Edge Management API Reference
Response samples
- 200
{- "data": {
- "apiVersions": {
- "property1": {
- "property1": {
- "apiBaseUrls": [
- "string"
], - "path": "string",
- "version": "string"
}, - "property2": {
- "apiBaseUrls": [
- "string"
], - "path": "string",
- "version": "string"
}
}, - "property2": {
- "property1": {
- "apiBaseUrls": [
- "string"
], - "path": "string",
- "version": "string"
}, - "property2": {
- "apiBaseUrls": [
- "string"
], - "path": "string",
- "version": "string"
}
}
}, - "buildDate": "2020-02-11 16:09:08",
- "revision": "ea556fc18740",
- "runtimeVersion": "go1.13.5",
- "version": "v0.9.0"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Returns a list of API specs
Returns a list of spec files embedded within the controller for consumption/documentation/code geneartion
Responses
Response samples
- 200
{- "data": [
- {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "name": "string"
}
], - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Return a single spec resource
Returns single spec resource embedded within the controller for consumption/documentation/code geneartion
path Parameters
id required | string The id of the requested resource |
Responses
Response samples
- 200
{- "data": {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "name": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Returns a list of accessible resource counts
This endpoint is usefull for UIs that wish to display UI elements with counts.
Authorizations:
Responses
Response samples
- 200
- 401
{- "data": {
- "property1": 0,
- "property2": 0
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Response samples
- 200
{- "data": {
- "apiVersions": {
- "property1": {
- "property1": {
- "apiBaseUrls": [
- "string"
], - "path": "string",
- "version": "string"
}, - "property2": {
- "apiBaseUrls": [
- "string"
], - "path": "string",
- "version": "string"
}
}, - "property2": {
- "property1": {
- "apiBaseUrls": [
- "string"
], - "path": "string",
- "version": "string"
}, - "property2": {
- "apiBaseUrls": [
- "string"
], - "path": "string",
- "version": "string"
}
}
}, - "buildDate": "2020-02-11 16:09:08",
- "revision": "ea556fc18740",
- "runtimeVersion": "go1.13.5",
- "version": "v0.9.0"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
List active API sessions
Returns a list of active API sessions. The resources can be sorted, filtered, and paginated. This endpoint requires admin access.
Authorizations:
query Parameters
limit | integer |
offset | integer |
filter | string |
Responses
Response samples
- 200
- 400
- 401
{- "data": [
- {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "authQueries": [
- {
- "format": "numeric",
- "httpMethod": "string",
- "httpUrl": "string",
- "maxLength": 0,
- "minLength": 0,
- "provider": "ziti",
- "typeId": "string"
}
], - "authenticatorId": "string",
- "cachedLastActivityAt": "2019-08-24T14:15:22Z",
- "configTypes": [
- "string"
], - "identity": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "identityId": "string",
- "ipAddress": "string",
- "isMfaComplete": true,
- "isMfaRequired": true,
- "lastActivityAt": "2019-08-24T14:15:22Z",
- "token": "string"
}
], - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Retrieves a single API Session
Retrieves a single API Session by id. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Responses
Response samples
- 200
- 401
- 404
{- "data": {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "authQueries": [
- {
- "format": "numeric",
- "httpMethod": "string",
- "httpUrl": "string",
- "maxLength": 0,
- "minLength": 0,
- "provider": "ziti",
- "typeId": "string"
}
], - "authenticatorId": "string",
- "cachedLastActivityAt": "2019-08-24T14:15:22Z",
- "configTypes": [
- "string"
], - "identity": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "identityId": "string",
- "ipAddress": "string",
- "isMfaComplete": true,
- "isMfaRequired": true,
- "lastActivityAt": "2019-08-24T14:15:22Z",
- "token": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Deletes an API Sessions
Deletes and API sesion by id. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Responses
Response samples
- 200
- 403
- 404
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
List Auth Policies
Retrieves a list of Auth Policies
Authorizations:
query Parameters
limit | integer |
offset | integer |
filter | string |
Responses
Response samples
- 200
- 400
- 401
{- "data": [
- {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "name": "string",
- "primary": {
- "cert": {
- "allowExpiredCerts": true,
- "allowed": true
}, - "extJwt": {
- "allowed": true,
- "allowedSigners": [
- "string"
]
}, - "updb": {
- "allowed": true,
- "lockoutDurationMinutes": 0,
- "maxAttempts": 0,
- "minPasswordLength": 0,
- "requireMixedCase": true,
- "requireNumberChar": true,
- "requireSpecialChar": true
}
}, - "secondary": {
- "requireExtJwtSigner": "string",
- "requireTotp": true
}
}
], - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Creates an Auth Policy
Creates an Auth Policy. Requires admin access.
Authorizations:
Request Body schema: application/json
An Auth Policy to create
name required | string |
required | object (authPolicyPrimary) |
required | object (authPolicySecondary) |
object or null (tags) A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean |
Responses
Request samples
- Payload
{- "name": "string",
- "primary": {
- "cert": {
- "allowExpiredCerts": true,
- "allowed": true
}, - "extJwt": {
- "allowed": true,
- "allowedSigners": [
- "string"
]
}, - "updb": {
- "allowed": true,
- "lockoutDurationMinutes": 0,
- "maxAttempts": 0,
- "minPasswordLength": 0,
- "requireMixedCase": true,
- "requireNumberChar": true,
- "requireSpecialChar": true
}
}, - "secondary": {
- "requireExtJwtSigner": "string",
- "requireTotp": true
}, - "tags": {
- "property1": { },
- "property2": { }
}
}
Response samples
- 201
- 400
- 401
{- "data": {
- "_links": {
}, - "id": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Retrieves a single Auth Policy
Retrieves a single Auth Policy by id. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Responses
Response samples
- 200
- 401
- 404
{- "data": {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "name": "string",
- "primary": {
- "cert": {
- "allowExpiredCerts": true,
- "allowed": true
}, - "extJwt": {
- "allowed": true,
- "allowedSigners": [
- "string"
]
}, - "updb": {
- "allowed": true,
- "lockoutDurationMinutes": 0,
- "maxAttempts": 0,
- "minPasswordLength": 0,
- "requireMixedCase": true,
- "requireNumberChar": true,
- "requireSpecialChar": true
}
}, - "secondary": {
- "requireExtJwtSigner": "string",
- "requireTotp": true
}
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Update all fields on an Auth Policy
Update all fields on an Auth Policy by id. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Request Body schema: application/json
An Auth Policy update object
name required | string |
required | object (authPolicyPrimary) |
required | object (authPolicySecondary) |
object or null (tags) A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean |
Responses
Request samples
- Payload
{- "name": "string",
- "primary": {
- "cert": {
- "allowExpiredCerts": true,
- "allowed": true
}, - "extJwt": {
- "allowed": true,
- "allowedSigners": [
- "string"
]
}, - "updb": {
- "allowed": true,
- "lockoutDurationMinutes": 0,
- "maxAttempts": 0,
- "minPasswordLength": 0,
- "requireMixedCase": true,
- "requireNumberChar": true,
- "requireSpecialChar": true
}
}, - "secondary": {
- "requireExtJwtSigner": "string",
- "requireTotp": true
}, - "tags": {
- "property1": { },
- "property2": { }
}
}
Response samples
- 200
- 400
- 401
- 404
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Delete an Auth Policy
Delete an Auth Policy by id. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Responses
Response samples
- 200
- 400
- 401
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Update the supplied fields on an Auth Policy
Update only the supplied fields on an Auth Policy by id. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Request Body schema: application/json
An Auth Policy patch object
name | string or null |
object (authPolicyPrimaryPatch) | |
object or null (authPolicySecondaryPatch) | |
object or null (tags) A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean |
Responses
Request samples
- Payload
{- "name": "string",
- "primary": {
- "cert": {
- "allowExpiredCerts": true,
- "allowed": true
}, - "extJwt": {
- "allowed": true,
- "allowedSigners": [
- "string"
]
}, - "updb": {
- "allowed": true,
- "lockoutDurationMinutes": 0,
- "maxAttempts": 0,
- "minPasswordLength": 0,
- "requireMixedCase": true,
- "requireNumberChar": true,
- "requireSpecialChar": true
}
}, - "secondary": {
- "requireExtJwtSigner": "string",
- "requireTotp": true
}, - "tags": {
- "property1": { },
- "property2": { }
}
}
Response samples
- 200
- 400
- 401
- 404
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Authenticate via a method supplied via a query string parameter
Allowed authentication methods include "password", "cert", and "ext-jwt"
query Parameters
method required | string Enum: "password" "cert" "ext-jwt" |
Request Body schema: application/json
configTypes | Array of strings (configTypes) Specific configuration types that should be returned |
object (envInfo) Environment information an authenticating client may provide | |
password | string (password) [ 5 .. 100 ] characters |
object (sdkInfo) SDK information an authenticating client may provide | |
username | string (username) [ 4 .. 100 ] characters |
Responses
Request samples
- Payload
{- "configTypes": [
- "string"
], - "envInfo": {
- "arch": "string",
- "os": "string",
- "osRelease": "string",
- "osVersion": "string"
}, - "password": "string",
- "sdkInfo": {
- "appId": "string",
- "appVersion": "string",
- "branch": "string",
- "revision": "string",
- "type": "string",
- "version": "string"
}, - "username": "string"
}
Response samples
- 200
- 400
- 401
{- "data": {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "authQueries": [
- {
- "format": "numeric",
- "httpMethod": "string",
- "httpUrl": "string",
- "maxLength": 0,
- "minLength": 0,
- "provider": "ziti",
- "typeId": "string"
}
], - "authenticatorId": "string",
- "cachedLastActivityAt": "2019-08-24T14:15:22Z",
- "configTypes": [
- "string"
], - "identity": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "identityId": "string",
- "ipAddress": "string",
- "isMfaComplete": true,
- "isMfaRequired": true,
- "lastActivityAt": "2019-08-24T14:15:22Z",
- "token": "string",
- "expirationSeconds": 0,
- "expiresAt": "2019-08-24T14:15:22Z"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Complete MFA authentication
Completes MFA authentication by submitting a MFA time based one time token or backup code.
Authorizations:
Request Body schema: application/json
An MFA validation request
code required | string |
Responses
Request samples
- Payload
{- "code": "string"
}
Response samples
- 200
- 401
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Complete MFA authentication
Completes MFA authentication by submitting a MFA time based one time token or backup code.
Authorizations:
Request Body schema: application/json
An MFA validation request
code required | string |
Responses
Request samples
- Payload
{- "code": "string"
}
Response samples
- 200
- 401
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Returns the current status of MFA enrollment
Returns details about the current MFA enrollment. If enrollment has not been completed it will return the current MFA configuration details necessary to complete a POST /current-identity/mfa/verify
.
Authorizations:
Responses
Response samples
- 200
- 401
- 404
{- "data": {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "isVerified": true,
- "provisioningUrl": "string",
- "recoveryCodes": [
- "string"
]
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Initiate MFA enrollment
Allows authenticator based MFA enrollment. If enrollment has already been completed, it must be disabled before attempting to re-enroll. Subsequent enrollment request is completed via POST /current-identity/mfa/verify
Authorizations:
Responses
Response samples
- 201
- 401
- 409
{- "data": {
- "_links": {
}, - "id": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Disable MFA for the current identity
Disable MFA for the current identity. Requires a current valid time based one time password if MFA enrollment has been completed. If not, code should be an empty string. If one time passwords are not available and admin account can be used to remove MFA from the identity via DELETE /identities/<id>/mfa
.
Authorizations:
header Parameters
mfa-validation-code | string |
Responses
Response samples
- 200
- 401
- 404
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
For a completed MFA enrollment view the current recovery codes
Allows the viewing of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment.
Authorizations:
header Parameters
mfa-validation-code | string |
Request Body schema: application/json
An MFA validation request
code required | string |
Responses
Request samples
- Payload
{- "code": "string"
}
Response samples
- 200
- 401
- 404
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
For a completed MFA enrollment regenerate the recovery codes
Allows regeneration of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment. This replaces all existing recovery codes.
Authorizations:
Request Body schema: application/json
An MFA validation request
code required | string |
Responses
Request samples
- Payload
{- "code": "string"
}
Response samples
- 200
- 401
- 404
{- "error": {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "recoveryCodes": [
- "string"
]
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Complete MFA enrollment by verifying a time based one time token
Completes MFA enrollment by accepting a time based one time password as verification. Called after MFA enrollment has been initiated via POST /current-identity/mfa
.
Authorizations:
Request Body schema: application/json
An MFA validation request
code required | string |
Responses
Request samples
- Payload
{- "code": "string"
}
Response samples
- 200
- 401
- 404
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Remove MFA from an identitity
Allows an admin to remove MFA enrollment from a specific identity. Requires admin.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Responses
Response samples
- 200
- 401
- 404
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
List authenticators
Returns a list of authenticators associated to identities. The resources can be sorted, filtered, and paginated. This endpoint requires admin access.
Authorizations:
query Parameters
limit | integer |
offset | integer |
filter | string |
Responses
Response samples
- 200
- 400
- 401
{- "data": [
- {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "certPem": "string",
- "fingerprint": "string",
- "identity": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "identityId": "string",
- "method": "string",
- "username": "string"
}
], - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Creates an authenticator
Creates an authenticator for a specific identity. Requires admin access.
Authorizations:
Request Body schema: application/json
A Authenticator create object
certPem | string The client certificate the identity will login with. Used only for method='cert' |
identityId required | string The id of an existing identity that will be assigned this authenticator |
method required | string The type of authenticator to create; which will dictate which properties on this object are required. |
password | string The password the identity will login with. Used only for method='updb' |
object or null (tags) A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean | |
username | string The username that the identity will login with. Used only for method='updb' |
Responses
Request samples
- Payload
{- "certPem": "string",
- "identityId": "string",
- "method": "string",
- "password": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "username": "string"
}
Response samples
- 201
- 400
- 401
{- "certPem": "string",
- "identityId": "string",
- "method": "string",
- "password": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "username": "string"
}
Retrieves a single authenticator
Retrieves a single authenticator by id. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Responses
Response samples
- 200
- 401
- 404
{- "data": {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "certPem": "string",
- "fingerprint": "string",
- "identity": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "identityId": "string",
- "method": "string",
- "username": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Update all fields on an authenticator
Update all fields on an authenticator by id. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Request Body schema: application/json
An authenticator put object
password required | string (password) [ 5 .. 100 ] characters |
object or null (tags) A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean | |
username required | string (username) [ 4 .. 100 ] characters |
Responses
Request samples
- Payload
{- "password": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "username": "string"
}
Response samples
- 200
- 400
- 401
- 404
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Delete an Authenticator
Delete an authenticator by id. Deleting all authenticators for an identity will make it impossible to log in. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Responses
Response samples
- 200
- 400
- 401
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Update the supplied fields on an authenticator
Update the supplied fields on an authenticator by id. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Request Body schema: application/json
An authenticator patch object
password | string or null (passwordNullable) [ 5 .. 100 ] characters |
object or null (tags) A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean | |
username | string or null (usernameNullable) [ 4 .. 100 ] characters |
Responses
Request samples
- Payload
{- "password": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "username": "string"
}
Response samples
- 200
- 400
- 401
- 404
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Reverts an authenticator to an enrollment
Allows an authenticator to be reverted to an enrollment and allows re-enrollment to occur. On success the created enrollment record response is provided and the source authenticator record will be deleted. The enrollment created depends on the authenticator. UPDB authenticators result in UPDB enrollments, CERT authenticators result in OTT enrollments, CERT + CA authenticators result in OTTCA enrollments.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Request Body schema: application/json
A reEnrollment request
expiresAt required | string <date-time> |
Responses
Request samples
- Payload
{- "expiresAt": "2019-08-24T14:15:22Z"
}
Response samples
- 201
- 401
- 404
{- "data": {
- "_links": {
}, - "id": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
List CAs
Retrieves a list of CA resources; supports filtering, sorting, and pagination. Requires admin access.
Authorizations:
query Parameters
limit | integer |
offset | integer |
filter | string |
Responses
Response samples
- 200
- 400
- 401
{- "data": [
- {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "certPem": "string",
- "externalIdClaim": {
- "index": 0,
- "location": "COMMON_NAME",
- "matcher": "ALL",
- "matcherCriteria": "string",
- "parser": "NONE",
- "parserCriteria": "string"
}, - "fingerprint": "string",
- "identityNameFormat": "string",
- "identityRoles": [
- "string"
], - "isAuthEnabled": true,
- "isAutoCaEnrollmentEnabled": true,
- "isOttCaEnrollmentEnabled": true,
- "isVerified": false,
- "name": "string",
- "verificationToken": "661bcd0f-0b84-48ca-a7f5-e63d66ad0300"
}
], - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Creates a CA
Creates a CA in an unverified state. Requires admin access.
Authorizations:
Request Body schema: application/json
A CA to create
certPem required | string |
object (externalIdClaim) | |
identityNameFormat | string |
identityRoles required | Array of strings (roles) |
isAuthEnabled required | boolean |
isAutoCaEnrollmentEnabled required | boolean |
isOttCaEnrollmentEnabled required | boolean |
name required | string |
object or null (tags) A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean |
Responses
Request samples
- Payload
{- "certPem": "-----BEGIN CERTIFICATE-----\nMIICUjCCAdmgAwIBAgIJANooo7NB+dZZMAoGCCqGSM49BAMCMF4xCzAJBgNVBAYT\nAlVTMQswCQYDVQQIDAJOQzETMBEGA1UECgwKTmV0Rm91bmRyeTEtMCsGA1UEAwwk\nTmV0Rm91bmRyeSBaaXRpIEV4dGVybmFsIEFQSSBSb290IENBMB4XDTE4MTExNTEy\nNTcwOVoXDTM4MTExMDEyNTcwOVowXjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5D\nMRMwEQYDVQQKDApOZXRGb3VuZHJ5MS0wKwYDVQQDDCROZXRGb3VuZHJ5IFppdGkg\nRXh0ZXJuYWwgQVBJIFJvb3QgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARwq61Z\nIaqbaw0PDt3frJZaHjkxfZhwYrykI1GlbRNd/jix03lVG9qvpN5Og9fQfFFcFmD/\n3vCE9S6O0npm0mADQxcBcxbMRAH5dtBuCuiJW6qAAbPgiM32vqSxBiFt0KejYzBh\nMB0GA1UdDgQWBBRx1OVGuc/jdltDc8YBtkw8Tbr4fjAfBgNVHSMEGDAWgBRx1OVG\nuc/jdltDc8YBtkw8Tbr4fjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB\nhjAKBggqhkjOPQQDAgNnADBkAjBDRxNZUaIVpkQKnAgJukl3ysd3/i7Z6hDyIEms\nkllz/+ZvmdBp9iedV5o5BvJUggACMCv+UBFlJH7pmsOCo/F45Kk178YsCC7gaMxE\n1ZG1zveyMvsYsH04C9FndE6w2MLvlA==\n-----END CERTIFICATE-----\n",
- "externalIdClaim": {
- "index": 0,
- "location": "COMMON_NAME",
- "matcher": "ALL",
- "matcherCriteria": "string",
- "parser": "NONE",
- "parserCriteria": "string"
}, - "identityNameFormat": "string",
- "identityRoles": [
- "string"
], - "isAuthEnabled": true,
- "isAutoCaEnrollmentEnabled": true,
- "isOttCaEnrollmentEnabled": true,
- "name": "Test 3rd Party External CA",
- "tags": {
- "property1": { },
- "property2": { }
}
}
Response samples
- 201
- 400
- 401
{- "data": {
- "_links": {
}, - "id": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Retrieves a single CA
Retrieves a single CA by id. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Responses
Response samples
- 200
- 401
- 404
{- "data": {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "certPem": "string",
- "externalIdClaim": {
- "index": 0,
- "location": "COMMON_NAME",
- "matcher": "ALL",
- "matcherCriteria": "string",
- "parser": "NONE",
- "parserCriteria": "string"
}, - "fingerprint": "string",
- "identityNameFormat": "string",
- "identityRoles": [
- "string"
], - "isAuthEnabled": true,
- "isAutoCaEnrollmentEnabled": true,
- "isOttCaEnrollmentEnabled": true,
- "isVerified": false,
- "name": "string",
- "verificationToken": "661bcd0f-0b84-48ca-a7f5-e63d66ad0300"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Update all fields on a CA
Update all fields on a CA by id. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Request Body schema: application/json
A CA update object
object (externalIdClaim) | |
identityNameFormat required | string |
identityRoles required | Array of strings (roles) |
isAuthEnabled required | boolean |
isAutoCaEnrollmentEnabled required | boolean |
isOttCaEnrollmentEnabled required | boolean |
name required | string |
object or null (tags) A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean |
Responses
Request samples
- Payload
{- "externalIdClaim": {
- "index": 0,
- "location": "COMMON_NAME",
- "matcher": "ALL",
- "matcherCriteria": "string",
- "parser": "NONE",
- "parserCriteria": "string"
}, - "identityNameFormat": "string",
- "identityRoles": [
- "string"
], - "isAuthEnabled": true,
- "isAutoCaEnrollmentEnabled": true,
- "isOttCaEnrollmentEnabled": true,
- "name": "My CA",
- "tags": {
- "property1": { },
- "property2": { }
}
}
Response samples
- 200
- 400
- 401
- 404
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Delete a CA
Delete a CA by id. Deleting a CA will delete its associated certificate authenticators. This can make it impossible for identities to authenticate if they no longer have any valid authenticators. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Responses
Response samples
- 200
- 400
- 401
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Update the supplied fields on a CA
Update only the supplied fields on a CA by id. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Request Body schema: application/json
A CA patch object
object (externalIdClaimPatch) | |
identityNameFormat | string or null |
identityRoles | Array of strings (roles) |
isAuthEnabled | boolean or null |
isAutoCaEnrollmentEnabled | boolean or null |
isOttCaEnrollmentEnabled | boolean or null |
name | string or null |
object or null (tags) A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean |
Responses
Request samples
- Payload
{- "externalIdClaim": {
- "index": 0,
- "location": "COMMON_NAME",
- "matcher": "ALL",
- "matcherCriteria": "string",
- "parser": "NONE",
- "parserCriteria": "string"
}, - "identityNameFormat": "string",
- "identityRoles": [
- "string"
], - "isAuthEnabled": true,
- "isAutoCaEnrollmentEnabled": true,
- "isOttCaEnrollmentEnabled": true,
- "name": "My CA",
- "tags": {
- "property1": { },
- "property2": { }
}
}
Response samples
- 200
- 400
- 401
- 404
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Retrieve the enrollment JWT for a CA
For CA auto enrollment, the enrollment JWT is static and provided on each CA resource. This endpoint provides the jwt as a text response.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Responses
Response samples
- 200
- 401
- 404
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbSI6ImNhIiwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6MTI 4MC8ifQ.Ot6lhNBSOw8ygHytdI5l7WDf9EWadOj44UPvJ0c-8mJ54fClWM3uMZrAHSSfV6KmOSZOeBBJe4VlNyoD-_MOECP0BzYSnSQP3E zJb0VlM-fFmGcKNGW157icyZNISfO43JL_Lw2QPBzTgikqSIj9eZnocC3BeAmZCHsVznnLfHWqDldcmuxnu-5MNOSrWV1x9iVcgLFlLHXK 2PLA4qIiZmlQTrQjpHJmUaoJ07mnj8hMKzxB3wBG8kpazjEo7HDRCO06aBH4eqFgf_l0iT8Dzcb31jquWMGUoSXPhf4lVJh_FiNcR1wVx- UiHLbG5h23Aqf1UJF-F38rc1FElKz0Zg
Verify a CA
Allows a CA to become verified by submitting a certificate in PEM format that has been signed by the target CA. The common name on the certificate must match the verificationToken property of the CA. Unverfieid CAs can not be used for enrollment/authentication. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Request Body schema: text/plain
A PEM formatted certificate signed by the target CA with the common name matching the CA's validationToken
Responses
Response samples
- 200
- 400
- 401
- 404
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
List config-types
Retrieves a list of config-type resources; supports filtering, sorting, and pagination. Requires admin access.
Authorizations:
query Parameters
limit | integer |
offset | integer |
filter | string |
Responses
Response samples
- 200
- 400
- 401
{- "data": [
- {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "name": "ziti-tunneler-server.v1",
- "schema": { }
}
], - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Create a config-type. Requires admin access.
Authorizations:
Request Body schema: application/json
A config-type to create
name required | string |
object A JSON schema to enforce configuration against | |
object or null (tags) A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean |
Responses
Request samples
- Payload
{- "name": "ziti-tunneler-server.v1",
- "schema": { },
- "tags": {
- "property1": { },
- "property2": { }
}
}
Response samples
- 201
- 400
- 401
{- "data": {
- "_links": {
}, - "id": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Retrieves a single config-type
Retrieves a single config-type by id. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Responses
Response samples
- 200
- 401
- 404
{- "data": {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "name": "ziti-tunneler-server.v1",
- "schema": { }
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Update all fields on a config-type
Update all fields on a config-type by id. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Request Body schema: application/json
A config-type update object
name required | string |
object A JSON schema to enforce configuration against | |
object or null (tags) A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean |
Responses
Request samples
- Payload
{- "name": "ziti-tunneler-server.v1",
- "schema": { },
- "tags": {
- "property1": { },
- "property2": { }
}
}
Response samples
- 200
- 400
- 401
- 404
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Delete a config-type
Delete a config-type by id. Removing a configuration type that are in use will result in a 409 conflict HTTP status code and error. All configurations of a type must be removed first.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Responses
Response samples
- 200
- 400
- 401
- 409
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Update the supplied fields on a config-type
Update the supplied fields on a config-type. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Request Body schema: application/json
A config-type patch object
name | string |
object A JSON schema to enforce configuration against | |
object or null (tags) A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean |
Responses
Request samples
- Payload
{- "name": "ziti-tunneler-server.v1",
- "schema": { },
- "tags": {
- "property1": { },
- "property2": { }
}
}
Response samples
- 200
- 400
- 401
- 404
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Lists the configs of a specific config-type
Lists the configs associated to a config-type. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Responses
Response samples
- 200
{- "data": [
- {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "configType": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "configTypeId": "string",
- "data": { },
- "name": "string"
}
], - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
List configs
Retrieves a list of config resources; supports filtering, sorting, and pagination. Requires admin access.
Authorizations:
query Parameters
limit | integer |
offset | integer |
filter | string |
Responses
Response samples
- 200
- 400
- 401
{- "data": [
- {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "configType": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "configTypeId": "string",
- "data": { },
- "name": "string"
}
], - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Create a config resource
Create a config resource. Requires admin access.
Authorizations:
Request Body schema: application/json
A config to create
configTypeId required | string The id of a config-type that the data section will match |
required | object Data payload is defined by the schema of the config-type defined in the type parameter |
name required | string |
object or null (tags) A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean |
Responses
Request samples
- Payload
{- "configTypeId": "cea49285-6c07-42cf-9f52-09a9b115c783",
- "data": {
- "hostname": "example.com",
- "port": 80
}, - "name": "test-config"
}
Response samples
- 201
- 400
- 401
{- "data": {
- "_links": {
}, - "id": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Retrieves a single config
Retrieves a single config by id. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Responses
Response samples
- 200
- 401
- 404
{- "data": {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "configType": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "configTypeId": "string",
- "data": { },
- "name": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Update all fields on a config
Update all fields on a config by id. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Request Body schema: application/json
A config update object
required | object Data payload is defined by the schema of the config-type defined in the type parameter |
name required | string |
object or null (tags) A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean |
Responses
Request samples
- Payload
{- "data": {
- "hostname": "example.com",
- "port": 80
}, - "name": "example-config-name"
}
Response samples
- 200
- 400
- 401
- 404
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Delete a config
Delete a config by id. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Responses
Response samples
- 200
- 400
- 401
- 409
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Update the supplied fields on a config
Update the supplied fields on a config. Requires admin access.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Request Body schema: application/json
A config patch object
object Data payload is defined by the schema of the config-type defined in the type parameter | |
name | string |
object or null (tags) A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean |
Responses
Request samples
- Payload
{- "data": {
- "hostname": "example.com",
- "port": 80
}, - "name": "example-config-name"
}
Response samples
- 200
- 400
- 401
- 404
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Return the current API session
Retrieves the API session that was used to issue the current request
Authorizations:
Responses
Response samples
- 200
- 401
{- "data": {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "authQueries": [
- {
- "format": "numeric",
- "httpMethod": "string",
- "httpUrl": "string",
- "maxLength": 0,
- "minLength": 0,
- "provider": "ziti",
- "typeId": "string"
}
], - "authenticatorId": "string",
- "cachedLastActivityAt": "2019-08-24T14:15:22Z",
- "configTypes": [
- "string"
], - "identity": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "identityId": "string",
- "ipAddress": "string",
- "isMfaComplete": true,
- "isMfaRequired": true,
- "lastActivityAt": "2019-08-24T14:15:22Z",
- "token": "string",
- "expirationSeconds": 0,
- "expiresAt": "2019-08-24T14:15:22Z"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
List authenticators for the current identity
Retrieves a list of authenticators assigned to the current API session's identity; supports filtering, sorting, and pagination.
Authorizations:
query Parameters
limit | integer |
offset | integer |
filter | string |
Responses
Response samples
- 200
- 400
- 401
{- "data": [
- {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "certPem": "string",
- "fingerprint": "string",
- "identity": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "identityId": "string",
- "method": "string",
- "username": "string"
}
], - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Retrieve an authenticator for the current identity
Retrieves a single authenticator by id. Will only show authenticators assigned to the API session's identity.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Responses
Response samples
- 200
- 401
- 404
{- "data": {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "certPem": "string",
- "fingerprint": "string",
- "identity": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "identityId": "string",
- "method": "string",
- "username": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Update all fields on an authenticator of this identity
Update all fields on an authenticator by id. Will only update authenticators assigned to the API session's identity.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Request Body schema: application/json
An authenticator put object
password required | string (password) [ 5 .. 100 ] characters |
object or null (tags) A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean | |
username required | string (username) [ 4 .. 100 ] characters |
currentPassword required | string (password) [ 5 .. 100 ] characters |
Responses
Request samples
- Payload
{- "password": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "username": "string",
- "currentPassword": "string"
}
Response samples
- 200
- 400
- 401
- 404
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Update the supplied fields on an authenticator of this identity
Update the supplied fields on an authenticator by id. Will only update authenticators assigned to the API session's identity.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Request Body schema: application/json
An authenticator patch object
password | string or null (passwordNullable) [ 5 .. 100 ] characters |
object or null (tags) A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean | |
username | string or null (usernameNullable) [ 4 .. 100 ] characters |
currentPassword required | string (password) [ 5 .. 100 ] characters |
Responses
Request samples
- Payload
{- "password": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "username": "string",
- "currentPassword": "string"
}
Response samples
- 200
- 400
- 401
- 404
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Allows the current identity to recieve a new certificate associated with a certificate based authenticator
This endpoint only functions for certificates issued by the controller. 3rd party certificates are not handled. Allows an identity to extend its certificate's expiration date by using its current and valid client certificate to submit a CSR. This CSR may be passed in using a new private key, thus allowing private key rotation. The response from this endpoint is a new client certificate which the client must be verified via the /authenticators/{id}/extend-verify endpoint. After verification is completion any new connections must be made with new certificate. Prior to verification the old client certificate remains active.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Request Body schema: application/json
clientCertCsr required | string |
Responses
Request samples
- Payload
{- "clientCertCsr": "string"
}
Response samples
- 200
- 401
{- "data": {
- "ca": "string",
- "clientCert": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Allows the current identity to validate reciept of a new client certificate
After submitting a CSR for a new client certificate the resulting public certificate must be re-submitted to this endpoint to verify receipt. After receipt, the new client certificate must be used for new authentication requests.
Authorizations:
path Parameters
id required | string The id of the requested resource |
Request Body schema: application/json
clientCert required | string A PEM encoded client certificate previously returned after an extension request |
Responses
Request samples
- Payload
{- "clientCert": "string"
}
Response samples
- 200
- 401
{- "data": { },
- "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagination": {
- "limit": 0,
- "offset": 0,
- "totalCount": 0
}
}
}
Return the current identity
Returns the identity associated with the API sessions used to issue the current request
Authorizations:
Responses
Response samples
- 200
- 401
{- "data": {
- "_links": {
}, - "createdAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "tags": {
- "property1": { },
- "property2": { }
}, - "updatedAt": "2019-08-24T14:15:22Z",
- "appData": {
- "property1": { },
- "property2": { }
}, - "authPolicy": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "authPolicyId": "string",
- "authenticators": {
- "cert": {
- "fingerprint": "string",
- "id": "string"
}, - "updb": {
- "id": "string",
- "username": "string"
}
}, - "defaultHostingCost": 65535,
- "defaultHostingPrecedence": "default",
- "disabled": true,
- "disabledAt": "2019-08-24T14:15:22Z",
- "disabledUntil": "2019-08-24T14:15:22Z",
- "enrollment": {
- "ott": {
- "expiresAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "jwt": "string",
- "token": "string"
}, - "ottca": {
- "ca": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "caId": "string",
- "expiresAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "jwt": "string",
- "token": "string"
}, - "updb": {
- "expiresAt": "2019-08-24T14:15:22Z",
- "id": "string",
- "jwt": "string",
- "token": "string"
}
}, - "envInfo": {
- "arch": "string",
- "os": "string",
- "osRelease": "string",
- "osVersion": "string"
}, - "externalId": "string",
- "hasApiSession": true,
- "hasEdgeRouterConnection": true,
- "isAdmin": true,
- "isDefaultAdmin": true,
- "isMfaEnabled": true,
- "name": "string",
- "roleAttributes": [
- "string"
], - "sdkInfo": {
- "appId": "string",
- "appVersion": "string",
- "branch": "string",
- "revision": "string",
- "type": "string",
- "version": "string"
}, - "serviceHostingCosts": {
- "property1": 65535,
- "property2": 65535
}, - "serviceHostingPrecedences": {
- "property1": "default",
- "property2": "default"
}, - "type": {
- "_links": {
}, - "entity": "string",
- "id": "string",
- "name": "string"
}, - "typeId": "string"
}, - "meta": {
- "apiEnrollmentVersion": "string",
- "apiVersion": "string",
- "filterableFields": [
- "string"
], - "pagi