AppGate SDP Controller REST API (API version 13)

Download OpenAPI specification:Download

AppGate SDP Support: appgatesdp.support@appgate.com URL: https://sdphelp.appgate.com/adminguide/help-support.html

About

This specification documents the REST API calls for the AppGate SDP Controller.

Please refer to the Integration chapter in the manual or contact AppGate support with any questions about this functionality.

Getting Started

Requirements for API scripting:

Access to the peer interface (default port 444) of a Controller appliance. (https://sdphelp.appgate.com/adminguide/appliances-configure.html?anchor=peer)
An API user with relevant permissions. (https://sdphelp.appgate.com/adminguide/administrative-roles-configure.html)
In order to use the simple login API, Admin MFA must be disabled or the API user must be excluded. (https://sdphelp.appgate.com/adminguide/mfa-for-admins.html)

Base path

HTTPS requests must be sent to the Peer Interface hostname and port, with /admin path.

For example: https://appgate.company.com:444/admin

All requests must have the Accept header as:

application/vnd.appgate.peer-v13+json

API Conventions

API conventions are important to understand and follow strictly.

While updating objects (via PUT), entire object must be sent with all fields.

For example, if in order to add a remedy method to the condition below:

{
  "id": "12699e27-b584-464a-81ee-5b4784b6d425",
  "name": "Test",
  "notes": "Making a point",
  "tags": ["test", "tag"],
  "expression": "return true;",
  "remedyMethods": []
}

send the entire object with updated and non-updated fields:

{
  "id": "12699e27-b584-464a-81ee-5b4784b6d425",
  "name": "Test",
  "notes": "Making a point",
  "tags": ["test", "tag"],
  "expression": "return true;",
  "remedyMethods": [{"type": "DisplayMessage", "message": "test message"}]
}

In case Controller returns an error (non-2xx HTTP status code), response body is JSON. The "message" field contains information about the error. HTTP 422 "Unprocessable Entity" has extra errors field to list all the issues with specific fields.
Empty string ("") is considered a different value than "null" or field being omitted from JSON. Omitting the field is recommend if no value is intended. Empty string ("") will be almost always rejected as invalid value.
There are common pattern between many objects:
- Configuration Objects: There are many objects with common fields, namely "id", "name", "notes", "created" and "updated". These entities are listed, queried, created, updated and deleted in a similar fashion.
- Distinguished Name: Users and Devices are identified with what is called Distinguished Names, as used in LDAP. The distinguished format that identifies a device and a user combination is "CN=<Device ID>,CN=<username>,OU=<Identity Provider Name>". Some objects have the "userDistinguishedName" field, which does not include the CN for Device ID. This identifies a user on every device.

Simplified Login

First step for any API call is retrieving AuthToken using Login API. All other calls require the AuthToken. Client is advised to securely store the AuthToken and reuse until it expires. Multi-Factor Authentication is not supported by Login call, API user must be exempt from Admin MFA requirement. It is important to restrict API user's permissions strictly as-needed basis and restrict IP access to API port to trusted networks.

Request Body schema: application/json

providerName required	string Display name of the Identity Provider name.
username	string Username. Required if a credentials based Identity Provider is used.
password	string Password. Required if a credentials based Identity Provider is used.
deviceId required	string <uuid> UUID to distinguish the Client device making the request. It is supposed to be same for every login request from the same server.
samlResponse	string SAMLResponse received from SAML provider. Required if a SAML based Identity Provider is used.

Responses

200

400

JSON error. Check the JSON format.

401

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /login

https://appgate.company.com:444/admin/login

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"providerName": "ldap",
"username": "user",
"password": "tSW3!QBv(rj{UuLY",
"deviceId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"samlResponse": "string"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"version": "4.3.0-20000",
"user": 
{"name": "admin",
"needTwoFactorAuth": false,
"canAccessAuditLogs": true,
"privileges": 
[
{"type": "All",
"target": "All",
"scope": 
{"all": true,
"ids": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"tags": 
["tag"
]
},
"defaultTags": 
["api-created"
]
}
]
},
"token": "string",
"expires": "2020-07-17T09:48:28Z",
"messageOfTheDay": "Welcome to AppGate SDP."
}

Get the list of identity providers available for admin login.

Responses

200

500

Unexpected server side error.

get /identity-providers/names

https://appgate.company.com:444/admin/identity-providers/names

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"data": 
[
{"name": "local",
"displayName": "Company Local Identities",
"default": true,
"type": "Credentials",
"redirectUrl": "https://saml.company.com/appgate-admin?SAMLRequest=base64Request"
}
],
"bannerMessage": "Authorized use only."
}

Authenticate. For internal use.

API Scripts are recommended to use the Login call instead of separate Authentication & Authorization calls.

First step for logging in is sending the credentials and retreiving partial AuthToken. If the response has the "needTwoFactorAuth:true", then either API user must be extempt from Admin MFA or two-step MFA process must be completed before Authorization.

Request Body schema: application/json

providerName required	string Display name of the Identity Provider name.
username	string Username. Required if a credentials based Identity Provider is used.
password	string Password. Required if a credentials based Identity Provider is used.
deviceId required	string <uuid> UUID to distinguish the Client device making the request. It is supposed to be same for every login request from the same server.
samlResponse	string SAMLResponse received from SAML provider. Required if a SAML based Identity Provider is used.

Responses

200

400

JSON error. Check the JSON format.

401

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /authentication

https://appgate.company.com:444/admin/authentication

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"providerName": "ldap",
"username": "user",
"password": "tSW3!QBv(rj{UuLY",
"deviceId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"samlResponse": "string"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"version": "4.3.0-20000",
"user": 
{"name": "admin",
"needTwoFactorAuth": false,
"canAccessAuditLogs": true,
"privileges": 
[
{"type": "All",
"target": "All",
"scope": 
{"all": true,
"ids": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"tags": 
["tag"
]
},
"defaultTags": 
["api-created"
]
}
]
},
"token": "string",
"expires": "2020-07-17T09:48:28Z",
"messageOfTheDay": "Welcome to AppGate SDP."
}

Initialize the MFA. For internal use.

This API starts the Multi-Factor Authentication process. It requires the partial AuthToken from Authentication call. The Controller will initiate the flow and return details required to continue MFA.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Optional MFA initialization details.

userPassword

string

Some MFA configurations require user password in order to authenticate the user along with the multi-factor. Otherwise not required.

Responses

200

MFA initialization response.

400

JSON error. Check the JSON format.

401

Token error. Login again.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /authentication/otp/initialize

https://appgate.company.com:444/admin/authentication/otp/initialize

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"userPassword": "tSW3!QBv(rj{UuLY"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"type": "AlreadySeeded",
"secret": "6XOEKS6WZASFPA5A",
"otpAuthUrl": "otpauth://totp/admin@local@appgate.company.com?secret=6XOEKS6WZASFPA5A&issuer=AppGate%20SDP",
"barcode": "string",
"responseMessage": "Please enter enter 1234 to your token.",
"state": "string",
"timeout": 10,
"sendPassword": true
}

Finalize the MFA. For internal use.

This API starts the Multi-Factor Authentication process. It requires the partial AuthToken from Authentication call. The fields required depends on the initialization.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

MFA credentials.

otp required	string Depending on the type of the MFA flow, this could be an OTP generated from a device, user password or some dummy value.
state	string <byte> The state value if it was received during initialization.

Responses

200

MFA was successfull. The AuthToken now has the MFA flag and ready for Authorization step.

400

JSON error. Check the JSON format.

401

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /authentication/otp

https://appgate.company.com:444/admin/authentication/otp

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"otp": 521856,
"state": "string"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"version": "4.3.0-20000",
"user": 
{"name": "admin",
"needTwoFactorAuth": false,
"canAccessAuditLogs": true,
"privileges": 
[
{"type": "All",
"target": "All",
"scope": 
{"all": true,
"ids": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"tags": 
["tag"
]
},
"defaultTags": 
["api-created"
]
}
]
},
"token": "string",
"expires": "2020-07-17T09:48:29Z",
"messageOfTheDay": "Welcome to AppGate SDP."
}

Authorize. For internal use.

API Scripts are recommended to use the Login call instead of separate Authentication & Authorization calls. Last step for logging in is sending the partial AuthToken for authorization and retrieving the AuthToken.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Authorization was successfull. The AuthToken is ready for any subsequent API call.

400

JSON error. Check the JSON format.

401

403

No administration rights.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

get /authorization

https://appgate.company.com:444/admin/authorization

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"version": "4.3.0-20000",
"user": 
{"name": "admin",
"needTwoFactorAuth": false,
"canAccessAuditLogs": true,
"privileges": 
[
{"type": "All",
"target": "All",
"scope": 
{"all": true,
"ids": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"tags": 
["tag"
]
},
"defaultTags": 
["api-created"
]
}
]
},
"token": "string",
"expires": "2020-07-17T09:48:29Z",
"messageOfTheDay": "Welcome to AppGate SDP."
}

Admin Messages

Get the Admin Messages.

Get a list of all Admin Messages generated by the system for the past 7 days. It includes duplicate messages generated over time. Use "/summarize" to get distinct messages like the Admin UI.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of Admin Messages.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /admin-messages

https://appgate.company.com:444/admin/admin-messages

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"data": 
[
{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"level": "Information",
"category": "Configuration",
"message": "Identity Provider \"local\" does not have IP Pool assigned.",
"source": "Controller",
"created": "2020-07-17T09:48:29Z"
}
]
}

Delete all Admin Messages.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

Admin messages were deleted successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

delete /admin-messages

https://appgate.company.com:444/admin/admin-messages

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Get a summary of Admin Messages.

List all summarized Admin Messages generated by the system for the past 7 days. This API call is recommended as some of the Admin Messages may be duplicated too much in case of a configuration problem on a heavy loaded system.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Summary of Admin Messages.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /admin-messages/summarize

https://appgate.company.com:444/admin/admin-messages/summarize

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"data": 
[
{"level": "Information",
"category": "Configuration",
"message": "Identity Provider \"local\" does not have IP Pool assigned.",
"source": "Controller",
"created": "2020-07-17T09:48:29Z",
"count": 152
}
]
}

Appliance Stats

Get Appliance Stats.

Get Stats and status of the active appliances. This API makes the controller to query every active appliance for status. The operation may take long if one or more appliances take long to respond.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Active Appliances stats.

get /stats/appliances

https://appgate.company.com:444/admin/stats/appliances

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"name": "appliances",
"creationDate": "2020-07-17T09:48:29Z",
"refreshInterval": 1,
"controllerCount": 2,
"gatewayCount": 12,
"applianceCount": 14,
"logServerCount": 1,
"logForwarderCount": 0,
"connectorCount": 6,
"data": 
[
{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "Controller1",
"online": true,
"version": "4.2.0-12161-release",
"state": "controller_ready",
"volumeNumber": 1,
"status": "healthy",
"controller": 
{"status": "healthy",
"details": "Cannot reach appliance. Please check Controller logs."
},
"logServer": 
{"status": "healthy",
"details": "Cannot reach appliance. Please check Controller logs."
},
"logForwarder": 
{"status": "healthy",
"details": "Cannot reach appliance. Please check Controller logs."
},
"gateway": 
{"status": "healthy",
"details": "Cannot reach appliance. Please check Controller logs.",
"numberOfSessions": 156
},
"connector": 
{"status": "healthy",
"details": "Cannot reach appliance. Please check Controller logs."
},
"appliance": 
{"status": "healthy",
"details": "Cannot reach appliance. Please check Controller logs."
},
"cpu": 1.2,
"memory": 21.5,
"disk": 1.2,
"network": 
{"busiestNic": "eth1",
"dropin": 2563,
"dropout": 120,
"rxSpeed": "5.77 Kbps",
"txSpeed": "8.53 Kbps",
"ips": 
{"eth0": 
["10.0.0.1",
"abba::cafe"
],
"eth1": 
["200.123.123.12"
]
}
},
"upgrade": 
{"status": "installing",
"details": "a reboot is required for the upgrade to go into effect"
},
"customizationName": "MyAgent"
}
]
}

Discovered Apps

Get Discovered Apps.

Get Discovered Apps for the last 7 days. Rebooting a Gateway resets the Discovered Apps for that Gateway. This API makes the Controller to query every Gateway in the system to collect the statistics. The operation may take long if one or more appliances take long to respond.

query Parameters

query	string Query string to filter the result list. It's used for various fields depending on the object type.
range	string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'
orderBy	string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.
descending	string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.
filterBy	object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Discovered Apps.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /stats/app-discovery

https://appgate.company.com:444/admin/stats/app-discovery

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"name": "appliances",
"creationDate": "2020-07-17T09:48:29Z",
"refreshInterval": 1,
"query": "string",
"range": "0-30/54",
"orderBy": "name",
"descending": true,
"filterBy": 
[
{"name": "name",
"value": "AWS"
}
],
"distinctAppCount": 15,
"data": 
[
{"app": "anew.service",
"domain": "internal.company.com",
"accessCount": 12,
"ips": 
["10.10.10.2"
]
}
]
}

Top Entitlements

Get Top Entitlements.

Get the (most used) Top Entitlements for the last 7 days. Each Gateway keeps track of the most used 20 Entitlements and they are aggregated on the Controller. Number of Entitlements in this stats varies accordingly. Rebooting a Gateway resets the most used Entitlements for that Gateway. This API makes the Controller to query every Gateway in the system to collect the statistics. The operation may take long if one or more Gateways take long to respond.

query Parameters

range	string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'
orderBy	string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.
descending	string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.
filterBy	object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Top Entitlements.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /stats/top-entitlements

https://appgate.company.com:444/admin/stats/top-entitlements

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"name": "appliances",
"creationDate": "2020-07-17T09:48:29Z",
"refreshInterval": 1,
"range": "0-30/54",
"orderBy": "name",
"descending": true,
"data": 
[
{"accounting": 566837594
},
{"active_directory": 34638
}
]
}

Active Sessions

Get Active Client Sessions.

Get currently Active Client Sessions. This API makes the Controller to query every Gateway in the system to collect the session data. The operation may take long if one or more Gateways take long to respond.

query Parameters

query	string Query string to filter the result list. It's used for various fields depending on the object type.
range	string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'
orderBy	string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.
descending	string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.
filterBy	object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Active Client Sessions per Gateway. Note that the AppGate SDP Admin UI aggregates this data to list device&users. Disconnected Clients disappear after 5 minutes. When a Client fails over to another Gateway, the API may return the Client on multiple Gateways until during this period.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /stats/active-sessions

https://appgate.company.com:444/admin/stats/active-sessions

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"name": "appliances",
"creationDate": "2020-07-17T09:48:29Z",
"refreshInterval": 1,
"query": "string",
"range": "0-30/54",
"orderBy": "name",
"descending": true,
"filterBy": 
[
{"name": "name",
"value": "AWS"
}
],
"distinctUserCount": 645,
"data": 
[
{"distinguishedName": "CN=4c07bc6757ea42ddb702c2d6c45419fc,CN=user,OU=ldap",
"deviceId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"username": "user",
"providerName": "ldap",
"gateway": "aws-gateway-1",
"loginTime": "2020-07-17T09:48:29Z",
"ip": "104.210.144.101",
"allocatedIp": "10.10.10.25",
"allocatedIpV6": "2001:db8:0:0:0:ff00:42:8329",
"hostname": "cmp325"
}
]
}

Get details of a specific Active Client Session.

Get the details of a specific Active Client Session from all Gateways. This API makes the Controller to query very Gateway in the system to collect the session data. The operation may take long if one or more Gateways take long to respond.

path Parameters

distinguished-name

required

string

Example: CN=4c07bc6757ea42ddb702c2d6c45419fc,CN=user,OU=ldap

Distinguished name of the user&devices which will be affected by the operation. Format: 'CN=<device ID>,CN=<username>,OU=<provider name>'

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Details of an Active Client Session per Gateway. Disconnected Clients disappear after 5 minutes. When a Client fails over to another Gateway, the API may return the Client on multiple Gateways until during this period.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

get /session-info/{distinguished-name}

https://appgate.company.com:444/admin/session-info/{distinguished-name}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"deviceId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"username": "user",
"providerName": "ldap",
"data": 
{"property1": 
{"userClaims": 
{"username": "admin",
"groups": 
["CN=test,OU=unit,DC=company,DC=com",
"CN=finance,OU=unit,DC=company,DC=com"
]
},
"deviceClaims": 
{"os": 
{"name": "Microsoft Windows 10 Pro",
"platform": "x64",
"type": "desktop"
},
"isUserAdmin": true,
"language": "en-us"
},
"systemClaims": 
{"connectTime": "2018-11-16T13:25:15.672Z",
"tunIPv4": "15.0.0.24",
"clientSrcIp": "192.168.111.184"
},
"entitlementInfos": 
{"property1": 
{"conditionResults": 
{"MFASuccess": true,
"InternalNetwork": false
},
"firewallRules": 
[
{"protocol": "tcp",
"direction": "up",
"action": "allow",
"subnets": 
["172.31.4.105"
],
"urls": 
["https://server.company.com/test"
],
"ports": 
[443
],
"types": 
["0-255"
]
}
]
},
"property2": 
{"conditionResults": 
{"MFASuccess": true,
"InternalNetwork": false
},
"firewallRules": 
[
{"protocol": "tcp",
"direction": "up",
"action": "allow",
"subnets": 
["172.31.4.105"
],
"urls": 
["https://server.company.com/test"
],
"ports": 
[443
],
"types": 
["0-255"
]
}
]
}
},
"discoveredApps": 
["new-service.internal.company.com"
],
"site": "AWS Site"
},
"property2": 
{"userClaims": 
{"username": "admin",
"groups": 
["CN=test,OU=unit,DC=company,DC=com",
"CN=finance,OU=unit,DC=company,DC=com"
]
},
"deviceClaims": 
{"os": 
{"name": "Microsoft Windows 10 Pro",
"platform": "x64",
"type": "desktop"
},
"isUserAdmin": true,
"language": "en-us"
},
"systemClaims": 
{"connectTime": "2018-11-16T13:25:15.672Z",
"tunIPv4": "15.0.0.24",
"clientSrcIp": "192.168.111.184"
},
"entitlementInfos": 
{"property1": 
{"conditionResults": 
{"MFASuccess": true,
"InternalNetwork": false
},
"firewallRules": 
[
{"protocol": "tcp",
"direction": "up",
"action": "allow",
"subnets": 
["172.31.4.105"
],
"urls": 
["https://server.company.com/test"
],
"ports": 
[443
],
"types": 
["0-255"
]
}
]
},
"property2": 
{"conditionResults": 
{"MFASuccess": true,
"InternalNetwork": false
},
"firewallRules": 
[
{"protocol": "tcp",
"direction": "up",
"action": "allow",
"subnets": 
["172.31.4.105"
],
"urls": 
["https://server.company.com/test"
],
"ports": 
[443
],
"types": 
["0-255"
]
}
]
}
},
"discoveredApps": 
["new-service.internal.company.com"
],
"site": "AWS Site"
}
}
}

User Logins Per Hour

Get User Logins Per Hour.

Get the User Logins Per Hour for the last 24 hours.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

User Logins Per Hour.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /stats/user-logins

https://appgate.company.com:444/admin/stats/user-logins

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"name": "appliances",
"creationDate": "2020-07-17T09:48:29Z",
"refreshInterval": 1,
"data": 
{"0": 
{"controller1.company.com": "100",
"controller2.company.com": "20",
"total": "120"
},
"1": 
{"controller1.company.com": "42",
"controller2.company.com": "100",
"total": "142"
},
"2": 
{"controller1.company.com": "165",
"total": "165"
},
"3": 
{"controller1.company.com": "25",
"controller2.company.com": "80",
"total": "105"
}
}
}

Devices On-Boarded Per Hour

Get Device On-Boardings Per Hour.

Get the Device On-Boardings Per Hour for the last 24 hours.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Device On-Boardings Per Hour.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /stats/on-boarded-devices

https://appgate.company.com:444/admin/stats/on-boarded-devices

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"name": "appliances",
"creationDate": "2020-07-17T09:48:29Z",
"refreshInterval": 1,
"data": 
{"0": 120,
"1": 142,
"2": 165,
"3": 105
}
}

Failed Authentications Per Hour

Get failed authentications per hour.

Get the failed authentications per hour for the last 24 hours.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Failed authentications per hour.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /stats/failed-authentications

https://appgate.company.com:444/admin/stats/failed-authentications

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"name": "appliances",
"creationDate": "2020-07-17T09:48:29Z",
"refreshInterval": 1,
"data": 
{"0": 120,
"1": 142,
"2": 165,
"3": 105
}
}

Policies

List all Policies.

List all Policies visible to current user.

query Parameters

query	string Query string to filter the result list. It's used for various fields depending on the object type.
range	string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'
orderBy	string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.
descending	string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.
filterBy	object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of Policies.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /policies

https://appgate.company.com:444/admin/policies

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"query": "string",
"range": "0-30/54",
"orderBy": "name",
"descending": true,
"filterBy": 
[
{"name": "name",
"value": "AWS"
}
],
"data": 
[
{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:29Z",
"updated": "2020-07-17T09:48:29Z",
"tags": 
["developer",
"api-created"
],
"disabled": false,
"expression": "var result = false;\nif/*claims.user.groups*/(claims.user.groups && claims.user.groups.indexOf(\"developers\") >= 0)/*end claims.user.groups*/ { return true; }\nif/*criteriaScript*/(admins(claims))/*end criteriaScript*/ { return true; }\nreturn result;",
"entitlements": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"entitlementLinks": 
["developer"
],
"ringfenceRules": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"ringfenceRuleLinks": 
["developer"
],
"tamperProofing": true,
"overrideSite": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"administrativeRoles": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
]
}
]
}

Create a new Policy.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Policy object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
disabled	boolean Default: false If true, the Policy will be disregarded during authorization.
expression required	string A JavaScript expression that returns boolean. Criteria Scripts may be used by calling them as functions.
entitlements	Array of strings <uuid> List of Entitlement IDs in this Policy.
entitlementLinks	Array of strings List of Entitlement tags in this Policy.
ringfenceRules	Array of strings <uuid> List of Ringfence Rule IDs in this Policy.
ringfenceRuleLinks	Array of strings List of Ringfence Rule tags in this Policy.
tamperProofing	boolean Default: true Will enable Tamper Proofing on desktop clients which will make sure the routes and ringfence configurations are not changed.
overrideSite	string <uuid> Site ID where all the Entitlements of this Policy must be deployed. This overrides Entitlement's own Site and to be used only in specific network layouts. Otherwise the assigned site on individual Entitlements will be used.
administrativeRoles	Array of strings <uuid> List of Administrative Role IDs in this Policy.

Responses

200

Created Policy.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

409

The submitted resource conflicts with another.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /policies

https://appgate.company.com:444/admin/policies

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"disabled": false,
"expression": "var result = false;\nif/*claims.user.groups*/(claims.user.groups && claims.user.groups.indexOf(\"developers\") >= 0)/*end claims.user.groups*/ { return true; }\nif/*criteriaScript*/(admins(claims))/*end criteriaScript*/ { return true; }\nreturn result;",
"entitlements": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"entitlementLinks": 
["developer"
],
"ringfenceRules": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"ringfenceRuleLinks": 
["developer"
],
"tamperProofing": true,
"overrideSite": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"administrativeRoles": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:29Z",
"updated": "2020-07-17T09:48:29Z",
"tags": 
["developer",
"api-created"
],
"disabled": false,
"expression": "var result = false;\nif/*claims.user.groups*/(claims.user.groups && claims.user.groups.indexOf(\"developers\") >= 0)/*end claims.user.groups*/ { return true; }\nif/*criteriaScript*/(admins(claims))/*end criteriaScript*/ { return true; }\nreturn result;",
"entitlements": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"entitlementLinks": 
["developer"
],
"ringfenceRules": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"ringfenceRuleLinks": 
["developer"
],
"tamperProofing": true,
"overrideSite": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"administrativeRoles": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
]
}

Get a specific Policy.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Single Policy.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

get /policies/{id}

https://appgate.company.com:444/admin/policies/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:29Z",
"updated": "2020-07-17T09:48:29Z",
"tags": 
["developer",
"api-created"
],
"disabled": false,
"expression": "var result = false;\nif/*claims.user.groups*/(claims.user.groups && claims.user.groups.indexOf(\"developers\") >= 0)/*end claims.user.groups*/ { return true; }\nif/*criteriaScript*/(admins(claims))/*end criteriaScript*/ { return true; }\nreturn result;",
"entitlements": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"entitlementLinks": 
["developer"
],
"ringfenceRules": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"ringfenceRuleLinks": 
["developer"
],
"tamperProofing": true,
"overrideSite": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"administrativeRoles": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
]
}

Update an existing Policy.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Policy object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
disabled	boolean Default: false If true, the Policy will be disregarded during authorization.
expression required	string A JavaScript expression that returns boolean. Criteria Scripts may be used by calling them as functions.
entitlements	Array of strings <uuid> List of Entitlement IDs in this Policy.
entitlementLinks	Array of strings List of Entitlement tags in this Policy.
ringfenceRules	Array of strings <uuid> List of Ringfence Rule IDs in this Policy.
ringfenceRuleLinks	Array of strings List of Ringfence Rule tags in this Policy.
tamperProofing	boolean Default: true Will enable Tamper Proofing on desktop clients which will make sure the routes and ringfence configurations are not changed.
overrideSite	string <uuid> Site ID where all the Entitlements of this Policy must be deployed. This overrides Entitlement's own Site and to be used only in specific network layouts. Otherwise the assigned site on individual Entitlements will be used.
administrativeRoles	Array of strings <uuid> List of Administrative Role IDs in this Policy.

Responses

200

Updated Policy.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

put /policies/{id}

https://appgate.company.com:444/admin/policies/{id}

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"disabled": false,
"expression": "var result = false;\nif/*claims.user.groups*/(claims.user.groups && claims.user.groups.indexOf(\"developers\") >= 0)/*end claims.user.groups*/ { return true; }\nif/*criteriaScript*/(admins(claims))/*end criteriaScript*/ { return true; }\nreturn result;",
"entitlements": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"entitlementLinks": 
["developer"
],
"ringfenceRules": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"ringfenceRuleLinks": 
["developer"
],
"tamperProofing": true,
"overrideSite": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"administrativeRoles": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:29Z",
"updated": "2020-07-17T09:48:29Z",
"tags": 
["developer",
"api-created"
],
"disabled": false,
"expression": "var result = false;\nif/*claims.user.groups*/(claims.user.groups && claims.user.groups.indexOf(\"developers\") >= 0)/*end claims.user.groups*/ { return true; }\nif/*criteriaScript*/(admins(claims))/*end criteriaScript*/ { return true; }\nreturn result;",
"entitlements": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"entitlementLinks": 
["developer"
],
"ringfenceRules": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"ringfenceRuleLinks": 
["developer"
],
"tamperProofing": true,
"overrideSite": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"administrativeRoles": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
]
}

Delete a specific Policy.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

Policy was deleted successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

delete /policies/{id}

https://appgate.company.com:444/admin/policies/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Conditions

List all Conditions.

List all Conditions visible to current user.

query Parameters

query	string Query string to filter the result list. It's used for various fields depending on the object type.
range	string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'
orderBy	string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.
descending	string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.
filterBy	object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of Conditions.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /conditions

https://appgate.company.com:444/admin/conditions

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"query": "string",
"range": "0-30/54",
"orderBy": "name",
"descending": true,
"filterBy": 
[
{"name": "name",
"value": "AWS"
}
],
"data": 
[
{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:29Z",
"updated": "2020-07-17T09:48:29Z",
"tags": 
["developer",
"api-created"
],
"expression": "var result = false;\nif/*password*/(claims.user.hasPassword('test', 60))/*end password*/ { return true; }\nreturn result;",
"repeatSchedules": 
["1h",
"13:32"
],
"remedyMethods": 
[
{"type": "DisplayMessage",
"message": "This resoure requires you to enter your password again",
"claimSuffix": "test",
"providerId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
}
]
}
]
}

Create a new Condition.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Condition object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
expression required	string Boolean expression in JavaScript.
repeatSchedules	Array of strings A list of schedules that decides when to reevaluate the Condition. All the scheduled times will be effective. One will not override the other. - It can be a time of the day, e.g. 13:00, 10:25, 2:10 etc. - It can be one of the predefined intervals, e.g. 1m, 5m, 15m, 1h. These intervals will be always rounded up, i.e. if it's 15m and the time is 12:07 when the Condition is evaluated first, then the next evaluation will occur at 12:15, and the next one will be at 12:30 and so on.
remedyMethods	Array of objects The remedy methods that will be triggered if the evaluation fails.

Responses

200

Created Condition.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

409

The submitted resource conflicts with another.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /conditions

https://appgate.company.com:444/admin/conditions

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"expression": "var result = false;\nif/*password*/(claims.user.hasPassword('test', 60))/*end password*/ { return true; }\nreturn result;",
"repeatSchedules": 
["1h",
"13:32"
],
"remedyMethods": 
[
{"type": "DisplayMessage",
"message": "This resoure requires you to enter your password again",
"claimSuffix": "test",
"providerId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
}
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:29Z",
"updated": "2020-07-17T09:48:29Z",
"tags": 
["developer",
"api-created"
],
"expression": "var result = false;\nif/*password*/(claims.user.hasPassword('test', 60))/*end password*/ { return true; }\nreturn result;",
"repeatSchedules": 
["1h",
"13:32"
],
"remedyMethods": 
[
{"type": "DisplayMessage",
"message": "This resoure requires you to enter your password again",
"claimSuffix": "test",
"providerId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
}
]
}

Get a specific Condition.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Single Condition.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

get /conditions/{id}

https://appgate.company.com:444/admin/conditions/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:29Z",
"updated": "2020-07-17T09:48:29Z",
"tags": 
["developer",
"api-created"
],
"expression": "var result = false;\nif/*password*/(claims.user.hasPassword('test', 60))/*end password*/ { return true; }\nreturn result;",
"repeatSchedules": 
["1h",
"13:32"
],
"remedyMethods": 
[
{"type": "DisplayMessage",
"message": "This resoure requires you to enter your password again",
"claimSuffix": "test",
"providerId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
}
]
}

Update an existing Condition.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Condition object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
expression required	string Boolean expression in JavaScript.
repeatSchedules	Array of strings A list of schedules that decides when to reevaluate the Condition. All the scheduled times will be effective. One will not override the other. - It can be a time of the day, e.g. 13:00, 10:25, 2:10 etc. - It can be one of the predefined intervals, e.g. 1m, 5m, 15m, 1h. These intervals will be always rounded up, i.e. if it's 15m and the time is 12:07 when the Condition is evaluated first, then the next evaluation will occur at 12:15, and the next one will be at 12:30 and so on.
remedyMethods	Array of objects The remedy methods that will be triggered if the evaluation fails.

Responses

200

Updated Condition.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

put /conditions/{id}

https://appgate.company.com:444/admin/conditions/{id}

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"expression": "var result = false;\nif/*password*/(claims.user.hasPassword('test', 60))/*end password*/ { return true; }\nreturn result;",
"repeatSchedules": 
["1h",
"13:32"
],
"remedyMethods": 
[
{"type": "DisplayMessage",
"message": "This resoure requires you to enter your password again",
"claimSuffix": "test",
"providerId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
}
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:29Z",
"updated": "2020-07-17T09:48:29Z",
"tags": 
["developer",
"api-created"
],
"expression": "var result = false;\nif/*password*/(claims.user.hasPassword('test', 60))/*end password*/ { return true; }\nreturn result;",
"repeatSchedules": 
["1h",
"13:32"
],
"remedyMethods": 
[
{"type": "DisplayMessage",
"message": "This resoure requires you to enter your password again",
"claimSuffix": "test",
"providerId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
}
]
}

Delete a specific Condition.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

Condition was deleted successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

delete /conditions/{id}

https://appgate.company.com:444/admin/conditions/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Simulate a given expression for a Condition, Policy or Criteria Script.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

The evaluation details.

expression required	string The javascript expression to evaluate.
userClaims	object
deviceClaims	object
systemClaims	object
time	string <date-time>

Responses

200

Evaluation result.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /conditions/test

https://appgate.company.com:444/admin/conditions/test

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"expression": "return claims.user.username === 'admin';",
"userClaims": 
{"username": "admin",
"groups": 
["CN=test,OU=unit,DC=company,DC=com",
"CN=finance,OU=unit,DC=company,DC=com"
]
},
"deviceClaims": 
{"os": 
{"name": "Microsoft Windows 10 Pro",
"platform": "x64",
"type": "desktop"
},
"isUserAdmin": true,
"language": "en-us"
},
"systemClaims": 
{"connectTime": "2018-11-16T13:25:15.672Z",
"tunIPv4": "15.0.0.24",
"clientSrcIp": "192.168.111.184"
},
"time": "2020-07-17T09:48:29Z"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"result": true,
"output": "Debug log",
"error": "Expression does not return boolean. Received: String"
}

List all Claim Names.

Claim Names list includes available User, Device and System claims. Some of these claims are static and some change according to the Identity Provider configurations.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of Claim Names.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /claims/names

https://appgate.company.com:444/admin/claims/names

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"user": 
[
{"claimName": "username",
"type": "boolean",
"availableForPolicy": true
}
],
"device": 
[
{"claimName": "username",
"type": "boolean",
"availableForPolicy": true
}
],
"system": 
[
{"claimName": "username",
"type": "boolean",
"availableForPolicy": true
}
],
"onDemand": 
[
{"claimName": "username",
"type": "boolean",
"availableForPolicy": true
}
]
}

Entitlements

List all Entitlements.

List all Entitlements visible to current user.

query Parameters

query	string Query string to filter the result list. It's used for various fields depending on the object type.
range	string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'
orderBy	string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.
descending	string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.
filterBy	object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of Entitlements.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /entitlements

https://appgate.company.com:444/admin/entitlements

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"query": "string",
"range": "0-30/54",
"orderBy": "name",
"descending": true,
"filterBy": 
[
{"name": "name",
"value": "AWS"
}
],
"data": 
[
{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:29Z",
"updated": "2020-07-17T09:48:29Z",
"tags": 
["developer",
"api-created"
],
"disabled": false,
"site": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"siteName": "Default Site",
"conditionLogic": "and",
"conditions": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"actions": 
[
{"subtype": "icmp_up",
"action": "allow",
"hosts": 
["10.0.0.1",
"10.0.0.0/24",
"hostname.company.com",
"dns://hostname.company.com",
"aws://security-group:accounting"
],
"ports": 
[80,
"1024-65535"
],
"types": 
["0-255"
],
"monitor": 
{"enabled": false,
"timeout": 30
}
}
],
"appShortcuts": 
[
{"name": "Accounting Software",
"description": "This app will get you to the Accounting Software.",
"url": "https://service.company.com",
"colorCode": 1
}
],
"appShortcutScripts": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
]
}
]
}

Create a new Entitlement.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Entitlement object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
disabled	boolean Default: false If true, the Entitlement will be disregarded during authorization.
site required	string <uuid> ID of the Site for this Entitlement.
conditionLogic	string Default: "and" Enum: "and" "or" Whether all the Conditions must succeed to have access to this Entitlement or just one.
conditions required	Array of strings <uuid> List of Condition IDs applies to this Entitlement.
actions required	Array of objects List of all IP Access actions in this Entitlement.
appShortcuts	Array of objects Array of App Shortcuts.
appShortcutScripts	Array of strings <uuid> List of Entitlement Script IDs used for creating App Shortcuts dynamically.

Responses

200

Created Entitlement.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

409

The submitted resource conflicts with another.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /entitlements

https://appgate.company.com:444/admin/entitlements

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"disabled": false,
"site": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"conditionLogic": "and",
"conditions": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"actions": 
[
{"subtype": "icmp_up",
"action": "allow",
"hosts": 
["10.0.0.1",
"10.0.0.0/24",
"hostname.company.com",
"dns://hostname.company.com",
"aws://security-group:accounting"
],
"ports": 
[80,
"1024-65535"
],
"types": 
["0-255"
],
"monitor": 
{"enabled": false,
"timeout": 30
}
}
],
"appShortcuts": 
[
{"name": "Accounting Software",
"description": "This app will get you to the Accounting Software.",
"url": "https://service.company.com",
"colorCode": 1
}
],
"appShortcutScripts": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:29Z",
"updated": "2020-07-17T09:48:29Z",
"tags": 
["developer",
"api-created"
],
"disabled": false,
"site": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"siteName": "Default Site",
"conditionLogic": "and",
"conditions": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"actions": 
[
{"subtype": "icmp_up",
"action": "allow",
"hosts": 
["10.0.0.1",
"10.0.0.0/24",
"hostname.company.com",
"dns://hostname.company.com",
"aws://security-group:accounting"
],
"ports": 
[80,
"1024-65535"
],
"types": 
["0-255"
],
"monitor": 
{"enabled": false,
"timeout": 30
}
}
],
"appShortcuts": 
[
{"name": "Accounting Software",
"description": "This app will get you to the Accounting Software.",
"url": "https://service.company.com",
"colorCode": 1
}
],
"appShortcutScripts": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
]
}

Get a specific Entitlement.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Single Entitlement.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

get /entitlements/{id}

https://appgate.company.com:444/admin/entitlements/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:29Z",
"updated": "2020-07-17T09:48:29Z",
"tags": 
["developer",
"api-created"
],
"disabled": false,
"site": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"siteName": "Default Site",
"conditionLogic": "and",
"conditions": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"actions": 
[
{"subtype": "icmp_up",
"action": "allow",
"hosts": 
["10.0.0.1",
"10.0.0.0/24",
"hostname.company.com",
"dns://hostname.company.com",
"aws://security-group:accounting"
],
"ports": 
[80,
"1024-65535"
],
"types": 
["0-255"
],
"monitor": 
{"enabled": false,
"timeout": 30
}
}
],
"appShortcuts": 
[
{"name": "Accounting Software",
"description": "This app will get you to the Accounting Software.",
"url": "https://service.company.com",
"colorCode": 1
}
],
"appShortcutScripts": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
]
}

Update an existing Entitlement.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Entitlement object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
disabled	boolean Default: false If true, the Entitlement will be disregarded during authorization.
site required	string <uuid> ID of the Site for this Entitlement.
conditionLogic	string Default: "and" Enum: "and" "or" Whether all the Conditions must succeed to have access to this Entitlement or just one.
conditions required	Array of strings <uuid> List of Condition IDs applies to this Entitlement.
actions required	Array of objects List of all IP Access actions in this Entitlement.
appShortcuts	Array of objects Array of App Shortcuts.
appShortcutScripts	Array of strings <uuid> List of Entitlement Script IDs used for creating App Shortcuts dynamically.

Responses

200

Updated Entitlement.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

put /entitlements/{id}

https://appgate.company.com:444/admin/entitlements/{id}

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"disabled": false,
"site": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"conditionLogic": "and",
"conditions": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"actions": 
[
{"subtype": "icmp_up",
"action": "allow",
"hosts": 
["10.0.0.1",
"10.0.0.0/24",
"hostname.company.com",
"dns://hostname.company.com",
"aws://security-group:accounting"
],
"ports": 
[80,
"1024-65535"
],
"types": 
["0-255"
],
"monitor": 
{"enabled": false,
"timeout": 30
}
}
],
"appShortcuts": 
[
{"name": "Accounting Software",
"description": "This app will get you to the Accounting Software.",
"url": "https://service.company.com",
"colorCode": 1
}
],
"appShortcutScripts": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:29Z",
"updated": "2020-07-17T09:48:29Z",
"tags": 
["developer",
"api-created"
],
"disabled": false,
"site": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"siteName": "Default Site",
"conditionLogic": "and",
"conditions": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"actions": 
[
{"subtype": "icmp_up",
"action": "allow",
"hosts": 
["10.0.0.1",
"10.0.0.0/24",
"hostname.company.com",
"dns://hostname.company.com",
"aws://security-group:accounting"
],
"ports": 
[80,
"1024-65535"
],
"types": 
["0-255"
],
"monitor": 
{"enabled": false,
"timeout": 30
}
}
],
"appShortcuts": 
[
{"name": "Accounting Software",
"description": "This app will get you to the Accounting Software.",
"url": "https://service.company.com",
"colorCode": 1
}
],
"appShortcutScripts": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
]
}

Delete a specific Entitlement.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

Entitlement was deleted successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

delete /entitlements/{id}

https://appgate.company.com:444/admin/entitlements/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Ringfence Rules

List all Ringfence Rules.

List all Ringfence Rules visible to current user.

query Parameters

query	string Query string to filter the result list. It's used for various fields depending on the object type.
range	string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'
orderBy	string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.
descending	string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.
filterBy	object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of Ringfence Rules.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /ringfence-rules

https://appgate.company.com:444/admin/ringfence-rules

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"query": "string",
"range": "0-30/54",
"orderBy": "name",
"descending": true,
"filterBy": 
[
{"name": "name",
"value": "AWS"
}
],
"data": 
[
{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:29Z",
"updated": "2020-07-17T09:48:29Z",
"tags": 
["developer",
"api-created"
],
"actions": 
[
{"protocol": "icmp",
"direction": "up",
"action": "allow",
"hosts": 
["10.0.2.0/24"
],
"ports": 
[80,
443,
"1024-2048"
],
"types": 
["0-255"
]
}
]
}
]
}

Create a new Ringfence Rule.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Ringfence Rule object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
actions required	Array of objects List of all ringfence actions in this Ringfence Rule.

Responses

200

Created Ringfence Rule.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

409

The submitted resource conflicts with another.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /ringfence-rules

https://appgate.company.com:444/admin/ringfence-rules

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"actions": 
[
{"protocol": "icmp",
"direction": "up",
"action": "allow",
"hosts": 
["10.0.2.0/24"
],
"ports": 
[80,
443,
"1024-2048"
],
"types": 
["0-255"
]
}
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:29Z",
"updated": "2020-07-17T09:48:29Z",
"tags": 
["developer",
"api-created"
],
"actions": 
[
{"protocol": "icmp",
"direction": "up",
"action": "allow",
"hosts": 
["10.0.2.0/24"
],
"ports": 
[80,
443,
"1024-2048"
],
"types": 
["0-255"
]
}
]
}

Get a specific Ringfence Rule.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Single Ringfence Rule object.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

get /ringfence-rules/{id}

https://appgate.company.com:444/admin/ringfence-rules/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:29Z",
"updated": "2020-07-17T09:48:29Z",
"tags": 
["developer",
"api-created"
],
"actions": 
[
{"protocol": "icmp",
"direction": "up",
"action": "allow",
"hosts": 
["10.0.2.0/24"
],
"ports": 
[80,
443,
"1024-2048"
],
"types": 
["0-255"
]
}
]
}

Update an existing Ringfence Rule.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Ringfence Rule object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
actions required	Array of objects List of all ringfence actions in this Ringfence Rule.

Responses

200

Updated Ringfence Rule.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

put /ringfence-rules/{id}

https://appgate.company.com:444/admin/ringfence-rules/{id}

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"actions": 
[
{"protocol": "icmp",
"direction": "up",
"action": "allow",
"hosts": 
["10.0.2.0/24"
],
"ports": 
[80,
443,
"1024-2048"
],
"types": 
["0-255"
]
}
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:29Z",
"updated": "2020-07-17T09:48:29Z",
"tags": 
["developer",
"api-created"
],
"actions": 
[
{"protocol": "icmp",
"direction": "up",
"action": "allow",
"hosts": 
["10.0.2.0/24"
],
"ports": 
[80,
443,
"1024-2048"
],
"types": 
["0-255"
]
}
]
}

Delete a specific Ringfence Rule.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

Ringfence Rule was deleted successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

delete /ringfence-rules/{id}

https://appgate.company.com:444/admin/ringfence-rules/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Appliances

List all Appliances.

List all Appliances visible to current user.

query Parameters

query	string Query string to filter the result list. It's used for various fields depending on the object type.
range	string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'
orderBy	string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.
descending	string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.
filterBy	object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of Appliances.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /appliances

https://appgate.company.com:444/admin/appliances

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"query": "string",
"range": "0-30/54",
"orderBy": "name",
"descending": true,
"filterBy": 
[
{"name": "name",
"value": "AWS"
}
],
"data": 
[
{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:29Z",
"updated": "2020-07-17T09:48:29Z",
"tags": 
["developer",
"api-created"
],
"activated": true,
"pendingCertificateRenewal": false,
"version": 9,
"hostname": "appgate.company.com",
"site": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"siteName": "Default Site",
"customization": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"connectToPeersUsingClientPortWithSpa": true,
"clientInterface": 
{"proxyProtocol": false,
"hostname": "appgate.company.com",
"httpsPort": 443,
"dtlsPort": 443,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
],
"overrideSpaMode": "Disabled"
},
"peerInterface": 
{"hostname": "appgate.company.com",
"httpsPort": 444,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"adminInterface": 
{"hostname": "appgate.company.com",
"httpsPort": 8443,
"httpsCiphers": 
["ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES128-GCM-SHA256"
],
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"networking": 
{"hosts": 
[
{"hostname": "internal.service.company.com",
"address": "10.10.10.10"
}
],
"nics": 
[
{"enabled": true,
"name": "eth0",
"ipv4": 
{"dhcp": 
{"enabled": true,
"dns": true,
"routers": true,
"ntp": true,
"mtu": true
},
"static": 
[
{"address": "10.10.10.1",
"netmask": 24,
"hostname": "appgate.company.com",
"snat": true
}
],
"virtualIp": "10.10.10.24"
},
"ipv6": 
{"dhcp": 
{"enabled": true,
"dns": true,
"ntp": true,
"mtu": true
},
"static": 
[
{"address": "2001:db8:0:0:0:ff00:42:8329",
"netmask": 24,
"hostname": "appgate.company.com",
"snat": true
}
],
"virtualIp": "2001:db8:0:0:0:ff00:42:8400"
},
"mtu": 1500
}
],
"dnsServers": 
["172.17.18.19",
"192.100.111.31"
],
"dnsDomains": 
["internal.company.com"
],
"routes": 
[
{"address": "10.0.0.0",
"netmask": 24,
"gateway": "10.0.0.254",
"nic": "eth0"
}
]
},
"ntp": 
{"servers": 
[
{"hostname": "0.ubuntu.pool.ntp.org",
"keyType": "MD5",
"key": "string"
}
]
},
"sshServer": 
{"enabled": false,
"port": 22,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
],
"passwordAuthentication": true
},
"snmpServer": 
{"enabled": false,
"tcpPort": 161,
"udpPort": 161,
"snmpd.conf": "string",
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"healthcheckServer": 
{"enabled": false,
"port": 5555,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"prometheusExporter": 
{"enabled": false,
"port": 5556,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"ping": 
{"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"logServer": 
{"enabled": false,
"retentionDays": 30
},
"controller": 
{"enabled": false
},
"gateway": 
{"enabled": false,
"vpn": 
{"weight": 100,
"allowDestinations": 
[
{"address": "192.168.111.0",
"netmask": 24,
"nic": "eth1"
}
]
}
},
"logForwarder": 
{"enabled": false,
"elasticsearch": 
{"awsId": "string",
"awsRegion": "eu-west-2",
"useInstanceCredentials": true,
"url": "https://aws.com/elasticsearch/instance/asdaxllkmda64",
"retentionDays": 30
},
"tcpClients": 
[
{"name": "Company SIEM",
"host": "siem.company.com",
"port": 8888,
"format": "json",
"useTLS": true,
"filter": "event_type=='authentication_succeeded'"
}
],
"awsKineses": 
[
{"awsId": "string",
"awsRegion": "eu-west-2",
"useInstanceCredentials": true,
"type": "Stream",
"streamName": "AppGate_SDP_audit",
"batchSize": 400,
"numberOfPartitionKeys": 10,
"filter": "event_type=='authentication_succeeded'"
}
],
"sites": 
["string"
]
},
"connector": 
{"enabled": false,
"expressClients": 
[
{"name": "Printers",
"deviceId": "12699e27-b584-464a-81ee-5b4784b6d425",
"allowResources": 
[
{"address": "0.0.0.0",
"netmask": 32
}
],
"snatToResources": true
}
],
"advancedClients": 
[
{"name": "Printers",
"deviceId": "12699e27-b584-464a-81ee-5b4784b6d425",
"allowResources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
],
"snatToTunnel": true
}
]
},
"rsyslogDestinations": 
[
{"selector": ":msg, contains, \"[AUDIT]\"",
"template": "%msg:9:$%\n",
"destination": "@@10.10.10.2"
}
],
"hostnameAliases": 
["appgatealias.company.com",
"alias2.appgate.company.com"
]
}
]
}

Create a new inactive Appliance.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Appliance object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
hostname required	string Generic hostname of the appliance. Used as linux hostname and to identify within logs.
site	string <uuid> Site served by the Appliance. Entitlements on this Site will be included in the Entitlement Token for this Appliance. Not useful if Gateway role is not enabled.
customization	string <uuid> Customization assigned to this Appliance.
connectToPeersUsingClientPortWithSpa	boolean Default: true Makes the Appliance to connect to Controller/LogServer/LogForwarders using their clientInterface.httpsPort instead of peerInterface.httpsPort. The Appliance uses SPA to connect.
clientInterface required	object The details of the Client connection interface.
peerInterface required	object The details of peer connection interface. Used by other appliances and administrative UI.
adminInterface	object The details of the admin connection interface. If null, admin interface will be accessible via peerInterface.
networking required	object Networking configuration of the system.
ntpServers	Array of strings Deprecated as of 4.3.0, use 'ntp' field instead. NTP servers to synchronize time.
ntp	object NTP configuration.
sshServer	object SSH server configuration.
snmpServer	object SNMP Server configuration.
healthcheckServer	object Healthcheck Server configuration.
prometheusExporter	object Prometheus Exporter configuration.
ping	object Rules for allowing ping.
logServer	object Log Server settings. Log Server collects audit logs from all the appliances and stores them.
controller	object Controller settings.
gateway	object Gateway settings.
logForwarder	object LogForwarder settings. LogForwarder collects audit logs from the appliances in the given sites and sends them to the given endpoints.
connector	object Connector settings.
rsyslogDestinations	Array of objects Rsyslog destination settings to forward appliance logs.
hostnameAliases	Array of strings Hostname aliases. They are added to the Appliance certificate as Subject Alternative Names so it is trusted using different IPs or hostnames. Requires manual certificate renewal to apply changes to the certificate.

Responses

200

Created Appliance.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

409

The submitted resource conflicts with another.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /appliances

https://appgate.company.com:444/admin/appliances

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"hostname": "appgate.company.com",
"site": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"customization": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"connectToPeersUsingClientPortWithSpa": true,
"clientInterface": 
{"proxyProtocol": false,
"hostname": "appgate.company.com",
"httpsPort": 443,
"dtlsPort": 443,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
],
"overrideSpaMode": "Disabled"
},
"peerInterface": 
{"hostname": "appgate.company.com",
"httpsPort": 444,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"adminInterface": 
{"hostname": "appgate.company.com",
"httpsPort": 8443,
"httpsCiphers": 
["ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES128-GCM-SHA256"
],
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"networking": 
{"hosts": 
[
{"hostname": "internal.service.company.com",
"address": "10.10.10.10"
}
],
"nics": 
[
{"enabled": true,
"name": "eth0",
"ipv4": 
{"dhcp": 
{"enabled": true,
"dns": true,
"routers": true,
"ntp": true,
"mtu": true
},
"static": 
[
{"address": "10.10.10.1",
"netmask": 24,
"hostname": "appgate.company.com",
"snat": true
}
],
"virtualIp": "10.10.10.24"
},
"ipv6": 
{"dhcp": 
{"enabled": true,
"dns": true,
"ntp": true,
"mtu": true
},
"static": 
[
{"address": "2001:db8:0:0:0:ff00:42:8329",
"netmask": 24,
"hostname": "appgate.company.com",
"snat": true
}
],
"virtualIp": "2001:db8:0:0:0:ff00:42:8400"
},
"mtu": 1500
}
],
"dnsServers": 
["172.17.18.19",
"192.100.111.31"
],
"dnsDomains": 
["internal.company.com"
],
"routes": 
[
{"address": "10.0.0.0",
"netmask": 24,
"gateway": "10.0.0.254",
"nic": "eth0"
}
]
},
"ntpServers": 
["91.189.89.199",
"0.ubuntu.pool.ntp.org"
],
"ntp": 
{"servers": 
[
{"hostname": "0.ubuntu.pool.ntp.org",
"keyType": "MD5",
"key": "string"
}
]
},
"sshServer": 
{"enabled": false,
"port": 22,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
],
"passwordAuthentication": true
},
"snmpServer": 
{"enabled": false,
"tcpPort": 161,
"udpPort": 161,
"snmpd.conf": "string",
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"healthcheckServer": 
{"enabled": false,
"port": 5555,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"prometheusExporter": 
{"enabled": false,
"port": 5556,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"ping": 
{"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"logServer": 
{"enabled": false,
"retentionDays": 30
},
"controller": 
{"enabled": false
},
"gateway": 
{"enabled": false,
"vpn": 
{"weight": 100,
"allowDestinations": 
[
{"address": "192.168.111.0",
"netmask": 24,
"nic": "eth1"
}
]
}
},
"logForwarder": 
{"enabled": false,
"elasticsearch": 
{"awsId": "string",
"awsSecret": "string",
"awsRegion": "eu-west-2",
"useInstanceCredentials": true,
"url": "https://aws.com/elasticsearch/instance/asdaxllkmda64",
"retentionDays": 30
},
"tcpClients": 
[
{"name": "Company SIEM",
"host": "siem.company.com",
"port": 8888,
"format": "json",
"useTLS": true,
"filter": "event_type=='authentication_succeeded'"
}
],
"awsKineses": 
[
{"awsId": "string",
"awsSecret": "string",
"awsRegion": "eu-west-2",
"useInstanceCredentials": true,
"type": "Stream",
"streamName": "AppGate_SDP_audit",
"batchSize": 400,
"numberOfPartitionKeys": 10,
"filter": "event_type=='authentication_succeeded'"
}
],
"sites": 
["string"
]
},
"connector": 
{"enabled": false,
"expressClients": 
[
{"name": "Printers",
"deviceId": "12699e27-b584-464a-81ee-5b4784b6d425",
"allowResources": 
[
{"address": "0.0.0.0",
"netmask": 32
}
],
"snatToResources": true
}
],
"advancedClients": 
[
{"name": "Printers",
"deviceId": "12699e27-b584-464a-81ee-5b4784b6d425",
"allowResources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
],
"snatToTunnel": true
}
]
},
"rsyslogDestinations": 
[
{"selector": ":msg, contains, \"[AUDIT]\"",
"template": "%msg:9:$%\n",
"destination": "@@10.10.10.2"
}
],
"hostnameAliases": 
["appgatealias.company.com",
"alias2.appgate.company.com"
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:29Z",
"updated": "2020-07-17T09:48:29Z",
"tags": 
["developer",
"api-created"
],
"activated": true,
"pendingCertificateRenewal": false,
"version": 9,
"hostname": "appgate.company.com",
"site": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"siteName": "Default Site",
"customization": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"connectToPeersUsingClientPortWithSpa": true,
"clientInterface": 
{"proxyProtocol": false,
"hostname": "appgate.company.com",
"httpsPort": 443,
"dtlsPort": 443,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
],
"overrideSpaMode": "Disabled"
},
"peerInterface": 
{"hostname": "appgate.company.com",
"httpsPort": 444,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"adminInterface": 
{"hostname": "appgate.company.com",
"httpsPort": 8443,
"httpsCiphers": 
["ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES128-GCM-SHA256"
],
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"networking": 
{"hosts": 
[
{"hostname": "internal.service.company.com",
"address": "10.10.10.10"
}
],
"nics": 
[
{"enabled": true,
"name": "eth0",
"ipv4": 
{"dhcp": 
{"enabled": true,
"dns": true,
"routers": true,
"ntp": true,
"mtu": true
},
"static": 
[
{"address": "10.10.10.1",
"netmask": 24,
"hostname": "appgate.company.com",
"snat": true
}
],
"virtualIp": "10.10.10.24"
},
"ipv6": 
{"dhcp": 
{"enabled": true,
"dns": true,
"ntp": true,
"mtu": true
},
"static": 
[
{"address": "2001:db8:0:0:0:ff00:42:8329",
"netmask": 24,
"hostname": "appgate.company.com",
"snat": true
}
],
"virtualIp": "2001:db8:0:0:0:ff00:42:8400"
},
"mtu": 1500
}
],
"dnsServers": 
["172.17.18.19",
"192.100.111.31"
],
"dnsDomains": 
["internal.company.com"
],
"routes": 
[
{"address": "10.0.0.0",
"netmask": 24,
"gateway": "10.0.0.254",
"nic": "eth0"
}
]
},
"ntp": 
{"servers": 
[
{"hostname": "0.ubuntu.pool.ntp.org",
"keyType": "MD5",
"key": "string"
}
]
},
"sshServer": 
{"enabled": false,
"port": 22,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
],
"passwordAuthentication": true
},
"snmpServer": 
{"enabled": false,
"tcpPort": 161,
"udpPort": 161,
"snmpd.conf": "string",
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"healthcheckServer": 
{"enabled": false,
"port": 5555,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"prometheusExporter": 
{"enabled": false,
"port": 5556,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"ping": 
{"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"logServer": 
{"enabled": false,
"retentionDays": 30
},
"controller": 
{"enabled": false
},
"gateway": 
{"enabled": false,
"vpn": 
{"weight": 100,
"allowDestinations": 
[
{"address": "192.168.111.0",
"netmask": 24,
"nic": "eth1"
}
]
}
},
"logForwarder": 
{"enabled": false,
"elasticsearch": 
{"awsId": "string",
"awsRegion": "eu-west-2",
"useInstanceCredentials": true,
"url": "https://aws.com/elasticsearch/instance/asdaxllkmda64",
"retentionDays": 30
},
"tcpClients": 
[
{"name": "Company SIEM",
"host": "siem.company.com",
"port": 8888,
"format": "json",
"useTLS": true,
"filter": "event_type=='authentication_succeeded'"
}
],
"awsKineses": 
[
{"awsId": "string",
"awsRegion": "eu-west-2",
"useInstanceCredentials": true,
"type": "Stream",
"streamName": "AppGate_SDP_audit",
"batchSize": 400,
"numberOfPartitionKeys": 10,
"filter": "event_type=='authentication_succeeded'"
}
],
"sites": 
["string"
]
},
"connector": 
{"enabled": false,
"expressClients": 
[
{"name": "Printers",
"deviceId": "12699e27-b584-464a-81ee-5b4784b6d425",
"allowResources": 
[
{"address": "0.0.0.0",
"netmask": 32
}
],
"snatToResources": true
}
],
"advancedClients": 
[
{"name": "Printers",
"deviceId": "12699e27-b584-464a-81ee-5b4784b6d425",
"allowResources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
],
"snatToTunnel": true
}
]
},
"rsyslogDestinations": 
[
{"selector": ":msg, contains, \"[AUDIT]\"",
"template": "%msg:9:$%\n",
"destination": "@@10.10.10.2"
}
],
"hostnameAliases": 
["appgatealias.company.com",
"alias2.appgate.company.com"
]
}

Get a specific Appliance.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Single Appliance.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

get /appliances/{id}

https://appgate.company.com:444/admin/appliances/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:30Z",
"updated": "2020-07-17T09:48:30Z",
"tags": 
["developer",
"api-created"
],
"activated": true,
"pendingCertificateRenewal": false,
"version": 9,
"hostname": "appgate.company.com",
"site": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"siteName": "Default Site",
"customization": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"connectToPeersUsingClientPortWithSpa": true,
"clientInterface": 
{"proxyProtocol": false,
"hostname": "appgate.company.com",
"httpsPort": 443,
"dtlsPort": 443,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
],
"overrideSpaMode": "Disabled"
},
"peerInterface": 
{"hostname": "appgate.company.com",
"httpsPort": 444,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"adminInterface": 
{"hostname": "appgate.company.com",
"httpsPort": 8443,
"httpsCiphers": 
["ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES128-GCM-SHA256"
],
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"networking": 
{"hosts": 
[
{"hostname": "internal.service.company.com",
"address": "10.10.10.10"
}
],
"nics": 
[
{"enabled": true,
"name": "eth0",
"ipv4": 
{"dhcp": 
{"enabled": true,
"dns": true,
"routers": true,
"ntp": true,
"mtu": true
},
"static": 
[
{"address": "10.10.10.1",
"netmask": 24,
"hostname": "appgate.company.com",
"snat": true
}
],
"virtualIp": "10.10.10.24"
},
"ipv6": 
{"dhcp": 
{"enabled": true,
"dns": true,
"ntp": true,
"mtu": true
},
"static": 
[
{"address": "2001:db8:0:0:0:ff00:42:8329",
"netmask": 24,
"hostname": "appgate.company.com",
"snat": true
}
],
"virtualIp": "2001:db8:0:0:0:ff00:42:8400"
},
"mtu": 1500
}
],
"dnsServers": 
["172.17.18.19",
"192.100.111.31"
],
"dnsDomains": 
["internal.company.com"
],
"routes": 
[
{"address": "10.0.0.0",
"netmask": 24,
"gateway": "10.0.0.254",
"nic": "eth0"
}
]
},
"ntp": 
{"servers": 
[
{"hostname": "0.ubuntu.pool.ntp.org",
"keyType": "MD5",
"key": "string"
}
]
},
"sshServer": 
{"enabled": false,
"port": 22,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
],
"passwordAuthentication": true
},
"snmpServer": 
{"enabled": false,
"tcpPort": 161,
"udpPort": 161,
"snmpd.conf": "string",
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"healthcheckServer": 
{"enabled": false,
"port": 5555,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"prometheusExporter": 
{"enabled": false,
"port": 5556,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"ping": 
{"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"logServer": 
{"enabled": false,
"retentionDays": 30
},
"controller": 
{"enabled": false
},
"gateway": 
{"enabled": false,
"vpn": 
{"weight": 100,
"allowDestinations": 
[
{"address": "192.168.111.0",
"netmask": 24,
"nic": "eth1"
}
]
}
},
"logForwarder": 
{"enabled": false,
"elasticsearch": 
{"awsId": "string",
"awsRegion": "eu-west-2",
"useInstanceCredentials": true,
"url": "https://aws.com/elasticsearch/instance/asdaxllkmda64",
"retentionDays": 30
},
"tcpClients": 
[
{"name": "Company SIEM",
"host": "siem.company.com",
"port": 8888,
"format": "json",
"useTLS": true,
"filter": "event_type=='authentication_succeeded'"
}
],
"awsKineses": 
[
{"awsId": "string",
"awsRegion": "eu-west-2",
"useInstanceCredentials": true,
"type": "Stream",
"streamName": "AppGate_SDP_audit",
"batchSize": 400,
"numberOfPartitionKeys": 10,
"filter": "event_type=='authentication_succeeded'"
}
],
"sites": 
["string"
]
},
"connector": 
{"enabled": false,
"expressClients": 
[
{"name": "Printers",
"deviceId": "12699e27-b584-464a-81ee-5b4784b6d425",
"allowResources": 
[
{"address": "0.0.0.0",
"netmask": 32
}
],
"snatToResources": true
}
],
"advancedClients": 
[
{"name": "Printers",
"deviceId": "12699e27-b584-464a-81ee-5b4784b6d425",
"allowResources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
],
"snatToTunnel": true
}
]
},
"rsyslogDestinations": 
[
{"selector": ":msg, contains, \"[AUDIT]\"",
"template": "%msg:9:$%\n",
"destination": "@@10.10.10.2"
}
],
"hostnameAliases": 
["appgatealias.company.com",
"alias2.appgate.company.com"
]
}

Update an existing Appliance.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Appliance object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
hostname required	string Generic hostname of the appliance. Used as linux hostname and to identify within logs.
site	string <uuid> Site served by the Appliance. Entitlements on this Site will be included in the Entitlement Token for this Appliance. Not useful if Gateway role is not enabled.
customization	string <uuid> Customization assigned to this Appliance.
connectToPeersUsingClientPortWithSpa	boolean Default: true Makes the Appliance to connect to Controller/LogServer/LogForwarders using their clientInterface.httpsPort instead of peerInterface.httpsPort. The Appliance uses SPA to connect.
clientInterface required	object The details of the Client connection interface.
peerInterface required	object The details of peer connection interface. Used by other appliances and administrative UI.
adminInterface	object The details of the admin connection interface. If null, admin interface will be accessible via peerInterface.
networking required	object Networking configuration of the system.
ntpServers	Array of strings Deprecated as of 4.3.0, use 'ntp' field instead. NTP servers to synchronize time.
ntp	object NTP configuration.
sshServer	object SSH server configuration.
snmpServer	object SNMP Server configuration.
healthcheckServer	object Healthcheck Server configuration.
prometheusExporter	object Prometheus Exporter configuration.
ping	object Rules for allowing ping.
logServer	object Log Server settings. Log Server collects audit logs from all the appliances and stores them.
controller	object Controller settings.
gateway	object Gateway settings.
logForwarder	object LogForwarder settings. LogForwarder collects audit logs from the appliances in the given sites and sends them to the given endpoints.
connector	object Connector settings.
rsyslogDestinations	Array of objects Rsyslog destination settings to forward appliance logs.
hostnameAliases	Array of strings Hostname aliases. They are added to the Appliance certificate as Subject Alternative Names so it is trusted using different IPs or hostnames. Requires manual certificate renewal to apply changes to the certificate.

Responses

200

Updated Appliance.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

put /appliances/{id}

https://appgate.company.com:444/admin/appliances/{id}

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"hostname": "appgate.company.com",
"site": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"customization": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"connectToPeersUsingClientPortWithSpa": true,
"clientInterface": 
{"proxyProtocol": false,
"hostname": "appgate.company.com",
"httpsPort": 443,
"dtlsPort": 443,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
],
"overrideSpaMode": "Disabled"
},
"peerInterface": 
{"hostname": "appgate.company.com",
"httpsPort": 444,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"adminInterface": 
{"hostname": "appgate.company.com",
"httpsPort": 8443,
"httpsCiphers": 
["ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES128-GCM-SHA256"
],
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"networking": 
{"hosts": 
[
{"hostname": "internal.service.company.com",
"address": "10.10.10.10"
}
],
"nics": 
[
{"enabled": true,
"name": "eth0",
"ipv4": 
{"dhcp": 
{"enabled": true,
"dns": true,
"routers": true,
"ntp": true,
"mtu": true
},
"static": 
[
{"address": "10.10.10.1",
"netmask": 24,
"hostname": "appgate.company.com",
"snat": true
}
],
"virtualIp": "10.10.10.24"
},
"ipv6": 
{"dhcp": 
{"enabled": true,
"dns": true,
"ntp": true,
"mtu": true
},
"static": 
[
{"address": "2001:db8:0:0:0:ff00:42:8329",
"netmask": 24,
"hostname": "appgate.company.com",
"snat": true
}
],
"virtualIp": "2001:db8:0:0:0:ff00:42:8400"
},
"mtu": 1500
}
],
"dnsServers": 
["172.17.18.19",
"192.100.111.31"
],
"dnsDomains": 
["internal.company.com"
],
"routes": 
[
{"address": "10.0.0.0",
"netmask": 24,
"gateway": "10.0.0.254",
"nic": "eth0"
}
]
},
"ntpServers": 
["91.189.89.199",
"0.ubuntu.pool.ntp.org"
],
"ntp": 
{"servers": 
[
{"hostname": "0.ubuntu.pool.ntp.org",
"keyType": "MD5",
"key": "string"
}
]
},
"sshServer": 
{"enabled": false,
"port": 22,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
],
"passwordAuthentication": true
},
"snmpServer": 
{"enabled": false,
"tcpPort": 161,
"udpPort": 161,
"snmpd.conf": "string",
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"healthcheckServer": 
{"enabled": false,
"port": 5555,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"prometheusExporter": 
{"enabled": false,
"port": 5556,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"ping": 
{"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"logServer": 
{"enabled": false,
"retentionDays": 30
},
"controller": 
{"enabled": false
},
"gateway": 
{"enabled": false,
"vpn": 
{"weight": 100,
"allowDestinations": 
[
{"address": "192.168.111.0",
"netmask": 24,
"nic": "eth1"
}
]
}
},
"logForwarder": 
{"enabled": false,
"elasticsearch": 
{"awsId": "string",
"awsSecret": "string",
"awsRegion": "eu-west-2",
"useInstanceCredentials": true,
"url": "https://aws.com/elasticsearch/instance/asdaxllkmda64",
"retentionDays": 30
},
"tcpClients": 
[
{"name": "Company SIEM",
"host": "siem.company.com",
"port": 8888,
"format": "json",
"useTLS": true,
"filter": "event_type=='authentication_succeeded'"
}
],
"awsKineses": 
[
{"awsId": "string",
"awsSecret": "string",
"awsRegion": "eu-west-2",
"useInstanceCredentials": true,
"type": "Stream",
"streamName": "AppGate_SDP_audit",
"batchSize": 400,
"numberOfPartitionKeys": 10,
"filter": "event_type=='authentication_succeeded'"
}
],
"sites": 
["string"
]
},
"connector": 
{"enabled": false,
"expressClients": 
[
{"name": "Printers",
"deviceId": "12699e27-b584-464a-81ee-5b4784b6d425",
"allowResources": 
[
{"address": "0.0.0.0",
"netmask": 32
}
],
"snatToResources": true
}
],
"advancedClients": 
[
{"name": "Printers",
"deviceId": "12699e27-b584-464a-81ee-5b4784b6d425",
"allowResources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
],
"snatToTunnel": true
}
]
},
"rsyslogDestinations": 
[
{"selector": ":msg, contains, \"[AUDIT]\"",
"template": "%msg:9:$%\n",
"destination": "@@10.10.10.2"
}
],
"hostnameAliases": 
["appgatealias.company.com",
"alias2.appgate.company.com"
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:30Z",
"updated": "2020-07-17T09:48:30Z",
"tags": 
["developer",
"api-created"
],
"activated": true,
"pendingCertificateRenewal": false,
"version": 9,
"hostname": "appgate.company.com",
"site": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"siteName": "Default Site",
"customization": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"connectToPeersUsingClientPortWithSpa": true,
"clientInterface": 
{"proxyProtocol": false,
"hostname": "appgate.company.com",
"httpsPort": 443,
"dtlsPort": 443,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
],
"overrideSpaMode": "Disabled"
},
"peerInterface": 
{"hostname": "appgate.company.com",
"httpsPort": 444,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"adminInterface": 
{"hostname": "appgate.company.com",
"httpsPort": 8443,
"httpsCiphers": 
["ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES128-GCM-SHA256"
],
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"networking": 
{"hosts": 
[
{"hostname": "internal.service.company.com",
"address": "10.10.10.10"
}
],
"nics": 
[
{"enabled": true,
"name": "eth0",
"ipv4": 
{"dhcp": 
{"enabled": true,
"dns": true,
"routers": true,
"ntp": true,
"mtu": true
},
"static": 
[
{"address": "10.10.10.1",
"netmask": 24,
"hostname": "appgate.company.com",
"snat": true
}
],
"virtualIp": "10.10.10.24"
},
"ipv6": 
{"dhcp": 
{"enabled": true,
"dns": true,
"ntp": true,
"mtu": true
},
"static": 
[
{"address": "2001:db8:0:0:0:ff00:42:8329",
"netmask": 24,
"hostname": "appgate.company.com",
"snat": true
}
],
"virtualIp": "2001:db8:0:0:0:ff00:42:8400"
},
"mtu": 1500
}
],
"dnsServers": 
["172.17.18.19",
"192.100.111.31"
],
"dnsDomains": 
["internal.company.com"
],
"routes": 
[
{"address": "10.0.0.0",
"netmask": 24,
"gateway": "10.0.0.254",
"nic": "eth0"
}
]
},
"ntp": 
{"servers": 
[
{"hostname": "0.ubuntu.pool.ntp.org",
"keyType": "MD5",
"key": "string"
}
]
},
"sshServer": 
{"enabled": false,
"port": 22,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
],
"passwordAuthentication": true
},
"snmpServer": 
{"enabled": false,
"tcpPort": 161,
"udpPort": 161,
"snmpd.conf": "string",
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"healthcheckServer": 
{"enabled": false,
"port": 5555,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"prometheusExporter": 
{"enabled": false,
"port": 5556,
"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"ping": 
{"allowSources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
]
},
"logServer": 
{"enabled": false,
"retentionDays": 30
},
"controller": 
{"enabled": false
},
"gateway": 
{"enabled": false,
"vpn": 
{"weight": 100,
"allowDestinations": 
[
{"address": "192.168.111.0",
"netmask": 24,
"nic": "eth1"
}
]
}
},
"logForwarder": 
{"enabled": false,
"elasticsearch": 
{"awsId": "string",
"awsRegion": "eu-west-2",
"useInstanceCredentials": true,
"url": "https://aws.com/elasticsearch/instance/asdaxllkmda64",
"retentionDays": 30
},
"tcpClients": 
[
{"name": "Company SIEM",
"host": "siem.company.com",
"port": 8888,
"format": "json",
"useTLS": true,
"filter": "event_type=='authentication_succeeded'"
}
],
"awsKineses": 
[
{"awsId": "string",
"awsRegion": "eu-west-2",
"useInstanceCredentials": true,
"type": "Stream",
"streamName": "AppGate_SDP_audit",
"batchSize": 400,
"numberOfPartitionKeys": 10,
"filter": "event_type=='authentication_succeeded'"
}
],
"sites": 
["string"
]
},
"connector": 
{"enabled": false,
"expressClients": 
[
{"name": "Printers",
"deviceId": "12699e27-b584-464a-81ee-5b4784b6d425",
"allowResources": 
[
{"address": "0.0.0.0",
"netmask": 32
}
],
"snatToResources": true
}
],
"advancedClients": 
[
{"name": "Printers",
"deviceId": "12699e27-b584-464a-81ee-5b4784b6d425",
"allowResources": 
[
{"address": 
["0.0.0.0",
"::"
],
"netmask": 0,
"nic": "eth0"
}
],
"snatToTunnel": true
}
]
},
"rsyslogDestinations": 
[
{"selector": ":msg, contains, \"[AUDIT]\"",
"template": "%msg:9:$%\n",
"destination": "@@10.10.10.2"
}
],
"hostnameAliases": 
["appgatealias.company.com",
"alias2.appgate.company.com"
]
}

Delete a specific Appliance.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

Appliance was deleted successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

delete /appliances/{id}

https://appgate.company.com:444/admin/appliances/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Export JSON seed for an inactive Appliance.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

query Parameters

latestVersion

boolean

If the Appliance object created on an old Controller and the version field is older than the current peer version, Controller generates a seed for that specific version. Adding this parameter overrides the version to the current one.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

SSH configuration during seeding.

provideCloudSSHKey	boolean Tells appliance to use the key generated by AWS or Azure.
sshKey	string SSH public key to allow.
password	string Appliance's CZ user password.

Responses

200

Exported JSON Appliance seed. Body must be saved as seed.json file.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /appliances/{id}/export

https://appgate.company.com:444/admin/appliances/{id}/export

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"provideCloudSSHKey": true,
"sshKey": "ssh-rsa ....",
"password": "tSW3!QBv(rj{UuLY"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all

{ }

Export ISO seed for an inactive Appliance.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

query Parameters

latestVersion

boolean

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

SSH configuration during seeding.

provideCloudSSHKey	boolean Tells appliance to use the key generated by AWS or Azure.
sshKey	string SSH public key to allow.
password	string Appliance's CZ user password.

Responses

200

Exported ISO Appliance seed.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /appliances/{id}/export/iso

https://appgate.company.com:444/admin/appliances/{id}/export/iso

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"provideCloudSSHKey": true,
"sshKey": "ssh-rsa ....",
"password": "tSW3!QBv(rj{UuLY"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"iso": "string"
}

Renew certificate of an active Appliance.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

Certificate renewal process started successfully.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

post /appliances/{id}/renew-certificate

https://appgate.company.com:444/admin/appliances/{id}/renew-certificate

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Upload and apply HTTPS certificate on the admin interface of an active Appliance.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

p12	string <byte> P12 binary in Base64 format.
password	string Default: "" Password for the p12 file.

Responses

204

P12 file is accepted and applied.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /appliances/{id}/admin-interface-p12

https://appgate.company.com:444/admin/appliances/{id}/admin-interface-p12

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"p12": "string",
"password": ""
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Deactivate an active Appliance.

Deactivate an active Appliance. If the appliance is still reachable, it will get a wipe command.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

query Parameters

wipe	boolean Default: true Sends wipe command to the Appliance. Equivalent to 'cz-config wipe-appliance' command on the Appliance. True by default.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

Appliance was deactivated successfully.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

post /appliances/{id}/deactivate

https://appgate.company.com:444/admin/appliances/{id}/deactivate

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Reboot an active Appliance.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

Appliance received the reboot command successfully.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

post /appliances/{id}/reboot

https://appgate.company.com:444/admin/appliances/{id}/reboot

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Test a resolver name on a Gateway.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

What to test on name resolvers.

resourceName

string

The resource name to test on the Gateway.

Responses

200

Test is completed successfully.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

409

The submitted resource conflicts with another.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /appliances/{id}/test-resolver-name

https://appgate.company.com:444/admin/appliances/{id}/test-resolver-name

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"resourceName": "aws://tag:Application=Software Defined Perimeter"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"ips": 
["10.0.0.1"
],
"error": "DNS name resolution error for ipv4, pycares errno 11: Could not contact DNS servers"
}

Get the status of name resolution on a Gateway.

Get the status of name resolution on a Gateway. It lists all the subscribed resource names from all the connected Clients and shows the resolution results.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Gateway returned the status successfully.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /appliances/{id}/name-resolution-status

https://appgate.company.com:444/admin/appliances/{id}/name-resolution-status

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"resolutions": 
{"aws://lb-tag:kubernetes.io/service-name=opsnonprod/erp-dev": 
{"partial": false,
"finals": 
["3.120.51.78",
"35.156.237.184"
],
"partials": 
["dns://all.GW-ELB-2001535196.eu-central-1.elb.amazonaws.com",
"dns://all.purple-lb-1785267452.eu-central-1.elb.amazonaws.com"
],
"errors": [ ]
}
}
}

Sites

List all Sites.

List all Sites visible to current user.

query Parameters

query	string Query string to filter the result list. It's used for various fields depending on the object type.
range	string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'
orderBy	string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.
descending	string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.
filterBy	object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of Sites.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /sites

https://appgate.company.com:444/admin/sites

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"query": "string",
"range": "0-30/54",
"orderBy": "name",
"descending": true,
"filterBy": 
[
{"name": "name",
"value": "AWS"
}
],
"data": 
[
{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:33Z",
"updated": "2020-07-17T09:48:33Z",
"tags": 
["developer",
"api-created"
],
"shortName": "AZU1",
"description": "Gives access to Azure endpoints.",
"networkSubnets": 
["10.0.0.0/16"
],
"ipPoolMappings": 
[
{"from": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"to": "8c07bc67-5711-42dd-b702-c2d6c45419f8"
}
],
"defaultGateway": 
{"enabledV4": false,
"enabledV6": false,
"excludedSubnets": 
["10.0.10.0/24"
]
},
"entitlementBasedRouting": false,
"vpn": 
{"stateSharing": false,
"snat": false,
"tls": 
{"enabled": true
},
"dtls": 
{"enabled": false
},
"routeVia": 
{"ipv4": "10.0.0.2",
"ipv6": "2001:db8:0:0:0:ff00:42:8329"
},
"webProxyEnabled": true,
"webProxyCertificateSubjectName": "string",
"ipAccessLogIntervalSeconds": 120
},
"nameResolution": 
{"useHostsFile": false,
"dnsResolvers": 
[
{"name": "DNS Resolver 1",
"updateInterval": 60,
"servers": 
["10.0.0.2"
],
"searchDomains": 
["company.com"
]
}
],
"awsResolvers": 
[
{"name": "AWS Resolver 1",
"updateInterval": 60,
"vpcs": 
["string"
],
"vpcAutoDiscovery": true,
"regions": 
["eu-west-2"
],
"useIAMRole": true,
"accessKeyId": "string",
"httpsProxy": "string",
"resolveWithMasterCredentials": true,
"assumedRoles": 
[
{"accountId": "string",
"roleName": "string",
"externalId": "string",
"regions": 
["string"
]
}
]
}
],
"azureResolvers": 
[
{"name": "string",
"updateInterval": 60,
"subscriptionId": "string",
"tenantId": "string",
"clientId": "string"
}
],
"esxResolvers": 
[
{"name": "string",
"updateInterval": 60,
"hostname": "string",
"username": "string"
}
],
"gcpResolvers": 
[
{"name": "string",
"updateInterval": 60,
"projectFilter": "string",
"instanceFilter": "string"
}
]
}
}
]
}

Create a new Site.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Site object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
shortName	string A short 4 letter name for the Site to be displayed on the Client.
description	string Description of the Site to be displayed on the Client.
networkSubnets	Array of strings Network subnets in CIDR format to define the Site's boundaries. They are added as routes by the Client.
ipPoolMappings	Array of objects List of IP Pool mappings for this specific Site. When IPs are allocated this Site, they will be mapped to a new one using this setting.
defaultGateway	object Default Gateway configuration.
entitlementBasedRouting	boolean Default: false When enabled, the routes are sent to the Client by the Gateways according to the user's Entitlements "networkSubnets" should be left be empty if it's enabled.
vpn	object VPN configuration for this Site.
nameResolution	object Settings for asset name resolution.

Responses

200

Created Site.

400

JSON error. Check the JSON format.

401

Token error. Login again.

402

Insufficient license.

403

Insufficient permissions to access this resource.

409

The submitted resource conflicts with another.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /sites

https://appgate.company.com:444/admin/sites

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"shortName": "AZU1",
"description": "Gives access to Azure endpoints.",
"networkSubnets": 
["10.0.0.0/16"
],
"ipPoolMappings": 
[
{"from": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"to": "8c07bc67-5711-42dd-b702-c2d6c45419f8"
}
],
"defaultGateway": 
{"enabledV4": false,
"enabledV6": false,
"excludedSubnets": 
["10.0.10.0/24"
]
},
"entitlementBasedRouting": false,
"vpn": 
{"stateSharing": false,
"snat": false,
"tls": 
{"enabled": true
},
"dtls": 
{"enabled": false
},
"routeVia": 
{"ipv4": "10.0.0.2",
"ipv6": "2001:db8:0:0:0:ff00:42:8329"
},
"webProxyEnabled": true,
"webProxyKeyStore": "string",
"ipAccessLogIntervalSeconds": 120
},
"nameResolution": 
{"useHostsFile": false,
"dnsResolvers": 
[
{"name": "DNS Resolver 1",
"updateInterval": 60,
"servers": 
["10.0.0.2"
],
"searchDomains": 
["company.com"
]
}
],
"awsResolvers": 
[
{"name": "AWS Resolver 1",
"updateInterval": 60,
"vpcs": 
["string"
],
"vpcAutoDiscovery": true,
"regions": 
["eu-west-2"
],
"useIAMRole": true,
"accessKeyId": "string",
"secretAccessKey": "string",
"httpsProxy": "string",
"resolveWithMasterCredentials": true,
"assumedRoles": 
[
{"accountId": "string",
"roleName": "string",
"externalId": "string",
"regions": 
["string"
]
}
]
}
],
"azureResolvers": 
[
{"name": "string",
"updateInterval": 60,
"subscriptionId": "string",
"tenantId": "string",
"clientId": "string",
"secret": "string"
}
],
"esxResolvers": 
[
{"name": "string",
"updateInterval": 60,
"hostname": "string",
"username": "string",
"password": "string"
}
],
"gcpResolvers": 
[
{"name": "string",
"updateInterval": 60,
"projectFilter": "string",
"instanceFilter": "string"
}
]
}
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:33Z",
"updated": "2020-07-17T09:48:33Z",
"tags": 
["developer",
"api-created"
],
"shortName": "AZU1",
"description": "Gives access to Azure endpoints.",
"networkSubnets": 
["10.0.0.0/16"
],
"ipPoolMappings": 
[
{"from": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"to": "8c07bc67-5711-42dd-b702-c2d6c45419f8"
}
],
"defaultGateway": 
{"enabledV4": false,
"enabledV6": false,
"excludedSubnets": 
["10.0.10.0/24"
]
},
"entitlementBasedRouting": false,
"vpn": 
{"stateSharing": false,
"snat": false,
"tls": 
{"enabled": true
},
"dtls": 
{"enabled": false
},
"routeVia": 
{"ipv4": "10.0.0.2",
"ipv6": "2001:db8:0:0:0:ff00:42:8329"
},
"webProxyEnabled": true,
"webProxyCertificateSubjectName": "string",
"ipAccessLogIntervalSeconds": 120
},
"nameResolution": 
{"useHostsFile": false,
"dnsResolvers": 
[
{"name": "DNS Resolver 1",
"updateInterval": 60,
"servers": 
["10.0.0.2"
],
"searchDomains": 
["company.com"
]
}
],
"awsResolvers": 
[
{"name": "AWS Resolver 1",
"updateInterval": 60,
"vpcs": 
["string"
],
"vpcAutoDiscovery": true,
"regions": 
["eu-west-2"
],
"useIAMRole": true,
"accessKeyId": "string",
"httpsProxy": "string",
"resolveWithMasterCredentials": true,
"assumedRoles": 
[
{"accountId": "string",
"roleName": "string",
"externalId": "string",
"regions": 
["string"
]
}
]
}
],
"azureResolvers": 
[
{"name": "string",
"updateInterval": 60,
"subscriptionId": "string",
"tenantId": "string",
"clientId": "string"
}
],
"esxResolvers": 
[
{"name": "string",
"updateInterval": 60,
"hostname": "string",
"username": "string"
}
],
"gcpResolvers": 
[
{"name": "string",
"updateInterval": 60,
"projectFilter": "string",
"instanceFilter": "string"
}
]
}
}

Get a specific Site.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Single Site.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

get /sites/{id}

https://appgate.company.com:444/admin/sites/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:33Z",
"updated": "2020-07-17T09:48:33Z",
"tags": 
["developer",
"api-created"
],
"shortName": "AZU1",
"description": "Gives access to Azure endpoints.",
"networkSubnets": 
["10.0.0.0/16"
],
"ipPoolMappings": 
[
{"from": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"to": "8c07bc67-5711-42dd-b702-c2d6c45419f8"
}
],
"defaultGateway": 
{"enabledV4": false,
"enabledV6": false,
"excludedSubnets": 
["10.0.10.0/24"
]
},
"entitlementBasedRouting": false,
"vpn": 
{"stateSharing": false,
"snat": false,
"tls": 
{"enabled": true
},
"dtls": 
{"enabled": false
},
"routeVia": 
{"ipv4": "10.0.0.2",
"ipv6": "2001:db8:0:0:0:ff00:42:8329"
},
"webProxyEnabled": true,
"webProxyCertificateSubjectName": "string",
"ipAccessLogIntervalSeconds": 120
},
"nameResolution": 
{"useHostsFile": false,
"dnsResolvers": 
[
{"name": "DNS Resolver 1",
"updateInterval": 60,
"servers": 
["10.0.0.2"
],
"searchDomains": 
["company.com"
]
}
],
"awsResolvers": 
[
{"name": "AWS Resolver 1",
"updateInterval": 60,
"vpcs": 
["string"
],
"vpcAutoDiscovery": true,
"regions": 
["eu-west-2"
],
"useIAMRole": true,
"accessKeyId": "string",
"httpsProxy": "string",
"resolveWithMasterCredentials": true,
"assumedRoles": 
[
{"accountId": "string",
"roleName": "string",
"externalId": "string",
"regions": 
["string"
]
}
]
}
],
"azureResolvers": 
[
{"name": "string",
"updateInterval": 60,
"subscriptionId": "string",
"tenantId": "string",
"clientId": "string"
}
],
"esxResolvers": 
[
{"name": "string",
"updateInterval": 60,
"hostname": "string",
"username": "string"
}
],
"gcpResolvers": 
[
{"name": "string",
"updateInterval": 60,
"projectFilter": "string",
"instanceFilter": "string"
}
]
}
}

Update an existing Site.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Site object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
shortName	string A short 4 letter name for the Site to be displayed on the Client.
description	string Description of the Site to be displayed on the Client.
networkSubnets	Array of strings Network subnets in CIDR format to define the Site's boundaries. They are added as routes by the Client.
ipPoolMappings	Array of objects List of IP Pool mappings for this specific Site. When IPs are allocated this Site, they will be mapped to a new one using this setting.
defaultGateway	object Default Gateway configuration.
entitlementBasedRouting	boolean Default: false When enabled, the routes are sent to the Client by the Gateways according to the user's Entitlements "networkSubnets" should be left be empty if it's enabled.
vpn	object VPN configuration for this Site.
nameResolution	object Settings for asset name resolution.

Responses

200

Updated Site.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

put /sites/{id}

https://appgate.company.com:444/admin/sites/{id}

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"shortName": "AZU1",
"description": "Gives access to Azure endpoints.",
"networkSubnets": 
["10.0.0.0/16"
],
"ipPoolMappings": 
[
{"from": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"to": "8c07bc67-5711-42dd-b702-c2d6c45419f8"
}
],
"defaultGateway": 
{"enabledV4": false,
"enabledV6": false,
"excludedSubnets": 
["10.0.10.0/24"
]
},
"entitlementBasedRouting": false,
"vpn": 
{"stateSharing": false,
"snat": false,
"tls": 
{"enabled": true
},
"dtls": 
{"enabled": false
},
"routeVia": 
{"ipv4": "10.0.0.2",
"ipv6": "2001:db8:0:0:0:ff00:42:8329"
},
"webProxyEnabled": true,
"webProxyKeyStore": "string",
"ipAccessLogIntervalSeconds": 120
},
"nameResolution": 
{"useHostsFile": false,
"dnsResolvers": 
[
{"name": "DNS Resolver 1",
"updateInterval": 60,
"servers": 
["10.0.0.2"
],
"searchDomains": 
["company.com"
]
}
],
"awsResolvers": 
[
{"name": "AWS Resolver 1",
"updateInterval": 60,
"vpcs": 
["string"
],
"vpcAutoDiscovery": true,
"regions": 
["eu-west-2"
],
"useIAMRole": true,
"accessKeyId": "string",
"secretAccessKey": "string",
"httpsProxy": "string",
"resolveWithMasterCredentials": true,
"assumedRoles": 
[
{"accountId": "string",
"roleName": "string",
"externalId": "string",
"regions": 
["string"
]
}
]
}
],
"azureResolvers": 
[
{"name": "string",
"updateInterval": 60,
"subscriptionId": "string",
"tenantId": "string",
"clientId": "string",
"secret": "string"
}
],
"esxResolvers": 
[
{"name": "string",
"updateInterval": 60,
"hostname": "string",
"username": "string",
"password": "string"
}
],
"gcpResolvers": 
[
{"name": "string",
"updateInterval": 60,
"projectFilter": "string",
"instanceFilter": "string"
}
]
}
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:33Z",
"updated": "2020-07-17T09:48:33Z",
"tags": 
["developer",
"api-created"
],
"shortName": "AZU1",
"description": "Gives access to Azure endpoints.",
"networkSubnets": 
["10.0.0.0/16"
],
"ipPoolMappings": 
[
{"from": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"to": "8c07bc67-5711-42dd-b702-c2d6c45419f8"
}
],
"defaultGateway": 
{"enabledV4": false,
"enabledV6": false,
"excludedSubnets": 
["10.0.10.0/24"
]
},
"entitlementBasedRouting": false,
"vpn": 
{"stateSharing": false,
"snat": false,
"tls": 
{"enabled": true
},
"dtls": 
{"enabled": false
},
"routeVia": 
{"ipv4": "10.0.0.2",
"ipv6": "2001:db8:0:0:0:ff00:42:8329"
},
"webProxyEnabled": true,
"webProxyCertificateSubjectName": "string",
"ipAccessLogIntervalSeconds": 120
},
"nameResolution": 
{"useHostsFile": false,
"dnsResolvers": 
[
{"name": "DNS Resolver 1",
"updateInterval": 60,
"servers": 
["10.0.0.2"
],
"searchDomains": 
["company.com"
]
}
],
"awsResolvers": 
[
{"name": "AWS Resolver 1",
"updateInterval": 60,
"vpcs": 
["string"
],
"vpcAutoDiscovery": true,
"regions": 
["eu-west-2"
],
"useIAMRole": true,
"accessKeyId": "string",
"httpsProxy": "string",
"resolveWithMasterCredentials": true,
"assumedRoles": 
[
{"accountId": "string",
"roleName": "string",
"externalId": "string",
"regions": 
["string"
]
}
]
}
],
"azureResolvers": 
[
{"name": "string",
"updateInterval": 60,
"subscriptionId": "string",
"tenantId": "string",
"clientId": "string"
}
],
"esxResolvers": 
[
{"name": "string",
"updateInterval": 60,
"hostname": "string",
"username": "string"
}
],
"gcpResolvers": 
[
{"name": "string",
"updateInterval": 60,
"projectFilter": "string",
"instanceFilter": "string"
}
]
}
}

Delete a specific Site.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

Site was deleted successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

delete /sites/{id}

https://appgate.company.com:444/admin/sites/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

IP Pools

List all IP Pools.

List all IP Pools visible to current user.

query Parameters

query	string Query string to filter the result list. It's used for various fields depending on the object type.
range	string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'
orderBy	string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.
descending	string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.
filterBy	object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of IP Pools.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /ip-pools

https://appgate.company.com:444/admin/ip-pools

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"query": "string",
"range": "0-30/54",
"orderBy": "name",
"descending": true,
"filterBy": 
[
{"name": "name",
"value": "AWS"
}
],
"data": 
[
{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:33Z",
"updated": "2020-07-17T09:48:33Z",
"tags": 
["developer",
"api-created"
],
"ipVersion6": false,
"ranges": 
[
{"first": "10.0.0.1",
"last": "10.0.0.254"
}
],
"leaseTimeDays": 30,
"total": 254,
"currentlyUsed": 16,
"reserved": 32
}
]
}

Create a new IP Pool.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

IP Pool object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
ipVersion6	boolean Default: false Whether the IP pool is for v4 or v6.
ranges	Array of objects List of (non-conflicting) IP address ranges to allocate IPs in order.
leaseTimeDays	integer Default: 30 Number of days Allocated IPs will be reserved for device&users before they are reclaimable by others.

Responses

200

Created IP Pool.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

409

The submitted resource conflicts with another.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /ip-pools

https://appgate.company.com:444/admin/ip-pools

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"ipVersion6": false,
"ranges": 
[
{"cidr": "10.0.0.0/24",
"first": "10.0.0.1",
"last": "10.0.0.254"
}
],
"leaseTimeDays": 30
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:33Z",
"updated": "2020-07-17T09:48:33Z",
"tags": 
["developer",
"api-created"
],
"ipVersion6": false,
"ranges": 
[
{"first": "10.0.0.1",
"last": "10.0.0.254"
}
],
"leaseTimeDays": 30,
"total": 254,
"currentlyUsed": 16,
"reserved": 32
}

Get a specific IP Pool.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Single IP Pool.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

get /ip-pools/{id}

https://appgate.company.com:444/admin/ip-pools/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:34Z",
"updated": "2020-07-17T09:48:34Z",
"tags": 
["developer",
"api-created"
],
"ipVersion6": false,
"ranges": 
[
{"first": "10.0.0.1",
"last": "10.0.0.254"
}
],
"leaseTimeDays": 30,
"total": 254,
"currentlyUsed": 16,
"reserved": 32
}

Update an existing IP Pool.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

IP Pool object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
ipVersion6	boolean Default: false Whether the IP pool is for v4 or v6.
ranges	Array of objects List of (non-conflicting) IP address ranges to allocate IPs in order.
leaseTimeDays	integer Default: 30 Number of days Allocated IPs will be reserved for device&users before they are reclaimable by others.

Responses

200

Updated IP Pool.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

put /ip-pools/{id}

https://appgate.company.com:444/admin/ip-pools/{id}

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"ipVersion6": false,
"ranges": 
[
{"cidr": "10.0.0.0/24",
"first": "10.0.0.1",
"last": "10.0.0.254"
}
],
"leaseTimeDays": 30
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:34Z",
"updated": "2020-07-17T09:48:34Z",
"tags": 
["developer",
"api-created"
],
"ipVersion6": false,
"ranges": 
[
{"first": "10.0.0.1",
"last": "10.0.0.254"
}
],
"leaseTimeDays": 30,
"total": 254,
"currentlyUsed": 16,
"reserved": 32
}

Delete a specific IP Pool.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

IP Pool was deleted successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

delete /ip-pools/{id}

https://appgate.company.com:444/admin/ip-pools/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

List all Allocated IPs by Distinguished Name.

path Parameters

distinguished-name

required

string

Example: CN=4c07bc6757ea42ddb702c2d6c45419fc,CN=user,OU=ldap

Distinguished name of the user&devices which will be affected by the operation. Format: 'CN=<device ID>,CN=<username>,OU=<provider name>'

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of Allocated IPs.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /ip-pools/allocated-ips/by-dn/{distinguished-name}

https://appgate.company.com:444/admin/ip-pools/allocated-ips/by-dn/{distinguished-name}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"data": 
[
{"poolId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"distinguishedName": "CN=4c07bc6757ea42ddb702c2d6c45419fc,CN=user,OU=ldap",
"ipAddress": "10.0.0.52",
"allocationTime": "2020-07-17T09:48:34Z",
"expirationTime": "2020-07-17T09:48:34Z"
}
]
}

List all Allocated IPs in the system.

List all Allocated IPs in the system

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of Allocated IPs.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /ip-pools/allocated-ips

https://appgate.company.com:444/admin/ip-pools/allocated-ips

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"data": 
[
{"poolId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"distinguishedName": "CN=4c07bc6757ea42ddb702c2d6c45419fc,CN=user,OU=ldap",
"ipAddress": "10.0.0.52",
"allocationTime": "2020-07-17T09:48:34Z",
"expirationTime": "2020-07-17T09:48:34Z"
}
]
}

Identity Providers

List all Identity Providers.

List all Identity Providers visible to current user.

query Parameters

query	string Query string to filter the result list. It's used for various fields depending on the object type.
range	string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'
orderBy	string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.
descending	string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.
filterBy	object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of Identity Providers.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /identity-providers

https://appgate.company.com:444/admin/identity-providers

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"query": "string",
"range": "0-30/54",
"orderBy": "name",
"descending": true,
"filterBy": 
[
{"name": "name",
"value": "AWS"
}
],
"data": 
[
{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:34Z",
"updated": "2020-07-17T09:48:34Z",
"tags": 
["developer",
"api-created"
],
"type": "LocalDatabase",
"displayName": "Company Active Directory",
"default": false,
"clientProvider": false,
"adminProvider": false,
"onBoarding2FA": 
{"mfaProviderId": "string",
"message": "Please use your multi factor authentication device to on-board.",
"deviceLimitPerUser": 100
},
"inactivityTimeoutMinutes": 0,
"ipPoolV4": "string",
"ipPoolV6": "string",
"dnsServers": 
["172.17.18.19",
"192.100.111.31"
],
"dnsSearchDomains": 
["internal.company.com"
],
"blockLocalDnsRequests": false,
"claimMappings": 
[
{"attributeName": "SAMAccountName",
"claimName": "username",
"list": false,
"encrypt": false
}
],
"onDemandClaimMappings": 
[
{"command": "fileSize",
"claimName": "antivirusRunning",
"parameters": 
{"name": "python3",
"path": "/usr/bin/python3",
"args": "--list"
},
"platform": "desktop.windows.all"
}
]
}
]
}

Create a new Identity Provider.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Identity Provider object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
type required	string The type of the Identity Provider. LocalDatabase
displayName	string Deprecated The name displayed to the user. "name" field is used for Distinguished Name generation. Deprecated as of 5.1 since the Client does not have the option to choose Identity Provider anymore.
default	boolean Default: false Whether the provider will be chosen by default in the Client UI. If enabled, it will remove the default flag of the current default Identity Provider.
clientProvider	boolean Deprecated Default: false Whether the provider will be listed in the Client UI or not. Deprecated as of 5.1 since the Client does not have the option to choose Identity Provider anymore.
adminProvider	boolean Default: false Whether the provider will be listed in the Admin UI or not.
onBoarding2FA	object On-boarding two-factor authentication settings. Leave it empty keep it disabled.
onBoardingType	string Deprecated Enum: "Require2FA" "Disabled" "NoVerification" Client on-boarding type. Deprecated as of 5.0. Use onBoarding2FA object instead.
onBoardingOtpProvider	string <uuid> Deprecated On-boarding MFA Provider ID if "onBoardingType" is Require2FA. Deprecated as of 5.0. Use onBoarding2FA object instead.
onBoardingOtpMessage	string Deprecated On-boarding MFA message to be displayed on the Client UI if "onBoardingType" is Require2FA. Deprecated as of 5.0. Use onBoarding2FA object instead.
inactivityTimeoutMinutes	integer Default: 0 (Desktop) clients will sign out automatically after the user has been inactive on the device for the configured duration. Set it to 0 to disable.
ipPoolV4	string <uuid> The IPv4 Pool ID the users in this Identity Provider are going to use to allocate IP addresses for the tunnels.
ipPoolV6	string <uuid> The IPv6 Pool ID the users in this Identity Provider are going to use to allocate IP addresses for the tunnels.
dnsServers	Array of strings The dns servers to be assigned to the Clients of the users in this Identity Provider.
dnsSearchDomains	Array of strings The dns search domains to be assigned to Clients of the users in this Identity Provider.
blockLocalDnsRequests	boolean Default: false Whether the Windows Client will block local DNS requests or not.
claimMappings	Array of objects The mapping of Identity Provider attributes to claims.
onDemandClaimMappings	Array of objects The mapping of Identity Provider on demand attributes to claims.
userLockoutThreshold	integer Default: 5 After how many failed authentication attempts will a local user be locked out from authenticating again for 1 minute.
minPasswordLength	integer Default: 0 Minimum password length requirement for local users.

Responses

200

Identity Provider object.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

409

The submitted resource conflicts with another.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /identity-providers

https://appgate.company.com:444/admin/identity-providers

Request samples

Payload

Content type

application/json

Example

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"type": "LocalDatabase",
"displayName": "Company Active Directory",
"default": false,
"clientProvider": false,
"adminProvider": false,
"onBoarding2FA": 
{"mfaProviderId": "string",
"message": "Please use your multi factor authentication device to on-board.",
"deviceLimitPerUser": 100
},
"onBoardingType": "Require2FA",
"onBoardingOtpProvider": "string",
"onBoardingOtpMessage": "string",
"inactivityTimeoutMinutes": 0,
"ipPoolV4": "string",
"ipPoolV6": "string",
"dnsServers": 
["172.17.18.19",
"192.100.111.31"
],
"dnsSearchDomains": 
["internal.company.com"
],
"blockLocalDnsRequests": false,
"claimMappings": 
[
{"attributeName": "SAMAccountName",
"claimName": "username",
"list": false,
"encrypt": false
}
],
"onDemandClaimMappings": 
[
{"command": "fileSize",
"claimName": "antivirusRunning",
"parameters": 
{"name": "python3",
"path": "/usr/bin/python3",
"args": "--list"
},
"platform": "desktop.windows.all"
}
],
"userLockoutThreshold": 5,
"minPasswordLength": 0
}

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:34Z",
"updated": "2020-07-17T09:48:34Z",
"tags": 
["developer",
"api-created"
],
"type": "LocalDatabase",
"displayName": "Company Active Directory",
"default": false,
"clientProvider": false,
"adminProvider": false,
"onBoarding2FA": 
{"mfaProviderId": "string",
"message": "Please use your multi factor authentication device to on-board.",
"deviceLimitPerUser": 100
},
"inactivityTimeoutMinutes": 0,
"ipPoolV4": "string",
"ipPoolV6": "string",
"dnsServers": 
["172.17.18.19",
"192.100.111.31"
],
"dnsSearchDomains": 
["internal.company.com"
],
"blockLocalDnsRequests": false,
"claimMappings": 
[
{"attributeName": "SAMAccountName",
"claimName": "username",
"list": false,
"encrypt": false
}
],
"onDemandClaimMappings": 
[
{"command": "fileSize",
"claimName": "antivirusRunning",
"parameters": 
{"name": "python3",
"path": "/usr/bin/python3",
"args": "--list"
},
"platform": "desktop.windows.all"
}
],
"userLockoutThreshold": 5,
"minPasswordLength": 0
}

Get a specific Identity Provider.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Identity Provider object.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

get /identity-providers/{id}

https://appgate.company.com:444/admin/identity-providers/{id}

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:34Z",
"updated": "2020-07-17T09:48:34Z",
"tags": 
["developer",
"api-created"
],
"type": "LocalDatabase",
"displayName": "Company Active Directory",
"default": false,
"clientProvider": false,
"adminProvider": false,
"onBoarding2FA": 
{"mfaProviderId": "string",
"message": "Please use your multi factor authentication device to on-board.",
"deviceLimitPerUser": 100
},
"inactivityTimeoutMinutes": 0,
"ipPoolV4": "string",
"ipPoolV6": "string",
"dnsServers": 
["172.17.18.19",
"192.100.111.31"
],
"dnsSearchDomains": 
["internal.company.com"
],
"blockLocalDnsRequests": false,
"claimMappings": 
[
{"attributeName": "SAMAccountName",
"claimName": "username",
"list": false,
"encrypt": false
}
],
"onDemandClaimMappings": 
[
{"command": "fileSize",
"claimName": "antivirusRunning",
"parameters": 
{"name": "python3",
"path": "/usr/bin/python3",
"args": "--list"
},
"platform": "desktop.windows.all"
}
],
"userLockoutThreshold": 5,
"minPasswordLength": 0
}

Update an existing Identity Provider.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Identity Provider object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
type required	string The type of the Identity Provider. LocalDatabase
displayName	string Deprecated The name displayed to the user. "name" field is used for Distinguished Name generation. Deprecated as of 5.1 since the Client does not have the option to choose Identity Provider anymore.
default	boolean Default: false Whether the provider will be chosen by default in the Client UI. If enabled, it will remove the default flag of the current default Identity Provider.
clientProvider	boolean Deprecated Default: false Whether the provider will be listed in the Client UI or not. Deprecated as of 5.1 since the Client does not have the option to choose Identity Provider anymore.
adminProvider	boolean Default: false Whether the provider will be listed in the Admin UI or not.
onBoarding2FA	object On-boarding two-factor authentication settings. Leave it empty keep it disabled.
onBoardingType	string Deprecated Enum: "Require2FA" "Disabled" "NoVerification" Client on-boarding type. Deprecated as of 5.0. Use onBoarding2FA object instead.
onBoardingOtpProvider	string <uuid> Deprecated On-boarding MFA Provider ID if "onBoardingType" is Require2FA. Deprecated as of 5.0. Use onBoarding2FA object instead.
onBoardingOtpMessage	string Deprecated On-boarding MFA message to be displayed on the Client UI if "onBoardingType" is Require2FA. Deprecated as of 5.0. Use onBoarding2FA object instead.
inactivityTimeoutMinutes	integer Default: 0 (Desktop) clients will sign out automatically after the user has been inactive on the device for the configured duration. Set it to 0 to disable.
ipPoolV4	string <uuid> The IPv4 Pool ID the users in this Identity Provider are going to use to allocate IP addresses for the tunnels.
ipPoolV6	string <uuid> The IPv6 Pool ID the users in this Identity Provider are going to use to allocate IP addresses for the tunnels.
dnsServers	Array of strings The dns servers to be assigned to the Clients of the users in this Identity Provider.
dnsSearchDomains	Array of strings The dns search domains to be assigned to Clients of the users in this Identity Provider.
blockLocalDnsRequests	boolean Default: false Whether the Windows Client will block local DNS requests or not.
claimMappings	Array of objects The mapping of Identity Provider attributes to claims.
onDemandClaimMappings	Array of objects The mapping of Identity Provider on demand attributes to claims.
userLockoutThreshold	integer Default: 5 After how many failed authentication attempts will a local user be locked out from authenticating again for 1 minute.
minPasswordLength	integer Default: 0 Minimum password length requirement for local users.

Responses

200

Identity Provider object.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

put /identity-providers/{id}

https://appgate.company.com:444/admin/identity-providers/{id}

Request samples

Payload

Content type

application/json

Example

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"type": "LocalDatabase",
"displayName": "Company Active Directory",
"default": false,
"clientProvider": false,
"adminProvider": false,
"onBoarding2FA": 
{"mfaProviderId": "string",
"message": "Please use your multi factor authentication device to on-board.",
"deviceLimitPerUser": 100
},
"onBoardingType": "Require2FA",
"onBoardingOtpProvider": "string",
"onBoardingOtpMessage": "string",
"inactivityTimeoutMinutes": 0,
"ipPoolV4": "string",
"ipPoolV6": "string",
"dnsServers": 
["172.17.18.19",
"192.100.111.31"
],
"dnsSearchDomains": 
["internal.company.com"
],
"blockLocalDnsRequests": false,
"claimMappings": 
[
{"attributeName": "SAMAccountName",
"claimName": "username",
"list": false,
"encrypt": false
}
],
"onDemandClaimMappings": 
[
{"command": "fileSize",
"claimName": "antivirusRunning",
"parameters": 
{"name": "python3",
"path": "/usr/bin/python3",
"args": "--list"
},
"platform": "desktop.windows.all"
}
],
"userLockoutThreshold": 5,
"minPasswordLength": 0
}

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:34Z",
"updated": "2020-07-17T09:48:34Z",
"tags": 
["developer",
"api-created"
],
"type": "LocalDatabase",
"displayName": "Company Active Directory",
"default": false,
"clientProvider": false,
"adminProvider": false,
"onBoarding2FA": 
{"mfaProviderId": "string",
"message": "Please use your multi factor authentication device to on-board.",
"deviceLimitPerUser": 100
},
"inactivityTimeoutMinutes": 0,
"ipPoolV4": "string",
"ipPoolV6": "string",
"dnsServers": 
["172.17.18.19",
"192.100.111.31"
],
"dnsSearchDomains": 
["internal.company.com"
],
"blockLocalDnsRequests": false,
"claimMappings": 
[
{"attributeName": "SAMAccountName",
"claimName": "username",
"list": false,
"encrypt": false
}
],
"onDemandClaimMappings": 
[
{"command": "fileSize",
"claimName": "antivirusRunning",
"parameters": 
{"name": "python3",
"path": "/usr/bin/python3",
"args": "--list"
},
"platform": "desktop.windows.all"
}
],
"userLockoutThreshold": 5,
"minPasswordLength": 0
}

Delete a specific Identity Provider.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

Identity Provider was deleted successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

delete /identity-providers/{id}

https://appgate.company.com:444/admin/identity-providers/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Test an Identity Provider connection.

Test connection for the given Identity Provider JSON.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Identity Provider object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
type required	string The type of the Identity Provider. LocalDatabase
displayName	string Deprecated The name displayed to the user. "name" field is used for Distinguished Name generation. Deprecated as of 5.1 since the Client does not have the option to choose Identity Provider anymore.
default	boolean Default: false Whether the provider will be chosen by default in the Client UI. If enabled, it will remove the default flag of the current default Identity Provider.
clientProvider	boolean Deprecated Default: false Whether the provider will be listed in the Client UI or not. Deprecated as of 5.1 since the Client does not have the option to choose Identity Provider anymore.
adminProvider	boolean Default: false Whether the provider will be listed in the Admin UI or not.
onBoarding2FA	object On-boarding two-factor authentication settings. Leave it empty keep it disabled.
onBoardingType	string Deprecated Enum: "Require2FA" "Disabled" "NoVerification" Client on-boarding type. Deprecated as of 5.0. Use onBoarding2FA object instead.
onBoardingOtpProvider	string <uuid> Deprecated On-boarding MFA Provider ID if "onBoardingType" is Require2FA. Deprecated as of 5.0. Use onBoarding2FA object instead.
onBoardingOtpMessage	string Deprecated On-boarding MFA message to be displayed on the Client UI if "onBoardingType" is Require2FA. Deprecated as of 5.0. Use onBoarding2FA object instead.
inactivityTimeoutMinutes	integer Default: 0 (Desktop) clients will sign out automatically after the user has been inactive on the device for the configured duration. Set it to 0 to disable.
ipPoolV4	string <uuid> The IPv4 Pool ID the users in this Identity Provider are going to use to allocate IP addresses for the tunnels.
ipPoolV6	string <uuid> The IPv6 Pool ID the users in this Identity Provider are going to use to allocate IP addresses for the tunnels.
dnsServers	Array of strings The dns servers to be assigned to the Clients of the users in this Identity Provider.
dnsSearchDomains	Array of strings The dns search domains to be assigned to Clients of the users in this Identity Provider.
blockLocalDnsRequests	boolean Default: false Whether the Windows Client will block local DNS requests or not.
claimMappings	Array of objects The mapping of Identity Provider attributes to claims.
onDemandClaimMappings	Array of objects The mapping of Identity Provider on demand attributes to claims.
userLockoutThreshold	integer Default: 5 After how many failed authentication attempts will a local user be locked out from authenticating again for 1 minute.
minPasswordLength	integer Default: 0 Minimum password length requirement for local users.

Responses

200

Test result.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

422

Request validation error. Check "errors" array for details.

post /identity-providers/test

https://appgate.company.com:444/admin/identity-providers/test

Request samples

Payload

Content type

application/json

Example

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"type": "LocalDatabase",
"displayName": "Company Active Directory",
"default": false,
"clientProvider": false,
"adminProvider": false,
"onBoarding2FA": 
{"mfaProviderId": "string",
"message": "Please use your multi factor authentication device to on-board.",
"deviceLimitPerUser": 100
},
"onBoardingType": "Require2FA",
"onBoardingOtpProvider": "string",
"onBoardingOtpMessage": "string",
"inactivityTimeoutMinutes": 0,
"ipPoolV4": "string",
"ipPoolV6": "string",
"dnsServers": 
["172.17.18.19",
"192.100.111.31"
],
"dnsSearchDomains": 
["internal.company.com"
],
"blockLocalDnsRequests": false,
"claimMappings": 
[
{"attributeName": "SAMAccountName",
"claimName": "username",
"list": false,
"encrypt": false
}
],
"onDemandClaimMappings": 
[
{"command": "fileSize",
"claimName": "antivirusRunning",
"parameters": 
{"name": "python3",
"path": "/usr/bin/python3",
"args": "--list"
},
"platform": "desktop.windows.all"
}
],
"userLockoutThreshold": 5,
"minPasswordLength": 0
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"success": false,
"error": "Connection timed out."
}

Get user attributes from an existing Identity Provider.

Get raw attributes and mapped claims for a user.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

User details to get attributes for.

username	string Required for Ldap, Radius and LocalDatabase providers.
password	string Required for Radius provider.
samlResponse	string A sample SAML token to extract attributes from. Required for SAML provider.

Responses

200

User attributes.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /identity-providers/{id}/attributes

https://appgate.company.com:444/admin/identity-providers/{id}/attributes

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"username": "username",
"password": "tSW3!QBv(rj{UuLY",
"samlResponse": "string"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"rawAttributes": 
{"samAccountName": 
["username"
],
"upn": 
["username@company.com"
]
},
"mappedAttributes": 
{"username": "username"
}
}

Local Users

List all Local Users.

List all Local Users visible to current user.

query Parameters

query	string Query string to filter the result list. It's used for various fields depending on the object type.
range	string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'
orderBy	string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.
descending	string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.
filterBy	object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of Local Users.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /local-users

https://appgate.company.com:444/admin/local-users

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"query": "string",
"range": "0-30/54",
"orderBy": "name",
"descending": true,
"filterBy": 
[
{"name": "name",
"value": "AWS"
}
],
"data": 
[
{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:34Z",
"updated": "2020-07-17T09:48:34Z",
"tags": 
["developer",
"api-created"
],
"firstName": "Bobby",
"lastName": "Tables",
"email": "bobby@tables.com",
"phone": "+1-202-555-0172",
"failedLoginAttempts": 0,
"lockStart": "2020-07-17T09:48:34Z"
}
]
}

Create a new Local User.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Local User object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
firstName required	string First name of the user. May be used as claim.
lastName required	string Last name of the user. May be used as claim.
password required	string Password for the user. Omit the field to keep the old password when updating a user.
email	string E-mail address for the user. May be used as claim.
phone	string Phone number for the user. May be used as claim.
failedLoginAttempts	number Number of wrong password login attempts since last successiful login.
lockStart	string <date-time> The date time when the user got locked out. A local user is locked out of the system after 5 consecutive failed login attempts. The lock is in effect for 1 minute. When the user logs in successfully, this field becomes null.

Responses

200

Created Local User.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

409

The submitted resource conflicts with another.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /local-users

https://appgate.company.com:444/admin/local-users

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"firstName": "Bobby",
"lastName": "Tables",
"password": "tSW3!QBv(rj{UuLY",
"email": "bobby@tables.com",
"phone": "+1-202-555-0172",
"failedLoginAttempts": 0,
"lockStart": "2020-07-17T09:48:34Z"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:34Z",
"updated": "2020-07-17T09:48:34Z",
"tags": 
["developer",
"api-created"
],
"firstName": "Bobby",
"lastName": "Tables",
"email": "bobby@tables.com",
"phone": "+1-202-555-0172",
"failedLoginAttempts": 0,
"lockStart": "2020-07-17T09:48:34Z"
}

Get a specific Local User.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Single Local User.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

get /local-users/{id}

https://appgate.company.com:444/admin/local-users/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:34Z",
"updated": "2020-07-17T09:48:34Z",
"tags": 
["developer",
"api-created"
],
"firstName": "Bobby",
"lastName": "Tables",
"email": "bobby@tables.com",
"phone": "+1-202-555-0172",
"failedLoginAttempts": 0,
"lockStart": "2020-07-17T09:48:34Z"
}

Update an existing Local User.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Local User object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
firstName required	string First name of the user. May be used as claim.
lastName required	string Last name of the user. May be used as claim.
password required	string Password for the user. Omit the field to keep the old password when updating a user.
email	string E-mail address for the user. May be used as claim.
phone	string Phone number for the user. May be used as claim.
failedLoginAttempts	number Number of wrong password login attempts since last successiful login.
lockStart	string <date-time> The date time when the user got locked out. A local user is locked out of the system after 5 consecutive failed login attempts. The lock is in effect for 1 minute. When the user logs in successfully, this field becomes null.

Responses

200

Updated Local User.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

put /local-users/{id}

https://appgate.company.com:444/admin/local-users/{id}

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"firstName": "Bobby",
"lastName": "Tables",
"password": "tSW3!QBv(rj{UuLY",
"email": "bobby@tables.com",
"phone": "+1-202-555-0172",
"failedLoginAttempts": 0,
"lockStart": "2020-07-17T09:48:34Z"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:34Z",
"updated": "2020-07-17T09:48:34Z",
"tags": 
["developer",
"api-created"
],
"firstName": "Bobby",
"lastName": "Tables",
"email": "bobby@tables.com",
"phone": "+1-202-555-0172",
"failedLoginAttempts": 0,
"lockStart": "2020-07-17T09:48:34Z"
}

Delete a specific Local User.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

Local User was deleted successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

delete /local-users/{id}

https://appgate.company.com:444/admin/local-users/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Administrative Roles

List all Administrative Roles.

List all Administrative Roles visible to current user.

query Parameters

query	string Query string to filter the result list. It's used for various fields depending on the object type.
range	string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'
orderBy	string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.
descending	string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.
filterBy	object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of Administrative Roles.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /administrative-roles

https://appgate.company.com:444/admin/administrative-roles

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"query": "string",
"range": "0-30/54",
"orderBy": "name",
"descending": true,
"filterBy": 
[
{"name": "name",
"value": "AWS"
}
],
"data": 
[
{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:34Z",
"updated": "2020-07-17T09:48:34Z",
"tags": 
["developer",
"api-created"
],
"privileges": 
[
{"type": "All",
"target": "All",
"scope": 
{"all": true,
"ids": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"tags": 
["tag"
]
},
"defaultTags": 
["api-created"
]
}
]
}
]
}

Create a new Administrative Role.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Administrative Role object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
privileges required	Array of objects Administrative privilege list.

Responses

200

Created Administrative Role.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

409

The submitted resource conflicts with another.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /administrative-roles

https://appgate.company.com:444/admin/administrative-roles

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"privileges": 
[
{"type": "All",
"target": "All",
"scope": 
{"all": true,
"ids": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"tags": 
["tag"
]
},
"defaultTags": 
["api-created"
]
}
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:34Z",
"updated": "2020-07-17T09:48:34Z",
"tags": 
["developer",
"api-created"
],
"privileges": 
[
{"type": "All",
"target": "All",
"scope": 
{"all": true,
"ids": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"tags": 
["tag"
]
},
"defaultTags": 
["api-created"
]
}
]
}

Get a specific Administrative Role.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Single Administrative Role.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

get /administrative-roles/{id}

https://appgate.company.com:444/admin/administrative-roles/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:34Z",
"updated": "2020-07-17T09:48:34Z",
"tags": 
["developer",
"api-created"
],
"privileges": 
[
{"type": "All",
"target": "All",
"scope": 
{"all": true,
"ids": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"tags": 
["tag"
]
},
"defaultTags": 
["api-created"
]
}
]
}

Update an existing Administrative Role.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Administrative Role object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
privileges required	Array of objects Administrative privilege list.

Responses

200

Updated Administrative Role.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

put /administrative-roles/{id}

https://appgate.company.com:444/admin/administrative-roles/{id}

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"privileges": 
[
{"type": "All",
"target": "All",
"scope": 
{"all": true,
"ids": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"tags": 
["tag"
]
},
"defaultTags": 
["api-created"
]
}
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:34Z",
"updated": "2020-07-17T09:48:34Z",
"tags": 
["developer",
"api-created"
],
"privileges": 
[
{"type": "All",
"target": "All",
"scope": 
{"all": true,
"ids": 
["4c07bc67-57ea-42dd-b702-c2d6c45419fc"
],
"tags": 
["tag"
]
},
"defaultTags": 
["api-created"
]
}
]
}

Delete a specific Administrative Role.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

Administrative Role were deleted successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

delete /administrative-roles/{id}

https://appgate.company.com:444/admin/administrative-roles/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Get Administrative Privilege type target map. For internal use.

The type target map summarizes what kind of Privileges one can create.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Type Target map.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /administrative-roles/type-target-map

https://appgate.company.com:444/admin/administrative-roles/type-target-map

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"actionMatrixMap": { }
}

MFA Providers

List all MFA Providers.

List all MFA Providers visible to current user.

query Parameters

query	string Query string to filter the result list. It's used for various fields depending on the object type.
range	string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'
orderBy	string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.
descending	string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.
filterBy	object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of MFA Providers.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /mfa-providers

https://appgate.company.com:444/admin/mfa-providers

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"query": "string",
"range": "0-30/54",
"orderBy": "name",
"descending": true,
"filterBy": 
[
{"name": "name",
"value": "AWS"
}
],
"data": 
[
{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:34Z",
"updated": "2020-07-17T09:48:34Z",
"tags": 
["developer",
"api-created"
],
"type": "Radius",
"hostnames": 
["mfa.company.com"
],
"port": 1812,
"authenticationProtocol": "CHAP",
"timeout": 6,
"mode": "Challenge",
"useUserPassword": true
}
]
}

Create a new MFA Provider.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

MFA Provider object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
type required	string Enum: "Radius" "DefaultTimeBased" The type of the MFA Provider. "DefaultTimeBased" is built-in, a new one cannot be created.
hostnames required	Array of strings Hostnames/IP addresses to connect.
port required	number Port to connect.
sharedSecret	string Radius shared secret to authenticate to the server.
authenticationProtocol	string Default: "CHAP" Enum: "PAP" "CHAP" Radius protocol to use while authenticating users.
timeout	number Default: 6 Timeout in seconds before giving up on response.
mode	string Default: "Challenge" Enum: "OneFactor" "Challenge" "Push" Defines the multi-factor authentication flow for RADIUS. "OneFactor" - The input from the user is sent as password and the response is used for result. "Challenge" - Before prompting the user, Controller sends a challenge request to the RADIUS server using "challengeSharedSecret" or the user password. Data from the response is used with user input to send the second RADIUS authentication request. "Push" - "challengeSharedSecret" or the user password is sent to RADIUS which triggers an external authentication flow. When the external authentication flow returns success, the MFA attempt is authenticated.
useUserPassword	boolean -> If enabled, the Client will send the cached password instead of using challengeSharedSecret" to initiate the multi-factor authentication.
challengeSharedSecret	string -> Password sent to RADIUS to initiate multi-factor authentication. Required if "useUserPassword" is not enabled.

Responses

200

MFA Provider object.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

409

The submitted resource conflicts with another.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /mfa-providers

https://appgate.company.com:444/admin/mfa-providers

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"type": "Radius",
"hostnames": 
["mfa.company.com"
],
"port": 1812,
"sharedSecret": "string",
"authenticationProtocol": "CHAP",
"timeout": 6,
"mode": "Challenge",
"useUserPassword": true,
"challengeSharedSecret": "string"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:34Z",
"updated": "2020-07-17T09:48:34Z",
"tags": 
["developer",
"api-created"
],
"type": "Radius",
"hostnames": 
["mfa.company.com"
],
"port": 1812,
"authenticationProtocol": "CHAP",
"timeout": 6,
"mode": "Challenge",
"useUserPassword": true
}

Get a specific MFA Provider.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

MFA Provider object.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

get /mfa-providers/{id}

https://appgate.company.com:444/admin/mfa-providers/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:34Z",
"updated": "2020-07-17T09:48:34Z",
"tags": 
["developer",
"api-created"
],
"type": "Radius",
"hostnames": 
["mfa.company.com"
],
"port": 1812,
"authenticationProtocol": "CHAP",
"timeout": 6,
"mode": "Challenge",
"useUserPassword": true
}

Update an existing MFA Provider.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

MFA Provider object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
type required	string Enum: "Radius" "DefaultTimeBased" The type of the MFA Provider. "DefaultTimeBased" is built-in, a new one cannot be created.
hostnames required	Array of strings Hostnames/IP addresses to connect.
port required	number Port to connect.
sharedSecret	string Radius shared secret to authenticate to the server.
authenticationProtocol	string Default: "CHAP" Enum: "PAP" "CHAP" Radius protocol to use while authenticating users.
timeout	number Default: 6 Timeout in seconds before giving up on response.
mode	string Default: "Challenge" Enum: "OneFactor" "Challenge" "Push" Defines the multi-factor authentication flow for RADIUS. "OneFactor" - The input from the user is sent as password and the response is used for result. "Challenge" - Before prompting the user, Controller sends a challenge request to the RADIUS server using "challengeSharedSecret" or the user password. Data from the response is used with user input to send the second RADIUS authentication request. "Push" - "challengeSharedSecret" or the user password is sent to RADIUS which triggers an external authentication flow. When the external authentication flow returns success, the MFA attempt is authenticated.
useUserPassword	boolean -> If enabled, the Client will send the cached password instead of using challengeSharedSecret" to initiate the multi-factor authentication.
challengeSharedSecret	string -> Password sent to RADIUS to initiate multi-factor authentication. Required if "useUserPassword" is not enabled.

Responses

200

MFA Provider object.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

put /mfa-providers/{id}

https://appgate.company.com:444/admin/mfa-providers/{id}

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"type": "Radius",
"hostnames": 
["mfa.company.com"
],
"port": 1812,
"sharedSecret": "string",
"authenticationProtocol": "CHAP",
"timeout": 6,
"mode": "Challenge",
"useUserPassword": true,
"challengeSharedSecret": "string"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:34Z",
"updated": "2020-07-17T09:48:34Z",
"tags": 
["developer",
"api-created"
],
"type": "Radius",
"hostnames": 
["mfa.company.com"
],
"port": 1812,
"authenticationProtocol": "CHAP",
"timeout": 6,
"mode": "Challenge",
"useUserPassword": true
}

Delete a specific MFA Provider.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

MFA Provider was deleted successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

delete /mfa-providers/{id}

https://appgate.company.com:444/admin/mfa-providers/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Test a MFA Provider connection.

Test connection for the given MFA Provider JSON.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

MFA Provider object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
type required	string Enum: "Radius" "DefaultTimeBased" The type of the MFA Provider. "DefaultTimeBased" is built-in, a new one cannot be created.
hostnames required	Array of strings Hostnames/IP addresses to connect.
port required	number Port to connect.
sharedSecret	string Radius shared secret to authenticate to the server.
authenticationProtocol	string Default: "CHAP" Enum: "PAP" "CHAP" Radius protocol to use while authenticating users.
timeout	number Default: 6 Timeout in seconds before giving up on response.
mode	string Default: "Challenge" Enum: "OneFactor" "Challenge" "Push" Defines the multi-factor authentication flow for RADIUS. "OneFactor" - The input from the user is sent as password and the response is used for result. "Challenge" - Before prompting the user, Controller sends a challenge request to the RADIUS server using "challengeSharedSecret" or the user password. Data from the response is used with user input to send the second RADIUS authentication request. "Push" - "challengeSharedSecret" or the user password is sent to RADIUS which triggers an external authentication flow. When the external authentication flow returns success, the MFA attempt is authenticated.
useUserPassword	boolean -> If enabled, the Client will send the cached password instead of using challengeSharedSecret" to initiate the multi-factor authentication.
challengeSharedSecret	string -> Password sent to RADIUS to initiate multi-factor authentication. Required if "useUserPassword" is not enabled.

Responses

200

Test result.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

422

Request validation error. Check "errors" array for details.

post /mfa-providers/test

https://appgate.company.com:444/admin/mfa-providers/test

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"type": "Radius",
"hostnames": 
["mfa.company.com"
],
"port": 1812,
"sharedSecret": "string",
"authenticationProtocol": "CHAP",
"timeout": 6,
"mode": "Challenge",
"useUserPassword": true,
"challengeSharedSecret": "string"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"success": false,
"error": "Connection timed out."
}

Default Time-Based OTP Provider Seeds

List all Default Time-Based OTP Provider Seeds.

query Parameters

query	string Query string to filter the result list. It's used for various fields depending on the object type.
range	string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'
orderBy	string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.
descending	string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.
filterBy	object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of Default Time-Based OTP Provider Seeds.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /otp/seeds

https://appgate.company.com:444/admin/otp/seeds

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"query": "string",
"range": "0-30/54",
"orderBy": "name",
"descending": true,
"filterBy": 
[
{"name": "name",
"value": "AWS"
}
],
"data": 
[
{"userDistinguishedName": "CN=user,OU=ldap",
"username": "user",
"providerName": "ldap",
"verified": true
}
]
}

Delete a Default Time-Based OTP Provider Seed for the given Distinguished Name.

path Parameters

distinguished-name

required

string

Example: CN=user,OU=ldap

'Distinguished name of the user whose Default Time-Based OTP Provider Seed to be deleted. Format: "CN=,OU="'

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

Default Time-Based OTP Provider Seed was removed successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

delete /otp/seeds/{distinguished-name}

https://appgate.company.com:444/admin/otp/seeds/{distinguished-name}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

FIDO2 Devices

List all registered FIDO2 Devices.

query Parameters

query	string Query string to filter the result list. It's used for various fields depending on the object type.
range	string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'
orderBy	string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.
descending	string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.
filterBy	object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of FIDO2 Devices.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /fido2-devices

https://appgate.company.com:444/admin/fido2-devices

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"query": "string",
"range": "0-30/54",
"orderBy": "name",
"descending": true,
"filterBy": 
[
{"name": "name",
"value": "AWS"
}
],
"data": 
[
{"userDistinguishedName": "CN=user,OU=ldap",
"username": "user",
"providerName": "ldap",
"deviceId": "1.3.6.1.4.1.41482.1.2",
"deviceName": "YubiKey NEO/NEO-n"
}
]
}

Delete a registered FIDO2 Device for the given Distinguished Name.

path Parameters

distinguished-name

required

string

Example: CN=user,OU=ldap

'Distinguished name of the user whose registered FIDO2 Device to be deleted. Format: "CN=,OU="'

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

registered FIDO2 Device was removed successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

delete /fido2-devices/{distinguished-name}

https://appgate.company.com:444/admin/fido2-devices/{distinguished-name}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

MFA for Admins

View Admin MFA settings.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Admin MFA settings.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /admin-mfa-settings

https://appgate.company.com:444/admin/admin-mfa-settings

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"providerId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"exemptedUsers": 
["CN=user,OU=provider"
]
}

Reset Admin MFA settings to disabled.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

Admin MFA settings were reset successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

delete /admin-mfa-settings

https://appgate.company.com:444/admin/admin-mfa-settings

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Update Admin MFA settings.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Admin MFA settings.

providerId	string <uuid> The MFA provider ID to use during Multi-Factor Authentication. If null, Admin MFA is disabled.
exemptedUsers	Array of strings List of users to be excluded from MFA during admin login.

Responses

204

Admin MFA settings were updated successfully.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

put /admin-mfa-settings

https://appgate.company.com:444/admin/admin-mfa-settings

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"providerId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"exemptedUsers": 
["CN=user,OU=provider"
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Trusted Certificates

List all Trusted Certificates.

List all Trusted Certificates visible to current user.

query Parameters

query	string Query string to filter the result list. It's used for various fields depending on the object type.
range	string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'
orderBy	string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.
descending	string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.
filterBy	object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of Trusted Certificates.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /trusted-certificates

https://appgate.company.com:444/admin/trusted-certificates

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"query": "string",
"range": "0-30/54",
"orderBy": "name",
"descending": true,
"filterBy": 
[
{"name": "name",
"value": "AWS"
}
],
"data": 
[
{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:34Z",
"updated": "2020-07-17T09:48:34Z",
"tags": 
["developer",
"api-created"
],
"pem": "-----BEGIN CERTIFICATE-----\n....\n-----END CERTIFICATE-----",
"details": 
{"version": 3,
"serial": 1542962969512,
"issuer": "CN=AppGate SDP CA",
"subject": "CN=AppGate SDP CA",
"validFrom": "2020-07-17T09:48:34Z",
"validTo": "2020-07-17T09:48:34Z",
"fingerprint": "d30247cee99a056c5ecdc409549165886d02925f9c64b681dff3d2ecf653355f",
"certificate": "string",
"subjectPublicKey": "string"
}
}
]
}

Create a new Trusted Certificate.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Trusted Certificate object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
pem required	string A certificate in PEM format.

Responses

200

Created Trusted Certificate.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

409

The submitted resource conflicts with another.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /trusted-certificates

https://appgate.company.com:444/admin/trusted-certificates

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"pem": "-----BEGIN CERTIFICATE-----\n....\n-----END CERTIFICATE-----"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:34Z",
"updated": "2020-07-17T09:48:34Z",
"tags": 
["developer",
"api-created"
],
"pem": "-----BEGIN CERTIFICATE-----\n....\n-----END CERTIFICATE-----",
"details": 
{"version": 3,
"serial": 1542962969512,
"issuer": "CN=AppGate SDP CA",
"subject": "CN=AppGate SDP CA",
"validFrom": "2020-07-17T09:48:34Z",
"validTo": "2020-07-17T09:48:34Z",
"fingerprint": "d30247cee99a056c5ecdc409549165886d02925f9c64b681dff3d2ecf653355f",
"certificate": "string",
"subjectPublicKey": "string"
}
}

Get a specific Trusted Certificate.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Single Trusted Certificate.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

get /trusted-certificates/{id}

https://appgate.company.com:444/admin/trusted-certificates/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:34Z",
"updated": "2020-07-17T09:48:34Z",
"tags": 
["developer",
"api-created"
],
"pem": "-----BEGIN CERTIFICATE-----\n....\n-----END CERTIFICATE-----",
"details": 
{"version": 3,
"serial": 1542962969512,
"issuer": "CN=AppGate SDP CA",
"subject": "CN=AppGate SDP CA",
"validFrom": "2020-07-17T09:48:34Z",
"validTo": "2020-07-17T09:48:34Z",
"fingerprint": "d30247cee99a056c5ecdc409549165886d02925f9c64b681dff3d2ecf653355f",
"certificate": "string",
"subjectPublicKey": "string"
}
}

Update an existing Trusted Certificate.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Trusted Certificate object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
pem required	string A certificate in PEM format.

Responses

200

Updated Trusted Certificate.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

put /trusted-certificates/{id}

https://appgate.company.com:444/admin/trusted-certificates/{id}

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"pem": "-----BEGIN CERTIFICATE-----\n....\n-----END CERTIFICATE-----"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:34Z",
"updated": "2020-07-17T09:48:34Z",
"tags": 
["developer",
"api-created"
],
"pem": "-----BEGIN CERTIFICATE-----\n....\n-----END CERTIFICATE-----",
"details": 
{"version": 3,
"serial": 1542962969512,
"issuer": "CN=AppGate SDP CA",
"subject": "CN=AppGate SDP CA",
"validFrom": "2020-07-17T09:48:34Z",
"validTo": "2020-07-17T09:48:34Z",
"fingerprint": "d30247cee99a056c5ecdc409549165886d02925f9c64b681dff3d2ecf653355f",
"certificate": "string",
"subjectPublicKey": "string"
}
}

Delete a specific Trusted Certificate.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

Trusted Certificate was deleted successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

delete /trusted-certificates/{id}

https://appgate.company.com:444/admin/trusted-certificates/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Criteria Scripts

List all Criteria Scripts.

List all Criteria Scripts visible to current user.

query Parameters

query	string Query string to filter the result list. It's used for various fields depending on the object type.
range	string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'
orderBy	string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.
descending	string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.
filterBy	object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of Criteria Scripts.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /criteria-scripts

https://appgate.company.com:444/admin/criteria-scripts

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"query": "string",
"range": "0-30/54",
"orderBy": "name",
"descending": true,
"filterBy": 
[
{"name": "name",
"value": "AWS"
}
],
"data": 
[
{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:34Z",
"updated": "2020-07-17T09:48:34Z",
"tags": 
["developer",
"api-created"
],
"expression": "return claims.user.username === 'admin';"
}
]
}

Create a new Criteria Script.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Criteria Script object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
expression required	string A JavaScript expression that returns boolean.

Responses

200

Created Criteria Script.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

409

The submitted resource conflicts with another.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /criteria-scripts

https://appgate.company.com:444/admin/criteria-scripts

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"expression": "return claims.user.username === 'admin';"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:34Z",
"updated": "2020-07-17T09:48:34Z",
"tags": 
["developer",
"api-created"
],
"expression": "return claims.user.username === 'admin';"
}

Get a specific Criteria Script.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Single Criteria Script.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

get /criteria-scripts/{id}

https://appgate.company.com:444/admin/criteria-scripts/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:34Z",
"updated": "2020-07-17T09:48:34Z",
"tags": 
["developer",
"api-created"
],
"expression": "return claims.user.username === 'admin';"
}

Update an existing Criteria Script.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Criteria Script object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
expression required	string A JavaScript expression that returns boolean.

Responses

200

Updated Criteria Script.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

put /criteria-scripts/{id}

https://appgate.company.com:444/admin/criteria-scripts/{id}

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"expression": "return claims.user.username === 'admin';"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:35Z",
"updated": "2020-07-17T09:48:35Z",
"tags": 
["developer",
"api-created"
],
"expression": "return claims.user.username === 'admin';"
}

Delete a specific Criteria Script.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

Criteria Script was deleted successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

delete /criteria-scripts/{id}

https://appgate.company.com:444/admin/criteria-scripts/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Device Scripts

List all Device Scripts.

List all Device Scripts visible to current user.

query Parameters

query	string Query string to filter the result list. It's used for various fields depending on the object type.
range	string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'
orderBy	string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.
descending	string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.
filterBy	object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of Device Scripts.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /device-scripts

https://appgate.company.com:444/admin/device-scripts

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"query": "string",
"range": "0-30/54",
"orderBy": "name",
"descending": true,
"filterBy": 
[
{"name": "name",
"value": "AWS"
}
],
"data": 
[
{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:35Z",
"updated": "2020-07-17T09:48:35Z",
"tags": 
["developer",
"api-created"
],
"filename": "test.sh",
"checksum": "9a913c1e1eccf35e6e78542b2152f7a7",
"checksumSha256": "ee9040f65c341855e070ff438eb0ea9d5b831b2a2c270fb7ef592d750408e3b3"
}
]
}

Create a new Device Script.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Device Script object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
filename required	string The name of the file to be downloaded as to the client devices.
file	string <byte> The Device Script binary in Base64 format.

Responses

200

Created Device Script.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

409

The submitted resource conflicts with another.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /device-scripts

https://appgate.company.com:444/admin/device-scripts

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"filename": "test.sh",
"file": "string"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:35Z",
"updated": "2020-07-17T09:48:35Z",
"tags": 
["developer",
"api-created"
],
"filename": "test.sh",
"checksum": "9a913c1e1eccf35e6e78542b2152f7a7",
"checksumSha256": "ee9040f65c341855e070ff438eb0ea9d5b831b2a2c270fb7ef592d750408e3b3"
}

Get a specific Device Script.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Single Device Script.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

get /device-scripts/{id}

https://appgate.company.com:444/admin/device-scripts/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:35Z",
"updated": "2020-07-17T09:48:35Z",
"tags": 
["developer",
"api-created"
],
"filename": "test.sh",
"checksum": "9a913c1e1eccf35e6e78542b2152f7a7",
"checksumSha256": "ee9040f65c341855e070ff438eb0ea9d5b831b2a2c270fb7ef592d750408e3b3"
}

Update an existing Device Script.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Device Script object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
filename required	string The name of the file to be downloaded as to the client devices.
file	string <byte> The Device Script binary in Base64 format.

Responses

200

Updated Device Script.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

put /device-scripts/{id}

https://appgate.company.com:444/admin/device-scripts/{id}

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"filename": "test.sh",
"file": "string"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:35Z",
"updated": "2020-07-17T09:48:35Z",
"tags": 
["developer",
"api-created"
],
"filename": "test.sh",
"checksum": "9a913c1e1eccf35e6e78542b2152f7a7",
"checksumSha256": "ee9040f65c341855e070ff438eb0ea9d5b831b2a2c270fb7ef592d750408e3b3"
}

Delete a specific Device Script.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

Device Script was deleted successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

delete /device-scripts/{id}

https://appgate.company.com:444/admin/device-scripts/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Download a Device Script.

Download the raw script.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Device Script including the binary.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

get /device-scripts/download/{id}

https://appgate.company.com:444/admin/device-scripts/download/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"name": "AntivirusCheck",
"filename": "av_check.exe",
"file": "string"
}

Entitlement Scripts

List all Entitlement Scripts.

List all Entitlement Scripts visible to current user.

query Parameters

query	string Query string to filter the result list. It's used for various fields depending on the object type.
range	string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'
orderBy	string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.
descending	string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.
filterBy	object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of Entitlement Scripts.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /entitlement-scripts

https://appgate.company.com:444/admin/entitlement-scripts

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"query": "string",
"range": "0-30/54",
"orderBy": "name",
"descending": true,
"filterBy": 
[
{"name": "name",
"value": "AWS"
}
],
"data": 
[
{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:35Z",
"updated": "2020-07-17T09:48:35Z",
"tags": 
["developer",
"api-created"
],
"type": "host",
"expression": "var httpResponse = httpGet('https://ips.company.com/my-resource');\nvar data = JSON.parse(httpResponse.data);\nreturn data.ips;"
}
]
}

Create a new Entitlement Script.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Entitlement Script object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
type	string Default: "host" Enum: "host" "portOrType" "appShortcut" The type of the field to use the script for.
expression required	string A JavaScript expression that returns a list of IPs and names.

Responses

200

Created Entitlement Script.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

409

The submitted resource conflicts with another.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /entitlement-scripts

https://appgate.company.com:444/admin/entitlement-scripts

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"type": "host",
"expression": "var httpResponse = httpGet('https://ips.company.com/my-resource');\nvar data = JSON.parse(httpResponse.data);\nreturn data.ips;"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:35Z",
"updated": "2020-07-17T09:48:35Z",
"tags": 
["developer",
"api-created"
],
"type": "host",
"expression": "var httpResponse = httpGet('https://ips.company.com/my-resource');\nvar data = JSON.parse(httpResponse.data);\nreturn data.ips;"
}

Get a specific Entitlement Script.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Single Entitlement Script object.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

get /entitlement-scripts/{id}

https://appgate.company.com:444/admin/entitlement-scripts/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:35Z",
"updated": "2020-07-17T09:48:35Z",
"tags": 
["developer",
"api-created"
],
"type": "host",
"expression": "var httpResponse = httpGet('https://ips.company.com/my-resource');\nvar data = JSON.parse(httpResponse.data);\nreturn data.ips;"
}

Update an existing Entitlement Script.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Entitlement Script object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
type	string Default: "host" Enum: "host" "portOrType" "appShortcut" The type of the field to use the script for.
expression required	string A JavaScript expression that returns a list of IPs and names.

Responses

200

Updated Entitlement Script.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

put /entitlement-scripts/{id}

https://appgate.company.com:444/admin/entitlement-scripts/{id}

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"type": "host",
"expression": "var httpResponse = httpGet('https://ips.company.com/my-resource');\nvar data = JSON.parse(httpResponse.data);\nreturn data.ips;"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:35Z",
"updated": "2020-07-17T09:48:35Z",
"tags": 
["developer",
"api-created"
],
"type": "host",
"expression": "var httpResponse = httpGet('https://ips.company.com/my-resource');\nvar data = JSON.parse(httpResponse.data);\nreturn data.ips;"
}

Delete a specific Entitlement Script.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

Entitlement Script was deleted successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

delete /entitlement-scripts/{id}

https://appgate.company.com:444/admin/entitlement-scripts/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Simulate a given expression for an Entitlement Script.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

The evaluation details.

expression required	string The javascript expression to evaluate.
userClaims	object
deviceClaims	object
systemClaims	object
time	string <date-time>
type required	string Enum: "host" "portOrType" "appShortcut" The type of the Entitlement Script.

Responses

200

Evaluation result.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /entitlement-scripts/test

https://appgate.company.com:444/admin/entitlement-scripts/test

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"expression": "return claims.user.username === 'admin';",
"userClaims": 
{"username": "admin",
"groups": 
["CN=test,OU=unit,DC=company,DC=com",
"CN=finance,OU=unit,DC=company,DC=com"
]
},
"deviceClaims": 
{"os": 
{"name": "Microsoft Windows 10 Pro",
"platform": "x64",
"type": "desktop"
},
"isUserAdmin": true,
"language": "en-us"
},
"systemClaims": 
{"connectTime": "2018-11-16T13:25:15.672Z",
"tunIPv4": "15.0.0.24",
"clientSrcIp": "192.168.111.184"
},
"time": "2020-07-17T09:48:35Z",
"type": "host"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"result": 
["10.0.0.1"
],
"output": "Debug log",
"error": "Expression does not return list. Received: Boolean"
}

Appliance Customizations

List all Appliance Customizations.

List all Appliance Customizations visible to current user.

query Parameters

query	string Query string to filter the result list. It's used for various fields depending on the object type.
range	string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'
orderBy	string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.
descending	string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.
filterBy	object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of Appliance Customizations.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /appliance-customizations

https://appgate.company.com:444/admin/appliance-customizations

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"query": "string",
"range": "0-30/54",
"orderBy": "name",
"descending": true,
"filterBy": 
[
{"name": "name",
"value": "AWS"
}
],
"data": 
[
{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:35Z",
"updated": "2020-07-17T09:48:35Z",
"tags": 
["developer",
"api-created"
],
"checksum": "a0041669f6f7031d32bc27305955327abe54aeb03670c4ae1b2a48e5d29e8e33",
"size": 854325
}
]
}

Create a new Appliance Customization.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Appliance Customization object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
file	string <byte> The Appliance Customization binary in Base64 format.

Responses

200

Created Appliance Customization.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

409

The submitted resource conflicts with another.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /appliance-customizations

https://appgate.company.com:444/admin/appliance-customizations

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"file": "string"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:35Z",
"updated": "2020-07-17T09:48:35Z",
"tags": 
["developer",
"api-created"
],
"checksum": "a0041669f6f7031d32bc27305955327abe54aeb03670c4ae1b2a48e5d29e8e33",
"size": 854325
}

Get a specific Appliance Customization.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Single Appliance Customization.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

get /appliance-customizations/{id}

https://appgate.company.com:444/admin/appliance-customizations/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:35Z",
"updated": "2020-07-17T09:48:35Z",
"tags": 
["developer",
"api-created"
],
"checksum": "a0041669f6f7031d32bc27305955327abe54aeb03670c4ae1b2a48e5d29e8e33",
"size": 854325
}

Update an existing Appliance Customization.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Appliance Customization object.

id required	string <uuid> ID of the object.
name required	string Name of the object.
notes	string Notes for the object. Used for documentation purposes.
tags	Array of strings Array of tags.
file	string <byte> The Appliance Customization binary in Base64 format.

Responses

200

Updated Appliance Customization.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

put /appliance-customizations/{id}

https://appgate.company.com:444/admin/appliance-customizations/{id}

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"tags": 
["developer",
"api-created"
],
"file": "string"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"name": "object",
"notes": "This object has been created for test purposes.",
"created": "2020-07-17T09:48:35Z",
"updated": "2020-07-17T09:48:35Z",
"tags": 
["developer",
"api-created"
],
"checksum": "a0041669f6f7031d32bc27305955327abe54aeb03670c4ae1b2a48e5d29e8e33",
"size": 854325
}

Delete a specific Appliance Customization.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

Appliance Customization was deleted successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

delete /appliance-customizations/{id}

https://appgate.company.com:444/admin/appliance-customizations/{id}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Active Devices

List all Distinguished Names active in the past 24 hour.

List all Distinguished Names active in the past 24 hour. Includes the users who has at least one token that has not expired past 24 hours. If a token was created 30 hours ago and it has 10 hours expiration time, it will be in this list.

query Parameters

query	string Query string to filter the result list. It's used for various fields depending on the object type.
range	string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'
orderBy	string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.
descending	string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.
filterBy	object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of Distinguished Names.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /token-records/dn

https://appgate.company.com:444/admin/token-records/dn

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"query": "string",
"range": "0-30/54",
"orderBy": "name",
"descending": true,
"filterBy": 
[
{"name": "name",
"value": "AWS"
}
],
"data": 
[
{"distinguishedName": "CN=4c07bc6757ea42ddb702c2d6c45419fc,CN=user,OU=ldap",
"deviceId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"username": "user",
"providerName": "ldap",
"lastTokenIssuedAt": "string",
"hostname": "user.ad.company.com"
}
]
}

Revoke all Tokens ending with the given Distinguished Name substring.

Revoke all Tokens belong to the user&devices ending with the given Distinguished Name substring.

path Parameters

distinguished-name

required

string

Example: CN=4c07bc6757ea42ddb702c2d6c45419fc,CN=user,OU=ldap

Distinguished name of the user&devices which will be affected by the operation. Format: 'CN=<device ID>,CN=<username>,OU=<provider name>'

query Parameters

tokenType

string

Enum: "Claims" "AdminClaims" "Entitlement" "Administration"

Optional query parameter to revoke only certain types of tokens.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Token revocation details.

revocationReason	string Optional reason text for the revocation. The value is stored and logged.
delayMinutes	integer Default: 5 The delay time for token revocation in minutes. Client will renew the token(s) at least 5 minutes before the revocation time, without losing connection.
tokensPerSecond	number Default: 7 Only used when revoking all Tokens. In order to spread the workload on the Controllers, tokens are revoked in batches according to this value.

Responses

200

Tokens were revoked successfully. Returns the list of revoked Tokens.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

put /token-records/revoked/by-dn/{distinguished-name}

https://appgate.company.com:444/admin/token-records/revoked/by-dn/{distinguished-name}

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"revocationReason": "Pushing the policy changes.",
"delayMinutes": 5,
"tokensPerSecond": 7
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Revoke all Tokens with given type.

path Parameters

token-type

required

string

Enum: "Claims" "AdminClaims" "Entitlement" "Administration"

The type of the tokens.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Token revocation details.

revocationReason	string Optional reason text for the revocation. The value is stored and logged.
delayMinutes	integer Default: 5 The delay time for token revocation in minutes. Client will renew the token(s) at least 5 minutes before the revocation time, without losing connection.
tokensPerSecond	number Default: 7 Only used when revoking all Tokens. In order to spread the workload on the Controllers, tokens are revoked in batches according to this value.

Responses

200

Tokens were revoked successfully. Returns the list of revoked tokens.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

put /token-records/revoked/by-type/{token-type}

https://appgate.company.com:444/admin/token-records/revoked/by-type/{token-type}

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"revocationReason": "Pushing the policy changes.",
"delayMinutes": 5,
"tokensPerSecond": 7
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Reevaluate all sessions with given Distinguished Name substring.

Reevaluate all sessions belongs to the user&devices ending with the given Distinguished Name substring.

path Parameters

distinguished-name

required

string

Example: CN=4c07bc6757ea42ddb702c2d6c45419fc,CN=user,OU=ldap

Distinguished name of the user&devices which will be affected by the operation. Format: 'CN=<device ID>,CN=<username>,OU=<provider name>'

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of reevaluated Distinguished Names.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

post /token-records/reeval/by-dn/{distinguished-name}

https://appgate.company.com:444/admin/token-records/reeval/by-dn/{distinguished-name}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"reevaluatedDistinguishedNames": 
["string"
]
}

Blacklisted Users

List all blacklisted Users.

query Parameters

query	string Query string to filter the result list. It's used for various fields depending on the object type.
range	string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'
orderBy	string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.
descending	string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.
filterBy	object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of blacklisted Users.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /blacklist

https://appgate.company.com:444/admin/blacklist

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"userDistinguishedName": "CN=user,OU=ldap",
"username": "user",
"providerName": "ldap",
"blacklistedAt": "2020-07-17T09:48:35Z",
"reason": "User's machine is compromised."
}

Blacklists a User.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Blacklisting details

userDistinguishedName	string Distinguished name of a user. Format: "CN=,OU="
username	string The username, same as the one in the user Distinguished Name.
providerName	string The provider name of the user, same as the one in the user Distinguished Name.
reason	string The reason for blacklisting. The value is stored and logged.

Responses

200

User was blacklisted successfully.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /blacklist

https://appgate.company.com:444/admin/blacklist

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"userDistinguishedName": "CN=user,OU=ldap",
"username": "user",
"providerName": "ldap",
"reason": "User's machine is compromised."
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"userDistinguishedName": "CN=user,OU=ldap",
"username": "user",
"providerName": "ldap",
"blacklistedAt": "2020-07-17T09:48:35Z",
"reason": "User's machine is compromised."
}

Remove the blacklist of a User for the given Distinguished Name.

path Parameters

distinguished-name

required

string

Example: CN=user,OU=ldap

Distinguished name of the user whose blacklist is to be removed. Format: "CN=,OU="

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

Blacklist was removed successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

delete /blacklist/{distinguished-name}

https://appgate.company.com:444/admin/blacklist/{distinguished-name}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Licensed Users

List all User Licenses.

query Parameters

query	string Query string to filter the result list. It's used for various fields depending on the object type.
range	string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'
orderBy	string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.
descending	string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.
filterBy	object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of User Licenses.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /license/users

https://appgate.company.com:444/admin/license/users

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"query": "string",
"range": "0-30/54",
"orderBy": "name",
"descending": true,
"filterBy": 
[
{"name": "name",
"value": "AWS"
}
],
"data": 
[
{"userDistinguishedName": "CN=user,OU=ldap",
"username": "user",
"providerName": "ldap",
"created": "2020-07-17T09:48:35Z"
}
]
}

Delete a User License for the given Distinguished Name.

path Parameters

distinguished-name

required

string

Example: CN=user,OU=ldap

Distinguished name of the user whose license to be deleted. Format: "CN=,OU="

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

User License was removed successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

delete /license/users/{distinguished-name}

https://appgate.company.com:444/admin/license/users/{distinguished-name}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

On-boarded Devices

List all On-Boarded Devices.

query Parameters

query	string Query string to filter the result list. It's used for various fields depending on the object type.
range	string Example: range=0-10 'Range string to limit the result list. Format: -. 3-10 means he items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'
orderBy	string Example: orderBy=name The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.
descending	string Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.
filterBy	object Example: filterBy=name=us-east&tags=aws Filters the result list by the given field and value. Supported fields vary from object to object. The filters can be combined with each other as well as the generic query field. The given value is checked for inclusion. The representation of the dynamic query parameters is not correct at the moment. See the example for getting a better idea.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of On-Boarded Devices.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /on-boarded-devices

https://appgate.company.com:444/admin/on-boarded-devices

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"query": "string",
"range": "0-30/54",
"orderBy": "name",
"descending": true,
"filterBy": 
[
{"name": "name",
"value": "AWS"
}
],
"data": 
[
{"distinguishedName": "CN=4c07bc6757ea42ddb702c2d6c45419fc,CN=user,OU=ldap",
"deviceId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"username": "user",
"providerName": "ldap",
"hostname": "user.ad.company.com",
"onBoardedAt": "2020-07-17T09:48:35Z"
}
]
}

Remove an On-Boarded Device for the given Distinguished Name.

Remove an On-Boarded Device for the given Distinguished Name. The device will need to on-board again.

path Parameters

distinguished-name

required

string

Example: CN=4c07bc6757ea42ddb702c2d6c45419fc,CN=user,OU=ldap

Distinguished name of the user&devices which will be affected by the operation. Format: 'CN=<device ID>,CN=<username>,OU=<provider name>'

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

On-Boarded Device was removed successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

delete /on-boarded-devices/{distinguished-name}

https://appgate.company.com:444/admin/on-boarded-devices/{distinguished-name}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Global Settings

View various Global Settings.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Global Settings.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /global-settings

https://appgate.company.com:444/admin/global-settings

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"claimsTokenExpiration": 1440,
"entitlementTokenExpiration": 180,
"administrationTokenExpiration": 720,
"vpnCertificateExpiration": 525600,
"loginBannerMessage": "Authorized use only.",
"messageOfTheDay": "Welcome to AppGate SDP.",
"backupApiEnabled": true,
"hasBackupPassphrase": true,
"fips": false,
"geoIpUpdates": false,
"auditLogPersistenceMode": "Default",
"appDiscoveryDomains": 
["company.com"
],
"collectiveId": "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
}

Reset all Global Settings to the default values.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

Global Settings were reset successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

delete /global-settings

https://appgate.company.com:444/admin/global-settings

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Update all Global Settings.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Global settings.

claimsTokenExpiration required	number Number of minutes the Claims Token is valid both for administrators and clients.
entitlementTokenExpiration required	number Number of minutes the Entitlement Token is valid for clients.
administrationTokenExpiration required	number Number of minutes the administration Token is valid for administrators.
vpnCertificateExpiration required	number Number of minutes the VPN certificates is valid for clients.
loginBannerMessage	string The configured message will be displayed on the login UI.
messageOfTheDay	string The configured message will be displayed after a successful loging.
backupApiEnabled	boolean Whether the backup API is enabled or not.
backupPassphrase	string The passphrase to encrypt Appliance Backups when backup API is used.
fips	boolean FIPS 140-2 Compliant Tunneling.
geoIpUpdates	boolean Whether the automatic GeoIp updates are enabled or not.
auditLogPersistenceMode required	string Enum: "Default" "Guaranteed" "Performance" Audit Log persistence mode.
appDiscoveryDomains	Array of strings Domains to monitor for for App Discovery feature.

Responses

204

Global Settings were updated successfully.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

put /global-settings

https://appgate.company.com:444/admin/global-settings

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"claimsTokenExpiration": 1440,
"entitlementTokenExpiration": 180,
"administrationTokenExpiration": 720,
"vpnCertificateExpiration": 525600,
"loginBannerMessage": "Authorized use only.",
"messageOfTheDay": "Welcome to AppGate SDP.",
"backupApiEnabled": true,
"backupPassphrase": "tSW3!QBv(rj{UuLY",
"fips": false,
"geoIpUpdates": false,
"auditLogPersistenceMode": "Default",
"appDiscoveryDomains": 
["company.com"
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Reset backup passphrase. Deprecated

Reset backup passphrase. Backup APIs will be disabled without a valid passphrase. Deprecated as of 5.0. Use backupApiEnabled field when editing the settings instead.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

Backup passphrase was reset successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

delete /global-settings-backup-passphrase

https://appgate.company.com:444/admin/global-settings-backup-passphrase

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Client Connections

View Client Connection settings.

View Client Connection settings. With API version 12, this API has changed significantly in order to manage client profiles. It is still possible to use the older APIs using older Accept headers.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Client Connection settings.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /client-connections

https://appgate.company.com:444/admin/client-connections

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"spaMode": "TCP",
"profiles": 
[
{"name": "Company Employee",
"spaKeyName": "test_key",
"identityProviderName": "local",
"url": "appgate://appgate.company.com/xyz...."
}
]
}

Reset Client Connections to the default settings.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

Client Connection settings were reset successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

delete /client-connections

https://appgate.company.com:444/admin/client-connections

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Update Client Connection settings.

Update Client Connection settings. With API version 12, this API has changed significantly in order to manage client profiles. It is still possible to use the older APIs using older Accept headers.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Client Connection settings.

spaMode	string Default: "TCP" Enum: "TCP" "UDP-TCP" SPA mode.
profiles	Array of objects Client Profiles.

Responses

200

Client Connection settings.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

put /client-connections

https://appgate.company.com:444/admin/client-connections

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"spaMode": "TCP",
"profiles": 
[
{"name": "Company Employee",
"spaKeyName": "test_key",
"identityProviderName": "local"
}
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"spaMode": "TCP",
"profiles": 
[
{"name": "Company Employee",
"spaKeyName": "test_key",
"identityProviderName": "local",
"url": "appgate://appgate.company.com/xyz...."
}
]
}

Get connection URL for the profile.

path Parameters

profileName

required

string

Example: Company%20Employee

Name of the profile.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Connection URL for the given profile.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

get /client-connections/{profileName}/url

https://appgate.company.com:444/admin/client-connections/{profileName}/url

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"url": "appgate://appgate.company.com/eyJjYUZpbmdlcnByaW50IjoiMmM4ZTBiNTM5YTM4NjRkYmVkYzhiOWRkMTcwYzM0NGFhMjZjZTVhNjA4MmY3YTI0YzRkZTU4ZGQ3NWRjNWZhMCIsImlkZW50aXR5UHJvdmlkZXJOYW1lIjoibG9jYWwifQ=="
}

Get QR code for connection URL.

path Parameters

profileName

required

string

Example: Company%20Employee

Name of the profile.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

QR code for the given profile.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

get /client-connections/{profileName}/barcode

https://appgate.company.com:444/admin/client-connections/{profileName}/barcode

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"barcode": "string"
}

Client Auto-Update

View Client Auto-Update settings.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Client Auto-Update settings.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /auto-update-settings

https://appgate.company.com:444/admin/auto-update-settings

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"enabled": true,
"criteriaScript": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"windows": 
{"url": "https://sdpdownloads.appgate.com/AppGate-SDP-4.1/clients/AppGate-SDP-4.1.3-Installer.exe",
"version": "4.1.3"
},
"macOS": 
{"url": "https://sdpdownloads.appgate.com/AppGate-SDP-4.1/clients/AppGate-SDP-4.1.3-Installer.exe",
"version": "4.1.3"
},
"ubuntu": 
{"url": "https://sdpdownloads.appgate.com/AppGate-SDP-4.1/clients/AppGate-SDP-4.1.3-Installer.exe",
"version": "4.1.3"
},
"fedora": 
{"url": "https://sdpdownloads.appgate.com/AppGate-SDP-4.1/clients/AppGate-SDP-4.1.3-Installer.exe",
"version": "4.1.3"
},
"redHat7": 
{"url": "https://sdpdownloads.appgate.com/AppGate-SDP-4.1/clients/AppGate-SDP-4.1.3-Installer.exe",
"version": "4.1.3"
}
}

Update Client Auto-Update settings.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Client Auto-Update settings.

enabled	boolean Whether the Client Auto-Update is enabled or not.
criteriaScript	string <uuid> The Criteria Script to evaluate the Client claims during authorization in order to decide whether the Client Auto-Update will be applied or not.
windows	object Client Auto-Update settings for the specified platform.
macOS	object Client Auto-Update settings for the specified platform.
ubuntu	object Client Auto-Update settings for the specified platform.
fedora	object Client Auto-Update settings for the specified platform.
redHat7	object Client Auto-Update settings for the specified platform.

Responses

204

Client Auto-Update settings were updated successfully.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

put /auto-update-settings

https://appgate.company.com:444/admin/auto-update-settings

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"enabled": true,
"criteriaScript": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"windows": 
{"url": "https://sdpdownloads.appgate.com/AppGate-SDP-4.1/clients/AppGate-SDP-4.1.3-Installer.exe",
"version": "4.1.3"
},
"macOS": 
{"url": "https://sdpdownloads.appgate.com/AppGate-SDP-4.1/clients/AppGate-SDP-4.1.3-Installer.exe",
"version": "4.1.3"
},
"ubuntu": 
{"url": "https://sdpdownloads.appgate.com/AppGate-SDP-4.1/clients/AppGate-SDP-4.1.3-Installer.exe",
"version": "4.1.3"
},
"fedora": 
{"url": "https://sdpdownloads.appgate.com/AppGate-SDP-4.1/clients/AppGate-SDP-4.1.3-Installer.exe",
"version": "4.1.3"
},
"redHat7": 
{"url": "https://sdpdownloads.appgate.com/AppGate-SDP-4.1/clients/AppGate-SDP-4.1.3-Installer.exe",
"version": "4.1.3"
}
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

CA

Get the current CA Certificate.

Responses

200

CA certificate details with the certificate encoded in DER format.

500

Unexpected server side error.

get /certificate-authority/ca

https://appgate.company.com:444/admin/certificate-authority/ca

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"version": 3,
"serial": 1542962969512,
"issuer": "CN=AppGate SDP CA",
"subject": "CN=AppGate SDP CA",
"validFrom": "2020-07-17T09:48:35Z",
"validTo": "2020-07-17T09:48:35Z",
"fingerprint": "d30247cee99a056c5ecdc409549165886d02925f9c64b681dff3d2ecf653355f",
"certificate": "string",
"subjectPublicKey": "string"
}

Get the current CA Certificate in PEM format.

Responses

200

CA certificate details with the certificate encoded in PEM format.

500

Unexpected server side error.

get /certificate-authority/ca/pem

https://appgate.company.com:444/admin/certificate-authority/ca/pem

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"version": 3,
"serial": 1542962969512,
"issuer": "CN=AppGate SDP CA",
"subject": "CN=AppGate SDP CA",
"validFrom": "2020-07-17T09:48:35Z",
"validTo": "2020-07-17T09:48:35Z",
"fingerprint": "d30247cee99a056c5ecdc409549165886d02925f9c64b681dff3d2ecf653355f",
"certificate": "string",
"subjectPublicKey": "string"
}

Get the next CA Certificate.

Get the next CA Certificate which will be migrated.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Next CA Certificate details with the certificate encoded in PEM format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

get /certificate-authority/ca/next

https://appgate.company.com:444/admin/certificate-authority/ca/next

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"version": 3,
"serial": 1542962969512,
"issuer": "CN=AppGate SDP CA",
"subject": "CN=AppGate SDP CA",
"validFrom": "2020-07-17T09:48:35Z",
"validTo": "2020-07-17T09:48:35Z",
"fingerprint": "d30247cee99a056c5ecdc409549165886d02925f9c64b681dff3d2ecf653355f",
"certificate": "string",
"subjectPublicKey": "string"
}

Delete the next CA certificate.

Delete the next CA certificate in order to be able to generate a new one.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

The next CA certificate was deleted successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

delete /certificate-authority/ca/next

https://appgate.company.com:444/admin/certificate-authority/ca/next

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Generate next CA Certificate.

Generate a new self-signed next CA certificate for migration.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

CA parameters.

subject	string Default: "CN=AppGate SDP CA" X509 subject name for the CA certificate.
validityYears	number Default: 10 How long the new CA certificate will be valid.

Responses

200

Generated CA certificate details with the certificate encoded in PEM format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

post /certificate-authority/ca/next/generate

https://appgate.company.com:444/admin/certificate-authority/ca/next/generate

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"subject": "CN=AppGate SDP CA",
"validityYears": 10
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"version": 3,
"serial": 1542962969512,
"issuer": "CN=AppGate SDP CA",
"subject": "CN=AppGate SDP CA",
"validFrom": "2020-07-17T09:48:35Z",
"validTo": "2020-07-17T09:48:35Z",
"fingerprint": "d30247cee99a056c5ecdc409549165886d02925f9c64b681dff3d2ecf653355f",
"certificate": "string",
"subjectPublicKey": "string"
}

Switch to the next CA certificate.

Switch to the next CA certificate. Note that this is a highly disruptive action. Read the manual before proceeding.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

CA switch parameters.

force

boolean

Default: false

Force the CA switch without making sure all Appliances are ready.

Responses

204

The migration to the next CA certificate was successful. Note that this action may trigger a restart of the Controller before returning a response.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

412

One or more Appliances have failed the healthcheck for CA switch.

500

Unexpected server side error.

post /certificate-authority/ca/next/switch

https://appgate.company.com:444/admin/certificate-authority/ca/next/switch

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"force": false
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

License

Get the current License.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

License details including usage.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /license

https://appgate.company.com:444/admin/license

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"entitled": 
{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"type": 2,
"request": "1675ab19fe2",
"expiration": "2020-07-17T09:48:35Z",
"maxUsers": 200,
"maxSites": 5
},
"requestCode": "string",
"usage": 
{"users": 152,
"sites": 3
},
"error": "License is expired.",
"used": 
{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"type": 2,
"request": "1675ab19fe2",
"expiration": "2020-07-17T09:48:35Z",
"maxUsers": 200,
"maxSites": 5
}
}

Upload a new License.

Upload a new License and override the existing one.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

License import.

license

required

string

The license file contents for this Controller (with the matching request code).

Responses

200

License details.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /license

https://appgate.company.com:444/admin/license

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"license": "string"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"type": 2,
"request": "1675ab19fe2",
"expiration": "2020-07-17T09:48:35Z",
"maxUsers": 200,
"maxSites": 5
}

Delete the current License.

Delete the current License to revert to the Built-in License.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

License was deleted successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

delete /license

https://appgate.company.com:444/admin/license

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Get the current License.

Get the current License which will be activated when CA certificate switch occurs. Licenses are bound to the CA Certificate.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

License details including usage.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

get /license/next

https://appgate.company.com:444/admin/license/next

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"entitled": 
{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"type": 2,
"request": "1675ab19fe2",
"expiration": "2020-07-17T09:48:35Z",
"maxUsers": 200,
"maxSites": 5
},
"requestCode": "string",
"usage": 
{"users": 152,
"sites": 3
},
"error": "License is expired.",
"used": 
{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"type": 2,
"request": "1675ab19fe2",
"expiration": "2020-07-17T09:48:35Z",
"maxUsers": 200,
"maxSites": 5
}
}

Upload a new next License.

Upload a new next License to be switched when CA certificate is switched.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

License import.

license

required

string

The license file contents for this Controller (with the matching request code).

Responses

200

License details.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /license/next

https://appgate.company.com:444/admin/license/next

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"license": "string"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc",
"type": 2,
"request": "1675ab19fe2",
"expiration": "2020-07-17T09:48:35Z",
"maxUsers": 200,
"maxSites": 5
}

Delete the next License.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

License was deleted successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

delete /license/next

https://appgate.company.com:444/admin/license/next

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Appliance Upgrade

Initiate an Appliance Upgrade.

Initiate an Appliance Upgrade. This API call does what "prepare", "complete" and "switchPartition" API calls do all at once. "GET appliances/{id}/upgrade" must return "status":"idle|failed" before accepting the complete command. The progress can be followed by by polling the appliance via "GET appliances/{id}/upgrade".

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Appliance Upgrade request.

imageUrl

required

string

The URL for the Appliance the download the Upgrade image from. The URL may be a public HTTP URL or it could be a file uploaded to the Controller. See "files" APIs for uploading to Controller. In order to use a Controller based file, set this field to "controller://<controller-peer-hostname:port>/{filename}". The Appliance will authenticate itself to the Controller and download the file.

Responses

202

Appliance Upgrade has begun.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

post /appliances/{id}/upgrade

https://appgate.company.com:444/admin/appliances/{id}/upgrade

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"imageUrl": "https://s3.eu-central-1.amazonaws.com/appgate/appgate-appliance.img.zip"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
}

Get the status of an Appliance Upgrade.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Current status of the Appliance Upgrade.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

get /appliances/{id}/upgrade

https://appgate.company.com:444/admin/appliances/{id}/upgrade

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"status": "idle",
"details": "a reboot is required for the Upgrade to go into effect"
}

Cancel an Appliance Upgrade.

Cancel an Appliance Upgrade. The request is rejected if 'GET appliances/{id}/upgrade' returns '"status":"installing"'.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

Upgrade was canceled successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

delete /appliances/{id}/upgrade

https://appgate.company.com:444/admin/appliances/{id}/upgrade

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Prepare an Appliance Upgrade.

Prepare an Appliance Upgrade. Appliance will download the Upgrade image and wait for the "complete" call before starting the Upgrade. The appliance will be functional until the "complete" call is made. "GET appliances/{id}/upgrade" must return "status":"idle|failed" before accepting the complete command. The progress can be followed by polling the appliance via "GET appliances/{id}/upgrade".

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Appliance Upgrade request.

imageUrl

required

string

Responses

202

Appliance accepted the URL and has started to download the image.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

post /appliances/{id}/upgrade/prepare

https://appgate.company.com:444/admin/appliances/{id}/upgrade/prepare

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"imageUrl": "https://s3.eu-central-1.amazonaws.com/appgate/appgate-appliance.img.zip"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
}

Install the prepared Appliance Upgrade.

Install the downloaded to Upgrade image to the other partition. This will stop the Controller and other services which may be affected by the Upgrade. "GET appliances/{id}/upgrade" must return "status":"ready" before accepting the complete command. The progress can be followed by polling the appliance via "GET appliances/{id}/upgrade". Unless "switchPartition" field is sent as true, the appliance will stay in the same partition, waiting for the "POST appliances/{id}/switch-partition" request to finalize the Upgrade.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

switchPartition

boolean

Whether to reboot and switch partition to finalize the Upgrade.

Responses

202

Appliance has started to install the downloaded image.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

post /appliances/{id}/upgrade/complete

https://appgate.company.com:444/admin/appliances/{id}/upgrade/complete

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"switchPartition": true
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
}

Switch partition on the Appliance for completing upgrade.

Reboot and switch partition on the appliance to finalize the Upgrade. "GET appliances/{id}/upgrade" must return "status":"success" before accepting the complete command. Since the appliance will be rebooted, the status cannot be queried directly. The Upgrade Script utilizes the Appliance Status dashboard APIs to verify the status after this.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

202

Appliance accepted the command and started the process for switching partitions.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

post /appliances/{id}/upgrade/switch-partition

https://appgate.company.com:444/admin/appliances/{id}/upgrade/switch-partition

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
}

List all Files.

List all Files uploaded to the current Controller and their details.

query Parameters

checksum

boolean

Default: false

Whether to calculate checksum of the File(s) and include in the response. If true, response take may long depending on the File sizes.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

List of Files and their statuses.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

500

Unexpected server side error.

get /files

https://appgate.company.com:444/admin/files

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"data": 
[
{"name": "appgate-upgrade.img.zip",
"status": "InProgress",
"failureReason": "401 Unauthorized",
"checksum": "61b14187e9371cecce814f15cf1d85fbd389b5ed5081952397cb8d265f13a190",
"creationTime": "2020-07-17T09:48:35Z",
"lastModifiedTime": "2020-07-17T09:48:35Z"
}
]
}

Make Controller download a File from a given URL.

Make the current Controller download a File from a given URL. Note that the File is downloaded and stored only on the current Controller, not synced between Controllers.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

url required	string The URL for Controller to download the File from.
filename required	string The filename to save the File as.

Responses

202

The request is accepted and the download has started. The status of the File can be followed via 'GET files/{filename}' call after this.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

409

The submitted resource conflicts with another.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

post /files

https://appgate.company.com:444/admin/files

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"url": "https://s3.eu-central-1.amazonaws.com/appgate/appgate-appliance.img.zip",
"filename": "appgate-appliance.img.zip"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Upload a File directly to the Controller.

Upload a File directly to the current Controller. Note that the File is stored only on the current Controller, not synced between Controllers.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: multipart/form-data

file	string <binary> The File to upload. "filename"w must be included in in Content-Disposition.

Responses

204

The File was uploaded successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

409

The submitted resource conflicts with another.

422

Request validation error. Check "errors" array for details.

500

Unexpected server side error.

put /files

https://appgate.company.com:444/admin/files

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Get the status of a File.

Get the status of a File uploaded to the current Controller.

path Parameters

filename

required

string

Example: appgate-upgrade.img.zip

The filename as it's uploaded to the Controler.

query Parameters

checksum

boolean

Default: false

Whether to calculate checksum of the File(s) and include in the response. If true, response take may long depending on the File sizes.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Get the status and details of a File.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

422

Invalid filename.

500

Unexpected server side error.

get /files/{filename}

https://appgate.company.com:444/admin/files/{filename}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"name": "appgate-upgrade.img.zip",
"status": "InProgress",
"failureReason": "401 Unauthorized",
"checksum": "61b14187e9371cecce814f15cf1d85fbd389b5ed5081952397cb8d265f13a190",
"creationTime": "2020-07-17T09:48:35Z",
"lastModifiedTime": "2020-07-17T09:48:35Z"
}

Delete a File.

Delete a File from the current Controller.

path Parameters

filename

required

string

Example: appgate-upgrade.img.zip

The filename as it's uploaded to the Controler.

query Parameters

checksum

boolean

Default: false

Whether to calculate checksum of the File(s) and include in the response. If true, response take may long depending on the File sizes.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

The File was deleted successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

422

Invalid filename.

500

Unexpected server side error.

delete /files/{filename}

https://appgate.company.com:444/admin/files/{filename}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Appliance Backup

Initiate an Appliance Backup.

Initiate an Appliance Backup. The progress can be followed by polling the Appliance via "GET appliances/{id}/backup/{backupId}/status".

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Request Body schema: application/json

Appliance Backup parameters.

logs	boolean Whether the Appliance Backup should include syslog or not.
audit	boolean Whether the Appliance Backup should include the audit logs or not.
opt	boolean Whether the Appliance Backup should include the persistent /opt directory or not.

Responses

200

Appliance Backup has begun.

400

JSON error. Check the JSON format.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

post /appliances/{id}/backup

https://appgate.company.com:444/admin/appliances/{id}/backup

Request samples

Payload

Content type

application/json

Copy

Expand all Collapse all


{"logs": true,
"audit": true,
"opt": true
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "4c07bc67-57ea-42dd-b702-c2d6c45419fc"
}

Download an Appliance Backup.

Download a completed Appliance Backup with the given ID of an Appliance. This API call must be made with Accept header of application/vnd.appgate.peer-v13+gpg as it returns a GPG file as blob instead of JSON.

path Parameters

id required	string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object.
backupId required	string <uuid> Example: 4c07bc67-57ea-42dd-b702-c2d6c45419fc The Appliance Backup ID given in the initiation response.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Backup file is being streamed.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

410

Backup creation failed.

500

Unexpected server side error.

get /appliances/{id}/backup/{backupId}

https://appgate.company.com:444/admin/appliances/{id}/backup/{backupId}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Delete an Appliance Backup.

Delete an Appliance Backup file from an Appliance.

path Parameters

id required	string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object.
backupId required	string <uuid> Example: 4c07bc67-57ea-42dd-b702-c2d6c45419fc The Appliance Backup ID given in the initiation response.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

204

Backup file was deleted successfully.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

delete /appliances/{id}/backup/{backupId}

https://appgate.company.com:444/admin/appliances/{id}/backup/{backupId}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Get the status of a Appliance Backup.

Get the status of the given Appliance Backup ID. If the status is "done", it can be downloaded using "GET appliances/{id}/backup/{backupId}".

path Parameters

id required	string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object.
backupId required	string <uuid> Example: 4c07bc67-57ea-42dd-b702-c2d6c45419fc The Appliance Backup ID given in the initiation response.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Current status of the Applince Backup.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

get /appliances/{id}/backup/{backupId}/status

https://appgate.company.com:444/admin/appliances/{id}/backup/{backupId}/status

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"encoding": "utf-8",
"output": "string",
"status": "processing"
}

Appliance Metrics

Get all the Prometheus metrics for an Appliance.

Get all the Prometheus metrics for the given Appliance. This API call must be made with Accept header of application/vnd.appgate.peer-v13+text as it returns plain text instead of JSON.

path Parameters

required

string <uuid>

Example: 12699e27-b584-464a-81ee-5b4784b6d425

ID of the object.

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Appliance Metrics.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

get /appliances/{id}/metrics

https://appgate.company.com:444/admin/appliances/{id}/metrics

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}

Get a specific Prometheus metric for an Appliance.

Get a specific Prometheus metrics for the given Appliance. This API call must be made with Accept header of application/vnd.appgate.peer-v13+text as it returns plain text instead of JSON.

path Parameters

id required	string <uuid> Example: 12699e27-b584-464a-81ee-5b4784b6d425 ID of the object.
name required	string Example: vpn_total_sessions Metric name

header Parameters

Authorization

required

string

Example: Bearer <base64 token>

The Token from the LoginResponse.

Responses

200

Single Appliance metric.

401

Token error. Login again.

403

Insufficient permissions to access this resource.

404

The requested resource can not be found.

500

Unexpected server side error.

get /appliances/{id}/metrics/{name}

https://appgate.company.com:444/admin/appliances/{id}/metrics/{name}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "string",
"message": "string"
}