Download OpenAPI specification:Download
This specification documents the REST API calls for the AppGate SDP Controller.
Please refer to the Integration chapter in the manual or contact AppGate support with any questions about this functionality.
Requirements for API scripting:
HTTPS requests must be sent to the Peer Interface hostname and port, with /admin path.
For example: https://appgate.company.com:444/admin
All requests must have the Accept header as:
application/vnd.appgate.peer-v13+json
API conventions are important to understand and follow strictly.
While updating objects (via PUT), entire object must be sent with all fields.
{
"id": "12699e27-b584-464a-81ee-5b4784b6d425",
"name": "Test",
"notes": "Making a point",
"tags": ["test", "tag"],
"expression": "return true;",
"remedyMethods": []
}
{
"id": "12699e27-b584-464a-81ee-5b4784b6d425",
"name": "Test",
"notes": "Making a point",
"tags": ["test", "tag"],
"expression": "return true;",
"remedyMethods": [{"type": "DisplayMessage", "message": "test message"}]
}
In case Controller returns an error (non-2xx HTTP status code), response body is JSON.
The "message" field contains information about the error.
HTTP 422 "Unprocessable Entity" has extra errors
field to list all the issues with specific fields.
Empty string ("") is considered a different value than "null" or field being omitted from JSON. Omitting the field is recommend if no value is intended. Empty string ("") will be almost always rejected as invalid value.
There are common pattern between many objects:
First step for any API call is retrieving AuthToken using Login API. All other calls require the AuthToken. Client is advised to securely store the AuthToken and reuse until it expires. Multi-Factor Authentication is not supported by Login call, API user must be exempt from Admin MFA requirement. It is important to restrict API user's permissions strictly as-needed basis and restrict IP access to API port to trusted networks.
Login Credentials.
providerName required | string Display name of the Identity Provider name. |
username | string Username. Required if a credentials based Identity Provider is used. |
password | string Password. Required if a credentials based Identity Provider is used. |
deviceId required | string <uuid> UUID to distinguish the Client device making the request. It is supposed to be same for every login request from the same server. |
samlResponse | string SAMLResponse received from SAML provider. Required if a SAML based Identity Provider is used. |
Login Response.
JSON error. Check the JSON format.
Login Failed.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "providerName": "ldap",
- "username": "user",
- "password": "tSW3!QBv(rj{UuLY",
- "deviceId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "samlResponse": "string"
}
{- "version": "4.3.0-20000",
- "user": {
- "name": "admin",
- "needTwoFactorAuth": false,
- "canAccessAuditLogs": true,
- "privileges": [
- {
- "type": "All",
- "target": "All",
- "scope": {
- "all": true,
- "ids": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "tags": [
- "tag"
]
}, - "defaultTags": [
- "api-created"
]
}
]
}, - "token": "string",
- "expires": "2020-07-17T09:48:28Z",
- "messageOfTheDay": "Welcome to AppGate SDP."
}
Get the list of identity providers available for admin login.
Login Response.
Unexpected server side error.
{- "data": [
- {
- "name": "local",
- "displayName": "Company Local Identities",
- "default": true,
- "type": "Credentials",
}
], - "bannerMessage": "Authorized use only."
}
API Scripts are recommended to use the Login call instead of separate Authentication & Authorization calls.
First step for logging in is sending the credentials and retreiving partial AuthToken. If the response has the "needTwoFactorAuth:true", then either API user must be extempt from Admin MFA or two-step MFA process must be completed before Authorization.
Login Credentials.
providerName required | string Display name of the Identity Provider name. |
username | string Username. Required if a credentials based Identity Provider is used. |
password | string Password. Required if a credentials based Identity Provider is used. |
deviceId required | string <uuid> UUID to distinguish the Client device making the request. It is supposed to be same for every login request from the same server. |
samlResponse | string SAMLResponse received from SAML provider. Required if a SAML based Identity Provider is used. |
Login Response.
JSON error. Check the JSON format.
Login Failed.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "providerName": "ldap",
- "username": "user",
- "password": "tSW3!QBv(rj{UuLY",
- "deviceId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "samlResponse": "string"
}
{- "version": "4.3.0-20000",
- "user": {
- "name": "admin",
- "needTwoFactorAuth": false,
- "canAccessAuditLogs": true,
- "privileges": [
- {
- "type": "All",
- "target": "All",
- "scope": {
- "all": true,
- "ids": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "tags": [
- "tag"
]
}, - "defaultTags": [
- "api-created"
]
}
]
}, - "token": "string",
- "expires": "2020-07-17T09:48:28Z",
- "messageOfTheDay": "Welcome to AppGate SDP."
}
This API starts the Multi-Factor Authentication process. It requires the partial AuthToken from Authentication call. The Controller will initiate the flow and return details required to continue MFA.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Optional MFA initialization details.
userPassword | string Some MFA configurations require user password in order to authenticate the user along with the multi-factor. Otherwise not required. |
MFA initialization response.
JSON error. Check the JSON format.
Token error. Login again.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "userPassword": "tSW3!QBv(rj{UuLY"
}
{- "type": "AlreadySeeded",
- "secret": "6XOEKS6WZASFPA5A",
- "otpAuthUrl": "otpauth://totp/admin@local@appgate.company.com?secret=6XOEKS6WZASFPA5A&issuer=AppGate%20SDP",
- "barcode": "string",
- "responseMessage": "Please enter enter 1234 to your token.",
- "state": "string",
- "timeout": 10,
- "sendPassword": true
}
This API starts the Multi-Factor Authentication process. It requires the partial AuthToken from Authentication call. The fields required depends on the initialization.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
MFA credentials.
otp required | string Depending on the type of the MFA flow, this could be an OTP generated from a device, user password or some dummy value. |
state | string <byte> The state value if it was received during initialization. |
MFA was successfull. The AuthToken now has the MFA flag and ready for Authorization step.
JSON error. Check the JSON format.
Login Failed.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "otp": 521856,
- "state": "string"
}
{- "version": "4.3.0-20000",
- "user": {
- "name": "admin",
- "needTwoFactorAuth": false,
- "canAccessAuditLogs": true,
- "privileges": [
- {
- "type": "All",
- "target": "All",
- "scope": {
- "all": true,
- "ids": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "tags": [
- "tag"
]
}, - "defaultTags": [
- "api-created"
]
}
]
}, - "token": "string",
- "expires": "2020-07-17T09:48:29Z",
- "messageOfTheDay": "Welcome to AppGate SDP."
}
Get a list of all Admin Messages generated by the system for the past 7 days. It includes duplicate messages generated over time. Use "/summarize" to get distinct messages like the Admin UI.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of Admin Messages.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "data": [
- {
- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "level": "Information",
- "category": "Configuration",
- "message": "Identity Provider \"local\" does not have IP Pool assigned.",
- "source": "Controller",
- "created": "2020-07-17T09:48:29Z"
}
]
}
Delete all Admin Messages.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Admin messages were deleted successfully.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
List all summarized Admin Messages generated by the system for the past 7 days. This API call is recommended as some of the Admin Messages may be duplicated too much in case of a configuration problem on a heavy loaded system.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Summary of Admin Messages.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "data": [
- {
- "level": "Information",
- "category": "Configuration",
- "message": "Identity Provider \"local\" does not have IP Pool assigned.",
- "source": "Controller",
- "created": "2020-07-17T09:48:29Z",
- "count": 152
}
]
}
Get Stats and status of the active appliances. This API makes the controller to query every active appliance for status. The operation may take long if one or more appliances take long to respond.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Active Appliances stats.
{- "name": "appliances",
- "creationDate": "2020-07-17T09:48:29Z",
- "refreshInterval": 1,
- "controllerCount": 2,
- "gatewayCount": 12,
- "applianceCount": 14,
- "logServerCount": 1,
- "logForwarderCount": 0,
- "connectorCount": 6,
- "data": [
- {
- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "Controller1",
- "online": true,
- "version": "4.2.0-12161-release",
- "state": "controller_ready",
- "volumeNumber": 1,
- "status": "healthy",
- "controller": {
- "status": "healthy",
- "details": "Cannot reach appliance. Please check Controller logs."
}, - "logServer": {
- "status": "healthy",
- "details": "Cannot reach appliance. Please check Controller logs."
}, - "logForwarder": {
- "status": "healthy",
- "details": "Cannot reach appliance. Please check Controller logs."
}, - "gateway": {
- "status": "healthy",
- "details": "Cannot reach appliance. Please check Controller logs.",
- "numberOfSessions": 156
}, - "connector": {
- "status": "healthy",
- "details": "Cannot reach appliance. Please check Controller logs."
}, - "appliance": {
- "status": "healthy",
- "details": "Cannot reach appliance. Please check Controller logs."
}, - "cpu": 1.2,
- "memory": 21.5,
- "disk": 1.2,
- "network": {
- "busiestNic": "eth1",
- "dropin": 2563,
- "dropout": 120,
- "rxSpeed": "5.77 Kbps",
- "txSpeed": "8.53 Kbps",
- "ips": {
- "eth0": [
- "10.0.0.1",
- "abba::cafe"
], - "eth1": [
- "200.123.123.12"
]
}
}, - "upgrade": {
- "status": "installing",
- "details": "a reboot is required for the upgrade to go into effect"
}, - "customizationName": "MyAgent"
}
]
}
Get Discovered Apps for the last 7 days. Rebooting a Gateway resets the Discovered Apps for that Gateway. This API makes the Controller to query every Gateway in the system to collect the statistics. The operation may take long if one or more appliances take long to respond.
query | string Query string to filter the result list. It's used for various fields depending on the object type. |
range | string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.' |
orderBy | string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type. |
descending | string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type. |
filterBy | object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Discovered Apps.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "name": "appliances",
- "creationDate": "2020-07-17T09:48:29Z",
- "refreshInterval": 1,
- "query": "string",
- "range": "0-30/54",
- "orderBy": "name",
- "descending": true,
- "filterBy": [
- {
- "name": "name",
- "value": "AWS"
}
], - "distinctAppCount": 15,
- "data": [
- {
- "app": "anew.service",
- "domain": "internal.company.com",
- "accessCount": 12,
- "ips": [
- "10.10.10.2"
]
}
]
}
Get the (most used) Top Entitlements for the last 7 days. Each Gateway keeps track of the most used 20 Entitlements and they are aggregated on the Controller. Number of Entitlements in this stats varies accordingly. Rebooting a Gateway resets the most used Entitlements for that Gateway. This API makes the Controller to query every Gateway in the system to collect the statistics. The operation may take long if one or more Gateways take long to respond.
range | string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.' |
orderBy | string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type. |
descending | string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type. |
filterBy | object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Top Entitlements.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "name": "appliances",
- "creationDate": "2020-07-17T09:48:29Z",
- "refreshInterval": 1,
- "range": "0-30/54",
- "orderBy": "name",
- "descending": true,
- "data": [
- {
- "accounting": 566837594
}, - {
- "active_directory": 34638
}
]
}
Get currently Active Client Sessions. This API makes the Controller to query every Gateway in the system to collect the session data. The operation may take long if one or more Gateways take long to respond.
query | string Query string to filter the result list. It's used for various fields depending on the object type. |
range | string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.' |
orderBy | string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type. |
descending | string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type. |
filterBy | object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Active Client Sessions per Gateway. Note that the AppGate SDP Admin UI aggregates this data to list device&users. Disconnected Clients disappear after 5 minutes. When a Client fails over to another Gateway, the API may return the Client on multiple Gateways until during this period.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "name": "appliances",
- "creationDate": "2020-07-17T09:48:29Z",
- "refreshInterval": 1,
- "query": "string",
- "range": "0-30/54",
- "orderBy": "name",
- "descending": true,
- "filterBy": [
- {
- "name": "name",
- "value": "AWS"
}
], - "distinctUserCount": 645,
- "data": [
- {
- "distinguishedName": "CN=4c07bc6757ea42ddb702c2d6c45419fc,CN=user,OU=ldap",
- "deviceId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "username": "user",
- "providerName": "ldap",
- "gateway": "aws-gateway-1",
- "loginTime": "2020-07-17T09:48:29Z",
- "ip": "104.210.144.101",
- "allocatedIp": "10.10.10.25",
- "allocatedIpV6": "2001:db8:0:0:0:ff00:42:8329",
- "hostname": "cmp325"
}
]
}
Get the details of a specific Active Client Session from all Gateways. This API makes the Controller to query very Gateway in the system to collect the session data. The operation may take long if one or more Gateways take long to respond.
distinguished-name required | string Example: CN=4c07bc6757ea42ddb702c2d6c45419fc,CN=user,OU=ldap Distinguished name of the user&devices which will be affected by the operation. Format: 'CN=<device ID>,CN=<username>,OU=<provider name>' |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Details of an Active Client Session per Gateway. Disconnected Clients disappear after 5 minutes. When a Client fails over to another Gateway, the API may return the Client on multiple Gateways until during this period.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "deviceId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "username": "user",
- "providerName": "ldap",
- "data": {
- "property1": {
- "userClaims": {
- "username": "admin",
- "groups": [
- "CN=test,OU=unit,DC=company,DC=com",
- "CN=finance,OU=unit,DC=company,DC=com"
]
}, - "deviceClaims": {
- "os": {
- "name": "Microsoft Windows 10 Pro",
- "platform": "x64",
- "type": "desktop"
}, - "isUserAdmin": true,
- "language": "en-us"
}, - "systemClaims": {
- "connectTime": "2018-11-16T13:25:15.672Z",
- "tunIPv4": "15.0.0.24",
- "clientSrcIp": "192.168.111.184"
}, - "entitlementInfos": {
- "property1": {
- "conditionResults": {
- "MFASuccess": true,
- "InternalNetwork": false
}, - "firewallRules": [
- {
- "protocol": "tcp",
- "direction": "up",
- "action": "allow",
- "subnets": [
- "172.31.4.105"
], - "ports": [
- 443
], - "types": [
- "0-255"
]
}
]
}, - "property2": {
- "conditionResults": {
- "MFASuccess": true,
- "InternalNetwork": false
}, - "firewallRules": [
- {
- "protocol": "tcp",
- "direction": "up",
- "action": "allow",
- "subnets": [
- "172.31.4.105"
], - "ports": [
- 443
], - "types": [
- "0-255"
]
}
]
}
}, - "discoveredApps": [
- "new-service.internal.company.com"
], - "site": "AWS Site"
}, - "property2": {
- "userClaims": {
- "username": "admin",
- "groups": [
- "CN=test,OU=unit,DC=company,DC=com",
- "CN=finance,OU=unit,DC=company,DC=com"
]
}, - "deviceClaims": {
- "os": {
- "name": "Microsoft Windows 10 Pro",
- "platform": "x64",
- "type": "desktop"
}, - "isUserAdmin": true,
- "language": "en-us"
}, - "systemClaims": {
- "connectTime": "2018-11-16T13:25:15.672Z",
- "tunIPv4": "15.0.0.24",
- "clientSrcIp": "192.168.111.184"
}, - "entitlementInfos": {
- "property1": {
- "conditionResults": {
- "MFASuccess": true,
- "InternalNetwork": false
}, - "firewallRules": [
- {
- "protocol": "tcp",
- "direction": "up",
- "action": "allow",
- "subnets": [
- "172.31.4.105"
], - "ports": [
- 443
], - "types": [
- "0-255"
]
}
]
}, - "property2": {
- "conditionResults": {
- "MFASuccess": true,
- "InternalNetwork": false
}, - "firewallRules": [
- {
- "protocol": "tcp",
- "direction": "up",
- "action": "allow",
- "subnets": [
- "172.31.4.105"
], - "ports": [
- 443
], - "types": [
- "0-255"
]
}
]
}
}, - "discoveredApps": [
- "new-service.internal.company.com"
], - "site": "AWS Site"
}
}
}
Get the User Logins Per Hour for the last 24 hours.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
User Logins Per Hour.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "name": "appliances",
- "creationDate": "2020-07-17T09:48:29Z",
- "refreshInterval": 1,
- "data": {
- "0": {
- "controller1.company.com": "100",
- "controller2.company.com": "20",
- "total": "120"
}, - "1": {
- "controller1.company.com": "42",
- "controller2.company.com": "100",
- "total": "142"
}, - "2": {
- "controller1.company.com": "165",
- "total": "165"
}, - "3": {
- "controller1.company.com": "25",
- "controller2.company.com": "80",
- "total": "105"
}
}
}
Get the Device On-Boardings Per Hour for the last 24 hours.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Device On-Boardings Per Hour.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "name": "appliances",
- "creationDate": "2020-07-17T09:48:29Z",
- "refreshInterval": 1,
- "data": {
- "0": 120,
- "1": 142,
- "2": 165,
- "3": 105
}
}
Get the failed authentications per hour for the last 24 hours.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Failed authentications per hour.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "name": "appliances",
- "creationDate": "2020-07-17T09:48:29Z",
- "refreshInterval": 1,
- "data": {
- "0": 120,
- "1": 142,
- "2": 165,
- "3": 105
}
}
List all Policies visible to current user.
query | string Query string to filter the result list. It's used for various fields depending on the object type. |
range | string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.' |
orderBy | string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type. |
descending | string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type. |
filterBy | object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of Policies.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "query": "string",
- "range": "0-30/54",
- "orderBy": "name",
- "descending": true,
- "filterBy": [
- {
- "name": "name",
- "value": "AWS"
}
], - "data": [
- {
- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:29Z",
- "updated": "2020-07-17T09:48:29Z",
- "tags": [
- "developer",
- "api-created"
], - "disabled": false,
- "expression": "var result = false;\nif/*claims.user.groups*/(claims.user.groups && claims.user.groups.indexOf(\"developers\") >= 0)/*end claims.user.groups*/ { return true; }\nif/*criteriaScript*/(admins(claims))/*end criteriaScript*/ { return true; }\nreturn result;",
- "entitlements": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "entitlementLinks": [
- "developer"
], - "ringfenceRules": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "ringfenceRuleLinks": [
- "developer"
], - "tamperProofing": true,
- "overrideSite": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "administrativeRoles": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
]
}
]
}
Create a new Policy.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Policy object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
disabled | boolean Default: false If true, the Policy will be disregarded during authorization. |
expression required | string A JavaScript expression that returns boolean. Criteria Scripts may be used by calling them as functions. |
entitlements | Array of strings <uuid> List of Entitlement IDs in this Policy. |
entitlementLinks | Array of strings List of Entitlement tags in this Policy. |
ringfenceRules | Array of strings <uuid> List of Ringfence Rule IDs in this Policy. |
ringfenceRuleLinks | Array of strings List of Ringfence Rule tags in this Policy. |
tamperProofing | boolean Default: true Will enable Tamper Proofing on desktop clients which will make sure the routes and ringfence configurations are not changed. |
overrideSite | string <uuid> Site ID where all the Entitlements of this Policy must be deployed. This overrides Entitlement's own Site and to be used only in specific network layouts. Otherwise the assigned site on individual Entitlements will be used. |
administrativeRoles | Array of strings <uuid> List of Administrative Role IDs in this Policy. |
Created Policy.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The submitted resource conflicts with another.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "disabled": false,
- "expression": "var result = false;\nif/*claims.user.groups*/(claims.user.groups && claims.user.groups.indexOf(\"developers\") >= 0)/*end claims.user.groups*/ { return true; }\nif/*criteriaScript*/(admins(claims))/*end criteriaScript*/ { return true; }\nreturn result;",
- "entitlements": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "entitlementLinks": [
- "developer"
], - "ringfenceRules": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "ringfenceRuleLinks": [
- "developer"
], - "tamperProofing": true,
- "overrideSite": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "administrativeRoles": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
]
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:29Z",
- "updated": "2020-07-17T09:48:29Z",
- "tags": [
- "developer",
- "api-created"
], - "disabled": false,
- "expression": "var result = false;\nif/*claims.user.groups*/(claims.user.groups && claims.user.groups.indexOf(\"developers\") >= 0)/*end claims.user.groups*/ { return true; }\nif/*criteriaScript*/(admins(claims))/*end criteriaScript*/ { return true; }\nreturn result;",
- "entitlements": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "entitlementLinks": [
- "developer"
], - "ringfenceRules": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "ringfenceRuleLinks": [
- "developer"
], - "tamperProofing": true,
- "overrideSite": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "administrativeRoles": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
]
}
Get a specific Policy.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Single Policy.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:29Z",
- "updated": "2020-07-17T09:48:29Z",
- "tags": [
- "developer",
- "api-created"
], - "disabled": false,
- "expression": "var result = false;\nif/*claims.user.groups*/(claims.user.groups && claims.user.groups.indexOf(\"developers\") >= 0)/*end claims.user.groups*/ { return true; }\nif/*criteriaScript*/(admins(claims))/*end criteriaScript*/ { return true; }\nreturn result;",
- "entitlements": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "entitlementLinks": [
- "developer"
], - "ringfenceRules": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "ringfenceRuleLinks": [
- "developer"
], - "tamperProofing": true,
- "overrideSite": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "administrativeRoles": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
]
}
Update an existing Policy.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Policy object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
disabled | boolean Default: false If true, the Policy will be disregarded during authorization. |
expression required | string A JavaScript expression that returns boolean. Criteria Scripts may be used by calling them as functions. |
entitlements | Array of strings <uuid> List of Entitlement IDs in this Policy. |
entitlementLinks | Array of strings List of Entitlement tags in this Policy. |
ringfenceRules | Array of strings <uuid> List of Ringfence Rule IDs in this Policy. |
ringfenceRuleLinks | Array of strings List of Ringfence Rule tags in this Policy. |
tamperProofing | boolean Default: true Will enable Tamper Proofing on desktop clients which will make sure the routes and ringfence configurations are not changed. |
overrideSite | string <uuid> Site ID where all the Entitlements of this Policy must be deployed. This overrides Entitlement's own Site and to be used only in specific network layouts. Otherwise the assigned site on individual Entitlements will be used. |
administrativeRoles | Array of strings <uuid> List of Administrative Role IDs in this Policy. |
Updated Policy.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "disabled": false,
- "expression": "var result = false;\nif/*claims.user.groups*/(claims.user.groups && claims.user.groups.indexOf(\"developers\") >= 0)/*end claims.user.groups*/ { return true; }\nif/*criteriaScript*/(admins(claims))/*end criteriaScript*/ { return true; }\nreturn result;",
- "entitlements": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "entitlementLinks": [
- "developer"
], - "ringfenceRules": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "ringfenceRuleLinks": [
- "developer"
], - "tamperProofing": true,
- "overrideSite": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "administrativeRoles": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
]
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:29Z",
- "updated": "2020-07-17T09:48:29Z",
- "tags": [
- "developer",
- "api-created"
], - "disabled": false,
- "expression": "var result = false;\nif/*claims.user.groups*/(claims.user.groups && claims.user.groups.indexOf(\"developers\") >= 0)/*end claims.user.groups*/ { return true; }\nif/*criteriaScript*/(admins(claims))/*end criteriaScript*/ { return true; }\nreturn result;",
- "entitlements": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "entitlementLinks": [
- "developer"
], - "ringfenceRules": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "ringfenceRuleLinks": [
- "developer"
], - "tamperProofing": true,
- "overrideSite": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "administrativeRoles": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
]
}
Delete a specific Policy.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Policy was deleted successfully.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
List all Conditions visible to current user.
query | string Query string to filter the result list. It's used for various fields depending on the object type. |
range | string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.' |
orderBy | string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type. |
descending | string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type. |
filterBy | object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of Conditions.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "query": "string",
- "range": "0-30/54",
- "orderBy": "name",
- "descending": true,
- "filterBy": [
- {
- "name": "name",
- "value": "AWS"
}
], - "data": [
- {
- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:29Z",
- "updated": "2020-07-17T09:48:29Z",
- "tags": [
- "developer",
- "api-created"
], - "expression": "var result = false;\nif/*password*/(claims.user.hasPassword('test', 60))/*end password*/ { return true; }\nreturn result;",
- "repeatSchedules": [
- "1h",
- "13:32"
], - "remedyMethods": [
- {
- "type": "DisplayMessage",
- "message": "This resoure requires you to enter your password again",
- "claimSuffix": "test",
- "providerId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
}
]
}
]
}
Create a new Condition.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Condition object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
expression required | string Boolean expression in JavaScript. |
repeatSchedules | Array of strings A list of schedules that decides when to reevaluate the Condition. All the scheduled times will be effective. One will not override the other. - It can be a time of the day, e.g. 13:00, 10:25, 2:10 etc. - It can be one of the predefined intervals, e.g. 1m, 5m, 15m, 1h. These intervals will be always rounded up, i.e. if it's 15m and the time is 12:07 when the Condition is evaluated first, then the next evaluation will occur at 12:15, and the next one will be at 12:30 and so on. |
remedyMethods | Array of objects The remedy methods that will be triggered if the evaluation fails. |
Created Condition.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The submitted resource conflicts with another.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "expression": "var result = false;\nif/*password*/(claims.user.hasPassword('test', 60))/*end password*/ { return true; }\nreturn result;",
- "repeatSchedules": [
- "1h",
- "13:32"
], - "remedyMethods": [
- {
- "type": "DisplayMessage",
- "message": "This resoure requires you to enter your password again",
- "claimSuffix": "test",
- "providerId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
}
]
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:29Z",
- "updated": "2020-07-17T09:48:29Z",
- "tags": [
- "developer",
- "api-created"
], - "expression": "var result = false;\nif/*password*/(claims.user.hasPassword('test', 60))/*end password*/ { return true; }\nreturn result;",
- "repeatSchedules": [
- "1h",
- "13:32"
], - "remedyMethods": [
- {
- "type": "DisplayMessage",
- "message": "This resoure requires you to enter your password again",
- "claimSuffix": "test",
- "providerId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
}
]
}
Get a specific Condition.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Single Condition.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:29Z",
- "updated": "2020-07-17T09:48:29Z",
- "tags": [
- "developer",
- "api-created"
], - "expression": "var result = false;\nif/*password*/(claims.user.hasPassword('test', 60))/*end password*/ { return true; }\nreturn result;",
- "repeatSchedules": [
- "1h",
- "13:32"
], - "remedyMethods": [
- {
- "type": "DisplayMessage",
- "message": "This resoure requires you to enter your password again",
- "claimSuffix": "test",
- "providerId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
}
]
}
Update an existing Condition.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Condition object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
expression required | string Boolean expression in JavaScript. |
repeatSchedules | Array of strings A list of schedules that decides when to reevaluate the Condition. All the scheduled times will be effective. One will not override the other. - It can be a time of the day, e.g. 13:00, 10:25, 2:10 etc. - It can be one of the predefined intervals, e.g. 1m, 5m, 15m, 1h. These intervals will be always rounded up, i.e. if it's 15m and the time is 12:07 when the Condition is evaluated first, then the next evaluation will occur at 12:15, and the next one will be at 12:30 and so on. |
remedyMethods | Array of objects The remedy methods that will be triggered if the evaluation fails. |
Updated Condition.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "expression": "var result = false;\nif/*password*/(claims.user.hasPassword('test', 60))/*end password*/ { return true; }\nreturn result;",
- "repeatSchedules": [
- "1h",
- "13:32"
], - "remedyMethods": [
- {
- "type": "DisplayMessage",
- "message": "This resoure requires you to enter your password again",
- "claimSuffix": "test",
- "providerId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
}
]
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:29Z",
- "updated": "2020-07-17T09:48:29Z",
- "tags": [
- "developer",
- "api-created"
], - "expression": "var result = false;\nif/*password*/(claims.user.hasPassword('test', 60))/*end password*/ { return true; }\nreturn result;",
- "repeatSchedules": [
- "1h",
- "13:32"
], - "remedyMethods": [
- {
- "type": "DisplayMessage",
- "message": "This resoure requires you to enter your password again",
- "claimSuffix": "test",
- "providerId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
}
]
}
Delete a specific Condition.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Condition was deleted successfully.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
Simulate a given expression for a Condition, Policy or Criteria Script.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
The evaluation details.
expression required | string The javascript expression to evaluate. |
userClaims | object |
deviceClaims | object |
systemClaims | object |
time | string <date-time> |
Evaluation result.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "expression": "return claims.user.username === 'admin';",
- "userClaims": {
- "username": "admin",
- "groups": [
- "CN=test,OU=unit,DC=company,DC=com",
- "CN=finance,OU=unit,DC=company,DC=com"
]
}, - "deviceClaims": {
- "os": {
- "name": "Microsoft Windows 10 Pro",
- "platform": "x64",
- "type": "desktop"
}, - "isUserAdmin": true,
- "language": "en-us"
}, - "systemClaims": {
- "connectTime": "2018-11-16T13:25:15.672Z",
- "tunIPv4": "15.0.0.24",
- "clientSrcIp": "192.168.111.184"
}, - "time": "2020-07-17T09:48:29Z"
}
{- "result": true,
- "output": "Debug log",
- "error": "Expression does not return boolean. Received: String"
}
Claim Names list includes available User, Device and System claims. Some of these claims are static and some change according to the Identity Provider configurations.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of Claim Names.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "user": [
- {
- "claimName": "username",
- "type": "boolean",
- "availableForPolicy": true
}
], - "device": [
- {
- "claimName": "username",
- "type": "boolean",
- "availableForPolicy": true
}
], - "system": [
- {
- "claimName": "username",
- "type": "boolean",
- "availableForPolicy": true
}
], - "onDemand": [
- {
- "claimName": "username",
- "type": "boolean",
- "availableForPolicy": true
}
]
}
List all Entitlements visible to current user.
query | string Query string to filter the result list. It's used for various fields depending on the object type. |
range | string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.' |
orderBy | string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type. |
descending | string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type. |
filterBy | object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of Entitlements.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "query": "string",
- "range": "0-30/54",
- "orderBy": "name",
- "descending": true,
- "filterBy": [
- {
- "name": "name",
- "value": "AWS"
}
], - "data": [
- {
- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:29Z",
- "updated": "2020-07-17T09:48:29Z",
- "tags": [
- "developer",
- "api-created"
], - "disabled": false,
- "site": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "siteName": "Default Site",
- "conditionLogic": "and",
- "conditions": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "actions": [
- {
- "subtype": "icmp_up",
- "action": "allow",
- "hosts": [
- "10.0.0.1",
- "10.0.0.0/24",
- "hostname.company.com",
- "dns://hostname.company.com",
- "aws://security-group:accounting"
], - "ports": [
- 80,
- "1024-65535"
], - "types": [
- "0-255"
], - "monitor": {
- "enabled": false,
- "timeout": 30
}
}
], - "appShortcuts": [
- {
- "name": "Accounting Software",
- "description": "This app will get you to the Accounting Software.",
- "colorCode": 1
}
], - "appShortcutScripts": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
]
}
]
}
Create a new Entitlement.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Entitlement object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
disabled | boolean Default: false If true, the Entitlement will be disregarded during authorization. |
site required | string <uuid> ID of the Site for this Entitlement. |
conditionLogic | string Default: "and" Enum: "and" "or" Whether all the Conditions must succeed to have access to this Entitlement or just one. |
conditions required | Array of strings <uuid> List of Condition IDs applies to this Entitlement. |
actions required | Array of objects List of all IP Access actions in this Entitlement. |
appShortcuts | Array of objects Array of App Shortcuts. |
appShortcutScripts | Array of strings <uuid> List of Entitlement Script IDs used for creating App Shortcuts dynamically. |
Created Entitlement.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The submitted resource conflicts with another.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "disabled": false,
- "site": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "conditionLogic": "and",
- "conditions": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "actions": [
- {
- "subtype": "icmp_up",
- "action": "allow",
- "hosts": [
- "10.0.0.1",
- "10.0.0.0/24",
- "hostname.company.com",
- "dns://hostname.company.com",
- "aws://security-group:accounting"
], - "ports": [
- 80,
- "1024-65535"
], - "types": [
- "0-255"
], - "monitor": {
- "enabled": false,
- "timeout": 30
}
}
], - "appShortcuts": [
- {
- "name": "Accounting Software",
- "description": "This app will get you to the Accounting Software.",
- "colorCode": 1
}
], - "appShortcutScripts": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
]
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:29Z",
- "updated": "2020-07-17T09:48:29Z",
- "tags": [
- "developer",
- "api-created"
], - "disabled": false,
- "site": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "siteName": "Default Site",
- "conditionLogic": "and",
- "conditions": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "actions": [
- {
- "subtype": "icmp_up",
- "action": "allow",
- "hosts": [
- "10.0.0.1",
- "10.0.0.0/24",
- "hostname.company.com",
- "dns://hostname.company.com",
- "aws://security-group:accounting"
], - "ports": [
- 80,
- "1024-65535"
], - "types": [
- "0-255"
], - "monitor": {
- "enabled": false,
- "timeout": 30
}
}
], - "appShortcuts": [
- {
- "name": "Accounting Software",
- "description": "This app will get you to the Accounting Software.",
- "colorCode": 1
}
], - "appShortcutScripts": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
]
}
Get a specific Entitlement.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Single Entitlement.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:29Z",
- "updated": "2020-07-17T09:48:29Z",
- "tags": [
- "developer",
- "api-created"
], - "disabled": false,
- "site": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "siteName": "Default Site",
- "conditionLogic": "and",
- "conditions": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "actions": [
- {
- "subtype": "icmp_up",
- "action": "allow",
- "hosts": [
- "10.0.0.1",
- "10.0.0.0/24",
- "hostname.company.com",
- "dns://hostname.company.com",
- "aws://security-group:accounting"
], - "ports": [
- 80,
- "1024-65535"
], - "types": [
- "0-255"
], - "monitor": {
- "enabled": false,
- "timeout": 30
}
}
], - "appShortcuts": [
- {
- "name": "Accounting Software",
- "description": "This app will get you to the Accounting Software.",
- "colorCode": 1
}
], - "appShortcutScripts": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
]
}
Update an existing Entitlement.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Entitlement object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
disabled | boolean Default: false If true, the Entitlement will be disregarded during authorization. |
site required | string <uuid> ID of the Site for this Entitlement. |
conditionLogic | string Default: "and" Enum: "and" "or" Whether all the Conditions must succeed to have access to this Entitlement or just one. |
conditions required | Array of strings <uuid> List of Condition IDs applies to this Entitlement. |
actions required | Array of objects List of all IP Access actions in this Entitlement. |
appShortcuts | Array of objects Array of App Shortcuts. |
appShortcutScripts | Array of strings <uuid> List of Entitlement Script IDs used for creating App Shortcuts dynamically. |
Updated Entitlement.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "disabled": false,
- "site": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "conditionLogic": "and",
- "conditions": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "actions": [
- {
- "subtype": "icmp_up",
- "action": "allow",
- "hosts": [
- "10.0.0.1",
- "10.0.0.0/24",
- "hostname.company.com",
- "dns://hostname.company.com",
- "aws://security-group:accounting"
], - "ports": [
- 80,
- "1024-65535"
], - "types": [
- "0-255"
], - "monitor": {
- "enabled": false,
- "timeout": 30
}
}
], - "appShortcuts": [
- {
- "name": "Accounting Software",
- "description": "This app will get you to the Accounting Software.",
- "colorCode": 1
}
], - "appShortcutScripts": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
]
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:29Z",
- "updated": "2020-07-17T09:48:29Z",
- "tags": [
- "developer",
- "api-created"
], - "disabled": false,
- "site": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "siteName": "Default Site",
- "conditionLogic": "and",
- "conditions": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "actions": [
- {
- "subtype": "icmp_up",
- "action": "allow",
- "hosts": [
- "10.0.0.1",
- "10.0.0.0/24",
- "hostname.company.com",
- "dns://hostname.company.com",
- "aws://security-group:accounting"
], - "ports": [
- 80,
- "1024-65535"
], - "types": [
- "0-255"
], - "monitor": {
- "enabled": false,
- "timeout": 30
}
}
], - "appShortcuts": [
- {
- "name": "Accounting Software",
- "description": "This app will get you to the Accounting Software.",
- "colorCode": 1
}
], - "appShortcutScripts": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
]
}
Delete a specific Entitlement.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Entitlement was deleted successfully.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
List all Ringfence Rules visible to current user.
query | string Query string to filter the result list. It's used for various fields depending on the object type. |
range | string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.' |
orderBy | string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type. |
descending | string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type. |
filterBy | object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of Ringfence Rules.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "query": "string",
- "range": "0-30/54",
- "orderBy": "name",
- "descending": true,
- "filterBy": [
- {
- "name": "name",
- "value": "AWS"
}
], - "data": [
- {
- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:29Z",
- "updated": "2020-07-17T09:48:29Z",
- "tags": [
- "developer",
- "api-created"
], - "actions": [
- {
- "protocol": "icmp",
- "direction": "up",
- "action": "allow",
- "hosts": [
- "10.0.2.0/24"
], - "ports": [
- 80,
- 443,
- "1024-2048"
], - "types": [
- "0-255"
]
}
]
}
]
}
Create a new Ringfence Rule.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Ringfence Rule object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
actions required | Array of objects List of all ringfence actions in this Ringfence Rule. |
Created Ringfence Rule.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The submitted resource conflicts with another.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "actions": [
- {
- "protocol": "icmp",
- "direction": "up",
- "action": "allow",
- "hosts": [
- "10.0.2.0/24"
], - "ports": [
- 80,
- 443,
- "1024-2048"
], - "types": [
- "0-255"
]
}
]
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:29Z",
- "updated": "2020-07-17T09:48:29Z",
- "tags": [
- "developer",
- "api-created"
], - "actions": [
- {
- "protocol": "icmp",
- "direction": "up",
- "action": "allow",
- "hosts": [
- "10.0.2.0/24"
], - "ports": [
- 80,
- 443,
- "1024-2048"
], - "types": [
- "0-255"
]
}
]
}
Get a specific Ringfence Rule.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Single Ringfence Rule object.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:29Z",
- "updated": "2020-07-17T09:48:29Z",
- "tags": [
- "developer",
- "api-created"
], - "actions": [
- {
- "protocol": "icmp",
- "direction": "up",
- "action": "allow",
- "hosts": [
- "10.0.2.0/24"
], - "ports": [
- 80,
- 443,
- "1024-2048"
], - "types": [
- "0-255"
]
}
]
}
Update an existing Ringfence Rule.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Ringfence Rule object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
actions required | Array of objects List of all ringfence actions in this Ringfence Rule. |
Updated Ringfence Rule.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "actions": [
- {
- "protocol": "icmp",
- "direction": "up",
- "action": "allow",
- "hosts": [
- "10.0.2.0/24"
], - "ports": [
- 80,
- 443,
- "1024-2048"
], - "types": [
- "0-255"
]
}
]
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:29Z",
- "updated": "2020-07-17T09:48:29Z",
- "tags": [
- "developer",
- "api-created"
], - "actions": [
- {
- "protocol": "icmp",
- "direction": "up",
- "action": "allow",
- "hosts": [
- "10.0.2.0/24"
], - "ports": [
- 80,
- 443,
- "1024-2048"
], - "types": [
- "0-255"
]
}
]
}
Delete a specific Ringfence Rule.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Ringfence Rule was deleted successfully.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
List all Appliances visible to current user.
query | string Query string to filter the result list. It's used for various fields depending on the object type. |
range | string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.' |
orderBy | string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type. |
descending | string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type. |
filterBy | object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of Appliances.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "query": "string",
- "range": "0-30/54",
- "orderBy": "name",
- "descending": true,
- "filterBy": [
- {
- "name": "name",
- "value": "AWS"
}
], - "data": [
- {
- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:29Z",
- "updated": "2020-07-17T09:48:29Z",
- "tags": [
- "developer",
- "api-created"
], - "activated": true,
- "pendingCertificateRenewal": false,
- "version": 9,
- "hostname": "appgate.company.com",
- "site": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "siteName": "Default Site",
- "customization": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "connectToPeersUsingClientPortWithSpa": true,
- "clientInterface": {
- "proxyProtocol": false,
- "hostname": "appgate.company.com",
- "httpsPort": 443,
- "dtlsPort": 443,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
], - "overrideSpaMode": "Disabled"
}, - "peerInterface": {
- "hostname": "appgate.company.com",
- "httpsPort": 444,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "adminInterface": {
- "hostname": "appgate.company.com",
- "httpsPort": 8443,
- "httpsCiphers": [
- "ECDHE-RSA-AES256-GCM-SHA384",
- "ECDHE-RSA-AES128-GCM-SHA256"
], - "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "networking": {
- "hosts": [
- {
- "hostname": "internal.service.company.com",
- "address": "10.10.10.10"
}
], - "nics": [
- {
- "enabled": true,
- "name": "eth0",
- "ipv4": {
- "dhcp": {
- "enabled": true,
- "dns": true,
- "routers": true,
- "ntp": true,
- "mtu": true
}, - "static": [
- {
- "address": "10.10.10.1",
- "netmask": 24,
- "hostname": "appgate.company.com",
- "snat": true
}
], - "virtualIp": "10.10.10.24"
}, - "ipv6": {
- "dhcp": {
- "enabled": true,
- "dns": true,
- "ntp": true,
- "mtu": true
}, - "static": [
- {
- "address": "2001:db8:0:0:0:ff00:42:8329",
- "netmask": 24,
- "hostname": "appgate.company.com",
- "snat": true
}
], - "virtualIp": "2001:db8:0:0:0:ff00:42:8400"
}, - "mtu": 1500
}
], - "dnsServers": [
- "172.17.18.19",
- "192.100.111.31"
], - "dnsDomains": [
- "internal.company.com"
], - "routes": [
- {
- "address": "10.0.0.0",
- "netmask": 24,
- "gateway": "10.0.0.254",
- "nic": "eth0"
}
]
}, - "ntp": {
- "servers": [
- {
- "hostname": "0.ubuntu.pool.ntp.org",
- "keyType": "MD5",
- "key": "string"
}
]
}, - "sshServer": {
- "enabled": false,
- "port": 22,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
], - "passwordAuthentication": true
}, - "snmpServer": {
- "enabled": false,
- "tcpPort": 161,
- "udpPort": 161,
- "snmpd.conf": "string",
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "healthcheckServer": {
- "enabled": false,
- "port": 5555,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "prometheusExporter": {
- "enabled": false,
- "port": 5556,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "ping": {
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "logServer": {
- "enabled": false,
- "retentionDays": 30
}, - "controller": {
- "enabled": false
}, - "gateway": {
- "enabled": false,
- "vpn": {
- "weight": 100,
- "allowDestinations": [
- {
- "address": "192.168.111.0",
- "netmask": 24,
- "nic": "eth1"
}
]
}
}, - "logForwarder": {
- "enabled": false,
- "elasticsearch": {
- "awsId": "string",
- "awsRegion": "eu-west-2",
- "useInstanceCredentials": true,
- "retentionDays": 30
}, - "tcpClients": [
- {
- "name": "Company SIEM",
- "host": "siem.company.com",
- "port": 8888,
- "format": "json",
- "useTLS": true,
- "filter": "event_type=='authentication_succeeded'"
}
], - "awsKineses": [
- {
- "awsId": "string",
- "awsRegion": "eu-west-2",
- "useInstanceCredentials": true,
- "type": "Stream",
- "streamName": "AppGate_SDP_audit",
- "batchSize": 400,
- "numberOfPartitionKeys": 10,
- "filter": "event_type=='authentication_succeeded'"
}
], - "sites": [
- "string"
]
}, - "connector": {
- "enabled": false,
- "expressClients": [
- {
- "name": "Printers",
- "deviceId": "12699e27-b584-464a-81ee-5b4784b6d425",
- "allowResources": [
- {
- "address": "0.0.0.0",
- "netmask": 32
}
], - "snatToResources": true
}
], - "advancedClients": [
- {
- "name": "Printers",
- "deviceId": "12699e27-b584-464a-81ee-5b4784b6d425",
- "allowResources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
], - "snatToTunnel": true
}
]
}, - "rsyslogDestinations": [
- {
- "selector": ":msg, contains, \"[AUDIT]\"",
- "template": "%msg:9:$%\n",
- "destination": "@@10.10.10.2"
}
], - "hostnameAliases": [
- "appgatealias.company.com",
- "alias2.appgate.company.com"
]
}
]
}
Create a new inactive Appliance.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Appliance object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
hostname required | string Generic hostname of the appliance. Used as linux hostname and to identify within logs. |
site | string <uuid> Site served by the Appliance. Entitlements on this Site will be included in the Entitlement Token for this Appliance. Not useful if Gateway role is not enabled. |
customization | string <uuid> Customization assigned to this Appliance. |
connectToPeersUsingClientPortWithSpa | boolean Default: true Makes the Appliance to connect to Controller/LogServer/LogForwarders using their clientInterface.httpsPort instead of peerInterface.httpsPort. The Appliance uses SPA to connect. |
clientInterface required | object The details of the Client connection interface. |
peerInterface required | object The details of peer connection interface. Used by other appliances and administrative UI. |
adminInterface | object The details of the admin connection interface. If null, admin interface will be accessible via peerInterface. |
networking required | object Networking configuration of the system. |
ntpServers | Array of strings Deprecated as of 4.3.0, use 'ntp' field instead. NTP servers to synchronize time. |
ntp | object NTP configuration. |
sshServer | object SSH server configuration. |
snmpServer | object SNMP Server configuration. |
healthcheckServer | object Healthcheck Server configuration. |
prometheusExporter | object Prometheus Exporter configuration. |
ping | object Rules for allowing ping. |
logServer | object Log Server settings. Log Server collects audit logs from all the appliances and stores them. |
controller | object Controller settings. |
gateway | object Gateway settings. |
logForwarder | object LogForwarder settings. LogForwarder collects audit logs from the appliances in the given sites and sends them to the given endpoints. |
connector | object Connector settings. |
rsyslogDestinations | Array of objects Rsyslog destination settings to forward appliance logs. |
hostnameAliases | Array of strings Hostname aliases. They are added to the Appliance certificate as Subject Alternative Names so it is trusted using different IPs or hostnames. Requires manual certificate renewal to apply changes to the certificate. |
Created Appliance.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The submitted resource conflicts with another.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "hostname": "appgate.company.com",
- "site": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "customization": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "connectToPeersUsingClientPortWithSpa": true,
- "clientInterface": {
- "proxyProtocol": false,
- "hostname": "appgate.company.com",
- "httpsPort": 443,
- "dtlsPort": 443,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
], - "overrideSpaMode": "Disabled"
}, - "peerInterface": {
- "hostname": "appgate.company.com",
- "httpsPort": 444,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "adminInterface": {
- "hostname": "appgate.company.com",
- "httpsPort": 8443,
- "httpsCiphers": [
- "ECDHE-RSA-AES256-GCM-SHA384",
- "ECDHE-RSA-AES128-GCM-SHA256"
], - "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "networking": {
- "hosts": [
- {
- "hostname": "internal.service.company.com",
- "address": "10.10.10.10"
}
], - "nics": [
- {
- "enabled": true,
- "name": "eth0",
- "ipv4": {
- "dhcp": {
- "enabled": true,
- "dns": true,
- "routers": true,
- "ntp": true,
- "mtu": true
}, - "static": [
- {
- "address": "10.10.10.1",
- "netmask": 24,
- "hostname": "appgate.company.com",
- "snat": true
}
], - "virtualIp": "10.10.10.24"
}, - "ipv6": {
- "dhcp": {
- "enabled": true,
- "dns": true,
- "ntp": true,
- "mtu": true
}, - "static": [
- {
- "address": "2001:db8:0:0:0:ff00:42:8329",
- "netmask": 24,
- "hostname": "appgate.company.com",
- "snat": true
}
], - "virtualIp": "2001:db8:0:0:0:ff00:42:8400"
}, - "mtu": 1500
}
], - "dnsServers": [
- "172.17.18.19",
- "192.100.111.31"
], - "dnsDomains": [
- "internal.company.com"
], - "routes": [
- {
- "address": "10.0.0.0",
- "netmask": 24,
- "gateway": "10.0.0.254",
- "nic": "eth0"
}
]
}, - "ntpServers": [
- "91.189.89.199",
- "0.ubuntu.pool.ntp.org"
], - "ntp": {
- "servers": [
- {
- "hostname": "0.ubuntu.pool.ntp.org",
- "keyType": "MD5",
- "key": "string"
}
]
}, - "sshServer": {
- "enabled": false,
- "port": 22,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
], - "passwordAuthentication": true
}, - "snmpServer": {
- "enabled": false,
- "tcpPort": 161,
- "udpPort": 161,
- "snmpd.conf": "string",
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "healthcheckServer": {
- "enabled": false,
- "port": 5555,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "prometheusExporter": {
- "enabled": false,
- "port": 5556,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "ping": {
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "logServer": {
- "enabled": false,
- "retentionDays": 30
}, - "controller": {
- "enabled": false
}, - "gateway": {
- "enabled": false,
- "vpn": {
- "weight": 100,
- "allowDestinations": [
- {
- "address": "192.168.111.0",
- "netmask": 24,
- "nic": "eth1"
}
]
}
}, - "logForwarder": {
- "enabled": false,
- "elasticsearch": {
- "awsId": "string",
- "awsSecret": "string",
- "awsRegion": "eu-west-2",
- "useInstanceCredentials": true,
- "retentionDays": 30
}, - "tcpClients": [
- {
- "name": "Company SIEM",
- "host": "siem.company.com",
- "port": 8888,
- "format": "json",
- "useTLS": true,
- "filter": "event_type=='authentication_succeeded'"
}
], - "awsKineses": [
- {
- "awsId": "string",
- "awsSecret": "string",
- "awsRegion": "eu-west-2",
- "useInstanceCredentials": true,
- "type": "Stream",
- "streamName": "AppGate_SDP_audit",
- "batchSize": 400,
- "numberOfPartitionKeys": 10,
- "filter": "event_type=='authentication_succeeded'"
}
], - "sites": [
- "string"
]
}, - "connector": {
- "enabled": false,
- "expressClients": [
- {
- "name": "Printers",
- "deviceId": "12699e27-b584-464a-81ee-5b4784b6d425",
- "allowResources": [
- {
- "address": "0.0.0.0",
- "netmask": 32
}
], - "snatToResources": true
}
], - "advancedClients": [
- {
- "name": "Printers",
- "deviceId": "12699e27-b584-464a-81ee-5b4784b6d425",
- "allowResources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
], - "snatToTunnel": true
}
]
}, - "rsyslogDestinations": [
- {
- "selector": ":msg, contains, \"[AUDIT]\"",
- "template": "%msg:9:$%\n",
- "destination": "@@10.10.10.2"
}
], - "hostnameAliases": [
- "appgatealias.company.com",
- "alias2.appgate.company.com"
]
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:29Z",
- "updated": "2020-07-17T09:48:29Z",
- "tags": [
- "developer",
- "api-created"
], - "activated": true,
- "pendingCertificateRenewal": false,
- "version": 9,
- "hostname": "appgate.company.com",
- "site": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "siteName": "Default Site",
- "customization": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "connectToPeersUsingClientPortWithSpa": true,
- "clientInterface": {
- "proxyProtocol": false,
- "hostname": "appgate.company.com",
- "httpsPort": 443,
- "dtlsPort": 443,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
], - "overrideSpaMode": "Disabled"
}, - "peerInterface": {
- "hostname": "appgate.company.com",
- "httpsPort": 444,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "adminInterface": {
- "hostname": "appgate.company.com",
- "httpsPort": 8443,
- "httpsCiphers": [
- "ECDHE-RSA-AES256-GCM-SHA384",
- "ECDHE-RSA-AES128-GCM-SHA256"
], - "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "networking": {
- "hosts": [
- {
- "hostname": "internal.service.company.com",
- "address": "10.10.10.10"
}
], - "nics": [
- {
- "enabled": true,
- "name": "eth0",
- "ipv4": {
- "dhcp": {
- "enabled": true,
- "dns": true,
- "routers": true,
- "ntp": true,
- "mtu": true
}, - "static": [
- {
- "address": "10.10.10.1",
- "netmask": 24,
- "hostname": "appgate.company.com",
- "snat": true
}
], - "virtualIp": "10.10.10.24"
}, - "ipv6": {
- "dhcp": {
- "enabled": true,
- "dns": true,
- "ntp": true,
- "mtu": true
}, - "static": [
- {
- "address": "2001:db8:0:0:0:ff00:42:8329",
- "netmask": 24,
- "hostname": "appgate.company.com",
- "snat": true
}
], - "virtualIp": "2001:db8:0:0:0:ff00:42:8400"
}, - "mtu": 1500
}
], - "dnsServers": [
- "172.17.18.19",
- "192.100.111.31"
], - "dnsDomains": [
- "internal.company.com"
], - "routes": [
- {
- "address": "10.0.0.0",
- "netmask": 24,
- "gateway": "10.0.0.254",
- "nic": "eth0"
}
]
}, - "ntp": {
- "servers": [
- {
- "hostname": "0.ubuntu.pool.ntp.org",
- "keyType": "MD5",
- "key": "string"
}
]
}, - "sshServer": {
- "enabled": false,
- "port": 22,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
], - "passwordAuthentication": true
}, - "snmpServer": {
- "enabled": false,
- "tcpPort": 161,
- "udpPort": 161,
- "snmpd.conf": "string",
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "healthcheckServer": {
- "enabled": false,
- "port": 5555,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "prometheusExporter": {
- "enabled": false,
- "port": 5556,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "ping": {
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "logServer": {
- "enabled": false,
- "retentionDays": 30
}, - "controller": {
- "enabled": false
}, - "gateway": {
- "enabled": false,
- "vpn": {
- "weight": 100,
- "allowDestinations": [
- {
- "address": "192.168.111.0",
- "netmask": 24,
- "nic": "eth1"
}
]
}
}, - "logForwarder": {
- "enabled": false,
- "elasticsearch": {
- "awsId": "string",
- "awsRegion": "eu-west-2",
- "useInstanceCredentials": true,
- "retentionDays": 30
}, - "tcpClients": [
- {
- "name": "Company SIEM",
- "host": "siem.company.com",
- "port": 8888,
- "format": "json",
- "useTLS": true,
- "filter": "event_type=='authentication_succeeded'"
}
], - "awsKineses": [
- {
- "awsId": "string",
- "awsRegion": "eu-west-2",
- "useInstanceCredentials": true,
- "type": "Stream",
- "streamName": "AppGate_SDP_audit",
- "batchSize": 400,
- "numberOfPartitionKeys": 10,
- "filter": "event_type=='authentication_succeeded'"
}
], - "sites": [
- "string"
]
}, - "connector": {
- "enabled": false,
- "expressClients": [
- {
- "name": "Printers",
- "deviceId": "12699e27-b584-464a-81ee-5b4784b6d425",
- "allowResources": [
- {
- "address": "0.0.0.0",
- "netmask": 32
}
], - "snatToResources": true
}
], - "advancedClients": [
- {
- "name": "Printers",
- "deviceId": "12699e27-b584-464a-81ee-5b4784b6d425",
- "allowResources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
], - "snatToTunnel": true
}
]
}, - "rsyslogDestinations": [
- {
- "selector": ":msg, contains, \"[AUDIT]\"",
- "template": "%msg:9:$%\n",
- "destination": "@@10.10.10.2"
}
], - "hostnameAliases": [
- "appgatealias.company.com",
- "alias2.appgate.company.com"
]
}
Get a specific Appliance.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Single Appliance.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:30Z",
- "updated": "2020-07-17T09:48:30Z",
- "tags": [
- "developer",
- "api-created"
], - "activated": true,
- "pendingCertificateRenewal": false,
- "version": 9,
- "hostname": "appgate.company.com",
- "site": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "siteName": "Default Site",
- "customization": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "connectToPeersUsingClientPortWithSpa": true,
- "clientInterface": {
- "proxyProtocol": false,
- "hostname": "appgate.company.com",
- "httpsPort": 443,
- "dtlsPort": 443,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
], - "overrideSpaMode": "Disabled"
}, - "peerInterface": {
- "hostname": "appgate.company.com",
- "httpsPort": 444,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "adminInterface": {
- "hostname": "appgate.company.com",
- "httpsPort": 8443,
- "httpsCiphers": [
- "ECDHE-RSA-AES256-GCM-SHA384",
- "ECDHE-RSA-AES128-GCM-SHA256"
], - "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "networking": {
- "hosts": [
- {
- "hostname": "internal.service.company.com",
- "address": "10.10.10.10"
}
], - "nics": [
- {
- "enabled": true,
- "name": "eth0",
- "ipv4": {
- "dhcp": {
- "enabled": true,
- "dns": true,
- "routers": true,
- "ntp": true,
- "mtu": true
}, - "static": [
- {
- "address": "10.10.10.1",
- "netmask": 24,
- "hostname": "appgate.company.com",
- "snat": true
}
], - "virtualIp": "10.10.10.24"
}, - "ipv6": {
- "dhcp": {
- "enabled": true,
- "dns": true,
- "ntp": true,
- "mtu": true
}, - "static": [
- {
- "address": "2001:db8:0:0:0:ff00:42:8329",
- "netmask": 24,
- "hostname": "appgate.company.com",
- "snat": true
}
], - "virtualIp": "2001:db8:0:0:0:ff00:42:8400"
}, - "mtu": 1500
}
], - "dnsServers": [
- "172.17.18.19",
- "192.100.111.31"
], - "dnsDomains": [
- "internal.company.com"
], - "routes": [
- {
- "address": "10.0.0.0",
- "netmask": 24,
- "gateway": "10.0.0.254",
- "nic": "eth0"
}
]
}, - "ntp": {
- "servers": [
- {
- "hostname": "0.ubuntu.pool.ntp.org",
- "keyType": "MD5",
- "key": "string"
}
]
}, - "sshServer": {
- "enabled": false,
- "port": 22,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
], - "passwordAuthentication": true
}, - "snmpServer": {
- "enabled": false,
- "tcpPort": 161,
- "udpPort": 161,
- "snmpd.conf": "string",
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "healthcheckServer": {
- "enabled": false,
- "port": 5555,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "prometheusExporter": {
- "enabled": false,
- "port": 5556,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "ping": {
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "logServer": {
- "enabled": false,
- "retentionDays": 30
}, - "controller": {
- "enabled": false
}, - "gateway": {
- "enabled": false,
- "vpn": {
- "weight": 100,
- "allowDestinations": [
- {
- "address": "192.168.111.0",
- "netmask": 24,
- "nic": "eth1"
}
]
}
}, - "logForwarder": {
- "enabled": false,
- "elasticsearch": {
- "awsId": "string",
- "awsRegion": "eu-west-2",
- "useInstanceCredentials": true,
- "retentionDays": 30
}, - "tcpClients": [
- {
- "name": "Company SIEM",
- "host": "siem.company.com",
- "port": 8888,
- "format": "json",
- "useTLS": true,
- "filter": "event_type=='authentication_succeeded'"
}
], - "awsKineses": [
- {
- "awsId": "string",
- "awsRegion": "eu-west-2",
- "useInstanceCredentials": true,
- "type": "Stream",
- "streamName": "AppGate_SDP_audit",
- "batchSize": 400,
- "numberOfPartitionKeys": 10,
- "filter": "event_type=='authentication_succeeded'"
}
], - "sites": [
- "string"
]
}, - "connector": {
- "enabled": false,
- "expressClients": [
- {
- "name": "Printers",
- "deviceId": "12699e27-b584-464a-81ee-5b4784b6d425",
- "allowResources": [
- {
- "address": "0.0.0.0",
- "netmask": 32
}
], - "snatToResources": true
}
], - "advancedClients": [
- {
- "name": "Printers",
- "deviceId": "12699e27-b584-464a-81ee-5b4784b6d425",
- "allowResources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
], - "snatToTunnel": true
}
]
}, - "rsyslogDestinations": [
- {
- "selector": ":msg, contains, \"[AUDIT]\"",
- "template": "%msg:9:$%\n",
- "destination": "@@10.10.10.2"
}
], - "hostnameAliases": [
- "appgatealias.company.com",
- "alias2.appgate.company.com"
]
}
Update an existing Appliance.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Appliance object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
hostname required | string Generic hostname of the appliance. Used as linux hostname and to identify within logs. |
site | string <uuid> Site served by the Appliance. Entitlements on this Site will be included in the Entitlement Token for this Appliance. Not useful if Gateway role is not enabled. |
customization | string <uuid> Customization assigned to this Appliance. |
connectToPeersUsingClientPortWithSpa | boolean Default: true Makes the Appliance to connect to Controller/LogServer/LogForwarders using their clientInterface.httpsPort instead of peerInterface.httpsPort. The Appliance uses SPA to connect. |
clientInterface required | object The details of the Client connection interface. |
peerInterface required | object The details of peer connection interface. Used by other appliances and administrative UI. |
adminInterface | object The details of the admin connection interface. If null, admin interface will be accessible via peerInterface. |
networking required | object Networking configuration of the system. |
ntpServers | Array of strings Deprecated as of 4.3.0, use 'ntp' field instead. NTP servers to synchronize time. |
ntp | object NTP configuration. |
sshServer | object SSH server configuration. |
snmpServer | object SNMP Server configuration. |
healthcheckServer | object Healthcheck Server configuration. |
prometheusExporter | object Prometheus Exporter configuration. |
ping | object Rules for allowing ping. |
logServer | object Log Server settings. Log Server collects audit logs from all the appliances and stores them. |
controller | object Controller settings. |
gateway | object Gateway settings. |
logForwarder | object LogForwarder settings. LogForwarder collects audit logs from the appliances in the given sites and sends them to the given endpoints. |
connector | object Connector settings. |
rsyslogDestinations | Array of objects Rsyslog destination settings to forward appliance logs. |
hostnameAliases | Array of strings Hostname aliases. They are added to the Appliance certificate as Subject Alternative Names so it is trusted using different IPs or hostnames. Requires manual certificate renewal to apply changes to the certificate. |
Updated Appliance.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "hostname": "appgate.company.com",
- "site": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "customization": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "connectToPeersUsingClientPortWithSpa": true,
- "clientInterface": {
- "proxyProtocol": false,
- "hostname": "appgate.company.com",
- "httpsPort": 443,
- "dtlsPort": 443,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
], - "overrideSpaMode": "Disabled"
}, - "peerInterface": {
- "hostname": "appgate.company.com",
- "httpsPort": 444,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "adminInterface": {
- "hostname": "appgate.company.com",
- "httpsPort": 8443,
- "httpsCiphers": [
- "ECDHE-RSA-AES256-GCM-SHA384",
- "ECDHE-RSA-AES128-GCM-SHA256"
], - "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "networking": {
- "hosts": [
- {
- "hostname": "internal.service.company.com",
- "address": "10.10.10.10"
}
], - "nics": [
- {
- "enabled": true,
- "name": "eth0",
- "ipv4": {
- "dhcp": {
- "enabled": true,
- "dns": true,
- "routers": true,
- "ntp": true,
- "mtu": true
}, - "static": [
- {
- "address": "10.10.10.1",
- "netmask": 24,
- "hostname": "appgate.company.com",
- "snat": true
}
], - "virtualIp": "10.10.10.24"
}, - "ipv6": {
- "dhcp": {
- "enabled": true,
- "dns": true,
- "ntp": true,
- "mtu": true
}, - "static": [
- {
- "address": "2001:db8:0:0:0:ff00:42:8329",
- "netmask": 24,
- "hostname": "appgate.company.com",
- "snat": true
}
], - "virtualIp": "2001:db8:0:0:0:ff00:42:8400"
}, - "mtu": 1500
}
], - "dnsServers": [
- "172.17.18.19",
- "192.100.111.31"
], - "dnsDomains": [
- "internal.company.com"
], - "routes": [
- {
- "address": "10.0.0.0",
- "netmask": 24,
- "gateway": "10.0.0.254",
- "nic": "eth0"
}
]
}, - "ntpServers": [
- "91.189.89.199",
- "0.ubuntu.pool.ntp.org"
], - "ntp": {
- "servers": [
- {
- "hostname": "0.ubuntu.pool.ntp.org",
- "keyType": "MD5",
- "key": "string"
}
]
}, - "sshServer": {
- "enabled": false,
- "port": 22,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
], - "passwordAuthentication": true
}, - "snmpServer": {
- "enabled": false,
- "tcpPort": 161,
- "udpPort": 161,
- "snmpd.conf": "string",
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "healthcheckServer": {
- "enabled": false,
- "port": 5555,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "prometheusExporter": {
- "enabled": false,
- "port": 5556,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "ping": {
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "logServer": {
- "enabled": false,
- "retentionDays": 30
}, - "controller": {
- "enabled": false
}, - "gateway": {
- "enabled": false,
- "vpn": {
- "weight": 100,
- "allowDestinations": [
- {
- "address": "192.168.111.0",
- "netmask": 24,
- "nic": "eth1"
}
]
}
}, - "logForwarder": {
- "enabled": false,
- "elasticsearch": {
- "awsId": "string",
- "awsSecret": "string",
- "awsRegion": "eu-west-2",
- "useInstanceCredentials": true,
- "retentionDays": 30
}, - "tcpClients": [
- {
- "name": "Company SIEM",
- "host": "siem.company.com",
- "port": 8888,
- "format": "json",
- "useTLS": true,
- "filter": "event_type=='authentication_succeeded'"
}
], - "awsKineses": [
- {
- "awsId": "string",
- "awsSecret": "string",
- "awsRegion": "eu-west-2",
- "useInstanceCredentials": true,
- "type": "Stream",
- "streamName": "AppGate_SDP_audit",
- "batchSize": 400,
- "numberOfPartitionKeys": 10,
- "filter": "event_type=='authentication_succeeded'"
}
], - "sites": [
- "string"
]
}, - "connector": {
- "enabled": false,
- "expressClients": [
- {
- "name": "Printers",
- "deviceId": "12699e27-b584-464a-81ee-5b4784b6d425",
- "allowResources": [
- {
- "address": "0.0.0.0",
- "netmask": 32
}
], - "snatToResources": true
}
], - "advancedClients": [
- {
- "name": "Printers",
- "deviceId": "12699e27-b584-464a-81ee-5b4784b6d425",
- "allowResources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
], - "snatToTunnel": true
}
]
}, - "rsyslogDestinations": [
- {
- "selector": ":msg, contains, \"[AUDIT]\"",
- "template": "%msg:9:$%\n",
- "destination": "@@10.10.10.2"
}
], - "hostnameAliases": [
- "appgatealias.company.com",
- "alias2.appgate.company.com"
]
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:30Z",
- "updated": "2020-07-17T09:48:30Z",
- "tags": [
- "developer",
- "api-created"
], - "activated": true,
- "pendingCertificateRenewal": false,
- "version": 9,
- "hostname": "appgate.company.com",
- "site": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "siteName": "Default Site",
- "customization": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "connectToPeersUsingClientPortWithSpa": true,
- "clientInterface": {
- "proxyProtocol": false,
- "hostname": "appgate.company.com",
- "httpsPort": 443,
- "dtlsPort": 443,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
], - "overrideSpaMode": "Disabled"
}, - "peerInterface": {
- "hostname": "appgate.company.com",
- "httpsPort": 444,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "adminInterface": {
- "hostname": "appgate.company.com",
- "httpsPort": 8443,
- "httpsCiphers": [
- "ECDHE-RSA-AES256-GCM-SHA384",
- "ECDHE-RSA-AES128-GCM-SHA256"
], - "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "networking": {
- "hosts": [
- {
- "hostname": "internal.service.company.com",
- "address": "10.10.10.10"
}
], - "nics": [
- {
- "enabled": true,
- "name": "eth0",
- "ipv4": {
- "dhcp": {
- "enabled": true,
- "dns": true,
- "routers": true,
- "ntp": true,
- "mtu": true
}, - "static": [
- {
- "address": "10.10.10.1",
- "netmask": 24,
- "hostname": "appgate.company.com",
- "snat": true
}
], - "virtualIp": "10.10.10.24"
}, - "ipv6": {
- "dhcp": {
- "enabled": true,
- "dns": true,
- "ntp": true,
- "mtu": true
}, - "static": [
- {
- "address": "2001:db8:0:0:0:ff00:42:8329",
- "netmask": 24,
- "hostname": "appgate.company.com",
- "snat": true
}
], - "virtualIp": "2001:db8:0:0:0:ff00:42:8400"
}, - "mtu": 1500
}
], - "dnsServers": [
- "172.17.18.19",
- "192.100.111.31"
], - "dnsDomains": [
- "internal.company.com"
], - "routes": [
- {
- "address": "10.0.0.0",
- "netmask": 24,
- "gateway": "10.0.0.254",
- "nic": "eth0"
}
]
}, - "ntp": {
- "servers": [
- {
- "hostname": "0.ubuntu.pool.ntp.org",
- "keyType": "MD5",
- "key": "string"
}
]
}, - "sshServer": {
- "enabled": false,
- "port": 22,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
], - "passwordAuthentication": true
}, - "snmpServer": {
- "enabled": false,
- "tcpPort": 161,
- "udpPort": 161,
- "snmpd.conf": "string",
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "healthcheckServer": {
- "enabled": false,
- "port": 5555,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "prometheusExporter": {
- "enabled": false,
- "port": 5556,
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "ping": {
- "allowSources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
]
}, - "logServer": {
- "enabled": false,
- "retentionDays": 30
}, - "controller": {
- "enabled": false
}, - "gateway": {
- "enabled": false,
- "vpn": {
- "weight": 100,
- "allowDestinations": [
- {
- "address": "192.168.111.0",
- "netmask": 24,
- "nic": "eth1"
}
]
}
}, - "logForwarder": {
- "enabled": false,
- "elasticsearch": {
- "awsId": "string",
- "awsRegion": "eu-west-2",
- "useInstanceCredentials": true,
- "retentionDays": 30
}, - "tcpClients": [
- {
- "name": "Company SIEM",
- "host": "siem.company.com",
- "port": 8888,
- "format": "json",
- "useTLS": true,
- "filter": "event_type=='authentication_succeeded'"
}
], - "awsKineses": [
- {
- "awsId": "string",
- "awsRegion": "eu-west-2",
- "useInstanceCredentials": true,
- "type": "Stream",
- "streamName": "AppGate_SDP_audit",
- "batchSize": 400,
- "numberOfPartitionKeys": 10,
- "filter": "event_type=='authentication_succeeded'"
}
], - "sites": [
- "string"
]
}, - "connector": {
- "enabled": false,
- "expressClients": [
- {
- "name": "Printers",
- "deviceId": "12699e27-b584-464a-81ee-5b4784b6d425",
- "allowResources": [
- {
- "address": "0.0.0.0",
- "netmask": 32
}
], - "snatToResources": true
}
], - "advancedClients": [
- {
- "name": "Printers",
- "deviceId": "12699e27-b584-464a-81ee-5b4784b6d425",
- "allowResources": [
- {
- "address": [
- "0.0.0.0",
- "::"
], - "netmask": 0,
- "nic": "eth0"
}
], - "snatToTunnel": true
}
]
}, - "rsyslogDestinations": [
- {
- "selector": ":msg, contains, \"[AUDIT]\"",
- "template": "%msg:9:$%\n",
- "destination": "@@10.10.10.2"
}
], - "hostnameAliases": [
- "appgatealias.company.com",
- "alias2.appgate.company.com"
]
}
Delete a specific Appliance.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Appliance was deleted successfully.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
Export JSON seed for an inactive Appliance.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
latestVersion | boolean If the Appliance object created on an old Controller and the version field is older than the current peer version, Controller generates a seed for that specific version. Adding this parameter overrides the version to the current one. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
SSH configuration during seeding.
provideCloudSSHKey | boolean Tells appliance to use the key generated by AWS or Azure. |
sshKey | string SSH public key to allow. |
password | string Appliance's CZ user password. |
Exported JSON Appliance seed. Body must be saved as seed.json file.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "provideCloudSSHKey": true,
- "sshKey": "ssh-rsa ....",
- "password": "tSW3!QBv(rj{UuLY"
}
{ }
Export ISO seed for an inactive Appliance.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
latestVersion | boolean If the Appliance object created on an old Controller and the version field is older than the current peer version, Controller generates a seed for that specific version. Adding this parameter overrides the version to the current one. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
SSH configuration during seeding.
provideCloudSSHKey | boolean Tells appliance to use the key generated by AWS or Azure. |
sshKey | string SSH public key to allow. |
password | string Appliance's CZ user password. |
Exported ISO Appliance seed.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "provideCloudSSHKey": true,
- "sshKey": "ssh-rsa ....",
- "password": "tSW3!QBv(rj{UuLY"
}
{- "iso": "string"
}
Renew certificate of an active Appliance.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Certificate renewal process started successfully.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
Upload and apply HTTPS certificate on the admin interface of an active Appliance.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
p12 | string <byte> P12 binary in Base64 format. |
password | string Default: "" Password for the p12 file. |
P12 file is accepted and applied.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "p12": "string",
- "password": ""
}
{- "id": "string",
- "message": "string"
}
Deactivate an active Appliance. If the appliance is still reachable, it will get a wipe command.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
wipe | boolean Default: true Sends wipe command to the Appliance. Equivalent to 'cz-config wipe-appliance' command on the Appliance. True by default. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Appliance was deactivated successfully.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
Reboot an active Appliance.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Appliance received the reboot command successfully.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
Test a resolver name on a Gateway.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
What to test on name resolvers.
resourceName | string The resource name to test on the Gateway. |
Test is completed successfully.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The submitted resource conflicts with another.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "resourceName": "aws://tag:Application=Software Defined Perimeter"
}
{- "ips": [
- "10.0.0.1"
], - "error": "DNS name resolution error for ipv4, pycares errno 11: Could not contact DNS servers"
}
Get the status of name resolution on a Gateway. It lists all the subscribed resource names from all the connected Clients and shows the resolution results.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Gateway returned the status successfully.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "resolutions": {
- "aws://lb-tag:kubernetes.io/service-name=opsnonprod/erp-dev": {
- "partial": false,
- "finals": [
- "3.120.51.78",
- "35.156.237.184"
], - "partials": [
- "dns://all.GW-ELB-2001535196.eu-central-1.elb.amazonaws.com",
- "dns://all.purple-lb-1785267452.eu-central-1.elb.amazonaws.com"
], - "errors": [ ]
}
}
}
List all Sites visible to current user.
query | string Query string to filter the result list. It's used for various fields depending on the object type. |
range | string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.' |
orderBy | string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type. |
descending | string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type. |
filterBy | object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of Sites.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "query": "string",
- "range": "0-30/54",
- "orderBy": "name",
- "descending": true,
- "filterBy": [
- {
- "name": "name",
- "value": "AWS"
}
], - "data": [
- {
- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:33Z",
- "updated": "2020-07-17T09:48:33Z",
- "tags": [
- "developer",
- "api-created"
], - "shortName": "AZU1",
- "description": "Gives access to Azure endpoints.",
- "networkSubnets": [
- "10.0.0.0/16"
], - "ipPoolMappings": [
- {
- "from": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "to": "8c07bc67-5711-42dd-b702-c2d6c45419f8"
}
], - "defaultGateway": {
- "enabledV4": false,
- "enabledV6": false,
- "excludedSubnets": [
- "10.0.10.0/24"
]
}, - "entitlementBasedRouting": false,
- "vpn": {
- "stateSharing": false,
- "snat": false,
- "tls": {
- "enabled": true
}, - "dtls": {
- "enabled": false
}, - "routeVia": {
- "ipv4": "10.0.0.2",
- "ipv6": "2001:db8:0:0:0:ff00:42:8329"
}, - "webProxyEnabled": true,
- "webProxyCertificateSubjectName": "string",
- "ipAccessLogIntervalSeconds": 120
}, - "nameResolution": {
- "useHostsFile": false,
- "dnsResolvers": [
- {
- "name": "DNS Resolver 1",
- "updateInterval": 60,
- "servers": [
- "10.0.0.2"
], - "searchDomains": [
- "company.com"
]
}
], - "awsResolvers": [
- {
- "name": "AWS Resolver 1",
- "updateInterval": 60,
- "vpcs": [
- "string"
], - "vpcAutoDiscovery": true,
- "regions": [
- "eu-west-2"
], - "useIAMRole": true,
- "accessKeyId": "string",
- "httpsProxy": "string",
- "resolveWithMasterCredentials": true,
- "assumedRoles": [
- {
- "accountId": "string",
- "roleName": "string",
- "externalId": "string",
- "regions": [
- "string"
]
}
]
}
], - "azureResolvers": [
- {
- "name": "string",
- "updateInterval": 60,
- "subscriptionId": "string",
- "tenantId": "string",
- "clientId": "string"
}
], - "esxResolvers": [
- {
- "name": "string",
- "updateInterval": 60,
- "hostname": "string",
- "username": "string"
}
], - "gcpResolvers": [
- {
- "name": "string",
- "updateInterval": 60,
- "projectFilter": "string",
- "instanceFilter": "string"
}
]
}
}
]
}
Create a new Site.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Site object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
shortName | string A short 4 letter name for the Site to be displayed on the Client. |
description | string Description of the Site to be displayed on the Client. |
networkSubnets | Array of strings Network subnets in CIDR format to define the Site's boundaries. They are added as routes by the Client. |
ipPoolMappings | Array of objects List of IP Pool mappings for this specific Site. When IPs are allocated this Site, they will be mapped to a new one using this setting. |
defaultGateway | object Default Gateway configuration. |
entitlementBasedRouting | boolean Default: false When enabled, the routes are sent to the Client by the Gateways according to the user's Entitlements "networkSubnets" should be left be empty if it's enabled. |
vpn | object VPN configuration for this Site. |
nameResolution | object Settings for asset name resolution. |
Created Site.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient license.
Insufficient permissions to access this resource.
The submitted resource conflicts with another.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "shortName": "AZU1",
- "description": "Gives access to Azure endpoints.",
- "networkSubnets": [
- "10.0.0.0/16"
], - "ipPoolMappings": [
- {
- "from": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "to": "8c07bc67-5711-42dd-b702-c2d6c45419f8"
}
], - "defaultGateway": {
- "enabledV4": false,
- "enabledV6": false,
- "excludedSubnets": [
- "10.0.10.0/24"
]
}, - "entitlementBasedRouting": false,
- "vpn": {
- "stateSharing": false,
- "snat": false,
- "tls": {
- "enabled": true
}, - "dtls": {
- "enabled": false
}, - "routeVia": {
- "ipv4": "10.0.0.2",
- "ipv6": "2001:db8:0:0:0:ff00:42:8329"
}, - "webProxyEnabled": true,
- "webProxyKeyStore": "string",
- "ipAccessLogIntervalSeconds": 120
}, - "nameResolution": {
- "useHostsFile": false,
- "dnsResolvers": [
- {
- "name": "DNS Resolver 1",
- "updateInterval": 60,
- "servers": [
- "10.0.0.2"
], - "searchDomains": [
- "company.com"
]
}
], - "awsResolvers": [
- {
- "name": "AWS Resolver 1",
- "updateInterval": 60,
- "vpcs": [
- "string"
], - "vpcAutoDiscovery": true,
- "regions": [
- "eu-west-2"
], - "useIAMRole": true,
- "accessKeyId": "string",
- "secretAccessKey": "string",
- "httpsProxy": "string",
- "resolveWithMasterCredentials": true,
- "assumedRoles": [
- {
- "accountId": "string",
- "roleName": "string",
- "externalId": "string",
- "regions": [
- "string"
]
}
]
}
], - "azureResolvers": [
- {
- "name": "string",
- "updateInterval": 60,
- "subscriptionId": "string",
- "tenantId": "string",
- "clientId": "string",
- "secret": "string"
}
], - "esxResolvers": [
- {
- "name": "string",
- "updateInterval": 60,
- "hostname": "string",
- "username": "string",
- "password": "string"
}
], - "gcpResolvers": [
- {
- "name": "string",
- "updateInterval": 60,
- "projectFilter": "string",
- "instanceFilter": "string"
}
]
}
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:33Z",
- "updated": "2020-07-17T09:48:33Z",
- "tags": [
- "developer",
- "api-created"
], - "shortName": "AZU1",
- "description": "Gives access to Azure endpoints.",
- "networkSubnets": [
- "10.0.0.0/16"
], - "ipPoolMappings": [
- {
- "from": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "to": "8c07bc67-5711-42dd-b702-c2d6c45419f8"
}
], - "defaultGateway": {
- "enabledV4": false,
- "enabledV6": false,
- "excludedSubnets": [
- "10.0.10.0/24"
]
}, - "entitlementBasedRouting": false,
- "vpn": {
- "stateSharing": false,
- "snat": false,
- "tls": {
- "enabled": true
}, - "dtls": {
- "enabled": false
}, - "routeVia": {
- "ipv4": "10.0.0.2",
- "ipv6": "2001:db8:0:0:0:ff00:42:8329"
}, - "webProxyEnabled": true,
- "webProxyCertificateSubjectName": "string",
- "ipAccessLogIntervalSeconds": 120
}, - "nameResolution": {
- "useHostsFile": false,
- "dnsResolvers": [
- {
- "name": "DNS Resolver 1",
- "updateInterval": 60,
- "servers": [
- "10.0.0.2"
], - "searchDomains": [
- "company.com"
]
}
], - "awsResolvers": [
- {
- "name": "AWS Resolver 1",
- "updateInterval": 60,
- "vpcs": [
- "string"
], - "vpcAutoDiscovery": true,
- "regions": [
- "eu-west-2"
], - "useIAMRole": true,
- "accessKeyId": "string",
- "httpsProxy": "string",
- "resolveWithMasterCredentials": true,
- "assumedRoles": [
- {
- "accountId": "string",
- "roleName": "string",
- "externalId": "string",
- "regions": [
- "string"
]
}
]
}
], - "azureResolvers": [
- {
- "name": "string",
- "updateInterval": 60,
- "subscriptionId": "string",
- "tenantId": "string",
- "clientId": "string"
}
], - "esxResolvers": [
- {
- "name": "string",
- "updateInterval": 60,
- "hostname": "string",
- "username": "string"
}
], - "gcpResolvers": [
- {
- "name": "string",
- "updateInterval": 60,
- "projectFilter": "string",
- "instanceFilter": "string"
}
]
}
}
Get a specific Site.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Single Site.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:33Z",
- "updated": "2020-07-17T09:48:33Z",
- "tags": [
- "developer",
- "api-created"
], - "shortName": "AZU1",
- "description": "Gives access to Azure endpoints.",
- "networkSubnets": [
- "10.0.0.0/16"
], - "ipPoolMappings": [
- {
- "from": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "to": "8c07bc67-5711-42dd-b702-c2d6c45419f8"
}
], - "defaultGateway": {
- "enabledV4": false,
- "enabledV6": false,
- "excludedSubnets": [
- "10.0.10.0/24"
]
}, - "entitlementBasedRouting": false,
- "vpn": {
- "stateSharing": false,
- "snat": false,
- "tls": {
- "enabled": true
}, - "dtls": {
- "enabled": false
}, - "routeVia": {
- "ipv4": "10.0.0.2",
- "ipv6": "2001:db8:0:0:0:ff00:42:8329"
}, - "webProxyEnabled": true,
- "webProxyCertificateSubjectName": "string",
- "ipAccessLogIntervalSeconds": 120
}, - "nameResolution": {
- "useHostsFile": false,
- "dnsResolvers": [
- {
- "name": "DNS Resolver 1",
- "updateInterval": 60,
- "servers": [
- "10.0.0.2"
], - "searchDomains": [
- "company.com"
]
}
], - "awsResolvers": [
- {
- "name": "AWS Resolver 1",
- "updateInterval": 60,
- "vpcs": [
- "string"
], - "vpcAutoDiscovery": true,
- "regions": [
- "eu-west-2"
], - "useIAMRole": true,
- "accessKeyId": "string",
- "httpsProxy": "string",
- "resolveWithMasterCredentials": true,
- "assumedRoles": [
- {
- "accountId": "string",
- "roleName": "string",
- "externalId": "string",
- "regions": [
- "string"
]
}
]
}
], - "azureResolvers": [
- {
- "name": "string",
- "updateInterval": 60,
- "subscriptionId": "string",
- "tenantId": "string",
- "clientId": "string"
}
], - "esxResolvers": [
- {
- "name": "string",
- "updateInterval": 60,
- "hostname": "string",
- "username": "string"
}
], - "gcpResolvers": [
- {
- "name": "string",
- "updateInterval": 60,
- "projectFilter": "string",
- "instanceFilter": "string"
}
]
}
}
Update an existing Site.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Site object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
shortName | string A short 4 letter name for the Site to be displayed on the Client. |
description | string Description of the Site to be displayed on the Client. |
networkSubnets | Array of strings Network subnets in CIDR format to define the Site's boundaries. They are added as routes by the Client. |
ipPoolMappings | Array of objects List of IP Pool mappings for this specific Site. When IPs are allocated this Site, they will be mapped to a new one using this setting. |
defaultGateway | object Default Gateway configuration. |
entitlementBasedRouting | boolean Default: false When enabled, the routes are sent to the Client by the Gateways according to the user's Entitlements "networkSubnets" should be left be empty if it's enabled. |
vpn | object VPN configuration for this Site. |
nameResolution | object Settings for asset name resolution. |
Updated Site.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "shortName": "AZU1",
- "description": "Gives access to Azure endpoints.",
- "networkSubnets": [
- "10.0.0.0/16"
], - "ipPoolMappings": [
- {
- "from": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "to": "8c07bc67-5711-42dd-b702-c2d6c45419f8"
}
], - "defaultGateway": {
- "enabledV4": false,
- "enabledV6": false,
- "excludedSubnets": [
- "10.0.10.0/24"
]
}, - "entitlementBasedRouting": false,
- "vpn": {
- "stateSharing": false,
- "snat": false,
- "tls": {
- "enabled": true
}, - "dtls": {
- "enabled": false
}, - "routeVia": {
- "ipv4": "10.0.0.2",
- "ipv6": "2001:db8:0:0:0:ff00:42:8329"
}, - "webProxyEnabled": true,
- "webProxyKeyStore": "string",
- "ipAccessLogIntervalSeconds": 120
}, - "nameResolution": {
- "useHostsFile": false,
- "dnsResolvers": [
- {
- "name": "DNS Resolver 1",
- "updateInterval": 60,
- "servers": [
- "10.0.0.2"
], - "searchDomains": [
- "company.com"
]
}
], - "awsResolvers": [
- {
- "name": "AWS Resolver 1",
- "updateInterval": 60,
- "vpcs": [
- "string"
], - "vpcAutoDiscovery": true,
- "regions": [
- "eu-west-2"
], - "useIAMRole": true,
- "accessKeyId": "string",
- "secretAccessKey": "string",
- "httpsProxy": "string",
- "resolveWithMasterCredentials": true,
- "assumedRoles": [
- {
- "accountId": "string",
- "roleName": "string",
- "externalId": "string",
- "regions": [
- "string"
]
}
]
}
], - "azureResolvers": [
- {
- "name": "string",
- "updateInterval": 60,
- "subscriptionId": "string",
- "tenantId": "string",
- "clientId": "string",
- "secret": "string"
}
], - "esxResolvers": [
- {
- "name": "string",
- "updateInterval": 60,
- "hostname": "string",
- "username": "string",
- "password": "string"
}
], - "gcpResolvers": [
- {
- "name": "string",
- "updateInterval": 60,
- "projectFilter": "string",
- "instanceFilter": "string"
}
]
}
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:33Z",
- "updated": "2020-07-17T09:48:33Z",
- "tags": [
- "developer",
- "api-created"
], - "shortName": "AZU1",
- "description": "Gives access to Azure endpoints.",
- "networkSubnets": [
- "10.0.0.0/16"
], - "ipPoolMappings": [
- {
- "from": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "to": "8c07bc67-5711-42dd-b702-c2d6c45419f8"
}
], - "defaultGateway": {
- "enabledV4": false,
- "enabledV6": false,
- "excludedSubnets": [
- "10.0.10.0/24"
]
}, - "entitlementBasedRouting": false,
- "vpn": {
- "stateSharing": false,
- "snat": false,
- "tls": {
- "enabled": true
}, - "dtls": {
- "enabled": false
}, - "routeVia": {
- "ipv4": "10.0.0.2",
- "ipv6": "2001:db8:0:0:0:ff00:42:8329"
}, - "webProxyEnabled": true,
- "webProxyCertificateSubjectName": "string",
- "ipAccessLogIntervalSeconds": 120
}, - "nameResolution": {
- "useHostsFile": false,
- "dnsResolvers": [
- {
- "name": "DNS Resolver 1",
- "updateInterval": 60,
- "servers": [
- "10.0.0.2"
], - "searchDomains": [
- "company.com"
]
}
], - "awsResolvers": [
- {
- "name": "AWS Resolver 1",
- "updateInterval": 60,
- "vpcs": [
- "string"
], - "vpcAutoDiscovery": true,
- "regions": [
- "eu-west-2"
], - "useIAMRole": true,
- "accessKeyId": "string",
- "httpsProxy": "string",
- "resolveWithMasterCredentials": true,
- "assumedRoles": [
- {
- "accountId": "string",
- "roleName": "string",
- "externalId": "string",
- "regions": [
- "string"
]
}
]
}
], - "azureResolvers": [
- {
- "name": "string",
- "updateInterval": 60,
- "subscriptionId": "string",
- "tenantId": "string",
- "clientId": "string"
}
], - "esxResolvers": [
- {
- "name": "string",
- "updateInterval": 60,
- "hostname": "string",
- "username": "string"
}
], - "gcpResolvers": [
- {
- "name": "string",
- "updateInterval": 60,
- "projectFilter": "string",
- "instanceFilter": "string"
}
]
}
}
Delete a specific Site.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Site was deleted successfully.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
List all IP Pools visible to current user.
query | string Query string to filter the result list. It's used for various fields depending on the object type. |
range | string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.' |
orderBy | string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type. |
descending | string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type. |
filterBy | object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of IP Pools.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "query": "string",
- "range": "0-30/54",
- "orderBy": "name",
- "descending": true,
- "filterBy": [
- {
- "name": "name",
- "value": "AWS"
}
], - "data": [
- {
- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:33Z",
- "updated": "2020-07-17T09:48:33Z",
- "tags": [
- "developer",
- "api-created"
], - "ipVersion6": false,
- "ranges": [
- {
- "first": "10.0.0.1",
- "last": "10.0.0.254"
}
], - "leaseTimeDays": 30,
- "total": 254,
- "currentlyUsed": 16,
- "reserved": 32
}
]
}
Create a new IP Pool.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
IP Pool object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
ipVersion6 | boolean Default: false Whether the IP pool is for v4 or v6. |
ranges | Array of objects List of (non-conflicting) IP address ranges to allocate IPs in order. |
leaseTimeDays | integer Default: 30 Number of days Allocated IPs will be reserved for device&users before they are reclaimable by others. |
Created IP Pool.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The submitted resource conflicts with another.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "ipVersion6": false,
- "ranges": [
- {
- "cidr": "10.0.0.0/24",
- "first": "10.0.0.1",
- "last": "10.0.0.254"
}
], - "leaseTimeDays": 30
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:33Z",
- "updated": "2020-07-17T09:48:33Z",
- "tags": [
- "developer",
- "api-created"
], - "ipVersion6": false,
- "ranges": [
- {
- "first": "10.0.0.1",
- "last": "10.0.0.254"
}
], - "leaseTimeDays": 30,
- "total": 254,
- "currentlyUsed": 16,
- "reserved": 32
}
Get a specific IP Pool.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Single IP Pool.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:34Z",
- "updated": "2020-07-17T09:48:34Z",
- "tags": [
- "developer",
- "api-created"
], - "ipVersion6": false,
- "ranges": [
- {
- "first": "10.0.0.1",
- "last": "10.0.0.254"
}
], - "leaseTimeDays": 30,
- "total": 254,
- "currentlyUsed": 16,
- "reserved": 32
}
Update an existing IP Pool.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
IP Pool object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
ipVersion6 | boolean Default: false Whether the IP pool is for v4 or v6. |
ranges | Array of objects List of (non-conflicting) IP address ranges to allocate IPs in order. |
leaseTimeDays | integer Default: 30 Number of days Allocated IPs will be reserved for device&users before they are reclaimable by others. |
Updated IP Pool.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "ipVersion6": false,
- "ranges": [
- {
- "cidr": "10.0.0.0/24",
- "first": "10.0.0.1",
- "last": "10.0.0.254"
}
], - "leaseTimeDays": 30
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:34Z",
- "updated": "2020-07-17T09:48:34Z",
- "tags": [
- "developer",
- "api-created"
], - "ipVersion6": false,
- "ranges": [
- {
- "first": "10.0.0.1",
- "last": "10.0.0.254"
}
], - "leaseTimeDays": 30,
- "total": 254,
- "currentlyUsed": 16,
- "reserved": 32
}
Delete a specific IP Pool.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
IP Pool was deleted successfully.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
List all Allocated IPs by Distinguished Name.
distinguished-name required | string Example: CN=4c07bc6757ea42ddb702c2d6c45419fc,CN=user,OU=ldap Distinguished name of the user&devices which will be affected by the operation. Format: 'CN=<device ID>,CN=<username>,OU=<provider name>' |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of Allocated IPs.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "data": [
- {
- "poolId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "distinguishedName": "CN=4c07bc6757ea42ddb702c2d6c45419fc,CN=user,OU=ldap",
- "ipAddress": "10.0.0.52",
- "allocationTime": "2020-07-17T09:48:34Z",
- "expirationTime": "2020-07-17T09:48:34Z"
}
]
}
List all Allocated IPs in the system
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of Allocated IPs.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "data": [
- {
- "poolId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "distinguishedName": "CN=4c07bc6757ea42ddb702c2d6c45419fc,CN=user,OU=ldap",
- "ipAddress": "10.0.0.52",
- "allocationTime": "2020-07-17T09:48:34Z",
- "expirationTime": "2020-07-17T09:48:34Z"
}
]
}
List all Identity Providers visible to current user.
query | string Query string to filter the result list. It's used for various fields depending on the object type. |
range | string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.' |
orderBy | string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type. |
descending | string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type. |
filterBy | object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of Identity Providers.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "query": "string",
- "range": "0-30/54",
- "orderBy": "name",
- "descending": true,
- "filterBy": [
- {
- "name": "name",
- "value": "AWS"
}
], - "data": [
- {
- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:34Z",
- "updated": "2020-07-17T09:48:34Z",
- "tags": [
- "developer",
- "api-created"
], - "type": "LocalDatabase",
- "displayName": "Company Active Directory",
- "default": false,
- "clientProvider": false,
- "adminProvider": false,
- "onBoarding2FA": {
- "mfaProviderId": "string",
- "message": "Please use your multi factor authentication device to on-board.",
- "deviceLimitPerUser": 100
}, - "inactivityTimeoutMinutes": 0,
- "ipPoolV4": "string",
- "ipPoolV6": "string",
- "dnsServers": [
- "172.17.18.19",
- "192.100.111.31"
], - "dnsSearchDomains": [
- "internal.company.com"
], - "blockLocalDnsRequests": false,
- "claimMappings": [
- {
- "attributeName": "SAMAccountName",
- "claimName": "username",
- "list": false,
- "encrypt": false
}
], - "onDemandClaimMappings": [
- {
- "command": "fileSize",
- "claimName": "antivirusRunning",
- "parameters": {
- "name": "python3",
- "path": "/usr/bin/python3",
- "args": "--list"
}, - "platform": "desktop.windows.all"
}
]
}
]
}
Create a new Identity Provider.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Identity Provider object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
type required | string The type of the Identity Provider. LocalDatabase |
displayName | string Deprecated The name displayed to the user. "name" field is used for Distinguished Name generation. Deprecated as of 5.1 since the Client does not have the option to choose Identity Provider anymore. |
default | boolean Default: false Whether the provider will be chosen by default in the Client UI. If enabled, it will remove the default flag of the current default Identity Provider. |
clientProvider | boolean Deprecated Default: false Whether the provider will be listed in the Client UI or not. Deprecated as of 5.1 since the Client does not have the option to choose Identity Provider anymore. |
adminProvider | boolean Default: false Whether the provider will be listed in the Admin UI or not. |
onBoarding2FA | object On-boarding two-factor authentication settings. Leave it empty keep it disabled. |
onBoardingType | string Deprecated Enum: "Require2FA" "Disabled" "NoVerification" Client on-boarding type. Deprecated as of 5.0. Use onBoarding2FA object instead. |
onBoardingOtpProvider | string <uuid> Deprecated On-boarding MFA Provider ID if "onBoardingType" is Require2FA. Deprecated as of 5.0. Use onBoarding2FA object instead. |
onBoardingOtpMessage | string Deprecated On-boarding MFA message to be displayed on the Client UI if "onBoardingType" is Require2FA. Deprecated as of 5.0. Use onBoarding2FA object instead. |
inactivityTimeoutMinutes | integer Default: 0 (Desktop) clients will sign out automatically after the user has been inactive on the device for the configured duration. Set it to 0 to disable. |
ipPoolV4 | string <uuid> The IPv4 Pool ID the users in this Identity Provider are going to use to allocate IP addresses for the tunnels. |
ipPoolV6 | string <uuid> The IPv6 Pool ID the users in this Identity Provider are going to use to allocate IP addresses for the tunnels. |
dnsServers | Array of strings The dns servers to be assigned to the Clients of the users in this Identity Provider. |
dnsSearchDomains | Array of strings The dns search domains to be assigned to Clients of the users in this Identity Provider. |
blockLocalDnsRequests | boolean Default: false Whether the Windows Client will block local DNS requests or not. |
claimMappings | Array of objects The mapping of Identity Provider attributes to claims. |
onDemandClaimMappings | Array of objects The mapping of Identity Provider on demand attributes to claims. |
userLockoutThreshold | integer Default: 5 After how many failed authentication attempts will a local user be locked out from authenticating again for 1 minute. |
minPasswordLength | integer Default: 0 Minimum password length requirement for local users. |
Identity Provider object.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The submitted resource conflicts with another.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "type": "LocalDatabase",
- "displayName": "Company Active Directory",
- "default": false,
- "clientProvider": false,
- "adminProvider": false,
- "onBoarding2FA": {
- "mfaProviderId": "string",
- "message": "Please use your multi factor authentication device to on-board.",
- "deviceLimitPerUser": 100
}, - "onBoardingType": "Require2FA",
- "onBoardingOtpProvider": "string",
- "onBoardingOtpMessage": "string",
- "inactivityTimeoutMinutes": 0,
- "ipPoolV4": "string",
- "ipPoolV6": "string",
- "dnsServers": [
- "172.17.18.19",
- "192.100.111.31"
], - "dnsSearchDomains": [
- "internal.company.com"
], - "blockLocalDnsRequests": false,
- "claimMappings": [
- {
- "attributeName": "SAMAccountName",
- "claimName": "username",
- "list": false,
- "encrypt": false
}
], - "onDemandClaimMappings": [
- {
- "command": "fileSize",
- "claimName": "antivirusRunning",
- "parameters": {
- "name": "python3",
- "path": "/usr/bin/python3",
- "args": "--list"
}, - "platform": "desktop.windows.all"
}
], - "userLockoutThreshold": 5,
- "minPasswordLength": 0
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:34Z",
- "updated": "2020-07-17T09:48:34Z",
- "tags": [
- "developer",
- "api-created"
], - "type": "LocalDatabase",
- "displayName": "Company Active Directory",
- "default": false,
- "clientProvider": false,
- "adminProvider": false,
- "onBoarding2FA": {
- "mfaProviderId": "string",
- "message": "Please use your multi factor authentication device to on-board.",
- "deviceLimitPerUser": 100
}, - "inactivityTimeoutMinutes": 0,
- "ipPoolV4": "string",
- "ipPoolV6": "string",
- "dnsServers": [
- "172.17.18.19",
- "192.100.111.31"
], - "dnsSearchDomains": [
- "internal.company.com"
], - "blockLocalDnsRequests": false,
- "claimMappings": [
- {
- "attributeName": "SAMAccountName",
- "claimName": "username",
- "list": false,
- "encrypt": false
}
], - "onDemandClaimMappings": [
- {
- "command": "fileSize",
- "claimName": "antivirusRunning",
- "parameters": {
- "name": "python3",
- "path": "/usr/bin/python3",
- "args": "--list"
}, - "platform": "desktop.windows.all"
}
], - "userLockoutThreshold": 5,
- "minPasswordLength": 0
}
Get a specific Identity Provider.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Identity Provider object.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:34Z",
- "updated": "2020-07-17T09:48:34Z",
- "tags": [
- "developer",
- "api-created"
], - "type": "LocalDatabase",
- "displayName": "Company Active Directory",
- "default": false,
- "clientProvider": false,
- "adminProvider": false,
- "onBoarding2FA": {
- "mfaProviderId": "string",
- "message": "Please use your multi factor authentication device to on-board.",
- "deviceLimitPerUser": 100
}, - "inactivityTimeoutMinutes": 0,
- "ipPoolV4": "string",
- "ipPoolV6": "string",
- "dnsServers": [
- "172.17.18.19",
- "192.100.111.31"
], - "dnsSearchDomains": [
- "internal.company.com"
], - "blockLocalDnsRequests": false,
- "claimMappings": [
- {
- "attributeName": "SAMAccountName",
- "claimName": "username",
- "list": false,
- "encrypt": false
}
], - "onDemandClaimMappings": [
- {
- "command": "fileSize",
- "claimName": "antivirusRunning",
- "parameters": {
- "name": "python3",
- "path": "/usr/bin/python3",
- "args": "--list"
}, - "platform": "desktop.windows.all"
}
], - "userLockoutThreshold": 5,
- "minPasswordLength": 0
}
Update an existing Identity Provider.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Identity Provider object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
type required | string The type of the Identity Provider. LocalDatabase |
displayName | string Deprecated The name displayed to the user. "name" field is used for Distinguished Name generation. Deprecated as of 5.1 since the Client does not have the option to choose Identity Provider anymore. |
default | boolean Default: false Whether the provider will be chosen by default in the Client UI. If enabled, it will remove the default flag of the current default Identity Provider. |
clientProvider | boolean Deprecated Default: false Whether the provider will be listed in the Client UI or not. Deprecated as of 5.1 since the Client does not have the option to choose Identity Provider anymore. |
adminProvider | boolean Default: false Whether the provider will be listed in the Admin UI or not. |
onBoarding2FA | object On-boarding two-factor authentication settings. Leave it empty keep it disabled. |
onBoardingType | string Deprecated Enum: "Require2FA" "Disabled" "NoVerification" Client on-boarding type. Deprecated as of 5.0. Use onBoarding2FA object instead. |
onBoardingOtpProvider | string <uuid> Deprecated On-boarding MFA Provider ID if "onBoardingType" is Require2FA. Deprecated as of 5.0. Use onBoarding2FA object instead. |
onBoardingOtpMessage | string Deprecated On-boarding MFA message to be displayed on the Client UI if "onBoardingType" is Require2FA. Deprecated as of 5.0. Use onBoarding2FA object instead. |
inactivityTimeoutMinutes | integer Default: 0 (Desktop) clients will sign out automatically after the user has been inactive on the device for the configured duration. Set it to 0 to disable. |
ipPoolV4 | string <uuid> The IPv4 Pool ID the users in this Identity Provider are going to use to allocate IP addresses for the tunnels. |
ipPoolV6 | string <uuid> The IPv6 Pool ID the users in this Identity Provider are going to use to allocate IP addresses for the tunnels. |
dnsServers | Array of strings The dns servers to be assigned to the Clients of the users in this Identity Provider. |
dnsSearchDomains | Array of strings The dns search domains to be assigned to Clients of the users in this Identity Provider. |
blockLocalDnsRequests | boolean Default: false Whether the Windows Client will block local DNS requests or not. |
claimMappings | Array of objects The mapping of Identity Provider attributes to claims. |
onDemandClaimMappings | Array of objects The mapping of Identity Provider on demand attributes to claims. |
userLockoutThreshold | integer Default: 5 After how many failed authentication attempts will a local user be locked out from authenticating again for 1 minute. |
minPasswordLength | integer Default: 0 Minimum password length requirement for local users. |
Identity Provider object.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "type": "LocalDatabase",
- "displayName": "Company Active Directory",
- "default": false,
- "clientProvider": false,
- "adminProvider": false,
- "onBoarding2FA": {
- "mfaProviderId": "string",
- "message": "Please use your multi factor authentication device to on-board.",
- "deviceLimitPerUser": 100
}, - "onBoardingType": "Require2FA",
- "onBoardingOtpProvider": "string",
- "onBoardingOtpMessage": "string",
- "inactivityTimeoutMinutes": 0,
- "ipPoolV4": "string",
- "ipPoolV6": "string",
- "dnsServers": [
- "172.17.18.19",
- "192.100.111.31"
], - "dnsSearchDomains": [
- "internal.company.com"
], - "blockLocalDnsRequests": false,
- "claimMappings": [
- {
- "attributeName": "SAMAccountName",
- "claimName": "username",
- "list": false,
- "encrypt": false
}
], - "onDemandClaimMappings": [
- {
- "command": "fileSize",
- "claimName": "antivirusRunning",
- "parameters": {
- "name": "python3",
- "path": "/usr/bin/python3",
- "args": "--list"
}, - "platform": "desktop.windows.all"
}
], - "userLockoutThreshold": 5,
- "minPasswordLength": 0
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:34Z",
- "updated": "2020-07-17T09:48:34Z",
- "tags": [
- "developer",
- "api-created"
], - "type": "LocalDatabase",
- "displayName": "Company Active Directory",
- "default": false,
- "clientProvider": false,
- "adminProvider": false,
- "onBoarding2FA": {
- "mfaProviderId": "string",
- "message": "Please use your multi factor authentication device to on-board.",
- "deviceLimitPerUser": 100
}, - "inactivityTimeoutMinutes": 0,
- "ipPoolV4": "string",
- "ipPoolV6": "string",
- "dnsServers": [
- "172.17.18.19",
- "192.100.111.31"
], - "dnsSearchDomains": [
- "internal.company.com"
], - "blockLocalDnsRequests": false,
- "claimMappings": [
- {
- "attributeName": "SAMAccountName",
- "claimName": "username",
- "list": false,
- "encrypt": false
}
], - "onDemandClaimMappings": [
- {
- "command": "fileSize",
- "claimName": "antivirusRunning",
- "parameters": {
- "name": "python3",
- "path": "/usr/bin/python3",
- "args": "--list"
}, - "platform": "desktop.windows.all"
}
], - "userLockoutThreshold": 5,
- "minPasswordLength": 0
}
Delete a specific Identity Provider.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Identity Provider was deleted successfully.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
Test connection for the given Identity Provider JSON.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Identity Provider object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
type required | string The type of the Identity Provider. LocalDatabase |
displayName | string Deprecated The name displayed to the user. "name" field is used for Distinguished Name generation. Deprecated as of 5.1 since the Client does not have the option to choose Identity Provider anymore. |
default | boolean Default: false Whether the provider will be chosen by default in the Client UI. If enabled, it will remove the default flag of the current default Identity Provider. |
clientProvider | boolean Deprecated Default: false Whether the provider will be listed in the Client UI or not. Deprecated as of 5.1 since the Client does not have the option to choose Identity Provider anymore. |
adminProvider | boolean Default: false Whether the provider will be listed in the Admin UI or not. |
onBoarding2FA | object On-boarding two-factor authentication settings. Leave it empty keep it disabled. |
onBoardingType | string Deprecated Enum: "Require2FA" "Disabled" "NoVerification" Client on-boarding type. Deprecated as of 5.0. Use onBoarding2FA object instead. |
onBoardingOtpProvider | string <uuid> Deprecated On-boarding MFA Provider ID if "onBoardingType" is Require2FA. Deprecated as of 5.0. Use onBoarding2FA object instead. |
onBoardingOtpMessage | string Deprecated On-boarding MFA message to be displayed on the Client UI if "onBoardingType" is Require2FA. Deprecated as of 5.0. Use onBoarding2FA object instead. |
inactivityTimeoutMinutes | integer Default: 0 (Desktop) clients will sign out automatically after the user has been inactive on the device for the configured duration. Set it to 0 to disable. |
ipPoolV4 | string <uuid> The IPv4 Pool ID the users in this Identity Provider are going to use to allocate IP addresses for the tunnels. |
ipPoolV6 | string <uuid> The IPv6 Pool ID the users in this Identity Provider are going to use to allocate IP addresses for the tunnels. |
dnsServers | Array of strings The dns servers to be assigned to the Clients of the users in this Identity Provider. |
dnsSearchDomains | Array of strings The dns search domains to be assigned to Clients of the users in this Identity Provider. |
blockLocalDnsRequests | boolean Default: false Whether the Windows Client will block local DNS requests or not. |
claimMappings | Array of objects The mapping of Identity Provider attributes to claims. |
onDemandClaimMappings | Array of objects The mapping of Identity Provider on demand attributes to claims. |
userLockoutThreshold | integer Default: 5 After how many failed authentication attempts will a local user be locked out from authenticating again for 1 minute. |
minPasswordLength | integer Default: 0 Minimum password length requirement for local users. |
Test result.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
Request validation error. Check "errors" array for details.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "type": "LocalDatabase",
- "displayName": "Company Active Directory",
- "default": false,
- "clientProvider": false,
- "adminProvider": false,
- "onBoarding2FA": {
- "mfaProviderId": "string",
- "message": "Please use your multi factor authentication device to on-board.",
- "deviceLimitPerUser": 100
}, - "onBoardingType": "Require2FA",
- "onBoardingOtpProvider": "string",
- "onBoardingOtpMessage": "string",
- "inactivityTimeoutMinutes": 0,
- "ipPoolV4": "string",
- "ipPoolV6": "string",
- "dnsServers": [
- "172.17.18.19",
- "192.100.111.31"
], - "dnsSearchDomains": [
- "internal.company.com"
], - "blockLocalDnsRequests": false,
- "claimMappings": [
- {
- "attributeName": "SAMAccountName",
- "claimName": "username",
- "list": false,
- "encrypt": false
}
], - "onDemandClaimMappings": [
- {
- "command": "fileSize",
- "claimName": "antivirusRunning",
- "parameters": {
- "name": "python3",
- "path": "/usr/bin/python3",
- "args": "--list"
}, - "platform": "desktop.windows.all"
}
], - "userLockoutThreshold": 5,
- "minPasswordLength": 0
}
{- "success": false,
- "error": "Connection timed out."
}
Get raw attributes and mapped claims for a user.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
User details to get attributes for.
username | string Required for Ldap, Radius and LocalDatabase providers. |
password | string Required for Radius provider. |
samlResponse | string A sample SAML token to extract attributes from. Required for SAML provider. |
User attributes.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "username": "username",
- "password": "tSW3!QBv(rj{UuLY",
- "samlResponse": "string"
}
{- "rawAttributes": {
- "samAccountName": [
- "username"
], - "upn": [
- "username@company.com"
]
}, - "mappedAttributes": {
- "username": "username"
}
}
List all Local Users visible to current user.
query | string Query string to filter the result list. It's used for various fields depending on the object type. |
range | string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.' |
orderBy | string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type. |
descending | string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type. |
filterBy | object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of Local Users.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "query": "string",
- "range": "0-30/54",
- "orderBy": "name",
- "descending": true,
- "filterBy": [
- {
- "name": "name",
- "value": "AWS"
}
], - "data": [
- {
- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:34Z",
- "updated": "2020-07-17T09:48:34Z",
- "tags": [
- "developer",
- "api-created"
], - "firstName": "Bobby",
- "lastName": "Tables",
- "email": "bobby@tables.com",
- "phone": "+1-202-555-0172",
- "failedLoginAttempts": 0,
- "lockStart": "2020-07-17T09:48:34Z"
}
]
}
Create a new Local User.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Local User object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
firstName required | string First name of the user. May be used as claim. |
lastName required | string Last name of the user. May be used as claim. |
password required | string Password for the user. Omit the field to keep the old password when updating a user. |
string E-mail address for the user. May be used as claim. | |
phone | string Phone number for the user. May be used as claim. |
failedLoginAttempts | number Number of wrong password login attempts since last successiful login. |
lockStart | string <date-time> The date time when the user got locked out. A local user is locked out of the system after 5 consecutive failed login attempts. The lock is in effect for 1 minute. When the user logs in successfully, this field becomes null. |
Created Local User.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The submitted resource conflicts with another.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "firstName": "Bobby",
- "lastName": "Tables",
- "password": "tSW3!QBv(rj{UuLY",
- "email": "bobby@tables.com",
- "phone": "+1-202-555-0172",
- "failedLoginAttempts": 0,
- "lockStart": "2020-07-17T09:48:34Z"
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:34Z",
- "updated": "2020-07-17T09:48:34Z",
- "tags": [
- "developer",
- "api-created"
], - "firstName": "Bobby",
- "lastName": "Tables",
- "email": "bobby@tables.com",
- "phone": "+1-202-555-0172",
- "failedLoginAttempts": 0,
- "lockStart": "2020-07-17T09:48:34Z"
}
Get a specific Local User.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Single Local User.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:34Z",
- "updated": "2020-07-17T09:48:34Z",
- "tags": [
- "developer",
- "api-created"
], - "firstName": "Bobby",
- "lastName": "Tables",
- "email": "bobby@tables.com",
- "phone": "+1-202-555-0172",
- "failedLoginAttempts": 0,
- "lockStart": "2020-07-17T09:48:34Z"
}
Update an existing Local User.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Local User object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
firstName required | string First name of the user. May be used as claim. |
lastName required | string Last name of the user. May be used as claim. |
password required | string Password for the user. Omit the field to keep the old password when updating a user. |
string E-mail address for the user. May be used as claim. | |
phone | string Phone number for the user. May be used as claim. |
failedLoginAttempts | number Number of wrong password login attempts since last successiful login. |
lockStart | string <date-time> The date time when the user got locked out. A local user is locked out of the system after 5 consecutive failed login attempts. The lock is in effect for 1 minute. When the user logs in successfully, this field becomes null. |
Updated Local User.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "firstName": "Bobby",
- "lastName": "Tables",
- "password": "tSW3!QBv(rj{UuLY",
- "email": "bobby@tables.com",
- "phone": "+1-202-555-0172",
- "failedLoginAttempts": 0,
- "lockStart": "2020-07-17T09:48:34Z"
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:34Z",
- "updated": "2020-07-17T09:48:34Z",
- "tags": [
- "developer",
- "api-created"
], - "firstName": "Bobby",
- "lastName": "Tables",
- "email": "bobby@tables.com",
- "phone": "+1-202-555-0172",
- "failedLoginAttempts": 0,
- "lockStart": "2020-07-17T09:48:34Z"
}
Delete a specific Local User.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Local User was deleted successfully.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
List all Administrative Roles visible to current user.
query | string Query string to filter the result list. It's used for various fields depending on the object type. |
range | string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.' |
orderBy | string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type. |
descending | string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type. |
filterBy | object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of Administrative Roles.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "query": "string",
- "range": "0-30/54",
- "orderBy": "name",
- "descending": true,
- "filterBy": [
- {
- "name": "name",
- "value": "AWS"
}
], - "data": [
- {
- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:34Z",
- "updated": "2020-07-17T09:48:34Z",
- "tags": [
- "developer",
- "api-created"
], - "privileges": [
- {
- "type": "All",
- "target": "All",
- "scope": {
- "all": true,
- "ids": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "tags": [
- "tag"
]
}, - "defaultTags": [
- "api-created"
]
}
]
}
]
}
Create a new Administrative Role.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Administrative Role object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
privileges required | Array of objects Administrative privilege list. |
Created Administrative Role.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The submitted resource conflicts with another.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "privileges": [
- {
- "type": "All",
- "target": "All",
- "scope": {
- "all": true,
- "ids": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "tags": [
- "tag"
]
}, - "defaultTags": [
- "api-created"
]
}
]
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:34Z",
- "updated": "2020-07-17T09:48:34Z",
- "tags": [
- "developer",
- "api-created"
], - "privileges": [
- {
- "type": "All",
- "target": "All",
- "scope": {
- "all": true,
- "ids": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "tags": [
- "tag"
]
}, - "defaultTags": [
- "api-created"
]
}
]
}
Get a specific Administrative Role.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Single Administrative Role.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:34Z",
- "updated": "2020-07-17T09:48:34Z",
- "tags": [
- "developer",
- "api-created"
], - "privileges": [
- {
- "type": "All",
- "target": "All",
- "scope": {
- "all": true,
- "ids": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "tags": [
- "tag"
]
}, - "defaultTags": [
- "api-created"
]
}
]
}
Update an existing Administrative Role.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Administrative Role object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
privileges required | Array of objects Administrative privilege list. |
Updated Administrative Role.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "privileges": [
- {
- "type": "All",
- "target": "All",
- "scope": {
- "all": true,
- "ids": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "tags": [
- "tag"
]
}, - "defaultTags": [
- "api-created"
]
}
]
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:34Z",
- "updated": "2020-07-17T09:48:34Z",
- "tags": [
- "developer",
- "api-created"
], - "privileges": [
- {
- "type": "All",
- "target": "All",
- "scope": {
- "all": true,
- "ids": [
- "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
], - "tags": [
- "tag"
]
}, - "defaultTags": [
- "api-created"
]
}
]
}
Delete a specific Administrative Role.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Administrative Role were deleted successfully.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
The type target map summarizes what kind of Privileges one can create.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Type Target map.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "actionMatrixMap": { }
}
List all MFA Providers visible to current user.
query | string Query string to filter the result list. It's used for various fields depending on the object type. |
range | string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.' |
orderBy | string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type. |
descending | string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type. |
filterBy | object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of MFA Providers.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "query": "string",
- "range": "0-30/54",
- "orderBy": "name",
- "descending": true,
- "filterBy": [
- {
- "name": "name",
- "value": "AWS"
}
], - "data": [
- {
- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:34Z",
- "updated": "2020-07-17T09:48:34Z",
- "tags": [
- "developer",
- "api-created"
], - "type": "Radius",
- "hostnames": [
- "mfa.company.com"
], - "port": 1812,
- "authenticationProtocol": "CHAP",
- "timeout": 6,
- "mode": "Challenge",
- "useUserPassword": true
}
]
}
Create a new MFA Provider.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
MFA Provider object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
type required | string Enum: "Radius" "DefaultTimeBased" The type of the MFA Provider. "DefaultTimeBased" is built-in, a new one cannot be created. |
hostnames required | Array of strings Hostnames/IP addresses to connect. |
port required | number Port to connect. |
sharedSecret | string Radius shared secret to authenticate to the server. |
authenticationProtocol | string Default: "CHAP" Enum: "PAP" "CHAP" Radius protocol to use while authenticating users. |
timeout | number Default: 6 Timeout in seconds before giving up on response. |
mode | string Default: "Challenge" Enum: "OneFactor" "Challenge" "Push" Defines the multi-factor authentication flow for RADIUS.
|
useUserPassword | boolean -> If enabled, the Client will send the cached password instead of using challengeSharedSecret" to initiate the multi-factor authentication. |
challengeSharedSecret | string -> Password sent to RADIUS to initiate multi-factor authentication. Required if "useUserPassword" is not enabled. |
MFA Provider object.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The submitted resource conflicts with another.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "type": "Radius",
- "hostnames": [
- "mfa.company.com"
], - "port": 1812,
- "sharedSecret": "string",
- "authenticationProtocol": "CHAP",
- "timeout": 6,
- "mode": "Challenge",
- "useUserPassword": true,
- "challengeSharedSecret": "string"
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:34Z",
- "updated": "2020-07-17T09:48:34Z",
- "tags": [
- "developer",
- "api-created"
], - "type": "Radius",
- "hostnames": [
- "mfa.company.com"
], - "port": 1812,
- "authenticationProtocol": "CHAP",
- "timeout": 6,
- "mode": "Challenge",
- "useUserPassword": true
}
Get a specific MFA Provider.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
MFA Provider object.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:34Z",
- "updated": "2020-07-17T09:48:34Z",
- "tags": [
- "developer",
- "api-created"
], - "type": "Radius",
- "hostnames": [
- "mfa.company.com"
], - "port": 1812,
- "authenticationProtocol": "CHAP",
- "timeout": 6,
- "mode": "Challenge",
- "useUserPassword": true
}
Update an existing MFA Provider.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
MFA Provider object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
type required | string Enum: "Radius" "DefaultTimeBased" The type of the MFA Provider. "DefaultTimeBased" is built-in, a new one cannot be created. |
hostnames required | Array of strings Hostnames/IP addresses to connect. |
port required | number Port to connect. |
sharedSecret | string Radius shared secret to authenticate to the server. |
authenticationProtocol | string Default: "CHAP" Enum: "PAP" "CHAP" Radius protocol to use while authenticating users. |
timeout | number Default: 6 Timeout in seconds before giving up on response. |
mode | string Default: "Challenge" Enum: "OneFactor" "Challenge" "Push" Defines the multi-factor authentication flow for RADIUS.
|
useUserPassword | boolean -> If enabled, the Client will send the cached password instead of using challengeSharedSecret" to initiate the multi-factor authentication. |
challengeSharedSecret | string -> Password sent to RADIUS to initiate multi-factor authentication. Required if "useUserPassword" is not enabled. |
MFA Provider object.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "type": "Radius",
- "hostnames": [
- "mfa.company.com"
], - "port": 1812,
- "sharedSecret": "string",
- "authenticationProtocol": "CHAP",
- "timeout": 6,
- "mode": "Challenge",
- "useUserPassword": true,
- "challengeSharedSecret": "string"
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:34Z",
- "updated": "2020-07-17T09:48:34Z",
- "tags": [
- "developer",
- "api-created"
], - "type": "Radius",
- "hostnames": [
- "mfa.company.com"
], - "port": 1812,
- "authenticationProtocol": "CHAP",
- "timeout": 6,
- "mode": "Challenge",
- "useUserPassword": true
}
Delete a specific MFA Provider.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
MFA Provider was deleted successfully.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
Test connection for the given MFA Provider JSON.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
MFA Provider object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
type required | string Enum: "Radius" "DefaultTimeBased" The type of the MFA Provider. "DefaultTimeBased" is built-in, a new one cannot be created. |
hostnames required | Array of strings Hostnames/IP addresses to connect. |
port required | number Port to connect. |
sharedSecret | string Radius shared secret to authenticate to the server. |
authenticationProtocol | string Default: "CHAP" Enum: "PAP" "CHAP" Radius protocol to use while authenticating users. |
timeout | number Default: 6 Timeout in seconds before giving up on response. |
mode | string Default: "Challenge" Enum: "OneFactor" "Challenge" "Push" Defines the multi-factor authentication flow for RADIUS.
|
useUserPassword | boolean -> If enabled, the Client will send the cached password instead of using challengeSharedSecret" to initiate the multi-factor authentication. |
challengeSharedSecret | string -> Password sent to RADIUS to initiate multi-factor authentication. Required if "useUserPassword" is not enabled. |
Test result.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
Request validation error. Check "errors" array for details.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "type": "Radius",
- "hostnames": [
- "mfa.company.com"
], - "port": 1812,
- "sharedSecret": "string",
- "authenticationProtocol": "CHAP",
- "timeout": 6,
- "mode": "Challenge",
- "useUserPassword": true,
- "challengeSharedSecret": "string"
}
{- "success": false,
- "error": "Connection timed out."
}
List all Default Time-Based OTP Provider Seeds.
query | string Query string to filter the result list. It's used for various fields depending on the object type. |
range | string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.' |
orderBy | string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type. |
descending | string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type. |
filterBy | object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of Default Time-Based OTP Provider Seeds.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "query": "string",
- "range": "0-30/54",
- "orderBy": "name",
- "descending": true,
- "filterBy": [
- {
- "name": "name",
- "value": "AWS"
}
], - "data": [
- {
- "userDistinguishedName": "CN=user,OU=ldap",
- "username": "user",
- "providerName": "ldap",
- "verified": true
}
]
}
Delete a Default Time-Based OTP Provider Seed for the given Distinguished Name.
distinguished-name required | string Example: CN=user,OU=ldap 'Distinguished name of the user whose Default Time-Based OTP Provider Seed to be deleted. Format: "CN=,OU="' |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Default Time-Based OTP Provider Seed was removed successfully.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
List all registered FIDO2 Devices.
query | string Query string to filter the result list. It's used for various fields depending on the object type. |
range | string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.' |
orderBy | string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type. |
descending | string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type. |
filterBy | object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of FIDO2 Devices.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "query": "string",
- "range": "0-30/54",
- "orderBy": "name",
- "descending": true,
- "filterBy": [
- {
- "name": "name",
- "value": "AWS"
}
], - "data": [
- {
- "userDistinguishedName": "CN=user,OU=ldap",
- "username": "user",
- "providerName": "ldap",
- "deviceId": "1.3.6.1.4.1.41482.1.2",
- "deviceName": "YubiKey NEO/NEO-n"
}
]
}
Delete a registered FIDO2 Device for the given Distinguished Name.
distinguished-name required | string Example: CN=user,OU=ldap 'Distinguished name of the user whose registered FIDO2 Device to be deleted. Format: "CN=,OU="' |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
registered FIDO2 Device was removed successfully.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
View Admin MFA settings.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Admin MFA settings.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "providerId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "exemptedUsers": [
- "CN=user,OU=provider"
]
}
Reset Admin MFA settings to disabled.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Admin MFA settings were reset successfully.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
Update Admin MFA settings.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Admin MFA settings.
providerId | string <uuid> The MFA provider ID to use during Multi-Factor Authentication. If null, Admin MFA is disabled. |
exemptedUsers | Array of strings List of users to be excluded from MFA during admin login. |
Admin MFA settings were updated successfully.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "providerId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "exemptedUsers": [
- "CN=user,OU=provider"
]
}
{- "id": "string",
- "message": "string"
}
List all Trusted Certificates visible to current user.
query | string Query string to filter the result list. It's used for various fields depending on the object type. |
range | string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.' |
orderBy | string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type. |
descending | string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type. |
filterBy | object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of Trusted Certificates.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "query": "string",
- "range": "0-30/54",
- "orderBy": "name",
- "descending": true,
- "filterBy": [
- {
- "name": "name",
- "value": "AWS"
}
], - "data": [
- {
- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:34Z",
- "updated": "2020-07-17T09:48:34Z",
- "tags": [
- "developer",
- "api-created"
], - "pem": "-----BEGIN CERTIFICATE-----\n....\n-----END CERTIFICATE-----",
- "details": {
- "version": 3,
- "serial": 1542962969512,
- "issuer": "CN=AppGate SDP CA",
- "subject": "CN=AppGate SDP CA",
- "validFrom": "2020-07-17T09:48:34Z",
- "validTo": "2020-07-17T09:48:34Z",
- "fingerprint": "d30247cee99a056c5ecdc409549165886d02925f9c64b681dff3d2ecf653355f",
- "certificate": "string",
- "subjectPublicKey": "string"
}
}
]
}
Create a new Trusted Certificate.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Trusted Certificate object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
pem required | string A certificate in PEM format. |
Created Trusted Certificate.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The submitted resource conflicts with another.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "pem": "-----BEGIN CERTIFICATE-----\n....\n-----END CERTIFICATE-----"
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:34Z",
- "updated": "2020-07-17T09:48:34Z",
- "tags": [
- "developer",
- "api-created"
], - "pem": "-----BEGIN CERTIFICATE-----\n....\n-----END CERTIFICATE-----",
- "details": {
- "version": 3,
- "serial": 1542962969512,
- "issuer": "CN=AppGate SDP CA",
- "subject": "CN=AppGate SDP CA",
- "validFrom": "2020-07-17T09:48:34Z",
- "validTo": "2020-07-17T09:48:34Z",
- "fingerprint": "d30247cee99a056c5ecdc409549165886d02925f9c64b681dff3d2ecf653355f",
- "certificate": "string",
- "subjectPublicKey": "string"
}
}
Get a specific Trusted Certificate.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Single Trusted Certificate.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:34Z",
- "updated": "2020-07-17T09:48:34Z",
- "tags": [
- "developer",
- "api-created"
], - "pem": "-----BEGIN CERTIFICATE-----\n....\n-----END CERTIFICATE-----",
- "details": {
- "version": 3,
- "serial": 1542962969512,
- "issuer": "CN=AppGate SDP CA",
- "subject": "CN=AppGate SDP CA",
- "validFrom": "2020-07-17T09:48:34Z",
- "validTo": "2020-07-17T09:48:34Z",
- "fingerprint": "d30247cee99a056c5ecdc409549165886d02925f9c64b681dff3d2ecf653355f",
- "certificate": "string",
- "subjectPublicKey": "string"
}
}
Update an existing Trusted Certificate.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Trusted Certificate object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
pem required | string A certificate in PEM format. |
Updated Trusted Certificate.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "pem": "-----BEGIN CERTIFICATE-----\n....\n-----END CERTIFICATE-----"
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:34Z",
- "updated": "2020-07-17T09:48:34Z",
- "tags": [
- "developer",
- "api-created"
], - "pem": "-----BEGIN CERTIFICATE-----\n....\n-----END CERTIFICATE-----",
- "details": {
- "version": 3,
- "serial": 1542962969512,
- "issuer": "CN=AppGate SDP CA",
- "subject": "CN=AppGate SDP CA",
- "validFrom": "2020-07-17T09:48:34Z",
- "validTo": "2020-07-17T09:48:34Z",
- "fingerprint": "d30247cee99a056c5ecdc409549165886d02925f9c64b681dff3d2ecf653355f",
- "certificate": "string",
- "subjectPublicKey": "string"
}
}
Delete a specific Trusted Certificate.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Trusted Certificate was deleted successfully.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
List all Criteria Scripts visible to current user.
query | string Query string to filter the result list. It's used for various fields depending on the object type. |
range | string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.' |
orderBy | string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type. |
descending | string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type. |
filterBy | object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of Criteria Scripts.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "query": "string",
- "range": "0-30/54",
- "orderBy": "name",
- "descending": true,
- "filterBy": [
- {
- "name": "name",
- "value": "AWS"
}
], - "data": [
- {
- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:34Z",
- "updated": "2020-07-17T09:48:34Z",
- "tags": [
- "developer",
- "api-created"
], - "expression": "return claims.user.username === 'admin';"
}
]
}
Create a new Criteria Script.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Criteria Script object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
expression required | string A JavaScript expression that returns boolean. |
Created Criteria Script.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The submitted resource conflicts with another.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "expression": "return claims.user.username === 'admin';"
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:34Z",
- "updated": "2020-07-17T09:48:34Z",
- "tags": [
- "developer",
- "api-created"
], - "expression": "return claims.user.username === 'admin';"
}
Get a specific Criteria Script.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Single Criteria Script.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:34Z",
- "updated": "2020-07-17T09:48:34Z",
- "tags": [
- "developer",
- "api-created"
], - "expression": "return claims.user.username === 'admin';"
}
Update an existing Criteria Script.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Criteria Script object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
expression required | string A JavaScript expression that returns boolean. |
Updated Criteria Script.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "expression": "return claims.user.username === 'admin';"
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:35Z",
- "updated": "2020-07-17T09:48:35Z",
- "tags": [
- "developer",
- "api-created"
], - "expression": "return claims.user.username === 'admin';"
}
Delete a specific Criteria Script.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Criteria Script was deleted successfully.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
List all Device Scripts visible to current user.
query | string Query string to filter the result list. It's used for various fields depending on the object type. |
range | string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.' |
orderBy | string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type. |
descending | string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type. |
filterBy | object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of Device Scripts.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "query": "string",
- "range": "0-30/54",
- "orderBy": "name",
- "descending": true,
- "filterBy": [
- {
- "name": "name",
- "value": "AWS"
}
], - "data": [
- {
- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:35Z",
- "updated": "2020-07-17T09:48:35Z",
- "tags": [
- "developer",
- "api-created"
], - "filename": "test.sh",
- "checksum": "9a913c1e1eccf35e6e78542b2152f7a7",
- "checksumSha256": "ee9040f65c341855e070ff438eb0ea9d5b831b2a2c270fb7ef592d750408e3b3"
}
]
}
Create a new Device Script.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Device Script object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
filename required | string The name of the file to be downloaded as to the client devices. |
file | string <byte> The Device Script binary in Base64 format. |
Created Device Script.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The submitted resource conflicts with another.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "filename": "test.sh",
- "file": "string"
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:35Z",
- "updated": "2020-07-17T09:48:35Z",
- "tags": [
- "developer",
- "api-created"
], - "filename": "test.sh",
- "checksum": "9a913c1e1eccf35e6e78542b2152f7a7",
- "checksumSha256": "ee9040f65c341855e070ff438eb0ea9d5b831b2a2c270fb7ef592d750408e3b3"
}
Get a specific Device Script.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Single Device Script.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:35Z",
- "updated": "2020-07-17T09:48:35Z",
- "tags": [
- "developer",
- "api-created"
], - "filename": "test.sh",
- "checksum": "9a913c1e1eccf35e6e78542b2152f7a7",
- "checksumSha256": "ee9040f65c341855e070ff438eb0ea9d5b831b2a2c270fb7ef592d750408e3b3"
}
Update an existing Device Script.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Device Script object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
filename required | string The name of the file to be downloaded as to the client devices. |
file | string <byte> The Device Script binary in Base64 format. |
Updated Device Script.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "filename": "test.sh",
- "file": "string"
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:35Z",
- "updated": "2020-07-17T09:48:35Z",
- "tags": [
- "developer",
- "api-created"
], - "filename": "test.sh",
- "checksum": "9a913c1e1eccf35e6e78542b2152f7a7",
- "checksumSha256": "ee9040f65c341855e070ff438eb0ea9d5b831b2a2c270fb7ef592d750408e3b3"
}
Delete a specific Device Script.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Device Script was deleted successfully.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
Download the raw script.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Device Script including the binary.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "name": "AntivirusCheck",
- "filename": "av_check.exe",
- "file": "string"
}
List all Entitlement Scripts visible to current user.
query | string Query string to filter the result list. It's used for various fields depending on the object type. |
range | string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.' |
orderBy | string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type. |
descending | string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type. |
filterBy | object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of Entitlement Scripts.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "query": "string",
- "range": "0-30/54",
- "orderBy": "name",
- "descending": true,
- "filterBy": [
- {
- "name": "name",
- "value": "AWS"
}
], - "data": [
- {
- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:35Z",
- "updated": "2020-07-17T09:48:35Z",
- "tags": [
- "developer",
- "api-created"
], - "type": "host",
- "expression": "var httpResponse = httpGet('https://ips.company.com/my-resource');\nvar data = JSON.parse(httpResponse.data);\nreturn data.ips;"
}
]
}
Create a new Entitlement Script.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Entitlement Script object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
type | string Default: "host" Enum: "host" "portOrType" "appShortcut" The type of the field to use the script for. |
expression required | string A JavaScript expression that returns a list of IPs and names. |
Created Entitlement Script.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The submitted resource conflicts with another.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "type": "host",
- "expression": "var httpResponse = httpGet('https://ips.company.com/my-resource');\nvar data = JSON.parse(httpResponse.data);\nreturn data.ips;"
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:35Z",
- "updated": "2020-07-17T09:48:35Z",
- "tags": [
- "developer",
- "api-created"
], - "type": "host",
- "expression": "var httpResponse = httpGet('https://ips.company.com/my-resource');\nvar data = JSON.parse(httpResponse.data);\nreturn data.ips;"
}
Get a specific Entitlement Script.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Single Entitlement Script object.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:35Z",
- "updated": "2020-07-17T09:48:35Z",
- "tags": [
- "developer",
- "api-created"
], - "type": "host",
- "expression": "var httpResponse = httpGet('https://ips.company.com/my-resource');\nvar data = JSON.parse(httpResponse.data);\nreturn data.ips;"
}
Update an existing Entitlement Script.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Entitlement Script object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
type | string Default: "host" Enum: "host" "portOrType" "appShortcut" The type of the field to use the script for. |
expression required | string A JavaScript expression that returns a list of IPs and names. |
Updated Entitlement Script.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "type": "host",
- "expression": "var httpResponse = httpGet('https://ips.company.com/my-resource');\nvar data = JSON.parse(httpResponse.data);\nreturn data.ips;"
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:35Z",
- "updated": "2020-07-17T09:48:35Z",
- "tags": [
- "developer",
- "api-created"
], - "type": "host",
- "expression": "var httpResponse = httpGet('https://ips.company.com/my-resource');\nvar data = JSON.parse(httpResponse.data);\nreturn data.ips;"
}
Delete a specific Entitlement Script.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Entitlement Script was deleted successfully.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
Simulate a given expression for an Entitlement Script.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
The evaluation details.
expression required | string The javascript expression to evaluate. |
userClaims | object |
deviceClaims | object |
systemClaims | object |
time | string <date-time> |
type required | string Enum: "host" "portOrType" "appShortcut" The type of the Entitlement Script. |
Evaluation result.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "expression": "return claims.user.username === 'admin';",
- "userClaims": {
- "username": "admin",
- "groups": [
- "CN=test,OU=unit,DC=company,DC=com",
- "CN=finance,OU=unit,DC=company,DC=com"
]
}, - "deviceClaims": {
- "os": {
- "name": "Microsoft Windows 10 Pro",
- "platform": "x64",
- "type": "desktop"
}, - "isUserAdmin": true,
- "language": "en-us"
}, - "systemClaims": {
- "connectTime": "2018-11-16T13:25:15.672Z",
- "tunIPv4": "15.0.0.24",
- "clientSrcIp": "192.168.111.184"
}, - "time": "2020-07-17T09:48:35Z",
- "type": "host"
}
{- "result": [
- "10.0.0.1"
], - "output": "Debug log",
- "error": "Expression does not return list. Received: Boolean"
}
List all Appliance Customizations visible to current user.
query | string Query string to filter the result list. It's used for various fields depending on the object type. |
range | string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.' |
orderBy | string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type. |
descending | string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type. |
filterBy | object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of Appliance Customizations.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "query": "string",
- "range": "0-30/54",
- "orderBy": "name",
- "descending": true,
- "filterBy": [
- {
- "name": "name",
- "value": "AWS"
}
], - "data": [
- {
- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:35Z",
- "updated": "2020-07-17T09:48:35Z",
- "tags": [
- "developer",
- "api-created"
], - "checksum": "a0041669f6f7031d32bc27305955327abe54aeb03670c4ae1b2a48e5d29e8e33",
- "size": 854325
}
]
}
Create a new Appliance Customization.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Appliance Customization object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
file | string <byte> The Appliance Customization binary in Base64 format. |
Created Appliance Customization.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The submitted resource conflicts with another.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "file": "string"
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:35Z",
- "updated": "2020-07-17T09:48:35Z",
- "tags": [
- "developer",
- "api-created"
], - "checksum": "a0041669f6f7031d32bc27305955327abe54aeb03670c4ae1b2a48e5d29e8e33",
- "size": 854325
}
Get a specific Appliance Customization.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Single Appliance Customization.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:35Z",
- "updated": "2020-07-17T09:48:35Z",
- "tags": [
- "developer",
- "api-created"
], - "checksum": "a0041669f6f7031d32bc27305955327abe54aeb03670c4ae1b2a48e5d29e8e33",
- "size": 854325
}
Update an existing Appliance Customization.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Appliance Customization object.
id required | string <uuid> ID of the object. |
name required | string Name of the object. |
notes | string Notes for the object. Used for documentation purposes. |
tags | Array of strings Array of tags. |
file | string <byte> The Appliance Customization binary in Base64 format. |
Updated Appliance Customization.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "tags": [
- "developer",
- "api-created"
], - "file": "string"
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "name": "object",
- "notes": "This object has been created for test purposes.",
- "created": "2020-07-17T09:48:35Z",
- "updated": "2020-07-17T09:48:35Z",
- "tags": [
- "developer",
- "api-created"
], - "checksum": "a0041669f6f7031d32bc27305955327abe54aeb03670c4ae1b2a48e5d29e8e33",
- "size": 854325
}
Delete a specific Appliance Customization.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Appliance Customization was deleted successfully.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
List all Distinguished Names active in the past 24 hour. Includes the users who has at least one token that has not expired past 24 hours. If a token was created 30 hours ago and it has 10 hours expiration time, it will be in this list.
query | string Query string to filter the result list. It's used for various fields depending on the object type. |
range | string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.' |
orderBy | string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type. |
descending | string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type. |
filterBy | object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of Distinguished Names.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "query": "string",
- "range": "0-30/54",
- "orderBy": "name",
- "descending": true,
- "filterBy": [
- {
- "name": "name",
- "value": "AWS"
}
], - "data": [
- {
- "distinguishedName": "CN=4c07bc6757ea42ddb702c2d6c45419fc,CN=user,OU=ldap",
- "deviceId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "username": "user",
- "providerName": "ldap",
- "lastTokenIssuedAt": "string",
- "hostname": "user.ad.company.com"
}
]
}
Revoke all Tokens belong to the user&devices ending with the given Distinguished Name substring.
distinguished-name required | string Example: CN=4c07bc6757ea42ddb702c2d6c45419fc,CN=user,OU=ldap Distinguished name of the user&devices which will be affected by the operation. Format: 'CN=<device ID>,CN=<username>,OU=<provider name>' |
tokenType | string Enum: "Claims" "AdminClaims" "Entitlement" "Administration" Optional query parameter to revoke only certain types of tokens. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Token revocation details.
revocationReason | string Optional reason text for the revocation. The value is stored and logged. |
delayMinutes | integer Default: 5 The delay time for token revocation in minutes. Client will renew the token(s) at least 5 minutes before the revocation time, without losing connection. |
tokensPerSecond | number Default: 7 Only used when revoking all Tokens. In order to spread the workload on the Controllers, tokens are revoked in batches according to this value. |
Tokens were revoked successfully. Returns the list of revoked Tokens.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "revocationReason": "Pushing the policy changes.",
- "delayMinutes": 5,
- "tokensPerSecond": 7
}
{- "id": "string",
- "message": "string"
}
Revoke all Tokens with given type.
token-type required | string Enum: "Claims" "AdminClaims" "Entitlement" "Administration" The type of the tokens. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Token revocation details.
revocationReason | string Optional reason text for the revocation. The value is stored and logged. |
delayMinutes | integer Default: 5 The delay time for token revocation in minutes. Client will renew the token(s) at least 5 minutes before the revocation time, without losing connection. |
tokensPerSecond | number Default: 7 Only used when revoking all Tokens. In order to spread the workload on the Controllers, tokens are revoked in batches according to this value. |
Tokens were revoked successfully. Returns the list of revoked tokens.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "revocationReason": "Pushing the policy changes.",
- "delayMinutes": 5,
- "tokensPerSecond": 7
}
{- "id": "string",
- "message": "string"
}
Reevaluate all sessions belongs to the user&devices ending with the given Distinguished Name substring.
distinguished-name required | string Example: CN=4c07bc6757ea42ddb702c2d6c45419fc,CN=user,OU=ldap Distinguished name of the user&devices which will be affected by the operation. Format: 'CN=<device ID>,CN=<username>,OU=<provider name>' |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of reevaluated Distinguished Names.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "reevaluatedDistinguishedNames": [
- "string"
]
}
List all blacklisted Users.
query | string Query string to filter the result list. It's used for various fields depending on the object type. |
range | string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.' |
orderBy | string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type. |
descending | string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type. |
filterBy | object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of blacklisted Users.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "userDistinguishedName": "CN=user,OU=ldap",
- "username": "user",
- "providerName": "ldap",
- "blacklistedAt": "2020-07-17T09:48:35Z",
- "reason": "User's machine is compromised."
}
Blacklists a User.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Blacklisting details
userDistinguishedName | string Distinguished name of a user. Format: "CN=,OU=" |
username | string The username, same as the one in the user Distinguished Name. |
providerName | string The provider name of the user, same as the one in the user Distinguished Name. |
reason | string The reason for blacklisting. The value is stored and logged. |
User was blacklisted successfully.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "userDistinguishedName": "CN=user,OU=ldap",
- "username": "user",
- "providerName": "ldap",
- "reason": "User's machine is compromised."
}
{- "userDistinguishedName": "CN=user,OU=ldap",
- "username": "user",
- "providerName": "ldap",
- "blacklistedAt": "2020-07-17T09:48:35Z",
- "reason": "User's machine is compromised."
}
Remove the blacklist of a User for the given Distinguished Name.
distinguished-name required | string Example: CN=user,OU=ldap Distinguished name of the user whose blacklist is to be removed. Format: "CN=,OU=" |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Blacklist was removed successfully.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
List all User Licenses.
query | string Query string to filter the result list. It's used for various fields depending on the object type. |
range | string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.' |
orderBy | string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type. |
descending | string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type. |
filterBy | object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of User Licenses.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "query": "string",
- "range": "0-30/54",
- "orderBy": "name",
- "descending": true,
- "filterBy": [
- {
- "name": "name",
- "value": "AWS"
}
], - "data": [
- {
- "userDistinguishedName": "CN=user,OU=ldap",
- "username": "user",
- "providerName": "ldap",
- "created": "2020-07-17T09:48:35Z"
}
]
}
Delete a User License for the given Distinguished Name.
distinguished-name required | string Example: CN=user,OU=ldap Distinguished name of the user whose license to be deleted. Format: "CN=,OU=" |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
User License was removed successfully.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
List all On-Boarded Devices.
query | string Query string to filter the result list. It's used for various fields depending on the object type. |
range | string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.' |
orderBy | string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type. |
descending | string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type. |
filterBy | object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of On-Boarded Devices.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "query": "string",
- "range": "0-30/54",
- "orderBy": "name",
- "descending": true,
- "filterBy": [
- {
- "name": "name",
- "value": "AWS"
}
], - "data": [
- {
- "distinguishedName": "CN=4c07bc6757ea42ddb702c2d6c45419fc,CN=user,OU=ldap",
- "deviceId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "username": "user",
- "providerName": "ldap",
- "hostname": "user.ad.company.com",
- "onBoardedAt": "2020-07-17T09:48:35Z"
}
]
}
Remove an On-Boarded Device for the given Distinguished Name. The device will need to on-board again.
distinguished-name required | string Example: CN=4c07bc6757ea42ddb702c2d6c45419fc,CN=user,OU=ldap Distinguished name of the user&devices which will be affected by the operation. Format: 'CN=<device ID>,CN=<username>,OU=<provider name>' |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
On-Boarded Device was removed successfully.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
View various Global Settings.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Global Settings.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "claimsTokenExpiration": 1440,
- "entitlementTokenExpiration": 180,
- "administrationTokenExpiration": 720,
- "vpnCertificateExpiration": 525600,
- "loginBannerMessage": "Authorized use only.",
- "messageOfTheDay": "Welcome to AppGate SDP.",
- "backupApiEnabled": true,
- "hasBackupPassphrase": true,
- "fips": false,
- "geoIpUpdates": false,
- "auditLogPersistenceMode": "Default",
- "appDiscoveryDomains": [
- "company.com"
], - "collectiveId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
}
Reset all Global Settings to the default values.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Global Settings were reset successfully.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
Update all Global Settings.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Global settings.
claimsTokenExpiration required | number Number of minutes the Claims Token is valid both for administrators and clients. |
entitlementTokenExpiration required | number Number of minutes the Entitlement Token is valid for clients. |
administrationTokenExpiration required | number Number of minutes the administration Token is valid for administrators. |
vpnCertificateExpiration required | number Number of minutes the VPN certificates is valid for clients. |
loginBannerMessage | string The configured message will be displayed on the login UI. |
messageOfTheDay | string The configured message will be displayed after a successful loging. |
backupApiEnabled | boolean Whether the backup API is enabled or not. |
backupPassphrase | string The passphrase to encrypt Appliance Backups when backup API is used. |
fips | boolean FIPS 140-2 Compliant Tunneling. |
geoIpUpdates | boolean Whether the automatic GeoIp updates are enabled or not. |
auditLogPersistenceMode required | string Enum: "Default" "Guaranteed" "Performance" Audit Log persistence mode. |
appDiscoveryDomains | Array of strings Domains to monitor for for App Discovery feature. |
Global Settings were updated successfully.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "claimsTokenExpiration": 1440,
- "entitlementTokenExpiration": 180,
- "administrationTokenExpiration": 720,
- "vpnCertificateExpiration": 525600,
- "loginBannerMessage": "Authorized use only.",
- "messageOfTheDay": "Welcome to AppGate SDP.",
- "backupApiEnabled": true,
- "backupPassphrase": "tSW3!QBv(rj{UuLY",
- "fips": false,
- "geoIpUpdates": false,
- "auditLogPersistenceMode": "Default",
- "appDiscoveryDomains": [
- "company.com"
]
}
{- "id": "string",
- "message": "string"
}
Reset backup passphrase. Backup APIs will be disabled without a valid passphrase. Deprecated as of 5.0. Use backupApiEnabled field when editing the settings instead.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Backup passphrase was reset successfully.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
View Client Connection settings. With API version 12, this API has changed significantly in order to manage client profiles. It is still possible to use the older APIs using older Accept headers.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Client Connection settings.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "spaMode": "TCP",
- "profiles": [
- {
- "name": "Company Employee",
- "spaKeyName": "test_key",
- "identityProviderName": "local",
- "url": "appgate://appgate.company.com/xyz...."
}
]
}
Reset Client Connections to the default settings.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Client Connection settings were reset successfully.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
Update Client Connection settings. With API version 12, this API has changed significantly in order to manage client profiles. It is still possible to use the older APIs using older Accept headers.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Client Connection settings.
spaMode | string Default: "TCP" Enum: "TCP" "UDP-TCP" SPA mode. |
profiles | Array of objects Client Profiles. |
Client Connection settings.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "spaMode": "TCP",
- "profiles": [
- {
- "name": "Company Employee",
- "spaKeyName": "test_key",
- "identityProviderName": "local"
}
]
}
{- "spaMode": "TCP",
- "profiles": [
- {
- "name": "Company Employee",
- "spaKeyName": "test_key",
- "identityProviderName": "local",
- "url": "appgate://appgate.company.com/xyz...."
}
]
}
Get connection URL for the profile.
profileName required | string Example: Company%20Employee Name of the profile. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Connection URL for the given profile.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "url": "appgate://appgate.company.com/eyJjYUZpbmdlcnByaW50IjoiMmM4ZTBiNTM5YTM4NjRkYmVkYzhiOWRkMTcwYzM0NGFhMjZjZTVhNjA4MmY3YTI0YzRkZTU4ZGQ3NWRjNWZhMCIsImlkZW50aXR5UHJvdmlkZXJOYW1lIjoibG9jYWwifQ=="
}
Get QR code for connection URL.
profileName required | string Example: Company%20Employee Name of the profile. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
QR code for the given profile.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "barcode": "string"
}
View Client Auto-Update settings.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Client Auto-Update settings.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "enabled": true,
- "criteriaScript": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "windows": {
- "version": "4.1.3"
}, - "macOS": {
- "version": "4.1.3"
}, - "ubuntu": {
- "version": "4.1.3"
}, - "fedora": {
- "version": "4.1.3"
}, - "redHat7": {
- "version": "4.1.3"
}
}
Update Client Auto-Update settings.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Client Auto-Update settings.
enabled | boolean Whether the Client Auto-Update is enabled or not. |
criteriaScript | string <uuid> The Criteria Script to evaluate the Client claims during authorization in order to decide whether the Client Auto-Update will be applied or not. |
windows | object Client Auto-Update settings for the specified platform. |
macOS | object Client Auto-Update settings for the specified platform. |
ubuntu | object Client Auto-Update settings for the specified platform. |
fedora | object Client Auto-Update settings for the specified platform. |
redHat7 | object Client Auto-Update settings for the specified platform. |
Client Auto-Update settings were updated successfully.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "enabled": true,
- "criteriaScript": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "windows": {
- "version": "4.1.3"
}, - "macOS": {
- "version": "4.1.3"
}, - "ubuntu": {
- "version": "4.1.3"
}, - "fedora": {
- "version": "4.1.3"
}, - "redHat7": {
- "version": "4.1.3"
}
}
{- "id": "string",
- "message": "string"
}
Get the current License.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
License details including usage.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "entitled": {
- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "type": 2,
- "request": "1675ab19fe2",
- "expiration": "2020-07-17T09:48:35Z",
- "maxUsers": 200,
- "maxSites": 5
}, - "requestCode": "string",
- "usage": {
- "users": 152,
- "sites": 3
}, - "error": "License is expired.",
- "used": {
- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "type": 2,
- "request": "1675ab19fe2",
- "expiration": "2020-07-17T09:48:35Z",
- "maxUsers": 200,
- "maxSites": 5
}
}
Upload a new License and override the existing one.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
License import.
license required | string The license file contents for this Controller (with the matching request code). |
License details.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "license": "string"
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "type": 2,
- "request": "1675ab19fe2",
- "expiration": "2020-07-17T09:48:35Z",
- "maxUsers": 200,
- "maxSites": 5
}
Delete the current License to revert to the Built-in License.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
License was deleted successfully.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
Get the current License which will be activated when CA certificate switch occurs. Licenses are bound to the CA Certificate.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
License details including usage.
Token error. Login again.
Insufficient permissions to access this resource.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "entitled": {
- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "type": 2,
- "request": "1675ab19fe2",
- "expiration": "2020-07-17T09:48:35Z",
- "maxUsers": 200,
- "maxSites": 5
}, - "requestCode": "string",
- "usage": {
- "users": 152,
- "sites": 3
}, - "error": "License is expired.",
- "used": {
- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "type": 2,
- "request": "1675ab19fe2",
- "expiration": "2020-07-17T09:48:35Z",
- "maxUsers": 200,
- "maxSites": 5
}
}
Upload a new next License to be switched when CA certificate is switched.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
License import.
license required | string The license file contents for this Controller (with the matching request code). |
License details.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "license": "string"
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
- "type": 2,
- "request": "1675ab19fe2",
- "expiration": "2020-07-17T09:48:35Z",
- "maxUsers": 200,
- "maxSites": 5
}
Delete the next License.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
License was deleted successfully.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
Initiate an Appliance Upgrade. This API call does what "prepare", "complete" and "switchPartition" API calls do all at once. "GET appliances/{id}/upgrade" must return "status":"idle|failed" before accepting the complete command. The progress can be followed by by polling the appliance via "GET appliances/{id}/upgrade".
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Appliance Upgrade request.
imageUrl required | string The URL for the Appliance the download the Upgrade image from. The URL may be a public HTTP URL or it could be a file uploaded to the Controller. See "files" APIs for uploading to Controller. In order to use a Controller based file, set this field to "controller://<controller-peer-hostname:port>/{filename}". The Appliance will authenticate itself to the Controller and download the file. |
Appliance Upgrade has begun.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
}
Get the status of an Appliance Upgrade.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Current status of the Appliance Upgrade.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "status": "idle",
- "details": "a reboot is required for the Upgrade to go into effect"
}
Cancel an Appliance Upgrade. The request is rejected if 'GET appliances/{id}/upgrade' returns '"status":"installing"'.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Upgrade was canceled successfully.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
Prepare an Appliance Upgrade. Appliance will download the Upgrade image and wait for the "complete" call before starting the Upgrade. The appliance will be functional until the "complete" call is made. "GET appliances/{id}/upgrade" must return "status":"idle|failed" before accepting the complete command. The progress can be followed by polling the appliance via "GET appliances/{id}/upgrade".
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Appliance Upgrade request.
imageUrl required | string The URL for the Appliance the download the Upgrade image from. The URL may be a public HTTP URL or it could be a file uploaded to the Controller. See "files" APIs for uploading to Controller. In order to use a Controller based file, set this field to "controller://<controller-peer-hostname:port>/{filename}". The Appliance will authenticate itself to the Controller and download the file. |
Appliance accepted the URL and has started to download the image.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
}
Install the downloaded to Upgrade image to the other partition. This will stop the Controller and other services which may be affected by the Upgrade. "GET appliances/{id}/upgrade" must return "status":"ready" before accepting the complete command. The progress can be followed by polling the appliance via "GET appliances/{id}/upgrade". Unless "switchPartition" field is sent as true, the appliance will stay in the same partition, waiting for the "POST appliances/{id}/switch-partition" request to finalize the Upgrade.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
switchPartition | boolean Whether to reboot and switch partition to finalize the Upgrade. |
Appliance has started to install the downloaded image.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "switchPartition": true
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
}
Reboot and switch partition on the appliance to finalize the Upgrade. "GET appliances/{id}/upgrade" must return "status":"success" before accepting the complete command. Since the appliance will be rebooted, the status cannot be queried directly. The Upgrade Script utilizes the Appliance Status dashboard APIs to verify the status after this.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Appliance accepted the command and started the process for switching partitions.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
}
List all Files uploaded to the current Controller and their details.
checksum | boolean Default: false Whether to calculate checksum of the File(s) and include in the response. If true, response take may long depending on the File sizes. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
List of Files and their statuses.
Token error. Login again.
Insufficient permissions to access this resource.
Unexpected server side error.
{- "data": [
- {
- "name": "appgate-upgrade.img.zip",
- "status": "InProgress",
- "failureReason": "401 Unauthorized",
- "checksum": "61b14187e9371cecce814f15cf1d85fbd389b5ed5081952397cb8d265f13a190",
- "creationTime": "2020-07-17T09:48:35Z",
- "lastModifiedTime": "2020-07-17T09:48:35Z"
}
]
}
Make the current Controller download a File from a given URL. Note that the File is downloaded and stored only on the current Controller, not synced between Controllers.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
url required | string The URL for Controller to download the File from. |
filename required | string The filename to save the File as. |
The request is accepted and the download has started. The status of the File can be followed via 'GET files/{filename}' call after this.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The submitted resource conflicts with another.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "filename": "appgate-appliance.img.zip"
}
{- "id": "string",
- "message": "string"
}
Upload a File directly to the current Controller. Note that the File is stored only on the current Controller, not synced between Controllers.
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
file | string <binary> The File to upload. "filename"w must be included in in Content-Disposition. |
The File was uploaded successfully.
Token error. Login again.
Insufficient permissions to access this resource.
The submitted resource conflicts with another.
Request validation error. Check "errors" array for details.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
Get the status of a File uploaded to the current Controller.
filename required | string Example: appgate-upgrade.img.zip The filename as it's uploaded to the Controler. |
checksum | boolean Default: false Whether to calculate checksum of the File(s) and include in the response. If true, response take may long depending on the File sizes. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Get the status and details of a File.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Invalid filename.
Unexpected server side error.
{- "name": "appgate-upgrade.img.zip",
- "status": "InProgress",
- "failureReason": "401 Unauthorized",
- "checksum": "61b14187e9371cecce814f15cf1d85fbd389b5ed5081952397cb8d265f13a190",
- "creationTime": "2020-07-17T09:48:35Z",
- "lastModifiedTime": "2020-07-17T09:48:35Z"
}
Delete a File from the current Controller.
filename required | string Example: appgate-upgrade.img.zip The filename as it's uploaded to the Controler. |
checksum | boolean Default: false Whether to calculate checksum of the File(s) and include in the response. If true, response take may long depending on the File sizes. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
The File was deleted successfully.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Invalid filename.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
Initiate an Appliance Backup. The progress can be followed by polling the Appliance via "GET appliances/{id}/backup/{backupId}/status".
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Appliance Backup parameters.
logs | boolean Whether the Appliance Backup should include syslog or not. |
audit | boolean Whether the Appliance Backup should include the audit logs or not. |
opt | boolean Whether the Appliance Backup should include the persistent /opt directory or not. |
Appliance Backup has begun.
JSON error. Check the JSON format.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "logs": true,
- "audit": true,
- "opt": true
}
{- "id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
}
Download a completed Appliance Backup with the given ID of an Appliance. This API call must be made with Accept header of application/vnd.appgate.peer-v13+gpg as it returns a GPG file as blob instead of JSON.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
backupId required | string <uuid> Example: 4c07bc67-57ea-42dd-b702-c2d6c45419fc The Appliance Backup ID given in the initiation response. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Backup file is being streamed.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Backup creation failed.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
Delete an Appliance Backup file from an Appliance.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
backupId required | string <uuid> Example: 4c07bc67-57ea-42dd-b702-c2d6c45419fc The Appliance Backup ID given in the initiation response. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Backup file was deleted successfully.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
Get the status of the given Appliance Backup ID. If the status is "done", it can be downloaded using "GET appliances/{id}/backup/{backupId}".
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
backupId required | string <uuid> Example: 4c07bc67-57ea-42dd-b702-c2d6c45419fc The Appliance Backup ID given in the initiation response. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Current status of the Applince Backup.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "encoding": "utf-8",
- "output": "string",
- "status": "processing"
}
Get all the Prometheus metrics for the given Appliance. This API call must be made with Accept header of application/vnd.appgate.peer-v13+text as it returns plain text instead of JSON.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Appliance Metrics.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}
Get a specific Prometheus metrics for the given Appliance. This API call must be made with Accept header of application/vnd.appgate.peer-v13+text as it returns plain text instead of JSON.
id required | string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object. |
name required | string Example: vpn_total_sessions Metric name |
Authorization required | string Example: Bearer <base64 token> The Token from the LoginResponse. |
Single Appliance metric.
Token error. Login again.
Insufficient permissions to access this resource.
The requested resource can not be found.
Unexpected server side error.
{- "id": "string",
- "message": "string"
}