I'm not totally clear on what you want to do, but I'll make my best guess. It appears that you have two separate things you want to do:

1. You want to search for a network and find the "most specific" one that matches. By "most specific" I presume you mean "has the largest CIDR prefix".
2. Given a network, you want to "walk up" the list of networks containing the network found in the first search, to find a list of all the networks in the hierarchy (including their object references, if you need those for some reason).

For example, suppose we have three networks: 10.0.0.0/8, 10.0.0.0/16, and 10.0.0.0/24. In the context of the Infoblox system the /24 network would be stored in the database as a network object, and the /16 and /8 networks would be stored as network container objects.

The first task is to find the "most specific" 10.0.0.0 network, assuming that we don't know exactly what the CIDR prefix for that network might be. You can do this with a regular expression search with a curl command like the one below; note that I omitted the CIDR prefix when specifying the network to search for. (Also, I'm assuming here that there is only one network view. If you have multiple views then you would need to specify the desired network view in the query string in the URL.)

curl --tlsv1 --insecure --user 'admin:infoblox' 'https://gm.example.com/wapi/v1.0/network?network~=10.0.0.0'

In the example this query would return a result like the following:

[
    {
        "_ref": "network/ZG5zLm5ldHdvcmskMTAuMC4wLjAvMjQvMA:10.0.0.0/24/default", 
        "comment": "Demo lab network", 
        "network": "10.0.0.0/24", 
        "network_view": "default"
    }
]

This addresses the first task, finding the "most specific" network. To accomplish the second task we need to find the network containing 10.0.0.0/24, using a command like the following ("_return_fields%2b" is the URL-encoded form of "_return_fields+", which asks for the return of additional fields for the object beyond the standard set):

curl --tlsv1 --insecure --user 'admin:infoblox' 'https://gm.example.com/wapi/v1.0/network?network=10.0.0.0/24&_return_fields%2b=network_container'

In the example this query would return a result like the following:

[
    {
        "_ref": "network/ZG5zLm5ldHdvcmskMTAuMC4wLjAvMjQvMA:10.0.0.0/24/default", 
        "comment": "Demo lab network", 
        "network": "10.0.0.0/24", 
        "network_container": "10.0.0.0/16", 
        "network_view": "default"
    }
]

Next we want to find the network containing 10.0.0.0/16:

curl --tlsv1 --insecure --user 'admin:infoblox' 'https://gm.example.com/wapi/v1.0/networkcontainer?network=10.0.0.0/16&_return_fields%2b=network_cont...

In the example this query would return a result like the following:

[
    {
        "_ref": "networkcontainer/ZG5zLm5ldHdvcmtfY29udGFpbmVyJDEwLjAuMC4wLzE2LzA:10.0.0.0/16/default", 
        "comment": "QA/test", 
        "network": "10.0.0.0/16", 
        "network_container": "10.0.0.0/8", 
        "network_view": "default"
    }
]

Finally we check to see if there is a network containing 10.0.0.0/8:

curl --tlsv1 --insecure --user 'admin:infoblox' 'https://gm.example.com/wapi/v1.0/networkcontainer?network=10.0.0.0/8&_return_fields%2b=network_conta...

In the example this query would return a result like the following:

[
    {
        "_ref": "networkcontainer/ZG5zLm5ldHdvcmtfY29udGFpbmVyJDEwLjAuMC4wLzgvMA:10.0.0.0/8/default", 
        "network": "10.0.0.0/8", 
        "network_container": "/", 
        "network_view": "default"
    }
]

Since the value of the returned network_container field is "/" we know that this network has no parent and therefore we have reached the top of the network hierarchy.

Two final notes: First, we could have combined the first query above (to find the "most specific" network) and the second query (to find that network's parent):

curl --tlsv1 --insecure --user 'admin:infoblox' 'https://gm.example.com/wapi/v1.0/network?network~=10.0.0.0&_return_fields%2b=network_container'

Second, once all the queries are complete you have object references for each of the networks 10.0.0.0/24, 10.0.0.0/16, and 10.0.0.0/8, and if you save those you can then do further manipulation of the network and network container objects.

As a follow-up to my comment above, here is a Python program to look for a network (not knowing its CIDR prefix) and find object references for that network and any containing networks above it in the network hierarchy:

# Import the required Python modules.
import requests
import getpass
import sys

# Set parameters to access the NIOS WAPI.
url = 'https://gm.example.com/wapi/v1.0/'
id = 'api'  # Userid with WAPI access
valid_cert = False  # True if GM uses a CA-issued certificate

# Prompt for the WAPI user password.
pw = getpass.getpass('Password for user ' + id + ': ')

# Try to find a network, assuming we don't know its CIDR prefix.
# We specify the network view to guarantee a unique result.
search_str = '10.0.0.0'
network_view = 'default'
r = requests.get(url + 'network' +
                 '?network~=' + search_str +
                 '&network_view=' + network_view +
                 '&_return_fields%2b=network_container',
                 auth=(id, pw),
                 verify=valid_cert)
if r.status_code != requests.codes.ok:
    print r.text
    exit_msg = 'Error {} finding network: {}'
    sys.exit(exit_msg.format(r.status_code, r.reason))
results = r.json()

# If we found a network, look for any containing networks.
network_hierarchy = []
look_for_parent = False
if len(results) > 0:
    result = results[0]  # get returns a list, we need the first item
    network_hierarchy.append(result['_ref'])
    look_for_parent = result['network_container'] != '/'

while look_for_parent:
    r = requests.get(url + 'networkcontainer' +
                     '?network=' + result['network_container'] +
                     '&network_view=' + network_view +
                     '&_return_fields%2b=network_container',
                     auth=(id, pw),
                     verify=valid_cert)
    if r.status_code != requests.codes.ok:
        print r.text
        exit_msg = 'Error {} finding network parent: {}'
        sys.exit(exit_msg.format(r.status_code, r.reason))
    results = r.json()
    if len(results) > 0:
        result = results[0]  # get returns a list, we need the first item
        network_hierarchy.append(result['_ref'])
        look_for_parent = result['network_container'] != '/'
    else:
        look_for_parent = False

# Print the object references in the network hierarchy.
for network_ref in network_hierarchy:
    print network_ref

For the networks in the example I gave above the program will print out something like the following:

network/ZG5zLm5ldHdvcmskMTAuMC4wLjAvMjQvMA:10.0.0.0/24/default
networkcontainer/ZG5zLm5ldHdvcmtfY29udGFpbmVyJDEwLjAuMC4wLzE2LzA:10.0.0.0/16/default
networkcontainer/ZG5zLm5ldHdvcmtfY29udGFpbmVyJDEwLjAuMC4wLzgvMA:10.0.0.0/8/default

A production-quality version of this code would encapsulate the API calls and associated error checking in functions, and define an overall function to return the list of networks.

Now that I've responded to the most recent comment I want to go back to the original question asked by Susan almost a year ago. My apologies for the delay in responding; I missed that question when it was asked originally.

I presume by "top-level network" you mean networks that are not within a network container. For such objects the network_container field will be returned as "/". At this time I do not know of any way to return such networks (and only such networks) using a single WAPI call. The obvious possibility would be something like

curl --tlsv1 --insecure --user 'admin:infoblox' 'https://gm.example.com/wapi/v2.2/network?network_container=/'

However this WAPI call fails with the error message "AdmConProtoError: Bad value for network_container: '/'".I've filed a support case to see if there is some other way to do this.

In the meantime the only way I know to get a list of top-level networks is to do a WAPI query to return all network objects, and then to filter the resulting list to keep only those network objects where the network_container field has the value "/".

This last post is exactly what I need, but I am getting the "AdmConProtoError: Bad value for network_container: '/'" too. Can you comment on the support case? Is it fixed in a later version, and/or is there a work around?

Below is a short Python program to get a list of all top-level Network Containers:

## Import the required Python modules
import json
import requests
import netaddr

requests.packages.urllib3.disable_warnings()

## Collect containers from Grid
url = "https://infoblox.example.com/wapi/v2.6.1/networkcontainer?_return_as_object=1"
response = requests.request("GET",url,auth=('admin','infoblox'),verify=False)

## Convert data to json readable
data = json.loads(response.text)

## Make a list of all Containers
l=[]
for container in data['result']:
    for ip in netaddr.IPNetwork(container['network']):
        l.append(ip)
        break

## Print collected Network Containers
#print(l)
#print('\n')

## Find all Top level Containers
top=[]
for item in l:
    buffer=item
    for c in data['result']:
        if(buffer in netaddr.IPNetwork(c['network'])):
            buffer=netaddr.IPNetwork(c['network'])
            b=str(buffer)
    if b not in top:
        top.append(b)

## Print the list       
print(top)

This will return a list of Network Containers that are not within any other Containers.