximum time in seconds a message can stay in the Queue when `queueRespectTtlEnabled` is `true`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `queueMaxTtl` configured for the Queue, is exceeded. A value of 0 disables expiry.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "queueRejectMsgToSenderOnDiscardBehavior": {
+          "description": "Determines when to return negative acknowledgements (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. The allowed values and their meaning are:\n\n<pre>\n\"always\" - Always return a negative acknowledgment (NACK) to the sending client on message discard.\n\"when-queue-enabled\" - Only return a negative acknowledgment (NACK) to the sending client on message discard when the Queue is enabled.\n\"never\" - Never return a negative acknowledgment (NACK) to the sending client on message discard.\n</pre>\n",
+          "enum": [
+            "always",
+            "when-queue-enabled",
+            "never"
+          ],
+          "type": "string"
+        },
+        "queueRespectTtlEnabled": {
+          "description": "Indicates whether the the time-to-live (TTL) for messages in the Queue is respected. When enabled, expired messages are discarded or moved to the DMQ.",
+          "type": "boolean"
+        },
+        "remoteClusterName": {
+          "description": "The cluster name of the remote node. Available since 2.17.",
+          "type": "string"
+        },
+        "remoteNodeName": {
+          "description": "The name of the node at the remote end of the Link.",
+          "type": "string"
+        },
+        "span": {
+          "description": "The span of the Link, either internal or external. Internal Links connect nodes within the same Cluster. External Links connect nodes within different Clusters. The allowed values and their meaning are:\n\n<pre>\n\"internal\" - Link to same cluster.\n\"external\" - Link to other cluster.\n</pre>\n",
+          "enum": [
+            "internal",
+            "external"
+          ],
+          "type": "string"
+        },
+        "transportCompressedEnabled": {
+          "description": "Indicates whether compression is enabled on the Link.",
+          "type": "boolean"
+        },
+        "transportTlsEnabled": {
+          "description": "Indicates whether encryption (TLS) is enabled on the Link.",
+          "type": "boolean"
+        },
+        "up": {
+          "description": "Indicates whether the Link is operationally up.",
+          "type": "boolean"
+        },
+        "uptime": {
+          "description": "The amount of time in seconds since the Link was up.",
+          "format": "int64",
+          "type": "integer"
         }
       },
-      "required": [
-        "meta"
-      ],
       "type": "object"
     },
-    "DmrClusterLinkTlsTrustedCommonName": {
+    "DmrClusterLinkAttribute": {
       "properties": {
-        "dmrClusterName": {
-          "description": "The name of the Cluster. Deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+        "attributeName": {
+          "description": "The name of the Attribute.",
           "type": "string"
         },
-        "remoteNodeName": {
-          "description": "The name of the node at the remote end of the Link. Deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+        "attributeValue": {
+          "description": "The value of the Attribute.",
           "type": "string"
         },
-        "tlsTrustedCommonName": {
-          "description": "The expected trusted common name of the remote certificate. Deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+        "dmrClusterName": {
+          "description": "The name of the Cluster.",
+          "type": "string"
+        },
+        "remoteNodeName": {
+          "description": "The name of the node at the remote end of the Link.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "DmrClusterLinkTlsTrustedCommonNameCollections": {
+    "DmrClusterLinkAttributeCollections": {
       "properties": {},
       "type": "object"
     },
-    "DmrClusterLinkTlsTrustedCommonNameLinks": {
+    "DmrClusterLinkAttributeLinks": {
       "properties": {
         "uri": {
-          "description": "The URI of this Trusted Common Name object.",
+          "description": "The URI of this Link Attribute object.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "DmrClusterLinkTlsTrustedCommonNameResponse": {
+    "DmrClusterLinkAttributeResponse": {
       "properties": {
         "collections": {
-          "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonNameCollections"
+          "$ref": "#/definitions/DmrClusterLinkAttributeCollections"
         },
         "data": {
-          "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonName"
+          "$ref": "#/definitions/DmrClusterLinkAttribute"
         },
         "links": {
-          "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonNameLinks"
+          "$ref": "#/definitions/DmrClusterLinkAttributeLinks"
         },
         "meta": {
           "$ref": "#/definitions/SempMeta"
@@ -2253,23 +2335,23 @@
       ],
       "type": "object"
     },
-    "DmrClusterLinkTlsTrustedCommonNamesResponse": {
+    "DmrClusterLinkAttributesResponse": {
       "properties": {
         "collections": {
           "items": {
-            "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonNameCollections"
+            "$ref": "#/definitions/DmrClusterLinkAttributeCollections"
           },
           "type": "array"
         },
         "data": {
           "items": {
-            "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonName"
+            "$ref": "#/definitions/DmrClusterLinkAttribute"
           },
           "type": "array"
         },
         "links": {
           "items": {
-            "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonNameLinks"
+            "$ref": "#/definitions/DmrClusterLinkAttributeLinks"
           },
           "type": "array"
         },
@@ -2282,42 +2364,79 @@
       ],
       "type": "object"
     },
-    "DmrClusterLinks": {
+    "DmrClusterLinkChannel": {
       "properties": {
-        "linksUri": {
-          "description": "The URI of this Cluster's collection of Link objects.",
+        "bridgeName": {
+          "description": "The name of the Bridge used by the Channel.",
           "type": "string"
         },
-        "topologyIssuesUri": {
-          "description": "The URI of this Cluster's collection of Cluster Topology Issue objects.",
+        "clientName": {
+          "description": "The name of the Client used by the Channel.",
+          "type": "string"
+        },
+        "dmrClusterName": {
+          "description": "The name of the Cluster.",
+          "type": "string"
+        },
+        "establisher": {
+          "description": "Indicates whether the local node established the Channel.",
+          "type": "boolean"
+        },
+        "failureReason": {
+          "description": "The failure reason for the Channel being down.",
+          "type": "string"
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "type": "string"
+        },
+        "queueName": {
+          "description": "The name of the Queue used by the Channel.",
+          "type": "string"
+        },
+        "remoteAddress": {
+          "description": "The FQDN or IP address (and optional port) of the remote node.",
+          "type": "string"
+        },
+        "remoteNodeName": {
+          "description": "The name of the node at the remote end of the Link.",
           "type": "string"
         },
+        "up": {
+          "description": "Indicates whether the Channel is operationally up.",
+          "type": "boolean"
+        },
+        "uptime": {
+          "description": "The amount of time in seconds since the Channel was up.",
+          "format": "int64",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterLinkChannelCollections": {
+      "properties": {},
+      "type": "object"
+    },
+    "DmrClusterLinkChannelLinks": {
+      "properties": {
         "uri": {
-          "description": "The URI of this Cluster object.",
+          "description": "The URI of this Cluster Link Channels object.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "DmrClusterLinksResponse": {
+    "DmrClusterLinkChannelResponse": {
       "properties": {
         "collections": {
-          "items": {
-            "$ref": "#/definitions/DmrClusterLinkCollections"
-          },
-          "type": "array"
+          "$ref": "#/definitions/DmrClusterLinkChannelCollections"
         },
         "data": {
-          "items": {
-            "$ref": "#/definitions/DmrClusterLink"
-          },
-          "type": "array"
+          "$ref": "#/definitions/DmrClusterLinkChannel"
         },
         "links": {
-          "items": {
-            "$ref": "#/definitions/DmrClusterLinkLinks"
-          },
-          "type": "array"
+          "$ref": "#/definitions/DmrClusterLinkChannelLinks"
         },
         "meta": {
           "$ref": "#/definitions/SempMeta"
@@ -2328,16 +2447,25 @@
       ],
       "type": "object"
     },
-    "DmrClusterResponse": {
+    "DmrClusterLinkChannelsResponse": {
       "properties": {
         "collections": {
-          "$ref": "#/definitions/DmrClusterCollections"
+          "items": {
+            "$ref": "#/definitions/DmrClusterLinkChannelCollections"
+          },
+          "type": "array"
         },
         "data": {
-          "$ref": "#/definitions/DmrCluster"
+          "items": {
+            "$ref": "#/definitions/DmrClusterLinkChannel"
+          },
+          "type": "array"
         },
         "links": {
-          "$ref": "#/definitions/DmrClusterLinks"
+          "items": {
+            "$ref": "#/definitions/DmrClusterLinkChannelLinks"
+          },
+          "type": "array"
         },
         "meta": {
           "$ref": "#/definitions/SempMeta"
@@ -2348,42 +2476,128 @@
       ],
       "type": "object"
     },
-    "DmrClusterTopologyIssue": {
+    "DmrClusterLinkCollections": {
+      "properties": {
+        "attributes": {
+          "$ref": "#/definitions/DmrClusterLinkCollectionsAttributes"
+        },
+        "channels": {
+          "$ref": "#/definitions/DmrClusterLinkCollectionsChannels"
+        },
+        "remoteAddresses": {
+          "$ref": "#/definitions/DmrClusterLinkCollectionsRemoteAddresses"
+        },
+        "tlsTrustedCommonNames": {
+          "$ref": "#/definitions/DmrClusterLinkCollectionsTlsTrustedCommonNames"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterLinkCollectionsAttributes": {
+      "properties": {
+        "count": {
+          "description": "The total number of objects in the attributes collection. Available since 2.28.",
+          "format": "int64",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterLinkCollectionsChannels": {
+      "properties": {
+        "count": {
+          "description": "The total number of objects in the channels collection.",
+          "format": "int64",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterLinkCollectionsRemoteAddresses": {
+      "properties": {
+        "count": {
+          "description": "The total number of objects in the remoteAddresses collection.",
+          "format": "int64",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterLinkCollectionsTlsTrustedCommonNames": {
+      "properties": {
+        "count": {
+          "description": "The total number of objects in the tlsTrustedCommonNames collection. Deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+          "format": "int64",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterLinkLinks": {
+      "properties": {
+        "attributesUri": {
+          "description": "The URI of this Link's collection of Link Attribute objects. Available since 2.28.",
+          "type": "string"
+        },
+        "channelsUri": {
+          "description": "The URI of this Link's collection of Cluster Link Channels objects.",
+          "type": "string"
+        },
+        "remoteAddressesUri": {
+          "description": "The URI of this Link's collection of Remote Address objects.",
+          "type": "string"
+        },
+        "tlsTrustedCommonNamesUri": {
+          "description": "The URI of this Link's collection of Trusted Common Name objects. Deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Link object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterLinkRemoteAddress": {
       "properties": {
         "dmrClusterName": {
           "description": "The name of the Cluster.",
           "type": "string"
         },
-        "topologyIssue": {
-          "description": "The topology issue discovered in the Cluster. A topology issue indicates incorrect or inconsistent configuration within the DMR network. Such issues will cause messages to be misdelivered or lost.",
+        "remoteAddress": {
+          "description": "The FQDN or IP address (and optional port) of the remote node. If a port is not provided, it will vary based on the transport encoding: 55555 (plain-text), 55443 (encrypted), or 55003 (compressed).",
+          "type": "string"
+        },
+        "remoteNodeName": {
+          "description": "The name of the node at the remote end of the Link.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "DmrClusterTopologyIssueCollections": {
+    "DmrClusterLinkRemoteAddressCollections": {
       "properties": {},
       "type": "object"
     },
-    "DmrClusterTopologyIssueLinks": {
+    "DmrClusterLinkRemoteAddressLinks": {
       "properties": {
         "uri": {
-          "description": "The URI of this Cluster Topology Issue object.",
+          "description": "The URI of this Remote Address object.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "DmrClusterTopologyIssueResponse": {
+    "DmrClusterLinkRemoteAddressResponse": {
       "properties": {
         "collections": {
-          "$ref": "#/definitions/DmrClusterTopologyIssueCollections"
+          "$ref": "#/definitions/DmrClusterLinkRemoteAddressCollections"
         },
         "data": {
-          "$ref": "#/definitions/DmrClusterTopologyIssue"
+          "$ref": "#/definitions/DmrClusterLinkRemoteAddress"
         },
         "links": {
-          "$ref": "#/definitions/DmrClusterTopologyIssueLinks"
+          "$ref": "#/definitions/DmrClusterLinkRemoteAddressLinks"
         },
         "meta": {
           "$ref": "#/definitions/SempMeta"
@@ -2394,23 +2608,23 @@
       ],
       "type": "object"
     },
-    "DmrClusterTopologyIssuesResponse": {
+    "DmrClusterLinkRemoteAddressesResponse": {
       "properties": {
         "collections": {
           "items": {
-            "$ref": "#/definitions/DmrClusterTopologyIssueCollections"
+            "$ref": "#/definitions/DmrClusterLinkRemoteAddressCollections"
           },
           "type": "array"
         },
         "data": {
           "items": {
-            "$ref": "#/definitions/DmrClusterTopologyIssue"
+            "$ref": "#/definitions/DmrClusterLinkRemoteAddress"
           },
           "type": "array"
         },
         "links": {
           "items": {
-            "$ref": "#/definitions/DmrClusterTopologyIssueLinks"
+            "$ref": "#/definitions/DmrClusterLinkRemoteAddressLinks"
           },
           "type": "array"
         },
@@ -2423,25 +2637,16 @@
       ],
       "type": "object"
     },
-    "DmrClustersResponse": {
+    "DmrClusterLinkResponse": {
       "properties": {
         "collections": {
-          "items": {
-            "$ref": "#/definitions/DmrClusterCollections"
-          },
-          "type": "array"
+          "$ref": "#/definitions/DmrClusterLinkCollections"
         },
         "data": {
-          "items": {
-            "$ref": "#/definitions/DmrCluster"
-          },
-          "type": "array"
+          "$ref": "#/definitions/DmrClusterLink"
         },
         "links": {
-          "items": {
-            "$ref": "#/definitions/DmrClusterLinks"
-          },
-          "type": "array"
+          "$ref": "#/definitions/DmrClusterLinkLinks"
         },
         "meta": {
           "$ref": "#/definitions/SempMeta"
@@ -2452,23 +2657,73 @@
       ],
       "type": "object"
     },
-    "DomainCertAuthoritiesResponse": {
+    "DmrClusterLinkTlsTrustedCommonName": {
+      "properties": {
+        "dmrClusterName": {
+          "description": "The name of the Cluster. Deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+          "type": "string"
+        },
+        "remoteNodeName": {
+          "description": "The name of the node at the remote end of the Link. Deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+          "type": "string"
+        },
+        "tlsTrustedCommonName": {
+          "description": "The expected trusted common name of the remote certificate. Deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterLinkTlsTrustedCommonNameCollections": {
+      "properties": {},
+      "type": "object"
+    },
+    "DmrClusterLinkTlsTrustedCommonNameLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Trusted Common Name object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterLinkTlsTrustedCommonNameResponse": {
+      "properties": {
+        "collections": {
+          "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonNameCollections"
+        },
+        "data": {
+          "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonName"
+        },
+        "links": {
+          "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonNameLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClusterLinkTlsTrustedCommonNamesResponse": {
       "properties": {
         "collections": {
           "items": {
-            "$ref": "#/definitions/DomainCertAuthorityCollections"
+            "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonNameCollections"
           },
           "type": "array"
         },
         "data": {
           "items": {
-            "$ref": "#/definitions/DomainCertAuthority"
+            "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonName"
           },
           "type": "array"
         },
         "links": {
           "items": {
-            "$ref": "#/definitions/DomainCertAuthorityLinks"
+            "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonNameLinks"
           },
           "type": "array"
         },
@@ -2481,42 +2736,66 @@
       ],
       "type": "object"
     },
-    "DomainCertAuthority": {
+    "DmrClusterLinks": {
       "properties": {
-        "certAuthorityName": {
-          "description": "The name of the Certificate Authority.",
+        "certMatchingRulesUri": {
+          "description": "The URI of this Cluster's collection of Certificate Matching Rule objects. Available since 2.28.",
           "type": "string"
         },
-        "certContent": {
-          "description": "The PEM formatted content for the trusted root certificate of a domain Certificate Authority.",
+        "linksUri": {
+          "description": "The URI of this Cluster's collection of Link objects.",
+          "type": "string"
+        },
+        "topologyIssuesUri": {
+          "description": "The URI of this Cluster's collection of Cluster Topology Issue objects.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Cluster object.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "DomainCertAuthorityCollections": {
-      "properties": {},
-      "type": "object"
-    },
-    "DomainCertAuthorityLinks": {
+    "DmrClusterLinksResponse": {
       "properties": {
-        "uri": {
-          "description": "The URI of this Domain Certificate Authority object.",
-          "type": "string"
+        "collections": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterLinkCollections"
+          },
+          "type": "array"
+        },
+        "data": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterLink"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterLinkLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
         }
       },
+      "required": [
+        "meta"
+      ],
       "type": "object"
     },
-    "DomainCertAuthorityResponse": {
+    "DmrClusterResponse": {
       "properties": {
         "collections": {
-          "$ref": "#/definitions/DomainCertAuthorityCollections"
+          "$ref": "#/definitions/DmrClusterCollections"
         },
         "data": {
-          "$ref": "#/definitions/DomainCertAuthority"
+          "$ref": "#/definitions/DmrCluster"
         },
         "links": {
-          "$ref": "#/definitions/DomainCertAuthorityLinks"
+          "$ref": "#/definitions/DmrClusterLinks"
         },
         "meta": {
           "$ref": "#/definitions/SempMeta"
@@ -2527,10 +2806,189 @@
       ],
       "type": "object"
     },
-    "EventThreshold": {
+    "DmrClusterTopologyIssue": {
       "properties": {
-        "clearPercent": {
-          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.",
+        "dmrClusterName": {
+          "description": "The name of the Cluster.",
+          "type": "string"
+        },
+        "topologyIssue": {
+          "description": "The topology issue discovered in the Cluster. A topology issue indicates incorrect or inconsistent configuration within the DMR network. Such issues will cause messages to be misdelivered or lost.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterTopologyIssueCollections": {
+      "properties": {},
+      "type": "object"
+    },
+    "DmrClusterTopologyIssueLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Cluster Topology Issue object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterTopologyIssueResponse": {
+      "properties": {
+        "collections": {
+          "$ref": "#/definitions/DmrClusterTopologyIssueCollections"
+        },
+        "data": {
+          "$ref": "#/definitions/DmrClusterTopologyIssue"
+        },
+        "links": {
+          "$ref": "#/definitions/DmrClusterTopologyIssueLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClusterTopologyIssuesResponse": {
+      "properties": {
+        "collections": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterTopologyIssueCollections"
+          },
+          "type": "array"
+        },
+        "data": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterTopologyIssue"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterTopologyIssueLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClustersResponse": {
+      "properties": {
+        "collections": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterCollections"
+          },
+          "type": "array"
+        },
+        "data": {
+          "items": {
+            "$ref": "#/definitions/DmrCluster"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DomainCertAuthoritiesResponse": {
+      "properties": {
+        "collections": {
+          "items": {
+            "$ref": "#/definitions/DomainCertAuthorityCollections"
+          },
+          "type": "array"
+        },
+        "data": {
+          "items": {
+            "$ref": "#/definitions/DomainCertAuthority"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/DomainCertAuthorityLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DomainCertAuthority": {
+      "properties": {
+        "certAuthorityName": {
+          "description": "The name of the Certificate Authority.",
+          "type": "string"
+        },
+        "certContent": {
+          "description": "The PEM formatted content for the trusted root certificate of a domain Certificate Authority.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DomainCertAuthorityCollections": {
+      "properties": {},
+      "type": "object"
+    },
+    "DomainCertAuthorityLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Domain Certificate Authority object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DomainCertAuthorityResponse": {
+      "properties": {
+        "collections": {
+          "$ref": "#/definitions/DomainCertAuthorityCollections"
+        },
+        "data": {
+          "$ref": "#/definitions/DomainCertAuthority"
+        },
+        "links": {
+          "$ref": "#/definitions/DomainCertAuthorityLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "EventThreshold": {
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.",
           "format": "int64",
           "type": "integer"
         },
@@ -2614,6 +3072,10 @@
           "description": "Indicates whether a client is allowed to specify a Client Username via the API connect method. When disabled, the certificate CN (Common Name) is always used.",
           "type": "boolean"
         },
+        "authenticationClientCertCertificateMatchingRulesEnabled": {
+          "description": "Indicates whether client certificate matching rules are enabled in the Message VPN. Available since 2.27.",
+          "type": "boolean"
+        },
         "authenticationClientCertEnabled": {
           "description": "Indicates whether client certificate authentication is enabled in the Message VPN.",
           "type": "boolean"
@@ -2830,7 +3292,7 @@
           "type": "integer"
         },
         "distributedCacheManagementEnabled": {
-          "description": "Indicates whether managing of cache instances over the message bus is enabled in the Message VPN.",
+          "description": "Indicates whether managing of cache instances over the message bus is enabled in the Message VPN. Deprecated since 2.28. Distributed cache mangement is now redundancy aware and thus no longer requires administrative intervention for operational state.",
           "type": "boolean"
         },
         "dmrEnabled": {
@@ -3778,7 +4240,7 @@
           "type": "string"
         },
         "clientConnectExceptionAddress": {
-          "description": "The IP address/netmask of the client connect exception in CIDR form.",
+          "description": "The IP address/netmask of the client connect exception in canonical CIDR form.",
           "type": "string"
         },
         "msgVpnName": {
@@ -3853,27 +4315,27 @@
     "MsgVpnAclProfileCollections": {
       "properties": {
         "clientConnectExceptions": {
-          "$ref": "#/definitions/MsgVpnAclProfileCollectionsClientconnectexceptions"
+          "$ref": "#/definitions/MsgVpnAclProfileCollectionsClientConnectExceptions"
         },
         "publishExceptions": {
-          "$ref": "#/definitions/MsgVpnAclProfileCollectionsPublishexceptions"
+          "$ref": "#/definitions/MsgVpnAclProfileCollectionsPublishExceptions"
         },
         "publishTopicExceptions": {
-          "$ref": "#/definitions/MsgVpnAclProfileCollectionsPublishtopicexceptions"
+          "$ref": "#/definitions/MsgVpnAclProfileCollectionsPublishTopicExceptions"
         },
         "subscribeExceptions": {
-          "$ref": "#/definitions/MsgVpnAclProfileCollectionsSubscribeexceptions"
+          "$ref": "#/definitions/MsgVpnAclProfileCollectionsSubscribeExceptions"
         },
         "subscribeShareNameExceptions": {
-          "$ref": "#/definitions/MsgVpnAclProfileCollectionsSubscribesharenameexceptions"
+          "$ref": "#/definitions/MsgVpnAclProfileCollectionsSubscribeShareNameExceptions"
         },
         "subscribeTopicExceptions": {
-          "$ref": "#/definitions/MsgVpnAclProfileCollectionsSubscribetopicexceptions"
+          "$ref": "#/definitions/MsgVpnAclProfileCollectionsSubscribeTopicExceptions"
         }
       },
       "type": "object"
     },
-    "MsgVpnAclProfileCollectionsClientconnectexceptions": {
+    "MsgVpnAclProfileCollectionsClientConnectExceptions": {
       "properties": {
         "count": {
           "description": "The total number of objects in the clientConnectExceptions collection.",
@@ -3883,7 +4345,7 @@
       },
       "type": "object"
     },
-    "MsgVpnAclProfileCollectionsPublishexceptions": {
+    "MsgVpnAclProfileCollectionsPublishExceptions": {
       "properties": {
         "count": {
           "description": "The total number of objects in the publishExceptions collection. Deprecated since 2.14. Replaced by publishTopicExceptions.",
@@ -3893,7 +4355,7 @@
       },
       "type": "object"
     },
-    "MsgVpnAclProfileCollectionsPublishtopicexceptions": {
+    "MsgVpnAclProfileCollectionsPublishTopicExceptions": {
       "properties": {
         "count": {
           "description": "The total number of objects in the publishTopicExceptions collection. Available since 2.14.",
@@ -3903,7 +4365,7 @@
       },
       "type": "object"
     },
-    "MsgVpnAclProfileCollectionsSubscribeexceptions": {
+    "MsgVpnAclProfileCollectionsSubscribeExceptions": {
       "properties": {
         "count": {
           "description": "The total number of objects in the subscribeExceptions collection. Deprecated since 2.14. Replaced by subscribeTopicExceptions.",
@@ -3913,7 +4375,7 @@
       },
       "type": "object"
     },
-    "MsgVpnAclProfileCollectionsSubscribesharenameexceptions": {
+    "MsgVpnAclProfileCollectionsSubscribeShareNameExceptions": {
       "properties": {
         "count": {
           "description": "The total number of objects in the subscribeShareNameExceptions collection. Available since 2.14.",
@@ -3923,7 +4385,7 @@
       },
       "type": "object"
     },
-    "MsgVpnAclProfileCollectionsSubscribetopicexceptions": {
+    "MsgVpnAclProfileCollectionsSubscribeTopicExceptions": {
       "properties": {
         "count": {
           "description": "The total number of objects in the subscribeTopicExceptions collection. Available since 2.14.",
@@ -4460,6 +4922,14 @@
           "description": "The name of the groups claim. If non-empty, the specified claim will be used to determine groups for authorization. If empty, the authorizationType attribute of the Message VPN will be used to determine authorization.",
           "type": "string"
         },
+        "authorizationGroupsClaimStringFormat": {
+          "description": "The format of the authorization groups claim value when it is a string. The allowed values and their meaning are:\n\n<pre>\n\"single\" - When the claim is a string, it is interpreted as a single group.\n\"space-delimited\" - When the claim is a string, it is interpreted as a space-delimited list of groups, similar to the \"scope\" claim.\n</pre>\n Available since 2.32.",
+          "enum": [
+            "single",
+            "space-delimited"
+          ],
+          "type": "string"
+        },
         "clientId": {
           "description": "The OAuth client id.",
           "type": "string"
@@ -4875,15 +5345,15 @@
     "MsgVpnAuthenticationOauthProfileCollections": {
       "properties": {
         "clientRequiredClaims": {
-          "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileCollectionsClientrequiredclaims"
+          "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileCollectionsClientRequiredClaims"
         },
         "resourceServerRequiredClaims": {
-          "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileCollectionsResourceserverrequiredclaims"
+          "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileCollectionsResourceServerRequiredClaims"
         }
       },
       "type": "object"
     },
-    "MsgVpnAuthenticationOauthProfileCollectionsClientrequiredclaims": {
+    "MsgVpnAuthenticationOauthProfileCollectionsClientRequiredClaims": {
       "properties": {
         "count": {
           "description": "The total number of objects in the clientRequiredClaims collection.",
@@ -4893,7 +5363,7 @@
       },
       "type": "object"
     },
-    "MsgVpnAuthenticationOauthProfileCollectionsResourceserverrequiredclaims": {
+    "MsgVpnAuthenticationOauthProfileCollectionsResourceServerRequiredClaims": {
       "properties": {
         "count": {
           "description": "The total number of objects in the resourceServerRequiredClaims collection.",
@@ -5567,7 +6037,7 @@
           "type": "string"
         },
         "inboundState": {
-          "description": "The state of the inbound connection from the Bridge. The allowed values and their meaning are:\n\n<pre>\n\"init\" - The connection is initializing.\n\"disabled\" - The connection is disabled by configuration.\n\"enabled\" - The connection is enabled by configuration.\n\"prepare\" - The connection is operationally down.\n\"prepare-wait-to-connect\" - The connection is waiting to connect.\n\"prepare-fetching-dns\" - The domain name of the destination node is being resolved.\n\"not-ready\" - The connection is operationally down.\n\"not-ready-connecting\" - The connection is trying to connect.\n\"not-ready-handshaking\" - The connection is handshaking.\n\"not-ready-wait-next\" - The connection failed to connect and is waiting to retry.\n\"not-ready-wait-reuse\" - The connection is closing in order to reuse an existing connection.\n\"not-ready-wait-bridge-version-mismatch\" - The connection is closing because of a version mismatch.\n\"not-ready-wait-cleanup\" - The connection is closed and cleaning up.\n\"ready\" - The connection is operationally up.\n\"ready-subscribing\" - The connection is up and synchronizing subscriptions.\n\"ready-in-sync\" - The connection is up and subscriptions are synchronized.\n</pre>\n",
+          "description": "The state of the inbound connection from the Bridge. The allowed values and their meaning are:\n\n<pre>\n\"init\" - The bridge is down but is initializing.\n\"disabled\" - The bridge is down. It has been disabled by configuration.\n\"prepare-wait-to-connect\" - The bridge is down. It is waiting to connect to the remote broker.\n\"prepare-fetching-dns\" - The bridge is down. The domain name of the remote  broker is being resolved.\n\"not-ready-connecting\" - The bridge is down. It is in the process of connecting to the remote broker.\n\"not-ready-handshaking\" - The bridge is down. It has connected to the remote broker, and is in the process of negotiating with it.\n\"not-ready-wait-next\" - The bridge is down. It has failed to connect to a remote broker, and is waiting for the configured remote retry delay to expire before retrying.\n\"not-ready-wait-reuse\" - The bridge is down. It established its own connection to  the remote broker, but determined instead that it should use a pre-existing connection established from that remote broker. It is waiting for its own connection to close before reusing the existing connection.\n\"not-ready-wait-bridge-version-mismatch\" - The bridge is down. The connection failed to connect due to the remote broker presenting an unexpected version.\n\"not-ready-wait-cleanup\" - The bridge is down. Its connection has closed and is in the process of being cleaned up.\n\"ready-subscribing\" - The bridge is up and is attracting traffic. It is in the process of adding configured subscriptions to the remote broker.\n\"ready-in-sync\" - The bridge is up and is attracting traffic. All configured subscriptions have been added to the remote router.\n\"stalled\" - The bridge is down. Inbound guaranteed messages are not flowing. Administrative actions may be required to clear this state.\n\"not-applicable\" - The connection is not relevant in the inbound direction.\n</pre>\n",
           "type": "string"
         },
         "lastTxMsgId": {
@@ -5608,7 +6078,7 @@
           "type": "string"
         },
         "outboundState": {
-          "description": "The state of the outbound connection to the Bridge. The allowed values and their meaning are:\n\n<pre>\n\"init\" - The connection is initializing.\n\"disabled\" - The connection is disabled by configuration.\n\"enabled\" - The connection is enabled by configuration.\n\"prepare\" - The connection is operationally down.\n\"prepare-wait-to-connect\" - The connection is waiting to connect.\n\"prepare-fetching-dns\" - The domain name of the destination node is being resolved.\n\"not-ready\" - The connection is operationally down.\n\"not-ready-connecting\" - The connection is trying to connect.\n\"not-ready-handshaking\" - The connection is handshaking.\n\"not-ready-wait-next\" - The connection failed to connect and is waiting to retry.\n\"not-ready-wait-reuse\" - The connection is closing in order to reuse an existing connection.\n\"not-ready-wait-bridge-version-mismatch\" - The connection is closing because of a version mismatch.\n\"not-ready-wait-cleanup\" - The connection is closed and cleaning up.\n\"ready\" - The connection is operationally up.\n\"ready-subscribing\" - The connection is up and synchronizing subscriptions.\n\"ready-in-sync\" - The connection is up and subscriptions are synchronized.\n</pre>\n",
+          "description": "The state of the outbound connection to the Bridge. The allowed values and their meaning are:\n\n<pre>\n\"ready\" - The bridge is up and is delivering traffic.\n\"not-applicable\" - The connection is not relevant in the outbound direction.\n</pre>\n",
           "type": "string"
         },
         "rate": {
@@ -5622,6 +6092,15 @@
           "description": "The Client Username the Bridge uses to login to the remote Message VPN.",
           "type": "string"
         },
+        "remoteAuthenticationClientCertConfigTime": {
+          "description": "The timestamp of when the client-certificate was configured. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time). Available since 2.28.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "remoteAuthenticationClientCertThumbprint": {
+          "description": "The thumbprint of the client-certificate. Available since 2.28.",
+          "type": "string"
+        },
         "remoteAuthenticationScheme": {
           "description": "The authentication scheme for the remote Message VPN. The allowed values and their meaning are:\n\n<pre>\n\"basic\" - Basic Authentication Scheme (via username and password).\n\"client-certificate\" - Client Certificate Authentication Scheme (via certificate file or content).\n</pre>\n",
           "enum": [
@@ -5731,21 +6210,21 @@
     "MsgVpnBridgeCollections": {
       "properties": {
         "localSubscriptions": {
-          "$ref": "#/definitions/MsgVpnBridgeCollectionsLocalsubscriptions"
+          "$ref": "#/definitions/MsgVpnBridgeCollectionsLocalSubscriptions"
         },
         "remoteMsgVpns": {
-          "$ref": "#/definitions/MsgVpnBridgeCollectionsRemotemsgvpns"
+          "$ref": "#/definitions/MsgVpnBridgeCollectionsRemoteMsgVpns"
         },
         "remoteSubscriptions": {
-          "$ref": "#/definitions/MsgVpnBridgeCollectionsRemotesubscriptions"
+          "$ref": "#/definitions/MsgVpnBridgeCollectionsRemoteSubscriptions"
         },
         "tlsTrustedCommonNames": {
-          "$ref": "#/definitions/MsgVpnBridgeCollectionsTlstrustedcommonnames"
+          "$ref": "#/definitions/MsgVpnBridgeCollectionsTlsTrustedCommonNames"
         }
       },
       "type": "object"
     },
-    "MsgVpnBridgeCollectionsLocalsubscriptions": {
+    "MsgVpnBridgeCollectionsLocalSubscriptions": {
       "properties": {
         "count": {
           "description": "The total number of objects in the localSubscriptions collection.",
@@ -5755,7 +6234,7 @@
       },
       "type": "object"
     },
-    "MsgVpnBridgeCollectionsRemotemsgvpns": {
+    "MsgVpnBridgeCollectionsRemoteMsgVpns": {
       "properties": {
         "count": {
           "description": "The total number of objects in the remoteMsgVpns collection.",
@@ -5765,7 +6244,7 @@
       },
       "type": "object"
     },
-    "MsgVpnBridgeCollectionsRemotesubscriptions": {
+    "MsgVpnBridgeCollectionsRemoteSubscriptions": {
       "properties": {
         "count": {
           "description": "The total number of objects in the remoteSubscriptions collection.",
@@ -5775,7 +6254,7 @@
       },
       "type": "object"
     },
-    "MsgVpnBridgeCollectionsTlstrustedcommonnames": {
+    "MsgVpnBridgeCollectionsTlsTrustedCommonNames": {
       "properties": {
         "count": {
           "description": "The total number of objects in the tlsTrustedCommonNames collection. Deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
@@ -6419,48 +6898,355 @@
       ],
       "type": "object"
     },
-    "MsgVpnClient": {
+    "MsgVpnCertMatchingRule": {
       "properties": {
-        "aclProfileName": {
-          "description": "The name of the access control list (ACL) profile of the Client.",
+        "enabled": {
+          "description": "Indicates whether a certificate matching rule is enabled.",
+          "type": "boolean"
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
           "type": "string"
         },
-        "aliasedFromMsgVpnName": {
-          "description": "The name of the original MsgVpn which the client signaled in. Available since 2.14.",
+        "ruleName": {
+          "description": "The name of the rule.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleAttributeFilter": {
+      "properties": {
+        "attributeName": {
+          "description": "Client Username Attribute to be tested.",
           "type": "string"
         },
-        "alreadyBoundBindFailureCount": {
-          "description": "The number of Client bind failures due to endpoint being already bound.",
-          "format": "int64",
-          "type": "integer"
+        "attributeValue": {
+          "description": "Expected attribute value.",
+          "type": "string"
         },
-        "authorizationGroupName": {
-          "description": "The name of the authorization group of the Client.",
+        "filterName": {
+          "description": "The name of the filter.",
           "type": "string"
         },
-        "averageRxByteRate": {
-          "description": "The one minute average of the message rate received from the Client, in bytes per second (B/sec).",
-          "format": "int64",
-          "type": "integer"
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "type": "string"
         },
-        "averageRxMsgRate": {
-          "description": "The one minute average of the message rate received from the Client, in messages per second (msg/sec).",
-          "format": "int64",
-          "type": "integer"
+        "ruleName": {
+          "description": "The name of the rule.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleAttributeFilterCollections": {
+      "properties": {},
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleAttributeFilterLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Certificate Matching Rule Attribute Filter object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleAttributeFilterResponse": {
+      "properties": {
+        "collections": {
+          "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilterCollections"
         },
-        "averageTxByteRate": {
-          "description": "The one minute average of the message rate transmitted to the Client, in bytes per second (B/sec).",
-          "format": "int64",
-          "type": "integer"
+        "data": {
+          "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilter"
         },
-        "averageTxMsgRate": {
-          "description": "The one minute average of the message rate transmitted to the Client, in messages per second (msg/sec).",
-          "format": "int64",
-          "type": "integer"
+        "links": {
+          "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilterLinks"
         },
-        "bindRequestCount": {
-          "description": "The number of Client requests to bind to an endpoint.",
-          "format": "int64",
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleAttributeFiltersResponse": {
+      "properties": {
+        "collections": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilterCollections"
+          },
+          "type": "array"
+        },
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilter"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilterLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleCollections": {
+      "properties": {
+        "attributeFilters": {
+          "$ref": "#/definitions/MsgVpnCertMatchingRuleCollectionsAttributeFilters"
+        },
+        "conditions": {
+          "$ref": "#/definitions/MsgVpnCertMatchingRuleCollectionsConditions"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleCollectionsAttributeFilters": {
+      "properties": {
+        "count": {
+          "description": "The total number of objects in the attributeFilters collection. Available since 2.28.",
+          "format": "int64",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleCollectionsConditions": {
+      "properties": {
+        "count": {
+          "description": "The total number of objects in the conditions collection.",
+          "format": "int64",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleCondition": {
+      "properties": {
+        "attribute": {
+          "description": "Client Username Attribute to be compared with certificate content. Either an attribute or an expression must be provided on creation, but not both.",
+          "type": "string"
+        },
+        "comparisonMode": {
+          "description": "The comparison mode to use. The allowed values and their meaning are:\n\n<pre>\n\"matches-attribute\" - Certificate field matches an attribute value exactly.\n\"matches-expression\" - Certificate field matches a glob expression.\n</pre>\n",
+          "type": "string"
+        },
+        "expression": {
+          "description": "Glob expression to be matched with certificate content. Either an expression or an attribute must be provided on creation, but not both.",
+          "type": "string"
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "type": "string"
+        },
+        "ruleName": {
+          "description": "The name of the rule.",
+          "type": "string"
+        },
+        "source": {
+          "description": "Certificate field to be compared with the Attribute. The allowed values and their meaning are:\n\n<pre>\n\"certificate-thumbprint\" - The attribute is computed as the SHA-1 hash over the entire DER-encoded contents of the client certificate.\n\"common-name\" - The attribute is extracted from the certificate's first instance of the Common Name attribute in the Subject DN.\n\"common-name-last\" - The attribute is extracted from the certificate's last instance of the Common Name attribute in the Subject DN.\n\"subject-alternate-name-msupn\" - The attribute is extracted from the certificate's Other Name type of the Subject Alternative Name and must have the msUPN signature.\n\"uid\" - The attribute is extracted from the certificate's first instance of the User Identifier attribute in the Subject DN.\n\"uid-last\" - The attribute is extracted from the certificate's last instance of the User Identifier attribute in the Subject DN.\n\"org-unit\" - The attribute is extracted from the certificate's first instance of the Org Unit attribute in the Subject DN.\n\"org-unit-last\" - The attribute is extracted from the certificate's last instance of the Org Unit attribute in the Subject DN.\n\"issuer\" - The attribute is extracted from the certificate's Issuer DN.\n\"subject\" - The attribute is extracted from the certificate's Subject DN.\n\"serial-number\" - The attribute is extracted from the certificate's Serial Number.\n\"dns-name\" - The attribute is extracted from the certificate's Subject Alt Name DNSName.\n\"ip-address\" - The attribute is extracted from the certificate's Subject Alt Name IPAddress.\n</pre>\n",
+          "enum": [
+            "certificate-thumbprint",
+            "common-name",
+            "common-name-last",
+            "subject-alternate-name-msupn",
+            "uid",
+            "uid-last",
+            "org-unit",
+            "org-unit-last",
+            "issuer",
+            "subject",
+            "serial-number",
+            "dns-name",
+            "ip-address"
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleConditionCollections": {
+      "properties": {},
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleConditionLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Certificate Matching Rule Condition object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleConditionResponse": {
+      "properties": {
+        "collections": {
+          "$ref": "#/definitions/MsgVpnCertMatchingRuleConditionCollections"
+        },
+        "data": {
+          "$ref": "#/definitions/MsgVpnCertMatchingRuleCondition"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnCertMatchingRuleConditionLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleConditionsResponse": {
+      "properties": {
+        "collections": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnCertMatchingRuleConditionCollections"
+          },
+          "type": "array"
+        },
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnCertMatchingRuleCondition"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnCertMatchingRuleConditionLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleLinks": {
+      "properties": {
+        "attributeFiltersUri": {
+          "description": "The URI of this Certificate Matching Rule's collection of Certificate Matching Rule Attribute Filter objects. Available since 2.28.",
+          "type": "string"
+        },
+        "conditionsUri": {
+          "description": "The URI of this Certificate Matching Rule's collection of Certificate Matching Rule Condition objects.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Certificate Matching Rule object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleResponse": {
+      "properties": {
+        "collections": {
+          "$ref": "#/definitions/MsgVpnCertMatchingRuleCollections"
+        },
+        "data": {
+          "$ref": "#/definitions/MsgVpnCertMatchingRule"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnCertMatchingRuleLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRulesResponse": {
+      "properties": {
+        "collections": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnCertMatchingRuleCollections"
+          },
+          "type": "array"
+        },
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnCertMatchingRule"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnCertMatchingRuleLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnClient": {
+      "properties": {
+        "aclProfileName": {
+          "description": "The name of the access control list (ACL) profile of the Client.",
+          "type": "string"
+        },
+        "aliasedFromMsgVpnName": {
+          "description": "The name of the original MsgVpn which the client signaled in. Available since 2.14.",
+          "type": "string"
+        },
+        "alreadyBoundBindFailureCount": {
+          "description": "The number of Client bind failures due to endpoint being already bound.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "authorizationGroupName": {
+          "description": "The name of the authorization group of the Client.",
+          "type": "string"
+        },
+        "averageRxByteRate": {
+          "description": "The one minute average of the message rate received from the Client, in bytes per second (B/sec).",
+          "format": "int64",
+          "type": "integer"
+        },
+        "averageRxMsgRate": {
+          "description": "The one minute average of the message rate received from the Client, in messages per second (msg/sec).",
+          "format": "int64",
+          "type": "integer"
+        },
+        "averageTxByteRate": {
+          "description": "The one minute average of the message rate transmitted to the Client, in bytes per second (B/sec).",
+          "format": "int64",
+          "type": "integer"
+        },
+        "averageTxMsgRate": {
+          "description": "The one minute average of the message rate transmitted to the Client, in messages per second (msg/sec).",
+          "format": "int64",
+          "type": "integer"
+        },
+        "bindRequestCount": {
+          "description": "The number of Client requests to bind to an endpoint.",
+          "format": "int64",
           "type": "integer"
         },
         "bindSuccessCount": {
@@ -7035,16 +7821,16 @@
           "$ref": "#/definitions/MsgVpnClientCollectionsConnections"
         },
         "rxFlows": {
-          "$ref": "#/definitions/MsgVpnClientCollectionsRxflows"
+          "$ref": "#/definitions/MsgVpnClientCollectionsRxFlows"
         },
         "subscriptions": {
           "$ref": "#/definitions/MsgVpnClientCollectionsSubscriptions"
         },
         "transactedSessions": {
-          "$ref": "#/definitions/MsgVpnClientCollectionsTransactedsessions"
+          "$ref": "#/definitions/MsgVpnClientCollectionsTransactedSessions"
         },
         "txFlows": {
-          "$ref": "#/definitions/MsgVpnClientCollectionsTxflows"
+          "$ref": "#/definitions/MsgVpnClientCollectionsTxFlows"
         }
       },
       "type": "object"
@@ -7059,7 +7845,7 @@
       },
       "type": "object"
     },
-    "MsgVpnClientCollectionsRxflows": {
+    "MsgVpnClientCollectionsRxFlows": {
       "properties": {
         "count": {
           "description": "The total number of objects in the rxFlows collection.",
@@ -7079,7 +7865,7 @@
       },
       "type": "object"
     },
-    "MsgVpnClientCollectionsTransactedsessions": {
+    "MsgVpnClientCollectionsTransactedSessions": {
       "properties": {
         "count": {
           "description": "The total number of objects in the transactedSessions collection.",
@@ -7089,7 +7875,7 @@
       },
       "type": "object"
     },
-    "MsgVpnClientCollectionsTxflows": {
+    "MsgVpnClientCollectionsTxFlows": {
       "properties": {
         "count": {
           "description": "The total number of objects in the txFlows collection.",
@@ -8339,29 +9125,50 @@
       },
       "type": "object"
     },
-    "MsgVpnClientUsernameCollections": {
+    "MsgVpnClientUsernameAttribute": {
+      "properties": {
+        "attributeName": {
+          "description": "The name of the Attribute.",
+          "type": "string"
+        },
+        "attributeValue": {
+          "description": "The value of the Attribute.",
+          "type": "string"
+        },
+        "clientUsername": {
+          "description": "The name of the Client Username.",
+          "type": "string"
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnClientUsernameAttributeCollections": {
       "properties": {},
       "type": "object"
     },
-    "MsgVpnClientUsernameLinks": {
+    "MsgVpnClientUsernameAttributeLinks": {
       "properties": {
         "uri": {
-          "description": "The URI of this Client Username object.",
+          "description": "The URI of this Client Username Attribute object.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "MsgVpnClientUsernameResponse": {
+    "MsgVpnClientUsernameAttributeResponse": {
       "properties": {
         "collections": {
-          "$ref": "#/definitions/MsgVpnClientUsernameCollections"
+          "$ref": "#/definitions/MsgVpnClientUsernameAttributeCollections"
         },
         "data": {
-          "$ref": "#/definitions/MsgVpnClientUsername"
+          "$ref": "#/definitions/MsgVpnClientUsernameAttribute"
         },
         "links": {
-          "$ref": "#/definitions/MsgVpnClientUsernameLinks"
+          "$ref": "#/definitions/MsgVpnClientUsernameAttributeLinks"
         },
         "meta": {
           "$ref": "#/definitions/SempMeta"
@@ -8372,23 +9179,23 @@
       ],
       "type": "object"
     },
-    "MsgVpnClientUsernamesResponse": {
+    "MsgVpnClientUsernameAttributesResponse": {
       "properties": {
         "collections": {
           "items": {
-            "$ref": "#/definitions/MsgVpnClientUsernameCollections"
+            "$ref": "#/definitions/MsgVpnClientUsernameAttributeCollections"
           },
           "type": "array"
         },
         "data": {
           "items": {
-            "$ref": "#/definitions/MsgVpnClientUsername"
+            "$ref": "#/definitions/MsgVpnClientUsernameAttribute"
           },
           "type": "array"
         },
         "links": {
           "items": {
-            "$ref": "#/definitions/MsgVpnClientUsernameLinks"
+            "$ref": "#/definitions/MsgVpnClientUsernameAttributeLinks"
           },
           "type": "array"
         },
@@ -8401,9 +9208,89 @@
       ],
       "type": "object"
     },
-    "MsgVpnClientsResponse": {
+    "MsgVpnClientUsernameCollections": {
       "properties": {
-        "collections": {
+        "attributes": {
+          "$ref": "#/definitions/MsgVpnClientUsernameCollectionsAttributes"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnClientUsernameCollectionsAttributes": {
+      "properties": {
+        "count": {
+          "description": "The total number of objects in the attributes collection. Available since 2.27.",
+          "format": "int64",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnClientUsernameLinks": {
+      "properties": {
+        "attributesUri": {
+          "description": "The URI of this Client Username's collection of Client Username Attribute objects. Available since 2.27.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Client Username object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnClientUsernameResponse": {
+      "properties": {
+        "collections": {
+          "$ref": "#/definitions/MsgVpnClientUsernameCollections"
+        },
+        "data": {
+          "$ref": "#/definitions/MsgVpnClientUsername"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnClientUsernameLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnClientUsernamesResponse": {
+      "properties": {
+        "collections": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnClientUsernameCollections"
+          },
+          "type": "array"
+        },
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnClientUsername"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnClientUsernameLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnClientsResponse": {
+      "properties": {
+        "collections": {
           "items": {
             "$ref": "#/definitions/MsgVpnClientCollections"
           },
@@ -8433,73 +9320,79 @@
     "MsgVpnCollections": {
       "properties": {
         "aclProfiles": {
-          "$ref": "#/definitions/MsgVpnCollectionsAclprofiles"
+          "$ref": "#/definitions/MsgVpnCollectionsAclProfiles"
         },
         "authenticationOauthProfiles": {
-          "$ref": "#/definitions/MsgVpnCollectionsAuthenticationoauthprofiles"
+          "$ref": "#/definitions/MsgVpnCollectionsAuthenticationOauthProfiles"
         },
         "authenticationOauthProviders": {
-          "$ref": "#/definitions/MsgVpnCollectionsAuthenticationoauthproviders"
+          "$ref": "#/definitions/MsgVpnCollectionsAuthenticationOauthProviders"
         },
         "authorizationGroups": {
-          "$ref": "#/definitions/MsgVpnCollectionsAuthorizationgroups"
+          "$ref": "#/definitions/MsgVpnCollectionsAuthorizationGroups"
         },
         "bridges": {
           "$ref": "#/definitions/MsgVpnCollectionsBridges"
         },
+        "certMatchingRules": {
+          "$ref": "#/definitions/MsgVpnCollectionsCertMatchingRules"
+        },
         "clientProfiles": {
-          "$ref": "#/definitions/MsgVpnCollectionsClientprofiles"
+          "$ref": "#/definitions/MsgVpnCollectionsClientProfiles"
         },
         "clientUsernames": {
-          "$ref": "#/definitions/MsgVpnCollectionsClientusernames"
+          "$ref": "#/definitions/MsgVpnCollectionsClientUsernames"
         },
         "clients": {
           "$ref": "#/definitions/MsgVpnCollectionsClients"
         },
         "configSyncRemoteNodes": {
-          "$ref": "#/definitions/MsgVpnCollectionsConfigsyncremotenodes"
+          "$ref": "#/definitions/MsgVpnCollectionsConfigSyncRemoteNodes"
         },
         "distributedCaches": {
-          "$ref": "#/definitions/MsgVpnCollectionsDistributedcaches"
+          "$ref": "#/definitions/MsgVpnCollectionsDistributedCaches"
         },
         "dmrBridges": {
-          "$ref": "#/definitions/MsgVpnCollectionsDmrbridges"
+          "$ref": "#/definitions/MsgVpnCollectionsDmrBridges"
         },
         "jndiConnectionFactories": {
-          "$ref": "#/definitions/MsgVpnCollectionsJndiconnectionfactories"
+          "$ref": "#/definitions/MsgVpnCollectionsJndiConnectionFactories"
         },
         "jndiQueues": {
-          "$ref": "#/definitions/MsgVpnCollectionsJndiqueues"
+          "$ref": "#/definitions/MsgVpnCollectionsJndiQueues"
         },
         "jndiTopics": {
-          "$ref": "#/definitions/MsgVpnCollectionsJnditopics"
+          "$ref": "#/definitions/MsgVpnCollectionsJndiTopics"
         },
         "mqttRetainCaches": {
-          "$ref": "#/definitions/MsgVpnCollectionsMqttretaincaches"
+          "$ref": "#/definitions/MsgVpnCollectionsMqttRetainCaches"
         },
         "mqttSessions": {
-          "$ref": "#/definitions/MsgVpnCollectionsMqttsessions"
+          "$ref": "#/definitions/MsgVpnCollectionsMqttSessions"
         },
         "queueTemplates": {
-          "$ref": "#/definitions/MsgVpnCollectionsQueuetemplates"
+          "$ref": "#/definitions/MsgVpnCollectionsQueueTemplates"
         },
         "queues": {
           "$ref": "#/definitions/MsgVpnCollectionsQueues"
         },
         "replayLogs": {
-          "$ref": "#/definitions/MsgVpnCollectionsReplaylogs"
+          "$ref": "#/definitions/MsgVpnCollectionsReplayLogs"
         },
         "replicatedTopics": {
-          "$ref": "#/definitions/MsgVpnCollectionsReplicatedtopics"
+          "$ref": "#/definitions/MsgVpnCollectionsReplicatedTopics"
         },
         "restDeliveryPoints": {
-          "$ref": "#/definitions/MsgVpnCollectionsRestdeliverypoints"
+          "$ref": "#/definitions/MsgVpnCollectionsRestDeliveryPoints"
+        },
+        "telemetryProfiles": {
+          "$ref": "#/definitions/MsgVpnCollectionsTelemetryProfiles"
         },
         "topicEndpointTemplates": {
-          "$ref": "#/definitions/MsgVpnCollectionsTopicendpointtemplates"
+          "$ref": "#/definitions/MsgVpnCollectionsTopicEndpointTemplates"
         },
         "topicEndpoints": {
-          "$ref": "#/definitions/MsgVpnCollectionsTopicendpoints"
+          "$ref": "#/definitions/MsgVpnCollectionsTopicEndpoints"
         },
         "transactions": {
           "$ref": "#/definitions/MsgVpnCollectionsTransactions"
@@ -8507,7 +9400,7 @@
       },
       "type": "object"
     },
-    "MsgVpnCollectionsAclprofiles": {
+    "MsgVpnCollectionsAclProfiles": {
       "properties": {
         "count": {
           "description": "The total number of objects in the aclProfiles collection.",
@@ -8517,7 +9410,7 @@
       },
       "type": "object"
     },
-    "MsgVpnCollectionsAuthenticationoauthprofiles": {
+    "MsgVpnCollectionsAuthenticationOauthProfiles": {
       "properties": {
         "count": {
           "description": "The total number of objects in the authenticationOauthProfiles collection. Available since 2.25.",
@@ -8527,7 +9420,7 @@
       },
       "type": "object"
     },
-    "MsgVpnCollectionsAuthenticationoauthproviders": {
+    "MsgVpnCollectionsAuthenticationOauthProviders": {
       "properties": {
         "count": {
           "description": "The total number of objects in the authenticationOauthProviders collection. Deprecated since 2.25. Replaced by authenticationOauthProfiles.",
@@ -8537,7 +9430,7 @@
       },
       "type": "object"
     },
-    "MsgVpnCollectionsAuthorizationgroups": {
+    "MsgVpnCollectionsAuthorizationGroups": {
       "properties": {
         "count": {
           "description": "The total number of objects in the authorizationGroups collection.",
@@ -8557,27 +9450,27 @@
       },
       "type": "object"
     },
-    "MsgVpnCollectionsClientprofiles": {
+    "MsgVpnCollectionsCertMatchingRules": {
       "properties": {
         "count": {
-          "description": "The total number of objects in the clientProfiles collection.",
+          "description": "The total number of objects in the certMatchingRules collection. Available since 2.27.",
           "format": "int64",
           "type": "integer"
         }
       },
       "type": "object"
     },
-    "MsgVpnCollectionsClients": {
+    "MsgVpnCollectionsClientProfiles": {
       "properties": {
         "count": {
-          "description": "The total number of objects in the clients collection. Available since 2.12.",
+          "description": "The total number of objects in the clientProfiles collection.",
           "format": "int64",
           "type": "integer"
         }
       },
       "type": "object"
     },
-    "MsgVpnCollectionsClientusernames": {
+    "MsgVpnCollectionsClientUsernames": {
       "properties": {
         "count": {
           "description": "The total number of objects in the clientUsernames collection.",
@@ -8587,7 +9480,17 @@
       },
       "type": "object"
     },
-    "MsgVpnCollectionsConfigsyncremotenodes": {
+    "MsgVpnCollectionsClients": {
+      "properties": {
+        "count": {
+          "description": "The total number of objects in the clients collection. Available since 2.12.",
+          "format": "int64",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnCollectionsConfigSyncRemoteNodes": {
       "properties": {
         "count": {
           "description": "The total number of objects in the configSyncRemoteNodes collection. Deprecated since 2.22. This attribute has been deprecated.",
@@ -8597,7 +9500,7 @@
       },
       "type": "object"
     },
-    "MsgVpnCollectionsDistributedcaches": {
+    "MsgVpnCollectionsDistributedCaches": {
       "properties": {
         "count": {
           "description": "The total number of objects in the distributedCaches collection.",
@@ -8607,7 +9510,7 @@
       },
       "type": "object"
     },
-    "MsgVpnCollectionsDmrbridges": {
+    "MsgVpnCollectionsDmrBridges": {
       "properties": {
         "count": {
           "description": "The total number of objects in the dmrBridges collection.",
@@ -8617,7 +9520,7 @@
       },
       "type": "object"
     },
-    "MsgVpnCollectionsJndiconnectionfactories": {
+    "MsgVpnCollectionsJndiConnectionFactories": {
       "properties": {
         "count": {
           "description": "The total number of objects in the jndiConnectionFactories collection.",
@@ -8627,7 +9530,7 @@
       },
       "type": "object"
     },
-    "MsgVpnCollectionsJndiqueues": {
+    "MsgVpnCollectionsJndiQueues": {
       "properties": {
         "count": {
           "description": "The total number of objects in the jndiQueues collection.",
@@ -8637,7 +9540,7 @@
       },
       "type": "object"
     },
-    "MsgVpnCollectionsJnditopics": {
+    "MsgVpnCollectionsJndiTopics": {
       "properties": {
         "count": {
           "description": "The total number of objects in the jndiTopics collection.",
@@ -8647,7 +9550,7 @@
       },
       "type": "object"
     },
-    "MsgVpnCollectionsMqttretaincaches": {
+    "MsgVpnCollectionsMqttRetainCaches": {
       "properties": {
         "count": {
           "description": "The total number of objects in the mqttRetainCaches collection.",
@@ -8657,7 +9560,7 @@
       },
       "type": "object"
     },
-    "MsgVpnCollectionsMqttsessions": {
+    "MsgVpnCollectionsMqttSessions": {
       "properties": {
         "count": {
           "description": "The total number of objects in the mqttSessions collection.",
@@ -8667,27 +9570,27 @@
       },
       "type": "object"
     },
-    "MsgVpnCollectionsQueues": {
+    "MsgVpnCollectionsQueueTemplates": {
       "properties": {
         "count": {
-          "description": "The total number of objects in the queues collection. Available since 2.12.",
+          "description": "The total number of objects in the queueTemplates collection. Available since 2.14.",
           "format": "int64",
           "type": "integer"
         }
       },
       "type": "object"
     },
-    "MsgVpnCollectionsQueuetemplates": {
+    "MsgVpnCollectionsQueues": {
       "properties": {
         "count": {
-          "description": "The total number of objects in the queueTemplates collection. Available since 2.14.",
+          "description": "The total number of objects in the queues collection. Available since 2.12.",
           "format": "int64",
           "type": "integer"
         }
       },
       "type": "object"
     },
-    "MsgVpnCollectionsReplaylogs": {
+    "MsgVpnCollectionsReplayLogs": {
       "properties": {
         "count": {
           "description": "The total number of objects in the replayLogs collection.",
@@ -8697,7 +9600,7 @@
       },
       "type": "object"
     },
-    "MsgVpnCollectionsReplicatedtopics": {
+    "MsgVpnCollectionsReplicatedTopics": {
       "properties": {
         "count": {
           "description": "The total number of objects in the replicatedTopics collection. Available since 2.12.",
@@ -8707,7 +9610,7 @@
       },
       "type": "object"
     },
-    "MsgVpnCollectionsRestdeliverypoints": {
+    "MsgVpnCollectionsRestDeliveryPoints": {
       "properties": {
         "count": {
           "description": "The total number of objects in the restDeliveryPoints collection.",
@@ -8717,17 +9620,17 @@
       },
       "type": "object"
     },
-    "MsgVpnCollectionsTopicendpoints": {
+    "MsgVpnCollectionsTelemetryProfiles": {
       "properties": {
         "count": {
-          "description": "The total number of objects in the topicEndpoints collection. Available since 2.12.",
+          "description": "The total number of objects in the telemetryProfiles collection. Available since 2.31.",
           "format": "int64",
           "type": "integer"
         }
       },
       "type": "object"
     },
-    "MsgVpnCollectionsTopicendpointtemplates": {
+    "MsgVpnCollectionsTopicEndpointTemplates": {
       "properties": {
         "count": {
           "description": "The total number of objects in the topicEndpointTemplates collection. Available since 2.14.",
@@ -8737,6 +9640,16 @@
       },
       "type": "object"
     },
+    "MsgVpnCollectionsTopicEndpoints": {
+      "properties": {
+        "count": {
+          "description": "The total number of objects in the topicEndpoints collection. Available since 2.12.",
+          "format": "int64",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
     "MsgVpnCollectionsTransactions": {
       "properties": {
         "count": {
@@ -8932,10 +9845,21 @@
     },
     "MsgVpnDistributedCache": {
       "properties": {
+        "cacheManagementUp": {
+          "description": "Indicates whether managing of the distributed cache over the  message bus is operationally up in the Message VPN. Available since 2.28.",
+          "type": "boolean"
+        },
         "cacheName": {
           "description": "The name of the Distributed Cache.",
           "type": "string"
         },
+        "cacheVirtualRouter": {
+          "description": "The virtual router of the Distributed Cache. The allowed values and their meaning are:\n\n<pre>\n\"auto\" - The Distributed Cache is automatically assigned a virtual router at creation, depending on the broker's active-standby role.\n</pre>\n Available since 2.28.",
+          "enum": [
+            "auto"
+          ],
+          "type": "string"
+        },
         "enabled": {
           "description": "Indicates whether the Distributed Cache is enabled.",
           "type": "boolean"
@@ -8945,6 +9869,15 @@
           "format": "int64",
           "type": "integer"
         },
+        "lastFailureReason": {
+          "description": "The reason for the last distributed cache management failure. Available since 2.28.",
+          "type": "string"
+        },
+        "lastFailureTime": {
+          "description": "The timestamp of the last distributed cache management failure. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time). Available since 2.28.",
+          "format": "int32",
+          "type": "integer"
+        },
         "msgVpnName": {
           "description": "The name of the Message VPN.",
           "type": "string"
@@ -8954,11 +9887,11 @@
           "type": "boolean"
         },
         "scheduledDeleteMsgDayList": {
-          "description": "The scheduled delete message day(s), specified as \"daily\" or a comma-separated list of days. Days must be specified as \"Sun\", \"Mon\", \"Tue\", \"Wed\", \"Thu\", \"Fri\", or \"Sat\", with no spaces, and in sorted order from Sunday to Saturday.",
+          "description": "The scheduled delete message day(s), specified as \"daily\" or a comma-separated list of days. Days must be specified as \"Sun\", \"Mon\", \"Tue\", \"Wed\", \"Thu\", \"Fri\", or \"Sat\", with no spaces, and in sorted order from Sunday to Saturday. The empty-string (\"\") can also be specified, indicating no schedule is configured (\"scheduledDeleteMsgTimeList\" must also be configured to the empty-string).",
           "type": "string"
         },
         "scheduledDeleteMsgTimeList": {
-          "description": "The scheduled delete message time(s), specified as \"hourly\" or a comma-separated list of 24-hour times in the form hh:mm, or h:mm. There must be no spaces, and times (up to 4) must be in sorted order from 0:00 to 23:59.",
+          "description": "The scheduled delete message time(s), specified as \"hourly\" or a comma-separated list of 24-hour times in the form hh:mm, or h:mm. There must be no spaces, and times (up to 4) must be in sorted order from 0:00 to 23:59. The empty-string (\"\") can also be specified, indicating no schedule is configured (\"scheduledDeleteMsgDayList\" must also be configured to the empty-string).",
           "type": "string"
         }
       },
@@ -9060,7 +9993,7 @@
     "MsgVpnDistributedCacheClusterCollections": {
       "properties": {
         "globalCachingHomeClusters": {
-          "$ref": "#/definitions/MsgVpnDistributedCacheClusterCollectionsGlobalcachinghomeclusters"
+          "$ref": "#/definitions/MsgVpnDistributedCacheClusterCollectionsGlobalCachingHomeClusters"
         },
         "instances": {
           "$ref": "#/definitions/MsgVpnDistributedCacheClusterCollectionsInstances"
@@ -9071,7 +10004,7 @@
       },
       "type": "object"
     },
-    "MsgVpnDistributedCacheClusterCollectionsGlobalcachinghomeclusters": {
+    "MsgVpnDistributedCacheClusterCollectionsGlobalCachingHomeClusters": {
       "properties": {
         "count": {
           "description": "The total number of objects in the globalCachingHomeClusters collection.",
@@ -9125,12 +10058,12 @@
     "MsgVpnDistributedCacheClusterGlobalCachingHomeClusterCollections": {
       "properties": {
         "topicPrefixes": {
-          "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterCollectionsTopicprefixes"
+          "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterCollectionsTopicPrefixes"
         }
       },
       "type": "object"
     },
-    "MsgVpnDistributedCacheClusterGlobalCachingHomeClusterCollectionsTopicprefixes": {
+    "MsgVpnDistributedCacheClusterGlobalCachingHomeClusterCollectionsTopicPrefixes": {
       "properties": {
         "count": {
           "description": "The total number of objects in the topicPrefixes collection.",
@@ -9483,15 +10416,15 @@
     "MsgVpnDistributedCacheClusterInstanceCollections": {
       "properties": {
         "remoteGlobalCachingHomeClusters": {
-          "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceCollectionsRemoteglobalcachinghomeclusters"
+          "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceCollectionsRemoteGlobalCachingHomeClusters"
         },
         "remoteTopics": {
-          "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceCollectionsRemotetopics"
+          "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceCollectionsRemoteTopics"
         }
       },
       "type": "object"
     },
-    "MsgVpnDistributedCacheClusterInstanceCollectionsRemoteglobalcachinghomeclusters": {
+    "MsgVpnDistributedCacheClusterInstanceCollectionsRemoteGlobalCachingHomeClusters": {
       "properties": {
         "count": {
           "description": "The total number of objects in the remoteGlobalCachingHomeClusters collection.",
@@ -9501,7 +10434,7 @@
       },
       "type": "object"
     },
-    "MsgVpnDistributedCacheClusterInstanceCollectionsRemotetopics": {
+    "MsgVpnDistributedCacheClusterInstanceCollectionsRemoteTopics": {
       "properties": {
         "count": {
           "description": "The total number of objects in the remoteTopics collection.",
@@ -10670,6 +11603,10 @@
           "description": "The URI of this Message VPN's collection of Bridge objects.",
           "type": "string"
         },
+        "certMatchingRulesUri": {
+          "description": "The URI of this Message VPN's collection of Certificate Matching Rule objects. Available since 2.27.",
+          "type": "string"
+        },
         "clientProfilesUri": {
           "description": "The URI of this Message VPN's collection of Client Profile objects.",
           "type": "string"
@@ -10734,6 +11671,10 @@
           "description": "The URI of this Message VPN's collection of REST Delivery Point objects.",
           "type": "string"
         },
+        "telemetryProfilesUri": {
+          "description": "The URI of this Message VPN's collection of Telemetry Profile objects. Available since 2.31.",
+          "type": "string"
+        },
         "topicEndpointTemplatesUri": {
           "description": "The URI of this Message VPN's collection of Topic Endpoint Template objects. Available since 2.14.",
           "type": "string"
@@ -10793,7 +11734,7 @@
           "type": "string"
         },
         "msgLifetime": {
-          "description": "The message lifetime, in seconds. If a message remains cached for the duration of its lifetime, the cache will remove the message. A lifetime of 0 results in the message being retained indefinitely.",
+          "description": "The message lifetime, in seconds. If a message remains cached for the duration of its lifetime, the cache will remove the message. A lifetime of 0 results in the message being retained indefinitely, otherwise it must be 3 seconds or more.",
           "format": "int64",
           "type": "integer"
         },
@@ -11703,6 +12644,25 @@
           "format": "int64",
           "type": "integer"
         },
+        "redeliveryDelayEnabled": {
+          "description": "Enable or disable a message redelivery delay. When false, messages are redelivered as soon as possible.  When true, messages are redelivered according to the initial, max and multiplier.  This should only be enabled when redelivery is enabled. Available since 2.33.",
+          "type": "boolean"
+        },
+        "redeliveryDelayInitialInterval": {
+          "description": "The delay to be used between the first 2 redelivery attempts.  This value is in milliseconds. Available since 2.33.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "redeliveryDelayMaxInterval": {
+          "description": "The maximum delay to be used between any 2 redelivery attempts.  This value is in milliseconds.  Due to technical limitations, some redelivery attempt delays may slightly exceed this value. Available since 2.33.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "redeliveryDelayMultiplier": {
+          "description": "The amount each delay interval is multiplied by after each failed delivery attempt.  This number is in a fixed-point decimal format in which you must divide by 100 to get the floating point value. For example, a value of 125 would cause the delay to be multiplied by 1.25. Available since 2.33.",
+          "format": "int32",
+          "type": "integer"
+        },
         "redeliveryEnabled": {
           "description": "Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by maxRedeliveryCount. When disabled, the message will never be delivered from the queue more than once. Available since 2.18.",
           "type": "boolean"
@@ -11827,7 +12787,7 @@
           "type": "integer"
         },
         "virtualRouter": {
-          "description": "The virtual router of the Queue. The allowed values and their meaning are:\n\n<pre>\n\"primary\" - The endpoint belongs to the primary virtual router.\n\"backup\" - The endpoint belongs to the backup virtual router.\n</pre>\n",
+          "description": "The virtual router of the Queue. The allowed values and their meaning are:\n\n<pre>\n\"primary\" - The endpoint belongs to the primary virtual router.\n\"backup\" - The endpoint belongs to the backup virtual router.\n</pre>\n Deprecated since 2.31. This attribute has been deprecated. When Guaranteed Messaging is active, this value is always the virtual router for which Guaranteed Messaging is enabled. Otherwise, this value should be ignored.",
           "type": "string"
         }
       },
@@ -11845,7 +12805,7 @@
           "$ref": "#/definitions/MsgVpnQueueCollectionsSubscriptions"
         },
         "txFlows": {
-          "$ref": "#/definitions/MsgVpnQueueCollectionsTxflows"
+          "$ref": "#/definitions/MsgVpnQueueCollectionsTxFlows"
         }
       },
       "type": "object"
@@ -11880,7 +12840,7 @@
       },
       "type": "object"
     },
-    "MsgVpnQueueCollectionsTxflows": {
+    "MsgVpnQueueCollectionsTxFlows": {
       "properties": {
         "count": {
           "description": "The total number of objects in the txFlows collection.",
@@ -12342,6 +13302,25 @@
           "description": "The name of the Queue Template.",
           "type": "string"
         },
+        "redeliveryDelayEnabled": {
+          "description": "Enable or disable a message redelivery delay. When false, messages are redelivered as soon as possible.  When true, messages are redelivered according to the initial, max and multiplier.  This should only be enabled when redelivery is enabled. Available since 2.33.",
+          "type": "boolean"
+        },
+        "redeliveryDelayInitialInterval": {
+          "description": "The delay to be used between the first 2 redelivery attempts.  This value is in milliseconds. Available since 2.33.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "redeliveryDelayMaxInterval": {
+          "description": "The maximum delay to be used between any 2 redelivery attempts.  This value is in milliseconds.  Due to technical limitations, some redelivery attempt delays may slightly exceed this value. Available since 2.33.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "redeliveryDelayMultiplier": {
+          "description": "The amount each delay interval is multiplied by after each failed delivery attempt.  This number is in a fixed-point decimal format in which you must divide by 100 to get the floating point value. For example, a value of 125 would cause the delay to be multiplied by 1.25. Available since 2.33.",
+          "format": "int32",
+          "type": "integer"
+        },
         "redeliveryEnabled": {
           "description": "Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by maxRedeliveryCount. When disabled, the message will never be delivered from the queue more than once. Available since 2.18.",
           "type": "boolean"
@@ -12771,6 +13750,10 @@
         "replayLogName": {
           "description": "The name of the Replay Log.",
           "type": "string"
+        },
+        "topicFilterEnabled": {
+          "description": "Enable or disable topic filtering for the Replay Log. Available since 2.27.",
+          "type": "boolean"
         }
       },
       "type": "object"
@@ -12779,6 +13762,9 @@
       "properties": {
         "msgs": {
           "$ref": "#/definitions/MsgVpnReplayLogCollectionsMsgs"
+        },
+        "topicFilterSubscriptions": {
+          "$ref": "#/definitions/MsgVpnReplayLogCollectionsTopicFilterSubscriptions"
         }
       },
       "type": "object"
@@ -12793,12 +13779,26 @@
       },
       "type": "object"
     },
+    "MsgVpnReplayLogCollectionsTopicFilterSubscriptions": {
+      "properties": {
+        "count": {
+          "description": "The total number of objects in the topicFilterSubscriptions collection. Available since 2.27.",
+          "format": "int64",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
     "MsgVpnReplayLogLinks": {
       "properties": {
         "msgsUri": {
           "description": "The URI of this Replay Log's collection of Message objects.",
           "type": "string"
         },
+        "topicFilterSubscriptionsUri": {
+          "description": "The URI of this Replay Log's collection of Topic Filter Subscription objects. Available since 2.27.",
+          "type": "string"
+        },
         "uri": {
           "description": "The URI of this Replay Log object.",
           "type": "string"
@@ -12944,6 +13944,85 @@
       ],
       "type": "object"
     },
+    "MsgVpnReplayLogTopicFilterSubscription": {
+      "properties": {
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "type": "string"
+        },
+        "replayLogName": {
+          "description": "The name of the Replay Log.",
+          "type": "string"
+        },
+        "topicFilterSubscription": {
+          "description": "The topic of the Subscription.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnReplayLogTopicFilterSubscriptionCollections": {
+      "properties": {},
+      "type": "object"
+    },
+    "MsgVpnReplayLogTopicFilterSubscriptionLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Topic Filter Subscription object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnReplayLogTopicFilterSubscriptionResponse": {
+      "properties": {
+        "collections": {
+          "$ref": "#/definitions/MsgVpnReplayLogTopicFilterSubscriptionCollections"
+        },
+        "data": {
+          "$ref": "#/definitions/MsgVpnReplayLogTopicFilterSubscription"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnReplayLogTopicFilterSubscriptionLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnReplayLogTopicFilterSubscriptionsResponse": {
+      "properties": {
+        "collections": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnReplayLogTopicFilterSubscriptionCollections"
+          },
+          "type": "array"
+        },
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnReplayLogTopicFilterSubscription"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnReplayLogTopicFilterSubscriptionLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
     "MsgVpnReplayLogsResponse": {
       "properties": {
         "collections": {
@@ -13130,15 +14209,15 @@
     "MsgVpnRestDeliveryPointCollections": {
       "properties": {
         "queueBindings": {
-          "$ref": "#/definitions/MsgVpnRestDeliveryPointCollectionsQueuebindings"
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointCollectionsQueueBindings"
         },
         "restConsumers": {
-          "$ref": "#/definitions/MsgVpnRestDeliveryPointCollectionsRestconsumers"
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointCollectionsRestConsumers"
         }
       },
       "type": "object"
     },
-    "MsgVpnRestDeliveryPointCollectionsQueuebindings": {
+    "MsgVpnRestDeliveryPointCollectionsQueueBindings": {
       "properties": {
         "count": {
           "description": "The total number of objects in the queueBindings collection.",
@@ -13148,7 +14227,7 @@
       },
       "type": "object"
     },
-    "MsgVpnRestDeliveryPointCollectionsRestconsumers": {
+    "MsgVpnRestDeliveryPointCollectionsRestConsumers": {
       "properties": {
         "count": {
           "description": "The total number of objects in the restConsumers collection.",
@@ -13228,13 +14307,26 @@
     },
     "MsgVpnRestDeliveryPointQueueBindingCollections": {
       "properties": {
+        "protectedRequestHeaders": {
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingCollectionsProtectedRequestHeaders"
+        },
         "requestHeaders": {
-          "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingCollectionsRequestheaders"
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingCollectionsRequestHeaders"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointQueueBindingCollectionsProtectedRequestHeaders": {
+      "properties": {
+        "count": {
+          "description": "The total number of objects in the protectedRequestHeaders collection. Available since 2.30.",
+          "format": "int64",
+          "type": "integer"
         }
       },
       "type": "object"
     },
-    "MsgVpnRestDeliveryPointQueueBindingCollectionsRequestheaders": {
+    "MsgVpnRestDeliveryPointQueueBindingCollectionsRequestHeaders": {
       "properties": {
         "count": {
           "description": "The total number of objects in the requestHeaders collection. Available since 2.23.",
@@ -13246,6 +14338,10 @@
     },
     "MsgVpnRestDeliveryPointQueueBindingLinks": {
       "properties": {
+        "protectedRequestHeadersUri": {
+          "description": "The URI of this Queue Binding's collection of Protected Request Header objects. Available since 2.30.",
+          "type": "string"
+        },
         "requestHeadersUri": {
           "description": "The URI of this Queue Binding's collection of Request Header objects. Available since 2.23.",
           "type": "string"
@@ -13257,14 +14353,10 @@
       },
       "type": "object"
     },
-    "MsgVpnRestDeliveryPointQueueBindingRequestHeader": {
+    "MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader": {
       "properties": {
         "headerName": {
-          "description": "The name of the HTTP request header.",
-          "type": "string"
-        },
-        "headerValue": {
-          "description": "A substitution expression for the value of the HTTP request header.",
+          "description": "The name of the protected HTTP request header.",
           "type": "string"
         },
         "msgVpnName": {
@@ -13282,29 +14374,29 @@
       },
       "type": "object"
     },
-    "MsgVpnRestDeliveryPointQueueBindingRequestHeaderCollections": {
+    "MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaderCollections": {
       "properties": {},
       "type": "object"
     },
-    "MsgVpnRestDeliveryPointQueueBindingRequestHeaderLinks": {
+    "MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaderLinks": {
       "properties": {
         "uri": {
-          "description": "The URI of this Request Header object.",
+          "description": "The URI of this Protected Request Header object.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "MsgVpnRestDeliveryPointQueueBindingRequestHeaderResponse": {
+    "MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaderResponse": {
       "properties": {
         "collections": {
-          "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeaderCollections"
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaderCollections"
         },
         "data": {
-          "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeader"
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader"
         },
         "links": {
-          "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeaderLinks"
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaderLinks"
         },
         "meta": {
           "$ref": "#/definitions/SempMeta"
@@ -13315,23 +14407,23 @@
       ],
       "type": "object"
     },
-    "MsgVpnRestDeliveryPointQueueBindingRequestHeadersResponse": {
+    "MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeadersResponse": {
       "properties": {
         "collections": {
           "items": {
-            "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeaderCollections"
+            "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaderCollections"
           },
           "type": "array"
         },
         "data": {
           "items": {
-            "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeader"
+            "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader"
           },
           "type": "array"
         },
         "links": {
           "items": {
-            "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeaderLinks"
+            "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaderLinks"
           },
           "type": "array"
         },
@@ -13344,7 +14436,94 @@
       ],
       "type": "object"
     },
-    "MsgVpnRestDeliveryPointQueueBindingResponse": {
+    "MsgVpnRestDeliveryPointQueueBindingRequestHeader": {
+      "properties": {
+        "headerName": {
+          "description": "The name of the HTTP request header.",
+          "type": "string"
+        },
+        "headerValue": {
+          "description": "A substitution expression for the value of the HTTP request header.",
+          "type": "string"
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "type": "string"
+        },
+        "queueBindingName": {
+          "description": "The name of a queue in the Message VPN.",
+          "type": "string"
+        },
+        "restDeliveryPointName": {
+          "description": "The name of the REST Delivery Point.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointQueueBindingRequestHeaderCollections": {
+      "properties": {},
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointQueueBindingRequestHeaderLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Request Header object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointQueueBindingRequestHeaderResponse": {
+      "properties": {
+        "collections": {
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeaderCollections"
+        },
+        "data": {
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeader"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeaderLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointQueueBindingRequestHeadersResponse": {
+      "properties": {
+        "collections": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeaderCollections"
+          },
+          "type": "array"
+        },
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeader"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeaderLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointQueueBindingResponse": {
       "properties": {
         "collections": {
           "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingCollections"
@@ -13427,6 +14606,15 @@
           "description": "The AWS service id. Available since 2.26.",
           "type": "string"
         },
+        "authenticationClientCertConfigTime": {
+          "description": "The timestamp of when the client-certificate was configured. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time). Available since 2.28.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "authenticationClientCertThumbprint": {
+          "description": "The thumbprint of the client-certificate. Available since 2.28.",
+          "type": "string"
+        },
         "authenticationHttpBasicUsername": {
           "description": "The username that the REST Consumer will use to login to the REST host.",
           "type": "string"
@@ -13456,6 +14644,11 @@
           "description": "The OAuth token endpoint URL that the REST Consumer will use to request a token for login to the REST host. Must begin with \"https\". Available since 2.19.",
           "type": "string"
         },
+        "authenticationOauthClientTokenExpiryDefault": {
+          "description": "The default expiry time for a token, in seconds. Only used when the token endpoint does not return an expiry time. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. Available since 2.30.",
+          "format": "int32",
+          "type": "integer"
+        },
         "authenticationOauthClientTokenLifetime": {
           "description": "The validity duration of the OAuth token. Available since 2.19.",
           "format": "int64",
@@ -13483,6 +14676,11 @@
           "description": "The OAuth token endpoint URL that the REST Consumer will use to request a token for login to the REST host. Available since 2.21.",
           "type": "string"
         },
+        "authenticationOauthJwtTokenExpiryDefault": {
+          "description": "The default expiry time for a token, in seconds. Only used when the token endpoint does not return an expiry time. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. Available since 2.30.",
+          "format": "int32",
+          "type": "integer"
+        },
         "authenticationOauthJwtTokenLifetime": {
           "description": "The validity duration of the OAuth token. Available since 2.21.",
           "format": "int64",
@@ -13660,15 +14858,15 @@
     "MsgVpnRestDeliveryPointRestConsumerCollections": {
       "properties": {
         "oauthJwtClaims": {
-          "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerCollectionsOauthjwtclaims"
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerCollectionsOauthJwtClaims"
         },
         "tlsTrustedCommonNames": {
-          "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerCollectionsTlstrustedcommonnames"
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerCollectionsTlsTrustedCommonNames"
         }
       },
       "type": "object"
     },
-    "MsgVpnRestDeliveryPointRestConsumerCollectionsOauthjwtclaims": {
+    "MsgVpnRestDeliveryPointRestConsumerCollectionsOauthJwtClaims": {
       "properties": {
         "count": {
           "description": "The total number of objects in the oauthJwtClaims collection. Available since 2.21.",
@@ -13678,7 +14876,7 @@
       },
       "type": "object"
     },
-    "MsgVpnRestDeliveryPointRestConsumerCollectionsTlstrustedcommonnames": {
+    "MsgVpnRestDeliveryPointRestConsumerCollectionsTlsTrustedCommonNames": {
       "properties": {
         "count": {
           "description": "The total number of objects in the tlsTrustedCommonNames collection. Deprecated since 2.17. Common Name validation has been replaced by Server Certificate Name validation.",
@@ -14004,879 +15202,791 @@
       ],
       "type": "object"
     },
-    "MsgVpnTopicEndpoint": {
+    "MsgVpnTelemetryProfile": {
       "properties": {
-        "accessType": {
-          "description": "The access type for delivering messages to consumer flows bound to the Topic Endpoint. The allowed values and their meaning are:\n\n<pre>\n\"exclusive\" - Exclusive delivery of messages to the first bound consumer flow.\n\"non-exclusive\" - Non-exclusive delivery of messages to all bound consumer flows in a round-robin fashion.\n</pre>\n",
-          "enum": [
-            "exclusive",
-            "non-exclusive"
-          ],
+        "aclProfileName": {
+          "description": "The name of the Telemetry Profile ACL Profile.",
           "type": "string"
         },
-        "alreadyBoundBindFailureCount": {
-          "description": "The number of Topic Endpoint bind failures due to being already bound.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "averageBindRequestRate": {
-          "description": "The one minute average of the bind request rate received by the Topic Endpoint, in binds per second (binds/sec). Available since 2.25.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "averageRxByteRate": {
-          "description": "The one minute average of the message rate received by the Topic Endpoint, in bytes per second (B/sec).",
-          "format": "int64",
-          "type": "integer"
-        },
-        "averageRxMsgRate": {
-          "description": "The one minute average of the message rate received by the Topic Endpoint, in messages per second (msg/sec).",
-          "format": "int64",
-          "type": "integer"
+        "clientProfileName": {
+          "description": "The name of the Telemetry Profile Client Profile.",
+          "type": "string"
         },
-        "averageTxByteRate": {
-          "description": "The one minute average of the message rate transmitted by the Topic Endpoint, in bytes per second (B/sec).",
-          "format": "int64",
-          "type": "integer"
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "type": "string"
         },
-        "averageTxMsgRate": {
-          "description": "The one minute average of the message rate transmitted by the Topic Endpoint, in messages per second (msg/sec).",
-          "format": "int64",
-          "type": "integer"
+        "queueEventBindCountThreshold": {
+          "$ref": "#/definitions/EventThreshold"
         },
-        "bindRequestCount": {
-          "description": "The number of consumer requests to bind to the Topic Endpoint.",
-          "format": "int64",
-          "type": "integer"
+        "queueEventMsgSpoolUsageThreshold": {
+          "$ref": "#/definitions/EventThreshold"
         },
-        "bindRequestRate": {
-          "description": "The current bind request rate received by the Topic Endpoint, in binds per second (binds/sec). Available since 2.25.",
+        "queueMaxBindCount": {
+          "description": "The maximum number of consumer flows that can bind to the Queue.",
           "format": "int64",
           "type": "integer"
         },
-        "bindSuccessCount": {
-          "description": "The number of successful consumer requests to bind to the Topic Endpoint.",
+        "queueMaxMsgSpoolUsage": {
+          "description": "The maximum message spool usage allowed by the Queue, in megabytes (MB).",
           "format": "int64",
           "type": "integer"
         },
-        "bindTimeForwardingMode": {
-          "description": "The forwarding mode of the Topic Endpoint at bind time. The allowed values and their meaning are:\n\n<pre>\n\"store-and-forward\" - Deliver messages using the guaranteed data path.\n\"cut-through\" - Deliver messages using the direct and guaranteed data paths for lower latency.\n</pre>\n",
+        "queueName": {
+          "description": "The name of the Telemetry Profile Queue.",
           "type": "string"
         },
-        "clientProfileDeniedDiscardedMsgCount": {
-          "description": "The number of guaranteed messages discarded by the Topic Endpoint due to being denied by the Client Profile.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "consumerAckPropagationEnabled": {
-          "description": "Indicates whether the propagation of consumer acknowledgements (ACKs) received on the active replication Message VPN to the standby replication Message VPN is enabled.",
-          "type": "boolean"
+        "receiverAclConnectDefaultAction": {
+          "description": "The default action to take when a receiver client connects to the broker. The allowed values and their meaning are:\n\n<pre>\n\"allow\" - Allow client connection unless an exception is found for it.\n\"disallow\" - Disallow client connection unless an exception is found for it.\n</pre>\n",
+          "enum": [
+            "allow",
+            "disallow"
+          ],
+          "type": "string"
         },
-        "createdByManagement": {
-          "description": "Indicates whether the Topic Endpoint was created by a management API (CLI or SEMP).",
+        "receiverEnabled": {
+          "description": "Enable or disable the ability for receiver clients to consume from the #telemetry queue.",
           "type": "boolean"
         },
-        "deadMsgQueue": {
-          "description": "The name of the Dead Message Queue (DMQ) used by the Topic Endpoint.",
-          "type": "string"
+        "receiverEventConnectionCountPerClientUsernameThreshold": {
+          "$ref": "#/definitions/EventThreshold"
         },
-        "deletedMsgCount": {
-          "description": "The number of guaranteed messages deleted from the Topic Endpoint.",
+        "receiverMaxConnectionCountPerClientUsername": {
+          "description": "The maximum number of receiver connections per Client Username.",
           "format": "int64",
           "type": "integer"
         },
-        "deliveryCountEnabled": {
-          "description": "Enable or disable the ability for client applications to query the message delivery count of messages received from the Topic Endpoint. This is a controlled availability feature. Please contact support to find out if this feature is supported for your use case. Available since 2.19.",
-          "type": "boolean"
-        },
-        "deliveryDelay": {
-          "description": "The delay, in seconds, to apply to messages arriving on the Topic Endpoint before the messages are eligible for delivery. Available since 2.22.",
+        "receiverTcpCongestionWindowSize": {
+          "description": "The TCP initial congestion window size for clients using the Client Profile, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value.",
           "format": "int64",
           "type": "integer"
         },
-        "destinationGroupErrorDiscardedMsgCount": {
-          "description": "The number of guaranteed messages discarded by the Topic Endpoint due to a destination group error.",
+        "receiverTcpKeepaliveCount": {
+          "description": "The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available.",
           "format": "int64",
           "type": "integer"
         },
-        "destinationTopic": {
-          "description": "The destination topic of the Topic Endpoint.",
-          "type": "string"
-        },
-        "disabledBindFailureCount": {
-          "description": "The number of Topic Endpoint bind failures due to being disabled.",
+        "receiverTcpKeepaliveIdleTime": {
+          "description": "The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds.",
           "format": "int64",
           "type": "integer"
         },
-        "disabledDiscardedMsgCount": {
-          "description": "The number of guaranteed messages discarded by the Topic Endpoint due to it being disabled.",
+        "receiverTcpKeepaliveInterval": {
+          "description": "The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgement is received, in seconds.",
           "format": "int64",
           "type": "integer"
         },
-        "durable": {
-          "description": "Indicates whether the Topic Endpoint is durable and not temporary.",
-          "type": "boolean"
-        },
-        "egressEnabled": {
-          "description": "Indicates whether the transmission of messages from the Topic Endpoint is enabled.",
-          "type": "boolean"
-        },
-        "eventBindCountThreshold": {
-          "$ref": "#/definitions/EventThreshold"
-        },
-        "eventRejectLowPriorityMsgLimitThreshold": {
-          "$ref": "#/definitions/EventThreshold"
-        },
-        "eventSpoolUsageThreshold": {
-          "$ref": "#/definitions/EventThreshold"
-        },
-        "highestAckedMsgId": {
-          "description": "The highest identifier (ID) of guaranteed messages in the Topic Endpoint that were acknowledged.",
+        "receiverTcpMaxSegmentSize": {
+          "description": "The TCP maximum segment size for clients using the Client Profile, in bytes. Changes are applied to all existing connections.",
           "format": "int64",
           "type": "integer"
         },
-        "highestMsgId": {
-          "description": "The highest identifier (ID) of guaranteed messages in the Topic Endpoint.",
+        "receiverTcpMaxWindowSize": {
+          "description": "The TCP maximum window size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections.",
           "format": "int64",
           "type": "integer"
         },
-        "inProgressAckMsgCount": {
-          "description": "The number of acknowledgement messages received by the Topic Endpoint that are in the process of updating and deleting associated guaranteed messages.",
-          "format": "int64",
-          "type": "integer"
+        "telemetryProfileName": {
+          "description": "The name of the Telemetry Profile.",
+          "type": "string"
         },
-        "ingressEnabled": {
-          "description": "Indicates whether the reception of messages to the Topic Endpoint is enabled.",
+        "traceEnabled": {
+          "description": "Enable or disable generation of all trace span data messages. When enabled, the state of configured trace filters control which messages get traced. When disabled, trace span data messages are never generated, regardless of the state of trace filters.",
           "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileCollections": {
+      "properties": {
+        "receiverAclConnectExceptions": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileCollectionsReceiverAclConnectExceptions"
         },
-        "invalidSelectorBindFailureCount": {
-          "description": "The number of Topic Endpoint bind failures due to an invalid selector.",
+        "traceFilters": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileCollectionsTraceFilters"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileCollectionsReceiverAclConnectExceptions": {
+      "properties": {
+        "count": {
+          "description": "The total number of objects in the receiverAclConnectExceptions collection.",
           "format": "int64",
           "type": "integer"
-        },
-        "lastReplayCompleteTime": {
-          "description": "The timestamp of the last completed replay for the Topic Endpoint. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
-          "format": "int32",
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileCollectionsTraceFilters": {
+      "properties": {
+        "count": {
+          "description": "The total number of objects in the traceFilters collection.",
+          "format": "int64",
           "type": "integer"
-        },
-        "lastReplayFailureReason": {
-          "description": "The reason for the last replay failure for the Topic Endpoint.",
-          "type": "string"
-        },
-        "lastReplayFailureTime": {
-          "description": "The timestamp of the last replay failure for the Topic Endpoint. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
-          "format": "int32",
-          "type": "integer"
-        },
-        "lastReplayStartTime": {
-          "description": "The timestamp of the last replay started for the Topic Endpoint. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
-          "format": "int32",
-          "type": "integer"
-        },
-        "lastReplayedMsgTxTime": {
-          "description": "The timestamp of the last replayed message transmitted by the Topic Endpoint. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
-          "format": "int32",
-          "type": "integer"
-        },
-        "lastSelectorExaminedMsgId": {
-          "description": "The identifier (ID) of the last message examined by the Topic Endpoint selector.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "lastSpooledMsgId": {
-          "description": "The identifier (ID) of the last guaranteed message spooled in the Topic Endpoint.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "lowPriorityMsgCongestionDiscardedMsgCount": {
-          "description": "The number of guaranteed messages discarded by the Topic Endpoint due to low priority message congestion control.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "lowPriorityMsgCongestionState": {
-          "description": "The state of the low priority message congestion in the Topic Endpoint. The allowed values and their meaning are:\n\n<pre>\n\"disabled\" - Messages are not being checked for priority.\n\"not-congested\" - Low priority messages are being stored and delivered.\n\"congested\" - Low priority messages are being discarded.\n</pre>\n",
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileLinks": {
+      "properties": {
+        "receiverAclConnectExceptionsUri": {
+          "description": "The URI of this Telemetry Profile's collection of Receiver ACL Connect Exception objects.",
           "type": "string"
         },
-        "lowestAckedMsgId": {
-          "description": "The lowest identifier (ID) of guaranteed messages in the Topic Endpoint that were acknowledged.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "lowestMsgId": {
-          "description": "The lowest identifier (ID) of guaranteed messages in the Topic Endpoint.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "maxBindCount": {
-          "description": "The maximum number of consumer flows that can bind to the Topic Endpoint.",
-          "format": "int64",
-          "type": "integer"
+        "traceFiltersUri": {
+          "description": "The URI of this Telemetry Profile's collection of Trace Filter objects.",
+          "type": "string"
         },
-        "maxBindCountExceededBindFailureCount": {
-          "description": "The number of Topic Endpoint bind failures due to the maximum bind count being exceeded.",
-          "format": "int64",
-          "type": "integer"
+        "uri": {
+          "description": "The URI of this Telemetry Profile object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileReceiverAclConnectException": {
+      "properties": {
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "type": "string"
         },
-        "maxDeliveredUnackedMsgsPerFlow": {
-          "description": "The maximum number of messages delivered but not acknowledged per flow for the Topic Endpoint.",
-          "format": "int64",
-          "type": "integer"
+        "receiverAclConnectExceptionAddress": {
+          "description": "The IP address/netmask of the receiver connect exception in CIDR form.",
+          "type": "string"
         },
-        "maxEffectiveBindCount": {
-          "description": "The effective maximum number of consumer flows that can bind to the Topic Endpoint.",
-          "format": "int32",
-          "type": "integer"
+        "telemetryProfileName": {
+          "description": "The name of the Telemetry Profile.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileReceiverAclConnectExceptionCollections": {
+      "properties": {},
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileReceiverAclConnectExceptionLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Receiver ACL Connect Exception object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileReceiverAclConnectExceptionResponse": {
+      "properties": {
+        "collections": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileReceiverAclConnectExceptionCollections"
         },
-        "maxMsgSize": {
-          "description": "The maximum message size allowed in the Topic Endpoint, in bytes (B).",
-          "format": "int32",
-          "type": "integer"
+        "data": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileReceiverAclConnectException"
         },
-        "maxMsgSizeExceededDiscardedMsgCount": {
-          "description": "The number of guaranteed messages discarded by the Topic Endpoint due to the maximum message size being exceeded.",
-          "format": "int64",
-          "type": "integer"
+        "links": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileReceiverAclConnectExceptionLinks"
         },
-        "maxMsgSpoolUsageExceededDiscardedMsgCount": {
-          "description": "The number of guaranteed messages discarded by the Topic Endpoint due to the maximum message spool usage being exceeded.",
-          "format": "int64",
-          "type": "integer"
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileReceiverAclConnectExceptionsResponse": {
+      "properties": {
+        "collections": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTelemetryProfileReceiverAclConnectExceptionCollections"
+          },
+          "type": "array"
         },
-        "maxRedeliveryCount": {
-          "description": "The maximum number of times the Topic Endpoint will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever.",
-          "format": "int64",
-          "type": "integer"
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTelemetryProfileReceiverAclConnectException"
+          },
+          "type": "array"
         },
-        "maxRedeliveryExceededDiscardedMsgCount": {
-          "description": "The number of guaranteed messages discarded by the Topic Endpoint due to the maximum redelivery attempts being exceeded.",
-          "format": "int64",
-          "type": "integer"
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTelemetryProfileReceiverAclConnectExceptionLinks"
+          },
+          "type": "array"
         },
-        "maxRedeliveryExceededToDmqFailedMsgCount": {
-          "description": "The number of guaranteed messages discarded by the Topic Endpoint due to the maximum redelivery attempts being exceeded and failing to move to the Dead Message Queue (DMQ).",
-          "format": "int64",
-          "type": "integer"
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileResponse": {
+      "properties": {
+        "collections": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileCollections"
         },
-        "maxRedeliveryExceededToDmqMsgCount": {
-          "description": "The number of guaranteed messages moved to the Dead Message Queue (DMQ) by the Topic Endpoint due to the maximum redelivery attempts being exceeded.",
-          "format": "int64",
-          "type": "integer"
+        "data": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfile"
         },
-        "maxSpoolUsage": {
-          "description": "The maximum message spool usage allowed by the Topic Endpoint, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking.",
-          "format": "int64",
-          "type": "integer"
+        "links": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileLinks"
         },
-        "maxTtl": {
-          "description": "The maximum time in seconds a message can stay in the Topic Endpoint when `respectTtlEnabled` is `\"true\"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `maxTtl` configured for the Topic Endpoint, is exceeded. A value of 0 disables expiry.",
-          "format": "int64",
-          "type": "integer"
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileTraceFilter": {
+      "properties": {
+        "enabled": {
+          "description": "Enable or disable the trace filter. When the filter is disabled, the filter's subscriptions will not trigger a message to be traced.",
+          "type": "boolean"
         },
-        "maxTtlExceededDiscardedMsgCount": {
-          "description": "The number of guaranteed messages discarded by the Topic Endpoint due to the maximum time-to-live (TTL) in hops being exceeded. The TTL hop count is incremented when the message crosses a bridge.",
-          "format": "int64",
-          "type": "integer"
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "type": "string"
         },
-        "maxTtlExpiredDiscardedMsgCount": {
-          "description": "The number of guaranteed messages discarded by the Topic Endpoint due to the maximum time-to-live (TTL) timestamp expiring.",
-          "format": "int64",
-          "type": "integer"
+        "telemetryProfileName": {
+          "description": "The name of the Telemetry Profile.",
+          "type": "string"
         },
-        "maxTtlExpiredToDmqFailedMsgCount": {
-          "description": "The number of guaranteed messages discarded by the Topic Endpoint due to the maximum time-to-live (TTL) timestamp expiring and failing to move to the Dead Message Queue (DMQ).",
+        "traceFilterName": {
+          "description": "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileTraceFilterCollections": {
+      "properties": {
+        "subscriptions": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterCollectionsSubscriptions"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileTraceFilterCollectionsSubscriptions": {
+      "properties": {
+        "count": {
+          "description": "The total number of objects in the subscriptions collection.",
           "format": "int64",
           "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileTraceFilterLinks": {
+      "properties": {
+        "subscriptionsUri": {
+          "description": "The URI of this Trace Filter's collection of Telemetry Trace Filter Subscription objects.",
+          "type": "string"
         },
-        "maxTtlExpiredToDmqMsgCount": {
-          "description": "The number of guaranteed messages moved to the Dead Message Queue (DMQ) by the Topic Endpoint due to the maximum time-to-live (TTL) timestamp expiring.",
-          "format": "int64",
-          "type": "integer"
+        "uri": {
+          "description": "The URI of this Trace Filter object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileTraceFilterResponse": {
+      "properties": {
+        "collections": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterCollections"
         },
-        "msgSpoolPeakUsage": {
-          "description": "The message spool peak usage by the Topic Endpoint, in bytes (B).",
-          "format": "int64",
-          "type": "integer"
+        "data": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilter"
         },
-        "msgSpoolUsage": {
-          "description": "The message spool usage by the Topic Endpoint, in bytes (B).",
-          "format": "int64",
-          "type": "integer"
+        "links": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterLinks"
         },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileTraceFilterSubscription": {
+      "properties": {
         "msgVpnName": {
           "description": "The name of the Message VPN.",
           "type": "string"
         },
-        "networkTopic": {
-          "description": "The name of the network topic for the Topic Endpoint.",
+        "subscription": {
+          "description": "Messages matching this subscription will follow this filter's configuration.",
           "type": "string"
         },
-        "noLocalDeliveryDiscardedMsgCount": {
-          "description": "The number of guaranteed messages discarded by the Topic Endpoint due to no local delivery being requested.",
-          "format": "int64",
-          "type": "integer"
+        "subscriptionSyntax": {
+          "description": "The syntax of the trace filter subscription. The allowed values and their meaning are:\n\n<pre>\n\"smf\" - Subscription uses SMF syntax.\n\"mqtt\" - Subscription uses MQTT syntax.\n</pre>\n",
+          "enum": [
+            "smf",
+            "mqtt"
+          ],
+          "type": "string"
         },
-        "otherBindFailureCount": {
-          "description": "The number of Topic Endpoint bind failures due to other reasons.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "owner": {
-          "description": "The Client Username that owns the Topic Endpoint and has permission equivalent to `\"delete\"`.",
+        "telemetryProfileName": {
+          "description": "The name of the Telemetry Profile.",
           "type": "string"
         },
-        "permission": {
-          "description": "The permission level for all consumers of the Topic Endpoint, excluding the owner. The allowed values and their meaning are:\n\n<pre>\n\"no-access\" - Disallows all access.\n\"read-only\" - Read-only access to the messages.\n\"consume\" - Consume (read and remove) messages.\n\"modify-topic\" - Consume messages or modify the topic/selector.\n\"delete\" - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.\n</pre>\n",
-          "enum": [
-            "no-access",
-            "read-only",
-            "consume",
-            "modify-topic",
-            "delete"
-          ],
+        "traceFilterName": {
+          "description": "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileTraceFilterSubscriptionCollections": {
+      "properties": {},
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileTraceFilterSubscriptionLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Telemetry Trace Filter Subscription object.",
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileTraceFilterSubscriptionResponse": {
+      "properties": {
+        "collections": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterSubscriptionCollections"
         },
-        "redeliveredMsgCount": {
-          "description": "The number of guaranteed messages transmitted by the Topic Endpoint for redelivery.",
-          "format": "int64",
-          "type": "integer"
+        "data": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterSubscription"
         },
-        "redeliveryEnabled": {
-          "description": "Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by maxRedeliveryCount. When disabled, the message will never be delivered from the topic-endpoint more than once. Available since 2.18.",
-          "type": "boolean"
+        "links": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterSubscriptionLinks"
         },
-        "rejectLowPriorityMsgEnabled": {
-          "description": "Indicates whether the checking of low priority messages against the `rejectLowPriorityMsgLimit` is enabled.",
-          "type": "boolean"
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileTraceFilterSubscriptionsResponse": {
+      "properties": {
+        "collections": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterSubscriptionCollections"
+          },
+          "type": "array"
         },
-        "rejectLowPriorityMsgLimit": {
-          "description": "The number of messages of any priority in the Topic Endpoint above which low priority messages are not admitted but higher priority messages are allowed.",
-          "format": "int64",
-          "type": "integer"
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterSubscription"
+          },
+          "type": "array"
         },
-        "rejectMsgToSenderOnDiscardBehavior": {
-          "description": "Determines when to return negative acknowledgements (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. The allowed values and their meaning are:\n\n<pre>\n\"always\" - Always return a negative acknowledgment (NACK) to the sending client on message discard.\n\"when-topic-endpoint-enabled\" - Only return a negative acknowledgment (NACK) to the sending client on message discard when the Topic Endpoint is enabled.\n\"never\" - Never return a negative acknowledgment (NACK) to the sending client on message discard.\n</pre>\n",
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterSubscriptionLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileTraceFiltersResponse": {
+      "properties": {
+        "collections": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterCollections"
+          },
+          "type": "array"
+        },
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilter"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfilesResponse": {
+      "properties": {
+        "collections": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTelemetryProfileCollections"
+          },
+          "type": "array"
+        },
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTelemetryProfile"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTelemetryProfileLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTopicEndpoint": {
+      "properties": {
+        "accessType": {
+          "description": "The access type for delivering messages to consumer flows bound to the Topic Endpoint. The allowed values and their meaning are:\n\n<pre>\n\"exclusive\" - Exclusive delivery of messages to the first bound consumer flow.\n\"non-exclusive\" - Non-exclusive delivery of messages to all bound consumer flows in a round-robin fashion.\n</pre>\n",
           "enum": [
-            "always",
-            "when-topic-endpoint-enabled",
-            "never"
+            "exclusive",
+            "non-exclusive"
           ],
           "type": "string"
         },
-        "replayFailureCount": {
-          "description": "The number of replays that failed for the Topic Endpoint.",
+        "alreadyBoundBindFailureCount": {
+          "description": "The number of Topic Endpoint bind failures due to being already bound.",
           "format": "int64",
           "type": "integer"
         },
-        "replayStartCount": {
-          "description": "The number of replays started for the Topic Endpoint.",
+        "averageBindRequestRate": {
+          "description": "The one minute average of the bind request rate received by the Topic Endpoint, in binds per second (binds/sec). Available since 2.25.",
           "format": "int64",
           "type": "integer"
         },
-        "replayState": {
-          "description": "The state of replay for the Topic Endpoint. The allowed values and their meaning are:\n\n<pre>\n\"initializing\" - All messages are being deleted from the endpoint before replay starts.\n\"active\" - Subscription matching logged messages are being replayed to the endpoint.\n\"pending-complete\" - Replay is complete, but final accounting is in progress.\n\"complete\" - Replay and all related activities are complete.\n\"failed\" - Replay has failed and is waiting for an unbind response.\n</pre>\n",
-          "type": "string"
-        },
-        "replaySuccessCount": {
-          "description": "The number of replays that succeeded for the Topic Endpoint.",
+        "averageRxByteRate": {
+          "description": "The one minute average of the message rate received by the Topic Endpoint, in bytes per second (B/sec).",
           "format": "int64",
           "type": "integer"
         },
-        "replayedAckedMsgCount": {
-          "description": "The number of replayed messages transmitted by the Topic Endpoint and acked by all consumers.",
+        "averageRxMsgRate": {
+          "description": "The one minute average of the message rate received by the Topic Endpoint, in messages per second (msg/sec).",
           "format": "int64",
           "type": "integer"
         },
-        "replayedTxMsgCount": {
-          "description": "The number of replayed messages transmitted by the Topic Endpoint.",
+        "averageTxByteRate": {
+          "description": "The one minute average of the message rate transmitted by the Topic Endpoint, in bytes per second (B/sec).",
           "format": "int64",
           "type": "integer"
         },
-        "replicationActiveAckPropTxMsgCount": {
-          "description": "The number of acknowledgement messages propagated by the Topic Endpoint to the replication standby remote Message VPN.",
+        "averageTxMsgRate": {
+          "description": "The one minute average of the message rate transmitted by the Topic Endpoint, in messages per second (msg/sec).",
           "format": "int64",
           "type": "integer"
         },
-        "replicationStandbyAckPropRxMsgCount": {
-          "description": "The number of propagated acknowledgement messages received by the Topic Endpoint from the replication active remote Message VPN.",
+        "bindRequestCount": {
+          "description": "The number of consumer requests to bind to the Topic Endpoint.",
           "format": "int64",
           "type": "integer"
         },
-        "replicationStandbyAckedByAckPropMsgCount": {
-          "description": "The number of messages acknowledged in the Topic Endpoint by acknowledgement propagation from the replication active remote Message VPN.",
+        "bindRequestRate": {
+          "description": "The current bind request rate received by the Topic Endpoint, in binds per second (binds/sec). Available since 2.25.",
           "format": "int64",
           "type": "integer"
         },
-        "replicationStandbyRxMsgCount": {
-          "description": "The number of messages received by the Topic Endpoint from the replication active remote Message VPN.",
+        "bindSuccessCount": {
+          "description": "The number of successful consumer requests to bind to the Topic Endpoint.",
           "format": "int64",
           "type": "integer"
         },
-        "respectMsgPriorityEnabled": {
-          "description": "Indicates whether message priorities are respected. When enabled, messages contained in the Topic Endpoint are delivered in priority order, from 9 (highest) to 0 (lowest).",
-          "type": "boolean"
-        },
-        "respectTtlEnabled": {
-          "description": "Indicates whether the time-to-live (TTL) for messages in the Topic Endpoint is respected. When enabled, expired messages are discarded or moved to the DMQ.",
-          "type": "boolean"
-        },
-        "rxByteRate": {
-          "description": "The current message rate received by the Topic Endpoint, in bytes per second (B/sec).",
-          "format": "int32",
-          "type": "integer"
+        "bindTimeForwardingMode": {
+          "description": "The forwarding mode of the Topic Endpoint at bind time. The allowed values and their meaning are:\n\n<pre>\n\"store-and-forward\" - Deliver messages using the guaranteed data path.\n\"cut-through\" - Deliver messages using the direct and guaranteed data paths for lower latency.\n</pre>\n",
+          "type": "string"
         },
-        "rxMsgRate": {
-          "description": "The current message rate received by the Topic Endpoint, in messages per second (msg/sec).",
+        "clientProfileDeniedDiscardedMsgCount": {
+          "description": "The number of guaranteed messages discarded by the Topic Endpoint due to being denied by the Client Profile.",
           "format": "int64",
           "type": "integer"
         },
-        "rxSelector": {
-          "description": "Indicates whether the Topic Endpoint has a selector to filter received messages.",
+        "consumerAckPropagationEnabled": {
+          "description": "Indicates whether the propagation of consumer acknowledgements (ACKs) received on the active replication Message VPN to the standby replication Message VPN is enabled.",
           "type": "boolean"
         },
-        "selector": {
-          "description": "The value of the receive selector for the Topic Endpoint.",
-          "type": "string"
+        "createdByManagement": {
+          "description": "Indicates whether the Topic Endpoint was created by a management API (CLI or SEMP).",
+          "type": "boolean"
         },
-        "selectorExaminedMsgCount": {
-          "description": "The number of guaranteed messages examined by the Topic Endpoint selector.",
-          "format": "int64",
-          "type": "integer"
+        "deadMsgQueue": {
+          "description": "The name of the Dead Message Queue (DMQ) used by the Topic Endpoint.",
+          "type": "string"
         },
-        "selectorMatchedMsgCount": {
-          "description": "The number of guaranteed messages for which the Topic Endpoint selector matched.",
+        "deletedMsgCount": {
+          "description": "The number of guaranteed messages deleted from the Topic Endpoint.",
           "format": "int64",
           "type": "integer"
         },
-        "selectorNotMatchedMsgCount": {
-          "description": "The number of guaranteed messages for which the Topic Endpoint selector did not match.",
-          "format": "int64",
-          "type": "integer"
+        "deliveryCountEnabled": {
+          "description": "Enable or disable the ability for client applications to query the message delivery count of messages received from the Topic Endpoint. This is a controlled availability feature. Please contact support to find out if this feature is supported for your use case. Available since 2.19.",
+          "type": "boolean"
         },
-        "spooledByteCount": {
-          "description": "The amount of guaranteed messages that were spooled in the Topic Endpoint, in bytes (B).",
+        "deliveryDelay": {
+          "description": "The delay, in seconds, to apply to messages arriving on the Topic Endpoint before the messages are eligible for delivery. Available since 2.22.",
           "format": "int64",
           "type": "integer"
         },
-        "spooledMsgCount": {
-          "description": "The number of guaranteed messages that were spooled in the Topic Endpoint.",
+        "destinationGroupErrorDiscardedMsgCount": {
+          "description": "The number of guaranteed messages discarded by the Topic Endpoint due to a destination group error.",
           "format": "int64",
           "type": "integer"
         },
-        "topicEndpointName": {
-          "description": "The name of the Topic Endpoint.",
+        "destinationTopic": {
+          "description": "The destination topic of the Topic Endpoint.",
           "type": "string"
         },
-        "transportRetransmitMsgCount": {
-          "description": "The number of guaranteed messages that were retransmitted by the Topic Endpoint at the transport layer as part of a single delivery attempt. Available since 2.18.",
+        "disabledBindFailureCount": {
+          "description": "The number of Topic Endpoint bind failures due to being disabled.",
           "format": "int64",
           "type": "integer"
         },
-        "txByteRate": {
-          "description": "The current message rate transmitted by the Topic Endpoint, in bytes per second (B/sec).",
+        "disabledDiscardedMsgCount": {
+          "description": "The number of guaranteed messages discarded by the Topic Endpoint due to it being disabled.",
           "format": "int64",
           "type": "integer"
         },
-        "txMsgRate": {
-          "description": "The current message rate transmitted by the Topic Endpoint, in messages per second (msg/sec).",
-          "format": "int64",
-          "type": "integer"
+        "durable": {
+          "description": "Indicates whether the Topic Endpoint is durable and not temporary.",
+          "type": "boolean"
         },
-        "txUnackedMsgCount": {
-          "description": "The number of guaranteed messages in the Topic Endpoint that have been transmitted but not acknowledged by all consumers.",
-          "format": "int64",
-          "type": "integer"
+        "egressEnabled": {
+          "description": "Indicates whether the transmission of messages from the Topic Endpoint is enabled.",
+          "type": "boolean"
         },
-        "virtualRouter": {
-          "description": "The virtual router used by the Topic Endpoint. The allowed values and their meaning are:\n\n<pre>\n\"primary\" - The endpoint belongs to the primary virtual router.\n\"backup\" - The endpoint belongs to the backup virtual router.\n</pre>\n",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "MsgVpnTopicEndpointCollections": {
-      "properties": {
-        "msgs": {
-          "$ref": "#/definitions/MsgVpnTopicEndpointCollectionsMsgs"
+        "eventBindCountThreshold": {
+          "$ref": "#/definitions/EventThreshold"
         },
-        "priorities": {
-          "$ref": "#/definitions/MsgVpnTopicEndpointCollectionsPriorities"
+        "eventRejectLowPriorityMsgLimitThreshold": {
+          "$ref": "#/definitions/EventThreshold"
         },
-        "txFlows": {
-          "$ref": "#/definitions/MsgVpnTopicEndpointCollectionsTxflows"
-        }
-      },
-      "type": "object"
-    },
-    "MsgVpnTopicEndpointCollectionsMsgs": {
-      "properties": {
-        "count": {
-          "description": "The total number of objects in the msgs collection.",
+        "eventSpoolUsageThreshold": {
+          "$ref": "#/definitions/EventThreshold"
+        },
+        "highestAckedMsgId": {
+          "description": "The highest identifier (ID) of guaranteed messages in the Topic Endpoint that were acknowledged.",
           "format": "int64",
           "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "MsgVpnTopicEndpointCollectionsPriorities": {
-      "properties": {
-        "count": {
-          "description": "The total number of objects in the priorities collection.",
+        },
+        "highestMsgId": {
+          "description": "The highest identifier (ID) of guaranteed messages in the Topic Endpoint.",
           "format": "int64",
           "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "MsgVpnTopicEndpointCollectionsTxflows": {
-      "properties": {
-        "count": {
-          "description": "The total number of objects in the txFlows collection.",
+        },
+        "inProgressAckMsgCount": {
+          "description": "The number of acknowledgement messages received by the Topic Endpoint that are in the process of updating and deleting associated guaranteed messages.",
           "format": "int64",
           "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "MsgVpnTopicEndpointLinks": {
-      "properties": {
-        "msgsUri": {
-          "description": "The URI of this Topic Endpoint's collection of Topic Endpoint Message objects.",
-          "type": "string"
-        },
-        "prioritiesUri": {
-          "description": "The URI of this Topic Endpoint's collection of Topic Endpoint Priority objects.",
-          "type": "string"
         },
-        "txFlowsUri": {
-          "description": "The URI of this Topic Endpoint's collection of Topic Endpoint Transmit Flow objects.",
-          "type": "string"
+        "ingressEnabled": {
+          "description": "Indicates whether the reception of messages to the Topic Endpoint is enabled.",
+          "type": "boolean"
         },
-        "uri": {
-          "description": "The URI of this Topic Endpoint object.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "MsgVpnTopicEndpointMsg": {
-      "properties": {
-        "attachmentSize": {
-          "description": "The size of the Message attachment, in bytes (B).",
+        "invalidSelectorBindFailureCount": {
+          "description": "The number of Topic Endpoint bind failures due to an invalid selector.",
           "format": "int64",
           "type": "integer"
         },
-        "contentSize": {
-          "description": "The size of the Message content, in bytes (B).",
-          "format": "int64",
+        "lastReplayCompleteTime": {
+          "description": "The timestamp of the last completed replay for the Topic Endpoint. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
+          "format": "int32",
           "type": "integer"
         },
-        "deliveryEligibleTime": {
-          "description": "The timestamp of when the Message is eligible for delivery. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time). Available since 2.22.",
+        "lastReplayFailureReason": {
+          "description": "The reason for the last replay failure for the Topic Endpoint.",
+          "type": "string"
+        },
+        "lastReplayFailureTime": {
+          "description": "The timestamp of the last replay failure for the Topic Endpoint. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
           "format": "int32",
           "type": "integer"
         },
-        "dmqEligible": {
-          "description": "Indicates whether the Message is eligible for the Dead Message Queue (DMQ).",
-          "type": "boolean"
+        "lastReplayStartTime": {
+          "description": "The timestamp of the last replay started for the Topic Endpoint. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
+          "format": "int32",
+          "type": "integer"
         },
-        "expiryTime": {
-          "description": "The timestamp of when the Message expires. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
+        "lastReplayedMsgTxTime": {
+          "description": "The timestamp of the last replayed message transmitted by the Topic Endpoint. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
           "format": "int32",
           "type": "integer"
         },
-        "msgId": {
-          "description": "The identifier (ID) of the Message.",
+        "lastSelectorExaminedMsgId": {
+          "description": "The identifier (ID) of the last message examined by the Topic Endpoint selector.",
           "format": "int64",
           "type": "integer"
         },
-        "msgVpnName": {
-          "description": "The name of the Message VPN.",
+        "lastSpooledMsgId": {
+          "description": "The identifier (ID) of the last guaranteed message spooled in the Topic Endpoint.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "lowPriorityMsgCongestionDiscardedMsgCount": {
+          "description": "The number of guaranteed messages discarded by the Topic Endpoint due to low priority message congestion control.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "lowPriorityMsgCongestionState": {
+          "description": "The state of the low priority message congestion in the Topic Endpoint. The allowed values and their meaning are:\n\n<pre>\n\"disabled\" - Messages are not being checked for priority.\n\"not-congested\" - Low priority messages are being stored and delivered.\n\"congested\" - Low priority messages are being discarded.\n</pre>\n",
           "type": "string"
         },
-        "priority": {
-          "description": "The priority level of the Message, from 9 (highest) to 0 (lowest).",
-          "format": "int32",
+        "lowestAckedMsgId": {
+          "description": "The lowest identifier (ID) of guaranteed messages in the Topic Endpoint that were acknowledged.",
+          "format": "int64",
           "type": "integer"
         },
-        "publisherId": {
-          "description": "The identifier (ID) of the Message publisher.",
+        "lowestMsgId": {
+          "description": "The lowest identifier (ID) of guaranteed messages in the Topic Endpoint.",
           "format": "int64",
           "type": "integer"
         },
-        "redeliveryCount": {
-          "description": "The number of times the Message has been redelivered.",
-          "format": "int32",
+        "maxBindCount": {
+          "description": "The maximum number of consumer flows that can bind to the Topic Endpoint.",
+          "format": "int64",
           "type": "integer"
         },
-        "replicatedMateMsgId": {
-          "description": "The Message identifier (ID) on the replication mate. Applicable only to replicated messages.",
+        "maxBindCountExceededBindFailureCount": {
+          "description": "The number of Topic Endpoint bind failures due to the maximum bind count being exceeded.",
           "format": "int64",
           "type": "integer"
         },
-        "replicationGroupMsgId": {
-          "description": "An ID that uniquely identifies this Message within this replication group. Available since 2.21.",
-          "type": "string"
+        "maxDeliveredUnackedMsgsPerFlow": {
+          "description": "The maximum number of messages delivered but not acknowledged per flow for the Topic Endpoint.",
+          "format": "int64",
+          "type": "integer"
         },
-        "replicationState": {
-          "description": "The replication state of the Message. The allowed values and their meaning are:\n\n<pre>\n\"replicated\" - The Message is replicated to the remote Message VPN.\n\"not-replicated\" - The Message is not being replicated to the remote Message VPN.\n\"pending-replication\" - The Message is queued for replication to the remote Message VPN.\n</pre>\n",
-          "type": "string"
+        "maxEffectiveBindCount": {
+          "description": "The effective maximum number of consumer flows that can bind to the Topic Endpoint.",
+          "format": "int32",
+          "type": "integer"
         },
-        "spooledTime": {
-          "description": "The timestamp of when the Message was spooled in the Topic Endpoint. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
+        "maxMsgSize": {
+          "description": "The maximum message size allowed in the Topic Endpoint, in bytes (B).",
           "format": "int32",
           "type": "integer"
         },
-        "topicEndpointName": {
-          "description": "The name of the Topic Endpoint.",
-          "type": "string"
+        "maxMsgSizeExceededDiscardedMsgCount": {
+          "description": "The number of guaranteed messages discarded by the Topic Endpoint due to the maximum message size being exceeded.",
+          "format": "int64",
+          "type": "integer"
         },
-        "undelivered": {
-          "description": "Indicates whether delivery of the Message has never been attempted.",
-          "type": "boolean"
-        }
-      },
-      "type": "object"
-    },
-    "MsgVpnTopicEndpointMsgCollections": {
-      "properties": {},
-      "type": "object"
-    },
-    "MsgVpnTopicEndpointMsgLinks": {
-      "properties": {
-        "uri": {
-          "description": "The URI of this Topic Endpoint Message object.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "MsgVpnTopicEndpointMsgResponse": {
-      "properties": {
-        "collections": {
-          "$ref": "#/definitions/MsgVpnTopicEndpointMsgCollections"
+        "maxMsgSpoolUsageExceededDiscardedMsgCount": {
+          "description": "The number of guaranteed messages discarded by the Topic Endpoint due to the maximum message spool usage being exceeded.",
+          "format": "int64",
+          "type": "integer"
         },
-        "data": {
-          "$ref": "#/definitions/MsgVpnTopicEndpointMsg"
+        "maxRedeliveryCount": {
+          "description": "The maximum number of times the Topic Endpoint will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever.",
+          "format": "int64",
+          "type": "integer"
         },
-        "links": {
-          "$ref": "#/definitions/MsgVpnTopicEndpointMsgLinks"
+        "maxRedeliveryExceededDiscardedMsgCount": {
+          "description": "The number of guaranteed messages discarded by the Topic Endpoint due to the maximum redelivery attempts being exceeded.",
+          "format": "int64",
+          "type": "integer"
         },
-        "meta": {
-          "$ref": "#/definitions/SempMeta"
-        }
-      },
-      "required": [
-        "meta"
-      ],
-      "type": "object"
-    },
-    "MsgVpnTopicEndpointMsgsResponse": {
-      "properties": {
-        "collections": {
-          "items": {
-            "$ref": "#/definitions/MsgVpnTopicEndpointMsgCollections"
-          },
-          "type": "array"
+        "maxRedeliveryExceededToDmqFailedMsgCount": {
+          "description": "The number of guaranteed messages discarded by the Topic Endpoint due to the maximum redelivery attempts being exceeded and failing to move to the Dead Message Queue (DMQ).",
+          "format": "int64",
+          "type": "integer"
         },
-        "data": {
-          "items": {
-            "$ref": "#/definitions/MsgVpnTopicEndpointMsg"
-          },
-          "type": "array"
+        "maxRedeliveryExceededToDmqMsgCount": {
+          "description": "The number of guaranteed messages moved to the Dead Message Queue (DMQ) by the Topic Endpoint due to the maximum redelivery attempts being exceeded.",
+          "format": "int64",
+          "type": "integer"
         },
-        "links": {
-          "items": {
-            "$ref": "#/definitions/MsgVpnTopicEndpointMsgLinks"
-          },
-          "type": "array"
+        "maxSpoolUsage": {
+          "description": "The maximum message spool usage allowed by the Topic Endpoint, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking.",
+          "format": "int64",
+          "type": "integer"
         },
-        "meta": {
-          "$ref": "#/definitions/SempMeta"
-        }
-      },
-      "required": [
-        "meta"
-      ],
-      "type": "object"
-    },
-    "MsgVpnTopicEndpointPrioritiesResponse": {
-      "properties": {
-        "collections": {
-          "items": {
-            "$ref": "#/definitions/MsgVpnTopicEndpointPriorityCollections"
-          },
-          "type": "array"
-        },
-        "data": {
-          "items": {
-            "$ref": "#/definitions/MsgVpnTopicEndpointPriority"
-          },
-          "type": "array"
-        },
-        "links": {
-          "items": {
-            "$ref": "#/definitions/MsgVpnTopicEndpointPriorityLinks"
-          },
-          "type": "array"
-        },
-        "meta": {
-          "$ref": "#/definitions/SempMeta"
-        }
-      },
-      "required": [
-        "meta"
-      ],
-      "type": "object"
-    },
-    "MsgVpnTopicEndpointPriority": {
-      "properties": {
-        "msgVpnName": {
-          "description": "The name of the Message VPN.",
-          "type": "string"
-        },
-        "priority": {
-          "description": "The level of the Priority, from 9 (highest) to 0 (lowest).",
+        "maxTtl": {
+          "description": "The maximum time in seconds a message can stay in the Topic Endpoint when `respectTtlEnabled` is `\"true\"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `maxTtl` configured for the Topic Endpoint, is exceeded. A value of 0 disables expiry.",
           "format": "int64",
           "type": "integer"
         },
-        "spooledByteCount": {
-          "description": "The amount of guaranteed messages at this Priority spooled by the Topic Endpoint, in bytes (B).",
+        "maxTtlExceededDiscardedMsgCount": {
+          "description": "The number of guaranteed messages discarded by the Topic Endpoint due to the maximum time-to-live (TTL) in hops being exceeded. The TTL hop count is incremented when the message crosses a bridge.",
           "format": "int64",
           "type": "integer"
         },
-        "spooledMsgCount": {
-          "description": "The number of guaranteed messages at this Priority spooled by the Topic Endpoint.",
+        "maxTtlExpiredDiscardedMsgCount": {
+          "description": "The number of guaranteed messages discarded by the Topic Endpoint due to the maximum time-to-live (TTL) timestamp expiring.",
           "format": "int64",
           "type": "integer"
         },
-        "topicEndpointName": {
-          "description": "The name of the Topic Endpoint.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "MsgVpnTopicEndpointPriorityCollections": {
-      "properties": {},
-      "type": "object"
-    },
-    "MsgVpnTopicEndpointPriorityLinks": {
-      "properties": {
-        "uri": {
-          "description": "The URI of this Topic Endpoint Priority object.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "MsgVpnTopicEndpointPriorityResponse": {
-      "properties": {
-        "collections": {
-          "$ref": "#/definitions/MsgVpnTopicEndpointPriorityCollections"
-        },
-        "data": {
-          "$ref": "#/definitions/MsgVpnTopicEndpointPriority"
-        },
-        "links": {
-          "$ref": "#/definitions/MsgVpnTopicEndpointPriorityLinks"
-        },
-        "meta": {
-          "$ref": "#/definitions/SempMeta"
-        }
-      },
-      "required": [
-        "meta"
-      ],
-      "type": "object"
-    },
-    "MsgVpnTopicEndpointResponse": {
-      "properties": {
-        "collections": {
-          "$ref": "#/definitions/MsgVpnTopicEndpointCollections"
-        },
-        "data": {
-          "$ref": "#/definitions/MsgVpnTopicEndpoint"
-        },
-        "links": {
-          "$ref": "#/definitions/MsgVpnTopicEndpointLinks"
-        },
-        "meta": {
-          "$ref": "#/definitions/SempMeta"
-        }
-      },
-      "required": [
-        "meta"
-      ],
-      "type": "object"
-    },
-    "MsgVpnTopicEndpointTemplate": {
-      "properties": {
-        "accessType": {
-          "description": "The access type for delivering messages to consumer flows. The allowed values and their meaning are:\n\n<pre>\n\"exclusive\" - Exclusive delivery of messages to the first bound consumer flow.\n\"non-exclusive\" - Non-exclusive delivery of messages to all bound consumer flows in a round-robin fashion.\n</pre>\n",
-          "enum": [
-            "exclusive",
-            "non-exclusive"
-          ],
-          "type": "string"
-        },
-        "consumerAckPropagationEnabled": {
-          "description": "Indicates whether the propagation of consumer acknowledgements (ACKs) received on the active replication Message VPN to the standby replication Message VPN is enabled.",
-          "type": "boolean"
-        },
-        "deadMsgQueue": {
-          "description": "The name of the Dead Message Queue (DMQ).",
-          "type": "string"
-        },
-        "deliveryDelay": {
-          "description": "The delay, in seconds, to apply to messages arriving on the Topic Endpoint before the messages are eligible for delivery. Available since 2.22.",
+        "maxTtlExpiredToDmqFailedMsgCount": {
+          "description": "The number of guaranteed messages discarded by the Topic Endpoint due to the maximum time-to-live (TTL) timestamp expiring and failing to move to the Dead Message Queue (DMQ).",
           "format": "int64",
           "type": "integer"
         },
-        "eventBindCountThreshold": {
-          "$ref": "#/definitions/EventThreshold"
-        },
-        "eventMsgSpoolUsageThreshold": {
-          "$ref": "#/definitions/EventThreshold"
-        },
-        "eventRejectLowPriorityMsgLimitThreshold": {
-          "$ref": "#/definitions/EventThreshold"
-        },
-        "maxBindCount": {
-          "description": "The maximum number of consumer flows that can bind.",
+        "maxTtlExpiredToDmqMsgCount": {
+          "description": "The number of guaranteed messages moved to the Dead Message Queue (DMQ) by the Topic Endpoint due to the maximum time-to-live (TTL) timestamp expiring.",
           "format": "int64",
           "type": "integer"
         },
-        "maxDeliveredUnackedMsgsPerFlow": {
-          "description": "The maximum number of messages delivered but not acknowledged per flow.",
+        "msgSpoolPeakUsage": {
+          "description": "The message spool peak usage by the Topic Endpoint, in bytes (B).",
           "format": "int64",
           "type": "integer"
         },
-        "maxMsgSize": {
-          "description": "The maximum message size allowed, in bytes (B).",
-          "format": "int32",
-          "type": "integer"
-        },
-        "maxMsgSpoolUsage": {
-          "description": "The maximum message spool usage allowed, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking.",
+        "msgSpoolUsage": {
+          "description": "The message spool usage by the Topic Endpoint, in bytes (B).",
           "format": "int64",
           "type": "integer"
         },
-        "maxRedeliveryCount": {
-          "description": "The maximum number of message redelivery attempts that will occur prior to the message being discarded or moved to the DMQ. A value of 0 means to retry forever.",
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "type": "string"
+        },
+        "networkTopic": {
+          "description": "The name of the network topic for the Topic Endpoint.",
+          "type": "string"
+        },
+        "noLocalDeliveryDiscardedMsgCount": {
+          "description": "The number of guaranteed messages discarded by the Topic Endpoint due to no local delivery being requested.",
           "format": "int64",
           "type": "integer"
         },
-        "maxTtl": {
-          "description": "The maximum time in seconds a message can stay in the Topic Endpoint when `respectTtlEnabled` is `\"true\"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `maxTtl` configured for the Topic Endpoint, is exceeded. A value of 0 disables expiry.",
+        "otherBindFailureCount": {
+          "description": "The number of Topic Endpoint bind failures due to other reasons.",
           "format": "int64",
           "type": "integer"
         },
-        "msgVpnName": {
-          "description": "The name of the Message VPN.",
+        "owner": {
+          "description": "The Client Username that owns the Topic Endpoint and has permission equivalent to `\"delete\"`.",
           "type": "string"
         },
         "permission": {
-          "description": "The permission level for all consumers, excluding the owner. The allowed values and their meaning are:\n\n<pre>\n\"no-access\" - Disallows all access.\n\"read-only\" - Read-only access to the messages.\n\"consume\" - Consume (read and remove) messages.\n\"modify-topic\" - Consume messages or modify the topic/selector.\n\"delete\" - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.\n</pre>\n",
+          "description": "The permission level for all consumers of the Topic Endpoint, excluding the owner. The allowed values and their meaning are:\n\n<pre>\n\"no-access\" - Disallows all access.\n\"read-only\" - Read-only access to the messages.\n\"consume\" - Consume (read and remove) messages.\n\"modify-topic\" - Consume messages or modify the topic/selector.\n\"delete\" - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.\n</pre>\n",
           "enum": [
             "no-access",
             "read-only",
@@ -14886,6 +15996,30 @@
           ],
           "type": "string"
         },
+        "redeliveredMsgCount": {
+          "description": "The number of guaranteed messages transmitted by the Topic Endpoint for redelivery.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "redeliveryDelayEnabled": {
+          "description": "Enable or disable a message redelivery delay. When false, messages are redelivered as-soon-as-possible.  When true, messages are redelivered according to the initial, max and multiplier.  This should only be enabled when redelivery is enabled. Available since 2.33.",
+          "type": "boolean"
+        },
+        "redeliveryDelayInitialInterval": {
+          "description": "The delay to be used between the first 2 redelivery attempts.  This value is in milliseconds. Available since 2.33.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "redeliveryDelayMaxInterval": {
+          "description": "The maximum delay to be used between any 2 redelivery attempts.  This value is in milliseconds.  Due to technical limitations, some redelivery attempt delays may slightly exceed this value. Available since 2.33.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "redeliveryDelayMultiplier": {
+          "description": "The amount each delay interval is multiplied by after each failed delivery attempt.  This number is in a fixed-point decimal format in which you must divide by 100 to get the floating point value. For example, a value of 125 would cause the delay to be multiplied by 1.25. Available since 2.33.",
+          "format": "int32",
+          "type": "integer"
+        },
         "redeliveryEnabled": {
           "description": "Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by maxRedeliveryCount. When disabled, the message will never be delivered from the topic-endpoint more than once. Available since 2.18.",
           "type": "boolean"
@@ -14895,7 +16029,7 @@
           "type": "boolean"
         },
         "rejectLowPriorityMsgLimit": {
-          "description": "The number of messages that are permitted before low priority messages are rejected.",
+          "description": "The number of messages of any priority in the Topic Endpoint above which low priority messages are not admitted but higher priority messages are allowed.",
           "format": "int64",
           "type": "integer"
         },
@@ -14908,169 +16042,103 @@
           ],
           "type": "string"
         },
-        "respectMsgPriorityEnabled": {
-          "description": "Indicates whether message priorities are respected. When enabled, messages are delivered in priority order, from 9 (highest) to 0 (lowest).",
-          "type": "boolean"
+        "replayFailureCount": {
+          "description": "The number of replays that failed for the Topic Endpoint.",
+          "format": "int64",
+          "type": "integer"
         },
-        "respectTtlEnabled": {
-          "description": "Indicates whether the time-to-live (TTL) for messages is respected. When enabled, expired messages are discarded or moved to the DMQ.",
-          "type": "boolean"
+        "replayStartCount": {
+          "description": "The number of replays started for the Topic Endpoint.",
+          "format": "int64",
+          "type": "integer"
         },
-        "topicEndpointNameFilter": {
-          "description": "A wildcardable pattern used to determine which Topic Endpoints use settings from this Template. Two different wildcards are supported: * and >. Similar to topic filters or subscription patterns, a > matches anything (but only when used at the end), and a * matches zero or more characters but never a slash (/). A > is only a wildcard when used at the end, after a /. A * is only allowed at the end, after a slash (/).",
+        "replayState": {
+          "description": "The state of replay for the Topic Endpoint. The allowed values and their meaning are:\n\n<pre>\n\"initializing\" - All messages are being deleted from the endpoint before replay starts.\n\"active\" - Subscription matching logged messages are being replayed to the endpoint.\n\"pending-complete\" - Replay is complete, but final accounting is in progress.\n\"complete\" - Replay and all related activities are complete.\n\"failed\" - Replay has failed and is waiting for an unbind response.\n</pre>\n",
           "type": "string"
         },
-        "topicEndpointTemplateName": {
-          "description": "The name of the Topic Endpoint Template.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "MsgVpnTopicEndpointTemplateCollections": {
-      "properties": {},
-      "type": "object"
-    },
-    "MsgVpnTopicEndpointTemplateLinks": {
-      "properties": {
-        "uri": {
-          "description": "The URI of this Topic Endpoint Template object.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "MsgVpnTopicEndpointTemplateResponse": {
-      "properties": {
-        "collections": {
-          "$ref": "#/definitions/MsgVpnTopicEndpointTemplateCollections"
+        "replaySuccessCount": {
+          "description": "The number of replays that succeeded for the Topic Endpoint.",
+          "format": "int64",
+          "type": "integer"
         },
-        "data": {
-          "$ref": "#/definitions/MsgVpnTopicEndpointTemplate"
+        "replayedAckedMsgCount": {
+          "description": "The number of replayed messages transmitted by the Topic Endpoint and acked by all consumers.",
+          "format": "int64",
+          "type": "integer"
         },
-        "links": {
-          "$ref": "#/definitions/MsgVpnTopicEndpointTemplateLinks"
-        },
-        "meta": {
-          "$ref": "#/definitions/SempMeta"
-        }
-      },
-      "required": [
-        "meta"
-      ],
-      "type": "object"
-    },
-    "MsgVpnTopicEndpointTemplatesResponse": {
-      "properties": {
-        "collections": {
-          "items": {
-            "$ref": "#/definitions/MsgVpnTopicEndpointTemplateCollections"
-          },
-          "type": "array"
-        },
-        "data": {
-          "items": {
-            "$ref": "#/definitions/MsgVpnTopicEndpointTemplate"
-          },
-          "type": "array"
-        },
-        "links": {
-          "items": {
-            "$ref": "#/definitions/MsgVpnTopicEndpointTemplateLinks"
-          },
-          "type": "array"
-        },
-        "meta": {
-          "$ref": "#/definitions/SempMeta"
-        }
-      },
-      "required": [
-        "meta"
-      ],
-      "type": "object"
-    },
-    "MsgVpnTopicEndpointTxFlow": {
-      "properties": {
-        "ackedMsgCount": {
-          "description": "The number of guaranteed messages delivered and acknowledged by the consumer.",
+        "replayedTxMsgCount": {
+          "description": "The number of replayed messages transmitted by the Topic Endpoint.",
           "format": "int64",
           "type": "integer"
         },
-        "activityState": {
-          "description": "The activity state of the Flow. The allowed values and their meaning are:\n\n<pre>\n\"active-browser\" - The Flow is active as a browser.\n\"active-consumer\" - The Flow is active as a consumer.\n\"inactive\" - The Flow is inactive.\n</pre>\n",
-          "type": "string"
-        },
-        "bindTime": {
-          "description": "The timestamp of when the Flow bound to the Topic Endpoint. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
-          "format": "int32",
-          "type": "integer"
-        },
-        "clientName": {
-          "description": "The name of the Client.",
-          "type": "string"
-        },
-        "consumerRedeliveryRequestAllowed": {
-          "description": "Indicates whether redelivery requests can be received as negative acknowledgements (NACKs) from the consumer. Applicable only to REST consumers.",
-          "type": "boolean"
-        },
-        "cutThroughAckedMsgCount": {
-          "description": "The number of guaranteed messages that used cut-through delivery and are acknowledged by the consumer.",
+        "replicationActiveAckPropTxMsgCount": {
+          "description": "The number of acknowledgement messages propagated by the Topic Endpoint to the replication standby remote Message VPN.",
           "format": "int64",
           "type": "integer"
         },
-        "deliveryState": {
-          "description": "The delivery state of the Flow. The allowed values and their meaning are:\n\n<pre>\n\"closed\" - The Flow is unbound.\n\"opened\" - The Flow is bound but inactive.\n\"unbinding\" - The Flow received an unbind request.\n\"handshaking\" - The Flow is handshaking to become active.\n\"deliver-cut-through\" - The Flow is streaming messages using direct+guaranteed delivery.\n\"deliver-from-input-stream\" - The Flow is streaming messages using guaranteed delivery.\n\"deliver-from-memory\" - The Flow throttled causing message delivery from memory (RAM).\n\"deliver-from-spool\" - The Flow stalled causing message delivery from spool (ADB or disk).\n</pre>\n",
-          "type": "string"
-        },
-        "flowId": {
-          "description": "The identifier (ID) of the Flow.",
+        "replicationStandbyAckPropRxMsgCount": {
+          "description": "The number of propagated acknowledgement messages received by the Topic Endpoint from the replication active remote Message VPN.",
           "format": "int64",
           "type": "integer"
         },
-        "highestAckPendingMsgId": {
-          "description": "The highest identifier (ID) of message transmitted and waiting for acknowledgement.",
+        "replicationStandbyAckedByAckPropMsgCount": {
+          "description": "The number of messages acknowledged in the Topic Endpoint by acknowledgement propagation from the replication active remote Message VPN.",
           "format": "int64",
           "type": "integer"
         },
-        "lastAckedMsgId": {
-          "description": "The identifier (ID) of the last message transmitted and acknowledged by the consumer.",
+        "replicationStandbyRxMsgCount": {
+          "description": "The number of messages received by the Topic Endpoint from the replication active remote Message VPN.",
           "format": "int64",
           "type": "integer"
         },
-        "lowestAckPendingMsgId": {
-          "description": "The lowest identifier (ID) of message transmitted and waiting for acknowledgement.",
-          "format": "int64",
+        "respectMsgPriorityEnabled": {
+          "description": "Indicates whether message priorities are respected. When enabled, messages contained in the Topic Endpoint are delivered in priority order, from 9 (highest) to 0 (lowest).",
+          "type": "boolean"
+        },
+        "respectTtlEnabled": {
+          "description": "Indicates whether the time-to-live (TTL) for messages in the Topic Endpoint is respected. When enabled, expired messages are discarded or moved to the DMQ.",
+          "type": "boolean"
+        },
+        "rxByteRate": {
+          "description": "The current message rate received by the Topic Endpoint, in bytes per second (B/sec).",
+          "format": "int32",
           "type": "integer"
         },
-        "maxUnackedMsgsExceededMsgCount": {
-          "description": "The number of guaranteed messages that exceeded the maximum number of delivered unacknowledged messages.",
+        "rxMsgRate": {
+          "description": "The current message rate received by the Topic Endpoint, in messages per second (msg/sec).",
           "format": "int64",
           "type": "integer"
         },
-        "msgVpnName": {
-          "description": "The name of the Message VPN.",
+        "rxSelector": {
+          "description": "Indicates whether the Topic Endpoint has a selector to filter received messages.",
+          "type": "boolean"
+        },
+        "selector": {
+          "description": "The value of the receive selector for the Topic Endpoint.",
           "type": "string"
         },
-        "noLocalDelivery": {
-          "description": "Indicates whether not to deliver messages to a consumer that published them.",
-          "type": "boolean"
+        "selectorExaminedMsgCount": {
+          "description": "The number of guaranteed messages examined by the Topic Endpoint selector.",
+          "format": "int64",
+          "type": "integer"
         },
-        "redeliveredMsgCount": {
-          "description": "The number of guaranteed messages that were redelivered.",
+        "selectorMatchedMsgCount": {
+          "description": "The number of guaranteed messages for which the Topic Endpoint selector matched.",
           "format": "int64",
           "type": "integer"
         },
-        "redeliveryRequestCount": {
-          "description": "The number of consumer requests via negative acknowledgements (NACKs) to redeliver guaranteed messages.",
+        "selectorNotMatchedMsgCount": {
+          "description": "The number of guaranteed messages for which the Topic Endpoint selector did not match.",
           "format": "int64",
           "type": "integer"
         },
-        "sessionName": {
-          "description": "The name of the Transacted Session for the Flow.",
-          "type": "string"
+        "spooledByteCount": {
+          "description": "The amount of guaranteed messages that were spooled in the Topic Endpoint, in bytes (B).",
+          "format": "int64",
+          "type": "integer"
         },
-        "storeAndForwardAckedMsgCount": {
-          "description": "The number of guaranteed messages that used store and forward delivery and are acknowledged by the consumer.",
+        "spooledMsgCount": {
+          "description": "The number of guaranteed messages that were spooled in the Topic Endpoint.",
           "format": "int64",
           "type": "integer"
         },
@@ -15079,260 +16147,199 @@
           "type": "string"
         },
         "transportRetransmitMsgCount": {
-          "description": "The number of guaranteed messages that were retransmitted at the transport layer as part of a single delivery attempt. Available since 2.18.",
+          "description": "The number of guaranteed messages that were retransmitted by the Topic Endpoint at the transport layer as part of a single delivery attempt. Available since 2.18.",
           "format": "int64",
           "type": "integer"
         },
-        "unackedMsgCount": {
-          "description": "The number of guaranteed messages delivered but not yet acknowledged by the consumer.",
+        "txByteRate": {
+          "description": "The current message rate transmitted by the Topic Endpoint, in bytes per second (B/sec).",
           "format": "int64",
           "type": "integer"
         },
-        "usedWindowSize": {
-          "description": "The number of guaranteed messages using the available window size.",
+        "txMsgRate": {
+          "description": "The current message rate transmitted by the Topic Endpoint, in messages per second (msg/sec).",
           "format": "int64",
           "type": "integer"
         },
-        "windowClosedCount": {
-          "description": "The number of times the window for guaranteed messages was filled and closed before an acknowledgement was received.",
+        "txUnackedMsgCount": {
+          "description": "The number of guaranteed messages in the Topic Endpoint that have been transmitted but not acknowledged by all consumers.",
           "format": "int64",
           "type": "integer"
         },
-        "windowSize": {
-          "description": "The number of outstanding guaranteed messages that can be transmitted over the Flow before an acknowledgement is received.",
-          "format": "int64",
-          "type": "integer"
+        "virtualRouter": {
+          "description": "The virtual router used by the Topic Endpoint. The allowed values and their meaning are:\n\n<pre>\n\"primary\" - The endpoint belongs to the primary virtual router.\n\"backup\" - The endpoint belongs to the backup virtual router.\n</pre>\n Deprecated since 2.31. This attribute has been deprecated. When Guaranteed Messaging is active, this value is always the virtual router for which Guaranteed Messaging is enabled. Otherwise, this value should be ignored.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "MsgVpnTopicEndpointTxFlowCollections": {
-      "properties": {},
+    "MsgVpnTopicEndpointCollections": {
+      "properties": {
+        "msgs": {
+          "$ref": "#/definitions/MsgVpnTopicEndpointCollectionsMsgs"
+        },
+        "priorities": {
+          "$ref": "#/definitions/MsgVpnTopicEndpointCollectionsPriorities"
+        },
+        "txFlows": {
+          "$ref": "#/definitions/MsgVpnTopicEndpointCollectionsTxFlows"
+        }
+      },
       "type": "object"
     },
-    "MsgVpnTopicEndpointTxFlowLinks": {
+    "MsgVpnTopicEndpointCollectionsMsgs": {
       "properties": {
-        "uri": {
-          "description": "The URI of this Topic Endpoint Transmit Flow object.",
-          "type": "string"
+        "count": {
+          "description": "The total number of objects in the msgs collection.",
+          "format": "int64",
+          "type": "integer"
         }
       },
       "type": "object"
     },
-    "MsgVpnTopicEndpointTxFlowResponse": {
+    "MsgVpnTopicEndpointCollectionsPriorities": {
       "properties": {
-        "collections": {
-          "$ref": "#/definitions/MsgVpnTopicEndpointTxFlowCollections"
-        },
-        "data": {
-          "$ref": "#/definitions/MsgVpnTopicEndpointTxFlow"
-        },
-        "links": {
-          "$ref": "#/definitions/MsgVpnTopicEndpointTxFlowLinks"
-        },
-        "meta": {
-          "$ref": "#/definitions/SempMeta"
+        "count": {
+          "description": "The total number of objects in the priorities collection.",
+          "format": "int64",
+          "type": "integer"
         }
       },
-      "required": [
-        "meta"
-      ],
       "type": "object"
     },
-    "MsgVpnTopicEndpointTxFlowsResponse": {
+    "MsgVpnTopicEndpointCollectionsTxFlows": {
       "properties": {
-        "collections": {
-          "items": {
-            "$ref": "#/definitions/MsgVpnTopicEndpointTxFlowCollections"
-          },
-          "type": "array"
-        },
-        "data": {
-          "items": {
-            "$ref": "#/definitions/MsgVpnTopicEndpointTxFlow"
-          },
-          "type": "array"
-        },
-        "links": {
-          "items": {
-            "$ref": "#/definitions/MsgVpnTopicEndpointTxFlowLinks"
-          },
-          "type": "array"
-        },
-        "meta": {
-          "$ref": "#/definitions/SempMeta"
+        "count": {
+          "description": "The total number of objects in the txFlows collection.",
+          "format": "int64",
+          "type": "integer"
         }
       },
-      "required": [
-        "meta"
-      ],
       "type": "object"
     },
-    "MsgVpnTopicEndpointsResponse": {
+    "MsgVpnTopicEndpointLinks": {
       "properties": {
-        "collections": {
-          "items": {
-            "$ref": "#/definitions/MsgVpnTopicEndpointCollections"
-          },
-          "type": "array"
+        "msgsUri": {
+          "description": "The URI of this Topic Endpoint's collection of Topic Endpoint Message objects.",
+          "type": "string"
         },
-        "data": {
-          "items": {
-            "$ref": "#/definitions/MsgVpnTopicEndpoint"
-          },
-          "type": "array"
+        "prioritiesUri": {
+          "description": "The URI of this Topic Endpoint's collection of Topic Endpoint Priority objects.",
+          "type": "string"
         },
-        "links": {
-          "items": {
-            "$ref": "#/definitions/MsgVpnTopicEndpointLinks"
-          },
-          "type": "array"
+        "txFlowsUri": {
+          "description": "The URI of this Topic Endpoint's collection of Topic Endpoint Transmit Flow objects.",
+          "type": "string"
         },
-        "meta": {
-          "$ref": "#/definitions/SempMeta"
+        "uri": {
+          "description": "The URI of this Topic Endpoint object.",
+          "type": "string"
         }
       },
-      "required": [
-        "meta"
-      ],
       "type": "object"
     },
-    "MsgVpnTransaction": {
+    "MsgVpnTopicEndpointMsg": {
       "properties": {
-        "clientId": {
-          "description": "The identifier (ID) of the Client.",
-          "format": "int32",
+        "attachmentSize": {
+          "description": "The size of the Message attachment, in bytes (B).",
+          "format": "int64",
           "type": "integer"
         },
-        "clientName": {
-          "description": "The name of the Client.",
-          "type": "string"
-        },
-        "clientUsername": {
-          "description": "The username of the Client.",
-          "type": "string"
+        "contentSize": {
+          "description": "The size of the Message content, in bytes (B).",
+          "format": "int64",
+          "type": "integer"
         },
-        "idleTimeout": {
-          "description": "The number of seconds before an idle Transaction may be automatically rolled back and freed.",
+        "deliveryEligibleTime": {
+          "description": "The timestamp of when the Message is eligible for delivery. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time). Available since 2.22.",
           "format": "int32",
           "type": "integer"
         },
-        "msgVpnName": {
-          "description": "The name of the Message VPN.",
-          "type": "string"
-        },
-        "replicated": {
-          "description": "Indicates whether the Transaction is replicated.",
+        "dmqEligible": {
+          "description": "Indicates whether the Message is eligible for the Dead Message Queue (DMQ).",
           "type": "boolean"
         },
-        "sessionName": {
-          "description": "The name of the Transacted Session for the Transaction.",
-          "type": "string"
-        },
-        "state": {
-          "description": "The state of the Transaction. The allowed values and their meaning are:\n\n<pre>\n\"active\" - The Transaction was started.\n\"suspended\" - The Transaction was suspended.\n\"idle\" - The Transaction was ended.\n\"prepared\" - The Transaction was prepared.\n\"complete\" - The Transaction was committed or rolled back.\n</pre>\n",
-          "type": "string"
-        },
-        "timeInState": {
-          "description": "The number of seconds the Transaction has remained in the current state.",
+        "expiryTime": {
+          "description": "The timestamp of when the Message expires. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
           "format": "int32",
           "type": "integer"
         },
-        "type": {
-          "description": "The type of Transaction. The allowed values and their meaning are:\n\n<pre>\n\"xa\" - The Transaction is an XA Transaction.\n\"local\" - The Transaction is a local Transaction.\n</pre>\n",
-          "type": "string"
+        "msgId": {
+          "description": "The identifier (ID) of the Message.",
+          "format": "int64",
+          "type": "integer"
         },
-        "xid": {
-          "description": "The identifier (ID) of the Transaction.",
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "MsgVpnTransactionCollections": {
-      "properties": {
-        "consumerMsgs": {
-          "$ref": "#/definitions/MsgVpnTransactionCollectionsConsumermsgs"
         },
-        "publisherMsgs": {
-          "$ref": "#/definitions/MsgVpnTransactionCollectionsPublishermsgs"
-        }
-      },
-      "type": "object"
-    },
-    "MsgVpnTransactionCollectionsConsumermsgs": {
-      "properties": {
-        "count": {
-          "description": "The total number of objects in the consumerMsgs collection.",
-          "format": "int64",
+        "priority": {
+          "description": "The priority level of the Message, from 9 (highest) to 0 (lowest).",
+          "format": "int32",
           "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "MsgVpnTransactionCollectionsPublishermsgs": {
-      "properties": {
-        "count": {
-          "description": "The total number of objects in the publisherMsgs collection.",
+        },
+        "publisherId": {
+          "description": "The identifier (ID) of the Message publisher.",
           "format": "int64",
           "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "MsgVpnTransactionConsumerMsg": {
-      "properties": {
-        "endpointName": {
-          "description": "The name of the Queue or Topic Endpoint source.",
-          "type": "string"
         },
-        "endpointType": {
-          "description": "The type of endpoint source. The allowed values and their meaning are:\n\n<pre>\n\"queue\" - The Message is from a Queue.\n\"topic-endpoint\" - The Message is from a Topic Endpoint.\n</pre>\n",
-          "type": "string"
+        "redeliveryCount": {
+          "description": "The number of times the Message has been redelivered.",
+          "format": "int32",
+          "type": "integer"
         },
-        "msgId": {
-          "description": "The identifier (ID) of the Message.",
+        "replicatedMateMsgId": {
+          "description": "The Message identifier (ID) on the replication mate. Applicable only to replicated messages.",
           "format": "int64",
           "type": "integer"
         },
-        "msgVpnName": {
-          "description": "The name of the Message VPN.",
+        "replicationGroupMsgId": {
+          "description": "An ID that uniquely identifies this Message within this replication group. Available since 2.21.",
           "type": "string"
         },
-        "replicationGroupMsgId": {
-          "description": "An ID that uniquely identifies this message within this replication group. Available since 2.21.",
+        "replicationState": {
+          "description": "The replication state of the Message. The allowed values and their meaning are:\n\n<pre>\n\"replicated\" - The Message is replicated to the remote Message VPN.\n\"not-replicated\" - The Message is not being replicated to the remote Message VPN.\n\"pending-replication\" - The Message is queued for replication to the remote Message VPN.\n</pre>\n",
           "type": "string"
         },
-        "xid": {
-          "description": "The identifier (ID) of the Transaction.",
+        "spooledTime": {
+          "description": "The timestamp of when the Message was spooled in the Topic Endpoint. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
+          "format": "int32",
+          "type": "integer"
+        },
+        "topicEndpointName": {
+          "description": "The name of the Topic Endpoint.",
           "type": "string"
+        },
+        "undelivered": {
+          "description": "Indicates whether delivery of the Message has never been attempted.",
+          "type": "boolean"
         }
       },
       "type": "object"
     },
-    "MsgVpnTransactionConsumerMsgCollections": {
+    "MsgVpnTopicEndpointMsgCollections": {
       "properties": {},
       "type": "object"
     },
-    "MsgVpnTransactionConsumerMsgLinks": {
+    "MsgVpnTopicEndpointMsgLinks": {
       "properties": {
         "uri": {
-          "description": "The URI of this Transaction Consumer Message object.",
+          "description": "The URI of this Topic Endpoint Message object.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "MsgVpnTransactionConsumerMsgResponse": {
+    "MsgVpnTopicEndpointMsgResponse": {
       "properties": {
         "collections": {
-          "$ref": "#/definitions/MsgVpnTransactionConsumerMsgCollections"
+          "$ref": "#/definitions/MsgVpnTopicEndpointMsgCollections"
         },
         "data": {
-          "$ref": "#/definitions/MsgVpnTransactionConsumerMsg"
+          "$ref": "#/definitions/MsgVpnTopicEndpointMsg"
         },
         "links": {
-          "$ref": "#/definitions/MsgVpnTransactionConsumerMsgLinks"
+          "$ref": "#/definitions/MsgVpnTopicEndpointMsgLinks"
         },
         "meta": {
           "$ref": "#/definitions/SempMeta"
@@ -15343,23 +16350,23 @@
       ],
       "type": "object"
     },
-    "MsgVpnTransactionConsumerMsgsResponse": {
+    "MsgVpnTopicEndpointMsgsResponse": {
       "properties": {
         "collections": {
           "items": {
-            "$ref": "#/definitions/MsgVpnTransactionConsumerMsgCollections"
+            "$ref": "#/definitions/MsgVpnTopicEndpointMsgCollections"
           },
           "type": "array"
         },
         "data": {
           "items": {
-            "$ref": "#/definitions/MsgVpnTransactionConsumerMsg"
+            "$ref": "#/definitions/MsgVpnTopicEndpointMsg"
           },
           "type": "array"
         },
         "links": {
           "items": {
-            "$ref": "#/definitions/MsgVpnTransactionConsumerMsgLinks"
+            "$ref": "#/definitions/MsgVpnTopicEndpointMsgLinks"
           },
           "type": "array"
         },
@@ -15372,68 +16379,86 @@
       ],
       "type": "object"
     },
-    "MsgVpnTransactionLinks": {
+    "MsgVpnTopicEndpointPrioritiesResponse": {
       "properties": {
-        "consumerMsgsUri": {
-          "description": "The URI of this Replicated Local Transaction or XA Transaction's collection of Transaction Consumer Message objects.",
-          "type": "string"
+        "collections": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTopicEndpointPriorityCollections"
+          },
+          "type": "array"
         },
-        "publisherMsgsUri": {
-          "description": "The URI of this Replicated Local Transaction or XA Transaction's collection of Transaction Publisher Message objects.",
-          "type": "string"
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTopicEndpointPriority"
+          },
+          "type": "array"
         },
-        "uri": {
-          "description": "The URI of this Replicated Local Transaction or XA Transaction object.",
-          "type": "string"
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTopicEndpointPriorityLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
         }
       },
+      "required": [
+        "meta"
+      ],
       "type": "object"
     },
-    "MsgVpnTransactionPublisherMsg": {
+    "MsgVpnTopicEndpointPriority": {
       "properties": {
-        "msgId": {
-          "description": "The identifier (ID) of the Message.",
-          "format": "int64",
-          "type": "integer"
-        },
         "msgVpnName": {
           "description": "The name of the Message VPN.",
           "type": "string"
         },
-        "topic": {
-          "description": "The topic destination of the Message.",
-          "type": "string"
+        "priority": {
+          "description": "The level of the Priority, from 9 (highest) to 0 (lowest).",
+          "format": "int64",
+          "type": "integer"
         },
-        "xid": {
-          "description": "The identifier (ID) of the Transaction.",
+        "spooledByteCount": {
+          "description": "The amount of guaranteed messages at this Priority spooled by the Topic Endpoint, in bytes (B).",
+          "format": "int64",
+          "type": "integer"
+        },
+        "spooledMsgCount": {
+          "description": "The number of guaranteed messages at this Priority spooled by the Topic Endpoint.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "topicEndpointName": {
+          "description": "The name of the Topic Endpoint.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "MsgVpnTransactionPublisherMsgCollections": {
+    "MsgVpnTopicEndpointPriorityCollections": {
       "properties": {},
       "type": "object"
     },
-    "MsgVpnTransactionPublisherMsgLinks": {
+    "MsgVpnTopicEndpointPriorityLinks": {
       "properties": {
         "uri": {
-          "description": "The URI of this Transaction Publisher Message object.",
+          "description": "The URI of this Topic Endpoint Priority object.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "MsgVpnTransactionPublisherMsgResponse": {
+    "MsgVpnTopicEndpointPriorityResponse": {
       "properties": {
         "collections": {
-          "$ref": "#/definitions/MsgVpnTransactionPublisherMsgCollections"
+          "$ref": "#/definitions/MsgVpnTopicEndpointPriorityCollections"
         },
         "data": {
-          "$ref": "#/definitions/MsgVpnTransactionPublisherMsg"
+          "$ref": "#/definitions/MsgVpnTopicEndpointPriority"
         },
         "links": {
-          "$ref": "#/definitions/MsgVpnTransactionPublisherMsgLinks"
+          "$ref": "#/definitions/MsgVpnTopicEndpointPriorityLinks"
         },
         "meta": {
           "$ref": "#/definitions/SempMeta"
@@ -15444,25 +16469,16 @@
       ],
       "type": "object"
     },
-    "MsgVpnTransactionPublisherMsgsResponse": {
+    "MsgVpnTopicEndpointResponse": {
       "properties": {
         "collections": {
-          "items": {
-            "$ref": "#/definitions/MsgVpnTransactionPublisherMsgCollections"
-          },
-          "type": "array"
+          "$ref": "#/definitions/MsgVpnTopicEndpointCollections"
         },
         "data": {
-          "items": {
-            "$ref": "#/definitions/MsgVpnTransactionPublisherMsg"
-          },
-          "type": "array"
+          "$ref": "#/definitions/MsgVpnTopicEndpoint"
         },
         "links": {
-          "items": {
-            "$ref": "#/definitions/MsgVpnTransactionPublisherMsgLinks"
-          },
-          "type": "array"
+          "$ref": "#/definitions/MsgVpnTopicEndpointLinks"
         },
         "meta": {
           "$ref": "#/definitions/SempMeta"
@@ -15473,45 +16489,166 @@
       ],
       "type": "object"
     },
-    "MsgVpnTransactionResponse": {
+    "MsgVpnTopicEndpointTemplate": {
       "properties": {
-        "collections": {
-          "$ref": "#/definitions/MsgVpnTransactionCollections"
+        "accessType": {
+          "description": "The access type for delivering messages to consumer flows. The allowed values and their meaning are:\n\n<pre>\n\"exclusive\" - Exclusive delivery of messages to the first bound consumer flow.\n\"non-exclusive\" - Non-exclusive delivery of messages to all bound consumer flows in a round-robin fashion.\n</pre>\n",
+          "enum": [
+            "exclusive",
+            "non-exclusive"
+          ],
+          "type": "string"
         },
-        "data": {
-          "$ref": "#/definitions/MsgVpnTransaction"
+        "consumerAckPropagationEnabled": {
+          "description": "Indicates whether the propagation of consumer acknowledgements (ACKs) received on the active replication Message VPN to the standby replication Message VPN is enabled.",
+          "type": "boolean"
         },
-        "links": {
-          "$ref": "#/definitions/MsgVpnTransactionLinks"
+        "deadMsgQueue": {
+          "description": "The name of the Dead Message Queue (DMQ).",
+          "type": "string"
         },
-        "meta": {
-          "$ref": "#/definitions/SempMeta"
+        "deliveryDelay": {
+          "description": "The delay, in seconds, to apply to messages arriving on the Topic Endpoint before the messages are eligible for delivery. Available since 2.22.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "eventBindCountThreshold": {
+          "$ref": "#/definitions/EventThreshold"
+        },
+        "eventMsgSpoolUsageThreshold": {
+          "$ref": "#/definitions/EventThreshold"
+        },
+        "eventRejectLowPriorityMsgLimitThreshold": {
+          "$ref": "#/definitions/EventThreshold"
+        },
+        "maxBindCount": {
+          "description": "The maximum number of consumer flows that can bind.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "maxDeliveredUnackedMsgsPerFlow": {
+          "description": "The maximum number of messages delivered but not acknowledged per flow.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "maxMsgSize": {
+          "description": "The maximum message size allowed, in bytes (B).",
+          "format": "int32",
+          "type": "integer"
+        },
+        "maxMsgSpoolUsage": {
+          "description": "The maximum message spool usage allowed, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "maxRedeliveryCount": {
+          "description": "The maximum number of message redelivery attempts that will occur prior to the message being discarded or moved to the DMQ. A value of 0 means to retry forever.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "maxTtl": {
+          "description": "The maximum time in seconds a message can stay in the Topic Endpoint when `respectTtlEnabled` is `\"true\"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `maxTtl` configured for the Topic Endpoint, is exceeded. A value of 0 disables expiry.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "type": "string"
+        },
+        "permission": {
+          "description": "The permission level for all consumers, excluding the owner. The allowed values and their meaning are:\n\n<pre>\n\"no-access\" - Disallows all access.\n\"read-only\" - Read-only access to the messages.\n\"consume\" - Consume (read and remove) messages.\n\"modify-topic\" - Consume messages or modify the topic/selector.\n\"delete\" - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.\n</pre>\n",
+          "enum": [
+            "no-access",
+            "read-only",
+            "consume",
+            "modify-topic",
+            "delete"
+          ],
+          "type": "string"
+        },
+        "redeliveryDelayEnabled": {
+          "description": "Enable or disable a message redelivery delay. When false, messages are redelivered as-soon-as-possible.  When true, messages are redelivered according to the initial, max and multiplier.  This should only be enabled when redelivery is enabled. Available since 2.33.",
+          "type": "boolean"
+        },
+        "redeliveryDelayInitialInterval": {
+          "description": "The delay to be used between the first 2 redelivery attempts.  This value is in milliseconds. Available since 2.33.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "redeliveryDelayMaxInterval": {
+          "description": "The maximum delay to be used between any 2 redelivery attempts.  This value is in milliseconds.  Due to technical limitations, some redelivery attempt delays may slightly exceed this value. Available since 2.33.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "redeliveryDelayMultiplier": {
+          "description": "The amount each delay interval is multiplied by after each failed delivery attempt.  This number is in a fixed-point decimal format in which you must divide by 100 to get the floating point value. For example, a value of 125 would cause the delay to be multiplied by 1.25. Available since 2.33.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "redeliveryEnabled": {
+          "description": "Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by maxRedeliveryCount. When disabled, the message will never be delivered from the topic-endpoint more than once. Available since 2.18.",
+          "type": "boolean"
+        },
+        "rejectLowPriorityMsgEnabled": {
+          "description": "Indicates whether the checking of low priority messages against the `rejectLowPriorityMsgLimit` is enabled.",
+          "type": "boolean"
+        },
+        "rejectLowPriorityMsgLimit": {
+          "description": "The number of messages that are permitted before low priority messages are rejected.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "rejectMsgToSenderOnDiscardBehavior": {
+          "description": "Determines when to return negative acknowledgements (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. The allowed values and their meaning are:\n\n<pre>\n\"always\" - Always return a negative acknowledgment (NACK) to the sending client on message discard.\n\"when-topic-endpoint-enabled\" - Only return a negative acknowledgment (NACK) to the sending client on message discard when the Topic Endpoint is enabled.\n\"never\" - Never return a negative acknowledgment (NACK) to the sending client on message discard.\n</pre>\n",
+          "enum": [
+            "always",
+            "when-topic-endpoint-enabled",
+            "never"
+          ],
+          "type": "string"
+        },
+        "respectMsgPriorityEnabled": {
+          "description": "Indicates whether message priorities are respected. When enabled, messages are delivered in priority order, from 9 (highest) to 0 (lowest).",
+          "type": "boolean"
+        },
+        "respectTtlEnabled": {
+          "description": "Indicates whether the time-to-live (TTL) for messages is respected. When enabled, expired messages are discarded or moved to the DMQ.",
+          "type": "boolean"
+        },
+        "topicEndpointNameFilter": {
+          "description": "A wildcardable pattern used to determine which Topic Endpoints use settings from this Template. Two different wildcards are supported: * and >. Similar to topic filters or subscription patterns, a > matches anything (but only when used at the end), and a * matches zero or more characters but never a slash (/). A > is only a wildcard when used at the end, after a /. A * is only allowed at the end, after a slash (/).",
+          "type": "string"
+        },
+        "topicEndpointTemplateName": {
+          "description": "The name of the Topic Endpoint Template.",
+          "type": "string"
         }
       },
-      "required": [
-        "meta"
-      ],
       "type": "object"
     },
-    "MsgVpnTransactionsResponse": {
+    "MsgVpnTopicEndpointTemplateCollections": {
+      "properties": {},
+      "type": "object"
+    },
+    "MsgVpnTopicEndpointTemplateLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Topic Endpoint Template object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTopicEndpointTemplateResponse": {
       "properties": {
         "collections": {
-          "items": {
-            "$ref": "#/definitions/MsgVpnTransactionCollections"
-          },
-          "type": "array"
+          "$ref": "#/definitions/MsgVpnTopicEndpointTemplateCollections"
         },
         "data": {
-          "items": {
-            "$ref": "#/definitions/MsgVpnTransaction"
-          },
-          "type": "array"
+          "$ref": "#/definitions/MsgVpnTopicEndpointTemplate"
         },
         "links": {
-          "items": {
-            "$ref": "#/definitions/MsgVpnTransactionLinks"
-          },
-          "type": "array"
+          "$ref": "#/definitions/MsgVpnTopicEndpointTemplateLinks"
         },
         "meta": {
           "$ref": "#/definitions/SempMeta"
@@ -15522,23 +16659,23 @@
       ],
       "type": "object"
     },
-    "MsgVpnsResponse": {
+    "MsgVpnTopicEndpointTemplatesResponse": {
       "properties": {
         "collections": {
           "items": {
-            "$ref": "#/definitions/MsgVpnCollections"
+            "$ref": "#/definitions/MsgVpnTopicEndpointTemplateCollections"
           },
           "type": "array"
         },
         "data": {
           "items": {
-            "$ref": "#/definitions/MsgVpn"
+            "$ref": "#/definitions/MsgVpnTopicEndpointTemplate"
           },
           "type": "array"
         },
         "links": {
           "items": {
-            "$ref": "#/definitions/MsgVpnLinks"
+            "$ref": "#/definitions/MsgVpnTopicEndpointTemplateLinks"
           },
           "type": "array"
         },
@@ -15551,867 +16688,1234 @@
       ],
       "type": "object"
     },
-    "OauthProfile": {
+    "MsgVpnTopicEndpointTxFlow": {
       "properties": {
-        "accessLevelGroupsClaimName": {
-          "description": "The name of the groups claim.",
+        "ackedMsgCount": {
+          "description": "The number of guaranteed messages delivered and acknowledged by the consumer.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "activityState": {
+          "description": "The activity state of the Flow. The allowed values and their meaning are:\n\n<pre>\n\"active-browser\" - The Flow is active as a browser.\n\"active-consumer\" - The Flow is active as a consumer.\n\"inactive\" - The Flow is inactive.\n</pre>\n",
           "type": "string"
         },
-        "active": {
-          "description": "Indicates whether the profile is active. An enabled profile may not be active if discovery is not complete, if there is no issuer specified, or if there is another profile with the same issuer. Available since 2.26.",
-          "type": "boolean"
+        "bindTime": {
+          "description": "The timestamp of when the Flow bound to the Topic Endpoint. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
+          "format": "int32",
+          "type": "integer"
         },
-        "clientId": {
-          "description": "The OAuth client id.",
+        "clientName": {
+          "description": "The name of the Client.",
           "type": "string"
         },
-        "clientRedirectUri": {
-          "description": "The OAuth redirect URI.",
-          "type": "string"
+        "consumerRedeliveryRequestAllowed": {
+          "description": "Indicates whether redelivery requests can be received as negative acknowledgements (NACKs) from the consumer. Applicable only to REST consumers.",
+          "type": "boolean"
         },
-        "clientRequiredType": {
-          "description": "The required value for the TYP field in the ID token header.",
-          "type": "string"
+        "cutThroughAckedMsgCount": {
+          "description": "The number of guaranteed messages that used cut-through delivery and are acknowledged by the consumer.",
+          "format": "int64",
+          "type": "integer"
         },
-        "clientScope": {
-          "description": "The OAuth scope.",
+        "deliveryState": {
+          "description": "The delivery state of the Flow. The allowed values and their meaning are:\n\n<pre>\n\"closed\" - The Flow is unbound.\n\"opened\" - The Flow is bound but inactive.\n\"unbinding\" - The Flow received an unbind request.\n\"handshaking\" - The Flow is handshaking to become active.\n\"deliver-cut-through\" - The Flow is streaming messages using direct+guaranteed delivery.\n\"deliver-from-input-stream\" - The Flow is streaming messages using guaranteed delivery.\n\"deliver-from-memory\" - The Flow throttled causing message delivery from memory (RAM).\n\"deliver-from-spool\" - The Flow stalled causing message delivery from spool (ADB or disk).\n</pre>\n",
           "type": "string"
         },
-        "clientValidateTypeEnabled": {
-          "description": "Enable or disable verification of the TYP field in the ID token header.",
-          "type": "boolean"
-        },
-        "completeExpiredStateCount": {
-          "description": "The number of requests to the broker OAuth completion endpoint with an expired state token.",
+        "flowId": {
+          "description": "The identifier (ID) of the Flow.",
           "format": "int64",
           "type": "integer"
         },
-        "completeInvalidStateCount": {
-          "description": "The number of request to the broker OAuth completion endpoint with an invalid state token.",
+        "highestAckPendingMsgId": {
+          "description": "The highest identifier (ID) of message transmitted and waiting for acknowledgement.",
           "format": "int64",
           "type": "integer"
         },
-        "completeRequestCount": {
-          "description": "The number of requests to the broker OAuth completion endpoint (successful and unsuccessful).",
+        "lastAckedMsgId": {
+          "description": "The identifier (ID) of the last message transmitted and acknowledged by the consumer.",
           "format": "int64",
           "type": "integer"
         },
-        "completeSuccessCount": {
-          "description": "The number of successful requests to the broker OAuth completion endpoint.  Successful requests have authenticated  the user and established a browser session.",
+        "lowestAckPendingMsgId": {
+          "description": "The lowest identifier (ID) of message transmitted and waiting for acknowledgement.",
           "format": "int64",
           "type": "integer"
         },
-        "defaultGlobalAccessLevel": {
-          "description": "The default global access level for this OAuth profile. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to global data.\n\"read-only\" - User has read-only access to global data.\n\"read-write\" - User has read-write access to most global data.\n\"admin\" - User has read-write access to all global data.\n</pre>\n",
-          "enum": [
-            "none",
-            "read-only",
-            "read-write",
-            "admin"
-          ],
-          "type": "string"
+        "maxUnackedMsgsExceededMsgCount": {
+          "description": "The number of guaranteed messages that exceeded the maximum number of delivered unacknowledged messages.",
+          "format": "int64",
+          "type": "integer"
         },
-        "defaultMsgVpnAccessLevel": {
-          "description": "The default message VPN access level for the OAuth profile. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to a Message VPN.\n\"read-only\" - User has read-only access to a Message VPN.\n\"read-write\" - User has read-write access to most Message VPN settings.\n</pre>\n",
-          "enum": [
-            "none",
-            "read-only",
-            "read-write"
-          ],
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
           "type": "string"
         },
-        "discoveryLastRefreshFailureReason": {
-          "description": "The reason for the last discovery endpoint refresh failure.",
-          "type": "string"
+        "noLocalDelivery": {
+          "description": "Indicates whether not to deliver messages to a consumer that published them.",
+          "type": "boolean"
         },
-        "discoveryLastRefreshFailureTime": {
-          "description": "The timestamp of the last discovery endpoint refresh failure. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
-          "format": "int32",
+        "redeliveredMsgCount": {
+          "description": "The number of guaranteed messages that were redelivered.",
+          "format": "int64",
           "type": "integer"
         },
-        "discoveryLastRefreshTime": {
-          "description": "The timestamp of the last discovery endpoint refresh success. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
-          "format": "int32",
+        "redeliveryRequestCount": {
+          "description": "The number of consumer requests via negative acknowledgements (NACKs) to redeliver guaranteed messages.",
+          "format": "int64",
           "type": "integer"
         },
-        "discoveryNextScheduledRefreshTime": {
-          "description": "The timestamp of the next scheduled discovery endpoint refresh. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
-          "format": "int32",
-          "type": "integer"
+        "sessionName": {
+          "description": "The name of the Transacted Session for the Flow.",
+          "type": "string"
         },
-        "discoveryRefreshFailureCount": {
-          "description": "The number of discovery endpoint refresh failures.",
+        "storeAndForwardAckedMsgCount": {
+          "description": "The number of guaranteed messages that used store and forward delivery and are acknowledged by the consumer.",
           "format": "int64",
           "type": "integer"
         },
-        "displayName": {
-          "description": "The user friendly name for the OAuth profile.",
+        "topicEndpointName": {
+          "description": "The name of the Topic Endpoint.",
           "type": "string"
         },
-        "enabled": {
-          "description": "Enable or disable the OAuth profile.",
-          "type": "boolean"
-        },
-        "endpointAuthorization": {
-          "description": "The OAuth authorization endpoint.",
-          "type": "string"
+        "transportRetransmitMsgCount": {
+          "description": "The number of guaranteed messages that were retransmitted at the transport layer as part of a single delivery attempt. Available since 2.18.",
+          "format": "int64",
+          "type": "integer"
         },
-        "endpointAuthorizationOperational": {
-          "description": "The operational OAuth authorization endpoint.",
-          "type": "string"
+        "unackedMsgCount": {
+          "description": "The number of guaranteed messages delivered but not yet acknowledged by the consumer.",
+          "format": "int64",
+          "type": "integer"
         },
-        "endpointDiscovery": {
-          "description": "The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint.",
-          "type": "string"
+        "usedWindowSize": {
+          "description": "The number of guaranteed messages using the available window size.",
+          "format": "int64",
+          "type": "integer"
         },
-        "endpointDiscoveryRefreshInterval": {
-          "description": "The number of seconds between discovery endpoint requests.",
-          "format": "int32",
+        "windowClosedCount": {
+          "description": "The number of times the window for guaranteed messages was filled and closed before an acknowledgement was received.",
+          "format": "int64",
           "type": "integer"
         },
-        "endpointIntrospection": {
-          "description": "The OAuth introspection endpoint.",
+        "windowSize": {
+          "description": "The number of outstanding guaranteed messages that can be transmitted over the Flow before an acknowledgement is received.",
+          "format": "int64",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTopicEndpointTxFlowCollections": {
+      "properties": {},
+      "type": "object"
+    },
+    "MsgVpnTopicEndpointTxFlowLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Topic Endpoint Transmit Flow object.",
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTopicEndpointTxFlowResponse": {
+      "properties": {
+        "collections": {
+          "$ref": "#/definitions/MsgVpnTopicEndpointTxFlowCollections"
         },
-        "endpointIntrospectionOperational": {
-          "description": "The operational OAuth introspection endpoint.",
-          "type": "string"
+        "data": {
+          "$ref": "#/definitions/MsgVpnTopicEndpointTxFlow"
         },
-        "endpointIntrospectionTimeout": {
-          "description": "The maximum time in seconds a token introspection request is allowed to take.",
-          "format": "int32",
-          "type": "integer"
+        "links": {
+          "$ref": "#/definitions/MsgVpnTopicEndpointTxFlowLinks"
         },
-        "endpointJwks": {
-          "description": "The OAuth JWKS endpoint.",
-          "type": "string"
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTopicEndpointTxFlowsResponse": {
+      "properties": {
+        "collections": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTopicEndpointTxFlowCollections"
+          },
+          "type": "array"
         },
-        "endpointJwksOperational": {
-          "description": "The operational OAuth JWKS endpoint.",
-          "type": "string"
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTopicEndpointTxFlow"
+          },
+          "type": "array"
         },
-        "endpointJwksRefreshInterval": {
-          "description": "The number of seconds between JWKS endpoint requests.",
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTopicEndpointTxFlowLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTopicEndpointsResponse": {
+      "properties": {
+        "collections": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTopicEndpointCollections"
+          },
+          "type": "array"
+        },
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTopicEndpoint"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTopicEndpointLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTransaction": {
+      "properties": {
+        "clientId": {
+          "description": "The identifier (ID) of the Client.",
           "format": "int32",
           "type": "integer"
         },
-        "endpointToken": {
-          "description": "The OAuth token endpoint.",
+        "clientName": {
+          "description": "The name of the Client.",
           "type": "string"
         },
-        "endpointTokenOperational": {
-          "description": "The operational OAuth token endpoint.",
+        "clientUsername": {
+          "description": "The username of the Client.",
           "type": "string"
         },
-        "endpointTokenTimeout": {
-          "description": "The maximum time in seconds a token request is allowed to take.",
+        "idleTimeout": {
+          "description": "The number of seconds before an idle Transaction may be automatically rolled back and freed.",
           "format": "int32",
           "type": "integer"
         },
-        "endpointUserinfo": {
-          "description": "The OpenID Connect Userinfo endpoint.",
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
           "type": "string"
         },
-        "endpointUserinfoOperational": {
-          "description": "The operational OpenID Connect Userinfo endpoint.",
+        "replicated": {
+          "description": "Indicates whether the Transaction is replicated.",
+          "type": "boolean"
+        },
+        "sessionName": {
+          "description": "The name of the Transacted Session for the Transaction.",
           "type": "string"
         },
-        "endpointUserinfoTimeout": {
-          "description": "The maximum time in seconds a userinfo request is allowed to take.",
+        "state": {
+          "description": "The state of the Transaction. The allowed values and their meaning are:\n\n<pre>\n\"active\" - The Transaction was started.\n\"suspended\" - The Transaction was suspended.\n\"idle\" - The Transaction was ended.\n\"prepared\" - The Transaction was prepared.\n\"complete\" - The Transaction was committed or rolled back.\n</pre>\n",
+          "type": "string"
+        },
+        "timeInState": {
+          "description": "The number of seconds the Transaction has remained in the current state.",
           "format": "int32",
           "type": "integer"
         },
-        "inactiveReason": {
-          "description": "The reason the profile is not active. The allowed values and their meaning are:\n\n<pre>\n\"profile-disabled\" - The OAuth profile is disabled.\n\"missing-issuer\" - The issuer has not been discovered or configured.\n\"duplicate-issuer\" - Another OAuth profile already has the same issuer.\n\"none\" - The OAuth profile is active.\n</pre>\n Available since 2.26.",
+        "type": {
+          "description": "The type of Transaction. The allowed values and their meaning are:\n\n<pre>\n\"xa\" - The Transaction is an XA Transaction.\n\"local\" - The Transaction is a local Transaction.\n</pre>\n",
           "type": "string"
         },
-        "initiateInvalidErrorLinkCount": {
-          "description": "The number of requests to the broker OAuth initiation endpoint that had an invalid error_link_uri parameter.",
-          "format": "int64",
-          "type": "integer"
+        "xid": {
+          "description": "The identifier (ID) of the Transaction.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTransactionCollections": {
+      "properties": {
+        "consumerMsgs": {
+          "$ref": "#/definitions/MsgVpnTransactionCollectionsConsumerMsgs"
         },
-        "initiateInvalidHostCount": {
-          "description": "The number of requests to the broker OAuth initiation endpoint that did not have a valid Host header.  See the Allowed Host configuration setting.",
+        "publisherMsgs": {
+          "$ref": "#/definitions/MsgVpnTransactionCollectionsPublisherMsgs"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTransactionCollectionsConsumerMsgs": {
+      "properties": {
+        "count": {
+          "description": "The total number of objects in the consumerMsgs collection.",
           "format": "int64",
           "type": "integer"
-        },
-        "initiateInvalidTargetLinkCount": {
-          "description": "The number of requests to the broker OAuth initiation endpoint that had an invalid target_link_uri parameter.",
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTransactionCollectionsPublisherMsgs": {
+      "properties": {
+        "count": {
+          "description": "The total number of objects in the publisherMsgs collection.",
           "format": "int64",
           "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTransactionConsumerMsg": {
+      "properties": {
+        "endpointName": {
+          "description": "The name of the Queue or Topic Endpoint source.",
+          "type": "string"
         },
-        "initiateRequestCount": {
-          "description": "The number of requests to the broker OAuth initiation endpoint (successful and unsuccessful).",
-          "format": "int64",
-          "type": "integer"
+        "endpointType": {
+          "description": "The type of endpoint source. The allowed values and their meaning are:\n\n<pre>\n\"queue\" - The Message is from a Queue.\n\"topic-endpoint\" - The Message is from a Topic Endpoint.\n</pre>\n",
+          "type": "string"
         },
-        "initiateSuccessCount": {
-          "description": "The number of requests to the broker OAuth initiation endpoint that successfully redirected to the OAuth provider's authorization endpoint.",
+        "msgId": {
+          "description": "The identifier (ID) of the Message.",
           "format": "int64",
           "type": "integer"
         },
-        "interactiveEnabled": {
-          "description": "Enable or disable interactive logins via this OAuth provider.",
-          "type": "boolean"
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "type": "string"
         },
-        "interactiveGroupsFoundInTokenCount": {
-          "description": "The number of times the groups were successfully found in the ID token or access token for interactive authentication.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "interactiveIntrospectionMissingCount": {
-          "description": "The number of failures during interactive authentication due to missing introspection configuration (a introspection request was required but no introspection endpoint was configured).",
-          "format": "int64",
-          "type": "integer"
-        },
-        "interactiveIntrospectionMissingGroupsCount": {
-          "description": "The number of introspection request made from the broker during interactive authentication for this OAuth profile  where the configured groups claim wasn't found in the access token or the introspection response.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "interactiveIntrospectionMissingUsernameCount": {
-          "description": "The number of introspection requests made from the broker during interactive authentication for this OAuth profile where the configured username claim wasn't found in the access token or introspection response.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "interactiveIntrospectionRequestCount": {
-          "description": "The number of requests made to the introspection endpoint during interactive authentication.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "interactiveIntrospectionResponseInvalidCount": {
-          "description": "The number of introspection responses during interactive authentication that couldn't be parsed.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "interactiveIntrospectionStatusOkCount": {
-          "description": "The number of introspection requests made from the broker during interactive authentication for this OAuth profile with 200 status responses.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "interactiveIntrospectionStatusOtherCount": {
-          "description": "The number of introspection requests made from the broker during interactive authentication for this OAuth profile with status responses other than 200.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "interactiveIntrospectionTokenNotActiveCount": {
-          "description": "The number of introspection responses indicating that the provided token was not active.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "interactivePromptForExpiredSession": {
-          "description": "The value of the prompt parameter provided to the OAuth authorization server for login requests where the session has expired.",
+        "replicationGroupMsgId": {
+          "description": "An ID that uniquely identifies this message within this replication group. Available since 2.21.",
           "type": "string"
         },
-        "interactivePromptForNewSession": {
-          "description": "The value of the prompt parameter provided to the OAuth authorization server for login requests where the session is new or the user has explicitly logged out.",
+        "xid": {
+          "description": "The identifier (ID) of the Transaction.",
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTransactionConsumerMsgCollections": {
+      "properties": {},
+      "type": "object"
+    },
+    "MsgVpnTransactionConsumerMsgLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Transaction Consumer Message object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTransactionConsumerMsgResponse": {
+      "properties": {
+        "collections": {
+          "$ref": "#/definitions/MsgVpnTransactionConsumerMsgCollections"
         },
-        "interactiveUserinfoMissingCount": {
-          "description": "The number of failures due to missing Userinfo configuration (a Userinfo request was required but no Userinfo endpoint was configured) during interactive authentication.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "interactiveUserinfoMissingGroupsCount": {
-          "description": "The number of Userinfo request made from the broker during interactive authentication for this OAuth profile where the configured groups claim wasn't found in the ID token or the Userinfo response.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "interactiveUserinfoMissingUsernameCount": {
-          "description": "The number of Userinfo requests made from the broker during interactive authentication for this OAuth profile where the configured username claim wasn't found in the ID token or Userinfo response.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "interactiveUserinfoRequestCount": {
-          "description": "The number of requests made to the Userinfo endpoint during interactive authentication.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "interactiveUserinfoResponseInvalidCount": {
-          "description": "The number of Userinfo requests made from the broker during interactive authentication for this OAuth profile with responses that couldn't be parsed.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "interactiveUserinfoStatusOkCount": {
-          "description": "The number of Userinfo requests made from the broker during interactive authentication for this OAuth profile with 200 status responses.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "interactiveUserinfoStatusOtherCount": {
-          "description": "The number of Userinfo requests made from the broker during interactive authentication for this OAuth profile with status responses other than 200.",
-          "format": "int64",
-          "type": "integer"
-        },
-        "interactiveUserinfoSubjectMismatchCount": {
-          "description": "The number of Userinfo requests made from the broker during interactive authentication for this OAuth profile with subject claims that did not match the subject from the ID token.",
-          "format": "int64",
-          "type": "integer"
+        "data": {
+          "$ref": "#/definitions/MsgVpnTransactionConsumerMsg"
         },
-        "interactiveUsernameFoundInTokenCount": {
-          "description": "The number of time the username was successfully found in the ID token or access token for interactive authentication.",
-          "format": "int64",
-          "type": "integer"
+        "links": {
+          "$ref": "#/definitions/MsgVpnTransactionConsumerMsgLinks"
         },
-        "introspectionAverageTime": {
-          "description": "The one minute average of the time required to complete a token introspection, in milliseconds (ms).",
-          "format": "int32",
-          "type": "integer"
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTransactionConsumerMsgsResponse": {
+      "properties": {
+        "collections": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTransactionConsumerMsgCollections"
+          },
+          "type": "array"
         },
-        "introspectionLastFailureReason": {
-          "description": "The reason for the introspection endpoint request failure.",
-          "type": "string"
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTransactionConsumerMsg"
+          },
+          "type": "array"
         },
-        "introspectionLastFailureTime": {
-          "description": "The timestamp of the last introspection endpoint request failure. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
-          "format": "int32",
-          "type": "integer"
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTransactionConsumerMsgLinks"
+          },
+          "type": "array"
         },
-        "issuer": {
-          "description": "The Issuer Identifier for the OAuth provider.",
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTransactionLinks": {
+      "properties": {
+        "consumerMsgsUri": {
+          "description": "The URI of this Replicated Local Transaction or XA Transaction's collection of Transaction Consumer Message objects.",
           "type": "string"
         },
-        "issuerOperational": {
-          "description": "The operational Issuer Identifier for the OAuth provider.",
+        "publisherMsgsUri": {
+          "description": "The URI of this Replicated Local Transaction or XA Transaction's collection of Transaction Publisher Message objects.",
           "type": "string"
         },
-        "jwksLastRefreshFailureReason": {
-          "description": "The reason for the last JWKS public key refresh failure.",
+        "uri": {
+          "description": "The URI of this Replicated Local Transaction or XA Transaction object.",
           "type": "string"
-        },
-        "jwksLastRefreshFailureTime": {
-          "description": "The timestamp of the last JWKS public key refresh failure. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
-          "format": "int32",
-          "type": "integer"
-        },
-        "jwksLastRefreshTime": {
-          "description": "The timestamp of the last JWKS public key refresh success. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
-          "format": "int32",
-          "type": "integer"
-        },
-        "jwksNextScheduledRefreshTime": {
-          "description": "The timestamp of the next scheduled JWKS public key refresh. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
-          "format": "int32",
-          "type": "integer"
-        },
-        "jwksRefreshFailureCount": {
-          "description": "The number of JWKS public key refresh failures.",
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTransactionPublisherMsg": {
+      "properties": {
+        "msgId": {
+          "description": "The identifier (ID) of the Message.",
           "format": "int64",
           "type": "integer"
         },
-        "oauthProfileName": {
-          "description": "The name of the OAuth profile.",
-          "type": "string"
-        },
-        "oauthRole": {
-          "description": "The OAuth role of the broker. The allowed values and their meaning are:\n\n<pre>\n\"client\" - The broker is in the OAuth client role.\n\"resource-server\" - The broker is in the OAuth resource server role.\n</pre>\n",
-          "enum": [
-            "client",
-            "resource-server"
-          ],
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
           "type": "string"
         },
-        "resourceServerParseAccessTokenEnabled": {
-          "description": "Enable or disable parsing of the access token as a JWT.",
-          "type": "boolean"
-        },
-        "resourceServerRequiredAudience": {
-          "description": "The required audience value.",
+        "topic": {
+          "description": "The topic destination of the Message.",
           "type": "string"
         },
-        "resourceServerRequiredIssuer": {
-          "description": "The required issuer value.",
+        "xid": {
+          "description": "The identifier (ID) of the Transaction.",
           "type": "string"
-        },
-        "resourceServerRequiredScope": {
-          "description": "A space-separated list of scopes that must be present in the scope claim.",
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTransactionPublisherMsgCollections": {
+      "properties": {},
+      "type": "object"
+    },
+    "MsgVpnTransactionPublisherMsgLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Transaction Publisher Message object.",
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTransactionPublisherMsgResponse": {
+      "properties": {
+        "collections": {
+          "$ref": "#/definitions/MsgVpnTransactionPublisherMsgCollections"
         },
-        "resourceServerRequiredType": {
-          "description": "The required TYP value.",
-          "type": "string"
+        "data": {
+          "$ref": "#/definitions/MsgVpnTransactionPublisherMsg"
         },
-        "resourceServerValidateAudienceEnabled": {
-          "description": "Enable or disable verification of the audience claim in the access token or introspection response.",
-          "type": "boolean"
+        "links": {
+          "$ref": "#/definitions/MsgVpnTransactionPublisherMsgLinks"
         },
-        "resourceServerValidateIssuerEnabled": {
-          "description": "Enable or disable verification of the issuer claim in the access token or introspection response.",
-          "type": "boolean"
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTransactionPublisherMsgsResponse": {
+      "properties": {
+        "collections": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTransactionPublisherMsgCollections"
+          },
+          "type": "array"
         },
-        "resourceServerValidateScopeEnabled": {
-          "description": "Enable or disable verification of the scope claim in the access token or introspection response.",
-          "type": "boolean"
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTransactionPublisherMsg"
+          },
+          "type": "array"
         },
-        "resourceServerValidateTypeEnabled": {
-          "description": "Enable or disable verification of the TYP field in the access token header.",
-          "type": "boolean"
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTransactionPublisherMsgLinks"
+          },
+          "type": "array"
         },
-        "sempEnabled": {
-          "description": "Enable or disable authentication of SEMP requests with OAuth tokens.",
-          "type": "boolean"
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTransactionResponse": {
+      "properties": {
+        "collections": {
+          "$ref": "#/definitions/MsgVpnTransactionCollections"
         },
-        "sempExpiredTokenCount": {
-          "description": "The number of SEMP requests with an expired OAuth token.",
-          "format": "int64",
-          "type": "integer"
+        "data": {
+          "$ref": "#/definitions/MsgVpnTransaction"
         },
-        "sempGroupsFoundInTokenCount": {
-          "description": "The number of times the groups were successfully found in the ID token or access token for SEMP request authentication.",
-          "format": "int64",
-          "type": "integer"
+        "links": {
+          "$ref": "#/definitions/MsgVpnTransactionLinks"
         },
-        "sempIntrospectionMissingCount": {
-          "description": "The number of failures during SEMP request authentication due to missing introspection configuration (a introspection request was required but no introspection endpoint was configured).",
-          "format": "int64",
-          "type": "integer"
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTransactionsResponse": {
+      "properties": {
+        "collections": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTransactionCollections"
+          },
+          "type": "array"
         },
-        "sempIntrospectionMissingGroupsCount": {
-          "description": "The number of introspection request made from the broker during SEMP request authentication for this OAuth profile where the configured groups claim wasn't found in the access token or the introspection response.",
-          "format": "int64",
-          "type": "integer"
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTransaction"
+          },
+          "type": "array"
         },
-        "sempIntrospectionMissingUsernameCount": {
-          "description": "The number of introspection requests made from the broker during SEMP request authentication for this OAuth profile where the configured username claim wasn't found in the access token or introspection response.",
-          "format": "int64",
-          "type": "integer"
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTransactionLinks"
+          },
+          "type": "array"
         },
-        "sempIntrospectionRequestCount": {
-          "description": "The number of requests made to the introspection endpoint during SEMP request authentication.",
-          "format": "int64",
-          "type": "integer"
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnsResponse": {
+      "properties": {
+        "collections": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnCollections"
+          },
+          "type": "array"
         },
-        "sempIntrospectionResponseInvalidCount": {
-          "description": "The number of introspection responses during SEMP request authentication that couldn't be parsed.",
-          "format": "int64",
-          "type": "integer"
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpn"
+          },
+          "type": "array"
         },
-        "sempIntrospectionStatusOkCount": {
-          "description": "The number of introspection requests made from the broker during SEMP request authentication for this OAuth profile with 200 status responses.",
-          "format": "int64",
-          "type": "integer"
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnLinks"
+          },
+          "type": "array"
         },
-        "sempIntrospectionStatusOtherCount": {
-          "description": "The number of introspection requests made from the broker during SEMP request authentication for this OAuth profile with status responses other than 200.",
-          "format": "int64",
-          "type": "integer"
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfile": {
+      "properties": {
+        "accessLevelGroupsClaimName": {
+          "description": "The name of the groups claim.",
+          "type": "string"
         },
-        "sempIntrospectionTokenNotActiveCount": {
-          "description": "The number of introspection responses indicating that the provided token was not active.",
-          "format": "int64",
-          "type": "integer"
+        "accessLevelGroupsClaimStringFormat": {
+          "description": "The format of the access level groups claim value when it is a string. The allowed values and their meaning are:\n\n<pre>\n\"single\" - When the claim is a string, it is interpreted as a single group.\n\"space-delimited\" - When the claim is a string, it is interpreted as a space-delimited list of groups, similar to the \"scope\" claim.\n</pre>\n Available since 2.32.",
+          "enum": [
+            "single",
+            "space-delimited"
+          ],
+          "type": "string"
         },
-        "sempInvalidTokenCount": {
-          "description": "The number of SEMP requests with an invalid OAuth token.",
+        "active": {
+          "description": "Indicates whether the profile is active. An enabled profile may not be active if discovery is not complete, if there is no issuer specified, or if there is another profile with the same issuer. Available since 2.26.",
+          "type": "boolean"
+        },
+        "clientId": {
+          "description": "The OAuth client id.",
+          "type": "string"
+        },
+        "clientRedirectUri": {
+          "description": "The OAuth redirect URI.",
+          "type": "string"
+        },
+        "clientRequiredType": {
+          "description": "The required value for the TYP field in the ID token header.",
+          "type": "string"
+        },
+        "clientScope": {
+          "description": "The OAuth scope.",
+          "type": "string"
+        },
+        "clientValidateTypeEnabled": {
+          "description": "Enable or disable verification of the TYP field in the ID token header.",
+          "type": "boolean"
+        },
+        "completeExpiredStateCount": {
+          "description": "The number of requests to the broker OAuth completion endpoint with an expired state token.",
           "format": "int64",
           "type": "integer"
         },
-        "sempRequestCount": {
-          "description": "The number of SEMP requests (successful and unsuccessful) using this OAuth profile.",
+        "completeInvalidStateCount": {
+          "description": "The number of request to the broker OAuth completion endpoint with an invalid state token.",
           "format": "int64",
           "type": "integer"
         },
-        "sempSuccessCount": {
-          "description": "The number of successful SEMP authentications using this OAuth profile.",
+        "completeRequestCount": {
+          "description": "The number of requests to the broker OAuth completion endpoint (successful and unsuccessful).",
           "format": "int64",
           "type": "integer"
         },
-        "sempUserinfoMissingCount": {
-          "description": "The number of failures due to missing Userinfo configuration (a Userinfo request was required but no Userinfo endpoint was configured) during SEMP request authentication.",
+        "completeSuccessCount": {
+          "description": "The number of successful requests to the broker OAuth completion endpoint.  Successful requests have authenticated  the user and established a browser session.",
           "format": "int64",
           "type": "integer"
         },
-        "sempUserinfoMissingGroupsCount": {
-          "description": "The number of Userinfo request made from the broker during SEMP request authentication for this OAuth profile where the configured groups claim wasn't found in the ID token or the Userinfo response.",
-          "format": "int64",
+        "defaultGlobalAccessLevel": {
+          "description": "The default global access level for this OAuth profile. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to global data.\n\"read-only\" - User has read-only access to global data.\n\"read-write\" - User has read-write access to most global data.\n\"admin\" - User has read-write access to all global data.\n</pre>\n",
+          "enum": [
+            "none",
+            "read-only",
+            "read-write",
+            "admin"
+          ],
+          "type": "string"
+        },
+        "defaultMsgVpnAccessLevel": {
+          "description": "The default message VPN access level for the OAuth profile. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to a Message VPN.\n\"read-only\" - User has read-only access to a Message VPN.\n\"read-write\" - User has read-write access to most Message VPN settings.\n</pre>\n",
+          "enum": [
+            "none",
+            "read-only",
+            "read-write"
+          ],
+          "type": "string"
+        },
+        "discoveryLastRefreshFailureReason": {
+          "description": "The reason for the last discovery endpoint refresh failure.",
+          "type": "string"
+        },
+        "discoveryLastRefreshFailureTime": {
+          "description": "The timestamp of the last discovery endpoint refresh failure. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
+          "format": "int32",
           "type": "integer"
         },
-        "sempUserinfoMissingUsernameCount": {
-          "description": "The number of Userinfo requests made from the broker during SEMP request authentication for this OAuth profile where the configured username claim wasn't found in the ID token or Userinfo response.",
-          "format": "int64",
+        "discoveryLastRefreshTime": {
+          "description": "The timestamp of the last discovery endpoint refresh success. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
+          "format": "int32",
           "type": "integer"
         },
-        "sempUserinfoRequestCount": {
-          "description": "The number of requests made to the Userinfo endpoint during SEMP request authentication.",
-          "format": "int64",
+        "discoveryNextScheduledRefreshTime": {
+          "description": "The timestamp of the next scheduled discovery endpoint refresh. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
+          "format": "int32",
           "type": "integer"
         },
-        "sempUserinfoResponseInvalidCount": {
-          "description": "The number of Userinfo requests made from the broker during SEMP request authentication for this OAuth profile with responses that couldn't be parsed.",
+        "discoveryRefreshFailureCount": {
+          "description": "The number of discovery endpoint refresh failures.",
           "format": "int64",
           "type": "integer"
         },
-        "sempUserinfoStatusOkCount": {
-          "description": "The number of Userinfo requests made from the broker during SEMP request authentication for this OAuth profile with 200 status responses.",
+        "displayName": {
+          "description": "The user friendly name for the OAuth profile.",
+          "type": "string"
+        },
+        "enabled": {
+          "description": "Enable or disable the OAuth profile.",
+          "type": "boolean"
+        },
+        "endpointAuthorization": {
+          "description": "The OAuth authorization endpoint.",
+          "type": "string"
+        },
+        "endpointAuthorizationOperational": {
+          "description": "The operational OAuth authorization endpoint.",
+          "type": "string"
+        },
+        "endpointDiscovery": {
+          "description": "The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint.",
+          "type": "string"
+        },
+        "endpointDiscoveryRefreshInterval": {
+          "description": "The number of seconds between discovery endpoint requests.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "endpointIntrospection": {
+          "description": "The OAuth introspection endpoint.",
+          "type": "string"
+        },
+        "endpointIntrospectionOperational": {
+          "description": "The operational OAuth introspection endpoint.",
+          "type": "string"
+        },
+        "endpointIntrospectionTimeout": {
+          "description": "The maximum time in seconds a token introspection request is allowed to take.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "endpointJwks": {
+          "description": "The OAuth JWKS endpoint.",
+          "type": "string"
+        },
+        "endpointJwksOperational": {
+          "description": "The operational OAuth JWKS endpoint.",
+          "type": "string"
+        },
+        "endpointJwksRefreshInterval": {
+          "description": "The number of seconds between JWKS endpoint requests.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "endpointToken": {
+          "description": "The OAuth token endpoint.",
+          "type": "string"
+        },
+        "endpointTokenOperational": {
+          "description": "The operational OAuth token endpoint.",
+          "type": "string"
+        },
+        "endpointTokenTimeout": {
+          "description": "The maximum time in seconds a token request is allowed to take.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "endpointUserinfo": {
+          "description": "The OpenID Connect Userinfo endpoint.",
+          "type": "string"
+        },
+        "endpointUserinfoOperational": {
+          "description": "The operational OpenID Connect Userinfo endpoint.",
+          "type": "string"
+        },
+        "endpointUserinfoTimeout": {
+          "description": "The maximum time in seconds a userinfo request is allowed to take.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "inactiveReason": {
+          "description": "The reason the profile is not active. The allowed values and their meaning are:\n\n<pre>\n\"profile-disabled\" - The OAuth profile is disabled.\n\"missing-issuer\" - The issuer has not been discovered or configured.\n\"duplicate-issuer\" - Another OAuth profile already has the same issuer.\n\"none\" - The OAuth profile is active.\n</pre>\n Available since 2.26.",
+          "type": "string"
+        },
+        "initiateInvalidErrorLinkCount": {
+          "description": "The number of requests to the broker OAuth initiation endpoint that had an invalid error_link_uri parameter.",
           "format": "int64",
           "type": "integer"
         },
-        "sempUserinfoStatusOtherCount": {
-          "description": "The number of Userinfo requests made from the broker during SEMP request authentication for this OAuth profile with status responses other than 200.",
+        "initiateInvalidHostCount": {
+          "description": "The number of requests to the broker OAuth initiation endpoint that did not have a valid Host header.  See the Allowed Host configuration setting.",
           "format": "int64",
           "type": "integer"
         },
-        "sempUserinfoSubjectMismatchCount": {
-          "description": "The number of Userinfo requests made from the broker during SEMP request authentication for this OAuth profile with subject claims that did not match the subject from the ID token.",
+        "initiateInvalidTargetLinkCount": {
+          "description": "The number of requests to the broker OAuth initiation endpoint that had an invalid target_link_uri parameter.",
           "format": "int64",
           "type": "integer"
         },
-        "sempUsernameFoundInTokenCount": {
-          "description": "The number of time the username was successfully found in the ID token or access token for SEMP request authentication.",
+        "initiateRequestCount": {
+          "description": "The number of requests to the broker OAuth initiation endpoint (successful and unsuccessful).",
           "format": "int64",
           "type": "integer"
         },
-        "tokenEndpointAverageTime": {
-          "description": "The one minute average of the time required to complete a token request, in milliseconds (ms).",
-          "format": "int32",
+        "initiateSuccessCount": {
+          "description": "The number of requests to the broker OAuth initiation endpoint that successfully redirected to the OAuth provider's authorization endpoint.",
+          "format": "int64",
           "type": "integer"
         },
-        "tokenEndpointInvalidTokenCount": {
-          "description": "The number of token endpoint requests made from the broker for this OAuth profile that returned tokens that couldn't be verified.",
+        "interactiveEnabled": {
+          "description": "Enable or disable interactive logins via this OAuth provider.",
+          "type": "boolean"
+        },
+        "interactiveGroupsFoundInTokenCount": {
+          "description": "The number of times the groups were successfully found in the ID token or access token for interactive authentication.",
           "format": "int64",
           "type": "integer"
         },
-        "tokenEndpointLastFailureReason": {
-          "description": "The reason for the last token endpoint request failure.",
+        "interactiveIntrospectionMissingCount": {
+          "description": "The number of failures during interactive authentication due to missing introspection configuration (a introspection request was required but no introspection endpoint was configured).",
+          "format": "int64",
+          "type": "integer"
+        },
+        "interactiveIntrospectionMissingGroupsCount": {
+          "description": "The number of introspection request made from the broker during interactive authentication for this OAuth profile  where the configured groups claim wasn't found in the access token or the introspection response.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "interactiveIntrospectionMissingUsernameCount": {
+          "description": "The number of introspection requests made from the broker during interactive authentication for this OAuth profile where the configured username claim wasn't found in the access token or introspection response.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "interactiveIntrospectionRequestCount": {
+          "description": "The number of requests made to the introspection endpoint during interactive authentication.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "interactiveIntrospectionResponseInvalidCount": {
+          "description": "The number of introspection responses during interactive authentication that couldn't be parsed.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "interactiveIntrospectionStatusOkCount": {
+          "description": "The number of introspection requests made from the broker during interactive authentication for this OAuth profile with 200 status responses.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "interactiveIntrospectionStatusOtherCount": {
+          "description": "The number of introspection requests made from the broker during interactive authentication for this OAuth profile with status responses other than 200.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "interactiveIntrospectionTokenNotActiveCount": {
+          "description": "The number of introspection responses indicating that the provided token was not active.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "interactivePromptForExpiredSession": {
+          "description": "The value of the prompt parameter provided to the OAuth authorization server for login requests where the session has expired.",
           "type": "string"
         },
-        "tokenEndpointLastFailureTime": {
-          "description": "The timestamp of the last token endpoint request failure. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
-          "format": "int32",
+        "interactivePromptForNewSession": {
+          "description": "The value of the prompt parameter provided to the OAuth authorization server for login requests where the session is new or the user has explicitly logged out.",
+          "type": "string"
+        },
+        "interactiveUserinfoMissingCount": {
+          "description": "The number of failures due to missing Userinfo configuration (a Userinfo request was required but no Userinfo endpoint was configured) during interactive authentication.",
+          "format": "int64",
           "type": "integer"
         },
-        "tokenEndpointOtherErrorCount": {
-          "description": "The number of token endpoint requests made from the broker for this OAuth profile that returned an unexpected error not accounted for in the other failure statistics.",
+        "interactiveUserinfoMissingGroupsCount": {
+          "description": "The number of Userinfo request made from the broker during interactive authentication for this OAuth profile where the configured groups claim wasn't found in the ID token or the Userinfo response.",
           "format": "int64",
           "type": "integer"
         },
-        "tokenEndpointRequestCount": {
-          "description": "The number of token endpoint requests made from the broker for this OAuth profile.",
+        "interactiveUserinfoMissingUsernameCount": {
+          "description": "The number of Userinfo requests made from the broker during interactive authentication for this OAuth profile where the configured username claim wasn't found in the ID token or Userinfo response.",
           "format": "int64",
           "type": "integer"
         },
-        "tokenEndpointStatusBadRequestCount": {
-          "description": "The number of token endpoint requests made from the broker for this OAuth profile with 400 status responses.",
+        "interactiveUserinfoRequestCount": {
+          "description": "The number of requests made to the Userinfo endpoint during interactive authentication.",
           "format": "int64",
           "type": "integer"
         },
-        "tokenEndpointStatusOkCount": {
-          "description": "The number of token endpoint requests made from the broker for this OAuth profile with 200 status responses.",
+        "interactiveUserinfoResponseInvalidCount": {
+          "description": "The number of Userinfo requests made from the broker during interactive authentication for this OAuth profile with responses that couldn't be parsed.",
           "format": "int64",
           "type": "integer"
         },
-        "tokenEndpointStatusOtherCount": {
-          "description": "The number of token endpoint requests made from the broker for this OAuth profile with status responses other than 200 or 400.",
+        "interactiveUserinfoStatusOkCount": {
+          "description": "The number of Userinfo requests made from the broker during interactive authentication for this OAuth profile with 200 status responses.",
           "format": "int64",
           "type": "integer"
         },
-        "userinfoAverageTime": {
-          "description": "The one minute average of the time required to complete a token userinfo request, in milliseconds (ms).",
+        "interactiveUserinfoStatusOtherCount": {
+          "description": "The number of Userinfo requests made from the broker during interactive authentication for this OAuth profile with status responses other than 200.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "interactiveUserinfoSubjectMismatchCount": {
+          "description": "The number of Userinfo requests made from the broker during interactive authentication for this OAuth profile with subject claims that did not match the subject from the ID token.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "interactiveUsernameFoundInTokenCount": {
+          "description": "The number of time the username was successfully found in the ID token or access token for interactive authentication.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "introspectionAverageTime": {
+          "description": "The one minute average of the time required to complete a token introspection, in milliseconds (ms).",
           "format": "int32",
           "type": "integer"
         },
-        "userinfoLastFailureReason": {
-          "description": "The reason for the userinfo endpoint request failure.",
+        "introspectionLastFailureReason": {
+          "description": "The reason for the introspection endpoint request failure.",
           "type": "string"
         },
-        "userinfoLastFailureTime": {
-          "description": "The timestamp of the last userinfo endpoint request failure. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
+        "introspectionLastFailureTime": {
+          "description": "The timestamp of the last introspection endpoint request failure. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
           "format": "int32",
           "type": "integer"
         },
-        "usernameClaimName": {
-          "description": "The name of the username claim.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "OauthProfileAccessLevelGroup": {
-      "properties": {
-        "description": {
-          "description": "A description for the group.",
+        "issuer": {
+          "description": "The Issuer Identifier for the OAuth provider.",
           "type": "string"
         },
-        "globalAccessLevel": {
-          "description": "The global access level for this group. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to global data.\n\"read-only\" - User has read-only access to global data.\n\"read-write\" - User has read-write access to most global data.\n\"admin\" - User has read-write access to all global data.\n</pre>\n",
-          "enum": [
-            "none",
-            "read-only",
-            "read-write",
-            "admin"
-          ],
+        "issuerOperational": {
+          "description": "The operational Issuer Identifier for the OAuth provider.",
           "type": "string"
         },
-        "groupName": {
-          "description": "The name of the group.",
+        "jwksLastRefreshFailureReason": {
+          "description": "The reason for the last JWKS public key refresh failure.",
           "type": "string"
         },
-        "msgVpnAccessLevel": {
-          "description": "The default message VPN access level for this group. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to a Message VPN.\n\"read-only\" - User has read-only access to a Message VPN.\n\"read-write\" - User has read-write access to most Message VPN settings.\n</pre>\n",
-          "enum": [
-            "none",
-            "read-only",
-            "read-write"
-          ],
-          "type": "string"
+        "jwksLastRefreshFailureTime": {
+          "description": "The timestamp of the last JWKS public key refresh failure. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
+          "format": "int32",
+          "type": "integer"
         },
-        "oauthProfileName": {
-          "description": "The name of the OAuth profile.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "OauthProfileAccessLevelGroupCollections": {
-      "properties": {
-        "msgVpnAccessLevelExceptions": {
-          "$ref": "#/definitions/OauthProfileAccessLevelGroupCollectionsMsgvpnaccesslevelexceptions"
-        }
-      },
-      "type": "object"
-    },
-    "OauthProfileAccessLevelGroupCollectionsMsgvpnaccesslevelexceptions": {
-      "properties": {
-        "count": {
-          "description": "The total number of objects in the msgVpnAccessLevelExceptions collection.",
+        "jwksLastRefreshTime": {
+          "description": "The timestamp of the last JWKS public key refresh success. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
+          "format": "int32",
+          "type": "integer"
+        },
+        "jwksNextScheduledRefreshTime": {
+          "description": "The timestamp of the next scheduled JWKS public key refresh. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
+          "format": "int32",
+          "type": "integer"
+        },
+        "jwksRefreshFailureCount": {
+          "description": "The number of JWKS public key refresh failures.",
           "format": "int64",
           "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "OauthProfileAccessLevelGroupLinks": {
-      "properties": {
-        "msgVpnAccessLevelExceptionsUri": {
-          "description": "The URI of this Group Access Level's collection of Message VPN Access-Level Exception objects.",
-          "type": "string"
         },
-        "uri": {
-          "description": "The URI of this Group Access Level object.",
+        "oauthProfileName": {
+          "description": "The name of the OAuth profile.",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "OauthProfileAccessLevelGroupMsgVpnAccessLevelException": {
-      "properties": {
-        "accessLevel": {
-          "description": "The message VPN access level. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to a Message VPN.\n\"read-only\" - User has read-only access to a Message VPN.\n\"read-write\" - User has read-write access to most Message VPN settings.\n</pre>\n",
+        },
+        "oauthRole": {
+          "description": "The OAuth role of the broker. The allowed values and their meaning are:\n\n<pre>\n\"client\" - The broker is in the OAuth client role.\n\"resource-server\" - The broker is in the OAuth resource server role.\n</pre>\n",
           "enum": [
-            "none",
-            "read-only",
-            "read-write"
+            "client",
+            "resource-server"
           ],
           "type": "string"
         },
-        "groupName": {
-          "description": "The name of the group.",
+        "resourceServerParseAccessTokenEnabled": {
+          "description": "Enable or disable parsing of the access token as a JWT.",
+          "type": "boolean"
+        },
+        "resourceServerRequiredAudience": {
+          "description": "The required audience value.",
           "type": "string"
         },
-        "msgVpnName": {
-          "description": "The name of the message VPN.",
+        "resourceServerRequiredIssuer": {
+          "description": "The required issuer value.",
           "type": "string"
         },
-        "oauthProfileName": {
-          "description": "The name of the OAuth profile.",
+        "resourceServerRequiredScope": {
+          "description": "A space-separated list of scopes that must be present in the scope claim.",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionCollections": {
-      "properties": {},
-      "type": "object"
-    },
-    "OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionLinks": {
-      "properties": {
-        "uri": {
-          "description": "The URI of this Message VPN Access-Level Exception object.",
+        },
+        "resourceServerRequiredType": {
+          "description": "The required TYP value.",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionResponse": {
-      "properties": {
-        "collections": {
-          "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionCollections"
         },
-        "data": {
-          "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelException"
+        "resourceServerValidateAudienceEnabled": {
+          "description": "Enable or disable verification of the audience claim in the access token or introspection response.",
+          "type": "boolean"
         },
-        "links": {
-          "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionLinks"
+        "resourceServerValidateIssuerEnabled": {
+          "description": "Enable or disable verification of the issuer claim in the access token or introspection response.",
+          "type": "boolean"
         },
-        "meta": {
-          "$ref": "#/definitions/SempMeta"
-        }
-      },
-      "required": [
-        "meta"
-      ],
-      "type": "object"
-    },
-    "OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionsResponse": {
-      "properties": {
-        "collections": {
-          "items": {
-            "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionCollections"
-          },
-          "type": "array"
+        "resourceServerValidateScopeEnabled": {
+          "description": "Enable or disable verification of the scope claim in the access token or introspection response.",
+          "type": "boolean"
         },
-        "data": {
-          "items": {
-            "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelException"
-          },
-          "type": "array"
+        "resourceServerValidateTypeEnabled": {
+          "description": "Enable or disable verification of the TYP field in the access token header.",
+          "type": "boolean"
         },
-        "links": {
-          "items": {
-            "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionLinks"
-          },
-          "type": "array"
+        "sempEnabled": {
+          "description": "Enable or disable authentication of SEMP requests with OAuth tokens.",
+          "type": "boolean"
         },
-        "meta": {
-          "$ref": "#/definitions/SempMeta"
-        }
-      },
-      "required": [
-        "meta"
-      ],
-      "type": "object"
-    },
-    "OauthProfileAccessLevelGroupResponse": {
-      "properties": {
-        "collections": {
-          "$ref": "#/definitions/OauthProfileAccessLevelGroupCollections"
+        "sempExpiredTokenCount": {
+          "description": "The number of SEMP requests with an expired OAuth token.",
+          "format": "int64",
+          "type": "integer"
         },
-        "data": {
-          "$ref": "#/definitions/OauthProfileAccessLevelGroup"
+        "sempGroupsFoundInTokenCount": {
+          "description": "The number of times the groups were successfully found in the ID token or access token for SEMP request authentication.",
+          "format": "int64",
+          "type": "integer"
         },
-        "links": {
-          "$ref": "#/definitions/OauthProfileAccessLevelGroupLinks"
+        "sempIntrospectionMissingCount": {
+          "description": "The number of failures during SEMP request authentication due to missing introspection configuration (a introspection request was required but no introspection endpoint was configured).",
+          "format": "int64",
+          "type": "integer"
         },
-        "meta": {
-          "$ref": "#/definitions/SempMeta"
-        }
-      },
-      "required": [
-        "meta"
-      ],
-      "type": "object"
-    },
-    "OauthProfileAccessLevelGroupsResponse": {
-      "properties": {
-        "collections": {
-          "items": {
-            "$ref": "#/definitions/OauthProfileAccessLevelGroupCollections"
-          },
-          "type": "array"
+        "sempIntrospectionMissingGroupsCount": {
+          "description": "The number of introspection request made from the broker during SEMP request authentication for this OAuth profile where the configured groups claim wasn't found in the access token or the introspection response.",
+          "format": "int64",
+          "type": "integer"
         },
-        "data": {
-          "items": {
-            "$ref": "#/definitions/OauthProfileAccessLevelGroup"
-          },
-          "type": "array"
+        "sempIntrospectionMissingUsernameCount": {
+          "description": "The number of introspection requests made from the broker during SEMP request authentication for this OAuth profile where the configured username claim wasn't found in the access token or introspection response.",
+          "format": "int64",
+          "type": "integer"
         },
-        "links": {
-          "items": {
-            "$ref": "#/definitions/OauthProfileAccessLevelGroupLinks"
-          },
-          "type": "array"
+        "sempIntrospectionRequestCount": {
+          "description": "The number of requests made to the introspection endpoint during SEMP request authentication.",
+          "format": "int64",
+          "type": "integer"
         },
-        "meta": {
-          "$ref": "#/definitions/SempMeta"
-        }
-      },
-      "required": [
-        "meta"
-      ],
-      "type": "object"
-    },
-    "OauthProfileClientAllowedHost": {
-      "properties": {
-        "allowedHost": {
-          "description": "An allowed value for the Host header.",
-          "type": "string"
+        "sempIntrospectionResponseInvalidCount": {
+          "description": "The number of introspection responses during SEMP request authentication that couldn't be parsed.",
+          "format": "int64",
+          "type": "integer"
         },
-        "oauthProfileName": {
-          "description": "The name of the OAuth profile.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "OauthProfileClientAllowedHostCollections": {
-      "properties": {},
-      "type": "object"
-    },
-    "OauthProfileClientAllowedHostLinks": {
-      "properties": {
-        "uri": {
-          "description": "The URI of this Allowed Host Value object.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "OauthProfileClientAllowedHostResponse": {
-      "properties": {
-        "collections": {
-          "$ref": "#/definitions/OauthProfileClientAllowedHostCollections"
+        "sempIntrospectionStatusOkCount": {
+          "description": "The number of introspection requests made from the broker during SEMP request authentication for this OAuth profile with 200 status responses.",
+          "format": "int64",
+          "type": "integer"
         },
-        "data": {
-          "$ref": "#/definitions/OauthProfileClientAllowedHost"
+        "sempIntrospectionStatusOtherCount": {
+          "description": "The number of introspection requests made from the broker during SEMP request authentication for this OAuth profile with status responses other than 200.",
+          "format": "int64",
+          "type": "integer"
         },
-        "links": {
-          "$ref": "#/definitions/OauthProfileClientAllowedHostLinks"
+        "sempIntrospectionTokenNotActiveCount": {
+          "description": "The number of introspection responses indicating that the provided token was not active.",
+          "format": "int64",
+          "type": "integer"
         },
-        "meta": {
-          "$ref": "#/definitions/SempMeta"
+        "sempInvalidTokenCount": {
+          "description": "The number of SEMP requests with an invalid OAuth token.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "sempRequestCount": {
+          "description": "The number of SEMP requests (successful and unsuccessful) using this OAuth profile.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "sempSuccessCount": {
+          "description": "The number of successful SEMP authentications using this OAuth profile.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "sempUserinfoMissingCount": {
+          "description": "The number of failures due to missing Userinfo configuration (a Userinfo request was required but no Userinfo endpoint was configured) during SEMP request authentication.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "sempUserinfoMissingGroupsCount": {
+          "description": "The number of Userinfo request made from the broker during SEMP request authentication for this OAuth profile where the configured groups claim wasn't found in the ID token or the Userinfo response.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "sempUserinfoMissingUsernameCount": {
+          "description": "The number of Userinfo requests made from the broker during SEMP request authentication for this OAuth profile where the configured username claim wasn't found in the ID token or Userinfo response.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "sempUserinfoRequestCount": {
+          "description": "The number of requests made to the Userinfo endpoint during SEMP request authentication.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "sempUserinfoResponseInvalidCount": {
+          "description": "The number of Userinfo requests made from the broker during SEMP request authentication for this OAuth profile with responses that couldn't be parsed.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "sempUserinfoStatusOkCount": {
+          "description": "The number of Userinfo requests made from the broker during SEMP request authentication for this OAuth profile with 200 status responses.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "sempUserinfoStatusOtherCount": {
+          "description": "The number of Userinfo requests made from the broker during SEMP request authentication for this OAuth profile with status responses other than 200.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "sempUserinfoSubjectMismatchCount": {
+          "description": "The number of Userinfo requests made from the broker during SEMP request authentication for this OAuth profile with subject claims that did not match the subject from the ID token.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "sempUsernameFoundInTokenCount": {
+          "description": "The number of time the username was successfully found in the ID token or access token for SEMP request authentication.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "tokenEndpointAverageTime": {
+          "description": "The one minute average of the time required to complete a token request, in milliseconds (ms).",
+          "format": "int32",
+          "type": "integer"
+        },
+        "tokenEndpointInvalidTokenCount": {
+          "description": "The number of token endpoint requests made from the broker for this OAuth profile that returned tokens that couldn't be verified.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "tokenEndpointLastFailureReason": {
+          "description": "The reason for the last token endpoint request failure.",
+          "type": "string"
+        },
+        "tokenEndpointLastFailureTime": {
+          "description": "The timestamp of the last token endpoint request failure. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
+          "format": "int32",
+          "type": "integer"
+        },
+        "tokenEndpointOtherErrorCount": {
+          "description": "The number of token endpoint requests made from the broker for this OAuth profile that returned an unexpected error not accounted for in the other failure statistics.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "tokenEndpointRequestCount": {
+          "description": "The number of token endpoint requests made from the broker for this OAuth profile.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "tokenEndpointStatusBadRequestCount": {
+          "description": "The number of token endpoint requests made from the broker for this OAuth profile with 400 status responses.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "tokenEndpointStatusOkCount": {
+          "description": "The number of token endpoint requests made from the broker for this OAuth profile with 200 status responses.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "tokenEndpointStatusOtherCount": {
+          "description": "The number of token endpoint requests made from the broker for this OAuth profile with status responses other than 200 or 400.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "userinfoAverageTime": {
+          "description": "The one minute average of the time required to complete a token userinfo request, in milliseconds (ms).",
+          "format": "int32",
+          "type": "integer"
+        },
+        "userinfoLastFailureReason": {
+          "description": "The reason for the userinfo endpoint request failure.",
+          "type": "string"
+        },
+        "userinfoLastFailureTime": {
+          "description": "The timestamp of the last userinfo endpoint request failure. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time).",
+          "format": "int32",
+          "type": "integer"
+        },
+        "usernameClaimName": {
+          "description": "The name of the username claim.",
+          "type": "string"
         }
       },
-      "required": [
-        "meta"
-      ],
       "type": "object"
     },
-    "OauthProfileClientAllowedHostsResponse": {
+    "OauthProfileAccessLevelGroup": {
       "properties": {
-        "collections": {
-          "items": {
-            "$ref": "#/definitions/OauthProfileClientAllowedHostCollections"
-          },
-          "type": "array"
+        "description": {
+          "description": "A description for the group.",
+          "type": "string"
         },
-        "data": {
-          "items": {
-            "$ref": "#/definitions/OauthProfileClientAllowedHost"
-          },
-          "type": "array"
+        "globalAccessLevel": {
+          "description": "The global access level for this group. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to global data.\n\"read-only\" - User has read-only access to global data.\n\"read-write\" - User has read-write access to most global data.\n\"admin\" - User has read-write access to all global data.\n</pre>\n",
+          "enum": [
+            "none",
+            "read-only",
+            "read-write",
+            "admin"
+          ],
+          "type": "string"
         },
-        "links": {
-          "items": {
-            "$ref": "#/definitions/OauthProfileClientAllowedHostLinks"
-          },
-          "type": "array"
+        "groupName": {
+          "description": "The name of the group.",
+          "type": "string"
         },
-        "meta": {
-          "$ref": "#/definitions/SempMeta"
+        "msgVpnAccessLevel": {
+          "description": "The default message VPN access level for this group. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to a Message VPN.\n\"read-only\" - User has read-only access to a Message VPN.\n\"read-write\" - User has read-write access to most Message VPN settings.\n</pre>\n",
+          "enum": [
+            "none",
+            "read-only",
+            "read-write"
+          ],
+          "type": "string"
+        },
+        "oauthProfileName": {
+          "description": "The name of the OAuth profile.",
+          "type": "string"
         }
       },
-      "required": [
-        "meta"
-      ],
       "type": "object"
     },
-    "OauthProfileClientAuthorizationParameter": {
+    "OauthProfileAccessLevelGroupCollections": {
       "properties": {
-        "authorizationParameterName": {
-          "description": "The name of the authorization parameter.",
+        "msgVpnAccessLevelExceptions": {
+          "$ref": "#/definitions/OauthProfileAccessLevelGroupCollectionsMsgVpnAccessLevelExceptions"
+        }
+      },
+      "type": "object"
+    },
+    "OauthProfileAccessLevelGroupCollectionsMsgVpnAccessLevelExceptions": {
+      "properties": {
+        "count": {
+          "description": "The total number of objects in the msgVpnAccessLevelExceptions collection.",
+          "format": "int64",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "OauthProfileAccessLevelGroupLinks": {
+      "properties": {
+        "msgVpnAccessLevelExceptionsUri": {
+          "description": "The URI of this Group Access Level's collection of Message VPN Access-Level Exception objects.",
           "type": "string"
         },
-        "authorizationParameterValue": {
-          "description": "The authorization parameter value.",
+        "uri": {
+          "description": "The URI of this Group Access Level object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "OauthProfileAccessLevelGroupMsgVpnAccessLevelException": {
+      "properties": {
+        "accessLevel": {
+          "description": "The message VPN access level. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to a Message VPN.\n\"read-only\" - User has read-only access to a Message VPN.\n\"read-write\" - User has read-write access to most Message VPN settings.\n</pre>\n",
+          "enum": [
+            "none",
+            "read-only",
+            "read-write"
+          ],
+          "type": "string"
+        },
+        "groupName": {
+          "description": "The name of the group.",
+          "type": "string"
+        },
+        "msgVpnName": {
+          "description": "The name of the message VPN.",
           "type": "string"
         },
         "oauthProfileName": {
@@ -16421,29 +17925,29 @@
       },
       "type": "object"
     },
-    "OauthProfileClientAuthorizationParameterCollections": {
+    "OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionCollections": {
       "properties": {},
       "type": "object"
     },
-    "OauthProfileClientAuthorizationParameterLinks": {
+    "OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionLinks": {
       "properties": {
         "uri": {
-          "description": "The URI of this Authorization Parameter object.",
+          "description": "The URI of this Message VPN Access-Level Exception object.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "OauthProfileClientAuthorizationParameterResponse": {
+    "OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionResponse": {
       "properties": {
         "collections": {
-          "$ref": "#/definitions/OauthProfileClientAuthorizationParameterCollections"
+          "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionCollections"
         },
         "data": {
-          "$ref": "#/definitions/OauthProfileClientAuthorizationParameter"
+          "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelException"
         },
         "links": {
-          "$ref": "#/definitions/OauthProfileClientAuthorizationParameterLinks"
+          "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionLinks"
         },
         "meta": {
           "$ref": "#/definitions/SempMeta"
@@ -16454,23 +17958,23 @@
       ],
       "type": "object"
     },
-    "OauthProfileClientAuthorizationParametersResponse": {
+    "OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionsResponse": {
       "properties": {
         "collections": {
           "items": {
-            "$ref": "#/definitions/OauthProfileClientAuthorizationParameterCollections"
+            "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionCollections"
           },
           "type": "array"
         },
         "data": {
           "items": {
-            "$ref": "#/definitions/OauthProfileClientAuthorizationParameter"
+            "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelException"
           },
           "type": "array"
         },
         "links": {
           "items": {
-            "$ref": "#/definitions/OauthProfileClientAuthorizationParameterLinks"
+            "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionLinks"
           },
           "type": "array"
         },
@@ -16483,11 +17987,214 @@
       ],
       "type": "object"
     },
-    "OauthProfileClientRequiredClaim": {
+    "OauthProfileAccessLevelGroupResponse": {
       "properties": {
-        "clientRequiredClaimName": {
-          "description": "The name of the ID token claim to verify.",
-          "type": "string"
+        "collections": {
+          "$ref": "#/definitions/OauthProfileAccessLevelGroupCollections"
+        },
+        "data": {
+          "$ref": "#/definitions/OauthProfileAccessLevelGroup"
+        },
+        "links": {
+          "$ref": "#/definitions/OauthProfileAccessLevelGroupLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfileAccessLevelGroupsResponse": {
+      "properties": {
+        "collections": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileAccessLevelGroupCollections"
+          },
+          "type": "array"
+        },
+        "data": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileAccessLevelGroup"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileAccessLevelGroupLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfileClientAllowedHost": {
+      "properties": {
+        "allowedHost": {
+          "description": "An allowed value for the Host header.",
+          "type": "string"
+        },
+        "oauthProfileName": {
+          "description": "The name of the OAuth profile.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "OauthProfileClientAllowedHostCollections": {
+      "properties": {},
+      "type": "object"
+    },
+    "OauthProfileClientAllowedHostLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Allowed Host Value object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "OauthProfileClientAllowedHostResponse": {
+      "properties": {
+        "collections": {
+          "$ref": "#/definitions/OauthProfileClientAllowedHostCollections"
+        },
+        "data": {
+          "$ref": "#/definitions/OauthProfileClientAllowedHost"
+        },
+        "links": {
+          "$ref": "#/definitions/OauthProfileClientAllowedHostLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfileClientAllowedHostsResponse": {
+      "properties": {
+        "collections": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileClientAllowedHostCollections"
+          },
+          "type": "array"
+        },
+        "data": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileClientAllowedHost"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileClientAllowedHostLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfileClientAuthorizationParameter": {
+      "properties": {
+        "authorizationParameterName": {
+          "description": "The name of the authorization parameter.",
+          "type": "string"
+        },
+        "authorizationParameterValue": {
+          "description": "The authorization parameter value.",
+          "type": "string"
+        },
+        "oauthProfileName": {
+          "description": "The name of the OAuth profile.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "OauthProfileClientAuthorizationParameterCollections": {
+      "properties": {},
+      "type": "object"
+    },
+    "OauthProfileClientAuthorizationParameterLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Authorization Parameter object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "OauthProfileClientAuthorizationParameterResponse": {
+      "properties": {
+        "collections": {
+          "$ref": "#/definitions/OauthProfileClientAuthorizationParameterCollections"
+        },
+        "data": {
+          "$ref": "#/definitions/OauthProfileClientAuthorizationParameter"
+        },
+        "links": {
+          "$ref": "#/definitions/OauthProfileClientAuthorizationParameterLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfileClientAuthorizationParametersResponse": {
+      "properties": {
+        "collections": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileClientAuthorizationParameterCollections"
+          },
+          "type": "array"
+        },
+        "data": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileClientAuthorizationParameter"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileClientAuthorizationParameterLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfileClientRequiredClaim": {
+      "properties": {
+        "clientRequiredClaimName": {
+          "description": "The name of the ID token claim to verify.",
+          "type": "string"
         },
         "clientRequiredClaimValue": {
           "description": "The required claim value, which must be a string containing a valid JSON value.",
@@ -16565,27 +18272,27 @@
     "OauthProfileCollections": {
       "properties": {
         "accessLevelGroups": {
-          "$ref": "#/definitions/OauthProfileCollectionsAccesslevelgroups"
+          "$ref": "#/definitions/OauthProfileCollectionsAccessLevelGroups"
         },
         "clientAllowedHosts": {
-          "$ref": "#/definitions/OauthProfileCollectionsClientallowedhosts"
+          "$ref": "#/definitions/OauthProfileCollectionsClientAllowedHosts"
         },
         "clientAuthorizationParameters": {
-          "$ref": "#/definitions/OauthProfileCollectionsClientauthorizationparameters"
+          "$ref": "#/definitions/OauthProfileCollectionsClientAuthorizationParameters"
         },
         "clientRequiredClaims": {
-          "$ref": "#/definitions/OauthProfileCollectionsClientrequiredclaims"
+          "$ref": "#/definitions/OauthProfileCollectionsClientRequiredClaims"
         },
         "defaultMsgVpnAccessLevelExceptions": {
-          "$ref": "#/definitions/OauthProfileCollectionsDefaultmsgvpnaccesslevelexceptions"
+          "$ref": "#/definitions/OauthProfileCollectionsDefaultMsgVpnAccessLevelExceptions"
         },
         "resourceServerRequiredClaims": {
-          "$ref": "#/definitions/OauthProfileCollectionsResourceserverrequiredclaims"
+          "$ref": "#/definitions/OauthProfileCollectionsResourceServerRequiredClaims"
         }
       },
       "type": "object"
     },
-    "OauthProfileCollectionsAccesslevelgroups": {
+    "OauthProfileCollectionsAccessLevelGroups": {
       "properties": {
         "count": {
           "description": "The total number of objects in the accessLevelGroups collection.",
@@ -16595,7 +18302,7 @@
       },
       "type": "object"
     },
-    "OauthProfileCollectionsClientallowedhosts": {
+    "OauthProfileCollectionsClientAllowedHosts": {
       "properties": {
         "count": {
           "description": "The total number of objects in the clientAllowedHosts collection.",
@@ -16605,7 +18312,7 @@
       },
       "type": "object"
     },
-    "OauthProfileCollectionsClientauthorizationparameters": {
+    "OauthProfileCollectionsClientAuthorizationParameters": {
       "properties": {
         "count": {
           "description": "The total number of objects in the clientAuthorizationParameters collection.",
@@ -16615,7 +18322,7 @@
       },
       "type": "object"
     },
-    "OauthProfileCollectionsClientrequiredclaims": {
+    "OauthProfileCollectionsClientRequiredClaims": {
       "properties": {
         "count": {
           "description": "The total number of objects in the clientRequiredClaims collection.",
@@ -16625,7 +18332,7 @@
       },
       "type": "object"
     },
-    "OauthProfileCollectionsDefaultmsgvpnaccesslevelexceptions": {
+    "OauthProfileCollectionsDefaultMsgVpnAccessLevelExceptions": {
       "properties": {
         "count": {
           "description": "The total number of objects in the defaultMsgVpnAccessLevelExceptions collection.",
@@ -16635,7 +18342,7 @@
       },
       "type": "object"
     },
-    "OauthProfileCollectionsResourceserverrequiredclaims": {
+    "OauthProfileCollectionsResourceServerRequiredClaims": {
       "properties": {
         "count": {
           "description": "The total number of objects in the resourceServerRequiredClaims collection.",
@@ -16981,7 +18688,6 @@
         }
       },
       "required": [
-        "uri",
         "method"
       ],
       "type": "object"
@@ -17016,7 +18722,7 @@
     "SessionLinks": {
       "properties": {
         "uri": {
-          "description": "The URI of this Session object.",
+          "description": "The URI of this SEMP Session object.",
           "type": "string"
         }
       },
@@ -17233,9 +18939,9 @@
       "name": "Solace",
       "url": "http://www.solace.com"
     },
-    "description": "SEMP (starting in `v2`, see note 1) is a RESTful API for configuring, monitoring, and administering a Solace PubSub+ broker.\n\nSEMP uses URIs to address manageable **resources** of the Solace PubSub+ broker. Resources are individual **objects**, **collections** of objects, or (exclusively in the action API) **actions**. This document applies to the following API:\n\n\nAPI|Base Path|Purpose|Comments\n:---|:---|:---|:---\nMonitoring|/SEMP/v2/monitor|Querying operational parameters|See note 2\n\n\n\nThe following APIs are also available:\n\n\nAPI|Base Path|Purpose|Comments\n:---|:---|:---|:---\nAction|/SEMP/v2/action|Performing actions|See note 2\nConfiguration|/SEMP/v2/config|Reading and writing config state|See note 2\n\n\n\nResources are always nouns, with individual objects being singular and collections being plural.\n\nObjects within a collection are identified by an `obj-id`, which follows the collection name with the form `collection-name/obj-id`.\n\nActions within an object are identified by an `action-id`, which follows the object name with the form `obj-id/action-id`.\n\nSome examples:\n\n```\n/SEMP/v2/config/msgVpns                        ; MsgVpn collection\n/SEMP/v2/config/msgVpns/a                      ; MsgVpn object named \"a\"\n/SEMP/v2/config/msgVpns/a/queues               ; Queue collection in MsgVpn \"a\"\n/SEMP/v2/config/msgVpns/a/queues/b             ; Queue object named \"b\" in MsgVpn \"a\"\n/SEMP/v2/action/msgVpns/a/queues/b/startReplay ; Action that starts a replay on Queue \"b\" in MsgVpn \"a\"\n/SEMP/v2/monitor/msgVpns/a/clients             ; Client collection in MsgVpn \"a\"\n/SEMP/v2/monitor/msgVpns/a/clients/c           ; Client object named \"c\" in MsgVpn \"a\"\n```\n\n## Collection Resources\n\nCollections are unordered lists of objects (unless described as otherwise), and are described by JSON arrays. Each item in the array represents an object in the same manner as the individual object would normally be represented. In the configuration API, the creation of a new object is done through its collection resource.\n\n## Object and Action Resources\n\nObjects are composed of attributes, actions, collections, and other objects. They are described by JSON objects as name/value pairs. The collections and actions of an object are not contained directly in the object's JSON content; rather the content includes an attribute containing a URI which points to the collections and actions. These contained resources must be managed through this URI. At a minimum, every object has one or more identifying attributes, and its own `uri` attribute which contains the URI pointing to itself.\n\nActions are also composed of attributes, and are described by JSON objects as name/value pairs. Unlike objects, however, they are not members of a collection and cannot be retrieved, only performed. Actions only exist in the action API.\n\nAttributes in an object or action may have any combination of the following properties:\n\n\nProperty|Meaning|Comments\n:---|:---|:---\nIdentifying|Attribute is involved in unique identification of the object, and appears in its URI|\nRequired|Attribute must be provided in the request|\nRead-Only|Attribute can only be read, not written.|See note 3\nWrite-Only|Attribute can only be written, not read, unless the attribute is also opaque|See the documentation for the opaque property\nRequires-Disable|Attribute can only be changed when object is disabled|\nDeprecated|Attribute is deprecated, and will disappear in the next SEMP version|\nOpaque|Attribute can be set or retrieved in opaque form when the `opaquePassword` query parameter is present|See the `opaquePassword` query parameter documentation\n\n\n\nIn some requests, certain attributes may only be provided in certain combinations with other attributes:\n\n\nRelationship|Meaning\n:---|:---\nRequires|Attribute may only be changed by a request if a particular attribute or combination of attributes is also provided in the request\nConflicts|Attribute may only be provided in a request if a particular attribute or combination of attributes is not also provided in the request\n\n\n\nIn the monitoring API, any non-identifying attribute may not be returned in a GET.\n\n## HTTP Methods\n\nThe following HTTP methods manipulate resources in accordance with these general principles. Note that some methods are only used in certain APIs:\n\n\nMethod|Resource|Meaning|Request Body|Response Body|Missing Request Attributes\n:---|:---|:---|:---|:---|:---\nPOST|Collection|Create object|Initial attribute values|Object attributes and metadata|Set to default\nPUT|Object|Create or replace object (see note 5)|New attribute values|Object attributes and metadata|Set to default, with certain exceptions (see note 4)\nPUT|Action|Performs action|Action arguments|Action metadata|N/A\nPATCH|Object|Update object|New attribute values|Object attributes and metadata|unchanged\nDELETE|Object|Delete object|Empty|Object metadata|N/A\nGET|Object|Get object|Empty|Object attributes and metadata|N/A\nGET|Collection|Get collection|Empty|Object attributes and collection metadata|N/A\n\n\n\n## Common Query Parameters\n\nThe following are some common query parameters that are supported by many method/URI combinations. Individual URIs may document additional parameters. Note that multiple query parameters can be used together in a single URI, separated by the ampersand character. For example:\n\n```\n; Request for the MsgVpns collection using two hypothetical query parameters\n; \"q1\" and \"q2\" with values \"val1\" and \"val2\" respectively\n/SEMP/v2/monitor/msgVpns?q1=val1&q2=val2\n```\n\n### select\n\nInclude in the response only selected attributes of the object, or exclude from the response selected attributes of the object. Use this query parameter to limit the size of the returned data for each returned object, return only those fields that are desired, or exclude fields that are not desired.\n\nThe value of `select` is a comma-separated list of attribute names. If the list contains attribute names that are not prefaced by `-`, only those attributes are included in the response. If the list contains attribute names that are prefaced by `-`, those attributes are excluded from the response. If the list contains both types, then the difference of the first set of attributes and the second set of attributes is returned. If the list is empty (i.e. `select=`), no attributes are returned.\n\nAll attributes that are prefaced by `-` must follow all attributes that are not prefaced by `-`. In addition, each attribute name in the list must match at least one attribute in the object.\n\nNames may include the `*` wildcard (zero or more characters). Nested attribute names are supported using periods (e.g. `parentName.childName`).\n\nSome examples:\n\n```\n; List of all MsgVpn names\n/SEMP/v2/monitor/msgVpns?select=msgVpnName\n; List of all MsgVpn and their attributes except for their names\n/SEMP/v2/monitor/msgVpns?select=-msgVpnName\n; Authentication attributes of MsgVpn \"finance\"\n/SEMP/v2/monitor/msgVpns/finance?select=authentication*\n; All attributes of MsgVpn \"finance\" except for authentication attributes\n/SEMP/v2/monitor/msgVpns/finance?select=-authentication*\n; Access related attributes of Queue \"orderQ\" of MsgVpn \"finance\"\n/SEMP/v2/monitor/msgVpns/finance/queues/orderQ?select=owner,permission\n```\n\n### where\n\nInclude in the response only objects where certain conditions are true. Use this query parameter to limit which objects are returned to those whose attribute values meet the given conditions.\n\nThe value of `where` is a comma-separated list of expressions. All expressions must be true for the object to be included in the response. Each expression takes the form:\n\n```\nexpression  = attribute-name OP value\nOP          = '==' | '!=' | '&lt;' | '&gt;' | '&lt;=' | '&gt;='\n```\n\n`value` may be a number, string, `true`, or `false`, as appropriate for the type of `attribute-name`. Greater-than and less-than comparisons only work for numbers. A `*` in a string `value` is interpreted as a wildcard (zero or more characters). Some examples:\n\n```\n; Only enabled MsgVpns\n/SEMP/v2/monitor/msgVpns?where=enabled==true\n; Only MsgVpns using basic non-LDAP authentication\n/SEMP/v2/monitor/msgVpns?where=authenticationBasicEnabled==true,authenticationBasicType!=ldap\n; Only MsgVpns that allow more than 100 client connections\n/SEMP/v2/monitor/msgVpns?where=maxConnectionCount>100\n; Only MsgVpns with msgVpnName starting with \"B\":\n/SEMP/v2/monitor/msgVpns?where=msgVpnName==B*\n```\n\n### count\n\nLimit the count of objects in the response. This can be useful to limit the size of the response for large collections. The minimum value for `count` is `1` and the default is `10`. There is also a per-collection maximum value to limit request handling time.\n\n`count` does not guarantee that a minimum number of objects will be returned. A page may contain fewer than `count` objects or even be empty. Additional objects may nonetheless be available for retrieval on subsequent pages. See the `cursor` query parameter documentation for more information on paging.\n\nFor example:\n```\n; Up to 25 MsgVpns\n/SEMP/v2/monitor/msgVpns?count=25\n```\n\n### cursor\n\nThe cursor, or position, for the next page of objects. Cursors are opaque data that should not be created or interpreted by SEMP clients, and should only be used as described below.\n\nWhen a request is made for a collection and there may be additional objects available for retrieval that are not included in the initial response, the response will include a `cursorQuery` field containing a cursor. The value of this field can be specified in the `cursor` query parameter of a subsequent request to retrieve the next page of objects. For convenience, an appropriate URI is constructed automatically by the broker and included in the `nextPageUri` field of the response. This URI can be used directly to retrieve the next page of objects.\n\nApplications must continue to follow the `nextPageUri` if one is provided in order to retrieve the full set of objects associated with the request, even if a page contains fewer than the requested number of objects (see the `count` query parameter documentation) or is empty.\n\n### opaquePassword\n\nAttributes with the opaque property are also write-only and so cannot normally be retrieved in a GET. However, when a password is provided in the `opaquePassword` query parameter, attributes with the opaque property are retrieved in a GET in opaque form, encrypted with this password. The query parameter can also be used on a POST, PATCH, or PUT to set opaque attributes using opaque attribute values retrieved in a GET, so long as:\n\n1. the same password that was used to retrieve the opaque attribute values is provided; and\n\n2. the broker to which the request is being sent has the same major and minor SEMP version as the broker that produced the opaque attribute values.\n\nThe password provided in the query parameter must be a minimum of 8 characters and a maximum of 128 characters.\n\nThe query parameter can only be used in the configuration API, and only over HTTPS.\n\n## Authentication\n\nWhen a client makes its first SEMPv2 request, it must supply a username and password using HTTP Basic authentication, or an OAuth token or tokens using HTTP Bearer authentication.\n\nWhen HTTP Basic authentication is used, the broker returns a cookie containing a session key. The client can omit the username and password from subsequent requests, because the broker can use the session cookie for authentication instead. When the session expires or is deleted, the client must provide the username and password again, and the broker creates a new session.\n\nThere are a limited number of session slots available on the broker. The broker returns 529 No SEMP Session Available if it is not able to allocate a session.\n\nIf certain attributes\u2014such as a user's password\u2014are changed, the broker automatically deletes the affected sessions. These attributes are documented below. However, changes in external user configuration data stored on a RADIUS or LDAP server do not trigger the broker to delete the associated session(s), therefore you must do this manually, if required.\n\nA client can retrieve its current session information using the /about/user endpoint and delete its own session using the /about/user/logout endpoint. A client with appropriate permissions can also manage all sessions using the /sessions endpoint.\n\nSessions are not created when authenticating with an OAuth token or tokens using HTTP Bearer authentication. If a session cookie is provided, it is ignored.\n\n## Help\n\nVisit [our website](https://solace.com) to learn more about Solace.\n\nYou can also download the SEMP API specifications by clicking [here](https://solace.com/downloads/).\n\nIf you need additional support, please contact us at [support@solace.com](mailto:support@solace.com).\n\n## Notes\n\nNote|Description\n:---:|:---\n1|This specification defines SEMP starting in \"v2\", and not the original SEMP \"v1\" interface. Request and response formats between \"v1\" and \"v2\" are entirely incompatible, although both protocols share a common port configuration on the Solace PubSub+ broker. They are differentiated by the initial portion of the URI path, one of either \"/SEMP/\" or \"/SEMP/v2/\"\n2|This API is partially implemented. Only a subset of all objects are available.\n3|Read-only attributes may appear in POST and PUT/PATCH requests. However, if a read-only attribute is not marked as identifying, it will be ignored during a PUT/PATCH.\n4|On a PUT, if the SEMP user is not authorized to modify the attribute, its value is left unchanged rather than set to default. In addition, the values of write-only attributes are not set to their defaults on a PUT, except in the following two cases: there is a mutual requires relationship with another non-write-only attribute, both attributes are absent from the request, and the non-write-only attribute is not currently set to its default value; or the attribute is also opaque and the `opaquePassword` query parameter is provided in the request.\n5|On a PUT, if the object does not exist, it is created first.\n\n",
+    "description": "SEMP (starting in `v2`, see note 1) is a RESTful API for configuring, monitoring, and administering a Solace PubSub+ broker.\n\nSEMP uses URIs to address manageable **resources** of the Solace PubSub+ broker. Resources are individual **objects**, **collections** of objects, or (exclusively in the action API) **actions**. This document applies to the following API:\n\n\nAPI|Base Path|Purpose|Comments\n:---|:---|:---|:---\nMonitoring|/SEMP/v2/monitor|Querying operational parameters|See note 2\n\n\n\nThe following APIs are also available:\n\n\nAPI|Base Path|Purpose|Comments\n:---|:---|:---|:---\nAction|/SEMP/v2/action|Performing actions|See note 2\nConfiguration|/SEMP/v2/config|Reading and writing config state|See note 2\n\n\n\nResources are always nouns, with individual objects being singular and collections being plural.\n\nObjects within a collection are identified by an `obj-id`, which follows the collection name with the form `collection-name/obj-id`.\n\nActions within an object are identified by an `action-id`, which follows the object name with the form `obj-id/action-id`.\n\nSome examples:\n\n```\n/SEMP/v2/config/msgVpns                        ; MsgVpn collection\n/SEMP/v2/config/msgVpns/a                      ; MsgVpn object named \"a\"\n/SEMP/v2/config/msgVpns/a/queues               ; Queue collection in MsgVpn \"a\"\n/SEMP/v2/config/msgVpns/a/queues/b             ; Queue object named \"b\" in MsgVpn \"a\"\n/SEMP/v2/action/msgVpns/a/queues/b/startReplay ; Action that starts a replay on Queue \"b\" in MsgVpn \"a\"\n/SEMP/v2/monitor/msgVpns/a/clients             ; Client collection in MsgVpn \"a\"\n/SEMP/v2/monitor/msgVpns/a/clients/c           ; Client object named \"c\" in MsgVpn \"a\"\n```\n\n## Collection Resources\n\nCollections are unordered lists of objects (unless described as otherwise), and are described by JSON arrays. Each item in the array represents an object in the same manner as the individual object would normally be represented. In the configuration API, the creation of a new object is done through its collection resource.\n\n## Object and Action Resources\n\nObjects are composed of attributes, actions, collections, and other objects. They are described by JSON objects as name/value pairs. The collections and actions of an object are not contained directly in the object's JSON content; rather the content includes an attribute containing a URI which points to the collections and actions. These contained resources must be managed through this URI. At a minimum, every object has one or more identifying attributes, and its own `uri` attribute which contains the URI pointing to itself.\n\nActions are also composed of attributes, and are described by JSON objects as name/value pairs. Unlike objects, however, they are not members of a collection and cannot be retrieved, only performed. Actions only exist in the action API.\n\nAttributes in an object or action may have any combination of the following properties:\n\n\nProperty|Meaning|Comments\n:---|:---|:---\nIdentifying|Attribute is involved in unique identification of the object, and appears in its URI|\nConst|Attribute value can only be chosen during object creation|\nRequired|Attribute must be provided in the request|\nRead-Only|Attribute can only be read, not written.|See note 3\nWrite-Only|Attribute can only be written, not read, unless the attribute is also opaque|See the documentation for the opaque property\nRequires-Disable|Attribute cannot be changed while the object (or the relevant part of the object) is administratively enabled|\nAuto-Disable|Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as one or more attributes will be temporarily disabled to apply the change|\nDeprecated|Attribute is deprecated, and will disappear in the next SEMP version|\nOpaque|Attribute can be set or retrieved in opaque form when the `opaquePassword` query parameter is present|See the `opaquePassword` query parameter documentation\n\n\n\nIn some requests, certain attributes may only be provided in certain combinations with other attributes:\n\n\nRelationship|Meaning\n:---|:---\nRequires|Attribute may only be changed by a request if a particular attribute or combination of attributes is also provided in the request\nConflicts|Attribute may only be provided in a request if a particular attribute or combination of attributes is not also provided in the request\n\n\n\nIn the monitoring API, any non-identifying attribute may not be returned in a GET.\n\n## HTTP Methods\n\nThe following HTTP methods manipulate resources in accordance with these general principles. Note that some methods are only used in certain APIs:\n\n\nMethod|Resource|Meaning|Request Body|Response Body|Notes\n:---|:---|:---|:---|:---|:---\nPOST|Collection|Create object|Initial attribute values|Object attributes and metadata|Absent attributes are set to default. If object already exists, a 400 error is returned\nPUT|Object|Update object|New attribute values|Object attributes and metadata|If does not exist, the object is first created. Absent attributes are set to default, with certain exceptions (see note 4)\nPUT|Action|Performs action|Action arguments|Action metadata|\nPATCH|Object|Update object|New attribute values|Object attributes and metadata|Absent attributes are left unchanged. If the object does not exist, a 404 error is returned\nDELETE|Object|Delete object|Empty|Object metadata|If the object does not exist, a 404 is returned\nGET|Object|Get object|Empty|Object attributes and metadata|If the object does not exist, a 404 is returned\nGET|Collection|Get collection|Empty|Object attributes and collection metadata|If the collection is empty, then an empty collection is returned with a 200 code\n\n\n\n## Common Query Parameters\n\nThe following are some common query parameters that are supported by many method/URI combinations. Individual URIs may document additional parameters. Note that multiple query parameters can be used together in a single URI, separated by the ampersand character. For example:\n\n```\n; Request for the MsgVpns collection using two hypothetical query parameters\n; \"q1\" and \"q2\" with values \"val1\" and \"val2\" respectively\n/SEMP/v2/monitor/msgVpns?q1=val1&q2=val2\n```\n\n### select\n\nInclude in the response only selected attributes of the object, or exclude from the response selected attributes of the object. Use this query parameter to limit the size of the returned data for each returned object, return only those fields that are desired, or exclude fields that are not desired.\n\nThe value of `select` is a comma-separated list of attribute names. If the list contains attribute names that are not prefaced by `-`, only those attributes are included in the response. If the list contains attribute names that are prefaced by `-`, those attributes are excluded from the response. If the list contains both types, then the difference of the first set of attributes and the second set of attributes is returned. If the list is empty (i.e. `select=`), it is treated the same as if no `select` was provided: all attribute are returned.\n\nAll attributes that are prefaced by `-` must follow all attributes that are not prefaced by `-`. In addition, each attribute name in the list must match at least one attribute in the object.\n\nNames may include the `*` wildcard (zero or more characters). Nested attribute names are supported using periods (e.g. `parentName.childName`).\n\nSome examples:\n\n```\n; List of all MsgVpn names\n/SEMP/v2/monitor/msgVpns?select=msgVpnName\n; List of all MsgVpn and their attributes except for their names\n/SEMP/v2/monitor/msgVpns?select=-msgVpnName\n; Authentication attributes of MsgVpn \"finance\"\n/SEMP/v2/monitor/msgVpns/finance?select=authentication%2A\n; All attributes of MsgVpn \"finance\" except for authentication attributes\n/SEMP/v2/monitor/msgVpns/finance?select=-authentication%2A\n; Access related attributes of Queue \"orderQ\" of MsgVpn \"finance\"\n/SEMP/v2/monitor/msgVpns/finance/queues/orderQ?select=owner,permission\n```\n\n### where\n\nInclude in the response only objects where certain conditions are true. Use this query parameter to limit which objects are returned to those whose attribute values meet the given conditions.\n\nThe value of `where` is a comma-separated list of expressions. All expressions must be true for the object to be included in the response. Each expression takes the form:\n\n```\nexpression  = attribute-name OP value\nOP          = '==' | '!=' | '<' | '>' | '<=' | '>='\n```\n\n`value` may be a number, string, `true`, or `false`, as appropriate for the type of `attribute-name`. Greater-than and less-than comparisons only work for numbers. A `*` in a string `value` is interpreted as a wildcard (zero or more characters). Some examples:\n\n```\n; Only enabled MsgVpns\n/SEMP/v2/monitor/msgVpns?where=enabled%3D%3Dtrue\n; Only MsgVpns using basic non-LDAP authentication\n/SEMP/v2/monitor/msgVpns?where=authenticationBasicEnabled%3D%3Dtrue,authenticationBasicType%21%3Dldap\n; Only MsgVpns that allow more than 100 client connections\n/SEMP/v2/monitor/msgVpns?where=maxConnectionCount%3E100\n; Only MsgVpns with msgVpnName starting with \"B\":\n/SEMP/v2/monitor/msgVpns?where=msgVpnName%3D%3DB%2A\n```\n\n### count\n\nLimit the count of objects in the response. This can be useful to limit the size of the response for large collections. The minimum value for `count` is `1` and the default is `10`. There is also a per-collection maximum value to limit request handling time.\n\n`count` does not guarantee that a minimum number of objects will be returned. A page may contain fewer than `count` objects or even be empty. Additional objects may nonetheless be available for retrieval on subsequent pages. See the `cursor` query parameter documentation for more information on paging.\n\nFor example:\n```\n; Up to 25 MsgVpns\n/SEMP/v2/monitor/msgVpns?count=25\n```\n\n### cursor\n\nThe cursor, or position, for the next page of objects. Cursors are opaque data that should not be created or interpreted by SEMP clients, and should only be used as described below.\n\nWhen a request is made for a collection and there may be additional objects available for retrieval that are not included in the initial response, the response will include a `cursorQuery` field containing a cursor. The value of this field can be specified in the `cursor` query parameter of a subsequent request to retrieve the next page of objects.\n\nApplications must continue to use the `cursorQuery` if one is provided in order to retrieve the full set of objects associated with the request, even if a page contains fewer than the requested number of objects (see the `count` query parameter documentation) or is empty.\n\n### opaquePassword\n\nAttributes with the opaque property are also write-only and so cannot normally be retrieved in a GET. However, when a password is provided in the `opaquePassword` query parameter, attributes with the opaque property are retrieved in a GET in opaque form, encrypted with this password. The query parameter can also be used on a POST, PATCH, or PUT to set opaque attributes using opaque attribute values retrieved in a GET, so long as:\n\n1. the same password that was used to retrieve the opaque attribute values is provided; and\n\n2. the broker to which the request is being sent has the same major and minor SEMP version as the broker that produced the opaque attribute values.\n\nThe password provided in the query parameter must be a minimum of 8 characters and a maximum of 128 characters.\n\nThe query parameter can only be used in the configuration API, and only over HTTPS.\n\n## Authentication\n\nWhen a client makes its first SEMPv2 request, it must supply a username and password using HTTP Basic authentication, or an OAuth token or tokens using HTTP Bearer authentication.\n\nWhen HTTP Basic authentication is used, the broker returns a cookie containing a session key. The client can omit the username and password from subsequent requests, because the broker can use the session cookie for authentication instead. When the session expires or is deleted, the client must provide the username and password again, and the broker creates a new session.\n\nThere are a limited number of session slots available on the broker. The broker returns 529 No SEMP Session Available if it is not able to allocate a session.\n\nIf certain attributes\u2014such as a user's password\u2014are changed, the broker automatically deletes the affected sessions. These attributes are documented below. However, changes in external user configuration data stored on a RADIUS or LDAP server do not trigger the broker to delete the associated session(s), therefore you must do this manually, if required.\n\nA client can retrieve its current session information using the /about/user endpoint and delete its own session using the /about/user/logout endpoint. A client with appropriate permissions can also manage all sessions using the /sessions endpoint.\n\nSessions are not created when authenticating with an OAuth token or tokens using HTTP Bearer authentication. If a session cookie is provided, it is ignored.\n\n## Help\n\nVisit [our website](https://solace.com) to learn more about Solace.\n\nYou can also download the SEMP API specifications by clicking [here](https://solace.com/downloads/).\n\nIf you need additional support, please contact us at [support@solace.com](mailto:support@solace.com).\n\n## Notes\n\nNote|Description\n:---:|:---\n1|This specification defines SEMP starting in \"v2\", and not the original SEMP \"v1\" interface. Request and response formats between \"v1\" and \"v2\" are entirely incompatible, although both protocols share a common port configuration on the Solace PubSub+ broker. They are differentiated by the initial portion of the URI path, one of either \"/SEMP/\" or \"/SEMP/v2/\"\n2|This API is partially implemented. Only a subset of all objects are available.\n3|Read-only attributes may appear in POST and PUT/PATCH requests. However, if a read-only attribute is not marked as identifying, it will be ignored during a PUT/PATCH.\n4|On a PUT, if the SEMP user is not authorized to modify the attribute, its value is left unchanged rather than set to default. In addition, the values of write-only attributes are not set to their defaults on a PUT, except in the following two cases: there is a mutual requires relationship with another non-write-only attribute, both attributes are absent from the request, and the non-write-only attribute is not currently set to its default value; or the attribute is also opaque and the `opaquePassword` query parameter is provided in the request.\n\n",
     "title": "SEMP (Solace Element Management Protocol)",
-    "version": "2.26"
+    "version": "2.34"
   },
   "parameters": {
     "countQuery": {
@@ -17265,24 +18971,1448 @@
       "required": false,
       "type": "array"
     },
-    "whereQuery": {
-      "collectionFormat": "csv",
-      "description": "Include in the response only objects where certain conditions are true. See the the documentation for the `where` parameter.",
-      "in": "query",
-      "items": {
-        "type": "string"
-      },
-      "name": "where",
-      "required": false,
-      "type": "array"
-    }
-  },
-  "paths": {
-    "/": {
+    "whereQuery": {
+      "collectionFormat": "csv",
+      "description": "Include in the response only objects where certain conditions are true. See the the documentation for the `where` parameter.",
+      "in": "query",
+      "items": {
+        "type": "string"
+      },
+      "name": "where",
+      "required": false,
+      "type": "array"
+    }
+  },
+  "paths": {
+    "/": {
+      "get": {
+        "description": "Get a Broker object.\n\nThis object contains global configuration for the message broker.\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\naverageRxByteRate|global/read-only\naverageRxCompressedByteRate|global/read-only\naverageRxMsgRate|global/read-only\naverageRxUncompressedByteRate|global/read-only\naverageTxByteRate|global/read-only\naverageTxCompressedByteRate|global/read-only\naverageTxMsgRate|global/read-only\naverageTxUncompressedByteRate|global/read-only\nconfigSyncAuthenticationClientCertMaxChainDepth|global/read-only\nconfigSyncAuthenticationClientCertValidateDateEnabled|global/read-only\nconfigSyncClientProfileTcpInitialCongestionWindow|global/read-only\nconfigSyncClientProfileTcpKeepaliveCount|global/read-only\nconfigSyncClientProfileTcpKeepaliveIdle|global/read-only\nconfigSyncClientProfileTcpKeepaliveInterval|global/read-only\nconfigSyncClientProfileTcpMaxWindow|global/read-only\nconfigSyncClientProfileTcpMss|global/read-only\nconfigSyncEnabled|global/read-only\nconfigSyncLastFailureReason|global/read-only\nconfigSyncSynchronizeUsernameEnabled|global/read-only\nconfigSyncTlsEnabled|global/read-only\nconfigSyncUp|global/read-only\ncspfVersion|global/read-only\nguaranteedMsgingDefragmentationEstimatedFragmentation|global/read-only\nguaranteedMsgingDefragmentationEstimatedRecoverableSpace|global/read-only\nguaranteedMsgingDefragmentationLastCompletedOn|global/read-only\nguaranteedMsgingDefragmentationLastCompletionPercentage|global/read-only\nguaranteedMsgingDefragmentationLastExitCondition|global/read-only\nguaranteedMsgingDefragmentationLastExitConditionInformation|global/read-only\nguaranteedMsgingDefragmentationScheduleDayList|global/read-only\nguaranteedMsgingDefragmentationScheduleEnabled|global/read-only\nguaranteedMsgingDefragmentationScheduleTimeList|global/read-only\nguaranteedMsgingDefragmentationStatus|global/read-only\nguaranteedMsgingDefragmentationStatusActiveCompletionPercentage|global/read-only\nguaranteedMsgingDefragmentationThresholdEnabled|global/read-only\nguaranteedMsgingDefragmentationThresholdFragmentationPercentage|global/read-only\nguaranteedMsgingDefragmentationThresholdMinInterval|global/read-only\nguaranteedMsgingDefragmentationThresholdUsagePercentage|global/read-only\nguaranteedMsgingEnabled|global/read-only\nguaranteedMsgingEventCacheUsageThreshold.clearPercent|global/read-only\nguaranteedMsgingEventCacheUsageThreshold.clearValue|global/read-only\nguaranteedMsgingEventCacheUsageThreshold.setPercent|global/read-only\nguaranteedMsgingEventCacheUsageThreshold.setValue|global/read-only\nguaranteedMsgingEventDeliveredUnackedThreshold.clearPercent|global/read-only\nguaranteedMsgingEventDeliveredUnackedThreshold.setPercent|global/read-only\nguaranteedMsgingEventDiskUsageThreshold.clearPercent|global/read-only\nguaranteedMsgingEventDiskUsageThreshold.setPercent|global/read-only\nguaranteedMsgingEventEgressFlowCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventEgressFlowCountThreshold.clearValue|global/read-only\nguaranteedMsgingEventEgressFlowCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventEgressFlowCountThreshold.setValue|global/read-only\nguaranteedMsgingEventEndpointCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventEndpointCountThreshold.clearValue|global/read-only\nguaranteedMsgingEventEndpointCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventEndpointCountThreshold.setValue|global/read-only\nguaranteedMsgingEventIngressFlowCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventIngressFlowCountThreshold.clearValue|global/read-only\nguaranteedMsgingEventIngressFlowCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventIngressFlowCountThreshold.setValue|global/read-only\nguaranteedMsgingEventMsgCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventMsgCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventMsgSpoolFileCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventMsgSpoolFileCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventMsgSpoolUsageThreshold.clearPercent|global/read-only\nguaranteedMsgingEventMsgSpoolUsageThreshold.clearValue|global/read-only\nguaranteedMsgingEventMsgSpoolUsageThreshold.setPercent|global/read-only\nguaranteedMsgingEventMsgSpoolUsageThreshold.setValue|global/read-only\nguaranteedMsgingEventTransactedSessionCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventTransactedSessionCountThreshold.clearValue|global/read-only\nguaranteedMsgingEventTransactedSessionCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventTransactedSessionCountThreshold.setValue|global/read-only\nguaranteedMsgingEventTransactedSessionResourceCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventTransactedSessionResourceCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventTransactionCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventTransactionCountThreshold.clearValue|global/read-only\nguaranteedMsgingEventTransactionCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventTransactionCountThreshold.setValue|global/read-only\nguaranteedMsgingMaxCacheUsage|global/read-only\nguaranteedMsgingMaxMsgSpoolUsage|global/read-only\nguaranteedMsgingMsgSpoolSyncMirroredMsgAckTimeout|global/read-only\nguaranteedMsgingMsgSpoolSyncMirroredSpoolFileAckTimeout|global/read-only\nguaranteedMsgingOperationalStatus|global/read-only\nguaranteedMsgingTransactionReplicationCompatibilityMode|global/read-only\noauthProfileDefault|global/read-only\nrxByteCount|global/read-only\nrxByteRate|global/read-only\nrxCompressedByteCount|global/read-only\nrxCompressedByteRate|global/read-only\nrxCompressionRatio|global/read-only\nrxMsgCount|global/read-only\nrxMsgRate|global/read-only\nrxUncompressedByteCount|global/read-only\nrxUncompressedByteRate|global/read-only\nserviceAmqpEnabled|global/read-only\nserviceAmqpTlsListenPort|global/read-only\nserviceEventConnectionCountThreshold.clearPercent|global/read-only\nserviceEventConnectionCountThreshold.clearValue|global/read-only\nserviceEventConnectionCountThreshold.setPercent|global/read-only\nserviceEventConnectionCountThreshold.setValue|global/read-only\nserviceHealthCheckEnabled|global/read-only\nserviceHealthCheckListenPort|global/read-only\nserviceHealthCheckTlsEnabled|global/read-only\nserviceHealthCheckTlsListenPort|global/read-only\nserviceMateLinkEnabled|global/read-only\nserviceMateLinkListenPort|global/read-only\nserviceMqttEnabled|global/read-only\nserviceMsgBackboneEnabled|global/read-only\nserviceRedundancyEnabled|global/read-only\nserviceRedundancyFirstListenPort|global/read-only\nserviceRestEventOutgoingConnectionCountThreshold.clearPercent|global/read-only\nserviceRestEventOutgoingConnectionCountThreshold.clearValue|global/read-only\nserviceRestEventOutgoingConnectionCountThreshold.setPercent|global/read-only\nserviceRestEventOutgoingConnectionCountThreshold.setValue|global/read-only\nserviceRestIncomingEnabled|global/read-only\nserviceRestOutgoingEnabled|global/read-only\nserviceSempCorsAllowAnyHostEnabled|global/read-only\nserviceSempLegacyTimeoutEnabled|global/read-only\nserviceSempPlainTextEnabled|global/read-only\nserviceSempPlainTextListenPort|global/read-only\nserviceSempSessionIdleTimeout|global/read-only\nserviceSempSessionMaxLifetime|global/read-only\nserviceSempTlsEnabled|global/read-only\nserviceSempTlsListenPort|global/read-only\nserviceSmfCompressionListenPort|global/read-only\nserviceSmfEnabled|global/read-only\nserviceSmfEventConnectionCountThreshold.clearPercent|global/read-only\nserviceSmfEventConnectionCountThreshold.clearValue|global/read-only\nserviceSmfEventConnectionCountThreshold.setPercent|global/read-only\nserviceSmfEventConnectionCountThreshold.setValue|global/read-only\nserviceSmfPlainTextListenPort|global/read-only\nserviceSmfRoutingControlListenPort|global/read-only\nserviceSmfTlsListenPort|global/read-only\nserviceTlsEventConnectionCountThreshold.clearPercent|global/read-only\nserviceTlsEventConnectionCountThreshold.clearValue|global/read-only\nserviceTlsEventConnectionCountThreshold.setPercent|global/read-only\nserviceTlsEventConnectionCountThreshold.setValue|global/read-only\nserviceWebTransportEnabled|global/read-only\nserviceWebTransportPlainTextListenPort|global/read-only\nserviceWebTransportTlsListenPort|global/read-only\nserviceWebTransportWebUrlSuffix|global/read-only\ntelemetryTraceDemoExpiryTime|vpn/read-only\ntelemetryTraceDemoState|vpn/read-only\ntelemetryTraceMode|vpn/read-only\ntlsBlockVersion11Enabled|global/read-only\ntlsCipherSuiteManagementDefaultList|global/read-only\ntlsCipherSuiteManagementList|global/read-only\ntlsCipherSuiteManagementSupportedList|vpn/read-only\ntlsCipherSuiteMsgBackboneDefaultList|global/read-only\ntlsCipherSuiteMsgBackboneList|global/read-only\ntlsCipherSuiteMsgBackboneSupportedList|vpn/read-only\ntlsCipherSuiteSecureShellDefaultList|global/read-only\ntlsCipherSuiteSecureShellList|global/read-only\ntlsCipherSuiteSecureShellSupportedList|vpn/read-only\ntlsCrimeExploitProtectionEnabled|global/read-only\ntlsStandardDomainCertificateAuthoritiesEnabled|vpn/read-only\ntlsTicketLifetime|global/read-only\ntlsVersionSupportedList|vpn/read-only\ntxByteCount|global/read-only\ntxByteRate|global/read-only\ntxCompressedByteCount|global/read-only\ntxCompressedByteRate|global/read-only\ntxCompressionRatio|global/read-only\ntxMsgCount|global/read-only\ntxMsgRate|global/read-only\ntxUncompressedByteCount|global/read-only\ntxUncompressedByteRate|global/read-only\nwebManagerAllowUnencryptedWizardsEnabled|vpn/read-only\nwebManagerCustomization|vpn/read-only\nwebManagerRedirectHttpEnabled|vpn/read-only\nwebManagerRedirectHttpLastFailureReason|vpn/read-only\nwebManagerRedirectHttpOverrideTlsPort|vpn/read-only\nwebManagerRedirectHttpUp|vpn/read-only\n\n\n\nThis has been available since 2.13.",
+        "operationId": "getBroker",
+        "parameters": [
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Broker object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/BrokerResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Broker object.",
+        "tags": [
+          "all"
+        ]
+      }
+    },
+    "/about": {
+      "get": {
+        "description": "Get an About object.\n\nThis provides metadata about the SEMP API, such as the version of the API supported by the broker.\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.13.",
+        "operationId": "getAbout",
+        "parameters": [
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The About object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/AboutResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get an About object.",
+        "tags": [
+          "all",
+          "about"
+        ]
+      }
+    },
+    "/about/api": {
+      "get": {
+        "description": "Get an API Description object.\n\nThe API Description object provides metadata about the SEMP API.\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getAboutApi",
+        "parameters": [
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The API Description object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/AboutApiResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get an API Description object.",
+        "tags": [
+          "all",
+          "about"
+        ]
+      }
+    },
+    "/about/user": {
+      "get": {
+        "description": "Get a User object.\n\nSession and access level information about the user accessing the SEMP API.\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getAboutUser",
+        "parameters": [
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The User object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/AboutUserResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a User object.",
+        "tags": [
+          "all",
+          "about"
+        ]
+      }
+    },
+    "/about/user/msgVpns": {
+      "get": {
+        "description": "Get a list of User Message VPN objects.\n\nThis provides information about the Message VPN access level for the username used to access the SEMP API.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getAboutUserMsgVpns",
+        "parameters": [
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of User Message VPN objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/AboutUserMsgVpnsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of User Message VPN objects.",
+        "tags": [
+          "all",
+          "about"
+        ]
+      }
+    },
+    "/about/user/msgVpns/{msgVpnName}": {
+      "get": {
+        "description": "Get a User Message VPN object.\n\nThis provides information about the Message VPN access level for the username used to access the SEMP API.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getAboutUserMsgVpn",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The User Message VPN object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/AboutUserMsgVpnResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a User Message VPN object.",
+        "tags": [
+          "all",
+          "about"
+        ]
+      }
+    },
+    "/certAuthorities": {
+      "get": {
+        "deprecated": true,
+        "description": "Get a list of Certificate Authority objects.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncertAuthorityName|x|x\ncertContent||x\ncrlDayList||x\ncrlLastDownloadTime||x\ncrlLastFailureReason||x\ncrlLastFailureTime||x\ncrlNextDownloadTime||x\ncrlTimeList||x\ncrlUp||x\ncrlUrl||x\nocspLastFailureReason||x\nocspLastFailureTime||x\nocspLastFailureUrl||x\nocspNonResponderCertEnabled||x\nocspOverrideUrl||x\nocspTimeout||x\nrevocationCheckEnabled||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities and domainCertAuthorities.",
+        "operationId": "getCertAuthorities",
+        "parameters": [
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Certificate Authority objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/CertAuthoritiesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Certificate Authority objects.",
+        "tags": [
+          "all",
+          "certAuthority"
+        ]
+      }
+    },
+    "/certAuthorities/{certAuthorityName}": {
+      "get": {
+        "deprecated": true,
+        "description": "Get a Certificate Authority object.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncertAuthorityName|x|x\ncertContent||x\ncrlDayList||x\ncrlLastDownloadTime||x\ncrlLastFailureReason||x\ncrlLastFailureTime||x\ncrlNextDownloadTime||x\ncrlTimeList||x\ncrlUp||x\ncrlUrl||x\nocspLastFailureReason||x\nocspLastFailureTime||x\nocspLastFailureUrl||x\nocspNonResponderCertEnabled||x\nocspOverrideUrl||x\nocspTimeout||x\nrevocationCheckEnabled||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities and domainCertAuthorities.",
+        "operationId": "getCertAuthority",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Authority object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/CertAuthorityResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Certificate Authority object.",
+        "tags": [
+          "all",
+          "certAuthority"
+        ]
+      }
+    },
+    "/certAuthorities/{certAuthorityName}/ocspTlsTrustedCommonNames": {
+      "get": {
+        "deprecated": true,
+        "description": "Get a list of OCSP Responder Trusted Common Name objects.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncertAuthorityName|x|x\nocspTlsTrustedCommonName|x|x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities.",
+        "operationId": "getCertAuthorityOcspTlsTrustedCommonNames",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of OCSP Responder Trusted Common Name objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/CertAuthorityOcspTlsTrustedCommonNamesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of OCSP Responder Trusted Common Name objects.",
+        "tags": [
+          "all",
+          "certAuthority"
+        ]
+      }
+    },
+    "/certAuthorities/{certAuthorityName}/ocspTlsTrustedCommonNames/{ocspTlsTrustedCommonName}": {
+      "get": {
+        "deprecated": true,
+        "description": "Get an OCSP Responder Trusted Common Name object.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncertAuthorityName|x|x\nocspTlsTrustedCommonName|x|x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities.",
+        "operationId": "getCertAuthorityOcspTlsTrustedCommonName",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The expected Trusted Common Name of the OCSP responder remote certificate.",
+            "in": "path",
+            "name": "ocspTlsTrustedCommonName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The OCSP Responder Trusted Common Name object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/CertAuthorityOcspTlsTrustedCommonNameResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get an OCSP Responder Trusted Common Name object.",
+        "tags": [
+          "all",
+          "certAuthority"
+        ]
+      }
+    },
+    "/clientCertAuthorities": {
+      "get": {
+        "description": "Get a list of Client Certificate Authority objects.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncertAuthorityName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "getClientCertAuthorities",
+        "parameters": [
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Client Certificate Authority objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthoritiesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Client Certificate Authority objects.",
+        "tags": [
+          "all",
+          "clientCertAuthority"
+        ]
+      }
+    },
+    "/clientCertAuthorities/{certAuthorityName}": {
+      "get": {
+        "description": "Get a Client Certificate Authority object.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncertAuthorityName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "getClientCertAuthority",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Client Certificate Authority object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthorityResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Client Certificate Authority object.",
+        "tags": [
+          "all",
+          "clientCertAuthority"
+        ]
+      }
+    },
+    "/clientCertAuthorities/{certAuthorityName}/ocspTlsTrustedCommonNames": {
+      "get": {
+        "description": "Get a list of OCSP Responder Trusted Common Name objects.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncertAuthorityName|x|\nocspTlsTrustedCommonName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "getClientCertAuthorityOcspTlsTrustedCommonNames",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of OCSP Responder Trusted Common Name objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthorityOcspTlsTrustedCommonNamesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of OCSP Responder Trusted Common Name objects.",
+        "tags": [
+          "all",
+          "clientCertAuthority"
+        ]
+      }
+    },
+    "/clientCertAuthorities/{certAuthorityName}/ocspTlsTrustedCommonNames/{ocspTlsTrustedCommonName}": {
+      "get": {
+        "description": "Get an OCSP Responder Trusted Common Name object.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncertAuthorityName|x|\nocspTlsTrustedCommonName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "getClientCertAuthorityOcspTlsTrustedCommonName",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The expected Trusted Common Name of the OCSP responder remote certificate.",
+            "in": "path",
+            "name": "ocspTlsTrustedCommonName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The OCSP Responder Trusted Common Name object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthorityOcspTlsTrustedCommonNameResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get an OCSP Responder Trusted Common Name object.",
+        "tags": [
+          "all",
+          "clientCertAuthority"
+        ]
+      }
+    },
+    "/configSyncLocalDatabaseRows": {
+      "get": {
+        "description": "Get a list of Config Sync Local Database objects.\n\nConfig Sync Local Database Rows contains information about the status of the table for this Broker or a local Message VPN.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nname|x|\ntype|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.22.",
+        "operationId": "getConfigSyncLocalDatabaseRows",
+        "parameters": [
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Config Sync Local Database objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/ConfigSyncLocalDatabaseRowsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Config Sync Local Database objects.",
+        "tags": [
+          "all",
+          "configSyncLocalDatabaseRow"
+        ]
+      }
+    },
+    "/configSyncLocalDatabaseRows/{type},{name}": {
+      "get": {
+        "description": "Get a Config Sync Local Database object.\n\nConfig Sync Local Database Rows contains information about the status of the table for this Broker or a local Message VPN.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nname|x|\ntype|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.22.",
+        "operationId": "getConfigSyncLocalDatabaseRow",
+        "parameters": [
+          {
+            "description": "The type of the row. Can be one of \"router\" or \"vpn\". There is one \"router\" row and one row for each configured \"vpn\". Each row represents a table of information that is synchronized between Config Sync and replication mates.",
+            "in": "path",
+            "name": "type",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name is \"site\" when the row type is \"router\", otherwise it is the Message VPN name.",
+            "in": "path",
+            "name": "name",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Config Sync Local Database object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/ConfigSyncLocalDatabaseRowResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Config Sync Local Database object.",
+        "tags": [
+          "all",
+          "configSyncLocalDatabaseRow"
+        ]
+      }
+    },
+    "/dmrClusters": {
+      "get": {
+        "description": "Get a list of Cluster objects.\n\nA Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|\ntlsServerCertEnforceTrustedCommonNameEnabled||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getDmrClusters",
+        "parameters": [
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Cluster objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClustersResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Cluster objects.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}": {
+      "get": {
+        "description": "Get a Cluster object.\n\nA Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|\ntlsServerCertEnforceTrustedCommonNameEnabled||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getDmrCluster",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Cluster object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Cluster object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/certMatchingRules": {
+      "get": {
+        "description": "Get a list of Certificate Matching Rule objects.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given link.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|\nruleName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "getDmrClusterCertMatchingRules",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Certificate Matching Rule objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRulesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Certificate Matching Rule objects.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/certMatchingRules/{ruleName}": {
+      "get": {
+        "description": "Get a Certificate Matching Rule object.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given link.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|\nruleName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "getDmrClusterCertMatchingRule",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Certificate Matching Rule object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/certMatchingRules/{ruleName}/attributeFilters": {
+      "get": {
+        "description": "Get a list of Certificate Matching Rule Attribute Filter objects.\n\nA Cert Matching Rule Attribute Filter compares a link attribute to a string.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|\nfilterName|x|\nruleName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "getDmrClusterCertMatchingRuleAttributeFilters",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Certificate Matching Rule Attribute Filter objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFiltersResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Certificate Matching Rule Attribute Filter objects.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/certMatchingRules/{ruleName}/attributeFilters/{filterName}": {
+      "get": {
+        "description": "Get a Certificate Matching Rule Attribute Filter object.\n\nA Cert Matching Rule Attribute Filter compares a link attribute to a string.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|\nfilterName|x|\nruleName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "getDmrClusterCertMatchingRuleAttributeFilter",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the filter.",
+            "in": "path",
+            "name": "filterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Certificate Matching Rule Attribute Filter object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/certMatchingRules/{ruleName}/conditions": {
+      "get": {
+        "description": "Get a list of Certificate Matching Rule Condition objects.\n\nA Cert Matching Rule Condition compares data extracted from a certificate to a link attribute or an expression.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|\nruleName|x|\nsource|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "getDmrClusterCertMatchingRuleConditions",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Certificate Matching Rule Condition objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleConditionsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Certificate Matching Rule Condition objects.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/certMatchingRules/{ruleName}/conditions/{source}": {
+      "get": {
+        "description": "Get a Certificate Matching Rule Condition object.\n\nA Cert Matching Rule Condition compares data extracted from a certificate to a link attribute or an expression.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|\nruleName|x|\nsource|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "getDmrClusterCertMatchingRuleCondition",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "Certificate field to be compared with the Attribute.",
+            "in": "path",
+            "name": "source",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule Condition object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleConditionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Certificate Matching Rule Condition object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/links": {
+      "get": {
+        "description": "Get a list of Link objects.\n\nA Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|\nremoteNodeName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getDmrClusterLinks",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Link objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinksResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Link objects.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}": {
+      "get": {
+        "description": "Get a Link object.\n\nA Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|\nremoteNodeName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getDmrClusterLink",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Link object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Link object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/attributes": {
+      "get": {
+        "description": "Get a list of Link Attribute objects.\n\nA Link Attribute is a key+value pair that can be used to locate a DMR Cluster Link, for example when using client certificate mapping.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nattributeName|x|\nattributeValue|x|\ndmrClusterName|x|\nremoteNodeName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "getDmrClusterLinkAttributes",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Link Attribute objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkAttributesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Link Attribute objects.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/attributes/{attributeName},{attributeValue}": {
+      "get": {
+        "description": "Get a Link Attribute object.\n\nA Link Attribute is a key+value pair that can be used to locate a DMR Cluster Link, for example when using client certificate mapping.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nattributeName|x|\nattributeValue|x|\ndmrClusterName|x|\nremoteNodeName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "getDmrClusterLinkAttribute",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Attribute.",
+            "in": "path",
+            "name": "attributeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The value of the Attribute.",
+            "in": "path",
+            "name": "attributeValue",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Link Attribute object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkAttributeResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Link Attribute object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ]
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/channels": {
       "get": {
-        "description": "Get a Broker object.\n\nThis object contains global configuration for the message broker.\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\naverageRxByteRate|global/read-only\naverageRxCompressedByteRate|global/read-only\naverageRxMsgRate|global/read-only\naverageRxUncompressedByteRate|global/read-only\naverageTxByteRate|global/read-only\naverageTxCompressedByteRate|global/read-only\naverageTxMsgRate|global/read-only\naverageTxUncompressedByteRate|global/read-only\nconfigSyncAuthenticationClientCertMaxChainDepth|global/read-only\nconfigSyncAuthenticationClientCertValidateDateEnabled|global/read-only\nconfigSyncClientProfileTcpInitialCongestionWindow|global/read-only\nconfigSyncClientProfileTcpKeepaliveCount|global/read-only\nconfigSyncClientProfileTcpKeepaliveIdle|global/read-only\nconfigSyncClientProfileTcpKeepaliveInterval|global/read-only\nconfigSyncClientProfileTcpMaxWindow|global/read-only\nconfigSyncClientProfileTcpMss|global/read-only\nconfigSyncEnabled|global/read-only\nconfigSyncLastFailureReason|global/read-only\nconfigSyncSynchronizeUsernameEnabled|global/read-only\nconfigSyncTlsEnabled|global/read-only\nconfigSyncUp|global/read-only\ncspfVersion|global/read-only\nguaranteedMsgingDefragmentationEstimatedFragmentation|global/read-only\nguaranteedMsgingDefragmentationEstimatedRecoverableSpace|global/read-only\nguaranteedMsgingDefragmentationLastCompletedOn|global/read-only\nguaranteedMsgingDefragmentationLastCompletionPercentage|global/read-only\nguaranteedMsgingDefragmentationLastExitCondition|global/read-only\nguaranteedMsgingDefragmentationLastExitConditionInformation|global/read-only\nguaranteedMsgingDefragmentationScheduleDayList|global/read-only\nguaranteedMsgingDefragmentationScheduleEnabled|global/read-only\nguaranteedMsgingDefragmentationScheduleTimeList|global/read-only\nguaranteedMsgingDefragmentationStatus|global/read-only\nguaranteedMsgingDefragmentationStatusActiveCompletionPercentage|global/read-only\nguaranteedMsgingDefragmentationThresholdEnabled|global/read-only\nguaranteedMsgingDefragmentationThresholdFragmentationPercentage|global/read-only\nguaranteedMsgingDefragmentationThresholdMinInterval|global/read-only\nguaranteedMsgingDefragmentationThresholdUsagePercentage|global/read-only\nguaranteedMsgingEnabled|global/read-only\nguaranteedMsgingEventCacheUsageThreshold.clearPercent|global/read-only\nguaranteedMsgingEventCacheUsageThreshold.clearValue|global/read-only\nguaranteedMsgingEventCacheUsageThreshold.setPercent|global/read-only\nguaranteedMsgingEventCacheUsageThreshold.setValue|global/read-only\nguaranteedMsgingEventDeliveredUnackedThreshold.clearPercent|global/read-only\nguaranteedMsgingEventDeliveredUnackedThreshold.setPercent|global/read-only\nguaranteedMsgingEventDiskUsageThreshold.clearPercent|global/read-only\nguaranteedMsgingEventDiskUsageThreshold.setPercent|global/read-only\nguaranteedMsgingEventEgressFlowCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventEgressFlowCountThreshold.clearValue|global/read-only\nguaranteedMsgingEventEgressFlowCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventEgressFlowCountThreshold.setValue|global/read-only\nguaranteedMsgingEventEndpointCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventEndpointCountThreshold.clearValue|global/read-only\nguaranteedMsgingEventEndpointCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventEndpointCountThreshold.setValue|global/read-only\nguaranteedMsgingEventIngressFlowCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventIngressFlowCountThreshold.clearValue|global/read-only\nguaranteedMsgingEventIngressFlowCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventIngressFlowCountThreshold.setValue|global/read-only\nguaranteedMsgingEventMsgCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventMsgCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventMsgSpoolFileCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventMsgSpoolFileCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventMsgSpoolUsageThreshold.clearPercent|global/read-only\nguaranteedMsgingEventMsgSpoolUsageThreshold.clearValue|global/read-only\nguaranteedMsgingEventMsgSpoolUsageThreshold.setPercent|global/read-only\nguaranteedMsgingEventMsgSpoolUsageThreshold.setValue|global/read-only\nguaranteedMsgingEventTransactedSessionCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventTransactedSessionCountThreshold.clearValue|global/read-only\nguaranteedMsgingEventTransactedSessionCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventTransactedSessionCountThreshold.setValue|global/read-only\nguaranteedMsgingEventTransactedSessionResourceCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventTransactedSessionResourceCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventTransactionCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventTransactionCountThreshold.clearValue|global/read-only\nguaranteedMsgingEventTransactionCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventTransactionCountThreshold.setValue|global/read-only\nguaranteedMsgingMaxCacheUsage|global/read-only\nguaranteedMsgingMaxMsgSpoolUsage|global/read-only\nguaranteedMsgingMsgSpoolSyncMirroredMsgAckTimeout|global/read-only\nguaranteedMsgingMsgSpoolSyncMirroredSpoolFileAckTimeout|global/read-only\nguaranteedMsgingOperationalStatus|global/read-only\nguaranteedMsgingTransactionReplicationCompatibilityMode|global/read-only\noauthProfileDefault|global/read-only\nrxByteCount|global/read-only\nrxByteRate|global/read-only\nrxCompressedByteCount|global/read-only\nrxCompressedByteRate|global/read-only\nrxCompressionRatio|global/read-only\nrxMsgCount|global/read-only\nrxMsgRate|global/read-only\nrxUncompressedByteCount|global/read-only\nrxUncompressedByteRate|global/read-only\nserviceAmqpEnabled|global/read-only\nserviceAmqpTlsListenPort|global/read-only\nserviceEventConnectionCountThreshold.clearPercent|global/read-only\nserviceEventConnectionCountThreshold.clearValue|global/read-only\nserviceEventConnectionCountThreshold.setPercent|global/read-only\nserviceEventConnectionCountThreshold.setValue|global/read-only\nserviceHealthCheckEnabled|global/read-only\nserviceHealthCheckListenPort|global/read-only\nserviceMateLinkEnabled|global/read-only\nserviceMateLinkListenPort|global/read-only\nserviceMqttEnabled|global/read-only\nserviceMsgBackboneEnabled|global/read-only\nserviceRedundancyEnabled|global/read-only\nserviceRedundancyFirstListenPort|global/read-only\nserviceRestEventOutgoingConnectionCountThreshold.clearPercent|global/read-only\nserviceRestEventOutgoingConnectionCountThreshold.clearValue|global/read-only\nserviceRestEventOutgoingConnectionCountThreshold.setPercent|global/read-only\nserviceRestEventOutgoingConnectionCountThreshold.setValue|global/read-only\nserviceRestIncomingEnabled|global/read-only\nserviceRestOutgoingEnabled|global/read-only\nserviceSempCorsAllowAnyHostEnabled|global/read-only\nserviceSempLegacyTimeoutEnabled|global/read-only\nserviceSempPlainTextEnabled|global/read-only\nserviceSempPlainTextListenPort|global/read-only\nserviceSempSessionIdleTimeout|global/read-only\nserviceSempSessionMaxLifetime|global/read-only\nserviceSempTlsEnabled|global/read-only\nserviceSempTlsListenPort|global/read-only\nserviceSmfCompressionListenPort|global/read-only\nserviceSmfEnabled|global/read-only\nserviceSmfEventConnectionCountThreshold.clearPercent|global/read-only\nserviceSmfEventConnectionCountThreshold.clearValue|global/read-only\nserviceSmfEventConnectionCountThreshold.setPercent|global/read-only\nserviceSmfEventConnectionCountThreshold.setValue|global/read-only\nserviceSmfPlainTextListenPort|global/read-only\nserviceSmfRoutingControlListenPort|global/read-only\nserviceSmfTlsListenPort|global/read-only\nserviceTlsEventConnectionCountThreshold.clearPercent|global/read-only\nserviceTlsEventConnectionCountThreshold.clearValue|global/read-only\nserviceTlsEventConnectionCountThreshold.setPercent|global/read-only\nserviceTlsEventConnectionCountThreshold.setValue|global/read-only\nserviceWebTransportEnabled|global/read-only\nserviceWebTransportPlainTextListenPort|global/read-only\nserviceWebTransportTlsListenPort|global/read-only\nserviceWebTransportWebUrlSuffix|global/read-only\ntlsBlockVersion11Enabled|global/read-only\ntlsCipherSuiteManagementDefaultList|global/read-only\ntlsCipherSuiteManagementList|global/read-only\ntlsCipherSuiteManagementSupportedList|vpn/read-only\ntlsCipherSuiteMsgBackboneDefaultList|global/read-only\ntlsCipherSuiteMsgBackboneList|global/read-only\ntlsCipherSuiteMsgBackboneSupportedList|vpn/read-only\ntlsCipherSuiteSecureShellDefaultList|global/read-only\ntlsCipherSuiteSecureShellList|global/read-only\ntlsCipherSuiteSecureShellSupportedList|vpn/read-only\ntlsCrimeExploitProtectionEnabled|global/read-only\ntlsStandardDomainCertificateAuthoritiesEnabled|vpn/read-only\ntlsTicketLifetime|global/read-only\ntlsVersionSupportedList|vpn/read-only\ntxByteCount|global/read-only\ntxByteRate|global/read-only\ntxCompressedByteCount|global/read-only\ntxCompressedByteRate|global/read-only\ntxCompressionRatio|global/read-only\ntxMsgCount|global/read-only\ntxMsgRate|global/read-only\ntxUncompressedByteCount|global/read-only\ntxUncompressedByteRate|global/read-only\nwebManagerCustomization|vpn/read-only\nwebManagerRedirectHttpEnabled|vpn/read-only\nwebManagerRedirectHttpLastFailureReason|vpn/read-only\nwebManagerRedirectHttpOverrideTlsPort|vpn/read-only\nwebManagerRedirectHttpUp|vpn/read-only\n\n\n\nThis has been available since 2.13.",
-        "operationId": "getBroker",
+        "description": "Get a list of Cluster Link Channels objects.\n\nA Channel is a connection between this broker and a remote node in the Cluster.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|\nmsgVpnName|x|\nremoteNodeName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getDmrClusterLinkChannels",
         "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
           {
             "$ref": "#/parameters/selectQuery"
           }
@@ -17292,9 +20422,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Broker object's attributes, and the request metadata.",
+            "description": "The list of Cluster Link Channels objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/BrokerResponse"
+              "$ref": "#/definitions/DmrClusterLinkChannelsResponse"
             }
           },
           "default": {
@@ -17309,17 +20439,39 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Broker object.",
+        "summary": "Get a list of Cluster Link Channels objects.",
         "tags": [
-          "all"
+          "all",
+          "dmrCluster"
         ]
       }
     },
-    "/about": {
+    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/channels/{msgVpnName}": {
       "get": {
-        "description": "Get an About object.\n\nThis provides metadata about the SEMP API, such as the version of the API supported by the broker.\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.13.",
-        "operationId": "getAbout",
+        "description": "Get a Cluster Link Channels object.\n\nA Channel is a connection between this broker and a remote node in the Cluster.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|\nmsgVpnName|x|\nremoteNodeName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getDmrClusterLinkChannel",
         "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/selectQuery"
           }
@@ -17329,9 +20481,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The About object's attributes, and the request metadata.",
+            "description": "The Cluster Link Channels object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/AboutResponse"
+              "$ref": "#/definitions/DmrClusterLinkChannelResponse"
             }
           },
           "default": {
@@ -17346,18 +20498,35 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get an About object.",
+        "summary": "Get a Cluster Link Channels object.",
         "tags": [
           "all",
-          "about"
+          "dmrCluster"
         ]
       }
     },
-    "/about/api": {
+    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/remoteAddresses": {
       "get": {
-        "description": "Get an API Description object.\n\nThe API Description object provides metadata about the SEMP API.\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getAboutApi",
+        "description": "Get a list of Remote Address objects.\n\nEach Remote Address, consisting of a FQDN or IP address and optional port, is used to connect to the remote node for this Link. Up to 4 addresses may be provided for each Link, and will be tried on a round-robin basis.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|\nremoteAddress|x|\nremoteNodeName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getDmrClusterLinkRemoteAddresses",
         "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
           {
             "$ref": "#/parameters/selectQuery"
           }
@@ -17367,9 +20536,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The API Description object's attributes, and the request metadata.",
+            "description": "The list of Remote Address objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/AboutApiResponse"
+              "$ref": "#/definitions/DmrClusterLinkRemoteAddressesResponse"
             }
           },
           "default": {
@@ -17384,18 +20553,39 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get an API Description object.",
+        "summary": "Get a list of Remote Address objects.",
         "tags": [
           "all",
-          "about"
+          "dmrCluster"
         ]
       }
     },
-    "/about/user": {
+    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/remoteAddresses/{remoteAddress}": {
       "get": {
-        "description": "Get a User object.\n\nSession and access level information about the user accessing the SEMP API.\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getAboutUser",
+        "description": "Get a Remote Address object.\n\nEach Remote Address, consisting of a FQDN or IP address and optional port, is used to connect to the remote node for this Link. Up to 4 addresses may be provided for each Link, and will be tried on a round-robin basis.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|\nremoteAddress|x|\nremoteNodeName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getDmrClusterLinkRemoteAddress",
         "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The FQDN or IP address (and optional port) of the remote node. If a port is not provided, it will vary based on the transport encoding: 55555 (plain-text), 55443 (encrypted), or 55003 (compressed).",
+            "in": "path",
+            "name": "remoteAddress",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/selectQuery"
           }
@@ -17405,9 +20595,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The User object's attributes, and the request metadata.",
+            "description": "The Remote Address object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/AboutUserResponse"
+              "$ref": "#/definitions/DmrClusterLinkRemoteAddressResponse"
             }
           },
           "default": {
@@ -17422,23 +20612,32 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a User object.",
+        "summary": "Get a Remote Address object.",
         "tags": [
           "all",
-          "about"
+          "dmrCluster"
         ]
       }
     },
-    "/about/user/msgVpns": {
+    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/tlsTrustedCommonNames": {
       "get": {
-        "description": "Get a list of User Message VPN objects.\n\nThis provides information about the Message VPN access level for the username used to access the SEMP API.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getAboutUserMsgVpns",
+        "deprecated": true,
+        "description": "Get a list of Trusted Common Name objects.\n\nThe Trusted Common Names for the Link are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|x\nremoteNodeName|x|x\ntlsTrustedCommonName|x|x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "getDmrClusterLinkTlsTrustedCommonNames",
         "parameters": [
           {
-            "$ref": "#/parameters/countQuery"
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
           },
           {
-            "$ref": "#/parameters/cursorQuery"
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
           },
           {
             "$ref": "#/parameters/whereQuery"
@@ -17452,9 +20651,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of User Message VPN objects' attributes, and the request metadata.",
+            "description": "The list of Trusted Common Name objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/AboutUserMsgVpnsResponse"
+              "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonNamesResponse"
             }
           },
           "default": {
@@ -17469,22 +20668,37 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of User Message VPN objects.",
+        "summary": "Get a list of Trusted Common Name objects.",
         "tags": [
           "all",
-          "about"
+          "dmrCluster"
         ]
       }
     },
-    "/about/user/msgVpns/{msgVpnName}": {
+    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/tlsTrustedCommonNames/{tlsTrustedCommonName}": {
       "get": {
-        "description": "Get a User Message VPN object.\n\nThis provides information about the Message VPN access level for the username used to access the SEMP API.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getAboutUserMsgVpn",
+        "deprecated": true,
+        "description": "Get a Trusted Common Name object.\n\nThe Trusted Common Names for the Link are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|x\nremoteNodeName|x|x\ntlsTrustedCommonName|x|x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "getDmrClusterLinkTlsTrustedCommonName",
         "parameters": [
           {
-            "description": "The name of the Message VPN.",
+            "description": "The name of the Cluster.",
             "in": "path",
-            "name": "msgVpnName",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The expected trusted common name of the remote certificate.",
+            "in": "path",
+            "name": "tlsTrustedCommonName",
             "required": true,
             "type": "string"
           },
@@ -17497,9 +20711,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The User Message VPN object's attributes, and the request metadata.",
+            "description": "The Trusted Common Name object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/AboutUserMsgVpnResponse"
+              "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonNameResponse"
             }
           },
           "default": {
@@ -17514,19 +20728,25 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a User Message VPN object.",
+        "summary": "Get a Trusted Common Name object.",
         "tags": [
           "all",
-          "about"
+          "dmrCluster"
         ]
       }
     },
-    "/certAuthorities": {
+    "/dmrClusters/{dmrClusterName}/topologyIssues": {
       "get": {
-        "deprecated": true,
-        "description": "Get a list of Certificate Authority objects.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncertAuthorityName|x|x\ncertContent||x\ncrlDayList||x\ncrlLastDownloadTime||x\ncrlLastFailureReason||x\ncrlLastFailureTime||x\ncrlNextDownloadTime||x\ncrlTimeList||x\ncrlUp||x\ncrlUrl||x\nocspLastFailureReason||x\nocspLastFailureTime||x\nocspLastFailureUrl||x\nocspNonResponderCertEnabled||x\nocspOverrideUrl||x\nocspTimeout||x\nrevocationCheckEnabled||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities and domainCertAuthorities.",
-        "operationId": "getCertAuthorities",
+        "description": "Get a list of Cluster Topology Issue objects.\n\nA Cluster Topology Issue indicates incorrect or inconsistent configuration within the DMR network. Such issues will cause messages to be misdelivered or lost.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|\ntopologyIssue|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getDmrClusterTopologyIssues",
         "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -17545,9 +20765,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Certificate Authority objects' attributes, and the request metadata.",
+            "description": "The list of Cluster Topology Issue objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/CertAuthoritiesResponse"
+              "$ref": "#/definitions/DmrClusterTopologyIssuesResponse"
             }
           },
           "default": {
@@ -17562,23 +20782,29 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Certificate Authority objects.",
+        "summary": "Get a list of Cluster Topology Issue objects.",
         "tags": [
           "all",
-          "certAuthority"
+          "dmrCluster"
         ]
       }
     },
-    "/certAuthorities/{certAuthorityName}": {
+    "/dmrClusters/{dmrClusterName}/topologyIssues/{topologyIssue}": {
       "get": {
-        "deprecated": true,
-        "description": "Get a Certificate Authority object.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncertAuthorityName|x|x\ncertContent||x\ncrlDayList||x\ncrlLastDownloadTime||x\ncrlLastFailureReason||x\ncrlLastFailureTime||x\ncrlNextDownloadTime||x\ncrlTimeList||x\ncrlUp||x\ncrlUrl||x\nocspLastFailureReason||x\nocspLastFailureTime||x\nocspLastFailureUrl||x\nocspNonResponderCertEnabled||x\nocspOverrideUrl||x\nocspTimeout||x\nrevocationCheckEnabled||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities and domainCertAuthorities.",
-        "operationId": "getCertAuthority",
+        "description": "Get a Cluster Topology Issue object.\n\nA Cluster Topology Issue indicates incorrect or inconsistent configuration within the DMR network. Such issues will cause messages to be misdelivered or lost.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|\ntopologyIssue|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getDmrClusterTopologyIssue",
         "parameters": [
           {
-            "description": "The name of the Certificate Authority.",
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topology issue discovered in the Cluster. A topology issue indicates incorrect or inconsistent configuration within the DMR network. Such issues will cause messages to be misdelivered or lost.",
             "in": "path",
-            "name": "certAuthorityName",
+            "name": "topologyIssue",
             "required": true,
             "type": "string"
           },
@@ -17591,9 +20817,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Certificate Authority object's attributes, and the request metadata.",
+            "description": "The Cluster Topology Issue object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/CertAuthorityResponse"
+              "$ref": "#/definitions/DmrClusterTopologyIssueResponse"
             }
           },
           "default": {
@@ -17608,25 +20834,23 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Certificate Authority object.",
+        "summary": "Get a Cluster Topology Issue object.",
         "tags": [
           "all",
-          "certAuthority"
+          "dmrCluster"
         ]
       }
     },
-    "/certAuthorities/{certAuthorityName}/ocspTlsTrustedCommonNames": {
+    "/domainCertAuthorities": {
       "get": {
-        "deprecated": true,
-        "description": "Get a list of OCSP Responder Trusted Common Name objects.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncertAuthorityName|x|x\nocspTlsTrustedCommonName|x|x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities.",
-        "operationId": "getCertAuthorityOcspTlsTrustedCommonNames",
+        "description": "Get a list of Domain Certificate Authority objects.\n\nCertificate Authorities trusted for domain verification.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncertAuthorityName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "getDomainCertAuthorities",
         "parameters": [
           {
-            "description": "The name of the Certificate Authority.",
-            "in": "path",
-            "name": "certAuthorityName",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
           },
           {
             "$ref": "#/parameters/whereQuery"
@@ -17640,9 +20864,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of OCSP Responder Trusted Common Name objects' attributes, and the request metadata.",
+            "description": "The list of Domain Certificate Authority objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/CertAuthorityOcspTlsTrustedCommonNamesResponse"
+              "$ref": "#/definitions/DomainCertAuthoritiesResponse"
             }
           },
           "default": {
@@ -17657,18 +20881,17 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of OCSP Responder Trusted Common Name objects.",
+        "summary": "Get a list of Domain Certificate Authority objects.",
         "tags": [
           "all",
-          "certAuthority"
+          "domainCertAuthority"
         ]
       }
     },
-    "/certAuthorities/{certAuthorityName}/ocspTlsTrustedCommonNames/{ocspTlsTrustedCommonName}": {
+    "/domainCertAuthorities/{certAuthorityName}": {
       "get": {
-        "deprecated": true,
-        "description": "Get an OCSP Responder Trusted Common Name object.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncertAuthorityName|x|x\nocspTlsTrustedCommonName|x|x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities.",
-        "operationId": "getCertAuthorityOcspTlsTrustedCommonName",
+        "description": "Get a Domain Certificate Authority object.\n\nCertificate Authorities trusted for domain verification.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncertAuthorityName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "getDomainCertAuthority",
         "parameters": [
           {
             "description": "The name of the Certificate Authority.",
@@ -17677,13 +20900,6 @@
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The expected Trusted Common Name of the OCSP responder remote certificate.",
-            "in": "path",
-            "name": "ocspTlsTrustedCommonName",
-            "required": true,
-            "type": "string"
-          },
           {
             "$ref": "#/parameters/selectQuery"
           }
@@ -17693,9 +20909,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The OCSP Responder Trusted Common Name object's attributes, and the request metadata.",
+            "description": "The Domain Certificate Authority object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/CertAuthorityOcspTlsTrustedCommonNameResponse"
+              "$ref": "#/definitions/DomainCertAuthorityResponse"
             }
           },
           "default": {
@@ -17710,17 +20926,17 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get an OCSP Responder Trusted Common Name object.",
+        "summary": "Get a Domain Certificate Authority object.",
         "tags": [
           "all",
-          "certAuthority"
+          "domainCertAuthority"
         ]
       }
     },
-    "/clientCertAuthorities": {
+    "/msgVpns": {
       "get": {
-        "description": "Get a list of Client Certificate Authority objects.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncertAuthorityName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
-        "operationId": "getClientCertAuthorities",
+        "description": "Get a list of Message VPN objects.\n\nMessage VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nauthenticationOauthDefaultProviderName||x\nbridgingTlsServerCertEnforceTrustedCommonNameEnabled||x\nconfigSyncLocalKey||x\nconfigSyncLocalLastResult||x\nconfigSyncLocalRole||x\nconfigSyncLocalState||x\nconfigSyncLocalTimeInState||x\ncounter.controlRxByteCount||x\ncounter.controlRxMsgCount||x\ncounter.controlTxByteCount||x\ncounter.controlTxMsgCount||x\ncounter.dataRxByteCount||x\ncounter.dataRxMsgCount||x\ncounter.dataTxByteCount||x\ncounter.dataTxMsgCount||x\ncounter.discardedRxMsgCount||x\ncounter.discardedTxMsgCount||x\ncounter.loginRxMsgCount||x\ncounter.loginTxMsgCount||x\ncounter.msgSpoolRxMsgCount||x\ncounter.msgSpoolTxMsgCount||x\ncounter.tlsRxByteCount||x\ncounter.tlsTxByteCount||x\ndistributedCacheManagementEnabled||x\nmsgVpnName|x|\nrate.averageRxByteRate||x\nrate.averageRxMsgRate||x\nrate.averageTxByteRate||x\nrate.averageTxMsgRate||x\nrate.rxByteRate||x\nrate.rxMsgRate||x\nrate.tlsAverageRxByteRate||x\nrate.tlsAverageTxByteRate||x\nrate.tlsRxByteRate||x\nrate.tlsTxByteRate||x\nrate.txByteRate||x\nrate.txMsgRate||x\nrestTlsServerCertEnforceTrustedCommonNameEnabled||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpns",
         "parameters": [
           {
             "$ref": "#/parameters/countQuery"
@@ -17740,9 +20956,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Client Certificate Authority objects' attributes, and the request metadata.",
+            "description": "The list of Message VPN objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/ClientCertAuthoritiesResponse"
+              "$ref": "#/definitions/MsgVpnsResponse"
             }
           },
           "default": {
@@ -17757,22 +20973,22 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Client Certificate Authority objects.",
+        "summary": "Get a list of Message VPN objects.",
         "tags": [
           "all",
-          "clientCertAuthority"
+          "msgVpn"
         ]
       }
     },
-    "/clientCertAuthorities/{certAuthorityName}": {
+    "/msgVpns/{msgVpnName}": {
       "get": {
-        "description": "Get a Client Certificate Authority object.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncertAuthorityName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
-        "operationId": "getClientCertAuthority",
+        "description": "Get a Message VPN object.\n\nMessage VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nauthenticationOauthDefaultProviderName||x\nbridgingTlsServerCertEnforceTrustedCommonNameEnabled||x\nconfigSyncLocalKey||x\nconfigSyncLocalLastResult||x\nconfigSyncLocalRole||x\nconfigSyncLocalState||x\nconfigSyncLocalTimeInState||x\ncounter.controlRxByteCount||x\ncounter.controlRxMsgCount||x\ncounter.controlTxByteCount||x\ncounter.controlTxMsgCount||x\ncounter.dataRxByteCount||x\ncounter.dataRxMsgCount||x\ncounter.dataTxByteCount||x\ncounter.dataTxMsgCount||x\ncounter.discardedRxMsgCount||x\ncounter.discardedTxMsgCount||x\ncounter.loginRxMsgCount||x\ncounter.loginTxMsgCount||x\ncounter.msgSpoolRxMsgCount||x\ncounter.msgSpoolTxMsgCount||x\ncounter.tlsRxByteCount||x\ncounter.tlsTxByteCount||x\ndistributedCacheManagementEnabled||x\nmsgVpnName|x|\nrate.averageRxByteRate||x\nrate.averageRxMsgRate||x\nrate.averageTxByteRate||x\nrate.averageTxMsgRate||x\nrate.rxByteRate||x\nrate.rxMsgRate||x\nrate.tlsAverageRxByteRate||x\nrate.tlsAverageTxByteRate||x\nrate.tlsRxByteRate||x\nrate.tlsTxByteRate||x\nrate.txByteRate||x\nrate.txMsgRate||x\nrestTlsServerCertEnforceTrustedCommonNameEnabled||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpn",
         "parameters": [
           {
-            "description": "The name of the Certificate Authority.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "certAuthorityName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
@@ -17785,9 +21001,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Client Certificate Authority object's attributes, and the request metadata.",
+            "description": "The Message VPN object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/ClientCertAuthorityResponse"
+              "$ref": "#/definitions/MsgVpnResponse"
             }
           },
           "default": {
@@ -17802,25 +21018,31 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Client Certificate Authority object.",
+        "summary": "Get a Message VPN object.",
         "tags": [
           "all",
-          "clientCertAuthority"
+          "msgVpn"
         ]
       }
     },
-    "/clientCertAuthorities/{certAuthorityName}/ocspTlsTrustedCommonNames": {
+    "/msgVpns/{msgVpnName}/aclProfiles": {
       "get": {
-        "description": "Get a list of OCSP Responder Trusted Common Name objects.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncertAuthorityName|x|\nocspTlsTrustedCommonName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
-        "operationId": "getClientCertAuthorityOcspTlsTrustedCommonNames",
+        "description": "Get a list of ACL Profile objects.\n\nAn ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnAclProfiles",
         "parameters": [
           {
-            "description": "The name of the Certificate Authority.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "certAuthorityName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
           {
             "$ref": "#/parameters/whereQuery"
           },
@@ -17833,9 +21055,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of OCSP Responder Trusted Common Name objects' attributes, and the request metadata.",
+            "description": "The list of ACL Profile objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/ClientCertAuthorityOcspTlsTrustedCommonNamesResponse"
+              "$ref": "#/definitions/MsgVpnAclProfilesResponse"
             }
           },
           "default": {
@@ -17850,29 +21072,30 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of OCSP Responder Trusted Common Name objects.",
+        "summary": "Get a list of ACL Profile objects.",
         "tags": [
           "all",
-          "clientCertAuthority"
+          "msgVpn",
+          "aclProfile"
         ]
       }
     },
-    "/clientCertAuthorities/{certAuthorityName}/ocspTlsTrustedCommonNames/{ocspTlsTrustedCommonName}": {
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}": {
       "get": {
-        "description": "Get an OCSP Responder Trusted Common Name object.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncertAuthorityName|x|\nocspTlsTrustedCommonName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
-        "operationId": "getClientCertAuthorityOcspTlsTrustedCommonName",
+        "description": "Get an ACL Profile object.\n\nAn ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnAclProfile",
         "parameters": [
           {
-            "description": "The name of the Certificate Authority.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "certAuthorityName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The expected Trusted Common Name of the OCSP responder remote certificate.",
+            "description": "The name of the ACL Profile.",
             "in": "path",
-            "name": "ocspTlsTrustedCommonName",
+            "name": "aclProfileName",
             "required": true,
             "type": "string"
           },
@@ -17885,9 +21108,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The OCSP Responder Trusted Common Name object's attributes, and the request metadata.",
+            "description": "The ACL Profile object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/ClientCertAuthorityOcspTlsTrustedCommonNameResponse"
+              "$ref": "#/definitions/MsgVpnAclProfileResponse"
             }
           },
           "default": {
@@ -17902,18 +21125,33 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get an OCSP Responder Trusted Common Name object.",
+        "summary": "Get an ACL Profile object.",
         "tags": [
           "all",
-          "clientCertAuthority"
+          "msgVpn",
+          "aclProfile"
         ]
       }
     },
-    "/configSyncLocalDatabaseRows": {
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/clientConnectExceptions": {
       "get": {
-        "description": "Get a list of Config Sync Local Database objects.\n\nConfig Sync Local Database Rows contains information about the status of the table for this Broker or a local Message VPN.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nname|x|\ntype|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.22.",
-        "operationId": "getConfigSyncLocalDatabaseRows",
+        "description": "Get a list of Client Connect Exception objects.\n\nA Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|\nclientConnectExceptionAddress|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnAclProfileClientConnectExceptions",
         "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -17932,9 +21170,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Config Sync Local Database objects' attributes, and the request metadata.",
+            "description": "The list of Client Connect Exception objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/ConfigSyncLocalDatabaseRowsResponse"
+              "$ref": "#/definitions/MsgVpnAclProfileClientConnectExceptionsResponse"
             }
           },
           "default": {
@@ -17949,29 +21187,37 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Config Sync Local Database objects.",
+        "summary": "Get a list of Client Connect Exception objects.",
         "tags": [
           "all",
-          "configSyncLocalDatabaseRow"
+          "msgVpn",
+          "aclProfile"
         ]
       }
     },
-    "/configSyncLocalDatabaseRows/{type},{name}": {
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/clientConnectExceptions/{clientConnectExceptionAddress}": {
       "get": {
-        "description": "Get a Config Sync Local Database object.\n\nConfig Sync Local Database Rows contains information about the status of the table for this Broker or a local Message VPN.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nname|x|\ntype|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.22.",
-        "operationId": "getConfigSyncLocalDatabaseRow",
+        "description": "Get a Client Connect Exception object.\n\nA Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|\nclientConnectExceptionAddress|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnAclProfileClientConnectException",
         "parameters": [
           {
-            "description": "The type of the row. Can be one of \"router\" or \"vpn\". There is one \"router\" row and one row for each configured \"vpn\". Each row represents a table of information that is synchronized between Config Sync and replication mates.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "type",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name is \"site\" when the row type is \"router\", otherwise it is the Message VPN name.",
+            "description": "The name of the ACL Profile.",
             "in": "path",
-            "name": "name",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The IP address/netmask of the client connect exception in canonical CIDR form.",
+            "in": "path",
+            "name": "clientConnectExceptionAddress",
             "required": true,
             "type": "string"
           },
@@ -17984,9 +21230,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Config Sync Local Database object's attributes, and the request metadata.",
+            "description": "The Client Connect Exception object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/ConfigSyncLocalDatabaseRowResponse"
+              "$ref": "#/definitions/MsgVpnAclProfileClientConnectExceptionResponse"
             }
           },
           "default": {
@@ -18001,18 +21247,34 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Config Sync Local Database object.",
+        "summary": "Get a Client Connect Exception object.",
         "tags": [
           "all",
-          "configSyncLocalDatabaseRow"
+          "msgVpn",
+          "aclProfile"
         ]
       }
     },
-    "/dmrClusters": {
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/publishExceptions": {
       "get": {
-        "description": "Get a list of Cluster objects.\n\nA Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|\ntlsServerCertEnforceTrustedCommonNameEnabled||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getDmrClusters",
+        "deprecated": true,
+        "description": "Get a list of Publish Topic Exception objects.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|x\nmsgVpnName|x|x\npublishExceptionTopic|x|x\ntopicSyntax|x|x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by publishTopicExceptions.",
+        "operationId": "getMsgVpnAclProfilePublishExceptions",
         "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -18031,9 +21293,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Cluster objects' attributes, and the request metadata.",
+            "description": "The list of Publish Topic Exception objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClustersResponse"
+              "$ref": "#/definitions/MsgVpnAclProfilePublishExceptionsResponse"
             }
           },
           "default": {
@@ -18048,22 +21310,45 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Cluster objects.",
+        "summary": "Get a list of Publish Topic Exception objects.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "aclProfile"
         ]
       }
     },
-    "/dmrClusters/{dmrClusterName}": {
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/publishExceptions/{topicSyntax},{publishExceptionTopic}": {
       "get": {
-        "description": "Get a Cluster object.\n\nA Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|\ntlsServerCertEnforceTrustedCommonNameEnabled||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getDmrCluster",
+        "deprecated": true,
+        "description": "Get a Publish Topic Exception object.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|x\nmsgVpnName|x|x\npublishExceptionTopic|x|x\ntopicSyntax|x|x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by publishTopicExceptions.",
+        "operationId": "getMsgVpnAclProfilePublishException",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The syntax of the topic for the exception to the default action taken.",
+            "in": "path",
+            "name": "topicSyntax",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "in": "path",
+            "name": "publishExceptionTopic",
             "required": true,
             "type": "string"
           },
@@ -18076,9 +21361,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Cluster object's attributes, and the request metadata.",
+            "description": "The Publish Topic Exception object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClusterResponse"
+              "$ref": "#/definitions/MsgVpnAclProfilePublishExceptionResponse"
             }
           },
           "default": {
@@ -18093,22 +21378,30 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Cluster object.",
+        "summary": "Get a Publish Topic Exception object.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "aclProfile"
         ]
       }
     },
-    "/dmrClusters/{dmrClusterName}/links": {
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/publishTopicExceptions": {
       "get": {
-        "description": "Get a list of Link objects.\n\nA Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|\nremoteNodeName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getDmrClusterLinks",
+        "description": "Get a list of Publish Topic Exception objects.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|\nmsgVpnName|x|\npublishTopicException|x|\npublishTopicExceptionSyntax|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "getMsgVpnAclProfilePublishTopicExceptions",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
             "required": true,
             "type": "string"
           },
@@ -18130,9 +21423,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Link objects' attributes, and the request metadata.",
+            "description": "The list of Publish Topic Exception objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClusterLinksResponse"
+              "$ref": "#/definitions/MsgVpnAclProfilePublishTopicExceptionsResponse"
             }
           },
           "default": {
@@ -18147,29 +21440,44 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Link objects.",
+        "summary": "Get a list of Publish Topic Exception objects.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "aclProfile"
         ]
       }
     },
-    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}": {
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/publishTopicExceptions/{publishTopicExceptionSyntax},{publishTopicException}": {
       "get": {
-        "description": "Get a Link object.\n\nA Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|\nremoteNodeName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getDmrClusterLink",
+        "description": "Get a Publish Topic Exception object.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|\nmsgVpnName|x|\npublishTopicException|x|\npublishTopicExceptionSyntax|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "getMsgVpnAclProfilePublishTopicException",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the node at the remote end of the Link.",
+            "description": "The name of the ACL Profile.",
             "in": "path",
-            "name": "remoteNodeName",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The syntax of the topic for the exception to the default action taken.",
+            "in": "path",
+            "name": "publishTopicExceptionSyntax",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "in": "path",
+            "name": "publishTopicException",
             "required": true,
             "type": "string"
           },
@@ -18182,9 +21490,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Link object's attributes, and the request metadata.",
+            "description": "The Publish Topic Exception object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClusterLinkResponse"
+              "$ref": "#/definitions/MsgVpnAclProfilePublishTopicExceptionResponse"
             }
           },
           "default": {
@@ -18199,29 +21507,31 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Link object.",
+        "summary": "Get a Publish Topic Exception object.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "aclProfile"
         ]
       }
     },
-    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/channels": {
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeExceptions": {
       "get": {
-        "description": "Get a list of Cluster Link Channels objects.\n\nA Channel is a connection between this broker and a remote node in the Cluster.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|\nmsgVpnName|x|\nremoteNodeName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getDmrClusterLinkChannels",
+        "deprecated": true,
+        "description": "Get a list of Subscribe Topic Exception objects.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|x\nmsgVpnName|x|x\nsubscribeExceptionTopic|x|x\ntopicSyntax|x|x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by subscribeTopicExceptions.",
+        "operationId": "getMsgVpnAclProfileSubscribeExceptions",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the node at the remote end of the Link.",
+            "description": "The name of the ACL Profile.",
             "in": "path",
-            "name": "remoteNodeName",
+            "name": "aclProfileName",
             "required": true,
             "type": "string"
           },
@@ -18243,9 +21553,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Cluster Link Channels objects' attributes, and the request metadata.",
+            "description": "The list of Subscribe Topic Exception objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClusterLinkChannelsResponse"
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeExceptionsResponse"
             }
           },
           "default": {
@@ -18260,36 +21570,45 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Cluster Link Channels objects.",
+        "summary": "Get a list of Subscribe Topic Exception objects.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "aclProfile"
         ]
       }
     },
-    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/channels/{msgVpnName}": {
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeExceptions/{topicSyntax},{subscribeExceptionTopic}": {
       "get": {
-        "description": "Get a Cluster Link Channels object.\n\nA Channel is a connection between this broker and a remote node in the Cluster.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|\nmsgVpnName|x|\nremoteNodeName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getDmrClusterLinkChannel",
+        "deprecated": true,
+        "description": "Get a Subscribe Topic Exception object.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|x\nmsgVpnName|x|x\nsubscribeExceptionTopic|x|x\ntopicSyntax|x|x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by subscribeTopicExceptions.",
+        "operationId": "getMsgVpnAclProfileSubscribeException",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the node at the remote end of the Link.",
+            "description": "The name of the ACL Profile.",
             "in": "path",
-            "name": "remoteNodeName",
+            "name": "aclProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the Message VPN.",
+            "description": "The syntax of the topic for the exception to the default action taken.",
             "in": "path",
-            "name": "msgVpnName",
+            "name": "topicSyntax",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "in": "path",
+            "name": "subscribeExceptionTopic",
             "required": true,
             "type": "string"
           },
@@ -18302,9 +21621,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Cluster Link Channels object's attributes, and the request metadata.",
+            "description": "The Subscribe Topic Exception object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClusterLinkChannelResponse"
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeExceptionResponse"
             }
           },
           "default": {
@@ -18319,32 +21638,39 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Cluster Link Channels object.",
+        "summary": "Get a Subscribe Topic Exception object.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "aclProfile"
         ]
       }
     },
-    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/remoteAddresses": {
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeShareNameExceptions": {
       "get": {
-        "description": "Get a list of Remote Address objects.\n\nEach Remote Address, consisting of a FQDN or IP address and optional port, is used to connect to the remote node for this Link. Up to 4 addresses may be provided for each Link, and will be tried on a round-robin basis.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|\nremoteAddress|x|\nremoteNodeName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getDmrClusterLinkRemoteAddresses",
+        "description": "Get a list of Subscribe Share Name Exception objects.\n\nA Subscribe Share Name Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|\nmsgVpnName|x|\nsubscribeShareNameException|x|\nsubscribeShareNameExceptionSyntax|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "getMsgVpnAclProfileSubscribeShareNameExceptions",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the node at the remote end of the Link.",
+            "description": "The name of the ACL Profile.",
             "in": "path",
-            "name": "remoteNodeName",
+            "name": "aclProfileName",
             "required": true,
             "type": "string"
           },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
           {
             "$ref": "#/parameters/whereQuery"
           },
@@ -18357,9 +21683,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Remote Address objects' attributes, and the request metadata.",
+            "description": "The list of Subscribe Share Name Exception objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClusterLinkRemoteAddressesResponse"
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeShareNameExceptionsResponse"
             }
           },
           "default": {
@@ -18374,36 +21700,44 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Remote Address objects.",
+        "summary": "Get a list of Subscribe Share Name Exception objects.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "aclProfile"
         ]
       }
     },
-    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/remoteAddresses/{remoteAddress}": {
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeShareNameExceptions/{subscribeShareNameExceptionSyntax},{subscribeShareNameException}": {
       "get": {
-        "description": "Get a Remote Address object.\n\nEach Remote Address, consisting of a FQDN or IP address and optional port, is used to connect to the remote node for this Link. Up to 4 addresses may be provided for each Link, and will be tried on a round-robin basis.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|\nremoteAddress|x|\nremoteNodeName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getDmrClusterLinkRemoteAddress",
+        "description": "Get a Subscribe Share Name Exception object.\n\nA Subscribe Share Name Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|\nmsgVpnName|x|\nsubscribeShareNameException|x|\nsubscribeShareNameExceptionSyntax|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "getMsgVpnAclProfileSubscribeShareNameException",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the node at the remote end of the Link.",
+            "description": "The name of the ACL Profile.",
             "in": "path",
-            "name": "remoteNodeName",
+            "name": "aclProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The FQDN or IP address (and optional port) of the remote node. If a port is not provided, it will vary based on the transport encoding: 55555 (plain-text), 55443 (encrypted), or 55003 (compressed).",
+            "description": "The syntax of the subscribe share name for the exception to the default action taken.",
             "in": "path",
-            "name": "remoteAddress",
+            "name": "subscribeShareNameExceptionSyntax",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The subscribe share name exception to the default action taken. May include wildcard characters.",
+            "in": "path",
+            "name": "subscribeShareNameException",
             "required": true,
             "type": "string"
           },
@@ -18416,9 +21750,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Remote Address object's attributes, and the request metadata.",
+            "description": "The Subscribe Share Name Exception object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClusterLinkRemoteAddressResponse"
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeShareNameExceptionResponse"
             }
           },
           "default": {
@@ -18433,33 +21767,39 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Remote Address object.",
+        "summary": "Get a Subscribe Share Name Exception object.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "aclProfile"
         ]
       }
     },
-    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/tlsTrustedCommonNames": {
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeTopicExceptions": {
       "get": {
-        "deprecated": true,
-        "description": "Get a list of Trusted Common Name objects.\n\nThe Trusted Common Names for the Link are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|x\nremoteNodeName|x|x\ntlsTrustedCommonName|x|x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
-        "operationId": "getDmrClusterLinkTlsTrustedCommonNames",
+        "description": "Get a list of Subscribe Topic Exception objects.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|\nmsgVpnName|x|\nsubscribeTopicException|x|\nsubscribeTopicExceptionSyntax|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "getMsgVpnAclProfileSubscribeTopicExceptions",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the node at the remote end of the Link.",
+            "description": "The name of the ACL Profile.",
             "in": "path",
-            "name": "remoteNodeName",
+            "name": "aclProfileName",
             "required": true,
             "type": "string"
           },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
           {
             "$ref": "#/parameters/whereQuery"
           },
@@ -18472,9 +21812,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Trusted Common Name objects' attributes, and the request metadata.",
+            "description": "The list of Subscribe Topic Exception objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonNamesResponse"
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeTopicExceptionsResponse"
             }
           },
           "default": {
@@ -18489,37 +21829,44 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Trusted Common Name objects.",
+        "summary": "Get a list of Subscribe Topic Exception objects.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "aclProfile"
         ]
       }
     },
-    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/tlsTrustedCommonNames/{tlsTrustedCommonName}": {
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeTopicExceptions/{subscribeTopicExceptionSyntax},{subscribeTopicException}": {
       "get": {
-        "deprecated": true,
-        "description": "Get a Trusted Common Name object.\n\nThe Trusted Common Names for the Link are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|x\nremoteNodeName|x|x\ntlsTrustedCommonName|x|x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
-        "operationId": "getDmrClusterLinkTlsTrustedCommonName",
+        "description": "Get a Subscribe Topic Exception object.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|\nmsgVpnName|x|\nsubscribeTopicException|x|\nsubscribeTopicExceptionSyntax|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "getMsgVpnAclProfileSubscribeTopicException",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the node at the remote end of the Link.",
+            "description": "The name of the ACL Profile.",
             "in": "path",
-            "name": "remoteNodeName",
+            "name": "aclProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The expected trusted common name of the remote certificate.",
+            "description": "The syntax of the topic for the exception to the default action taken.",
             "in": "path",
-            "name": "tlsTrustedCommonName",
+            "name": "subscribeTopicExceptionSyntax",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "in": "path",
+            "name": "subscribeTopicException",
             "required": true,
             "type": "string"
           },
@@ -18532,9 +21879,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Trusted Common Name object's attributes, and the request metadata.",
+            "description": "The Subscribe Topic Exception object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonNameResponse"
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeTopicExceptionResponse"
             }
           },
           "default": {
@@ -18549,22 +21896,23 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Trusted Common Name object.",
+        "summary": "Get a Subscribe Topic Exception object.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "aclProfile"
         ]
       }
     },
-    "/dmrClusters/{dmrClusterName}/topologyIssues": {
+    "/msgVpns/{msgVpnName}/authenticationOauthProfiles": {
       "get": {
-        "description": "Get a list of Cluster Topology Issue objects.\n\nA Cluster Topology Issue indicates incorrect or inconsistent configuration within the DMR network. Such issues will cause messages to be misdelivered or lost.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|\ntopologyIssue|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getDmrClusterTopologyIssues",
+        "description": "Get a list of OAuth Profile objects.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\noauthProfileName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "getMsgVpnAuthenticationOauthProfiles",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
@@ -18586,9 +21934,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Cluster Topology Issue objects' attributes, and the request metadata.",
+            "description": "The list of OAuth Profile objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClusterTopologyIssuesResponse"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfilesResponse"
             }
           },
           "default": {
@@ -18603,29 +21951,30 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Cluster Topology Issue objects.",
+        "summary": "Get a list of OAuth Profile objects.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "authenticationOauthProfile"
         ]
       }
     },
-    "/dmrClusters/{dmrClusterName}/topologyIssues/{topologyIssue}": {
+    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}": {
       "get": {
-        "description": "Get a Cluster Topology Issue object.\n\nA Cluster Topology Issue indicates incorrect or inconsistent configuration within the DMR network. Such issues will cause messages to be misdelivered or lost.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ndmrClusterName|x|\ntopologyIssue|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getDmrClusterTopologyIssue",
+        "description": "Get an OAuth Profile object.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\noauthProfileName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "getMsgVpnAuthenticationOauthProfile",
         "parameters": [
           {
-            "description": "The name of the Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "dmrClusterName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The topology issue discovered in the Cluster. A topology issue indicates incorrect or inconsistent configuration within the DMR network. Such issues will cause messages to be misdelivered or lost.",
+            "description": "The name of the OAuth profile.",
             "in": "path",
-            "name": "topologyIssue",
+            "name": "oauthProfileName",
             "required": true,
             "type": "string"
           },
@@ -18638,9 +21987,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Cluster Topology Issue object's attributes, and the request metadata.",
+            "description": "The OAuth Profile object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DmrClusterTopologyIssueResponse"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResponse"
             }
           },
           "default": {
@@ -18655,18 +22004,33 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Cluster Topology Issue object.",
+        "summary": "Get an OAuth Profile object.",
         "tags": [
           "all",
-          "dmrCluster"
+          "msgVpn",
+          "authenticationOauthProfile"
         ]
       }
     },
-    "/domainCertAuthorities": {
+    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}/clientRequiredClaims": {
       "get": {
-        "description": "Get a list of Domain Certificate Authority objects.\n\nCertificate Authorities trusted for domain verification.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncertAuthorityName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
-        "operationId": "getDomainCertAuthorities",
+        "description": "Get a list of Required Claim objects.\n\nAdditional claims to be verified in the ID token.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientRequiredClaimName|x|\nmsgVpnName|x|\noauthProfileName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "getMsgVpnAuthenticationOauthProfileClientRequiredClaims",
         "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -18685,9 +22049,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Domain Certificate Authority objects' attributes, and the request metadata.",
+            "description": "The list of Required Claim objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DomainCertAuthoritiesResponse"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileClientRequiredClaimsResponse"
             }
           },
           "default": {
@@ -18702,22 +22066,37 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Domain Certificate Authority objects.",
+        "summary": "Get a list of Required Claim objects.",
         "tags": [
           "all",
-          "domainCertAuthority"
+          "msgVpn",
+          "authenticationOauthProfile"
         ]
       }
     },
-    "/domainCertAuthorities/{certAuthorityName}": {
+    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}/clientRequiredClaims/{clientRequiredClaimName}": {
       "get": {
-        "description": "Get a Domain Certificate Authority object.\n\nCertificate Authorities trusted for domain verification.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncertAuthorityName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
-        "operationId": "getDomainCertAuthority",
+        "description": "Get a Required Claim object.\n\nAdditional claims to be verified in the ID token.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientRequiredClaimName|x|\nmsgVpnName|x|\noauthProfileName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "getMsgVpnAuthenticationOauthProfileClientRequiredClaim",
         "parameters": [
           {
-            "description": "The name of the Certificate Authority.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "certAuthorityName",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ID token claim to verify.",
+            "in": "path",
+            "name": "clientRequiredClaimName",
             "required": true,
             "type": "string"
           },
@@ -18730,9 +22109,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Domain Certificate Authority object's attributes, and the request metadata.",
+            "description": "The Required Claim object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/DomainCertAuthorityResponse"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileClientRequiredClaimResponse"
             }
           },
           "default": {
@@ -18747,18 +22126,33 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Domain Certificate Authority object.",
+        "summary": "Get a Required Claim object.",
         "tags": [
           "all",
-          "domainCertAuthority"
+          "msgVpn",
+          "authenticationOauthProfile"
         ]
       }
     },
-    "/msgVpns": {
+    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}/resourceServerRequiredClaims": {
       "get": {
-        "description": "Get a list of Message VPN objects.\n\nMessage VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nauthenticationOauthDefaultProviderName||x\nbridgingTlsServerCertEnforceTrustedCommonNameEnabled||x\nconfigSyncLocalKey||x\nconfigSyncLocalLastResult||x\nconfigSyncLocalRole||x\nconfigSyncLocalState||x\nconfigSyncLocalTimeInState||x\ncounter.controlRxByteCount||x\ncounter.controlRxMsgCount||x\ncounter.controlTxByteCount||x\ncounter.controlTxMsgCount||x\ncounter.dataRxByteCount||x\ncounter.dataRxMsgCount||x\ncounter.dataTxByteCount||x\ncounter.dataTxMsgCount||x\ncounter.discardedRxMsgCount||x\ncounter.discardedTxMsgCount||x\ncounter.loginRxMsgCount||x\ncounter.loginTxMsgCount||x\ncounter.msgSpoolRxMsgCount||x\ncounter.msgSpoolTxMsgCount||x\ncounter.tlsRxByteCount||x\ncounter.tlsTxByteCount||x\nmsgVpnName|x|\nrate.averageRxByteRate||x\nrate.averageRxMsgRate||x\nrate.averageTxByteRate||x\nrate.averageTxMsgRate||x\nrate.rxByteRate||x\nrate.rxMsgRate||x\nrate.tlsAverageRxByteRate||x\nrate.tlsAverageTxByteRate||x\nrate.tlsRxByteRate||x\nrate.tlsTxByteRate||x\nrate.txByteRate||x\nrate.txMsgRate||x\nrestTlsServerCertEnforceTrustedCommonNameEnabled||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpns",
+        "description": "Get a list of Required Claim objects.\n\nAdditional claims to be verified in the access token.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\noauthProfileName|x|\nresourceServerRequiredClaimName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "getMsgVpnAuthenticationOauthProfileResourceServerRequiredClaims",
         "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -18777,9 +22171,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Message VPN objects' attributes, and the request metadata.",
+            "description": "The list of Required Claim objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnsResponse"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResourceServerRequiredClaimsResponse"
             }
           },
           "default": {
@@ -18794,17 +22188,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Message VPN objects.",
+        "summary": "Get a list of Required Claim objects.",
         "tags": [
           "all",
-          "msgVpn"
+          "msgVpn",
+          "authenticationOauthProfile"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}": {
+    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}/resourceServerRequiredClaims/{resourceServerRequiredClaimName}": {
       "get": {
-        "description": "Get a Message VPN object.\n\nMessage VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nauthenticationOauthDefaultProviderName||x\nbridgingTlsServerCertEnforceTrustedCommonNameEnabled||x\nconfigSyncLocalKey||x\nconfigSyncLocalLastResult||x\nconfigSyncLocalRole||x\nconfigSyncLocalState||x\nconfigSyncLocalTimeInState||x\ncounter.controlRxByteCount||x\ncounter.controlRxMsgCount||x\ncounter.controlTxByteCount||x\ncounter.controlTxMsgCount||x\ncounter.dataRxByteCount||x\ncounter.dataRxMsgCount||x\ncounter.dataTxByteCount||x\ncounter.dataTxMsgCount||x\ncounter.discardedRxMsgCount||x\ncounter.discardedTxMsgCount||x\ncounter.loginRxMsgCount||x\ncounter.loginTxMsgCount||x\ncounter.msgSpoolRxMsgCount||x\ncounter.msgSpoolTxMsgCount||x\ncounter.tlsRxByteCount||x\ncounter.tlsTxByteCount||x\nmsgVpnName|x|\nrate.averageRxByteRate||x\nrate.averageRxMsgRate||x\nrate.averageTxByteRate||x\nrate.averageTxMsgRate||x\nrate.rxByteRate||x\nrate.rxMsgRate||x\nrate.tlsAverageRxByteRate||x\nrate.tlsAverageTxByteRate||x\nrate.tlsRxByteRate||x\nrate.tlsTxByteRate||x\nrate.txByteRate||x\nrate.txMsgRate||x\nrestTlsServerCertEnforceTrustedCommonNameEnabled||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpn",
+        "description": "Get a Required Claim object.\n\nAdditional claims to be verified in the access token.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\noauthProfileName|x|\nresourceServerRequiredClaimName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "getMsgVpnAuthenticationOauthProfileResourceServerRequiredClaim",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -18813,6 +22208,20 @@
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the access token claim to verify.",
+            "in": "path",
+            "name": "resourceServerRequiredClaimName",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/selectQuery"
           }
@@ -18822,9 +22231,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Message VPN object's attributes, and the request metadata.",
+            "description": "The Required Claim object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnResponse"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResourceServerRequiredClaimResponse"
             }
           },
           "default": {
@@ -18839,17 +22248,19 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Message VPN object.",
+        "summary": "Get a Required Claim object.",
         "tags": [
           "all",
-          "msgVpn"
+          "msgVpn",
+          "authenticationOauthProfile"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/aclProfiles": {
+    "/msgVpns/{msgVpnName}/authenticationOauthProviders": {
       "get": {
-        "description": "Get a list of ACL Profile objects.\n\nAn ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnAclProfiles",
+        "deprecated": true,
+        "description": "Get a list of OAuth Provider objects.\n\nOAuth Providers contain information about the issuer of an OAuth token that is needed to validate the token and derive a client username from it.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naudienceClaimName||x\naudienceClaimSource||x\naudienceClaimValue||x\naudienceValidationEnabled||x\nauthenticationSuccessCount||x\nauthorizationGroupClaimName||x\nauthorizationGroupClaimSource||x\nauthorizationGroupEnabled||x\ndisconnectOnTokenExpirationEnabled||x\nenabled||x\njwksLastRefreshFailureReason||x\njwksLastRefreshFailureTime||x\njwksLastRefreshTime||x\njwksNextScheduledRefreshTime||x\njwksRefreshFailureCount||x\njwksRefreshInterval||x\njwksUri||x\nloginFailureIncorrectAudienceValueCount||x\nloginFailureInvalidAudienceValueCount||x\nloginFailureInvalidAuthorizationGroupValueCount||x\nloginFailureInvalidJwtSignatureCount||x\nloginFailureInvalidUsernameValueCount||x\nloginFailureMismatchedUsernameCount||x\nloginFailureMissingAudienceCount||x\nloginFailureMissingJwkCount||x\nloginFailureMissingOrInvalidTokenCount||x\nloginFailureMissingUsernameCount||x\nloginFailureTokenExpiredCount||x\nloginFailureTokenIntrospectionErroredCount||x\nloginFailureTokenIntrospectionFailureCount||x\nloginFailureTokenIntrospectionHttpsErrorCount||x\nloginFailureTokenIntrospectionInvalidCount||x\nloginFailureTokenIntrospectionTimeoutCount||x\nloginFailureTokenNotValidYetCount||x\nloginFailureUnsupportedAlgCount||x\nmissingAuthorizationGroupCount||x\nmsgVpnName|x|x\noauthProviderName|x|x\ntokenIgnoreTimeLimitsEnabled||x\ntokenIntrospectionAverageTime||x\ntokenIntrospectionLastFailureReason||x\ntokenIntrospectionLastFailureTime||x\ntokenIntrospectionParameterName||x\ntokenIntrospectionSuccessCount||x\ntokenIntrospectionTimeout||x\ntokenIntrospectionUri||x\ntokenIntrospectionUsername||x\nusernameClaimName||x\nusernameClaimSource||x\nusernameValidateEnabled||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.25. Replaced by authenticationOauthProfiles.",
+        "operationId": "getMsgVpnAuthenticationOauthProviders",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -18876,9 +22287,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of ACL Profile objects' attributes, and the request metadata.",
+            "description": "The list of OAuth Provider objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfilesResponse"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProvidersResponse"
             }
           },
           "default": {
@@ -18893,18 +22304,19 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of ACL Profile objects.",
+        "summary": "Get a list of OAuth Provider objects.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "authenticationOauthProvider"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}": {
+    "/msgVpns/{msgVpnName}/authenticationOauthProviders/{oauthProviderName}": {
       "get": {
-        "description": "Get an ACL Profile object.\n\nAn ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnAclProfile",
+        "deprecated": true,
+        "description": "Get an OAuth Provider object.\n\nOAuth Providers contain information about the issuer of an OAuth token that is needed to validate the token and derive a client username from it.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naudienceClaimName||x\naudienceClaimSource||x\naudienceClaimValue||x\naudienceValidationEnabled||x\nauthenticationSuccessCount||x\nauthorizationGroupClaimName||x\nauthorizationGroupClaimSource||x\nauthorizationGroupEnabled||x\ndisconnectOnTokenExpirationEnabled||x\nenabled||x\njwksLastRefreshFailureReason||x\njwksLastRefreshFailureTime||x\njwksLastRefreshTime||x\njwksNextScheduledRefreshTime||x\njwksRefreshFailureCount||x\njwksRefreshInterval||x\njwksUri||x\nloginFailureIncorrectAudienceValueCount||x\nloginFailureInvalidAudienceValueCount||x\nloginFailureInvalidAuthorizationGroupValueCount||x\nloginFailureInvalidJwtSignatureCount||x\nloginFailureInvalidUsernameValueCount||x\nloginFailureMismatchedUsernameCount||x\nloginFailureMissingAudienceCount||x\nloginFailureMissingJwkCount||x\nloginFailureMissingOrInvalidTokenCount||x\nloginFailureMissingUsernameCount||x\nloginFailureTokenExpiredCount||x\nloginFailureTokenIntrospectionErroredCount||x\nloginFailureTokenIntrospectionFailureCount||x\nloginFailureTokenIntrospectionHttpsErrorCount||x\nloginFailureTokenIntrospectionInvalidCount||x\nloginFailureTokenIntrospectionTimeoutCount||x\nloginFailureTokenNotValidYetCount||x\nloginFailureUnsupportedAlgCount||x\nmissingAuthorizationGroupCount||x\nmsgVpnName|x|x\noauthProviderName|x|x\ntokenIgnoreTimeLimitsEnabled||x\ntokenIntrospectionAverageTime||x\ntokenIntrospectionLastFailureReason||x\ntokenIntrospectionLastFailureTime||x\ntokenIntrospectionParameterName||x\ntokenIntrospectionSuccessCount||x\ntokenIntrospectionTimeout||x\ntokenIntrospectionUri||x\ntokenIntrospectionUsername||x\nusernameClaimName||x\nusernameClaimSource||x\nusernameValidateEnabled||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.25. Replaced by authenticationOauthProfiles.",
+        "operationId": "getMsgVpnAuthenticationOauthProvider",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -18914,9 +22326,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the OAuth Provider.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "oauthProviderName",
             "required": true,
             "type": "string"
           },
@@ -18929,9 +22341,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The ACL Profile object's attributes, and the request metadata.",
+            "description": "The OAuth Provider object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileResponse"
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProviderResponse"
             }
           },
           "default": {
@@ -18946,18 +22358,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get an ACL Profile object.",
+        "summary": "Get an OAuth Provider object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "authenticationOauthProvider"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/clientConnectExceptions": {
+    "/msgVpns/{msgVpnName}/authorizationGroups": {
       "get": {
-        "description": "Get a list of Client Connect Exception objects.\n\nA Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|\nclientConnectExceptionAddress|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnAclProfileClientConnectExceptions",
+        "description": "Get a list of Authorization Group objects.\n\nTo use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nauthorizationGroupName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnAuthorizationGroups",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -18966,13 +22378,6 @@
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The name of the ACL Profile.",
-            "in": "path",
-            "name": "aclProfileName",
-            "required": true,
-            "type": "string"
-          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -18991,9 +22396,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Client Connect Exception objects' attributes, and the request metadata.",
+            "description": "The list of Authorization Group objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileClientConnectExceptionsResponse"
+              "$ref": "#/definitions/MsgVpnAuthorizationGroupsResponse"
             }
           },
           "default": {
@@ -19008,18 +22413,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Client Connect Exception objects.",
+        "summary": "Get a list of Authorization Group objects.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "authorizationGroup"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/clientConnectExceptions/{clientConnectExceptionAddress}": {
+    "/msgVpns/{msgVpnName}/authorizationGroups/{authorizationGroupName}": {
       "get": {
-        "description": "Get a Client Connect Exception object.\n\nA Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|\nclientConnectExceptionAddress|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnAclProfileClientConnectException",
+        "description": "Get an Authorization Group object.\n\nTo use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nauthorizationGroupName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnAuthorizationGroup",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19029,16 +22434,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
-            "in": "path",
-            "name": "aclProfileName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The IP address/netmask of the client connect exception in CIDR form.",
+            "description": "The name of the Authorization Group. For LDAP groups, special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\\#,lab,com'.",
             "in": "path",
-            "name": "clientConnectExceptionAddress",
+            "name": "authorizationGroupName",
             "required": true,
             "type": "string"
           },
@@ -19051,9 +22449,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Client Connect Exception object's attributes, and the request metadata.",
+            "description": "The Authorization Group object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileClientConnectExceptionResponse"
+              "$ref": "#/definitions/MsgVpnAuthorizationGroupResponse"
             }
           },
           "default": {
@@ -19068,31 +22466,23 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Client Connect Exception object.",
+        "summary": "Get an Authorization Group object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "authorizationGroup"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/publishExceptions": {
+    "/msgVpns/{msgVpnName}/bridges": {
       "get": {
-        "deprecated": true,
-        "description": "Get a list of Publish Topic Exception objects.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|x\nmsgVpnName|x|x\npublishExceptionTopic|x|x\ntopicSyntax|x|x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by publishTopicExceptions.",
-        "operationId": "getMsgVpnAclProfilePublishExceptions",
+        "description": "Get a list of Bridge objects.\n\nBridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nbridgeName|x|\nbridgeVirtualRouter|x|\ncounter.controlRxByteCount||x\ncounter.controlRxMsgCount||x\ncounter.controlTxByteCount||x\ncounter.controlTxMsgCount||x\ncounter.dataRxByteCount||x\ncounter.dataRxMsgCount||x\ncounter.dataTxByteCount||x\ncounter.dataTxMsgCount||x\ncounter.discardedRxMsgCount||x\ncounter.discardedTxMsgCount||x\ncounter.loginRxMsgCount||x\ncounter.loginTxMsgCount||x\ncounter.msgSpoolRxMsgCount||x\ncounter.rxByteCount||x\ncounter.rxMsgCount||x\ncounter.txByteCount||x\ncounter.txMsgCount||x\nmsgVpnName|x|\nrate.averageRxByteRate||x\nrate.averageRxMsgRate||x\nrate.averageTxByteRate||x\nrate.averageTxMsgRate||x\nrate.rxByteRate||x\nrate.rxMsgRate||x\nrate.txByteRate||x\nrate.txMsgRate||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnBridges",
         "parameters": [
           {
-            "description": "The name of the Message VPN.",
-            "in": "path",
-            "name": "msgVpnName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
@@ -19114,9 +22504,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Publish Topic Exception objects' attributes, and the request metadata.",
+            "description": "The list of Bridge objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfilePublishExceptionsResponse"
+              "$ref": "#/definitions/MsgVpnBridgesResponse"
             }
           },
           "default": {
@@ -19131,19 +22521,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Publish Topic Exception objects.",
+        "summary": "Get a list of Bridge objects.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/publishExceptions/{topicSyntax},{publishExceptionTopic}": {
+    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}": {
       "get": {
-        "deprecated": true,
-        "description": "Get a Publish Topic Exception object.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|x\nmsgVpnName|x|x\npublishExceptionTopic|x|x\ntopicSyntax|x|x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by publishTopicExceptions.",
-        "operationId": "getMsgVpnAclProfilePublishException",
+        "description": "Get a Bridge object.\n\nBridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nbridgeName|x|\nbridgeVirtualRouter|x|\ncounter.controlRxByteCount||x\ncounter.controlRxMsgCount||x\ncounter.controlTxByteCount||x\ncounter.controlTxMsgCount||x\ncounter.dataRxByteCount||x\ncounter.dataRxMsgCount||x\ncounter.dataTxByteCount||x\ncounter.dataTxMsgCount||x\ncounter.discardedRxMsgCount||x\ncounter.discardedTxMsgCount||x\ncounter.loginRxMsgCount||x\ncounter.loginTxMsgCount||x\ncounter.msgSpoolRxMsgCount||x\ncounter.rxByteCount||x\ncounter.rxMsgCount||x\ncounter.txByteCount||x\ncounter.txMsgCount||x\nmsgVpnName|x|\nrate.averageRxByteRate||x\nrate.averageRxMsgRate||x\nrate.averageTxByteRate||x\nrate.averageTxMsgRate||x\nrate.rxByteRate||x\nrate.rxMsgRate||x\nrate.txByteRate||x\nrate.txMsgRate||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnBridge",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19153,23 +22542,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
-            "in": "path",
-            "name": "aclProfileName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The syntax of the topic for the exception to the default action taken.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "topicSyntax",
+            "name": "bridgeName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "description": "The virtual router of the Bridge.",
             "in": "path",
-            "name": "publishExceptionTopic",
+            "name": "bridgeVirtualRouter",
             "required": true,
             "type": "string"
           },
@@ -19182,9 +22564,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Publish Topic Exception object's attributes, and the request metadata.",
+            "description": "The Bridge object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfilePublishExceptionResponse"
+              "$ref": "#/definitions/MsgVpnBridgeResponse"
             }
           },
           "default": {
@@ -19199,18 +22581,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Publish Topic Exception object.",
+        "summary": "Get a Bridge object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/publishTopicExceptions": {
+    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/localSubscriptions": {
       "get": {
-        "description": "Get a list of Publish Topic Exception objects.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|\nmsgVpnName|x|\npublishTopicException|x|\npublishTopicExceptionSyntax|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
-        "operationId": "getMsgVpnAclProfilePublishTopicExceptions",
+        "description": "Get a list of Bridge Local Subscriptions objects.\n\nA Local Subscription is a topic subscription used by a remote Message VPN Bridge to attract messages from this broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nbridgeName|x|\nbridgeVirtualRouter|x|\nlocalSubscriptionTopic|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnBridgeLocalSubscriptions",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19220,9 +22602,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "bridgeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
             "required": true,
             "type": "string"
           },
@@ -19244,9 +22633,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Publish Topic Exception objects' attributes, and the request metadata.",
+            "description": "The list of Bridge Local Subscriptions objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfilePublishTopicExceptionsResponse"
+              "$ref": "#/definitions/MsgVpnBridgeLocalSubscriptionsResponse"
             }
           },
           "default": {
@@ -19261,18 +22650,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Publish Topic Exception objects.",
+        "summary": "Get a list of Bridge Local Subscriptions objects.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/publishTopicExceptions/{publishTopicExceptionSyntax},{publishTopicException}": {
+    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/localSubscriptions/{localSubscriptionTopic}": {
       "get": {
-        "description": "Get a Publish Topic Exception object.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|\nmsgVpnName|x|\npublishTopicException|x|\npublishTopicExceptionSyntax|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
-        "operationId": "getMsgVpnAclProfilePublishTopicException",
+        "description": "Get a Bridge Local Subscriptions object.\n\nA Local Subscription is a topic subscription used by a remote Message VPN Bridge to attract messages from this broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nbridgeName|x|\nbridgeVirtualRouter|x|\nlocalSubscriptionTopic|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnBridgeLocalSubscription",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19282,23 +22671,23 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "bridgeName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The syntax of the topic for the exception to the default action taken.",
+            "description": "The virtual router of the Bridge.",
             "in": "path",
-            "name": "publishTopicExceptionSyntax",
+            "name": "bridgeVirtualRouter",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "description": "The topic of the Bridge local subscription.",
             "in": "path",
-            "name": "publishTopicException",
+            "name": "localSubscriptionTopic",
             "required": true,
             "type": "string"
           },
@@ -19311,9 +22700,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Publish Topic Exception object's attributes, and the request metadata.",
+            "description": "The Bridge Local Subscriptions object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfilePublishTopicExceptionResponse"
+              "$ref": "#/definitions/MsgVpnBridgeLocalSubscriptionResponse"
             }
           },
           "default": {
@@ -19328,19 +22717,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Publish Topic Exception object.",
+        "summary": "Get a Bridge Local Subscriptions object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeExceptions": {
+    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/remoteMsgVpns": {
       "get": {
-        "deprecated": true,
-        "description": "Get a list of Subscribe Topic Exception objects.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|x\nmsgVpnName|x|x\nsubscribeExceptionTopic|x|x\ntopicSyntax|x|x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by subscribeTopicExceptions.",
-        "operationId": "getMsgVpnAclProfileSubscribeExceptions",
+        "description": "Get a list of Remote Message VPN objects.\n\nThe Remote Message VPN is the Message VPN that the Bridge connects to.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nbridgeName|x|\nbridgeVirtualRouter|x|\nmsgVpnName|x|\nremoteMsgVpnInterface|x|\nremoteMsgVpnLocation|x|\nremoteMsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnBridgeRemoteMsgVpns",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19350,17 +22738,18 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "bridgeName",
             "required": true,
             "type": "string"
           },
           {
-            "$ref": "#/parameters/countQuery"
-          },
-          {
-            "$ref": "#/parameters/cursorQuery"
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
           },
           {
             "$ref": "#/parameters/whereQuery"
@@ -19374,9 +22763,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Subscribe Topic Exception objects' attributes, and the request metadata.",
+            "description": "The list of Remote Message VPN objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileSubscribeExceptionsResponse"
+              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpnsResponse"
             }
           },
           "default": {
@@ -19391,19 +22780,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Subscribe Topic Exception objects.",
+        "summary": "Get a list of Remote Message VPN objects.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeExceptions/{topicSyntax},{subscribeExceptionTopic}": {
+    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/remoteMsgVpns/{remoteMsgVpnName},{remoteMsgVpnLocation},{remoteMsgVpnInterface}": {
       "get": {
-        "deprecated": true,
-        "description": "Get a Subscribe Topic Exception object.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|x\nmsgVpnName|x|x\nsubscribeExceptionTopic|x|x\ntopicSyntax|x|x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by subscribeTopicExceptions.",
-        "operationId": "getMsgVpnAclProfileSubscribeException",
+        "description": "Get a Remote Message VPN object.\n\nThe Remote Message VPN is the Message VPN that the Bridge connects to.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nbridgeName|x|\nbridgeVirtualRouter|x|\nmsgVpnName|x|\nremoteMsgVpnInterface|x|\nremoteMsgVpnLocation|x|\nremoteMsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnBridgeRemoteMsgVpn",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19413,23 +22801,37 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "bridgeName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The syntax of the topic for the exception to the default action taken.",
+            "description": "The virtual router of the Bridge.",
             "in": "path",
-            "name": "topicSyntax",
+            "name": "bridgeVirtualRouter",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "description": "The name of the remote Message VPN.",
             "in": "path",
-            "name": "subscribeExceptionTopic",
+            "name": "remoteMsgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The location of the remote Message VPN as either an FQDN with port, IP address with port, or virtual router name (starting with \"v:\").",
+            "in": "path",
+            "name": "remoteMsgVpnLocation",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The physical interface on the local Message VPN host for connecting to the remote Message VPN. By default, an interface is chosen automatically (recommended), but if specified, `remoteMsgVpnLocation` must not be a virtual router name.",
+            "in": "path",
+            "name": "remoteMsgVpnInterface",
             "required": true,
             "type": "string"
           },
@@ -19442,9 +22844,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Subscribe Topic Exception object's attributes, and the request metadata.",
+            "description": "The Remote Message VPN object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileSubscribeExceptionResponse"
+              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpnResponse"
             }
           },
           "default": {
@@ -19459,18 +22861,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Subscribe Topic Exception object.",
+        "summary": "Get a Remote Message VPN object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeShareNameExceptions": {
+    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/remoteSubscriptions": {
       "get": {
-        "description": "Get a list of Subscribe Share Name Exception objects.\n\nA Subscribe Share Name Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|\nmsgVpnName|x|\nsubscribeShareNameException|x|\nsubscribeShareNameExceptionSyntax|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
-        "operationId": "getMsgVpnAclProfileSubscribeShareNameExceptions",
+        "description": "Get a list of Remote Subscription objects.\n\nA Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nbridgeName|x|\nbridgeVirtualRouter|x|\nmsgVpnName|x|\nremoteSubscriptionTopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnBridgeRemoteSubscriptions",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19480,9 +22882,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "bridgeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
             "required": true,
             "type": "string"
           },
@@ -19504,9 +22913,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Subscribe Share Name Exception objects' attributes, and the request metadata.",
+            "description": "The list of Remote Subscription objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileSubscribeShareNameExceptionsResponse"
+              "$ref": "#/definitions/MsgVpnBridgeRemoteSubscriptionsResponse"
             }
           },
           "default": {
@@ -19521,18 +22930,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Subscribe Share Name Exception objects.",
+        "summary": "Get a list of Remote Subscription objects.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeShareNameExceptions/{subscribeShareNameExceptionSyntax},{subscribeShareNameException}": {
+    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/remoteSubscriptions/{remoteSubscriptionTopic}": {
       "get": {
-        "description": "Get a Subscribe Share Name Exception object.\n\nA Subscribe Share Name Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|\nmsgVpnName|x|\nsubscribeShareNameException|x|\nsubscribeShareNameExceptionSyntax|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
-        "operationId": "getMsgVpnAclProfileSubscribeShareNameException",
+        "description": "Get a Remote Subscription object.\n\nA Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nbridgeName|x|\nbridgeVirtualRouter|x|\nmsgVpnName|x|\nremoteSubscriptionTopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnBridgeRemoteSubscription",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19542,23 +22951,23 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "bridgeName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The syntax of the subscribe share name for the exception to the default action taken.",
+            "description": "The virtual router of the Bridge.",
             "in": "path",
-            "name": "subscribeShareNameExceptionSyntax",
+            "name": "bridgeVirtualRouter",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The subscribe share name exception to the default action taken. May include wildcard characters.",
+            "description": "The topic of the Bridge remote subscription.",
             "in": "path",
-            "name": "subscribeShareNameException",
+            "name": "remoteSubscriptionTopic",
             "required": true,
             "type": "string"
           },
@@ -19571,9 +22980,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Subscribe Share Name Exception object's attributes, and the request metadata.",
+            "description": "The Remote Subscription object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileSubscribeShareNameExceptionResponse"
+              "$ref": "#/definitions/MsgVpnBridgeRemoteSubscriptionResponse"
             }
           },
           "default": {
@@ -19588,18 +22997,19 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Subscribe Share Name Exception object.",
+        "summary": "Get a Remote Subscription object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeTopicExceptions": {
+    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/tlsTrustedCommonNames": {
       "get": {
-        "description": "Get a list of Subscribe Topic Exception objects.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|\nmsgVpnName|x|\nsubscribeTopicException|x|\nsubscribeTopicExceptionSyntax|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
-        "operationId": "getMsgVpnAclProfileSubscribeTopicExceptions",
+        "deprecated": true,
+        "description": "Get a list of Trusted Common Name objects.\n\nThe Trusted Common Names for the Bridge are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nbridgeName|x|x\nbridgeVirtualRouter|x|x\nmsgVpnName|x|x\ntlsTrustedCommonName|x|x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "getMsgVpnBridgeTlsTrustedCommonNames",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19609,17 +23019,18 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "bridgeName",
             "required": true,
             "type": "string"
           },
           {
-            "$ref": "#/parameters/countQuery"
-          },
-          {
-            "$ref": "#/parameters/cursorQuery"
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
           },
           {
             "$ref": "#/parameters/whereQuery"
@@ -19633,9 +23044,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Subscribe Topic Exception objects' attributes, and the request metadata.",
+            "description": "The list of Trusted Common Name objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileSubscribeTopicExceptionsResponse"
+              "$ref": "#/definitions/MsgVpnBridgeTlsTrustedCommonNamesResponse"
             }
           },
           "default": {
@@ -19650,18 +23061,19 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Subscribe Topic Exception objects.",
+        "summary": "Get a list of Trusted Common Name objects.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeTopicExceptions/{subscribeTopicExceptionSyntax},{subscribeTopicException}": {
+    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/tlsTrustedCommonNames/{tlsTrustedCommonName}": {
       "get": {
-        "description": "Get a Subscribe Topic Exception object.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naclProfileName|x|\nmsgVpnName|x|\nsubscribeTopicException|x|\nsubscribeTopicExceptionSyntax|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
-        "operationId": "getMsgVpnAclProfileSubscribeTopicException",
+        "deprecated": true,
+        "description": "Get a Trusted Common Name object.\n\nThe Trusted Common Names for the Bridge are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nbridgeName|x|x\nbridgeVirtualRouter|x|x\nmsgVpnName|x|x\ntlsTrustedCommonName|x|x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "getMsgVpnBridgeTlsTrustedCommonName",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19671,23 +23083,23 @@
             "type": "string"
           },
           {
-            "description": "The name of the ACL Profile.",
+            "description": "The name of the Bridge.",
             "in": "path",
-            "name": "aclProfileName",
+            "name": "bridgeName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The syntax of the topic for the exception to the default action taken.",
+            "description": "The virtual router of the Bridge.",
             "in": "path",
-            "name": "subscribeTopicExceptionSyntax",
+            "name": "bridgeVirtualRouter",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "description": "The expected trusted common name of the remote certificate.",
             "in": "path",
-            "name": "subscribeTopicException",
+            "name": "tlsTrustedCommonName",
             "required": true,
             "type": "string"
           },
@@ -19700,9 +23112,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Subscribe Topic Exception object's attributes, and the request metadata.",
+            "description": "The Trusted Common Name object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAclProfileSubscribeTopicExceptionResponse"
+              "$ref": "#/definitions/MsgVpnBridgeTlsTrustedCommonNameResponse"
             }
           },
           "default": {
@@ -19717,18 +23129,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Subscribe Topic Exception object.",
+        "summary": "Get a Trusted Common Name object.",
         "tags": [
           "all",
           "msgVpn",
-          "aclProfile"
+          "bridge"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/authenticationOauthProfiles": {
+    "/msgVpns/{msgVpnName}/certMatchingRules": {
       "get": {
-        "description": "Get a list of OAuth Profile objects.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\noauthProfileName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
-        "operationId": "getMsgVpnAuthenticationOauthProfiles",
+        "description": "Get a list of Certificate Matching Rule objects.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given username.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nruleName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "getMsgVpnCertMatchingRules",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19755,9 +23167,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of OAuth Profile objects' attributes, and the request metadata.",
+            "description": "The list of Certificate Matching Rule objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfilesResponse"
+              "$ref": "#/definitions/MsgVpnCertMatchingRulesResponse"
             }
           },
           "default": {
@@ -19772,18 +23184,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of OAuth Profile objects.",
+        "summary": "Get a list of Certificate Matching Rule objects.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProfile"
+          "certMatchingRule"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}": {
+    "/msgVpns/{msgVpnName}/certMatchingRules/{ruleName}": {
       "get": {
-        "description": "Get an OAuth Profile object.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\noauthProfileName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
-        "operationId": "getMsgVpnAuthenticationOauthProfile",
+        "description": "Get a Certificate Matching Rule object.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given username.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nruleName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "getMsgVpnCertMatchingRule",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19793,9 +23205,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the OAuth profile.",
+            "description": "The name of the rule.",
             "in": "path",
-            "name": "oauthProfileName",
+            "name": "ruleName",
             "required": true,
             "type": "string"
           },
@@ -19808,9 +23220,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The OAuth Profile object's attributes, and the request metadata.",
+            "description": "The Certificate Matching Rule object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResponse"
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleResponse"
             }
           },
           "default": {
@@ -19825,18 +23237,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get an OAuth Profile object.",
+        "summary": "Get a Certificate Matching Rule object.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProfile"
+          "certMatchingRule"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}/clientRequiredClaims": {
+    "/msgVpns/{msgVpnName}/certMatchingRules/{ruleName}/attributeFilters": {
       "get": {
-        "description": "Get a list of Required Claim objects.\n\nAdditional claims to be verified in the ID token.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientRequiredClaimName|x|\nmsgVpnName|x|\noauthProfileName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
-        "operationId": "getMsgVpnAuthenticationOauthProfileClientRequiredClaims",
+        "description": "Get a list of Certificate Matching Rule Attribute Filter objects.\n\nA Cert Matching Rule Attribute Filter compares a username attribute to a string.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nfilterName|x|\nmsgVpnName|x|\nruleName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "getMsgVpnCertMatchingRuleAttributeFilters",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19846,9 +23258,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the OAuth profile.",
+            "description": "The name of the rule.",
             "in": "path",
-            "name": "oauthProfileName",
+            "name": "ruleName",
             "required": true,
             "type": "string"
           },
@@ -19870,9 +23282,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Required Claim objects' attributes, and the request metadata.",
+            "description": "The list of Certificate Matching Rule Attribute Filter objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileClientRequiredClaimsResponse"
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFiltersResponse"
             }
           },
           "default": {
@@ -19887,18 +23299,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Required Claim objects.",
+        "summary": "Get a list of Certificate Matching Rule Attribute Filter objects.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProfile"
+          "certMatchingRule"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}/clientRequiredClaims/{clientRequiredClaimName}": {
+    "/msgVpns/{msgVpnName}/certMatchingRules/{ruleName}/attributeFilters/{filterName}": {
       "get": {
-        "description": "Get a Required Claim object.\n\nAdditional claims to be verified in the ID token.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientRequiredClaimName|x|\nmsgVpnName|x|\noauthProfileName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
-        "operationId": "getMsgVpnAuthenticationOauthProfileClientRequiredClaim",
+        "description": "Get a Certificate Matching Rule Attribute Filter object.\n\nA Cert Matching Rule Attribute Filter compares a username attribute to a string.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nfilterName|x|\nmsgVpnName|x|\nruleName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "getMsgVpnCertMatchingRuleAttributeFilter",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19908,16 +23320,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the OAuth profile.",
+            "description": "The name of the rule.",
             "in": "path",
-            "name": "oauthProfileName",
+            "name": "ruleName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the ID token claim to verify.",
+            "description": "The name of the filter.",
             "in": "path",
-            "name": "clientRequiredClaimName",
+            "name": "filterName",
             "required": true,
             "type": "string"
           },
@@ -19930,9 +23342,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Required Claim object's attributes, and the request metadata.",
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileClientRequiredClaimResponse"
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilterResponse"
             }
           },
           "default": {
@@ -19947,18 +23359,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Required Claim object.",
+        "summary": "Get a Certificate Matching Rule Attribute Filter object.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProfile"
+          "certMatchingRule"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}/resourceServerRequiredClaims": {
+    "/msgVpns/{msgVpnName}/certMatchingRules/{ruleName}/conditions": {
       "get": {
-        "description": "Get a list of Required Claim objects.\n\nAdditional claims to be verified in the access token.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\noauthProfileName|x|\nresourceServerRequiredClaimName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
-        "operationId": "getMsgVpnAuthenticationOauthProfileResourceServerRequiredClaims",
+        "description": "Get a list of Certificate Matching Rule Condition objects.\n\nA Cert Matching Rule Condition compares data extracted from a certificate to a username attribute or an expression.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nruleName|x|\nsource|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "getMsgVpnCertMatchingRuleConditions",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -19968,9 +23380,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the OAuth profile.",
+            "description": "The name of the rule.",
             "in": "path",
-            "name": "oauthProfileName",
+            "name": "ruleName",
             "required": true,
             "type": "string"
           },
@@ -19992,9 +23404,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Required Claim objects' attributes, and the request metadata.",
+            "description": "The list of Certificate Matching Rule Condition objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResourceServerRequiredClaimsResponse"
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleConditionsResponse"
             }
           },
           "default": {
@@ -20009,18 +23421,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Required Claim objects.",
+        "summary": "Get a list of Certificate Matching Rule Condition objects.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProfile"
+          "certMatchingRule"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}/resourceServerRequiredClaims/{resourceServerRequiredClaimName}": {
+    "/msgVpns/{msgVpnName}/certMatchingRules/{ruleName}/conditions/{source}": {
       "get": {
-        "description": "Get a Required Claim object.\n\nAdditional claims to be verified in the access token.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\noauthProfileName|x|\nresourceServerRequiredClaimName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
-        "operationId": "getMsgVpnAuthenticationOauthProfileResourceServerRequiredClaim",
+        "description": "Get a Certificate Matching Rule Condition object.\n\nA Cert Matching Rule Condition compares data extracted from a certificate to a username attribute or an expression.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nruleName|x|\nsource|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "getMsgVpnCertMatchingRuleCondition",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20030,16 +23442,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the OAuth profile.",
+            "description": "The name of the rule.",
             "in": "path",
-            "name": "oauthProfileName",
+            "name": "ruleName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the access token claim to verify.",
+            "description": "Certificate field to be compared with the Attribute.",
             "in": "path",
-            "name": "resourceServerRequiredClaimName",
+            "name": "source",
             "required": true,
             "type": "string"
           },
@@ -20052,9 +23464,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Required Claim object's attributes, and the request metadata.",
+            "description": "The Certificate Matching Rule Condition object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResourceServerRequiredClaimResponse"
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleConditionResponse"
             }
           },
           "default": {
@@ -20069,19 +23481,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Required Claim object.",
+        "summary": "Get a Certificate Matching Rule Condition object.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProfile"
+          "certMatchingRule"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/authenticationOauthProviders": {
+    "/msgVpns/{msgVpnName}/clientProfiles": {
       "get": {
-        "deprecated": true,
-        "description": "Get a list of OAuth Provider objects.\n\nOAuth Providers contain information about the issuer of an OAuth token that is needed to validate the token and derive a client username from it.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naudienceClaimName||x\naudienceClaimSource||x\naudienceClaimValue||x\naudienceValidationEnabled||x\nauthenticationSuccessCount||x\nauthorizationGroupClaimName||x\nauthorizationGroupClaimSource||x\nauthorizationGroupEnabled||x\ndisconnectOnTokenExpirationEnabled||x\nenabled||x\njwksLastRefreshFailureReason||x\njwksLastRefreshFailureTime||x\njwksLastRefreshTime||x\njwksNextScheduledRefreshTime||x\njwksRefreshFailureCount||x\njwksRefreshInterval||x\njwksUri||x\nloginFailureIncorrectAudienceValueCount||x\nloginFailureInvalidAudienceValueCount||x\nloginFailureInvalidAuthorizationGroupValueCount||x\nloginFailureInvalidJwtSignatureCount||x\nloginFailureInvalidUsernameValueCount||x\nloginFailureMismatchedUsernameCount||x\nloginFailureMissingAudienceCount||x\nloginFailureMissingJwkCount||x\nloginFailureMissingOrInvalidTokenCount||x\nloginFailureMissingUsernameCount||x\nloginFailureTokenExpiredCount||x\nloginFailureTokenIntrospectionErroredCount||x\nloginFailureTokenIntrospectionFailureCount||x\nloginFailureTokenIntrospectionHttpsErrorCount||x\nloginFailureTokenIntrospectionInvalidCount||x\nloginFailureTokenIntrospectionTimeoutCount||x\nloginFailureTokenNotValidYetCount||x\nloginFailureUnsupportedAlgCount||x\nmissingAuthorizationGroupCount||x\nmsgVpnName|x|x\noauthProviderName|x|x\ntokenIgnoreTimeLimitsEnabled||x\ntokenIntrospectionAverageTime||x\ntokenIntrospectionLastFailureReason||x\ntokenIntrospectionLastFailureTime||x\ntokenIntrospectionParameterName||x\ntokenIntrospectionSuccessCount||x\ntokenIntrospectionTimeout||x\ntokenIntrospectionUri||x\ntokenIntrospectionUsername||x\nusernameClaimName||x\nusernameClaimSource||x\nusernameValidateEnabled||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.25. Replaced by authenticationOauthProfiles.",
-        "operationId": "getMsgVpnAuthenticationOauthProviders",
+        "description": "Get a list of Client Profile objects.\n\nClient Profiles are used to assign common configuration properties to clients that have been successfully authorized.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nallowCutThroughForwardingEnabled||x\napiQueueManagementCopyFromOnCreateName||x\napiTopicEndpointManagementCopyFromOnCreateName||x\nclientProfileName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnClientProfiles",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20108,9 +23519,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of OAuth Provider objects' attributes, and the request metadata.",
+            "description": "The list of Client Profile objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProvidersResponse"
+              "$ref": "#/definitions/MsgVpnClientProfilesResponse"
             }
           },
           "default": {
@@ -20125,19 +23536,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of OAuth Provider objects.",
+        "summary": "Get a list of Client Profile objects.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProvider"
+          "clientProfile"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/authenticationOauthProviders/{oauthProviderName}": {
+    "/msgVpns/{msgVpnName}/clientProfiles/{clientProfileName}": {
       "get": {
-        "deprecated": true,
-        "description": "Get an OAuth Provider object.\n\nOAuth Providers contain information about the issuer of an OAuth token that is needed to validate the token and derive a client username from it.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\naudienceClaimName||x\naudienceClaimSource||x\naudienceClaimValue||x\naudienceValidationEnabled||x\nauthenticationSuccessCount||x\nauthorizationGroupClaimName||x\nauthorizationGroupClaimSource||x\nauthorizationGroupEnabled||x\ndisconnectOnTokenExpirationEnabled||x\nenabled||x\njwksLastRefreshFailureReason||x\njwksLastRefreshFailureTime||x\njwksLastRefreshTime||x\njwksNextScheduledRefreshTime||x\njwksRefreshFailureCount||x\njwksRefreshInterval||x\njwksUri||x\nloginFailureIncorrectAudienceValueCount||x\nloginFailureInvalidAudienceValueCount||x\nloginFailureInvalidAuthorizationGroupValueCount||x\nloginFailureInvalidJwtSignatureCount||x\nloginFailureInvalidUsernameValueCount||x\nloginFailureMismatchedUsernameCount||x\nloginFailureMissingAudienceCount||x\nloginFailureMissingJwkCount||x\nloginFailureMissingOrInvalidTokenCount||x\nloginFailureMissingUsernameCount||x\nloginFailureTokenExpiredCount||x\nloginFailureTokenIntrospectionErroredCount||x\nloginFailureTokenIntrospectionFailureCount||x\nloginFailureTokenIntrospectionHttpsErrorCount||x\nloginFailureTokenIntrospectionInvalidCount||x\nloginFailureTokenIntrospectionTimeoutCount||x\nloginFailureTokenNotValidYetCount||x\nloginFailureUnsupportedAlgCount||x\nmissingAuthorizationGroupCount||x\nmsgVpnName|x|x\noauthProviderName|x|x\ntokenIgnoreTimeLimitsEnabled||x\ntokenIntrospectionAverageTime||x\ntokenIntrospectionLastFailureReason||x\ntokenIntrospectionLastFailureTime||x\ntokenIntrospectionParameterName||x\ntokenIntrospectionSuccessCount||x\ntokenIntrospectionTimeout||x\ntokenIntrospectionUri||x\ntokenIntrospectionUsername||x\nusernameClaimName||x\nusernameClaimSource||x\nusernameValidateEnabled||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.25. Replaced by authenticationOauthProfiles.",
-        "operationId": "getMsgVpnAuthenticationOauthProvider",
+        "description": "Get a Client Profile object.\n\nClient Profiles are used to assign common configuration properties to clients that have been successfully authorized.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nallowCutThroughForwardingEnabled||x\napiQueueManagementCopyFromOnCreateName||x\napiTopicEndpointManagementCopyFromOnCreateName||x\nclientProfileName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnClientProfile",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20147,9 +23557,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the OAuth Provider.",
+            "description": "The name of the Client Profile.",
             "in": "path",
-            "name": "oauthProviderName",
+            "name": "clientProfileName",
             "required": true,
             "type": "string"
           },
@@ -20162,9 +23572,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The OAuth Provider object's attributes, and the request metadata.",
+            "description": "The Client Profile object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthenticationOauthProviderResponse"
+              "$ref": "#/definitions/MsgVpnClientProfileResponse"
             }
           },
           "default": {
@@ -20179,18 +23589,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get an OAuth Provider object.",
+        "summary": "Get a Client Profile object.",
         "tags": [
           "all",
           "msgVpn",
-          "authenticationOauthProvider"
+          "clientProfile"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/authorizationGroups": {
+    "/msgVpns/{msgVpnName}/clientUsernames": {
       "get": {
-        "description": "Get a list of Authorization Group objects.\n\nTo use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nauthorizationGroupName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnAuthorizationGroups",
+        "description": "Get a list of Client Username objects.\n\nA client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientUsername|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnClientUsernames",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20217,9 +23627,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Authorization Group objects' attributes, and the request metadata.",
+            "description": "The list of Client Username objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthorizationGroupsResponse"
+              "$ref": "#/definitions/MsgVpnClientUsernamesResponse"
             }
           },
           "default": {
@@ -20234,18 +23644,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Authorization Group objects.",
+        "summary": "Get a list of Client Username objects.",
         "tags": [
           "all",
           "msgVpn",
-          "authorizationGroup"
+          "clientUsername"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/authorizationGroups/{authorizationGroupName}": {
+    "/msgVpns/{msgVpnName}/clientUsernames/{clientUsername}": {
       "get": {
-        "description": "Get an Authorization Group object.\n\nTo use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nauthorizationGroupName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnAuthorizationGroup",
+        "description": "Get a Client Username object.\n\nA client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientUsername|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnClientUsername",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20255,9 +23665,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the Authorization Group. For LDAP groups, special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\\#,lab,com'.",
+            "description": "The name of the Client Username.",
             "in": "path",
-            "name": "authorizationGroupName",
+            "name": "clientUsername",
             "required": true,
             "type": "string"
           },
@@ -20270,9 +23680,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Authorization Group object's attributes, and the request metadata.",
+            "description": "The Client Username object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnAuthorizationGroupResponse"
+              "$ref": "#/definitions/MsgVpnClientUsernameResponse"
             }
           },
           "default": {
@@ -20287,18 +23697,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get an Authorization Group object.",
+        "summary": "Get a Client Username object.",
         "tags": [
           "all",
           "msgVpn",
-          "authorizationGroup"
+          "clientUsername"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/bridges": {
+    "/msgVpns/{msgVpnName}/clientUsernames/{clientUsername}/attributes": {
       "get": {
-        "description": "Get a list of Bridge objects.\n\nBridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nbridgeName|x|\nbridgeVirtualRouter|x|\ncounter.controlRxByteCount||x\ncounter.controlRxMsgCount||x\ncounter.controlTxByteCount||x\ncounter.controlTxMsgCount||x\ncounter.dataRxByteCount||x\ncounter.dataRxMsgCount||x\ncounter.dataTxByteCount||x\ncounter.dataTxMsgCount||x\ncounter.discardedRxMsgCount||x\ncounter.discardedTxMsgCount||x\ncounter.loginRxMsgCount||x\ncounter.loginTxMsgCount||x\ncounter.msgSpoolRxMsgCount||x\ncounter.rxByteCount||x\ncounter.rxMsgCount||x\ncounter.txByteCount||x\ncounter.txMsgCount||x\nmsgVpnName|x|\nrate.averageRxByteRate||x\nrate.averageRxMsgRate||x\nrate.averageTxByteRate||x\nrate.averageTxMsgRate||x\nrate.rxByteRate||x\nrate.rxMsgRate||x\nrate.txByteRate||x\nrate.txMsgRate||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnBridges",
+        "description": "Get a list of Client Username Attribute objects.\n\nA ClientUsername Attribute is a key+value pair that can be used to locate a client username, for example when using client certificate mapping.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nattributeName|x|\nattributeValue|x|\nclientUsername|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "getMsgVpnClientUsernameAttributes",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20307,6 +23717,13 @@
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The name of the Client Username.",
+            "in": "path",
+            "name": "clientUsername",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -20325,9 +23742,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Bridge objects' attributes, and the request metadata.",
+            "description": "The list of Client Username Attribute objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgesResponse"
+              "$ref": "#/definitions/MsgVpnClientUsernameAttributesResponse"
             }
           },
           "default": {
@@ -20342,18 +23759,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Bridge objects.",
+        "summary": "Get a list of Client Username Attribute objects.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "clientUsername"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}": {
+    "/msgVpns/{msgVpnName}/clientUsernames/{clientUsername}/attributes/{attributeName},{attributeValue}": {
       "get": {
-        "description": "Get a Bridge object.\n\nBridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nbridgeName|x|\nbridgeVirtualRouter|x|\ncounter.controlRxByteCount||x\ncounter.controlRxMsgCount||x\ncounter.controlTxByteCount||x\ncounter.controlTxMsgCount||x\ncounter.dataRxByteCount||x\ncounter.dataRxMsgCount||x\ncounter.dataTxByteCount||x\ncounter.dataTxMsgCount||x\ncounter.discardedRxMsgCount||x\ncounter.discardedTxMsgCount||x\ncounter.loginRxMsgCount||x\ncounter.loginTxMsgCount||x\ncounter.msgSpoolRxMsgCount||x\ncounter.rxByteCount||x\ncounter.rxMsgCount||x\ncounter.txByteCount||x\ncounter.txMsgCount||x\nmsgVpnName|x|\nrate.averageRxByteRate||x\nrate.averageRxMsgRate||x\nrate.averageTxByteRate||x\nrate.averageTxMsgRate||x\nrate.rxByteRate||x\nrate.rxMsgRate||x\nrate.txByteRate||x\nrate.txMsgRate||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnBridge",
+        "description": "Get a Client Username Attribute object.\n\nA ClientUsername Attribute is a key+value pair that can be used to locate a client username, for example when using client certificate mapping.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nattributeName|x|\nattributeValue|x|\nclientUsername|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "getMsgVpnClientUsernameAttribute",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20363,16 +23780,23 @@
             "type": "string"
           },
           {
-            "description": "The name of the Bridge.",
+            "description": "The name of the Client Username.",
             "in": "path",
-            "name": "bridgeName",
+            "name": "clientUsername",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The virtual router of the Bridge.",
+            "description": "The name of the Attribute.",
             "in": "path",
-            "name": "bridgeVirtualRouter",
+            "name": "attributeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The value of the Attribute.",
+            "in": "path",
+            "name": "attributeValue",
             "required": true,
             "type": "string"
           },
@@ -20385,9 +23809,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Bridge object's attributes, and the request metadata.",
+            "description": "The Client Username Attribute object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeResponse"
+              "$ref": "#/definitions/MsgVpnClientUsernameAttributeResponse"
             }
           },
           "default": {
@@ -20402,18 +23826,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Bridge object.",
+        "summary": "Get a Client Username Attribute object.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "clientUsername"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/localSubscriptions": {
+    "/msgVpns/{msgVpnName}/clients": {
       "get": {
-        "description": "Get a list of Bridge Local Subscriptions objects.\n\nA Local Subscription is a topic subscription used by a remote Message VPN Bridge to attract messages from this broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nbridgeName|x|\nbridgeVirtualRouter|x|\nlocalSubscriptionTopic|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnBridgeLocalSubscriptions",
+        "description": "Get a list of Client objects.\n\nApplications or devices that connect to message brokers to send and/or receive messages are represented as Clients.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
+        "operationId": "getMsgVpnClients",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20422,20 +23846,6 @@
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The name of the Bridge.",
-            "in": "path",
-            "name": "bridgeName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The virtual router of the Bridge.",
-            "in": "path",
-            "name": "bridgeVirtualRouter",
-            "required": true,
-            "type": "string"
-          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -20454,9 +23864,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Bridge Local Subscriptions objects' attributes, and the request metadata.",
+            "description": "The list of Client objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeLocalSubscriptionsResponse"
+              "$ref": "#/definitions/MsgVpnClientsResponse"
             }
           },
           "default": {
@@ -20471,18 +23881,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Bridge Local Subscriptions objects.",
+        "summary": "Get a list of Client objects.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "client"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/localSubscriptions/{localSubscriptionTopic}": {
+    "/msgVpns/{msgVpnName}/clients/{clientName}": {
       "get": {
-        "description": "Get a Bridge Local Subscriptions object.\n\nA Local Subscription is a topic subscription used by a remote Message VPN Bridge to attract messages from this broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nbridgeName|x|\nbridgeVirtualRouter|x|\nlocalSubscriptionTopic|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnBridgeLocalSubscription",
+        "description": "Get a Client object.\n\nApplications or devices that connect to message brokers to send and/or receive messages are represented as Clients.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
+        "operationId": "getMsgVpnClient",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20492,23 +23902,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the Bridge.",
-            "in": "path",
-            "name": "bridgeName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The virtual router of the Bridge.",
-            "in": "path",
-            "name": "bridgeVirtualRouter",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The topic of the Bridge local subscription.",
+            "description": "The name of the Client.",
             "in": "path",
-            "name": "localSubscriptionTopic",
+            "name": "clientName",
             "required": true,
             "type": "string"
           },
@@ -20521,9 +23917,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Bridge Local Subscriptions object's attributes, and the request metadata.",
+            "description": "The Client object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeLocalSubscriptionResponse"
+              "$ref": "#/definitions/MsgVpnClientResponse"
             }
           },
           "default": {
@@ -20538,18 +23934,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Bridge Local Subscriptions object.",
+        "summary": "Get a Client object.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "client"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/remoteMsgVpns": {
+    "/msgVpns/{msgVpnName}/clients/{clientName}/connections": {
       "get": {
-        "description": "Get a list of Remote Message VPN objects.\n\nThe Remote Message VPN is the Message VPN that the Bridge connects to.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nbridgeName|x|\nbridgeVirtualRouter|x|\nmsgVpnName|x|\nremoteMsgVpnInterface|x|\nremoteMsgVpnLocation|x|\nremoteMsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnBridgeRemoteMsgVpns",
+        "description": "Get a list of Client Connection objects.\n\nA Client Connection represents the Transmission Control Protocol (TCP) connection the Client uses to communicate with the message broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientAddress|x|\nclientName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
+        "operationId": "getMsgVpnClientConnections",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20559,18 +23955,17 @@
             "type": "string"
           },
           {
-            "description": "The name of the Bridge.",
+            "description": "The name of the Client.",
             "in": "path",
-            "name": "bridgeName",
+            "name": "clientName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The virtual router of the Bridge.",
-            "in": "path",
-            "name": "bridgeVirtualRouter",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
           },
           {
             "$ref": "#/parameters/whereQuery"
@@ -20584,9 +23979,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Remote Message VPN objects' attributes, and the request metadata.",
+            "description": "The list of Client Connection objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpnsResponse"
+              "$ref": "#/definitions/MsgVpnClientConnectionsResponse"
             }
           },
           "default": {
@@ -20601,18 +23996,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Remote Message VPN objects.",
+        "summary": "Get a list of Client Connection objects.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "client"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/remoteMsgVpns/{remoteMsgVpnName},{remoteMsgVpnLocation},{remoteMsgVpnInterface}": {
+    "/msgVpns/{msgVpnName}/clients/{clientName}/connections/{clientAddress}": {
       "get": {
-        "description": "Get a Remote Message VPN object.\n\nThe Remote Message VPN is the Message VPN that the Bridge connects to.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nbridgeName|x|\nbridgeVirtualRouter|x|\nmsgVpnName|x|\nremoteMsgVpnInterface|x|\nremoteMsgVpnLocation|x|\nremoteMsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnBridgeRemoteMsgVpn",
+        "description": "Get a Client Connection object.\n\nA Client Connection represents the Transmission Control Protocol (TCP) connection the Client uses to communicate with the message broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientAddress|x|\nclientName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
+        "operationId": "getMsgVpnClientConnection",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20622,37 +24017,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the Bridge.",
-            "in": "path",
-            "name": "bridgeName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The virtual router of the Bridge.",
-            "in": "path",
-            "name": "bridgeVirtualRouter",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the remote Message VPN.",
-            "in": "path",
-            "name": "remoteMsgVpnName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The location of the remote Message VPN as either an FQDN with port, IP address with port, or virtual router name (starting with \"v:\").",
+            "description": "The name of the Client.",
             "in": "path",
-            "name": "remoteMsgVpnLocation",
+            "name": "clientName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The physical interface on the local Message VPN host for connecting to the remote Message VPN. By default, an interface is chosen automatically (recommended), but if specified, `remoteMsgVpnLocation` must not be a virtual router name.",
+            "description": "The IP address and TCP port on the Client side of the Client Connection.",
             "in": "path",
-            "name": "remoteMsgVpnInterface",
+            "name": "clientAddress",
             "required": true,
             "type": "string"
           },
@@ -20665,9 +24039,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Remote Message VPN object's attributes, and the request metadata.",
+            "description": "The Client Connection object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpnResponse"
+              "$ref": "#/definitions/MsgVpnClientConnectionResponse"
             }
           },
           "default": {
@@ -20682,18 +24056,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Remote Message VPN object.",
+        "summary": "Get a Client Connection object.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "client"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/remoteSubscriptions": {
+    "/msgVpns/{msgVpnName}/clients/{clientName}/rxFlows": {
       "get": {
-        "description": "Get a list of Remote Subscription objects.\n\nA Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nbridgeName|x|\nbridgeVirtualRouter|x|\nmsgVpnName|x|\nremoteSubscriptionTopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnBridgeRemoteSubscriptions",
+        "description": "Get a list of Client Receive Flow objects.\n\nClient Receive Flows are used by clients to publish Guaranteed messages to a message broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientName|x|\nflowId|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
+        "operationId": "getMsgVpnClientRxFlows",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20703,16 +24077,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the Bridge.",
-            "in": "path",
-            "name": "bridgeName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The virtual router of the Bridge.",
+            "description": "The name of the Client.",
             "in": "path",
-            "name": "bridgeVirtualRouter",
+            "name": "clientName",
             "required": true,
             "type": "string"
           },
@@ -20734,9 +24101,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Remote Subscription objects' attributes, and the request metadata.",
+            "description": "The list of Client Receive Flow objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeRemoteSubscriptionsResponse"
+              "$ref": "#/definitions/MsgVpnClientRxFlowsResponse"
             }
           },
           "default": {
@@ -20751,18 +24118,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Remote Subscription objects.",
+        "summary": "Get a list of Client Receive Flow objects.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "client"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/remoteSubscriptions/{remoteSubscriptionTopic}": {
+    "/msgVpns/{msgVpnName}/clients/{clientName}/rxFlows/{flowId}": {
       "get": {
-        "description": "Get a Remote Subscription object.\n\nA Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nbridgeName|x|\nbridgeVirtualRouter|x|\nmsgVpnName|x|\nremoteSubscriptionTopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnBridgeRemoteSubscription",
+        "description": "Get a Client Receive Flow object.\n\nClient Receive Flows are used by clients to publish Guaranteed messages to a message broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientName|x|\nflowId|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
+        "operationId": "getMsgVpnClientRxFlow",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20772,23 +24139,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the Bridge.",
-            "in": "path",
-            "name": "bridgeName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The virtual router of the Bridge.",
+            "description": "The name of the Client.",
             "in": "path",
-            "name": "bridgeVirtualRouter",
+            "name": "clientName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The topic of the Bridge remote subscription.",
+            "description": "The identifier (ID) of the flow.",
             "in": "path",
-            "name": "remoteSubscriptionTopic",
+            "name": "flowId",
             "required": true,
             "type": "string"
           },
@@ -20801,9 +24161,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Remote Subscription object's attributes, and the request metadata.",
+            "description": "The Client Receive Flow object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeRemoteSubscriptionResponse"
+              "$ref": "#/definitions/MsgVpnClientRxFlowResponse"
             }
           },
           "default": {
@@ -20818,19 +24178,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Remote Subscription object.",
+        "summary": "Get a Client Receive Flow object.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "client"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/tlsTrustedCommonNames": {
+    "/msgVpns/{msgVpnName}/clients/{clientName}/subscriptions": {
       "get": {
-        "deprecated": true,
-        "description": "Get a list of Trusted Common Name objects.\n\nThe Trusted Common Names for the Bridge are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nbridgeName|x|x\nbridgeVirtualRouter|x|x\nmsgVpnName|x|x\ntlsTrustedCommonName|x|x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
-        "operationId": "getMsgVpnBridgeTlsTrustedCommonNames",
+        "description": "Get a list of Client Subscription objects.\n\nOnce clients are authenticated on the message broker they can add and remove Client Subscriptions for Direct messages published to the Message VPN to which they have connected.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientName|x|\nmsgVpnName|x|\nsubscriptionTopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
+        "operationId": "getMsgVpnClientSubscriptions",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20840,18 +24199,17 @@
             "type": "string"
           },
           {
-            "description": "The name of the Bridge.",
+            "description": "The name of the Client.",
             "in": "path",
-            "name": "bridgeName",
+            "name": "clientName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The virtual router of the Bridge.",
-            "in": "path",
-            "name": "bridgeVirtualRouter",
-            "required": true,
-            "type": "string"
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
           },
           {
             "$ref": "#/parameters/whereQuery"
@@ -20865,9 +24223,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Trusted Common Name objects' attributes, and the request metadata.",
+            "description": "The list of Client Subscription objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeTlsTrustedCommonNamesResponse"
+              "$ref": "#/definitions/MsgVpnClientSubscriptionsResponse"
             }
           },
           "default": {
@@ -20882,19 +24240,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Trusted Common Name objects.",
+        "summary": "Get a list of Client Subscription objects.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "client"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/tlsTrustedCommonNames/{tlsTrustedCommonName}": {
+    "/msgVpns/{msgVpnName}/clients/{clientName}/subscriptions/{subscriptionTopic}": {
       "get": {
-        "deprecated": true,
-        "description": "Get a Trusted Common Name object.\n\nThe Trusted Common Names for the Bridge are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nbridgeName|x|x\nbridgeVirtualRouter|x|x\nmsgVpnName|x|x\ntlsTrustedCommonName|x|x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
-        "operationId": "getMsgVpnBridgeTlsTrustedCommonName",
+        "description": "Get a Client Subscription object.\n\nOnce clients are authenticated on the message broker they can add and remove Client Subscriptions for Direct messages published to the Message VPN to which they have connected.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientName|x|\nmsgVpnName|x|\nsubscriptionTopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
+        "operationId": "getMsgVpnClientSubscription",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20904,23 +24261,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the Bridge.",
-            "in": "path",
-            "name": "bridgeName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The virtual router of the Bridge.",
+            "description": "The name of the Client.",
             "in": "path",
-            "name": "bridgeVirtualRouter",
+            "name": "clientName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The expected trusted common name of the remote certificate.",
+            "description": "The topic of the Subscription.",
             "in": "path",
-            "name": "tlsTrustedCommonName",
+            "name": "subscriptionTopic",
             "required": true,
             "type": "string"
           },
@@ -20933,9 +24283,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Trusted Common Name object's attributes, and the request metadata.",
+            "description": "The Client Subscription object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnBridgeTlsTrustedCommonNameResponse"
+              "$ref": "#/definitions/MsgVpnClientSubscriptionResponse"
             }
           },
           "default": {
@@ -20950,18 +24300,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Trusted Common Name object.",
+        "summary": "Get a Client Subscription object.",
         "tags": [
           "all",
           "msgVpn",
-          "bridge"
+          "client"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/clientProfiles": {
+    "/msgVpns/{msgVpnName}/clients/{clientName}/transactedSessions": {
       "get": {
-        "description": "Get a list of Client Profile objects.\n\nClient Profiles are used to assign common configuration properties to clients that have been successfully authorized.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nallowCutThroughForwardingEnabled||x\napiQueueManagementCopyFromOnCreateName||x\napiTopicEndpointManagementCopyFromOnCreateName||x\nclientProfileName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnClientProfiles",
+        "description": "Get a list of Client Transacted Session objects.\n\nTransacted Sessions enable clients to group multiple message send and/or receive operations together in single, atomic units known as local transactions.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientName|x|\nmsgVpnName|x|\nsessionName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
+        "operationId": "getMsgVpnClientTransactedSessions",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -20970,6 +24320,13 @@
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The name of the Client.",
+            "in": "path",
+            "name": "clientName",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -20988,9 +24345,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Client Profile objects' attributes, and the request metadata.",
+            "description": "The list of Client Transacted Session objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientProfilesResponse"
+              "$ref": "#/definitions/MsgVpnClientTransactedSessionsResponse"
             }
           },
           "default": {
@@ -21005,18 +24362,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Client Profile objects.",
+        "summary": "Get a list of Client Transacted Session objects.",
         "tags": [
           "all",
           "msgVpn",
-          "clientProfile"
+          "client"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/clientProfiles/{clientProfileName}": {
+    "/msgVpns/{msgVpnName}/clients/{clientName}/transactedSessions/{sessionName}": {
       "get": {
-        "description": "Get a Client Profile object.\n\nClient Profiles are used to assign common configuration properties to clients that have been successfully authorized.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nallowCutThroughForwardingEnabled||x\napiQueueManagementCopyFromOnCreateName||x\napiTopicEndpointManagementCopyFromOnCreateName||x\nclientProfileName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnClientProfile",
+        "description": "Get a Client Transacted Session object.\n\nTransacted Sessions enable clients to group multiple message send and/or receive operations together in single, atomic units known as local transactions.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientName|x|\nmsgVpnName|x|\nsessionName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
+        "operationId": "getMsgVpnClientTransactedSession",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21026,9 +24383,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the Client Profile.",
+            "description": "The name of the Client.",
             "in": "path",
-            "name": "clientProfileName",
+            "name": "clientName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Transacted Session.",
+            "in": "path",
+            "name": "sessionName",
             "required": true,
             "type": "string"
           },
@@ -21041,9 +24405,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Client Profile object's attributes, and the request metadata.",
+            "description": "The Client Transacted Session object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientProfileResponse"
+              "$ref": "#/definitions/MsgVpnClientTransactedSessionResponse"
             }
           },
           "default": {
@@ -21058,18 +24422,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Client Profile object.",
+        "summary": "Get a Client Transacted Session object.",
         "tags": [
           "all",
           "msgVpn",
-          "clientProfile"
+          "client"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/clientUsernames": {
+    "/msgVpns/{msgVpnName}/clients/{clientName}/txFlows": {
       "get": {
-        "description": "Get a list of Client Username objects.\n\nA client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientUsername|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnClientUsernames",
+        "description": "Get a list of Client Transmit Flow objects.\n\nClient Transmit Flows are used by clients to consume Guaranteed messages from a message broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientName|x|\nflowId|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
+        "operationId": "getMsgVpnClientTxFlows",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21078,6 +24442,13 @@
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The name of the Client.",
+            "in": "path",
+            "name": "clientName",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -21096,9 +24467,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Client Username objects' attributes, and the request metadata.",
+            "description": "The list of Client Transmit Flow objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientUsernamesResponse"
+              "$ref": "#/definitions/MsgVpnClientTxFlowsResponse"
             }
           },
           "default": {
@@ -21113,18 +24484,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Client Username objects.",
+        "summary": "Get a list of Client Transmit Flow objects.",
         "tags": [
           "all",
           "msgVpn",
-          "clientUsername"
+          "client"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/clientUsernames/{clientUsername}": {
+    "/msgVpns/{msgVpnName}/clients/{clientName}/txFlows/{flowId}": {
       "get": {
-        "description": "Get a Client Username object.\n\nA client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientUsername|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnClientUsername",
+        "description": "Get a Client Transmit Flow object.\n\nClient Transmit Flows are used by clients to consume Guaranteed messages from a message broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientName|x|\nflowId|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
+        "operationId": "getMsgVpnClientTxFlow",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21134,9 +24505,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the Client Username.",
+            "description": "The name of the Client.",
             "in": "path",
-            "name": "clientUsername",
+            "name": "clientName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The identifier (ID) of the flow.",
+            "in": "path",
+            "name": "flowId",
             "required": true,
             "type": "string"
           },
@@ -21149,9 +24527,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Client Username object's attributes, and the request metadata.",
+            "description": "The Client Transmit Flow object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientUsernameResponse"
+              "$ref": "#/definitions/MsgVpnClientTxFlowResponse"
             }
           },
           "default": {
@@ -21166,18 +24544,19 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Client Username object.",
+        "summary": "Get a Client Transmit Flow object.",
         "tags": [
           "all",
           "msgVpn",
-          "clientUsername"
+          "client"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/clients": {
+    "/msgVpns/{msgVpnName}/configSyncRemoteNodes": {
       "get": {
-        "description": "Get a list of Client objects.\n\nApplications or devices that connect to message brokers to send and/or receive messages are represented as Clients.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
-        "operationId": "getMsgVpnClients",
+        "deprecated": true,
+        "description": "Get a list of Config Sync Remote Node objects.\n\nA Config Sync Remote Node object contains information about the status of the table for this Message VPN with respect to a remote node.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nlastMsgRxTime||x\nmsgVpnName|x|x\nremoteNodeName|x|x\nrole||x\nstale||x\nstate||x\ntimeInState||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.22. This attribute has been deprecated.",
+        "operationId": "getMsgVpnConfigSyncRemoteNodes",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21204,9 +24583,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Client objects' attributes, and the request metadata.",
+            "description": "The list of Config Sync Remote Node objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientsResponse"
+              "$ref": "#/definitions/MsgVpnConfigSyncRemoteNodesResponse"
             }
           },
           "default": {
@@ -21221,18 +24600,19 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Client objects.",
+        "summary": "Get a list of Config Sync Remote Node objects.",
         "tags": [
           "all",
           "msgVpn",
-          "client"
+          "configSyncRemoteNode"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/clients/{clientName}": {
+    "/msgVpns/{msgVpnName}/configSyncRemoteNodes/{remoteNodeName}": {
       "get": {
-        "description": "Get a Client object.\n\nApplications or devices that connect to message brokers to send and/or receive messages are represented as Clients.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
-        "operationId": "getMsgVpnClient",
+        "deprecated": true,
+        "description": "Get a Config Sync Remote Node object.\n\nA Config Sync Remote Node object contains information about the status of the table for this Message VPN with respect to a remote node.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nlastMsgRxTime||x\nmsgVpnName|x|x\nremoteNodeName|x|x\nrole||x\nstale||x\nstate||x\ntimeInState||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.22. This attribute has been deprecated.",
+        "operationId": "getMsgVpnConfigSyncRemoteNode",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21242,9 +24622,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the Client.",
+            "description": "The name of the Config Sync Remote Node.",
             "in": "path",
-            "name": "clientName",
+            "name": "remoteNodeName",
             "required": true,
             "type": "string"
           },
@@ -21257,9 +24637,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Client object's attributes, and the request metadata.",
+            "description": "The Config Sync Remote Node object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientResponse"
+              "$ref": "#/definitions/MsgVpnConfigSyncRemoteNodeResponse"
             }
           },
           "default": {
@@ -21274,18 +24654,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Client object.",
+        "summary": "Get a Config Sync Remote Node object.",
         "tags": [
           "all",
           "msgVpn",
-          "client"
+          "configSyncRemoteNode"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/clients/{clientName}/connections": {
+    "/msgVpns/{msgVpnName}/distributedCaches": {
       "get": {
-        "description": "Get a list of Client Connection objects.\n\nA Client Connection represents the Transmission Control Protocol (TCP) connection the Client uses to communicate with the message broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientAddress|x|\nclientName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
-        "operationId": "getMsgVpnClientConnections",
+        "description": "Get a list of Distributed Cache objects.\n\nA Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCaches",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21294,13 +24674,6 @@
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The name of the Client.",
-            "in": "path",
-            "name": "clientName",
-            "required": true,
-            "type": "string"
-          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -21319,9 +24692,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Client Connection objects' attributes, and the request metadata.",
+            "description": "The list of Distributed Cache objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientConnectionsResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCachesResponse"
             }
           },
           "default": {
@@ -21336,18 +24709,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Client Connection objects.",
+        "summary": "Get a list of Distributed Cache objects.",
         "tags": [
           "all",
           "msgVpn",
-          "client"
+          "distributedCache"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/clients/{clientName}/connections/{clientAddress}": {
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}": {
       "get": {
-        "description": "Get a Client Connection object.\n\nA Client Connection represents the Transmission Control Protocol (TCP) connection the Client uses to communicate with the message broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientAddress|x|\nclientName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
-        "operationId": "getMsgVpnClientConnection",
+        "description": "Get a Distributed Cache object.\n\nA Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCache",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21357,16 +24730,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the Client.",
-            "in": "path",
-            "name": "clientName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The IP address and TCP port on the Client side of the Client Connection.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "clientAddress",
+            "name": "cacheName",
             "required": true,
             "type": "string"
           },
@@ -21379,9 +24745,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Client Connection object's attributes, and the request metadata.",
+            "description": "The Distributed Cache object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientConnectionResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheResponse"
             }
           },
           "default": {
@@ -21396,18 +24762,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Client Connection object.",
+        "summary": "Get a Distributed Cache object.",
         "tags": [
           "all",
           "msgVpn",
-          "client"
+          "distributedCache"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/clients/{clientName}/rxFlows": {
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters": {
       "get": {
-        "description": "Get a list of Client Receive Flow objects.\n\nClient Receive Flows are used by clients to publish Guaranteed messages to a message broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientName|x|\nflowId|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
-        "operationId": "getMsgVpnClientRxFlows",
+        "description": "Get a list of Cache Cluster objects.\n\nA Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusters",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21417,9 +24783,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the Client.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "clientName",
+            "name": "cacheName",
             "required": true,
             "type": "string"
           },
@@ -21441,9 +24807,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Client Receive Flow objects' attributes, and the request metadata.",
+            "description": "The list of Cache Cluster objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientRxFlowsResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClustersResponse"
             }
           },
           "default": {
@@ -21458,18 +24824,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Client Receive Flow objects.",
+        "summary": "Get a list of Cache Cluster objects.",
         "tags": [
           "all",
           "msgVpn",
-          "client"
+          "distributedCache"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/clients/{clientName}/rxFlows/{flowId}": {
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}": {
       "get": {
-        "description": "Get a Client Receive Flow object.\n\nClient Receive Flows are used by clients to publish Guaranteed messages to a message broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientName|x|\nflowId|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
-        "operationId": "getMsgVpnClientRxFlow",
+        "description": "Get a Cache Cluster object.\n\nA Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheCluster",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21479,16 +24845,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the Client.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "clientName",
+            "name": "cacheName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The identifier (ID) of the flow.",
+            "description": "The name of the Cache Cluster.",
             "in": "path",
-            "name": "flowId",
+            "name": "clusterName",
             "required": true,
             "type": "string"
           },
@@ -21501,9 +24867,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Client Receive Flow object's attributes, and the request metadata.",
+            "description": "The Cache Cluster object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientRxFlowResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterResponse"
             }
           },
           "default": {
@@ -21518,18 +24884,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Client Receive Flow object.",
+        "summary": "Get a Cache Cluster object.",
         "tags": [
           "all",
           "msgVpn",
-          "client"
+          "distributedCache"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/clients/{clientName}/subscriptions": {
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/globalCachingHomeClusters": {
       "get": {
-        "description": "Get a list of Client Subscription objects.\n\nOnce clients are authenticated on the message broker they can add and remove Client Subscriptions for Direct messages published to the Message VPN to which they have connected.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientName|x|\nmsgVpnName|x|\nsubscriptionTopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
-        "operationId": "getMsgVpnClientSubscriptions",
+        "description": "Get a list of Home Cache Cluster objects.\n\nA Home Cache Cluster is a Cache Cluster that is the \"definitive\" Cache Cluster for a given topic in the context of the Global Caching feature.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\nhomeClusterName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterGlobalCachingHomeClusters",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21539,9 +24905,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the Client.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "clientName",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
             "required": true,
             "type": "string"
           },
@@ -21563,9 +24936,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Client Subscription objects' attributes, and the request metadata.",
+            "description": "The list of Home Cache Cluster objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientSubscriptionsResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClustersResponse"
             }
           },
           "default": {
@@ -21580,18 +24953,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Client Subscription objects.",
+        "summary": "Get a list of Home Cache Cluster objects.",
         "tags": [
           "all",
           "msgVpn",
-          "client"
+          "distributedCache"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/clients/{clientName}/subscriptions/{subscriptionTopic}": {
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/globalCachingHomeClusters/{homeClusterName}": {
       "get": {
-        "description": "Get a Client Subscription object.\n\nOnce clients are authenticated on the message broker they can add and remove Client Subscriptions for Direct messages published to the Message VPN to which they have connected.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientName|x|\nmsgVpnName|x|\nsubscriptionTopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
-        "operationId": "getMsgVpnClientSubscription",
+        "description": "Get a Home Cache Cluster object.\n\nA Home Cache Cluster is a Cache Cluster that is the \"definitive\" Cache Cluster for a given topic in the context of the Global Caching feature.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\nhomeClusterName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterGlobalCachingHomeCluster",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21601,16 +24974,23 @@
             "type": "string"
           },
           {
-            "description": "The name of the Client.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "clientName",
+            "name": "cacheName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The topic of the Subscription.",
+            "description": "The name of the Cache Cluster.",
             "in": "path",
-            "name": "subscriptionTopic",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the remote Home Cache Cluster.",
+            "in": "path",
+            "name": "homeClusterName",
             "required": true,
             "type": "string"
           },
@@ -21623,9 +25003,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Client Subscription object's attributes, and the request metadata.",
+            "description": "The Home Cache Cluster object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientSubscriptionResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterResponse"
             }
           },
           "default": {
@@ -21640,18 +25020,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Client Subscription object.",
+        "summary": "Get a Home Cache Cluster object.",
         "tags": [
           "all",
           "msgVpn",
-          "client"
+          "distributedCache"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/clients/{clientName}/transactedSessions": {
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/globalCachingHomeClusters/{homeClusterName}/topicPrefixes": {
       "get": {
-        "description": "Get a list of Client Transacted Session objects.\n\nTransacted Sessions enable clients to group multiple message send and/or receive operations together in single, atomic units known as local transactions.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientName|x|\nmsgVpnName|x|\nsessionName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
-        "operationId": "getMsgVpnClientTransactedSessions",
+        "description": "Get a list of Topic Prefix objects.\n\nA Topic Prefix is a prefix for a global topic that is available from the containing Home Cache Cluster.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\nhomeClusterName|x|\nmsgVpnName|x|\ntopicPrefix|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefixes",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21661,9 +25041,23 @@
             "type": "string"
           },
           {
-            "description": "The name of the Client.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "clientName",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the remote Home Cache Cluster.",
+            "in": "path",
+            "name": "homeClusterName",
             "required": true,
             "type": "string"
           },
@@ -21685,9 +25079,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Client Transacted Session objects' attributes, and the request metadata.",
+            "description": "The list of Topic Prefix objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientTransactedSessionsResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefixesResponse"
             }
           },
           "default": {
@@ -21702,18 +25096,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Client Transacted Session objects.",
+        "summary": "Get a list of Topic Prefix objects.",
         "tags": [
           "all",
           "msgVpn",
-          "client"
+          "distributedCache"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/clients/{clientName}/transactedSessions/{sessionName}": {
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/globalCachingHomeClusters/{homeClusterName}/topicPrefixes/{topicPrefix}": {
       "get": {
-        "description": "Get a Client Transacted Session object.\n\nTransacted Sessions enable clients to group multiple message send and/or receive operations together in single, atomic units known as local transactions.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientName|x|\nmsgVpnName|x|\nsessionName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
-        "operationId": "getMsgVpnClientTransactedSession",
+        "description": "Get a Topic Prefix object.\n\nA Topic Prefix is a prefix for a global topic that is available from the containing Home Cache Cluster.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\nhomeClusterName|x|\nmsgVpnName|x|\ntopicPrefix|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefix",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21723,16 +25117,30 @@
             "type": "string"
           },
           {
-            "description": "The name of the Client.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "clientName",
+            "name": "cacheName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the Transacted Session.",
+            "description": "The name of the Cache Cluster.",
             "in": "path",
-            "name": "sessionName",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the remote Home Cache Cluster.",
+            "in": "path",
+            "name": "homeClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "A topic prefix for global topics available from the remote Home Cache Cluster. A wildcard (/>) is implied at the end of the prefix.",
+            "in": "path",
+            "name": "topicPrefix",
             "required": true,
             "type": "string"
           },
@@ -21745,9 +25153,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Client Transacted Session object's attributes, and the request metadata.",
+            "description": "The Topic Prefix object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientTransactedSessionResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefixResponse"
             }
           },
           "default": {
@@ -21762,18 +25170,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Client Transacted Session object.",
+        "summary": "Get a Topic Prefix object.",
         "tags": [
           "all",
           "msgVpn",
-          "client"
+          "distributedCache"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/clients/{clientName}/txFlows": {
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/instances": {
       "get": {
-        "description": "Get a list of Client Transmit Flow objects.\n\nClient Transmit Flows are used by clients to consume Guaranteed messages from a message broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientName|x|\nflowId|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
-        "operationId": "getMsgVpnClientTxFlows",
+        "description": "Get a list of Cache Instance objects.\n\nA Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\ncounter.msgCount||x\ncounter.msgPeakCount||x\ncounter.requestQueueDepthCount||x\ncounter.requestQueueDepthPeakCount||x\ncounter.topicCount||x\ncounter.topicPeakCount||x\ninstanceName|x|\nmsgVpnName|x|\nrate.averageDataRxBytePeakRate||x\nrate.averageDataRxByteRate||x\nrate.averageDataRxMsgPeakRate||x\nrate.averageDataRxMsgRate||x\nrate.averageDataTxMsgPeakRate||x\nrate.averageDataTxMsgRate||x\nrate.averageRequestRxPeakRate||x\nrate.averageRequestRxRate||x\nrate.dataRxBytePeakRate||x\nrate.dataRxByteRate||x\nrate.dataRxMsgPeakRate||x\nrate.dataRxMsgRate||x\nrate.dataTxMsgPeakRate||x\nrate.dataTxMsgRate||x\nrate.requestRxPeakRate||x\nrate.requestRxRate||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterInstances",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21783,9 +25191,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the Client.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "clientName",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
             "required": true,
             "type": "string"
           },
@@ -21807,9 +25222,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Client Transmit Flow objects' attributes, and the request metadata.",
+            "description": "The list of Cache Instance objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientTxFlowsResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstancesResponse"
             }
           },
           "default": {
@@ -21824,18 +25239,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Client Transmit Flow objects.",
+        "summary": "Get a list of Cache Instance objects.",
         "tags": [
           "all",
           "msgVpn",
-          "client"
+          "distributedCache"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/clients/{clientName}/txFlows/{flowId}": {
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/instances/{instanceName}": {
       "get": {
-        "description": "Get a Client Transmit Flow object.\n\nClient Transmit Flows are used by clients to consume Guaranteed messages from a message broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nclientName|x|\nflowId|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
-        "operationId": "getMsgVpnClientTxFlow",
+        "description": "Get a Cache Instance object.\n\nA Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\ncounter.msgCount||x\ncounter.msgPeakCount||x\ncounter.requestQueueDepthCount||x\ncounter.requestQueueDepthPeakCount||x\ncounter.topicCount||x\ncounter.topicPeakCount||x\ninstanceName|x|\nmsgVpnName|x|\nrate.averageDataRxBytePeakRate||x\nrate.averageDataRxByteRate||x\nrate.averageDataRxMsgPeakRate||x\nrate.averageDataRxMsgRate||x\nrate.averageDataTxMsgPeakRate||x\nrate.averageDataTxMsgRate||x\nrate.averageRequestRxPeakRate||x\nrate.averageRequestRxRate||x\nrate.dataRxBytePeakRate||x\nrate.dataRxByteRate||x\nrate.dataRxMsgPeakRate||x\nrate.dataRxMsgRate||x\nrate.dataTxMsgPeakRate||x\nrate.dataTxMsgRate||x\nrate.requestRxPeakRate||x\nrate.requestRxRate||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterInstance",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21845,16 +25260,23 @@
             "type": "string"
           },
           {
-            "description": "The name of the Client.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "clientName",
+            "name": "cacheName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The identifier (ID) of the flow.",
+            "description": "The name of the Cache Cluster.",
             "in": "path",
-            "name": "flowId",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Instance.",
+            "in": "path",
+            "name": "instanceName",
             "required": true,
             "type": "string"
           },
@@ -21867,9 +25289,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Client Transmit Flow object's attributes, and the request metadata.",
+            "description": "The Cache Instance object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnClientTxFlowResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceResponse"
             }
           },
           "default": {
@@ -21884,19 +25306,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Client Transmit Flow object.",
+        "summary": "Get a Cache Instance object.",
         "tags": [
           "all",
           "msgVpn",
-          "client"
+          "distributedCache"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/configSyncRemoteNodes": {
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/instances/{instanceName}/remoteGlobalCachingHomeClusters": {
       "get": {
-        "deprecated": true,
-        "description": "Get a list of Config Sync Remote Node objects.\n\nA Config Sync Remote Node object contains information about the status of the table for this Message VPN with respect to a remote node.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nlastMsgRxTime||x\nmsgVpnName|x|x\nremoteNodeName|x|x\nrole||x\nstale||x\nstate||x\ntimeInState||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.22. This attribute has been deprecated.",
-        "operationId": "getMsgVpnConfigSyncRemoteNodes",
+        "description": "Get a list of Remote Home Cache Cluster objects.\n\nA Remote Home Cache Cluster is a Home Cache Cluster that the Cache Instance is communicating with in the context of the Global Caching feature.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\nhomeClusterName|x|\ninstanceName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterInstanceRemoteGlobalCachingHomeClusters",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21905,6 +25326,27 @@
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Instance.",
+            "in": "path",
+            "name": "instanceName",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -21923,9 +25365,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Config Sync Remote Node objects' attributes, and the request metadata.",
+            "description": "The list of Remote Home Cache Cluster objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnConfigSyncRemoteNodesResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceRemoteGlobalCachingHomeClustersResponse"
             }
           },
           "default": {
@@ -21940,19 +25382,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Config Sync Remote Node objects.",
+        "summary": "Get a list of Remote Home Cache Cluster objects.",
         "tags": [
           "all",
           "msgVpn",
-          "configSyncRemoteNode"
+          "distributedCache"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/configSyncRemoteNodes/{remoteNodeName}": {
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/instances/{instanceName}/remoteGlobalCachingHomeClusters/{homeClusterName}": {
       "get": {
-        "deprecated": true,
-        "description": "Get a Config Sync Remote Node object.\n\nA Config Sync Remote Node object contains information about the status of the table for this Message VPN with respect to a remote node.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nlastMsgRxTime||x\nmsgVpnName|x|x\nremoteNodeName|x|x\nrole||x\nstale||x\nstate||x\ntimeInState||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.22. This attribute has been deprecated.",
-        "operationId": "getMsgVpnConfigSyncRemoteNode",
+        "description": "Get a Remote Home Cache Cluster object.\n\nA Remote Home Cache Cluster is a Home Cache Cluster that the Cache Instance is communicating with in the context of the Global Caching feature.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\nhomeClusterName|x|\ninstanceName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterInstanceRemoteGlobalCachingHomeCluster",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -21962,9 +25403,30 @@
             "type": "string"
           },
           {
-            "description": "The name of the Config Sync Remote Node.",
+            "description": "The name of the Distributed Cache.",
             "in": "path",
-            "name": "remoteNodeName",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Instance.",
+            "in": "path",
+            "name": "instanceName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the remote Home Cache Cluster.",
+            "in": "path",
+            "name": "homeClusterName",
             "required": true,
             "type": "string"
           },
@@ -21977,9 +25439,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Config Sync Remote Node object's attributes, and the request metadata.",
+            "description": "The Remote Home Cache Cluster object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnConfigSyncRemoteNodeResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceRemoteGlobalCachingHomeClusterResponse"
             }
           },
           "default": {
@@ -21994,18 +25456,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Config Sync Remote Node object.",
+        "summary": "Get a Remote Home Cache Cluster object.",
         "tags": [
           "all",
           "msgVpn",
-          "configSyncRemoteNode"
+          "distributedCache"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/distributedCaches": {
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/instances/{instanceName}/remoteTopics": {
       "get": {
-        "description": "Get a list of Distributed Cache objects.\n\nA Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCaches",
+        "description": "Get a list of Remote Topic objects.\n\nA Remote Topic is a topic for which the Cache Instance has cached messages.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\ninstanceName|x|\nmsgVpnName|x|\ntopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterInstanceRemoteTopics",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22014,6 +25476,27 @@
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Instance.",
+            "in": "path",
+            "name": "instanceName",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -22032,9 +25515,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Distributed Cache objects' attributes, and the request metadata.",
+            "description": "The list of Remote Topic objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCachesResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceRemoteTopicsResponse"
             }
           },
           "default": {
@@ -22049,7 +25532,7 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Distributed Cache objects.",
+        "summary": "Get a list of Remote Topic objects.",
         "tags": [
           "all",
           "msgVpn",
@@ -22057,10 +25540,10 @@
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}": {
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/instances/{instanceName}/remoteTopics/{topic}": {
       "get": {
-        "description": "Get a Distributed Cache object.\n\nA Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCache",
+        "description": "Get a Remote Topic object.\n\nA Remote Topic is a topic for which the Cache Instance has cached messages.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\ninstanceName|x|\nmsgVpnName|x|\ntopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterInstanceRemoteTopic",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22076,6 +25559,27 @@
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Instance.",
+            "in": "path",
+            "name": "instanceName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The value of the remote Topic.",
+            "in": "path",
+            "name": "topic",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/selectQuery"
           }
@@ -22085,9 +25589,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Distributed Cache object's attributes, and the request metadata.",
+            "description": "The Remote Topic object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceRemoteTopicResponse"
             }
           },
           "default": {
@@ -22102,7 +25606,7 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Distributed Cache object.",
+        "summary": "Get a Remote Topic object.",
         "tags": [
           "all",
           "msgVpn",
@@ -22110,10 +25614,10 @@
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters": {
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/topics": {
       "get": {
-        "description": "Get a list of Cache Cluster objects.\n\nA Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCacheClusters",
+        "description": "Get a list of Topic objects.\n\nThe Cache Instances that belong to the containing Cache Cluster will cache any messages published to topics that match a Topic Subscription.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\nmsgVpnName|x|\ntopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterTopics",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22129,6 +25633,13 @@
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -22147,9 +25658,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Cache Cluster objects' attributes, and the request metadata.",
+            "description": "The list of Topic objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClustersResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterTopicsResponse"
             }
           },
           "default": {
@@ -22164,7 +25675,7 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Cache Cluster objects.",
+        "summary": "Get a list of Topic objects.",
         "tags": [
           "all",
           "msgVpn",
@@ -22172,10 +25683,10 @@
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}": {
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/topics/{topic}": {
       "get": {
-        "description": "Get a Cache Cluster object.\n\nA Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCacheCluster",
+        "description": "Get a Topic object.\n\nThe Cache Instances that belong to the containing Cache Cluster will cache any messages published to topics that match a Topic Subscription.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\nmsgVpnName|x|\ntopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterTopic",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22198,6 +25709,13 @@
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The value of the Topic in the form a/b/c.",
+            "in": "path",
+            "name": "topic",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/selectQuery"
           }
@@ -22207,9 +25725,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Cache Cluster object's attributes, and the request metadata.",
+            "description": "The Topic object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterResponse"
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterTopicResponse"
             }
           },
           "default": {
@@ -22224,7 +25742,7 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Cache Cluster object.",
+        "summary": "Get a Topic object.",
         "tags": [
           "all",
           "msgVpn",
@@ -22232,10 +25750,10 @@
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/globalCachingHomeClusters": {
+    "/msgVpns/{msgVpnName}/dmrBridges": {
       "get": {
-        "description": "Get a list of Home Cache Cluster objects.\n\nA Home Cache Cluster is a Cache Cluster that is the \"definitive\" Cache Cluster for a given topic in the context of the Global Caching feature.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\nhomeClusterName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCacheClusterGlobalCachingHomeClusters",
+        "description": "Get a list of DMR Bridge objects.\n\nA DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nremoteNodeName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDmrBridges",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22244,20 +25762,6 @@
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
-            "in": "path",
-            "name": "clusterName",
-            "required": true,
-            "type": "string"
-          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -22276,9 +25780,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Home Cache Cluster objects' attributes, and the request metadata.",
+            "description": "The list of DMR Bridge objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClustersResponse"
+              "$ref": "#/definitions/MsgVpnDmrBridgesResponse"
             }
           },
           "default": {
@@ -22293,44 +25797,30 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Home Cache Cluster objects.",
+        "summary": "Get a list of DMR Bridge objects.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "dmrBridge"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/globalCachingHomeClusters/{homeClusterName}": {
+    "/msgVpns/{msgVpnName}/dmrBridges/{remoteNodeName}": {
       "get": {
-        "description": "Get a Home Cache Cluster object.\n\nA Home Cache Cluster is a Cache Cluster that is the \"definitive\" Cache Cluster for a given topic in the context of the Global Caching feature.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\nhomeClusterName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCacheClusterGlobalCachingHomeCluster",
-        "parameters": [
-          {
-            "description": "The name of the Message VPN.",
-            "in": "path",
-            "name": "msgVpnName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
+        "description": "Get a DMR Bridge object.\n\nA DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nremoteNodeName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDmrBridge",
+        "parameters": [
           {
-            "description": "The name of the Cache Cluster.",
+            "description": "The name of the Message VPN.",
             "in": "path",
-            "name": "clusterName",
+            "name": "msgVpnName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the remote Home Cache Cluster.",
+            "description": "The name of the node at the remote end of the DMR Bridge.",
             "in": "path",
-            "name": "homeClusterName",
+            "name": "remoteNodeName",
             "required": true,
             "type": "string"
           },
@@ -22343,9 +25833,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Home Cache Cluster object's attributes, and the request metadata.",
+            "description": "The DMR Bridge object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterResponse"
+              "$ref": "#/definitions/MsgVpnDmrBridgeResponse"
             }
           },
           "default": {
@@ -22360,18 +25850,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Home Cache Cluster object.",
+        "summary": "Get a DMR Bridge object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "dmrBridge"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/globalCachingHomeClusters/{homeClusterName}/topicPrefixes": {
+    "/msgVpns/{msgVpnName}/jndiConnectionFactories": {
       "get": {
-        "description": "Get a list of Topic Prefix objects.\n\nA Topic Prefix is a prefix for a global topic that is available from the containing Home Cache Cluster.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\nhomeClusterName|x|\nmsgVpnName|x|\ntopicPrefix|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefixes",
+        "description": "Get a list of JNDI Connection Factory objects.\n\nThe message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nconnectionFactoryName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnJndiConnectionFactories",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22380,27 +25870,6 @@
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
-            "in": "path",
-            "name": "clusterName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the remote Home Cache Cluster.",
-            "in": "path",
-            "name": "homeClusterName",
-            "required": true,
-            "type": "string"
-          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -22419,9 +25888,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Topic Prefix objects' attributes, and the request metadata.",
+            "description": "The list of JNDI Connection Factory objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefixesResponse"
+              "$ref": "#/definitions/MsgVpnJndiConnectionFactoriesResponse"
             }
           },
           "default": {
@@ -22436,18 +25905,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Topic Prefix objects.",
+        "summary": "Get a list of JNDI Connection Factory objects.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "jndi"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/globalCachingHomeClusters/{homeClusterName}/topicPrefixes/{topicPrefix}": {
+    "/msgVpns/{msgVpnName}/jndiConnectionFactories/{connectionFactoryName}": {
       "get": {
-        "description": "Get a Topic Prefix object.\n\nA Topic Prefix is a prefix for a global topic that is available from the containing Home Cache Cluster.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\nhomeClusterName|x|\nmsgVpnName|x|\ntopicPrefix|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefix",
+        "description": "Get a JNDI Connection Factory object.\n\nThe message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nconnectionFactoryName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnJndiConnectionFactory",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22457,30 +25926,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
-            "in": "path",
-            "name": "clusterName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the remote Home Cache Cluster.",
-            "in": "path",
-            "name": "homeClusterName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "A topic prefix for global topics available from the remote Home Cache Cluster. A wildcard (/>) is implied at the end of the prefix.",
+            "description": "The name of the JMS Connection Factory.",
             "in": "path",
-            "name": "topicPrefix",
+            "name": "connectionFactoryName",
             "required": true,
             "type": "string"
           },
@@ -22493,9 +25941,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Topic Prefix object's attributes, and the request metadata.",
+            "description": "The JNDI Connection Factory object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefixResponse"
+              "$ref": "#/definitions/MsgVpnJndiConnectionFactoryResponse"
             }
           },
           "default": {
@@ -22510,18 +25958,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Topic Prefix object.",
+        "summary": "Get a JNDI Connection Factory object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "jndi"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/instances": {
+    "/msgVpns/{msgVpnName}/jndiQueues": {
       "get": {
-        "description": "Get a list of Cache Instance objects.\n\nA Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\ncounter.msgCount||x\ncounter.msgPeakCount||x\ncounter.requestQueueDepthCount||x\ncounter.requestQueueDepthPeakCount||x\ncounter.topicCount||x\ncounter.topicPeakCount||x\ninstanceName|x|\nmsgVpnName|x|\nrate.averageDataRxBytePeakRate||x\nrate.averageDataRxByteRate||x\nrate.averageDataRxMsgPeakRate||x\nrate.averageDataRxMsgRate||x\nrate.averageDataTxMsgPeakRate||x\nrate.averageDataTxMsgRate||x\nrate.averageRequestRxPeakRate||x\nrate.averageRequestRxRate||x\nrate.dataRxBytePeakRate||x\nrate.dataRxByteRate||x\nrate.dataRxMsgPeakRate||x\nrate.dataRxMsgRate||x\nrate.dataTxMsgPeakRate||x\nrate.dataTxMsgRate||x\nrate.requestRxPeakRate||x\nrate.requestRxRate||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCacheClusterInstances",
+        "description": "Get a list of JNDI Queue objects.\n\nThe message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nqueueName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnJndiQueues",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22530,20 +25978,6 @@
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
-            "in": "path",
-            "name": "clusterName",
-            "required": true,
-            "type": "string"
-          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -22562,9 +25996,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Cache Instance objects' attributes, and the request metadata.",
+            "description": "The list of JNDI Queue objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstancesResponse"
+              "$ref": "#/definitions/MsgVpnJndiQueuesResponse"
             }
           },
           "default": {
@@ -22579,18 +26013,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Cache Instance objects.",
+        "summary": "Get a list of JNDI Queue objects.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "jndi"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/instances/{instanceName}": {
+    "/msgVpns/{msgVpnName}/jndiQueues/{queueName}": {
       "get": {
-        "description": "Get a Cache Instance object.\n\nA Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\ncounter.msgCount||x\ncounter.msgPeakCount||x\ncounter.requestQueueDepthCount||x\ncounter.requestQueueDepthPeakCount||x\ncounter.topicCount||x\ncounter.topicPeakCount||x\ninstanceName|x|\nmsgVpnName|x|\nrate.averageDataRxBytePeakRate||x\nrate.averageDataRxByteRate||x\nrate.averageDataRxMsgPeakRate||x\nrate.averageDataRxMsgRate||x\nrate.averageDataTxMsgPeakRate||x\nrate.averageDataTxMsgRate||x\nrate.averageRequestRxPeakRate||x\nrate.averageRequestRxRate||x\nrate.dataRxBytePeakRate||x\nrate.dataRxByteRate||x\nrate.dataRxMsgPeakRate||x\nrate.dataRxMsgRate||x\nrate.dataTxMsgPeakRate||x\nrate.dataTxMsgRate||x\nrate.requestRxPeakRate||x\nrate.requestRxRate||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCacheClusterInstance",
+        "description": "Get a JNDI Queue object.\n\nThe message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nqueueName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnJndiQueue",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22600,23 +26034,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
-            "in": "path",
-            "name": "clusterName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Instance.",
+            "description": "The JNDI name of the JMS Queue.",
             "in": "path",
-            "name": "instanceName",
+            "name": "queueName",
             "required": true,
             "type": "string"
           },
@@ -22629,9 +26049,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Cache Instance object's attributes, and the request metadata.",
+            "description": "The JNDI Queue object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceResponse"
+              "$ref": "#/definitions/MsgVpnJndiQueueResponse"
             }
           },
           "default": {
@@ -22646,18 +26066,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Cache Instance object.",
+        "summary": "Get a JNDI Queue object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "jndi"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/instances/{instanceName}/remoteGlobalCachingHomeClusters": {
+    "/msgVpns/{msgVpnName}/jndiTopics": {
       "get": {
-        "description": "Get a list of Remote Home Cache Cluster objects.\n\nA Remote Home Cache Cluster is a Home Cache Cluster that the Cache Instance is communicating with in the context of the Global Caching feature.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\nhomeClusterName|x|\ninstanceName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCacheClusterInstanceRemoteGlobalCachingHomeClusters",
+        "description": "Get a list of JNDI Topic objects.\n\nThe message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\ntopicName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnJndiTopics",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22666,27 +26086,6 @@
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
-            "in": "path",
-            "name": "clusterName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Instance.",
-            "in": "path",
-            "name": "instanceName",
-            "required": true,
-            "type": "string"
-          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -22705,9 +26104,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Remote Home Cache Cluster objects' attributes, and the request metadata.",
+            "description": "The list of JNDI Topic objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceRemoteGlobalCachingHomeClustersResponse"
+              "$ref": "#/definitions/MsgVpnJndiTopicsResponse"
             }
           },
           "default": {
@@ -22722,18 +26121,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Remote Home Cache Cluster objects.",
+        "summary": "Get a list of JNDI Topic objects.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "jndi"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/instances/{instanceName}/remoteGlobalCachingHomeClusters/{homeClusterName}": {
+    "/msgVpns/{msgVpnName}/jndiTopics/{topicName}": {
       "get": {
-        "description": "Get a Remote Home Cache Cluster object.\n\nA Remote Home Cache Cluster is a Home Cache Cluster that the Cache Instance is communicating with in the context of the Global Caching feature.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\nhomeClusterName|x|\ninstanceName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCacheClusterInstanceRemoteGlobalCachingHomeCluster",
+        "description": "Get a JNDI Topic object.\n\nThe message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\ntopicName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnJndiTopic",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22743,30 +26142,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
-            "in": "path",
-            "name": "clusterName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Instance.",
-            "in": "path",
-            "name": "instanceName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the remote Home Cache Cluster.",
+            "description": "The JNDI name of the JMS Topic.",
             "in": "path",
-            "name": "homeClusterName",
+            "name": "topicName",
             "required": true,
             "type": "string"
           },
@@ -22779,9 +26157,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Remote Home Cache Cluster object's attributes, and the request metadata.",
+            "description": "The JNDI Topic object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceRemoteGlobalCachingHomeClusterResponse"
+              "$ref": "#/definitions/MsgVpnJndiTopicResponse"
             }
           },
           "default": {
@@ -22796,18 +26174,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Remote Home Cache Cluster object.",
+        "summary": "Get a JNDI Topic object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "jndi"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/instances/{instanceName}/remoteTopics": {
+    "/msgVpns/{msgVpnName}/mqttRetainCaches": {
       "get": {
-        "description": "Get a list of Remote Topic objects.\n\nA Remote Topic is a topic for which the Cache Instance has cached messages.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\ninstanceName|x|\nmsgVpnName|x|\ntopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCacheClusterInstanceRemoteTopics",
+        "description": "Get a list of MQTT Retain Cache objects.\n\nUsing MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnMqttRetainCaches",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22816,27 +26194,6 @@
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
-            "in": "path",
-            "name": "clusterName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Instance.",
-            "in": "path",
-            "name": "instanceName",
-            "required": true,
-            "type": "string"
-          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -22855,9 +26212,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Remote Topic objects' attributes, and the request metadata.",
+            "description": "The list of MQTT Retain Cache objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceRemoteTopicsResponse"
+              "$ref": "#/definitions/MsgVpnMqttRetainCachesResponse"
             }
           },
           "default": {
@@ -22872,18 +26229,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Remote Topic objects.",
+        "summary": "Get a list of MQTT Retain Cache objects.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "mqttRetainCache"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/instances/{instanceName}/remoteTopics/{topic}": {
+    "/msgVpns/{msgVpnName}/mqttRetainCaches/{cacheName}": {
       "get": {
-        "description": "Get a Remote Topic object.\n\nA Remote Topic is a topic for which the Cache Instance has cached messages.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\ninstanceName|x|\nmsgVpnName|x|\ntopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCacheClusterInstanceRemoteTopic",
+        "description": "Get an MQTT Retain Cache object.\n\nUsing MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnMqttRetainCache",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22893,33 +26250,12 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
+            "description": "The name of the MQTT Retain Cache.",
             "in": "path",
             "name": "cacheName",
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The name of the Cache Cluster.",
-            "in": "path",
-            "name": "clusterName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Instance.",
-            "in": "path",
-            "name": "instanceName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The value of the remote Topic.",
-            "in": "path",
-            "name": "topic",
-            "required": true,
-            "type": "string"
-          },
           {
             "$ref": "#/parameters/selectQuery"
           }
@@ -22929,9 +26265,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Remote Topic object's attributes, and the request metadata.",
+            "description": "The MQTT Retain Cache object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceRemoteTopicResponse"
+              "$ref": "#/definitions/MsgVpnMqttRetainCacheResponse"
             }
           },
           "default": {
@@ -22946,18 +26282,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Remote Topic object.",
+        "summary": "Get an MQTT Retain Cache object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "mqttRetainCache"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/topics": {
+    "/msgVpns/{msgVpnName}/mqttSessions": {
       "get": {
-        "description": "Get a list of Topic objects.\n\nThe Cache Instances that belong to the containing Cache Cluster will cache any messages published to topics that match a Topic Subscription.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\nmsgVpnName|x|\ntopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCacheClusterTopics",
+        "description": "Get a list of MQTT Session objects.\n\nAn MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncounter.mqttConnackErrorTxCount||x\ncounter.mqttConnackTxCount||x\ncounter.mqttConnectRxCount||x\ncounter.mqttDisconnectRxCount||x\ncounter.mqttPubcompTxCount||x\ncounter.mqttPublishQos0RxCount||x\ncounter.mqttPublishQos0TxCount||x\ncounter.mqttPublishQos1RxCount||x\ncounter.mqttPublishQos1TxCount||x\ncounter.mqttPublishQos2RxCount||x\ncounter.mqttPubrecTxCount||x\ncounter.mqttPubrelRxCount||x\nmqttSessionClientId|x|\nmqttSessionVirtualRouter|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnMqttSessions",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -22966,20 +26302,6 @@
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
-            "in": "path",
-            "name": "clusterName",
-            "required": true,
-            "type": "string"
-          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -22998,9 +26320,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Topic objects' attributes, and the request metadata.",
+            "description": "The list of MQTT Session objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterTopicsResponse"
+              "$ref": "#/definitions/MsgVpnMqttSessionsResponse"
             }
           },
           "default": {
@@ -23015,18 +26337,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Topic objects.",
+        "summary": "Get a list of MQTT Session objects.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "mqttSession"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/topics/{topic}": {
+    "/msgVpns/{msgVpnName}/mqttSessions/{mqttSessionClientId},{mqttSessionVirtualRouter}": {
       "get": {
-        "description": "Get a Topic object.\n\nThe Cache Instances that belong to the containing Cache Cluster will cache any messages published to topics that match a Topic Subscription.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nclusterName|x|\nmsgVpnName|x|\ntopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDistributedCacheClusterTopic",
+        "description": "Get an MQTT Session object.\n\nAn MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncounter.mqttConnackErrorTxCount||x\ncounter.mqttConnackTxCount||x\ncounter.mqttConnectRxCount||x\ncounter.mqttDisconnectRxCount||x\ncounter.mqttPubcompTxCount||x\ncounter.mqttPublishQos0RxCount||x\ncounter.mqttPublishQos0TxCount||x\ncounter.mqttPublishQos1RxCount||x\ncounter.mqttPublishQos1TxCount||x\ncounter.mqttPublishQos2RxCount||x\ncounter.mqttPubrecTxCount||x\ncounter.mqttPubrelRxCount||x\nmqttSessionClientId|x|\nmqttSessionVirtualRouter|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnMqttSession",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23036,23 +26358,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the Distributed Cache.",
-            "in": "path",
-            "name": "cacheName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the Cache Cluster.",
+            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
             "in": "path",
-            "name": "clusterName",
+            "name": "mqttSessionClientId",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The value of the Topic in the form a/b/c.",
+            "description": "The virtual router of the MQTT Session.",
             "in": "path",
-            "name": "topic",
+            "name": "mqttSessionVirtualRouter",
             "required": true,
             "type": "string"
           },
@@ -23065,9 +26380,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Topic object's attributes, and the request metadata.",
+            "description": "The MQTT Session object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDistributedCacheClusterTopicResponse"
+              "$ref": "#/definitions/MsgVpnMqttSessionResponse"
             }
           },
           "default": {
@@ -23082,18 +26397,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Topic object.",
+        "summary": "Get an MQTT Session object.",
         "tags": [
           "all",
           "msgVpn",
-          "distributedCache"
+          "mqttSession"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/dmrBridges": {
+    "/msgVpns/{msgVpnName}/mqttSessions/{mqttSessionClientId},{mqttSessionVirtualRouter}/subscriptions": {
       "get": {
-        "description": "Get a list of DMR Bridge objects.\n\nA DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nremoteNodeName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDmrBridges",
+        "description": "Get a list of Subscription objects.\n\nAn MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmqttSessionClientId|x|\nmqttSessionVirtualRouter|x|\nmsgVpnName|x|\nsubscriptionTopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnMqttSessionSubscriptions",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23102,6 +26417,20 @@
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
+            "in": "path",
+            "name": "mqttSessionClientId",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the MQTT Session.",
+            "in": "path",
+            "name": "mqttSessionVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -23120,9 +26449,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of DMR Bridge objects' attributes, and the request metadata.",
+            "description": "The list of Subscription objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDmrBridgesResponse"
+              "$ref": "#/definitions/MsgVpnMqttSessionSubscriptionsResponse"
             }
           },
           "default": {
@@ -23137,18 +26466,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of DMR Bridge objects.",
+        "summary": "Get a list of Subscription objects.",
         "tags": [
           "all",
           "msgVpn",
-          "dmrBridge"
+          "mqttSession"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/dmrBridges/{remoteNodeName}": {
+    "/msgVpns/{msgVpnName}/mqttSessions/{mqttSessionClientId},{mqttSessionVirtualRouter}/subscriptions/{subscriptionTopic}": {
       "get": {
-        "description": "Get a DMR Bridge object.\n\nA DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nremoteNodeName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnDmrBridge",
+        "description": "Get a Subscription object.\n\nAn MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmqttSessionClientId|x|\nmqttSessionVirtualRouter|x|\nmsgVpnName|x|\nsubscriptionTopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnMqttSessionSubscription",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23158,9 +26487,23 @@
             "type": "string"
           },
           {
-            "description": "The name of the node at the remote end of the DMR Bridge.",
+            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
             "in": "path",
-            "name": "remoteNodeName",
+            "name": "mqttSessionClientId",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the MQTT Session.",
+            "in": "path",
+            "name": "mqttSessionVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The MQTT subscription topic.",
+            "in": "path",
+            "name": "subscriptionTopic",
             "required": true,
             "type": "string"
           },
@@ -23173,9 +26516,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The DMR Bridge object's attributes, and the request metadata.",
+            "description": "The Subscription object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnDmrBridgeResponse"
+              "$ref": "#/definitions/MsgVpnMqttSessionSubscriptionResponse"
             }
           },
           "default": {
@@ -23190,18 +26533,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a DMR Bridge object.",
+        "summary": "Get a Subscription object.",
         "tags": [
           "all",
           "msgVpn",
-          "dmrBridge"
+          "mqttSession"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/jndiConnectionFactories": {
+    "/msgVpns/{msgVpnName}/queueTemplates": {
       "get": {
-        "description": "Get a list of JNDI Connection Factory objects.\n\nThe message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nconnectionFactoryName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnJndiConnectionFactories",
+        "description": "Get a list of Queue Template objects.\n\nA Queue Template provides a mechanism for specifying the initial state for client created queues.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nqueueTemplateName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "getMsgVpnQueueTemplates",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23228,9 +26571,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of JNDI Connection Factory objects' attributes, and the request metadata.",
+            "description": "The list of Queue Template objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiConnectionFactoriesResponse"
+              "$ref": "#/definitions/MsgVpnQueueTemplatesResponse"
             }
           },
           "default": {
@@ -23245,18 +26588,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of JNDI Connection Factory objects.",
+        "summary": "Get a list of Queue Template objects.",
         "tags": [
           "all",
           "msgVpn",
-          "jndi"
+          "queueTemplate"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/jndiConnectionFactories/{connectionFactoryName}": {
+    "/msgVpns/{msgVpnName}/queueTemplates/{queueTemplateName}": {
       "get": {
-        "description": "Get a JNDI Connection Factory object.\n\nThe message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nconnectionFactoryName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnJndiConnectionFactory",
+        "description": "Get a Queue Template object.\n\nA Queue Template provides a mechanism for specifying the initial state for client created queues.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nqueueTemplateName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "getMsgVpnQueueTemplate",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23266,9 +26609,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the JMS Connection Factory.",
+            "description": "The name of the Queue Template.",
             "in": "path",
-            "name": "connectionFactoryName",
+            "name": "queueTemplateName",
             "required": true,
             "type": "string"
           },
@@ -23281,9 +26624,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The JNDI Connection Factory object's attributes, and the request metadata.",
+            "description": "The Queue Template object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiConnectionFactoryResponse"
+              "$ref": "#/definitions/MsgVpnQueueTemplateResponse"
             }
           },
           "default": {
@@ -23298,18 +26641,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a JNDI Connection Factory object.",
+        "summary": "Get a Queue Template object.",
         "tags": [
           "all",
           "msgVpn",
-          "jndi"
+          "queueTemplate"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/jndiQueues": {
+    "/msgVpns/{msgVpnName}/queues": {
       "get": {
-        "description": "Get a list of JNDI Queue objects.\n\nThe message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nqueueName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnJndiQueues",
+        "description": "Get a list of Queue objects.\n\nA Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nqueueName|x|\nvirtualRouter||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
+        "operationId": "getMsgVpnQueues",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23336,9 +26679,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of JNDI Queue objects' attributes, and the request metadata.",
+            "description": "The list of Queue objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiQueuesResponse"
+              "$ref": "#/definitions/MsgVpnQueuesResponse"
             }
           },
           "default": {
@@ -23353,18 +26696,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of JNDI Queue objects.",
+        "summary": "Get a list of Queue objects.",
         "tags": [
           "all",
           "msgVpn",
-          "jndi"
+          "queue"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/jndiQueues/{queueName}": {
+    "/msgVpns/{msgVpnName}/queues/{queueName}": {
       "get": {
-        "description": "Get a JNDI Queue object.\n\nThe message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nqueueName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnJndiQueue",
+        "description": "Get a Queue object.\n\nA Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nqueueName|x|\nvirtualRouter||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
+        "operationId": "getMsgVpnQueue",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23374,7 +26717,7 @@
             "type": "string"
           },
           {
-            "description": "The JNDI name of the JMS Queue.",
+            "description": "The name of the Queue.",
             "in": "path",
             "name": "queueName",
             "required": true,
@@ -23389,9 +26732,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The JNDI Queue object's attributes, and the request metadata.",
+            "description": "The Queue object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiQueueResponse"
+              "$ref": "#/definitions/MsgVpnQueueResponse"
             }
           },
           "default": {
@@ -23406,18 +26749,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a JNDI Queue object.",
+        "summary": "Get a Queue object.",
         "tags": [
           "all",
           "msgVpn",
-          "jndi"
+          "queue"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/jndiTopics": {
+    "/msgVpns/{msgVpnName}/queues/{queueName}/msgs": {
       "get": {
-        "description": "Get a list of JNDI Topic objects.\n\nThe message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\ntopicName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnJndiTopics",
+        "description": "Get a list of Queue Message objects.\n\nA Queue Message is a packet of information sent from producers to consumers using the Queue.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgId|x|\nmsgVpnName|x|\nqueueName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
+        "operationId": "getMsgVpnQueueMsgs",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23426,6 +26769,13 @@
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The name of the Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -23444,9 +26794,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of JNDI Topic objects' attributes, and the request metadata.",
+            "description": "The list of Queue Message objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiTopicsResponse"
+              "$ref": "#/definitions/MsgVpnQueueMsgsResponse"
             }
           },
           "default": {
@@ -23461,18 +26811,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of JNDI Topic objects.",
+        "summary": "Get a list of Queue Message objects.",
         "tags": [
           "all",
           "msgVpn",
-          "jndi"
+          "queue"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/jndiTopics/{topicName}": {
+    "/msgVpns/{msgVpnName}/queues/{queueName}/msgs/{msgId}": {
       "get": {
-        "description": "Get a JNDI Topic object.\n\nThe message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\ntopicName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnJndiTopic",
+        "description": "Get a Queue Message object.\n\nA Queue Message is a packet of information sent from producers to consumers using the Queue.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgId|x|\nmsgVpnName|x|\nqueueName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
+        "operationId": "getMsgVpnQueueMsg",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23482,9 +26832,16 @@
             "type": "string"
           },
           {
-            "description": "The JNDI name of the JMS Topic.",
+            "description": "The name of the Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The identifier (ID) of the Message.",
             "in": "path",
-            "name": "topicName",
+            "name": "msgId",
             "required": true,
             "type": "string"
           },
@@ -23497,9 +26854,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The JNDI Topic object's attributes, and the request metadata.",
+            "description": "The Queue Message object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnJndiTopicResponse"
+              "$ref": "#/definitions/MsgVpnQueueMsgResponse"
             }
           },
           "default": {
@@ -23514,18 +26871,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a JNDI Topic object.",
+        "summary": "Get a Queue Message object.",
         "tags": [
           "all",
           "msgVpn",
-          "jndi"
+          "queue"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/mqttRetainCaches": {
+    "/msgVpns/{msgVpnName}/queues/{queueName}/priorities": {
       "get": {
-        "description": "Get a list of MQTT Retain Cache objects.\n\nUsing MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnMqttRetainCaches",
+        "description": "Get a list of Queue Priority objects.\n\nQueues can optionally support priority message delivery; all messages of a higher priority are delivered before any messages of a lower priority. A Priority object contains information about the number and size of the messages with a particular priority in the Queue.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\npriority|x|\nqueueName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
+        "operationId": "getMsgVpnQueuePriorities",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23534,6 +26891,13 @@
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The name of the Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -23552,9 +26916,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of MQTT Retain Cache objects' attributes, and the request metadata.",
+            "description": "The list of Queue Priority objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnMqttRetainCachesResponse"
+              "$ref": "#/definitions/MsgVpnQueuePrioritiesResponse"
             }
           },
           "default": {
@@ -23569,18 +26933,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of MQTT Retain Cache objects.",
+        "summary": "Get a list of Queue Priority objects.",
         "tags": [
           "all",
           "msgVpn",
-          "mqttRetainCache"
+          "queue"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/mqttRetainCaches/{cacheName}": {
+    "/msgVpns/{msgVpnName}/queues/{queueName}/priorities/{priority}": {
       "get": {
-        "description": "Get an MQTT Retain Cache object.\n\nUsing MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncacheName|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnMqttRetainCache",
+        "description": "Get a Queue Priority object.\n\nQueues can optionally support priority message delivery; all messages of a higher priority are delivered before any messages of a lower priority. A Priority object contains information about the number and size of the messages with a particular priority in the Queue.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\npriority|x|\nqueueName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
+        "operationId": "getMsgVpnQueuePriority",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23590,9 +26954,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the MQTT Retain Cache.",
+            "description": "The name of the Queue.",
             "in": "path",
-            "name": "cacheName",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The level of the Priority, from 9 (highest) to 0 (lowest).",
+            "in": "path",
+            "name": "priority",
             "required": true,
             "type": "string"
           },
@@ -23605,9 +26976,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The MQTT Retain Cache object's attributes, and the request metadata.",
+            "description": "The Queue Priority object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnMqttRetainCacheResponse"
+              "$ref": "#/definitions/MsgVpnQueuePriorityResponse"
             }
           },
           "default": {
@@ -23622,18 +26993,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get an MQTT Retain Cache object.",
+        "summary": "Get a Queue Priority object.",
         "tags": [
           "all",
           "msgVpn",
-          "mqttRetainCache"
+          "queue"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/mqttSessions": {
+    "/msgVpns/{msgVpnName}/queues/{queueName}/subscriptions": {
       "get": {
-        "description": "Get a list of MQTT Session objects.\n\nAn MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncounter.mqttConnackErrorTxCount||x\ncounter.mqttConnackTxCount||x\ncounter.mqttConnectRxCount||x\ncounter.mqttDisconnectRxCount||x\ncounter.mqttPubcompTxCount||x\ncounter.mqttPublishQos0RxCount||x\ncounter.mqttPublishQos0TxCount||x\ncounter.mqttPublishQos1RxCount||x\ncounter.mqttPublishQos1TxCount||x\ncounter.mqttPublishQos2RxCount||x\ncounter.mqttPubrecTxCount||x\ncounter.mqttPubrelRxCount||x\nmqttSessionClientId|x|\nmqttSessionVirtualRouter|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnMqttSessions",
+        "description": "Get a list of Queue Subscription objects.\n\nOne or more Queue Subscriptions can be added to a durable queue so that Guaranteed messages published to matching topics are also delivered to and spooled by the queue.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nqueueName|x|\nsubscriptionTopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
+        "operationId": "getMsgVpnQueueSubscriptions",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23642,6 +27013,13 @@
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The name of the Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -23660,9 +27038,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of MQTT Session objects' attributes, and the request metadata.",
+            "description": "The list of Queue Subscription objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnMqttSessionsResponse"
+              "$ref": "#/definitions/MsgVpnQueueSubscriptionsResponse"
             }
           },
           "default": {
@@ -23677,18 +27055,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of MQTT Session objects.",
+        "summary": "Get a list of Queue Subscription objects.",
         "tags": [
           "all",
           "msgVpn",
-          "mqttSession"
+          "queue"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/mqttSessions/{mqttSessionClientId},{mqttSessionVirtualRouter}": {
+    "/msgVpns/{msgVpnName}/queues/{queueName}/subscriptions/{subscriptionTopic}": {
       "get": {
-        "description": "Get an MQTT Session object.\n\nAn MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncounter.mqttConnackErrorTxCount||x\ncounter.mqttConnackTxCount||x\ncounter.mqttConnectRxCount||x\ncounter.mqttDisconnectRxCount||x\ncounter.mqttPubcompTxCount||x\ncounter.mqttPublishQos0RxCount||x\ncounter.mqttPublishQos0TxCount||x\ncounter.mqttPublishQos1RxCount||x\ncounter.mqttPublishQos1TxCount||x\ncounter.mqttPublishQos2RxCount||x\ncounter.mqttPubrecTxCount||x\ncounter.mqttPubrelRxCount||x\nmqttSessionClientId|x|\nmqttSessionVirtualRouter|x|\nmsgVpnName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnMqttSession",
+        "description": "Get a Queue Subscription object.\n\nOne or more Queue Subscriptions can be added to a durable queue so that Guaranteed messages published to matching topics are also delivered to and spooled by the queue.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nqueueName|x|\nsubscriptionTopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
+        "operationId": "getMsgVpnQueueSubscription",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23698,16 +27076,16 @@
             "type": "string"
           },
           {
-            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
+            "description": "The name of the Queue.",
             "in": "path",
-            "name": "mqttSessionClientId",
+            "name": "queueName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The virtual router of the MQTT Session.",
+            "description": "The topic of the Subscription.",
             "in": "path",
-            "name": "mqttSessionVirtualRouter",
+            "name": "subscriptionTopic",
             "required": true,
             "type": "string"
           },
@@ -23720,9 +27098,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The MQTT Session object's attributes, and the request metadata.",
+            "description": "The Queue Subscription object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnMqttSessionResponse"
+              "$ref": "#/definitions/MsgVpnQueueSubscriptionResponse"
             }
           },
           "default": {
@@ -23737,18 +27115,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get an MQTT Session object.",
+        "summary": "Get a Queue Subscription object.",
         "tags": [
           "all",
           "msgVpn",
-          "mqttSession"
+          "queue"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/mqttSessions/{mqttSessionClientId},{mqttSessionVirtualRouter}/subscriptions": {
+    "/msgVpns/{msgVpnName}/queues/{queueName}/txFlows": {
       "get": {
-        "description": "Get a list of Subscription objects.\n\nAn MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmqttSessionClientId|x|\nmqttSessionVirtualRouter|x|\nmsgVpnName|x|\nsubscriptionTopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnMqttSessionSubscriptions",
+        "description": "Get a list of Queue Transmit Flow objects.\n\nQueue Transmit Flows are used by clients to consume Guaranteed messages from a Queue.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nflowId|x|\nmsgVpnName|x|\nqueueName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
+        "operationId": "getMsgVpnQueueTxFlows",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23758,16 +27136,9 @@
             "type": "string"
           },
           {
-            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
-            "in": "path",
-            "name": "mqttSessionClientId",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The virtual router of the MQTT Session.",
+            "description": "The name of the Queue.",
             "in": "path",
-            "name": "mqttSessionVirtualRouter",
+            "name": "queueName",
             "required": true,
             "type": "string"
           },
@@ -23789,9 +27160,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Subscription objects' attributes, and the request metadata.",
+            "description": "The list of Queue Transmit Flow objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnMqttSessionSubscriptionsResponse"
+              "$ref": "#/definitions/MsgVpnQueueTxFlowsResponse"
             }
           },
           "default": {
@@ -23806,18 +27177,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Subscription objects.",
+        "summary": "Get a list of Queue Transmit Flow objects.",
         "tags": [
           "all",
           "msgVpn",
-          "mqttSession"
+          "queue"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/mqttSessions/{mqttSessionClientId},{mqttSessionVirtualRouter}/subscriptions/{subscriptionTopic}": {
+    "/msgVpns/{msgVpnName}/queues/{queueName}/txFlows/{flowId}": {
       "get": {
-        "description": "Get a Subscription object.\n\nAn MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmqttSessionClientId|x|\nmqttSessionVirtualRouter|x|\nmsgVpnName|x|\nsubscriptionTopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnMqttSessionSubscription",
+        "description": "Get a Queue Transmit Flow object.\n\nQueue Transmit Flows are used by clients to consume Guaranteed messages from a Queue.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nflowId|x|\nmsgVpnName|x|\nqueueName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
+        "operationId": "getMsgVpnQueueTxFlow",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23827,23 +27198,16 @@
             "type": "string"
           },
           {
-            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
-            "in": "path",
-            "name": "mqttSessionClientId",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The virtual router of the MQTT Session.",
+            "description": "The name of the Queue.",
             "in": "path",
-            "name": "mqttSessionVirtualRouter",
+            "name": "queueName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The MQTT subscription topic.",
+            "description": "The identifier (ID) of the Flow.",
             "in": "path",
-            "name": "subscriptionTopic",
+            "name": "flowId",
             "required": true,
             "type": "string"
           },
@@ -23856,9 +27220,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Subscription object's attributes, and the request metadata.",
+            "description": "The Queue Transmit Flow object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnMqttSessionSubscriptionResponse"
+              "$ref": "#/definitions/MsgVpnQueueTxFlowResponse"
             }
           },
           "default": {
@@ -23873,18 +27237,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Subscription object.",
+        "summary": "Get a Queue Transmit Flow object.",
         "tags": [
           "all",
           "msgVpn",
-          "mqttSession"
+          "queue"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/queueTemplates": {
+    "/msgVpns/{msgVpnName}/replayLogs": {
       "get": {
-        "description": "Get a list of Queue Template objects.\n\nA Queue Template provides a mechanism for specifying the initial state for client created queues.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nqueueTemplateName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
-        "operationId": "getMsgVpnQueueTemplates",
+        "description": "Get a list of Replay Log objects.\n\nWhen the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nreplayLogName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnReplayLogs",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23911,9 +27275,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Queue Template objects' attributes, and the request metadata.",
+            "description": "The list of Replay Log objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueueTemplatesResponse"
+              "$ref": "#/definitions/MsgVpnReplayLogsResponse"
             }
           },
           "default": {
@@ -23928,18 +27292,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Queue Template objects.",
+        "summary": "Get a list of Replay Log objects.",
         "tags": [
           "all",
           "msgVpn",
-          "queueTemplate"
+          "replayLog"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/queueTemplates/{queueTemplateName}": {
+    "/msgVpns/{msgVpnName}/replayLogs/{replayLogName}": {
       "get": {
-        "description": "Get a Queue Template object.\n\nA Queue Template provides a mechanism for specifying the initial state for client created queues.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nqueueTemplateName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
-        "operationId": "getMsgVpnQueueTemplate",
+        "description": "Get a Replay Log object.\n\nWhen the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nreplayLogName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnReplayLog",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -23949,9 +27313,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the Queue Template.",
+            "description": "The name of the Replay Log.",
             "in": "path",
-            "name": "queueTemplateName",
+            "name": "replayLogName",
             "required": true,
             "type": "string"
           },
@@ -23964,9 +27328,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Queue Template object's attributes, and the request metadata.",
+            "description": "The Replay Log object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueueTemplateResponse"
+              "$ref": "#/definitions/MsgVpnReplayLogResponse"
             }
           },
           "default": {
@@ -23981,18 +27345,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Queue Template object.",
+        "summary": "Get a Replay Log object.",
         "tags": [
           "all",
           "msgVpn",
-          "queueTemplate"
+          "replayLog"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/queues": {
+    "/msgVpns/{msgVpnName}/replayLogs/{replayLogName}/msgs": {
       "get": {
-        "description": "Get a list of Queue objects.\n\nA Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nqueueName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
-        "operationId": "getMsgVpnQueues",
+        "description": "Get a list of Message objects.\n\nA Message is a packet of information sent from producers to consumers. Messages are the central units of information that clients exchange using the message broker and which are cached in the Replay Log.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgId|x|\nmsgVpnName|x|\nreplayLogName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnReplayLogMsgs",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24001,6 +27365,13 @@
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The name of the Replay Log.",
+            "in": "path",
+            "name": "replayLogName",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -24019,9 +27390,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Queue objects' attributes, and the request metadata.",
+            "description": "The list of Message objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueuesResponse"
+              "$ref": "#/definitions/MsgVpnReplayLogMsgsResponse"
             }
           },
           "default": {
@@ -24036,18 +27407,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Queue objects.",
+        "summary": "Get a list of Message objects.",
         "tags": [
           "all",
           "msgVpn",
-          "queue"
+          "replayLog"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/queues/{queueName}": {
+    "/msgVpns/{msgVpnName}/replayLogs/{replayLogName}/msgs/{msgId}": {
       "get": {
-        "description": "Get a Queue object.\n\nA Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nqueueName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
-        "operationId": "getMsgVpnQueue",
+        "description": "Get a Message object.\n\nA Message is a packet of information sent from producers to consumers. Messages are the central units of information that clients exchange using the message broker and which are cached in the Replay Log.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgId|x|\nmsgVpnName|x|\nreplayLogName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnReplayLogMsg",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24057,9 +27428,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the Queue.",
+            "description": "The name of the Replay Log.",
             "in": "path",
-            "name": "queueName",
+            "name": "replayLogName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The identifier (ID) of the message.",
+            "in": "path",
+            "name": "msgId",
             "required": true,
             "type": "string"
           },
@@ -24072,9 +27450,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Queue object's attributes, and the request metadata.",
+            "description": "The Message object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueueResponse"
+              "$ref": "#/definitions/MsgVpnReplayLogMsgResponse"
             }
           },
           "default": {
@@ -24089,18 +27467,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Queue object.",
+        "summary": "Get a Message object.",
         "tags": [
           "all",
           "msgVpn",
-          "queue"
+          "replayLog"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/queues/{queueName}/msgs": {
+    "/msgVpns/{msgVpnName}/replayLogs/{replayLogName}/topicFilterSubscriptions": {
       "get": {
-        "description": "Get a list of Queue Message objects.\n\nA Queue Message is a packet of information sent from producers to consumers using the Queue.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgId|x|\nmsgVpnName|x|\nqueueName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
-        "operationId": "getMsgVpnQueueMsgs",
+        "description": "Get a list of Topic Filter Subscription objects.\n\nOne or more Subscriptions can be added to a replay-log so that only guaranteed messages published to matching topics are stored in the Replay Log.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nreplayLogName|x|\ntopicFilterSubscription|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "getMsgVpnReplayLogTopicFilterSubscriptions",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24110,9 +27488,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the Queue.",
+            "description": "The name of the Replay Log.",
             "in": "path",
-            "name": "queueName",
+            "name": "replayLogName",
             "required": true,
             "type": "string"
           },
@@ -24134,9 +27512,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Queue Message objects' attributes, and the request metadata.",
+            "description": "The list of Topic Filter Subscription objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueueMsgsResponse"
+              "$ref": "#/definitions/MsgVpnReplayLogTopicFilterSubscriptionsResponse"
             }
           },
           "default": {
@@ -24151,18 +27529,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Queue Message objects.",
+        "summary": "Get a list of Topic Filter Subscription objects.",
         "tags": [
           "all",
           "msgVpn",
-          "queue"
+          "replayLog"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/queues/{queueName}/msgs/{msgId}": {
+    "/msgVpns/{msgVpnName}/replayLogs/{replayLogName}/topicFilterSubscriptions/{topicFilterSubscription}": {
       "get": {
-        "description": "Get a Queue Message object.\n\nA Queue Message is a packet of information sent from producers to consumers using the Queue.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgId|x|\nmsgVpnName|x|\nqueueName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
-        "operationId": "getMsgVpnQueueMsg",
+        "description": "Get a Topic Filter Subscription object.\n\nOne or more Subscriptions can be added to a replay-log so that only guaranteed messages published to matching topics are stored in the Replay Log.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nreplayLogName|x|\ntopicFilterSubscription|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "getMsgVpnReplayLogTopicFilterSubscription",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24172,16 +27550,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the Queue.",
+            "description": "The name of the Replay Log.",
             "in": "path",
-            "name": "queueName",
+            "name": "replayLogName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The identifier (ID) of the Message.",
+            "description": "The topic of the Subscription.",
             "in": "path",
-            "name": "msgId",
+            "name": "topicFilterSubscription",
             "required": true,
             "type": "string"
           },
@@ -24194,9 +27572,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Queue Message object's attributes, and the request metadata.",
+            "description": "The Topic Filter Subscription object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueueMsgResponse"
+              "$ref": "#/definitions/MsgVpnReplayLogTopicFilterSubscriptionResponse"
             }
           },
           "default": {
@@ -24211,18 +27589,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Queue Message object.",
+        "summary": "Get a Topic Filter Subscription object.",
         "tags": [
           "all",
           "msgVpn",
-          "queue"
+          "replayLog"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/queues/{queueName}/priorities": {
+    "/msgVpns/{msgVpnName}/replicatedTopics": {
       "get": {
-        "description": "Get a list of Queue Priority objects.\n\nQueues can optionally support priority message delivery; all messages of a higher priority are delivered before any messages of a lower priority. A Priority object contains information about the number and size of the messages with a particular priority in the Queue.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\npriority|x|\nqueueName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
-        "operationId": "getMsgVpnQueuePriorities",
+        "description": "Get a list of Replicated Topic objects.\n\nTo indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nreplicatedTopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
+        "operationId": "getMsgVpnReplicatedTopics",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24231,13 +27609,6 @@
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The name of the Queue.",
-            "in": "path",
-            "name": "queueName",
-            "required": true,
-            "type": "string"
-          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -24256,9 +27627,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Queue Priority objects' attributes, and the request metadata.",
+            "description": "The list of Replicated Topic objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueuePrioritiesResponse"
+              "$ref": "#/definitions/MsgVpnReplicatedTopicsResponse"
             }
           },
           "default": {
@@ -24273,18 +27644,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Queue Priority objects.",
+        "summary": "Get a list of Replicated Topic objects.",
         "tags": [
           "all",
           "msgVpn",
-          "queue"
+          "replicatedTopic"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/queues/{queueName}/priorities/{priority}": {
+    "/msgVpns/{msgVpnName}/replicatedTopics/{replicatedTopic}": {
       "get": {
-        "description": "Get a Queue Priority object.\n\nQueues can optionally support priority message delivery; all messages of a higher priority are delivered before any messages of a lower priority. A Priority object contains information about the number and size of the messages with a particular priority in the Queue.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\npriority|x|\nqueueName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
-        "operationId": "getMsgVpnQueuePriority",
+        "description": "Get a Replicated Topic object.\n\nTo indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nreplicatedTopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
+        "operationId": "getMsgVpnReplicatedTopic",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24294,16 +27665,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the Queue.",
-            "in": "path",
-            "name": "queueName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The level of the Priority, from 9 (highest) to 0 (lowest).",
+            "description": "The topic for applying replication. Published messages matching this topic will be replicated to the standby site.",
             "in": "path",
-            "name": "priority",
+            "name": "replicatedTopic",
             "required": true,
             "type": "string"
           },
@@ -24316,9 +27680,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Queue Priority object's attributes, and the request metadata.",
+            "description": "The Replicated Topic object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueuePriorityResponse"
+              "$ref": "#/definitions/MsgVpnReplicatedTopicResponse"
             }
           },
           "default": {
@@ -24333,18 +27697,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Queue Priority object.",
+        "summary": "Get a Replicated Topic object.",
         "tags": [
           "all",
           "msgVpn",
-          "queue"
+          "replicatedTopic"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/queues/{queueName}/subscriptions": {
+    "/msgVpns/{msgVpnName}/restDeliveryPoints": {
       "get": {
-        "description": "Get a list of Queue Subscription objects.\n\nOne or more Queue Subscriptions can be added to a durable queue so that Guaranteed messages published to matching topics are also delivered to and spooled by the queue.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nqueueName|x|\nsubscriptionTopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
-        "operationId": "getMsgVpnQueueSubscriptions",
+        "description": "Get a list of REST Delivery Point objects.\n\nA REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nrestDeliveryPointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnRestDeliveryPoints",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24353,13 +27717,6 @@
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The name of the Queue.",
-            "in": "path",
-            "name": "queueName",
-            "required": true,
-            "type": "string"
-          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -24378,9 +27735,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Queue Subscription objects' attributes, and the request metadata.",
+            "description": "The list of REST Delivery Point objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueueSubscriptionsResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointsResponse"
             }
           },
           "default": {
@@ -24395,18 +27752,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Queue Subscription objects.",
+        "summary": "Get a list of REST Delivery Point objects.",
         "tags": [
           "all",
           "msgVpn",
-          "queue"
+          "restDeliveryPoint"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/queues/{queueName}/subscriptions/{subscriptionTopic}": {
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}": {
       "get": {
-        "description": "Get a Queue Subscription object.\n\nOne or more Queue Subscriptions can be added to a durable queue so that Guaranteed messages published to matching topics are also delivered to and spooled by the queue.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nqueueName|x|\nsubscriptionTopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
-        "operationId": "getMsgVpnQueueSubscription",
+        "description": "Get a REST Delivery Point object.\n\nA REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nrestDeliveryPointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnRestDeliveryPoint",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24416,16 +27773,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the Queue.",
-            "in": "path",
-            "name": "queueName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The topic of the Subscription.",
+            "description": "The name of the REST Delivery Point.",
             "in": "path",
-            "name": "subscriptionTopic",
+            "name": "restDeliveryPointName",
             "required": true,
             "type": "string"
           },
@@ -24438,9 +27788,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Queue Subscription object's attributes, and the request metadata.",
+            "description": "The REST Delivery Point object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueueSubscriptionResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointResponse"
             }
           },
           "default": {
@@ -24455,18 +27805,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Queue Subscription object.",
+        "summary": "Get a REST Delivery Point object.",
         "tags": [
           "all",
           "msgVpn",
-          "queue"
+          "restDeliveryPoint"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/queues/{queueName}/txFlows": {
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings": {
       "get": {
-        "description": "Get a list of Queue Transmit Flow objects.\n\nQueue Transmit Flows are used by clients to consume Guaranteed messages from a Queue.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nflowId|x|\nmsgVpnName|x|\nqueueName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
-        "operationId": "getMsgVpnQueueTxFlows",
+        "description": "Get a list of Queue Binding objects.\n\nA Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nqueueBindingName|x|\nrestDeliveryPointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnRestDeliveryPointQueueBindings",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24476,9 +27826,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the Queue.",
+            "description": "The name of the REST Delivery Point.",
             "in": "path",
-            "name": "queueName",
+            "name": "restDeliveryPointName",
             "required": true,
             "type": "string"
           },
@@ -24500,9 +27850,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Queue Transmit Flow objects' attributes, and the request metadata.",
+            "description": "The list of Queue Binding objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueueTxFlowsResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingsResponse"
             }
           },
           "default": {
@@ -24517,18 +27867,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Queue Transmit Flow objects.",
+        "summary": "Get a list of Queue Binding objects.",
         "tags": [
           "all",
           "msgVpn",
-          "queue"
+          "restDeliveryPoint"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/queues/{queueName}/txFlows/{flowId}": {
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings/{queueBindingName}": {
       "get": {
-        "description": "Get a Queue Transmit Flow object.\n\nQueue Transmit Flows are used by clients to consume Guaranteed messages from a Queue.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nflowId|x|\nmsgVpnName|x|\nqueueName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
-        "operationId": "getMsgVpnQueueTxFlow",
+        "description": "Get a Queue Binding object.\n\nA Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nqueueBindingName|x|\nrestDeliveryPointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnRestDeliveryPointQueueBinding",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24538,16 +27888,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the Queue.",
+            "description": "The name of the REST Delivery Point.",
             "in": "path",
-            "name": "queueName",
+            "name": "restDeliveryPointName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The identifier (ID) of the Flow.",
+            "description": "The name of a queue in the Message VPN.",
             "in": "path",
-            "name": "flowId",
+            "name": "queueBindingName",
             "required": true,
             "type": "string"
           },
@@ -24560,9 +27910,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Queue Transmit Flow object's attributes, and the request metadata.",
+            "description": "The Queue Binding object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnQueueTxFlowResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingResponse"
             }
           },
           "default": {
@@ -24577,18 +27927,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Queue Transmit Flow object.",
+        "summary": "Get a Queue Binding object.",
         "tags": [
           "all",
           "msgVpn",
-          "queue"
+          "restDeliveryPoint"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/replayLogs": {
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings/{queueBindingName}/protectedRequestHeaders": {
       "get": {
-        "description": "Get a list of Replay Log objects.\n\nWhen the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nreplayLogName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnReplayLogs",
+        "description": "Get a list of Protected Request Header objects.\n\nA protected request header to be added to the HTTP request. Unlike a non-protected request header, the header value cannot be displayed after it is set.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nheaderName|x|\nmsgVpnName|x|\nqueueBindingName|x|\nrestDeliveryPointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.30.",
+        "operationId": "getMsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaders",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24597,6 +27947,20 @@
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -24615,9 +27979,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Replay Log objects' attributes, and the request metadata.",
+            "description": "The list of Protected Request Header objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnReplayLogsResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeadersResponse"
             }
           },
           "default": {
@@ -24632,18 +27996,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Replay Log objects.",
+        "summary": "Get a list of Protected Request Header objects.",
         "tags": [
           "all",
           "msgVpn",
-          "replayLog"
+          "restDeliveryPoint"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/replayLogs/{replayLogName}": {
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings/{queueBindingName}/protectedRequestHeaders/{headerName}": {
       "get": {
-        "description": "Get a Replay Log object.\n\nWhen the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nreplayLogName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnReplayLog",
+        "description": "Get a Protected Request Header object.\n\nA protected request header to be added to the HTTP request. Unlike a non-protected request header, the header value cannot be displayed after it is set.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nheaderName|x|\nmsgVpnName|x|\nqueueBindingName|x|\nrestDeliveryPointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.30.",
+        "operationId": "getMsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24653,9 +28017,23 @@
             "type": "string"
           },
           {
-            "description": "The name of the Replay Log.",
+            "description": "The name of the REST Delivery Point.",
             "in": "path",
-            "name": "replayLogName",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the protected HTTP request header.",
+            "in": "path",
+            "name": "headerName",
             "required": true,
             "type": "string"
           },
@@ -24668,9 +28046,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Replay Log object's attributes, and the request metadata.",
+            "description": "The Protected Request Header object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnReplayLogResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaderResponse"
             }
           },
           "default": {
@@ -24685,18 +28063,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Replay Log object.",
+        "summary": "Get a Protected Request Header object.",
         "tags": [
           "all",
           "msgVpn",
-          "replayLog"
+          "restDeliveryPoint"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/replayLogs/{replayLogName}/msgs": {
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings/{queueBindingName}/requestHeaders": {
       "get": {
-        "description": "Get a list of Message objects.\n\nA Message is a packet of information sent from producers to consumers. Messages are the central units of information that clients exchange using the message broker and which are cached in the Replay Log.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgId|x|\nmsgVpnName|x|\nreplayLogName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnReplayLogMsgs",
+        "description": "Get a list of Request Header objects.\n\nA request header to be added to the HTTP request.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nheaderName|x|\nmsgVpnName|x|\nqueueBindingName|x|\nrestDeliveryPointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.23.",
+        "operationId": "getMsgVpnRestDeliveryPointQueueBindingRequestHeaders",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24706,9 +28084,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the Replay Log.",
+            "description": "The name of the REST Delivery Point.",
             "in": "path",
-            "name": "replayLogName",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
             "required": true,
             "type": "string"
           },
@@ -24730,9 +28115,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Message objects' attributes, and the request metadata.",
+            "description": "The list of Request Header objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnReplayLogMsgsResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeadersResponse"
             }
           },
           "default": {
@@ -24747,18 +28132,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Message objects.",
+        "summary": "Get a list of Request Header objects.",
         "tags": [
           "all",
           "msgVpn",
-          "replayLog"
+          "restDeliveryPoint"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/replayLogs/{replayLogName}/msgs/{msgId}": {
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings/{queueBindingName}/requestHeaders/{headerName}": {
       "get": {
-        "description": "Get a Message object.\n\nA Message is a packet of information sent from producers to consumers. Messages are the central units of information that clients exchange using the message broker and which are cached in the Replay Log.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgId|x|\nmsgVpnName|x|\nreplayLogName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnReplayLogMsg",
+        "description": "Get a Request Header object.\n\nA request header to be added to the HTTP request.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nheaderName|x|\nmsgVpnName|x|\nqueueBindingName|x|\nrestDeliveryPointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.23.",
+        "operationId": "getMsgVpnRestDeliveryPointQueueBindingRequestHeader",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24768,16 +28153,23 @@
             "type": "string"
           },
           {
-            "description": "The name of the Replay Log.",
+            "description": "The name of the REST Delivery Point.",
             "in": "path",
-            "name": "replayLogName",
+            "name": "restDeliveryPointName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The identifier (ID) of the message.",
+            "description": "The name of a queue in the Message VPN.",
             "in": "path",
-            "name": "msgId",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the HTTP request header.",
+            "in": "path",
+            "name": "headerName",
             "required": true,
             "type": "string"
           },
@@ -24790,9 +28182,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Message object's attributes, and the request metadata.",
+            "description": "The Request Header object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnReplayLogMsgResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeaderResponse"
             }
           },
           "default": {
@@ -24807,18 +28199,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Message object.",
+        "summary": "Get a Request Header object.",
         "tags": [
           "all",
           "msgVpn",
-          "replayLog"
+          "restDeliveryPoint"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/replicatedTopics": {
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers": {
       "get": {
-        "description": "Get a list of Replicated Topic objects.\n\nTo indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nreplicatedTopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
-        "operationId": "getMsgVpnReplicatedTopics",
+        "description": "Get a list of REST Consumer objects.\n\nREST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncounter.httpRequestConnectionCloseTxMsgCount||x\ncounter.httpRequestOutstandingTxMsgCount||x\ncounter.httpRequestTimedOutTxMsgCount||x\ncounter.httpRequestTxByteCount||x\ncounter.httpRequestTxMsgCount||x\ncounter.httpResponseErrorRxMsgCount||x\ncounter.httpResponseRxByteCount||x\ncounter.httpResponseRxMsgCount||x\ncounter.httpResponseSuccessRxMsgCount||x\nmsgVpnName|x|\nrestConsumerName|x|\nrestDeliveryPointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnRestDeliveryPointRestConsumers",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24827,6 +28219,13 @@
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -24845,9 +28244,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Replicated Topic objects' attributes, and the request metadata.",
+            "description": "The list of REST Consumer objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnReplicatedTopicsResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumersResponse"
             }
           },
           "default": {
@@ -24862,18 +28261,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Replicated Topic objects.",
+        "summary": "Get a list of REST Consumer objects.",
         "tags": [
           "all",
           "msgVpn",
-          "replicatedTopic"
+          "restDeliveryPoint"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/replicatedTopics/{replicatedTopic}": {
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}": {
       "get": {
-        "description": "Get a Replicated Topic object.\n\nTo indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nreplicatedTopic|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
-        "operationId": "getMsgVpnReplicatedTopic",
+        "description": "Get a REST Consumer object.\n\nREST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncounter.httpRequestConnectionCloseTxMsgCount||x\ncounter.httpRequestOutstandingTxMsgCount||x\ncounter.httpRequestTimedOutTxMsgCount||x\ncounter.httpRequestTxByteCount||x\ncounter.httpRequestTxMsgCount||x\ncounter.httpResponseErrorRxMsgCount||x\ncounter.httpResponseRxByteCount||x\ncounter.httpResponseRxMsgCount||x\ncounter.httpResponseSuccessRxMsgCount||x\nmsgVpnName|x|\nrestConsumerName|x|\nrestDeliveryPointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnRestDeliveryPointRestConsumer",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24883,9 +28282,16 @@
             "type": "string"
           },
           {
-            "description": "The topic for applying replication. Published messages matching this topic will be replicated to the standby site.",
+            "description": "The name of the REST Delivery Point.",
             "in": "path",
-            "name": "replicatedTopic",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Consumer.",
+            "in": "path",
+            "name": "restConsumerName",
             "required": true,
             "type": "string"
           },
@@ -24898,9 +28304,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Replicated Topic object's attributes, and the request metadata.",
+            "description": "The REST Consumer object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnReplicatedTopicResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerResponse"
             }
           },
           "default": {
@@ -24915,18 +28321,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Replicated Topic object.",
+        "summary": "Get a REST Consumer object.",
         "tags": [
           "all",
           "msgVpn",
-          "replicatedTopic"
+          "restDeliveryPoint"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/restDeliveryPoints": {
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}/oauthJwtClaims": {
       "get": {
-        "description": "Get a list of REST Delivery Point objects.\n\nA REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nrestDeliveryPointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnRestDeliveryPoints",
+        "description": "Get a list of Claim objects.\n\nA Claim is added to the JWT sent to the OAuth token request endpoint.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\noauthJwtClaimName|x|\nrestConsumerName|x|\nrestDeliveryPointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.21.",
+        "operationId": "getMsgVpnRestDeliveryPointRestConsumerOauthJwtClaims",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24935,6 +28341,20 @@
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Consumer.",
+            "in": "path",
+            "name": "restConsumerName",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -24953,9 +28373,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of REST Delivery Point objects' attributes, and the request metadata.",
+            "description": "The list of Claim objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointsResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerOauthJwtClaimsResponse"
             }
           },
           "default": {
@@ -24970,7 +28390,7 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of REST Delivery Point objects.",
+        "summary": "Get a list of Claim objects.",
         "tags": [
           "all",
           "msgVpn",
@@ -24978,10 +28398,10 @@
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}": {
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}/oauthJwtClaims/{oauthJwtClaimName}": {
       "get": {
-        "description": "Get a REST Delivery Point object.\n\nA REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nrestDeliveryPointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnRestDeliveryPoint",
+        "description": "Get a Claim object.\n\nA Claim is added to the JWT sent to the OAuth token request endpoint.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\noauthJwtClaimName|x|\nrestConsumerName|x|\nrestDeliveryPointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.21.",
+        "operationId": "getMsgVpnRestDeliveryPointRestConsumerOauthJwtClaim",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -24997,6 +28417,20 @@
             "required": true,
             "type": "string"
           },
+          {
+            "description": "The name of the REST Consumer.",
+            "in": "path",
+            "name": "restConsumerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the additional claim. Cannot be \"exp\", \"iat\", or \"jti\".",
+            "in": "path",
+            "name": "oauthJwtClaimName",
+            "required": true,
+            "type": "string"
+          },
           {
             "$ref": "#/parameters/selectQuery"
           }
@@ -25006,9 +28440,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The REST Delivery Point object's attributes, and the request metadata.",
+            "description": "The Claim object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerOauthJwtClaimResponse"
             }
           },
           "default": {
@@ -25023,7 +28457,7 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a REST Delivery Point object.",
+        "summary": "Get a Claim object.",
         "tags": [
           "all",
           "msgVpn",
@@ -25031,10 +28465,11 @@
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings": {
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}/tlsTrustedCommonNames": {
       "get": {
-        "description": "Get a list of Queue Binding objects.\n\nA Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nqueueBindingName|x|\nrestDeliveryPointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnRestDeliveryPointQueueBindings",
+        "deprecated": true,
+        "description": "Get a list of Trusted Common Name objects.\n\nThe Trusted Common Names for the REST Consumer are used by encrypted transports to verify the name in the certificate presented by the remote REST consumer. They must include the common name of the remote REST consumer's server certificate.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|x\nrestConsumerName|x|x\nrestDeliveryPointName|x|x\ntlsTrustedCommonName|x|x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.17. Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "getMsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonNames",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -25051,10 +28486,11 @@
             "type": "string"
           },
           {
-            "$ref": "#/parameters/countQuery"
-          },
-          {
-            "$ref": "#/parameters/cursorQuery"
+            "description": "The name of the REST Consumer.",
+            "in": "path",
+            "name": "restConsumerName",
+            "required": true,
+            "type": "string"
           },
           {
             "$ref": "#/parameters/whereQuery"
@@ -25068,9 +28504,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Queue Binding objects' attributes, and the request metadata.",
+            "description": "The list of Trusted Common Name objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingsResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonNamesResponse"
             }
           },
           "default": {
@@ -25085,7 +28521,7 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Queue Binding objects.",
+        "summary": "Get a list of Trusted Common Name objects.",
         "tags": [
           "all",
           "msgVpn",
@@ -25093,10 +28529,11 @@
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings/{queueBindingName}": {
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}/tlsTrustedCommonNames/{tlsTrustedCommonName}": {
       "get": {
-        "description": "Get a Queue Binding object.\n\nA Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nqueueBindingName|x|\nrestDeliveryPointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnRestDeliveryPointQueueBinding",
+        "deprecated": true,
+        "description": "Get a Trusted Common Name object.\n\nThe Trusted Common Names for the REST Consumer are used by encrypted transports to verify the name in the certificate presented by the remote REST consumer. They must include the common name of the remote REST consumer's server certificate.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|x\nrestConsumerName|x|x\nrestDeliveryPointName|x|x\ntlsTrustedCommonName|x|x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.17. Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "getMsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonName",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -25113,9 +28550,16 @@
             "type": "string"
           },
           {
-            "description": "The name of a queue in the Message VPN.",
+            "description": "The name of the REST Consumer.",
             "in": "path",
-            "name": "queueBindingName",
+            "name": "restConsumerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The expected trusted common name of the remote certificate.",
+            "in": "path",
+            "name": "tlsTrustedCommonName",
             "required": true,
             "type": "string"
           },
@@ -25128,9 +28572,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Queue Binding object's attributes, and the request metadata.",
+            "description": "The Trusted Common Name object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingResponse"
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonNameResponse"
             }
           },
           "default": {
@@ -25145,7 +28589,7 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Queue Binding object.",
+        "summary": "Get a Trusted Common Name object.",
         "tags": [
           "all",
           "msgVpn",
@@ -25153,10 +28597,10 @@
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings/{queueBindingName}/requestHeaders": {
+    "/msgVpns/{msgVpnName}/telemetryProfiles": {
       "get": {
-        "description": "Get a list of Request Header objects.\n\nA request header to be added to the HTTP request.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nheaderName|x|\nmsgVpnName|x|\nqueueBindingName|x|\nrestDeliveryPointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.23.",
-        "operationId": "getMsgVpnRestDeliveryPointQueueBindingRequestHeaders",
+        "description": "Get a list of Telemetry Profile objects.\n\nUsing the Telemetry Profile allows trace spans to be generated as messages are processed by the broker. The generated spans are stored persistently on the broker and may be consumed by the Solace receiver component of an OpenTelemetry Collector.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\ntelemetryProfileName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "getMsgVpnTelemetryProfiles",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -25165,20 +28609,6 @@
             "required": true,
             "type": "string"
           },
-          {
-            "description": "The name of the REST Delivery Point.",
-            "in": "path",
-            "name": "restDeliveryPointName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of a queue in the Message VPN.",
-            "in": "path",
-            "name": "queueBindingName",
-            "required": true,
-            "type": "string"
-          },
           {
             "$ref": "#/parameters/countQuery"
           },
@@ -25197,9 +28627,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Request Header objects' attributes, and the request metadata.",
+            "description": "The list of Telemetry Profile objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeadersResponse"
+              "$ref": "#/definitions/MsgVpnTelemetryProfilesResponse"
             }
           },
           "default": {
@@ -25214,18 +28644,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Request Header objects.",
+        "summary": "Get a list of Telemetry Profile objects.",
         "tags": [
           "all",
           "msgVpn",
-          "restDeliveryPoint"
+          "telemetryProfile"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings/{queueBindingName}/requestHeaders/{headerName}": {
+    "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}": {
       "get": {
-        "description": "Get a Request Header object.\n\nA request header to be added to the HTTP request.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nheaderName|x|\nmsgVpnName|x|\nqueueBindingName|x|\nrestDeliveryPointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.23.",
-        "operationId": "getMsgVpnRestDeliveryPointQueueBindingRequestHeader",
+        "description": "Get a Telemetry Profile object.\n\nUsing the Telemetry Profile allows trace spans to be generated as messages are processed by the broker. The generated spans are stored persistently on the broker and may be consumed by the Solace receiver component of an OpenTelemetry Collector.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\ntelemetryProfileName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "getMsgVpnTelemetryProfile",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -25235,23 +28665,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the REST Delivery Point.",
-            "in": "path",
-            "name": "restDeliveryPointName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of a queue in the Message VPN.",
-            "in": "path",
-            "name": "queueBindingName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the HTTP request header.",
+            "description": "The name of the Telemetry Profile.",
             "in": "path",
-            "name": "headerName",
+            "name": "telemetryProfileName",
             "required": true,
             "type": "string"
           },
@@ -25264,9 +28680,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Request Header object's attributes, and the request metadata.",
+            "description": "The Telemetry Profile object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeaderResponse"
+              "$ref": "#/definitions/MsgVpnTelemetryProfileResponse"
             }
           },
           "default": {
@@ -25281,18 +28697,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Request Header object.",
+        "summary": "Get a Telemetry Profile object.",
         "tags": [
           "all",
           "msgVpn",
-          "restDeliveryPoint"
+          "telemetryProfile"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers": {
+    "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}/receiverAclConnectExceptions": {
       "get": {
-        "description": "Get a list of REST Consumer objects.\n\nREST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncounter.httpRequestConnectionCloseTxMsgCount||x\ncounter.httpRequestOutstandingTxMsgCount||x\ncounter.httpRequestTimedOutTxMsgCount||x\ncounter.httpRequestTxByteCount||x\ncounter.httpRequestTxMsgCount||x\ncounter.httpResponseErrorRxMsgCount||x\ncounter.httpResponseRxByteCount||x\ncounter.httpResponseRxMsgCount||x\ncounter.httpResponseSuccessRxMsgCount||x\nmsgVpnName|x|\nrestConsumerName|x|\nrestDeliveryPointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnRestDeliveryPointRestConsumers",
+        "description": "Get a list of Receiver ACL Connect Exception objects.\n\nA Receiver ACL Connect Exception is an exception to the default action to take when a receiver connects to the broker. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nreceiverAclConnectExceptionAddress|x|\ntelemetryProfileName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "getMsgVpnTelemetryProfileReceiverAclConnectExceptions",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -25302,9 +28718,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the REST Delivery Point.",
+            "description": "The name of the Telemetry Profile.",
             "in": "path",
-            "name": "restDeliveryPointName",
+            "name": "telemetryProfileName",
             "required": true,
             "type": "string"
           },
@@ -25326,9 +28742,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of REST Consumer objects' attributes, and the request metadata.",
+            "description": "The list of Receiver ACL Connect Exception objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumersResponse"
+              "$ref": "#/definitions/MsgVpnTelemetryProfileReceiverAclConnectExceptionsResponse"
             }
           },
           "default": {
@@ -25343,18 +28759,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of REST Consumer objects.",
+        "summary": "Get a list of Receiver ACL Connect Exception objects.",
         "tags": [
           "all",
           "msgVpn",
-          "restDeliveryPoint"
+          "telemetryProfile"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}": {
+    "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}/receiverAclConnectExceptions/{receiverAclConnectExceptionAddress}": {
       "get": {
-        "description": "Get a REST Consumer object.\n\nREST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\ncounter.httpRequestConnectionCloseTxMsgCount||x\ncounter.httpRequestOutstandingTxMsgCount||x\ncounter.httpRequestTimedOutTxMsgCount||x\ncounter.httpRequestTxByteCount||x\ncounter.httpRequestTxMsgCount||x\ncounter.httpResponseErrorRxMsgCount||x\ncounter.httpResponseRxByteCount||x\ncounter.httpResponseRxMsgCount||x\ncounter.httpResponseSuccessRxMsgCount||x\nmsgVpnName|x|\nrestConsumerName|x|\nrestDeliveryPointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
-        "operationId": "getMsgVpnRestDeliveryPointRestConsumer",
+        "description": "Get a Receiver ACL Connect Exception object.\n\nA Receiver ACL Connect Exception is an exception to the default action to take when a receiver connects to the broker. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nreceiverAclConnectExceptionAddress|x|\ntelemetryProfileName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "getMsgVpnTelemetryProfileReceiverAclConnectException",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -25364,16 +28780,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the REST Delivery Point.",
+            "description": "The name of the Telemetry Profile.",
             "in": "path",
-            "name": "restDeliveryPointName",
+            "name": "telemetryProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the REST Consumer.",
+            "description": "The IP address/netmask of the receiver connect exception in CIDR form.",
             "in": "path",
-            "name": "restConsumerName",
+            "name": "receiverAclConnectExceptionAddress",
             "required": true,
             "type": "string"
           },
@@ -25386,9 +28802,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The REST Consumer object's attributes, and the request metadata.",
+            "description": "The Receiver ACL Connect Exception object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerResponse"
+              "$ref": "#/definitions/MsgVpnTelemetryProfileReceiverAclConnectExceptionResponse"
             }
           },
           "default": {
@@ -25403,18 +28819,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a REST Consumer object.",
+        "summary": "Get a Receiver ACL Connect Exception object.",
         "tags": [
           "all",
           "msgVpn",
-          "restDeliveryPoint"
+          "telemetryProfile"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}/oauthJwtClaims": {
+    "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}/traceFilters": {
       "get": {
-        "description": "Get a list of Claim objects.\n\nA Claim is added to the JWT sent to the OAuth token request endpoint.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\noauthJwtClaimName|x|\nrestConsumerName|x|\nrestDeliveryPointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.21.",
-        "operationId": "getMsgVpnRestDeliveryPointRestConsumerOauthJwtClaims",
+        "description": "Get a list of Trace Filter objects.\n\nA Trace Filter controls which messages received by the broker will be traced. If an incoming message matches an enabled tracing filter's subscription, the message will be traced as it passes through the broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\ntelemetryProfileName|x|\ntraceFilterName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "getMsgVpnTelemetryProfileTraceFilters",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -25424,16 +28840,9 @@
             "type": "string"
           },
           {
-            "description": "The name of the REST Delivery Point.",
-            "in": "path",
-            "name": "restDeliveryPointName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the REST Consumer.",
+            "description": "The name of the Telemetry Profile.",
             "in": "path",
-            "name": "restConsumerName",
+            "name": "telemetryProfileName",
             "required": true,
             "type": "string"
           },
@@ -25455,9 +28864,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Claim objects' attributes, and the request metadata.",
+            "description": "The list of Trace Filter objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerOauthJwtClaimsResponse"
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFiltersResponse"
             }
           },
           "default": {
@@ -25472,18 +28881,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Claim objects.",
+        "summary": "Get a list of Trace Filter objects.",
         "tags": [
           "all",
           "msgVpn",
-          "restDeliveryPoint"
+          "telemetryProfile"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}/oauthJwtClaims/{oauthJwtClaimName}": {
+    "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}/traceFilters/{traceFilterName}": {
       "get": {
-        "description": "Get a Claim object.\n\nA Claim is added to the JWT sent to the OAuth token request endpoint.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\noauthJwtClaimName|x|\nrestConsumerName|x|\nrestDeliveryPointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.21.",
-        "operationId": "getMsgVpnRestDeliveryPointRestConsumerOauthJwtClaim",
+        "description": "Get a Trace Filter object.\n\nA Trace Filter controls which messages received by the broker will be traced. If an incoming message matches an enabled tracing filter's subscription, the message will be traced as it passes through the broker.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\ntelemetryProfileName|x|\ntraceFilterName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "getMsgVpnTelemetryProfileTraceFilter",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -25493,23 +28902,16 @@
             "type": "string"
           },
           {
-            "description": "The name of the REST Delivery Point.",
-            "in": "path",
-            "name": "restDeliveryPointName",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "description": "The name of the REST Consumer.",
+            "description": "The name of the Telemetry Profile.",
             "in": "path",
-            "name": "restConsumerName",
+            "name": "telemetryProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the additional claim. Cannot be \"exp\", \"iat\", or \"jti\".",
+            "description": "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
             "in": "path",
-            "name": "oauthJwtClaimName",
+            "name": "traceFilterName",
             "required": true,
             "type": "string"
           },
@@ -25522,9 +28924,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Claim object's attributes, and the request metadata.",
+            "description": "The Trace Filter object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerOauthJwtClaimResponse"
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterResponse"
             }
           },
           "default": {
@@ -25539,19 +28941,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Claim object.",
+        "summary": "Get a Trace Filter object.",
         "tags": [
           "all",
           "msgVpn",
-          "restDeliveryPoint"
+          "telemetryProfile"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}/tlsTrustedCommonNames": {
+    "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}/traceFilters/{traceFilterName}/subscriptions": {
       "get": {
-        "deprecated": true,
-        "description": "Get a list of Trusted Common Name objects.\n\nThe Trusted Common Names for the REST Consumer are used by encrypted transports to verify the name in the certificate presented by the remote REST consumer. They must include the common name of the remote REST consumer's server certificate.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|x\nrestConsumerName|x|x\nrestDeliveryPointName|x|x\ntlsTrustedCommonName|x|x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.17. Common Name validation has been replaced by Server Certificate Name validation.",
-        "operationId": "getMsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonNames",
+        "description": "Get a list of Telemetry Trace Filter Subscription objects.\n\nTrace filter subscriptions control which messages will be attracted by the tracing filter.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nsubscription|x|\nsubscriptionSyntax|x|\ntelemetryProfileName|x|\ntraceFilterName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "getMsgVpnTelemetryProfileTraceFilterSubscriptions",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -25561,19 +28962,25 @@
             "type": "string"
           },
           {
-            "description": "The name of the REST Delivery Point.",
+            "description": "The name of the Telemetry Profile.",
             "in": "path",
-            "name": "restDeliveryPointName",
+            "name": "telemetryProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the REST Consumer.",
+            "description": "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
             "in": "path",
-            "name": "restConsumerName",
+            "name": "traceFilterName",
             "required": true,
             "type": "string"
           },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
           {
             "$ref": "#/parameters/whereQuery"
           },
@@ -25586,9 +28993,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Trusted Common Name objects' attributes, and the request metadata.",
+            "description": "The list of Telemetry Trace Filter Subscription objects' attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonNamesResponse"
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterSubscriptionsResponse"
             }
           },
           "default": {
@@ -25603,19 +29010,18 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Trusted Common Name objects.",
+        "summary": "Get a list of Telemetry Trace Filter Subscription objects.",
         "tags": [
           "all",
           "msgVpn",
-          "restDeliveryPoint"
+          "telemetryProfile"
         ]
       }
     },
-    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}/tlsTrustedCommonNames/{tlsTrustedCommonName}": {
+    "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}/traceFilters/{traceFilterName}/subscriptions/{subscription},{subscriptionSyntax}": {
       "get": {
-        "deprecated": true,
-        "description": "Get a Trusted Common Name object.\n\nThe Trusted Common Names for the REST Consumer are used by encrypted transports to verify the name in the certificate presented by the remote REST consumer. They must include the common name of the remote REST consumer's server certificate.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|x\nrestConsumerName|x|x\nrestDeliveryPointName|x|x\ntlsTrustedCommonName|x|x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.17. Common Name validation has been replaced by Server Certificate Name validation.",
-        "operationId": "getMsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonName",
+        "description": "Get a Telemetry Trace Filter Subscription object.\n\nTrace filter subscriptions control which messages will be attracted by the tracing filter.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\nsubscription|x|\nsubscriptionSyntax|x|\ntelemetryProfileName|x|\ntraceFilterName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "getMsgVpnTelemetryProfileTraceFilterSubscription",
         "parameters": [
           {
             "description": "The name of the Message VPN.",
@@ -25625,23 +29031,30 @@
             "type": "string"
           },
           {
-            "description": "The name of the REST Delivery Point.",
+            "description": "The name of the Telemetry Profile.",
             "in": "path",
-            "name": "restDeliveryPointName",
+            "name": "telemetryProfileName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The name of the REST Consumer.",
+            "description": "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
             "in": "path",
-            "name": "restConsumerName",
+            "name": "traceFilterName",
             "required": true,
             "type": "string"
           },
           {
-            "description": "The expected trusted common name of the remote certificate.",
+            "description": "Messages matching this subscription will follow this filter's configuration.",
             "in": "path",
-            "name": "tlsTrustedCommonName",
+            "name": "subscription",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The syntax of the trace filter subscription.",
+            "in": "path",
+            "name": "subscriptionSyntax",
             "required": true,
             "type": "string"
           },
@@ -25654,9 +29067,9 @@
         ],
         "responses": {
           "200": {
-            "description": "The Trusted Common Name object's attributes, and the request metadata.",
+            "description": "The Telemetry Trace Filter Subscription object's attributes, and the request metadata.",
             "schema": {
-              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonNameResponse"
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterSubscriptionResponse"
             }
           },
           "default": {
@@ -25671,11 +29084,11 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Trusted Common Name object.",
+        "summary": "Get a Telemetry Trace Filter Subscription object.",
         "tags": [
           "all",
           "msgVpn",
-          "restDeliveryPoint"
+          "telemetryProfile"
         ]
       }
     },
@@ -25789,7 +29202,7 @@
     },
     "/msgVpns/{msgVpnName}/topicEndpoints": {
       "get": {
-        "description": "Get a list of Topic Endpoint objects.\n\nA Topic Endpoint attracts messages published to a topic for which the Topic Endpoint has a matching topic subscription. The topic subscription for the Topic Endpoint is specified in the client request to bind a Flow to that Topic Endpoint. Queues are significantly more flexible than Topic Endpoints and are the recommended approach for most applications. The use of Topic Endpoints should be restricted to JMS applications.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\ntopicEndpointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
+        "description": "Get a list of Topic Endpoint objects.\n\nA Topic Endpoint attracts messages published to a topic for which the Topic Endpoint has a matching topic subscription. The topic subscription for the Topic Endpoint is specified in the client request to bind a Flow to that Topic Endpoint. Queues are significantly more flexible than Topic Endpoints and are the recommended approach for most applications. The use of Topic Endpoints should be restricted to JMS applications.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\ntopicEndpointName|x|\nvirtualRouter||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
         "operationId": "getMsgVpnTopicEndpoints",
         "parameters": [
           {
@@ -25844,7 +29257,7 @@
     },
     "/msgVpns/{msgVpnName}/topicEndpoints/{topicEndpointName}": {
       "get": {
-        "description": "Get a Topic Endpoint object.\n\nA Topic Endpoint attracts messages published to a topic for which the Topic Endpoint has a matching topic subscription. The topic subscription for the Topic Endpoint is specified in the client request to bind a Flow to that Topic Endpoint. Queues are significantly more flexible than Topic Endpoints and are the recommended approach for most applications. The use of Topic Endpoints should be restricted to JMS applications.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\ntopicEndpointName|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
+        "description": "Get a Topic Endpoint object.\n\nA Topic Endpoint attracts messages published to a topic for which the Topic Endpoint has a matching topic subscription. The topic subscription for the Topic Endpoint is specified in the client request to bind a Flow to that Topic Endpoint. Queues are significantly more flexible than Topic Endpoints and are the recommended approach for most applications. The use of Topic Endpoints should be restricted to JMS applications.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nmsgVpnName|x|\ntopicEndpointName|x|\nvirtualRouter||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.12.",
         "operationId": "getMsgVpnTopicEndpoint",
         "parameters": [
           {
@@ -27463,7 +30876,7 @@
     },
     "/sessions": {
       "get": {
-        "description": "Get a list of Session objects.\n\nAdministrative sessions for configuration and monitoring.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nsessionId|x|\nsessionUsername|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.21.",
+        "description": "Get a list of SEMP Session objects.\n\nAdministrative sessions for configuration and monitoring.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nsessionId|x|\nsessionUsername|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.21.",
         "operationId": "getSessions",
         "parameters": [
           {
@@ -27484,7 +30897,7 @@
         ],
         "responses": {
           "200": {
-            "description": "The list of Session objects' attributes, and the request metadata.",
+            "description": "The list of SEMP Session objects' attributes, and the request metadata.",
             "schema": {
               "$ref": "#/definitions/SessionsResponse"
             }
@@ -27501,7 +30914,7 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a list of Session objects.",
+        "summary": "Get a list of SEMP Session objects.",
         "tags": [
           "all",
           "session"
@@ -27510,7 +30923,7 @@
     },
     "/sessions/{sessionUsername},{sessionId}": {
       "get": {
-        "description": "Get a Session object.\n\nAdministrative sessions for configuration and monitoring.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nsessionId|x|\nsessionUsername|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.21.",
+        "description": "Get a SEMP Session object.\n\nAdministrative sessions for configuration and monitoring.\n\n\nAttribute|Identifying|Deprecated\n:---|:---:|:---:\nsessionId|x|\nsessionUsername|x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.21.",
         "operationId": "getSession",
         "parameters": [
           {
@@ -27536,7 +30949,7 @@
         ],
         "responses": {
           "200": {
-            "description": "The Session object's attributes, and the request metadata.",
+            "description": "The SEMP Session object's attributes, and the request metadata.",
             "schema": {
               "$ref": "#/definitions/SessionResponse"
             }
@@ -27553,7 +30966,7 @@
             "basicAuth": []
           }
         ],
-        "summary": "Get a Session object.",
+        "summary": "Get a SEMP Session object.",
         "tags": [
           "all",
           "session"
diff --git a/test/solclient_log_debug.go b/test/solclient_log_debug.go
index 635d37e..0f790af 100644
--- a/test/solclient_log_debug.go
+++ b/test/solclient_log_debug.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/test/solclient_log_default.go b/test/solclient_log_default.go
index a84b134..e1c6b26 100644
--- a/test/solclient_log_default.go
+++ b/test/solclient_log_default.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/test/testcontext/config.go b/test/testcontext/config.go
index 9543f47..947c9ba 100644
--- a/test/testcontext/config.go
+++ b/test/testcontext/config.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -47,8 +47,15 @@ type TestContainersConfig struct {
 
 // OAuthConfig represents OAuth's config
 type OAuthConfig struct {
-	Hostname string `json:"hostname,omitempty" env:"PUBSUB_OAUTHSERVER_HOSTNAME"`
-	Image    string `env:"OAUTH_TEST_IMAGE"`
+	Hostname  string               `json:"hostname,omitempty" env:"PUBSUB_OAUTHSERVER_HOSTNAME"`
+	Endpoints *OAuthEndpointConfig `json:"endpoints,omitempty"`
+	Image     string               `env:"OAUTH_TEST_IMAGE"`
+}
+
+// OAuthEndpointConfig
+type OAuthEndpointConfig struct {
+	JwksEndpoint     string `json:"jwks,omitempty" env:"PUBSUB_OAUTHSERVER_JWKS_ENDPOINT"`
+	UserInfoEndpoint string `json:"user_info,omitempty" env:"PUBSUB_OAUTHSERVER_USERINFO_ENDPOINT"`
 }
 
 // KerberosConfig represents Kerberos's config
diff --git a/test/testcontext/kinit_darwin.go b/test/testcontext/kinit_darwin.go
index c38a4ab..c471c52 100644
--- a/test/testcontext/kinit_darwin.go
+++ b/test/testcontext/kinit_darwin.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/test/testcontext/kinit_linux.go b/test/testcontext/kinit_linux.go
index bab501b..9eaf0ba 100644
--- a/test/testcontext/kinit_linux.go
+++ b/test/testcontext/kinit_linux.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/test/testcontext/messaging.go b/test/testcontext/messaging.go
index 2531de8..c357deb 100644
--- a/test/testcontext/messaging.go
+++ b/test/testcontext/messaging.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/test/testcontext/semp.go b/test/testcontext/semp.go
index f88979f..7326919 100644
--- a/test/testcontext/semp.go
+++ b/test/testcontext/semp.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -21,7 +21,6 @@ import (
 	"crypto/tls"
 	"fmt"
 	"net/http"
-
 	"solace.dev/go/messaging/test/sempclient/action"
 	"solace.dev/go/messaging/test/sempclient/config"
 	"solace.dev/go/messaging/test/sempclient/monitor"
@@ -29,11 +28,12 @@ import (
 
 // SEMPConfig structure
 type SEMPConfig struct {
-	Port     int    `json:"port" env:"PUBSUB_SEMP_PORT"`
-	Secure   int    `json:"secure" env:"PUBSUB_SECURE_SEMP_PORT"`
-	Host     string `json:"host" env:"PUBSUB_MANAGEMENT_HOST"`
-	Username string `json:"username" env:"PUBSUB_MANAGEMENT_USER"`
-	Password string `json:"password" env:"PUBSUB_MANAGEMENT_PASSWORD"`
+	Port       int    `json:"port" env:"PUBSUB_SEMP_PORT"`
+	Secure     int    `json:"secure" env:"PUBSUB_SECURE_SEMP_PORT"`
+	Host       string `json:"host" env:"PUBSUB_MANAGEMENT_HOST"`
+	Username   string `json:"username" env:"PUBSUB_MANAGEMENT_USER"`
+	Password   string `json:"password" env:"PUBSUB_MANAGEMENT_PASSWORD"`
+	ForcePlain bool   `json:"force_plain,omitempty" env:"PUBSUB_SEMP_FORCE_PLAIN"`
 }
 
 // SEMPv2 allows access to various SEMPv2 clients as well as their authentication parameters
@@ -74,11 +74,15 @@ func newSempV2(config *SEMPConfig) *sempV2Impl {
 func (semp *sempV2Impl) setup() error {
 	// Create a new HTTP client to use with SEMP that skips validation
 	// This lets us use SEMP over TLS allowing for server certificate configuration
-	tr := &http.Transport{
-		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+	httpClient := http.DefaultClient
+	url := fmt.Sprintf("http://%s:%d/SEMP/v2/", semp.config.Host, semp.config.Port)
+	if !semp.config.ForcePlain {
+		tr := &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+		}
+		httpClient = &http.Client{Transport: tr}
+		url = fmt.Sprintf("https://%s:%d/SEMP/v2/", semp.config.Host, semp.config.Secure)
 	}
-	httpClient := &http.Client{Transport: tr}
-	url := fmt.Sprintf("https://%s:%d/SEMP/v2/", semp.config.Host, semp.config.Secure)
 	semp.actionCtx = context.WithValue(context.Background(), action.ContextBasicAuth, action.BasicAuth{
 		UserName: semp.config.Username,
 		Password: semp.config.Password,
diff --git a/test/testcontext/test_context.go b/test/testcontext/test_context.go
index 8efc43e..f910f01 100644
--- a/test/testcontext/test_context.go
+++ b/test/testcontext/test_context.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -75,6 +75,11 @@ func OAuth() *OAuthConfig {
 	return instance.OAuth()
 }
 
+// function to wait for semp serivces
+func WaitForSEMPReachable() error {
+	return instance.WaitForSEMPReachable()
+}
+
 // testContext represents a test context
 type testContext interface {
 	// Setup is a blocking call to set up the test context. For example, docker compose based
@@ -93,8 +98,10 @@ type testContext interface {
 	// ToxiProxy will not be available in certain test contexts and should always be checked for presence before executing.
 	// For example, when targeting an environment based broker such as an appliance, no toxi proxi will be available.
 	ToxiProxy() ToxiProxy
-  // OAuth returns the OAuth config
+	// OAuth returns the OAuth config
 	OAuth() *OAuthConfig
+	// waits for semp service to be reachable
+	WaitForSEMPReachable() error
 }
 
 type testContextCommon struct {
@@ -165,6 +172,41 @@ func (context *testContextCommon) setupCommon(configPath string) error {
 	return nil
 }
 
+// function to poll for a msgvpn state where expected values are "up", "down", or "standby"
+// note state will be convert to lower case
+func (context *testContextCommon) waitForVPNState(state string) error {
+	//resp, httpResp, err := context.semp.Monitor().MsgVpnApi.GetMsgVpn(context.semp.MonitorCtx(), context.config.Messaging.VPN, nil)
+	// resp.Data.State contains a string for operational state of the message vpn values are: "up", "down", or "standby"
+	maxPollInterval := 500 * time.Millisecond
+	pollInterval := 1 * time.Millisecond
+	timeout := 300 * time.Second
+	timeoutChannel := time.After(timeout)
+
+	for {
+		if pollInterval < maxPollInterval {
+			pollInterval = pollInterval * 2
+		} else {
+			pollInterval = maxPollInterval
+		}
+		resp, _, err := context.semp.Monitor().MsgVpnApi.GetMsgVpn(context.semp.MonitorCtx(), context.config.Messaging.VPN, nil)
+		if err == nil && resp.Data != nil {
+			if remoteState := strings.ToLower(resp.Data.State); remoteState == strings.ToLower(state) {
+				return nil
+			}
+		}
+		select {
+		case <-timeoutChannel:
+			return fmt.Errorf("timed out waiting for vpn status", context.config.Messaging.VPN)
+		case <-time.After(pollInterval):
+			continue
+		}
+	}
+}
+
+func (context *testContextCommon) WaitForSEMPReachable() error {
+	return context.waitForSEMP()
+}
+
 func (context *testContextCommon) waitForToxiProxy() error {
 	err := waitForEndpoint(fmt.Sprintf("http://%s:%d", context.config.ToxiProxy.Host, context.config.ToxiProxy.Port), 404)
 	if err != nil {
@@ -195,25 +237,28 @@ func (context *testContextCommon) waitForMessaging() error {
 }
 
 func waitForEndpoint(endpoint string, expectedCode int) error {
-	pollInterval := 1000 * time.Millisecond
+	maxPollInterval := 500 * time.Millisecond
+	pollInterval := 1 * time.Millisecond
 	timeout := 300 * time.Second
 	timeoutChannel := time.After(timeout)
+
 	for {
+		if pollInterval < maxPollInterval {
+			pollInterval = pollInterval * 2
+		} else {
+			pollInterval = maxPollInterval
+		}
+		resp, err := http.Get(endpoint)
+		if err == nil {
+			if err := resp.Body.Close(); resp.StatusCode == expectedCode && err == nil {
+				return nil
+			}
+		}
 		select {
 		case <-timeoutChannel:
 			return fmt.Errorf("timed out waiting for %s", endpoint)
 		case <-time.After(pollInterval):
-			resp, err := http.Get(endpoint)
-			if err != nil {
-				continue
-			}
-			if resp.StatusCode != expectedCode {
-				continue
-			}
-			if err := resp.Body.Close(); err != nil {
-				continue
-			}
-			return nil
+			continue
 		}
 	}
 }
diff --git a/test/testcontext/test_context_remote.go b/test/testcontext/test_context_remote.go
index 0038417..8465471 100644
--- a/test/testcontext/test_context_remote.go
+++ b/test/testcontext/test_context_remote.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/test/testcontext/test_context_testcontainers.go b/test/testcontext/test_context_testcontainers.go
index 80a5aa8..ea2f493 100644
--- a/test/testcontext/test_context_testcontainers.go
+++ b/test/testcontext/test_context_testcontainers.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -123,6 +123,12 @@ func (context *testContainersTestContext) Setup() error {
 		}
 	}
 
+	fmt.Println("Waiting for MsgVPN " + context.config.Messaging.VPN + " to be up")
+	err = context.waitForVPNState("up")
+	if err != nil {
+		return err
+	}
+
 	fmt.Println("-- TESTCONTAINERS SETUP COMPLETE --")
 	fmt.Println()
 	return nil
@@ -132,10 +138,28 @@ func (context *testContainersTestContext) Setup() error {
 func (context *testContainersTestContext) Teardown() error {
 	fmt.Println()
 	fmt.Println("-- TESTCONTAINERS TEARDOWN --")
+	pubsubHostname := context.config.TestContainers.BrokerHostname
 	err := context.toxi.teardown()
 	if err != nil {
 		fmt.Println("Encountered error tearing down toxiproxy: " + err.Error())
 	}
+	rc, output, err := context.dockerLogs(pubsubHostname)
+	if err == nil {
+		fmt.Println("Broker logs for " + pubsubHostname + ":")
+		fmt.Println(output)
+	} else {
+		fmt.Println("Encountered error getting docker logs from " + pubsubHostname + ": rc=" + string(rc) + " err:" + err.Error())
+	}
+	wd, err := os.Getwd()
+	if err != nil {
+		fmt.Println("Encountered error getting working directory for " + pubsubHostname + " diagnostics err:" + err.Error())
+	}
+
+	err = context.gatherBrokerDiagnostics(path.Join(wd, "diagnostics.tgz"))
+	if err != nil {
+		fmt.Println("Encountered error getting " + pubsubHostname + " diagnostics err:" + err.Error())
+	}
+
 	composeResult := context.compose.Down()
 	if composeResult.Error != nil {
 		err = composeResult.Error
@@ -145,6 +169,35 @@ func (context *testContainersTestContext) Teardown() error {
 	return err
 }
 
+func (context *testContainersTestContext) gatherBrokerDiagnostics(destinationPath string) error {
+	fmt.Println()
+	pubsubHostname := context.config.TestContainers.BrokerHostname
+	// gather all important infomation and logs from pubsubHostname container
+	fmt.Println("Run gather-diagnostics for " + pubsubHostname + "...")
+	resp, output, err := context.dockerExec(pubsubHostname, []string{"/bin/bash", "-l", "-c", "\"gather-diagnostics\""})
+	if err != nil {
+		return err
+	}
+	fmt.Println(output)
+	if resp != 0 {
+		return fmt.Errorf("failed to gather %s diagnostics", pubsubHostname)
+	}
+	fmt.Println("Gathered gather-diagnostics for " + pubsubHostname)
+	// extract diagnostic to host
+	// first get absolute path from container
+	resp, diagnosticPath, err := context.dockerExec(pubsubHostname, []string{"/bin/bash", "-l", "-c", "ls -rt /usr/sw/jail/logs/gather-diagnostics*.tgz | tail -n 1"})
+	//resp, diagnosticPath, err := context.dockerExec(pubsubHostname, []string{"/bin/bash", "-l", "-c", " realpath $(ls -rt /usr/sw/jail/logs/gather-diagnostics*.tgz | tail -n 1)"})
+	if err != nil {
+		return err
+	}
+	if resp != 0 {
+		return fmt.Errorf("Failed to locate %s diagnostics", pubsubHostname)
+	}
+	fmt.Println("Exacting gather-diagnostics " + diagnosticPath + " for " + pubsubHostname + " to " + destinationPath + "...")
+	err = context.dockerCpToHost(pubsubHostname, strings.TrimSpace(diagnosticPath), destinationPath)
+	return err
+}
+
 // setupKerberos sets up kerberos with the following steps:
 // 1. creates the pubsub domain keytab on the kerberos auth server (createPubsubKeytabTemplate)
 // 2. creates the local domain keytab on the kerberos auth server (createLocalKeytabTemplate)
@@ -285,6 +338,22 @@ func (ctx *testContainersTestContext) dockerCp(sourceContainer, sourcePath, dest
 	return nil
 }
 
+func (ctx *testContainersTestContext) dockerCpToHost(sourceContainer, sourcePath, destPath string) error {
+	hostFileName := destPath
+	fmt.Println("Copying source file " + sourceContainer + ":" + sourcePath + " to " + hostFileName)
+	cmd := exec.Command(dockerCmd, "cp", "-L", sourceContainer+":"+sourcePath, hostFileName)
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		fmt.Println(string(output))
+		return fmt.Errorf("encountered error running docker cp to local from %s: %w", sourceContainer, err)
+	}
+	err = os.Chmod(hostFileName, 0655)
+	if err != nil {
+		return fmt.Errorf("encountered error running chmod on %s: %w", hostFileName, err)
+	}
+	return nil
+}
+
 // dockerExec runs the given command on the given container using the given user if not empty
 func (ctx *testContainersTestContext) dockerExec(container string, command []string) (int, string, error) {
 	args := append([]string{"exec", container}, command...)
@@ -292,3 +361,11 @@ func (ctx *testContainersTestContext) dockerExec(container string, command []str
 	output, err := cmd.CombinedOutput()
 	return cmd.ProcessState.ExitCode(), string(output), err
 }
+
+// dockerLogs runs docker log on given container
+func (ctx *testContainersTestContext) dockerLogs(container string) (int, string, error) {
+	args := []string{"logs", container}
+	cmd := exec.Command(dockerCmd, args...)
+	output, err := cmd.CombinedOutput()
+	return cmd.ProcessState.ExitCode(), string(output), err
+}
diff --git a/test/testcontext/toxiproxy.go b/test/testcontext/toxiproxy.go
index 4103fb2..36f1366 100644
--- a/test/testcontext/toxiproxy.go
+++ b/test/testcontext/toxiproxy.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/version.go b/version.go
index e1be859..febe3cc 100644
--- a/version.go
+++ b/version.go
@@ -1,6 +1,6 @@
 // pubsubplus-go-client
 //
-// Copyright 2021-2022 Solace Corporation. All rights reserved.
+// Copyright 2021-2023 Solace Corporation. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -23,4 +23,4 @@ func init() {
 	core.SetVersion(version)
 }
 
-const version = "1.2.0"
+const version = "1.3.0"