Many thanks to:
gsswzt, Luca, Andrej, Fred, Karli, Ondra and Bohdan for their replies.

A number of people mentioned the need to specify a CA cert, but curl was able to find my organizations CA locally - so that was not an issue.
Correcting my url to include ovirt-engine in the path and my username to admin@internal as suggested by Andrej as per below:
curl --user "admin@internal:SECRETPASSWORD" --request POST --header "Content-Type: application/xml" --header "Accept: application/xml" --data '</action>' https://ovirt-engine.localnet:443/ovirt-engine/api/vms/69c47a91-bbv1-4eda-b71d-7bddf82ee8ab/start

Got me a new error message:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<fault>
    <detail>For correct usage, see: https://ovirt-engine.localnet/ovirt-engine/apidoc#services/vm/methods/start</detail>
    <reason>Request syntactically incorrect.</reason>
</fault>

I followed the URL, but it just seemed to repeat the information already available at http://ovirt.github.io/ovirt-engine-api-model/4.2/#services/vm/methods/start

Here is the relevant section of engine.log on ovirt-engine.localnet:
2018-05-31 10:48:15,550+10 INFO [org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-25) [] User admin@internal successfully logged in with scopes: ovirt-app-api ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate ovirt-ext=token:password-access
2018-05-31 10:48:15,569+10 INFO [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-29) [8ffa0f3] Running command: CreateUserSessionCommand internal: false.
2018-05-31 10:48:15,581+10 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-29) [8ffa0f3] EVENT_ID: USER_VDC_LOGIN(30), User admin@internal-authz connecting from '192.168.1.0' using session 'JNweIEHoHhw9U+wMt7Z03Ovb5Pc1zR3WyvTcSfRTpdHjd55CHbcspfDcJgToMVshtlgXamzvUSW2rzHB9ApJHA==' logged in.
2018-05-31 10:48:15,587+10 ERROR [org.ovirt.engine.api.restapi.resource.validation.IOExceptionMapper] (default task-29) [] IO exception while processing "POST" request for path "/vms/69c47a91-bbv1-4eda-b71d-7bddf82ee8ab/start"
2018-05-31 10:48:15,587+10 ERROR [org.ovirt.engine.api.restapi.resource.validation.IOExceptionMapper] (default task-29) [] Exception: java.io.IOException: javax.xml.stream.XMLStreamException: ParseError at [row,col]:[1,2]
Message: The markup in the document preceding the root element must be well-formed.
    at org.ovirt.engine.api.restapi.xml.JAXBProvider.readFrom(JAXBProvider.java:200) [restapi-jaxrs.jar:]
    at org.ovirt.engine.api.restapi.xml.JAXBProvider.readFrom(JAXBProvider.java:162) [restapi-jaxrs.jar:]
    at org.jboss.resteasy.core.interception.AbstractReaderInterceptorContext.readFrom(AbstractReaderInterceptorContext.java:66) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final]
    at org.jboss.resteasy.core.interception.ServerReaderInterceptorContext.readFrom(ServerReaderInterceptorContext.java:61) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final]
    at org.jboss.resteasy.core.interception.AbstractReaderInterceptorContext.proceed(AbstractReaderInterceptorContext.java:56) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final]
    at org.jboss.resteasy.security.doseta.DigitalVerificationInterceptor.aroundReadFrom(DigitalVerificationInterceptor.java:36) [resteasy-crypto-3.0.24.Final.jar:3.0.24.Final]
<MANY MANY LINES OF ERRORS SNIPPED>
    at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_171]
Caused by: javax.xml.stream.XMLStreamException: ParseError at [row,col]:[1,2]
Message: The markup in the document preceding the root element must be well-formed.
    at com.sun.org.apache.xerces.internal.impl.XMLStreamReaderImpl.next(XMLStreamReaderImpl.java:604) [rt.jar:1.8.0_171]
    at com.sun.xml.bind.v2.runtime.unmarshaller.StAXStreamConnector.bridge(StAXStreamConnector.java:164)
    at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal0(UnmarshallerImpl.java:415)
    at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal(UnmarshallerImpl.java:386)
    at org.ovirt.engine.api.restapi.xml.JAXBProvider.readFrom(JAXBProvider.java:187) [restapi-jaxrs.jar:]
    ... 104 more
2018-05-31 10:48:15,593+10 INFO [org.ovirt.engine.core.bll.aaa.LogoutSessionCommand] (default task-29) [4531c52a] Running command: LogoutSessionCommand internal: false.
2018-05-31 10:48:15,598+10 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-29) [4531c52a] EVENT_ID: USER_VDC_LOGOUT(31), User admin@internal-authz connected from '192.168.1.0' using session 'JNweIEHoHhw9U+wMt7Z03Ovb5Pc1zR3WyvTcSfRTpdHjd55CHbcspfDcJgToMVshtlgXamzvUSW2rzHB9ApJHA==' logged out.
2018-05-31 10:48:27,542+10 INFO [org.ovirt.engine.core.sso.servlets.OAuthRevokeServlet] (default task-32) [] User admin@internal successfully logged out
2018-05-31 10:48:27,550+10 INFO [org.ovirt.engine.core.bll.aaa.TerminateSessionsForTokenCommand] (default task-35) [76676851] Running command: TerminateSessionsForTokenCommand internal: true.

Later I thought that perhaps the problem was that I need to use the VM Name instead of it's UUID, since all of the examples in the official docs use something like "123" or "007". However when I changed the curl request to the below:
curl --user "admin@internal:SECRETPASSWORD" --request POST --header "Content-Type: application/xml" --header "Accept: application/xml" --data '</action>' https://ovirt-engine.localnet:443/ovirt-engine/api/vms/name_of_my_vm/start

I got no feedback on the commandline. So I checked engine.log, but there were only a few entries as per below:
2018-05-31 11:43:39,940+10 INFO [org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-49) [] User admin@internal successfully logged in with scopes: ovirt-app-api ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate ovirt-ext=token:password-access
2018-05-31 11:43:39,954+10 INFO [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-39) [41871d82] Running command: CreateUserSessionCommand internal: false.
2018-05-31 11:43:39,962+10 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-39) [41871d82] EVENT_ID: USER_VDC_LOGIN(30), User admin@internal-authz connecting from '192.168.1.0' using session 'EfiWrbyRpCilceYzJsgOz+E/An7JBAHr2ASziyZyFykop9vO77gc1+u3CQh542eNq/BXOXpOOxKhQLQhIKarEg==' logged in.
2018-05-31 11:43:39,971+10 INFO [org.ovirt.engine.core.bll.aaa.LogoutSessionCommand] (default task-39) [6209f488] Running command: LogoutSessionCommand internal: false.
2018-05-31 11:43:39,976+10 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-39) [6209f488] EVENT_ID: USER_VDC_LOGOUT(31), User admin@internal-authz connected from '192.168.1.0' using session 'EfiWrbyRpCilceYzJsgOz+E/An7JBAHr2ASziyZyFykop9vO77gc1+u3CQh542eNq/BXOXpOOxKhQLQhIKarEg==' logged out.

Note that the name I specified does not show up at all.
Anyone have any ideas?

On Wed, May 30, 2018 at 7:03 PM, Andrej Krejcir <akrejcir@redhat.com> wrote:

Hi,

the URL path is missing 'ovirt-engine', it should be:
https://ovirtengine.localnet:443/ovirt-engine/api/vms/dfbba498-e8b6-4fee-a86c-c91ab68eae0d/start

Also, the admin user name is: 'admin@internal'

Here is the API documentation, for more info:
http://ovirt.github.io/ovirt-engine-api-model/4.2/#services/vm/methods/start

Andrej

On 30 May 2018 at 08:07, Kirin van der Veer <kirin.vanderveer@planetinnovation.com.au> wrote:
Hi oVirt users,
I have (what I hope) is a simple problem.
I want to make an https request to start a VM via the oVirt REST API.
Here is the command that I think should work:
curl --user "admin:SECRETPASSWORD" --request POST --header "Content-Type: application/xml" --header "Accept: application/xml" --data '</action>' https://ovirtengine.localnet:443/api/vms/69c47a91-bbv1-4eda-b71d-7bddf82ee8ab/start

However I get a 404 in response (see below):
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /api/vms/60c47a91-bca1-4eda-b71d-7bddf82ee8ab/start was not found on this server.</p>
</body></html>

Where have I made a mistake here?

IMPORTANT NOTE. If you are NOT AN AUTHORISED RECIPIENT of this e-mail, please contact Planet Innovation Pty Ltd by return e-mail or by telephone on +613 9945 7510. In this case, you should not read, print, re-transmit, store or act in reliance on this e-mail or any attachments, and should destroy all copies of them. This e-mail and any attachments are confidential and may contain legally privileged information and/or copyright material of Planet Innovation Pty Ltd or third parties. You should only re-transmit, distribute or commercialise the material if you are authorised to do so. Although we use virus scanning software, we deny all liability for viruses or alike in any message or attachment. This notice should not be removed.

_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/5N6N4BHF6ZFJLEARSEALCON7DJIMXRCZ/

IMPORTANT NOTE. If you are NOT AN AUTHORISED RECIPIENT of this e-mail, please contact Planet Innovation Pty Ltd by return e-mail or by telephone on +613 9945 7510. In this case, you should not read, print, re-transmit, store or act in reliance on this e-mail or any attachments, and should destroy all copies of them. This e-mail and any attachments are confidential and may contain legally privileged information and/or copyright material of Planet Innovation Pty Ltd or third parties. You should only re-transmit, distribute or commercialise the material if you are authorised to do so. Although we use virus scanning software, we deny all liability for viruses or alike in any message or attachment. This notice should not be removed.