Edge Client API Reference
Response samples
- 200
{- "data": {
- "apiVersions": {
- "property1": {
- "property1": {
- "apiBaseUrls": [
- "string"
], - "path": "string",
- "version": "string"
}, - "property2": {
- "apiBaseUrls": [
- "string"
], - "path": "string",
- "version": "string"
}
}, - "property2": {
- "property1": {
- "apiBaseUrls": [
- "string"
], - "path": "string",
- "version": "string"
}, - "property2": {
- "apiBaseUrls": [
- "string"
], - "path": "string",
- "version": "string"
}
}
}, - "buildDate": "2020-02-11 16:09:08",
- "capabilities": [
- "string"
], - "revision": "ea556fc18740",
- "runtimeVersion": "go1.13.5",
- "version": "v0.9.0"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Response samples
- 200
{- "data": [
- "OIDC_AUTH"
], - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Response samples
- 200
- 429
{- "data": {
- "property1": {
- "address": "string"
}, - "property2": {
- "address": "string"
}
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Returns a list of API specs
Returns a list of spec files embedded within the controller for consumption/documentation/code geneartion
Responses
Response samples
- 200
{- "data": [
- {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "name": "string"
}
], - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Return a single spec resource
Returns single spec resource embedded within the controller for consumption/documentation/code geneartion
path Parameters
id required | string The id of the requested resource |
Responses
Response samples
- 200
{- "data": {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "name": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Response samples
- 200
{- "data": {
- "apiVersions": {
- "property1": {
- "property1": {
- "apiBaseUrls": [
- "string"
], - "path": "string",
- "version": "string"
}, - "property2": {
- "apiBaseUrls": [
- "string"
], - "path": "string",
- "version": "string"
}
}, - "property2": {
- "property1": {
- "apiBaseUrls": [
- "string"
], - "path": "string",
- "version": "string"
}, - "property2": {
- "apiBaseUrls": [
- "string"
], - "path": "string",
- "version": "string"
}
}
}, - "buildDate": "2020-02-11 16:09:08",
- "capabilities": [
- "string"
], - "revision": "ea556fc18740",
- "runtimeVersion": "go1.13.5",
- "version": "v0.9.0"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Authenticate via a method supplied via a query string parameter
Allowed authentication methods include "password", "cert", and "ext-jwt"
query Parameters
method required | string Enum: "password" "cert" "ext-jwt" |
Request Body schema: application/json
configTypes | Array of strings (configTypes) Specific configuration types that should be returned |
object (envInfo) Environment information an authenticating client may provide | |
password | string (password) [ 5 .. 100 ] characters |
object (sdkInfo) SDK information an authenticating client may provide | |
username | string (username) [ 4 .. 100 ] characters |
Responses
Request samples
- Payload
{- "configTypes": [
- "string"
], - "envInfo": {
- "arch": "string",
- "domain": "string",
- "hostname": "string",
- "os": "string",
- "osRelease": "string",
- "osVersion": "string"
}, - "password": "string",
- "sdkInfo": {
- "appId": "string",
- "appVersion": "string",
- "branch": "string",
- "revision": "string",
- "type": "string",
- "version": "string"
}, - "username": "string"
}
Response samples
- 200
- 400
- 401
- 429
{- "data": {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "authQueries": [
- {
- "clientId": "string",
- "format": "numeric",
- "httpMethod": "string",
- "httpUrl": "string",
- "id": "string",
- "maxLength": 0,
- "minLength": 0,
- "provider": "ziti",
- "scopes": [
- "string"
], - "typeId": "MFA"
}
], - "authenticatorId": "string",
- "cachedLastActivityAt": "2019-08-24T14:15:22Z",
- "configTypes": [
- "string"
], - "identity": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "identityId": "string",
- "ipAddress": "string",
- "isCertExtendable": true,
- "isMfaComplete": true,
- "isMfaRequired": true,
- "lastActivityAt": "2019-08-24T14:15:22Z",
- "token": "string",
- "expirationSeconds": 0,
- "expiresAt": "2019-08-24T14:15:22Z"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Complete MFA authentication
Completes MFA authentication by submitting a MFA time based one time token or backup code.
Authorizations:
Request Body schema: application/json
An MFA validation request
code required | string |
Responses
Request samples
- Payload
{- "code": "string"
}
Response samples
- 200
- 401
- 429
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Complete MFA authentication
Completes MFA authentication by submitting a MFA time based one time token or backup code.
Authorizations:
Request Body schema: application/json
An MFA validation request
code required | string |
Responses
Request samples
- Payload
{- "code": "string"
}
Response samples
- 200
- 401
- 429
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Returns the current status of MFA enrollment
Returns details about the current MFA enrollment. If enrollment has not been completed it will return the current MFA configuration details necessary to complete a POST /current-identity/mfa/verify
.
Authorizations:
Responses
Response samples
- 200
- 401
- 404
{- "data": {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "isVerified": true,
- "provisioningUrl": "string",
- "recoveryCodes": [
- "string"
]
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Initiate MFA enrollment
Allows authenticator based MFA enrollment. If enrollment has already been completed, it must be disabled before attempting to re-enroll. Subsequent enrollment request is completed via POST /current-identity/mfa/verify
Authorizations:
Responses
Response samples
- 201
- 401
- 409
{- "data": {
- "_links": {
}, - "id": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Disable MFA for the current identity
Disable MFA for the current identity. Requires a current valid time based one time password if MFA enrollment has been completed. If not, code should be an empty string. If one time passwords are not available and admin account can be used to remove MFA from the identity via DELETE /identities/<id>/mfa
.
Authorizations:
header Parameters
mfa-validation-code | string |
Responses
Response samples
- 200
- 401
- 404
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
For a completed MFA enrollment view the current recovery codes
Allows the viewing of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment.
Authorizations:
header Parameters
mfa-validation-code | string |
Request Body schema: application/json
An MFA validation request
code required | string |
Responses
Request samples
- Payload
{- "code": "string"
}
Response samples
- 200
- 401
- 404
{- "data": {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "recoveryCodes": [
- "string"
]
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
For a completed MFA enrollment regenerate the recovery codes
Allows regeneration of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment. This replaces all existing recovery codes.
Authorizations:
Request Body schema: application/json
An MFA validation request
code required | string |
Responses
Request samples
- Payload
{- "code": "string"
}
Response samples
- 200
- 401
- 404
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Complete MFA enrollment by verifying a time based one time token
Completes MFA enrollment by accepting a time based one time password as verification. Called after MFA enrollment has been initiated via POST /current-identity/mfa
.
Authorizations:
Request Body schema: application/json
An MFA validation request
code required | string |
Responses
Request samples
- Payload
{- "code": "string"
}
Response samples
- 200
- 401
- 404
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
List controllers
Retrieves a list of controllers
Authorizations:
query Parameters
limit | integer |
offset | integer |
filter | string |
Responses
Response samples
- 200
- 400
- 401
- 429
{- "data": [
- {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "apiAddresses": {
- "property1": [
- {
- "url": "string",
- "version": "string"
}
], - "property2": [
- {
- "url": "string",
- "version": "string"
}
]
}, - "certPem": "string",
- "ctrlAddress": "string",
- "fingerprint": "string",
- "isOnline": true,
- "lastJoinedAt": "2019-08-24T14:15:22Z",
- "name": "string"
}
], - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Return the current API session
Retrieves the API session that was used to issue the current request
Authorizations:
Responses
Response samples
- 200
- 401
{- "data": {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "authQueries": [
- {
- "clientId": "string",
- "format": "numeric",
- "httpMethod": "string",
- "httpUrl": "string",
- "id": "string",
- "maxLength": 0,
- "minLength": 0,
- "provider": "ziti",
- "scopes": [
- "string"
], - "typeId": "MFA"
}
], - "authenticatorId": "string",
- "cachedLastActivityAt": "2019-08-24T14:15:22Z",
- "configTypes": [
- "string"
], - "identity": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "identityId": "string",
- "ipAddress": "string",
- "isCertExtendable": true,
- "isMfaComplete": true,
- "isMfaRequired": true,
- "lastActivityAt": "2019-08-24T14:15:22Z",
- "token": "string",
- "expirationSeconds": 0,
- "expiresAt": "2019-08-24T14:15:22Z"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
List the ephemeral certificates available for the current API Session
Retrieves a list of certificate resources for the current API session; supports filtering, sorting, and pagination
Authorizations:
query Parameters
limit | integer |
offset | integer |
filter | string |
Responses
Response samples
- 200
- 400
- 401
- 429
{- "data": [
- {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "certificate": "string",
- "fingerprint": "string",
- "subject": "string",
- "validFrom": "2019-08-24T14:15:22Z",
- "validTo": "2019-08-24T14:15:22Z"
}
], - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Creates an ephemeral certificate for the current API Session
Creates an ephemeral certificate for the current API Session. This endpoint expects a PEM encoded CSRs to be provided for fulfillment as a property of a JSON payload. It is up to the client to manage the private key backing the CSR request.
Authorizations:
Request Body schema: application/json
The payload describing the CSR used to create a session certificate
csr required | string |
Responses
Request samples
- Payload
{- "csr": "string"
}
Response samples
- 201
- 400
- 401
- 429
{- "data": {
- "_links": {
}, - "id": "string",
- "cas": "string",
- "certificate": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Retrieves an ephemeral certificate
Retrieves a single ephemeral certificate by id
Authorizations:
path Parameters
id required | string The id of the requested resource |
Responses
Response samples
- 200
- 401
- 404
- 429
{- "data": {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "certificate": "string",
- "fingerprint": "string",
- "subject": "string",
- "validFrom": "2019-08-24T14:15:22Z",
- "validTo": "2019-08-24T14:15:22Z"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Delete an ephemeral certificate
Delete an ephemeral certificateby id
Authorizations:
path Parameters
id required | string The id of the requested resource |
Responses
Response samples
- 200
- 400
- 401
- 429
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Returns data indicating whether a client should updates it service list
Retrieves data indicating the last time data relevant to this API Session was altered that would necessitate service refreshes.
Authorizations:
Responses
Response samples
- 200
- 401
- 429
{- "data": {
- "lastChangeAt": "2019-08-24T14:15:22Z"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
List authenticators for the current identity
Retrieves a list of authenticators assigned to the current API session's identity; supports filtering, sorting, and pagination.
Authorizations:
query Parameters
limit | integer |
offset | integer |
filter | string |
Responses
Response samples
- 200
- 400
- 401
{- "data": [
- {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "certPem": "string",
- "fingerprint": "string",
- "identity": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "identityId": "string",
- "isIssuedByNetwork": true,
- "method": "string",
- "username": "string"
}
], - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Retrieve an authenticator for the current identity
Retrieves a single authenticator by id. Will only show authenticators assigned to the API session's identity.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Responses
Response samples
- 200
- 401
- 404
{- "data": {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "certPem": "string",
- "fingerprint": "string",
- "identity": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "identityId": "string",
- "isIssuedByNetwork": true,
- "method": "string",
- "username": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Update all fields on an authenticator of this identity
Update all fields on an authenticator by id. Will only update authenticators assigned to the API session's identity.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Request Body schema: application/json
An authenticator put object
password required | string (password) [ 5 .. 100 ] characters |
object or null (tags) A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean | |
username required | string (username) [ 4 .. 100 ] characters |
currentPassword required | string (password) [ 5 .. 100 ] characters |
Responses
Request samples
- Payload
{- "password": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "username": "string",
- "currentPassword": "string"
}
Response samples
- 200
- 400
- 401
- 404
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Update the supplied fields on an authenticator of this identity
Update the supplied fields on an authenticator by id. Will only update authenticators assigned to the API session's identity.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Request Body schema: application/json
An authenticator patch object
password | string or null (passwordNullable) [ 5 .. 100 ] characters |
object or null (tags) A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean | |
username | string or null (usernameNullable) [ 4 .. 100 ] characters |
currentPassword required | string (password) [ 5 .. 100 ] characters |
Responses
Request samples
- Payload
{- "password": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "username": "string",
- "currentPassword": "string"
}
Response samples
- 200
- 400
- 401
- 404
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Allows the current identity to recieve a new certificate associated with a certificate based authenticator
This endpoint only functions for certificates issued by the controller. 3rd party certificates are not handled. Allows an identity to extend its certificate's expiration date by using its current and valid client certificate to submit a CSR. This CSR may be passed in using a new private key, thus allowing private key rotation. The response from this endpoint is a new client certificate which the client must be verified via the /authenticators/{id}/extend-verify endpoint. After verification is completion any new connections must be made with new certificate. Prior to verification the old client certificate remains active.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Request Body schema: application/json
clientCertCsr required | string |
Responses
Request samples
- Payload
{- "clientCertCsr": "string"
}
Response samples
- 200
- 401
{- "data": {
- "ca": "string",
- "clientCert": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Allows the current identity to validate reciept of a new client certificate
After submitting a CSR for a new client certificate the resulting public certificate must be re-submitted to this endpoint to verify receipt. After receipt, the new client certificate must be used for new authentication requests.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Request Body schema: application/json
clientCert required | string A PEM encoded client certificate previously returned after an extension request |
Responses
Request samples
- Payload
{- "clientCert": "string"
}
Response samples
- 200
- 401
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Returns data indicating whether a client should updates it service list
Retrieves data indicating the last time data relevant to this API Session was altered that would necessitate service refreshes.
Authorizations:
Responses
Response samples
- 200
- 401
- 429
{- "data": {
- "lastChangeAt": "2019-08-24T14:15:22Z"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Return the current identity
Returns the identity associated with the API sessions used to issue the current request
Authorizations:
Responses
Response samples
- 200
- 401
{- "data": {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "appData": {
- "property1": { },
- "property2": { }
}, - "authPolicy": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "authPolicyId": "string",
- "authenticators": {
- "cert": {
- "fingerprint": "string",
- "id": "string"
}, - "updb": {
- "id": "string",
- "username": "string"
}
}, - "defaultHostingCost": 65535,
- "defaultHostingPrecedence": "default",
- "disabled": true,
- "disabledAt": "2019-08-24T14:15:22Z",
- "disabledUntil": "2019-08-24T14:15:22Z",
- "edgeRouterConnectionStatus": "online",
- "enrollment": {
- "ott": {
- "expiresAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "jwt": "string",
- "token": "string"
}, - "ottca": {
- "ca": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "caId": "string",
- "expiresAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "jwt": "string",
- "token": "string"
}, - "updb": {
- "expiresAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "jwt": "string",
- "token": "string"
}
}, - "envInfo": {
- "arch": "string",
- "domain": "string",
- "hostname": "string",
- "os": "string",
- "osRelease": "string",
- "osVersion": "string"
}, - "externalId": "string",
- "hasApiSession": true,
- "hasEdgeRouterConnection": true,
- "isAdmin": true,
- "isDefaultAdmin": true,
- "isMfaEnabled": true,
- "name": "string",
- "roleAttributes": [
- "string"
], - "sdkInfo": {
- "appId": "string",
- "appVersion": "string",
- "branch": "string",
- "revision": "string",
- "type": "string",
- "version": "string"
}, - "serviceHostingCosts": {
- "property1": 65535,
- "property2": 65535
}, - "serviceHostingPrecedences": {
- "property1": "default",
- "property2": "default"
}, - "type": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "typeId": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Return this list of Edge Routers the identity has access to
Lists the Edge Routers that the current identity has access to via policies. The data returned includes their address and online status
Authorizations:
Responses
Response samples
- 200
- 401
- 429
{- "data": [
- {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "appData": {
- "property1": { },
- "property2": { }
}, - "cost": 65535,
- "disabled": true,
- "hostname": "string",
- "isOnline": true,
- "name": "string",
- "noTraversal": true,
- "supportedProtocols": {
- "property1": "string",
- "property2": "string"
}, - "syncStatus": "string"
}
], - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Returns the current status of MFA enrollment
Returns details about the current MFA enrollment. If enrollment has not been completed it will return the current MFA configuration details necessary to complete a POST /current-identity/mfa/verify
.
Authorizations:
Responses
Response samples
- 200
- 401
- 404
{- "data": {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "isVerified": true,
- "provisioningUrl": "string",
- "recoveryCodes": [
- "string"
]
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Initiate MFA enrollment
Allows authenticator based MFA enrollment. If enrollment has already been completed, it must be disabled before attempting to re-enroll. Subsequent enrollment request is completed via POST /current-identity/mfa/verify
Authorizations:
Responses
Response samples
- 201
- 401
- 409
{- "data": {
- "_links": {
}, - "id": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Disable MFA for the current identity
Disable MFA for the current identity. Requires a current valid time based one time password if MFA enrollment has been completed. If not, code should be an empty string. If one time passwords are not available and admin account can be used to remove MFA from the identity via DELETE /identities/<id>/mfa
.
Authorizations:
header Parameters
mfa-validation-code | string |
Responses
Response samples
- 200
- 401
- 404
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
For a completed MFA enrollment view the current recovery codes
Allows the viewing of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment.
Authorizations:
header Parameters
mfa-validation-code | string |
Request Body schema: application/json
An MFA validation request
code required | string |
Responses
Request samples
- Payload
{- "code": "string"
}
Response samples
- 200
- 401
- 404
{- "data": {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "recoveryCodes": [
- "string"
]
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
For a completed MFA enrollment regenerate the recovery codes
Allows regeneration of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment. This replaces all existing recovery codes.
Authorizations:
Request Body schema: application/json
An MFA validation request
code required | string |
Responses
Request samples
- Payload
{- "code": "string"
}
Response samples
- 200
- 401
- 404
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Complete MFA enrollment by verifying a time based one time token
Completes MFA enrollment by accepting a time based one time password as verification. Called after MFA enrollment has been initiated via POST /current-identity/mfa
.
Authorizations:
Request Body schema: application/json
An MFA validation request
code required | string |
Responses
Request samples
- Payload
{- "code": "string"
}
Response samples
- 200
- 401
- 404
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Allows the current identity to recieve a new certificate associated with a certificate based authenticator
This endpoint only functions for certificates issued by the controller. 3rd party certificates are not handled. Allows an identity to extend its certificate's expiration date by using its current and valid client certificate to submit a CSR. This CSR may be passed in using a new private key, thus allowing private key rotation. The response from this endpoint is a new client certificate which the client must be verified via the /authenticators/{id}/extend-verify endpoint. After verification is completion any new connections must be made with new certificate. Prior to verification the old client certificate remains active.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Request Body schema: application/json
clientCertCsr required | string |
Responses
Request samples
- Payload
{- "clientCertCsr": "string"
}
Response samples
- 200
- 401
{- "data": {
- "ca": "string",
- "clientCert": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Allows the current identity to validate reciept of a new client certificate
After submitting a CSR for a new client certificate the resulting public certificate must be re-submitted to this endpoint to verify receipt. After receipt, the new client certificate must be used for new authentication requests.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Request Body schema: application/json
clientCert required | string A PEM encoded client certificate previously returned after an extension request |
Responses
Request samples
- Payload
{- "clientCert": "string"
}
Response samples
- 200
- 401
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Enroll an identity with a pre-exchanged certificate
For CA auto enrollment, an identity is not created beforehand. Instead one will be created during enrollment. The client will present a client certificate that is signed by a Certificate Authority that has been added and verified (See POST /cas and POST /cas/{id}/verify).
During this process no CSRs are requires as the client should already be in possession of a valid certificate.
Responses
Response samples
- 200
- 404
- 429
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Allows verification of a controller or cluster of controllers as being the valid target for enrollment.
A caller may submit a nonce and a key id (kid) from the enrollment JWKS endpoint or enrollment JWT that will be used to sign the nonce. The resulting signature may be validated with the associated public key in order to verify a networks identity during enrollment. The nonce must be a valid formatted UUID.
Request Body schema: application/json
keyId required | string |
nonce required | string <uuid> |
Responses
Request samples
- Payload
{- "keyId": "string",
- "nonce": "f25f24f2-d581-4594-9824-123d5821fb65"
}
Response samples
- 200
- 400
- 429
{- "algorithm": "string",
- "caPool": "string",
- "kid": "string",
- "signature": "string"
}
Enroll an edge-router
Enrolls an edge-router via a one-time-token to establish a certificate based identity.
Responses
Response samples
- 200
- 429
{- "data": {
- "ca": "string",
- "cert": "string",
- "serverCert": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Extend the life of a currently enrolled router's certificates
Allows a router to extend its certificates' expiration date by using its current and valid client certificate to submit a CSR. This CSR may be passed in using a new private key, thus allowing private key rotation or swapping.
After completion any new connections must be made with certificates returned from a 200 OK response. The previous client certificate is rendered invalid for use with the controller even if it has not expired.
This request must be made using the existing, valid, client certificate.
Request Body schema: application/json
certCsr required | string |
serverCertCsr required | string |
Responses
Request samples
- Payload
{- "certCsr": "string",
- "serverCertCsr": "string"
}
Response samples
- 200
- 401
- 429
{- "data": {
- "ca": "string",
- "cert": "string",
- "serverCert": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
List JSON Web Keys associated with enrollment
Returns a list of JSON Web Keys (JWKS) that are used for enrollment signing. The keys listed here are used to sign and co-sign enrollment JWTs. They can be verified through a challenge endpoint, using the public keys from this endpoint to verify the target machine has possession of the related private key.
Responses
Response samples
- 200
{- "keys": [
- {
- "alg": "string",
- "crv": "string",
- "d": "string",
- "dp": "string",
- "dq": "string",
- "e": "string",
- "key_ops": [
- "string"
], - "kid": "string",
- "kty": "string",
- "n": "string",
- "oth": [
- {
- "d": "string",
- "r": "string",
- "t": "string"
}
], - "p": "string",
- "q": "string",
- "qi": "string",
- "use": "string",
- "x": "string",
- "x5c": [
- "string"
], - "x5t": "string",
- "x5t#S256": "string",
- "x5u": "string",
- "y": "string"
}
]
}
Enroll an identity via one-time-token
Enroll an identity via a one-time-token which is supplied via a query string parameter. This enrollment method expects a PEM encoded CSRs to be provided for fulfillment. It is up to the enrolling identity to manage the private key backing the CSR request.
Responses
Response samples
- 200
- 404
- 429
{- "data": {
- "ca": "string",
- "cert": "string",
- "serverCert": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Enroll an identity via one-time-token with a pre-exchanged client certificate
Enroll an identity via a one-time-token that also requires a pre-exchanged client certificate to match a Certificate Authority that has been added and verified (See POST /cas and POST /cas{id}/verify). The client must present a client certificate signed by CA associated with the enrollment. This enrollment is similar to CA auto enrollment except that is required the identity to be pre-created.
As the client certificate has been pre-exchanged there is no CSR input to this enrollment method.
Responses
Response samples
- 200
- 429
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Enroll an identity via one-time-token
Enrolls an identity via a one-time-token to establish an initial username and password combination
query Parameters
token required | string <uuid> |
Responses
Response samples
- 200
- 404
- 429
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Allows the current identity to recieve a new certificate associated with a certificate based authenticator
This endpoint only functions for certificates issued by the controller. 3rd party certificates are not handled. Allows an identity to extend its certificate's expiration date by using its current and valid client certificate to submit a CSR. This CSR may be passed in using a new private key, thus allowing private key rotation. The response from this endpoint is a new client certificate which the client must be verified via the /authenticators/{id}/extend-verify endpoint. After verification is completion any new connections must be made with new certificate. Prior to verification the old client certificate remains active.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Request Body schema: application/json
clientCertCsr required | string |
Responses
Request samples
- Payload
{- "clientCertCsr": "string"
}
Response samples
- 200
- 401
{- "data": {
- "ca": "string",
- "clientCert": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Allows the current identity to validate reciept of a new client certificate
After submitting a CSR for a new client certificate the resulting public certificate must be re-submitted to this endpoint to verify receipt. After receipt, the new client certificate must be used for new authentication requests.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Request Body schema: application/json
clientCert required | string A PEM encoded client certificate previously returned after an extension request |
Responses
Request samples
- Payload
{- "clientCert": "string"
}
Response samples
- 200
- 401
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Extend the life of a currently enrolled router's certificates
Allows a router to extend its certificates' expiration date by using its current and valid client certificate to submit a CSR. This CSR may be passed in using a new private key, thus allowing private key rotation or swapping.
After completion any new connections must be made with certificates returned from a 200 OK response. The previous client certificate is rendered invalid for use with the controller even if it has not expired.
This request must be made using the existing, valid, client certificate.
Request Body schema: application/json
certCsr required | string |
serverCertCsr required | string |
Responses
Request samples
- Payload
{- "certCsr": "string",
- "serverCertCsr": "string"
}
Response samples
- 200
- 401
- 429
{- "data": {
- "ca": "string",
- "cert": "string",
- "serverCert": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Return this list of Edge Routers the identity has access to
Lists the Edge Routers that the current identity has access to via policies. The data returned includes their address and online status
Authorizations:
Responses
Response samples
- 200
- 401
- 429
{- "data": [
- {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "appData": {
- "property1": { },
- "property2": { }
}, - "cost": 65535,
- "disabled": true,
- "hostname": "string",
- "isOnline": true,
- "name": "string",
- "noTraversal": true,
- "supportedProtocols": {
- "property1": "string",
- "property2": "string"
}, - "syncStatus": "string"
}
], - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
List Client Authentication External JWT
Retrieves a list of external JWT signers for authentication
query Parameters
limit | integer |
offset | integer |
filter | string |
Responses
Response samples
- 200
- 400
- 401
- 429
{- "data": [
- {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "clientId": "string",
- "externalAuthUrl": "string",
- "name": "MyApps Signer",
- "scopes": [
- "string"
]
}
], - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Returns a list of JWTs suitable for bootstrapping network trust.
Returns a list of JWTs for trusting a network
Responses
Response samples
- 200
- 400
- 429
{- "data": [
- {
- "name": "string",
- "token": "string"
}
], - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Submit a posture response to a posture query
Submits posture responses
Authorizations:
Request Body schema: application/json
A Posture Response
id required | string |
typeId required | string (postureCheckType) |
domain required | string |
Responses
Request samples
- Payload
{- "id": "string",
- "typeId": "postureResponseDomainCreate",
- "domain": "string"
}
Response samples
- 201
- 400
- 401
- 429
{- "data": {
- "services": [
- {
- "id": "string",
- "name": "string",
- "postureQueryType": "string",
- "timeout": 0,
- "timeoutRemaining": 0
}
]
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Submit multiple posture responses
Submits posture responses
Authorizations:
Request Body schema: application/json
A Posture Response
id required | string |
typeId required | string (postureCheckType) |
domain required | string |
Responses
Request samples
- Payload
[- {
- "id": "string",
- "typeId": "OS"
}
]
Response samples
- 200
- 400
- 401
- 429
{- "data": {
- "services": [
- {
- "id": "string",
- "name": "string",
- "postureQueryType": "string",
- "timeout": 0,
- "timeoutRemaining": 0
}
]
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
List services
Retrieves a list of config resources; supports filtering, sorting, and pagination. Requires admin access.
Authorizations:
query Parameters
limit | integer |
offset | integer |
filter | string |
configTypes | Array of strings |
roleFilter | Array of strings |
roleSemantic | string |
Responses
Response samples
- 200
- 400
- 401
- 429
{- "data": [
- {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "config": {
- "property1": {
- "property1": { },
- "property2": { }
}, - "property2": {
- "property1": { },
- "property2": { }
}
}, - "configs": [
- "string"
], - "encryptionRequired": true,
- "maxIdleTimeMillis": 0,
- "name": "string",
- "permissions": [
- "Dial"
], - "postureQueries": [
- {
- "isPassing": true,
- "policyId": "string",
- "policyType": "Dial",
- "postureQueries": [
- {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "isPassing": true,
- "process": {
- "osType": "Windows",
- "path": "string"
}, - "processes": [
- {
- "osType": "Windows",
- "path": "string"
}
], - "queryType": "OS",
- "timeout": 0,
- "timeoutRemaining": 0
}
]
}
], - "roleAttributes": [
- "string"
], - "terminatorStrategy": "string"
}
], - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Retrieves a single service
Retrieves a single service by id. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Responses
Response samples
- 200
- 401
- 404
- 429
- 503
{- "data": {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "config": {
- "property1": {
- "property1": { },
- "property2": { }
}, - "property2": {
- "property1": { },
- "property2": { }
}
}, - "configs": [
- "string"
], - "encryptionRequired": true,
- "maxIdleTimeMillis": 0,
- "name": "string",
- "permissions": [
- "Dial"
], - "postureQueries": [
- {
- "isPassing": true,
- "policyId": "string",
- "policyType": "Dial",
- "postureQueries": [
- {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "isPassing": true,
- "process": {
- "osType": "Windows",
- "path": "string"
}, - "processes": [
- {
- "osType": "Windows",
- "path": "string"
}
], - "queryType": "OS",
- "timeout": 0,
- "timeoutRemaining": 0
}
]
}
], - "roleAttributes": [
- "string"
], - "terminatorStrategy": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Update all fields on a service
Update all fields on a service by id. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Request Body schema: application/json
A service update object
configs | Array of strings |
encryptionRequired | boolean Describes whether connections must support end-to-end encryption on both sides of the connection. Read-only property, set at create. |
maxIdleTimeMillis | integer |
name required | string |
roleAttributes | Array of strings |
object or null (tags) A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean | |
terminatorStrategy | string |
Responses
Request samples
- Payload
{- "configs": [
- "string"
], - "encryptionRequired": true,
- "maxIdleTimeMillis": 0,
- "name": "string",
- "roleAttributes": [
- "string"
], - "tags": {
- "property1": { },
- "property2": { }
}, - "terminatorStrategy": "string"
}
Response samples
- 200
- 400
- 401
- 404
- 429
- 503
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Delete a service
Delete a service by id. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Responses
Response samples
- 200
- 400
- 401
- 404
- 409
- 429
- 503
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Update the supplied fields on a service
Update the supplied fields on a service. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Request Body schema: application/json
A service patch object
configs | Array of strings |
encryptionRequired | boolean Describes whether connections must support end-to-end encryption on both sides of the connection. Read-only property, set at create. |
maxIdleTimeMillis | integer |
name | string |
roleAttributes | Array of strings |
object or null (tags) A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean | |
terminatorStrategy | string |
Responses
Request samples
- Payload
{- "configs": [
- "string"
], - "encryptionRequired": true,
- "maxIdleTimeMillis": 0,
- "name": "string",
- "roleAttributes": [
- "string"
], - "tags": {
- "property1": { },
- "property2": { }
}, - "terminatorStrategy": "string"
}
Response samples
- 200
- 400
- 401
- 404
- 429
- 503
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
List of edge routers permitted to handle traffic for the specified service
Retrieves the list of edge routers permitted to handle traffic for the specified service
Authorizations:
path Parameters
id required | string The id of the requested resource |
query Parameters
limit | integer |
offset | integer |
filter | string |
header Parameters
session-token | string an optional JWT token use to authenticate the request. If provided, the token must be valid else a not authorized response is returned. |
Responses
Response samples
- 200
- 400
- 401
- 404
- 429
{- "data": {
- "edgeRouters": [
- {
- "appData": {
- "property1": { },
- "property2": { }
}, - "cost": 65535,
- "disabled": true,
- "hostname": "string",
- "isOnline": true,
- "name": "string",
- "noTraversal": true,
- "supportedProtocols": {
- "property1": "string",
- "property2": "string"
}, - "syncStatus": "string"
}
]
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
List of terminators assigned to a service
Retrieves a list of terminator resources that are assigned specific service; supports filtering, sorting, and pagination.
Authorizations:
path Parameters
id required | string The id of the requested resource |
query Parameters
limit | integer |
offset | integer |
filter | string |
Responses
Response samples
- 200
- 400
- 401
- 429
{- "data": [
- {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "identity": "string",
- "routerId": "string",
- "service": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "serviceId": "string"
}
], - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
List sessions
Retrieves a list of active sessions resources; supports filtering, sorting, and pagination.
Sessions are tied to an API session and are moved when an API session times out or logs out. Active sessions (i.e. Ziti SDK connected to an edge router) will keep the session and API session marked as active.
Authorizations:
query Parameters
limit | integer |
offset | integer |
filter | string |
Responses
Response samples
- 200
- 400
- 401
- 429
{- "data": [
- {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "apiSession": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "apiSessionId": "string",
- "edgeRouters": [
- {
- "appData": {
- "property1": { },
- "property2": { }
}, - "cost": 65535,
- "disabled": true,
- "hostname": "string",
- "isOnline": true,
- "name": "string",
- "noTraversal": true,
- "supportedProtocols": {
- "property1": "string",
- "property2": "string"
}, - "syncStatus": "string",
- "urls": {
- "property1": "string",
- "property2": "string"
}
}
], - "identityId": "string",
- "service": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "serviceId": "string",
- "token": "string",
- "type": "Dial"
}
], - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Create a session resource
Create a session resource.
Authorizations:
Request Body schema: application/json
A session to create
serviceId | string |
object or null (tags) A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean | |
type | string (dialBind) Enum: "Dial" "Bind" "Invalid" |
Responses
Request samples
- Payload
{- "serviceId": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "type": "Dial"
}
Response samples
- 201
- 400
- 401
- 404
- 429
{- "data": {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "apiSession": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "apiSessionId": "string",
- "edgeRouters": [
- {
- "appData": {
- "property1": { },
- "property2": { }
}, - "cost": 65535,
- "disabled": true,
- "hostname": "string",
- "isOnline": true,
- "name": "string",
- "noTraversal": true,
- "supportedProtocols": {
- "property1": "string",
- "property2": "string"
}, - "syncStatus": "string",
- "urls": {
- "property1": "string",
- "property2": "string"
}
}
], - "identityId": "string",
- "service": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "serviceId": "string",
- "token": "string",
- "type": "Dial"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Retrieves a single session
Retrieves a single session by id.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Responses
Response samples
- 200
- 401
- 404
{- "data": {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "apiSession": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "apiSessionId": "string",
- "edgeRouters": [
- {
- "appData": {
- "property1": { },
- "property2": { }
}, - "cost": 65535,
- "disabled": true,
- "hostname": "string",
- "isOnline": true,
- "name": "string",
- "noTraversal": true,
- "supportedProtocols": {
- "property1": "string",
- "property2": "string"
}, - "syncStatus": "string",
- "urls": {
- "property1": "string",
- "property2": "string"
}
}
], - "identityId": "string",
- "service": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "serviceId": "string",
- "token": "string",
- "type": "Dial"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Delete a session
Delete a session by id.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}