NAV Navbar
Shell
  • Illumio ASP 18.2.1 v2 REST API Reference Preview
  • Agents
  • API Keys
  • Auth Security Principals
  • Authentication Settings
  • Blocked Traffic Flows
  • Datafiles
  • Events
  • Explorer
  • Firewall Settings
  • Health
  • IP Lists
  • Jobs
  • Labels
  • Label Groups
  • Login Users
  • Pairing Profiles
  • Permissions
  • Organization Settings
  • Root Level Methods
  • Rulesets and Rules
  • Security Policy
  • Security Policy Check
  • Services
  • System Events
  • Users
  • Users Local Profile
  • Virtual Services
  • Vulnerabilities
  • Vulnerability Reports
  • Workload Interfaces
  • Workload Settings
  • Workloads
  • Illumio ASP 18.2.1 v2 REST API Reference Preview

    This Illumio ASP 18.2.1 v2 REST API Reference Preview includes all Public Stable and Public Experimental APIs in this release. It contains curl code examples, parameter definitions, and JSON request and response bodies. For detailed curl code examples and in-depth information about methods, parameters, and API calls, see the Illumio ASP 18.2.1 REST API Developer Guide.

    README

    API Properties

    API properties (Authorization, Exposure, and Auditable) are included in each API section. API properties are also available in spreadsheet format from this download: 18.2.1 v2 Public API Properties

    Code Examples

    The $KEY and $TOKEN constants in the code examples represent authentication credentials (session and token, API key and token, or username and password as appropriate).

    Required Parameters

    Required parameters in the parameter tables have a Required field of "true*" with an orange asterisk. However, the requirements are based on nesting, so if you're not using any parameters in an indented nested block then none of the parameters in the nested block are required, even if they have an asterisk.

    If at least one of multiple parameters is required, their Required fields are "false**" with two orange asterisks, indicating that at least one of the parameters with two asterisks must be defined. For example, when creating a workload, a name and/or a hostname for the workload must be defined.

    Search

    Use the search field at the top of the left column for whole words like IP Lists.

    Use Ctrl-F to search for whole words or words joined by underscores and/or slashes like ip_lists or workloads/bulk_create.

    Agents

    Get an Agent

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/agents/{agent_id} \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/agents/{agent_id}

    Authorization: This Agent, Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    agent_id path integer true* Agent ID

    Example Response Body

    {
      "name": "string",
      "description": "string",
      "status": "string",
      "online": true,
      "mode": "idle",
      "uid": "string",
      "last_heartbeat_on": null,
      "uptime_seconds": null,
      "hostname": "string",
      "agent_version": "string",
      "public_ip": "string",
      "ip_tables_saved": null,
      "fw_rules_generation_actual": null,
      "fw_rules_generation_expected": null,
      "os_id": "string",
      "os_detail": "string",
      "log_traffic": true,
      "target_pce_fqdn": "string",
      "active_pce_fqdn": "string",
      "labels": [
        {
          "href": "string"
        }
      ],
      "visibility_level": "string"
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » name string true* The short friendly name of the agent
    » description string false The long description of the agent
    » status string true* Status of the agent
    » online boolean true* If this agent is online
    » mode string true* Agent management mode
    » uid string true* The unique ID reported by the server
    » last_heartbeat_on string,null(date-time) true* The last time (rfc3339 timestamp) a heartbeat was received from this agent
    » uptime_seconds integer,null true* How long since the last reboot of this server. Recorded in DB at the time of the last heartbeat
    » hostname string true* The hostname reported from the host itself
    » agent_version string false Agent software version string
    » public_ip string true* The public IP address of the server
    » ip_tables_saved boolean,null true* The agent was able to save IP tables
    » fw_rules_generation_actual integer,null true* Actual firewall rules generation
    » fw_rules_generation_expected integer,null true* Expected firewall rules generation
    » os_id string false Our OS identifier
    » os_detail string false Additional OS details - just displayed to end user
    » log_traffic boolean true* True if we want to log traffic events from this agent
    » target_pce_fqdn string false The FQDN of the PCE the agent will use for future connections
    » active_pce_fqdn string false The FQDN of the PCE that received the agent's last heartbeat
    » labels [object] false Assigned labels
    »» href string true* Label URI
    » visibility_level string true* Visibility level of the agent

    Enumerated Values

    Property Value
    mode idle
    mode illuminated
    mode enforced

    Update an Agent

    Example Code

    
    curl -X PUT /api/v2/orgs/{org_id}/agents/{agent_id}/update \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/orgs/{org_id}/agents/{agent_id}/update

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    {
      "target_pce_fqdn": "string"
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    agent_id path integer true* Agent ID
    body body object false No description
    » target_pce_fqdn body string false cluster FQDN for target PCE

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Create Agent Traffic Flows

    Example Code

    
    curl -X POST /api/v2/orgs/{org_id}/agents/bulk_traffic_flows -u $KEY:$TOKEN \
      -T "my_file.csv" -H "X-Bulk-Traffic-Load-CSV-Version: 1" -H "Content-Type: text/csv"
    
    

    POST /api/v2/orgs/{org_id}/agents/bulk_traffic_flows

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization

    Responses

    Status Meaning Description Schema
    201 Created Success None

    API Keys

    Get API Keys

    Example Code

    
    curl -X GET /api/v2/users/{user_id}/api_keys \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/users/{user_id}/api_keys

    Authorization: This Authenticated User

    Exposure: Public Stable

    Auditable: No

    Parameters

    Parameter In Type Required Description
    user_id path integer true* User ID

    Example Response Body

    {
      "key_id": "string",
      "auth_username": "string",
      "created_at": "2018-12-12T04:17:11Z",
      "name": "string",
      "description": "string",
      "href": "string"
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » key_id string true* The key ID
    » auth_username string true* Username required for authentication
    » created_at string(date-time) true* Timestamp when this key was first created (RFC 3339)
    » name string true* The key name - just a label to be used
    » description string false The description of the key
    » href string true* URI of the key

    Get an API Key

    Example Code

    
    curl -X GET /api/v2/users/{user_id}/api_keys/{key_id} \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/users/{user_id}/api_keys/{key_id}

    Authorization: This Authenticated User

    Exposure: Public Stable

    Auditable: No

    Parameters

    Parameter In Type Required Description
    user_id path integer true* User ID
    key_id path string true* key_id

    Example Response Body

    {
      "key_id": "string",
      "auth_username": "string",
      "created_at": "2018-12-12T04:17:11Z",
      "name": "string",
      "description": "string",
      "href": "string"
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » key_id string true* The key ID
    » auth_username string true* Username required for authentication
    » created_at string(date-time) true* Timestamp when this key was first created (RFC 3339)
    » name string true* The key name - just a label to be used
    » description string false The description of the key
    » href string true* URI of the key

    Create an API Key

    Example Code

    
    curl -X POST /api/v2/users/{user_id}/api_keys \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    POST /api/v2/users/{user_id}/api_keys

    Authorization: This Authenticated User

    Exposure: Public Stable

    Auditable: Yes

    Example Request Body

    {
      "name": "string",
      "description": "string"
    }
    

    Parameters

    Parameter In Type Required Description
    user_id path integer true* User ID
    body body object false No description
    » name body string true* The key name - just a label to be used
    » description body string false The description of the key

    Responses

    Status Meaning Description Schema
    201 Created Success None

    Update an API Key

    Example Code

    
    curl -X PUT /api/v2/users/{user_id}/api_keys/{key_id} \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/users/{user_id}/api_keys/{key_id}

    Authorization: This Authenticated User

    Exposure: Public Stable

    Auditable: Yes

    Example Request Body

    {
      "name": "string",
      "description": "string"
    }
    

    Parameters

    Parameter In Type Required Description
    user_id path integer true* User ID
    key_id path string true* key_id
    body body object false No description
    » name body string false The key name - just a label to be used
    » description body string false The description of the key

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Delete an API Key

    Example Code

    
    curl -X DELETE /api/v2/users/{user_id}/api_keys/{key_id}
      \ -u $KEY:$TOKEN
    
    

    DELETE /api/v2/users/{user_id}/api_keys/{key_id}

    Authorization: This Authenticated User

    Exposure: Public Stable

    Auditable: Yes

    Parameters

    Parameter In Type Required Description
    user_id path integer true* User ID
    key_id path string true* key_id

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Auth Security Principals

    Get Auth Security Principals

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/auth_security_principals \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/auth_security_principals

    Authorization: Global Organization Owner

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Org ID
    name query string false name of the auth_security_principal to filter on
    type query string false type (user or group) to filter on

    Example Response Body

    [
      {
        "type": "user",
        "name": "string",
        "display_name": "string",
        "href": "string"
      }
    ]
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    The list of the auth_security_principals in this org

    Name Type Required Description
    » anonymous object false No description
    »» type string true* type of the auth_security_principal
    »» name string true* name of auth_security_principal
    »» display_name string false name of auth_security_principal

    and

    Name Type Required Description
    » anonymous object false No description
    »» href string true* URI of auth_security_principal

    Enumerated Values

    Property Value
    type user
    type group

    Get an Auth Security Principal

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/auth_security_principals/{auth_security_principal_id} \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/auth_security_principals/{auth_security_principal_id}

    Authorization: Global Organization Owner

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Org ID
    auth_security_principal_id path string true* UUID of the auth_security_principal

    Example Response Body

    [
      {
        "type": "user",
        "name": "string",
        "display_name": "string",
        "href": "string"
      }
    ]
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    The list of the auth_security_principals in this org

    Name Type Required Description
    » anonymous object false No description
    »» type string true* type of the auth_security_principal
    »» name string true* name of auth_security_principal
    »» display_name string false name of auth_security_principal

    and

    Name Type Required Description
    » anonymous object false No description
    »» href string true* URI of auth_security_principal

    Enumerated Values

    Property Value
    type user
    type group

    Create an Auth Security Principal

    Example Code

    
    curl -X POST /api/v2/orgs/{org_id}/auth_security_principals \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    POST /api/v2/orgs/{org_id}/auth_security_principals

    Authorization: Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    {
      "type": "user",
      "name": "string",
      "display_name": "string"
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Org ID
    body body object false No description
    » type body string true* type of the auth_security_principal
    » name body string true* name of auth_security_principal
    » display_name body string false name of auth_security_principal

    Enumerated Values

    Parameter Value
    » type user
    » type group

    Responses

    Status Meaning Description Schema
    201 Created Success None

    Update an Auth Security Principal

    Example Code

    
    curl -X PUT /api/v2/orgs/{org_id}/auth_security_principals/{auth_security_principal_id} \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/orgs/{org_id}/auth_security_principals/{auth_security_principal_id}

    Authorization: Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    {
      "type": "user",
      "name": "string",
      "display_name": "string"
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Org ID
    auth_security_principal_id path string true* UUID of the auth_security_principal
    body body object false No description
    » type body string false type of the auth_security_principal
    » name body string false name of the auth_security_principal
    » display_name body string false display name of the auth_security_principal

    Enumerated Values

    Parameter Value
    » type user
    » type group

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Delete an Auth Security Principal

    Example Code

    
    curl -X DELETE /api/v2/orgs/{org_id}/auth_security_principals/{auth_security_principal_id}
      \ -u $KEY:$TOKEN
    
    

    DELETE /api/v2/orgs/{org_id}/auth_security_principals/{auth_security_principal_id}

    Authorization: Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Org ID
    auth_security_principal_id path string true* UUID of the auth_security_principal

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Authentication Settings

    Get Password Policy

    Example Code

    
    curl -X GET /api/v2/authentication_settings/password_policy \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/authentication_settings/password_policy

    Authorization: Global Organization Owner

    Exposure: Public Experimental

    Auditable: No

    Example Response Body

    {
      "require_type_number": true,
      "require_type_lowercase": true,
      "require_type_uppercase": true,
      "require_type_symbol": true,
      "min_characters_per_type": 0,
      "min_length": 0,
      "min_changed_characters": 0,
      "history_count": 0,
      "expire_time_days": 0,
      "session_timeout_minutes": 0,
      "updated_at": "2018-12-12T04:17:11Z",
      "updated_by": {
        "username": "string"
      }
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » require_type_number boolean true* Flag to indicate whether password must contain numerical digit
    » require_type_lowercase boolean true* Flag to indicate whether password must contain lowercase letter
    » require_type_uppercase boolean true* Flag to indicate whether password must contain uppercase letter
    » require_type_symbol boolean true* Flag to indicate whether password must contain symbol (i.e. !@#$%^&*<>?)
    » min_characters_per_type integer true* Minimum number of characters for each character type
    » min_length integer true* Minimum length of password
    » min_changed_characters integer true* Minimum number of changed characters for new passwords
    » history_count integer true* Number of old passwords to remember
    » expire_time_days integer true* Number of days password expires; a value of 0 means it never expires
    » session_timeout_minutes integer true* Number of minutes to timeout the user session without activity
    » updated_at string(date-time) true* Timestamp when password policy was last updated
    » updated_by object true* No description
    »» username string false The username which last updated this password policy

    Update Password Policy

    Example Code

    
    curl -X PUT /api/v2/authentication_settings/password_policy \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/authentication_settings/password_policy

    Authorization: Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    {
      "require_type_number": true,
      "require_type_lowercase": true,
      "require_type_uppercase": true,
      "require_type_symbol": true,
      "min_characters_per_type": 0,
      "min_length": 0,
      "min_changed_characters": 0,
      "history_count": 0,
      "expire_time_days": 0,
      "session_timeout_minutes": 0
    }
    

    Parameters

    Parameter In Type Required Description
    body body object false No description
    » require_type_number body boolean false Flag to indicate whether password must contain numerical digit
    » require_type_lowercase body boolean false Flag to indicate whether password must contain lowercase letter
    » require_type_uppercase body boolean false Flag to indicate whether password must contain uppercase letter
    » require_type_symbol body boolean false Flag to indicate whether password must contain symbol (i.e. !@#$%^&*<>?)
    » min_characters_per_type body integer false Minimum number of characters for each character type
    » min_length body integer false Minimum length of password
    » min_changed_characters body integer false Minimum number of changed characters for new passwords
    » history_count body integer false Number of old passwords to remember
    » expire_time_days body integer false Number of days password expires; a value of 0 means it never expires
    » session_timeout_minutes body integer false Number of minutes to timeout the user session without activity

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Get SSO Configuration

    Example Code

    
    curl -X GET /api/v2/authentication_settings \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/authentication_settings

    Authorization: Global Organization Owner

    Exposure: Public Experimental

    Auditable: No

    Example Response Body

    {
      "authentication_type": "string",
      "radius_configs": [
        {
          "href": "string",
          "name": "string",
          "address": "string",
          "port": 0,
          "authentication_method": "string",
          "request_timeout_seconds": 1,
          "num_retries": 1,
          "priority": 1,
          "created_at": "2018-12-12T04:17:11Z",
          "updated_at": "2018-12-12T04:17:11Z",
          "created_by": {
            "username": "string"
          },
          "updated_by": {
            "username": "string"
          }
        }
      ],
      "saml_configs": [
        {
          "href": "string",
          "cluster_fqdn": "string",
          "idp_sso_target_url": "string",
          "idp_slo_target_url": "string",
          "idp_cert": "string",
          "issuer": "string",
          "consumer_service_url": "string",
          "consumer_logout_url": "string",
          "name_identifier_format": "string",
          "authn_context": "string",
          "force_authn": true,
          "created_at": "2018-12-12T04:17:11Z",
          "updated_at": "2018-12-12T04:17:11Z",
          "created_by": {
            "username": "string"
          },
          "updated_by": {
            "username": "string"
          }
        }
      ],
      "password_policy": {
        "require_type_number": true,
        "require_type_lowercase": true,
        "require_type_uppercase": true,
        "require_type_symbol": true,
        "min_characters_per_type": 0,
        "min_length": 0,
        "min_changed_characters": 0,
        "history_count": 0,
        "expire_time_days": 0,
        "session_timeout_minutes": 0,
        "updated_at": "2018-12-12T04:17:11Z",
        "updated_by": {
          "username": "string"
        }
      }
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » authentication_type string true* Authentication types
    » radius_configs [object] false A list of RADIUS configurations
    »» href string true* RADIUS config URI
    »» name string true* Friendly name of the RADIUS server
    »» address string true* IP address or host name of the RADIUS server
    »» port integer true* Port number of the RADIUS server
    »» authentication_method string true* Authentication types
    »» request_timeout_seconds integer true* Number of seconds to wait for response
    »» num_retries integer true* Number of times to re-send to RADIUS server
    »» priority integer true* Priority specifies the order of importance of the RADIUS server
    »» created_at string(date-time) true* Timestamp when RADIUS configuration was first created
    »» updated_at string(date-time) true* Timestamp when RADIUS configuration was last updated
    »» created_by object true* No description
    »»» username string false The username which created this RADIUS configuration
    »» updated_by object true* No description
    »»» username string false The username which last updated this RADIUS configuration
    »» saml_configs [object] false A list of SAML IdP configurations
    »»» href string true* SAML config URI
    »»» cluster_fqdn string true* The FQDN of the PCE cluster
    »»» idp_sso_target_url string true* The identity provider URL to which the authentication request should be sent
    »»» idp_slo_target_url string true* The identity provider URL to which the logout request should be sent
    »»» idp_cert string true* The certificate provided from the identity provider when setting up the relationship
    »»» issuer string true* The URL for the Illumio login server. Some identity providers might need this to establish the identity of the service provider requesting authentication.
    »»» consumer_service_url string true* The Illumio login server URL at which the SAML authentication assertion should be received
    »»» consumer_logout_url string true* The Illumio login server URL at which the SAML logout assertion should be received
    »»» name_identifier_format string false Describes the format of the username required by the Illumio login server
    »»» authn_context string true* The URI of the authentication context class you want the identity provider to use to authenticate user, with possible values being NULL (unspecified) or urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
    »»» force_authn boolean true* Defines whether or not the identity provider should force re-authentication of the user, even if the user has still a valid session
    »»» created_at string(date-time) true* Timestamp when SAML configuration was first created
    »»» updated_at string(date-time) true* Timestamp when SAML configuration was last updated
    »»» created_by object true* No description
    »»»» username string false The username which created this SAML configuration
    »»» updated_by object true* No description
    »»»» username string false The username which last updated this SAML configuration
    »»» password_policy object false No description
    »»»» require_type_number boolean true* Flag to indicate whether password must contain numerical digit
    »»»» require_type_lowercase boolean true* Flag to indicate whether password must contain lowercase letter
    »»»» require_type_uppercase boolean true* Flag to indicate whether password must contain uppercase letter
    »»»» require_type_symbol boolean true* Flag to indicate whether password must contain symbol (i.e. !@#$%^&*<>?)
    »»»» min_characters_per_type integer true* Minimum number of characters for each character type
    »»»» min_length integer true* Minimum length of password
    »»»» min_changed_characters integer true* Minimum number of changed characters for new passwords
    »»»» history_count integer true* Number of old passwords to remember
    »»»» expire_time_days integer true* Number of days password expires; a value of 0 means it never expires
    »»»» session_timeout_minutes integer true* Number of minutes to timeout the user session without activity
    »»»» updated_at string(date-time) true* Timestamp when password policy was last updated
    »»»» updated_by object true* No description
    »»»»» username string false The username which last updated this password policy

    Update SSO Configuration

    Example Code

    
    curl -X PUT /api/v2/authentication_settings \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/authentication_settings

    Authorization: Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    {
      "authentication_type": "Local"
    }
    

    Parameters

    Parameter In Type Required Description
    body body object false No description
    » authentication_type body string true* Authentication types

    Enumerated Values

    Parameter Value
    » authentication_type Local
    » authentication_type SAML
    » authentication_type RADIUS

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Blocked Traffic Flows

    Get Blocked Traffic

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/blocked_traffic \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/blocked_traffic

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    max_results query integer false Maximum number of results to return (default 500, maximum 10000)

    Example Response Body

    {
      "blocked_traffic": [
        {
          "flow_status": "string",
          "destination": {
            "ip_address": "string",
            "workloads": [
              {
                "name": "string",
                "href": "string",
                "mode": "string",
                "agent": {
                  "href": "string",
                  "config": {
                    "log_traffic": true,
                    "mode": "string"
                  }
                }
              }
            ],
            "ip_lists": [
              {
                "name": "string",
                "href": "string"
              }
            ],
            "virtual_servers": [
              {
                "name": "string",
                "href": "string"
              }
            ]
          },
          "port": 0,
          "protocol": 0,
          "service": "string",
          "service_name": "string",
          "process_name": "string",
          "total_flows": 0,
          "href": "string",
          "last_occurred_at": "string",
          "source": {
            "ip_address": "string",
            "workloads": [
              {
                "name": "string",
                "href": "string",
                "mode": "string",
                "agent": {
                  "href": "string",
                  "config": {
                    "log_traffic": true,
                    "mode": "string"
                  }
                }
              }
            ],
            "ip_lists": [
              {
                "name": "string",
                "href": "string"
              }
            ],
            "virtual_servers": [
              {
                "name": "string",
                "href": "string"
              }
            ]
          }
        }
      ]
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » blocked_traffic [object] true* List of blocked (or) potentially blocked traffic entities
    »» flow_status string true* The status of the flow in terms of whether it was allowed or blocked
    »» destination object true* No description
    »»» ip_address string false The ip address of the endpoint
    »»» workloads [object] false List of workloads
    »»»» name string false Name of the workload
    »»»» href string true* The resource(URI) representation of the workload
    »»»» mode string true* DEPRECATED AND REPLACED (USE agent.config.mode INSTEAD)
    »»»» agent object true* No description
    »»»»» href string false The resource(URI) representation of the agent
    »»»»» config object true* No description
    »»»»»» log_traffic boolean true* True if we want to log traffic events from this workload
    »»»»»» mode string true* Is this node in illuminated/enforced mode
    »»»»» ip_lists [object] false List of iplist entities
    »»»»»» name string false Name of the iplist
    »»»»»» href string true* The resource(URI) representation of the iplist
    »»»»» virtual_servers [object] false List of virtual servers matching the IP
    »»»»»» name string false Name of the virtual server
    »»»»»» href string true* The resource(URI) representation of the virtual server
    »»»»» port integer true* The destination port
    »»»»» protocol integer true* The protocol
    »»»»» service string false The service name configured for the port/protocol on the destination end point
    »»»»» service_name string false The service name identified by VEN
    »»»»» process_name string false The process name identified by VEN
    »»»»» total_flows integer true* Number of times this flow has been seen with current enforcement
    »»»»» href string true* The resource(URI) representation of the entity
    »»»»» last_occurred_at string true* The last time this blocked traffic was detected
    »»»»» source object true* No description
    »»»»»» ip_address string false The ip address of the endpoint
    »»»»»» workloads [object] false List of workloads
    »»»»»»» name string false Name of the workload
    »»»»»»» href string true* The resource(URI) representation of the workload
    »»»»»»» mode string true* DEPRECATED AND REPLACED (USE agent.config.mode INSTEAD)
    »»»»»»» agent object true* No description
    »»»»»»»» href string false The resource(URI) representation of the agent
    »»»»»»»» config object true* No description
    »»»»»»»»» log_traffic boolean true* True if we want to log traffic events from this workload
    »»»»»»»»» mode string true* Is this node in illuminated/enforced mode
    »»»»»»»» ip_lists [object] false List of iplist entities
    »»»»»»»»» name string false Name of the iplist
    »»»»»»»»» href string true* The resource(URI) representation of the iplist
    »»»»»»»» virtual_servers [object] false List of virtual servers matching the IP
    »»»»»»»»» name string false Name of the virtual server
    »»»»»»»»» href string true* The resource(URI) representation of the virtual server

    Get a Blocked Traffic Flow

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/blocked_traffic/{uuid} \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/blocked_traffic/{uuid}

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    uuid path string true* Blocked Traffic UUID

    Example Response Body

    {
      "blocked_traffic": [
        {
          "flow_status": "string",
          "destination": {
            "ip_address": "string",
            "workloads": [
              {
                "name": "string",
                "href": "string",
                "mode": "string",
                "agent": {
                  "href": "string",
                  "config": {
                    "log_traffic": true,
                    "mode": "string"
                  }
                }
              }
            ],
            "ip_lists": [
              {
                "name": "string",
                "href": "string"
              }
            ],
            "virtual_servers": [
              {
                "name": "string",
                "href": "string"
              }
            ]
          },
          "port": 0,
          "protocol": 0,
          "service": "string",
          "service_name": "string",
          "process_name": "string",
          "total_flows": 0,
          "href": "string",
          "last_occurred_at": "string",
          "source": {
            "ip_address": "string",
            "workloads": [
              {
                "name": "string",
                "href": "string",
                "mode": "string",
                "agent": {
                  "href": "string",
                  "config": {
                    "log_traffic": true,
                    "mode": "string"
                  }
                }
              }
            ],
            "ip_lists": [
              {
                "name": "string",
                "href": "string"
              }
            ],
            "virtual_servers": [
              {
                "name": "string",
                "href": "string"
              }
            ]
          }
        }
      ]
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » blocked_traffic [object] true* List of blocked (or) potentially blocked traffic entities
    »» flow_status string true* The status of the flow in terms of whether it was allowed or blocked
    »» destination object true* No description
    »»» ip_address string false The ip address of the endpoint
    »»» workloads [object] false List of workloads
    »»»» name string false Name of the workload
    »»»» href string true* The resource(URI) representation of the workload
    »»»» mode string true* DEPRECATED AND REPLACED (USE agent.config.mode INSTEAD)
    »»»» agent object true* No description
    »»»»» href string false The resource(URI) representation of the agent
    »»»»» config object true* No description
    »»»»»» log_traffic boolean true* True if we want to log traffic events from this workload
    »»»»»» mode string true* Is this node in illuminated/enforced mode
    »»»»» ip_lists [object] false List of iplist entities
    »»»»»» name string false Name of the iplist
    »»»»»» href string true* The resource(URI) representation of the iplist
    »»»»» virtual_servers [object] false List of virtual servers matching the IP
    »»»»»» name string false Name of the virtual server
    »»»»»» href string true* The resource(URI) representation of the virtual server
    »»»»» port integer true* The destination port
    »»»»» protocol integer true* The protocol
    »»»»» service string false The service name configured for the port/protocol on the destination end point
    »»»»» service_name string false The service name identified by VEN
    »»»»» process_name string false The process name identified by VEN
    »»»»» total_flows integer true* Number of times this flow has been seen with current enforcement
    »»»»» href string true* The resource(URI) representation of the entity
    »»»»» last_occurred_at string true* The last time this blocked traffic was detected
    »»»»» source object true* No description
    »»»»»» ip_address string false The ip address of the endpoint
    »»»»»» workloads [object] false List of workloads
    »»»»»»» name string false Name of the workload
    »»»»»»» href string true* The resource(URI) representation of the workload
    »»»»»»» mode string true* DEPRECATED AND REPLACED (USE agent.config.mode INSTEAD)
    »»»»»»» agent object true* No description
    »»»»»»»» href string false The resource(URI) representation of the agent
    »»»»»»»» config object true* No description
    »»»»»»»»» log_traffic boolean true* True if we want to log traffic events from this workload
    »»»»»»»»» mode string true* Is this node in illuminated/enforced mode
    »»»»»»»» ip_lists [object] false List of iplist entities
    »»»»»»»»» name string false Name of the iplist
    »»»»»»»»» href string true* The resource(URI) representation of the iplist
    »»»»»»»» virtual_servers [object] false List of virtual servers matching the IP
    »»»»»»»»» name string false Name of the virtual server
    »»»»»»»»» href string true* The resource(URI) representation of the virtual server

    Get Blocked Traffic Query Results

    Example Code

    
    curl -X POST /api/v2/orgs/{org_id}/blocked_traffic/queries \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    POST /api/v2/orgs/{org_id}/blocked_traffic/queries

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Experimental

    Auditable: No

    Example Request Body

    {
      "max_results": 0,
      "workload_filters": {
        "labels": [
          "string"
        ],
        "hrefs": [
          "string"
        ]
      },
      "flow_status": "blocked"
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    body body object false No description
    » max_results body integer false Maximum number of results to return (matching the criteria)
    » workload_filters body object false Workload based filters. The response is an intersection of all the filter parameters.
    »» labels body [string] false List of workload labels to filter on. All the labels should match for the workload
    »» hrefs body [string] false Workload hrefs to be filtered on
    » flow_status body string false The flow type filter

    Enumerated Values

    Parameter Value
    » flow_status blocked
    » flow_status potentially_blocked

    Responses

    Status Meaning Description Schema
    201 Created Success None

    Delete a Traffic Flow

    Example Code

    
    curl -X PUT /api/v2/orgs/{org_id}/blocked_traffic/delete \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/orgs/{org_id}/blocked_traffic/delete

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    {
      "blocked_traffic": [
        {
          "href": "string"
        }
      ]
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    body body object false No description
    » blocked_traffic body [object] true* hrefs of the blocked_traffic entities to delete
    »» href body string true* The resource(URI) representation of the virtual server

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Delete a Blocked Traffic Flow

    Example Code

    
    curl -X DELETE /api/v2/orgs/{org_id}/blocked_traffic/{uuid}
      \ -u $KEY:$TOKEN
    
    

    DELETE /api/v2/orgs/{org_id}/blocked_traffic/{uuid}

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    uuid path string true* Blocked Traffic UUID

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Datafiles

    Get Job Results

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/datafiles/{uuid}
      -u $KEY:$TOKEN -H 'Accept: application/json'
    

    GET /api/v2/orgs/{org_id}/datafiles/{uuid}

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    uuid path string true* uuid of file resource

    Responses

    Status Meaning Description Schema
    200 OK Success None

    Events

    Get Events

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/events \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/events

    Authorization: Global Administrator, Global Organization Owner, Global Read Only, System Administrator

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    created_by query string false User, agent, or system that created the event
    event_type query string false Type of event
    max_results query integer false Maximum number of results to return
    severity query string false Severity of event
    status query string false Status of event
    timestamp[gte] query string false Earliest event date to return (RFC 3339 format)
    timestamp[lte] query string false Latest event date to return (RFC 3339 format)

    Enumerated Values

    Parameter Value
    severity emerg
    severity alert
    severity crit
    severity warning
    severity err
    severity notice
    severity info
    severity debug
    status success
    status failure

    Example Response Body

    {
      "href": "string",
      "org_id": 0,
      "version": "string",
      "event_id": "string",
      "event_type": "string",
      "status": "string",
      "severity": "string",
      "timestamp": "2018-12-12T04:17:11Z",
      "pce_fqdn": "string",
      "created_by": null,
      "action": {
        "href": "string",
        "event": "string",
        "timestamp": "2018-12-12T04:17:11Z",
        "pce_fqdn": "string",
        "created_by": null,
        "event_type": "string",
        "status": "string",
        "severity": "string",
        "task_name": "string",
        "api_endpoint": "string",
        "api_method": "string",
        "http_status_code": 0,
        "src_ip": "string",
        "errors": [
          {
            "token": "string",
            "message": "string"
          }
        ],
        "info": {}
      },
      "resource_changes": [
        {
          "href": "string",
          "version": "string",
          "org_id": 0,
          "uuid": "string",
          "event": "string",
          "timestamp": "2018-12-12T04:17:11Z",
          "pce_fqdn": "string",
          "created_by": null,
          "resource": null,
          "changes": {},
          "change_type": "string"
        }
      ],
      "notifications": [
        {
          "href": "string",
          "event": "string",
          "timestamp": "2018-12-12T04:17:11Z",
          "pce_fqdn": "string",
          "created_by": null,
          "notification_type": "string",
          "severity": "emerg",
          "info": {}
        }
      ]
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string false Unique href for this event, which can be used for event lookup via the events API
    » org_id integer false org_id for this event.
    » version string false The event version of this event for the category it falls under
    » event_id string false Unique request/transaction identifier of the API request / context from which this event was generated
    » event_type string true* Event name that clearly describes the event
    » status string true* Status of the event; usually a mapping of api_status_code to a generic result string; 'noop' if no action. For presentation purposes only.
    » severity string true* This event's level of importance
    » timestamp string(date-time) true* RFC 3339 timestamp at which this event was originally created
    » pce_fqdn string true* Fully qualified domain name of the PCE, where this event originated
    » created_by object true* The entity responsible for the creation of this event

    oneOf

    Name Type Required Description
    »» anonymous any false No description

    xor

    Name Type Required Description
    »» anonymous any false No description

    xor

    Name Type Required Description
    »» anonymous any false No description

    continued

    Name Type Required Description
    » action object false No description
    »» href string false Unique href for this action log event, which can be used for event lookup via the events API
    »» event string false Correlation href identifying the API request / context from which events originated
    »» timestamp string(date-time) false RFC 3339 timestamp at which this event was originally created
    »» pce_fqdn string false Fully qualified domain name of the PCE, where this event originated
    »» created_by object false The entity responsible for the creation of this event

    oneOf

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    continued

    Name Type Required Description
    »» event_type string false Event name that clearly describes the action log event
    »» status string false Status of the event; usually a mapping of api_status_code to a generic result string. For presentation purposes only.
    »» severity string false This event's level of importance
    »» task_name string false The name of the timed worker job from which this event originated
    »» api_endpoint string false URI of the API invoked
    »» api_method string false Name of API method invoked on some target resource(s)
    »» http_status_code integer false HTTP status code returned from the API call.
    »» src_ip string false Source IP of the request for which the event was generated. If the request is coming from the PCE itself, then we should log the IP of the PCE.
    »» errors [object] false Extra information regarding the reason for failure. This property is only for failure events and will not appear in successful events
    »»» token string false Machine readable error message
    »»» message string false Human readable error message
    »» info object false Extra information about the action log event in json format
    » resource_changes [object] false Array of resource log events that were generated during this event
    »» href string false Unique href for this resource log event, which can be used for event lookup via the events API
    »» version string false The event version of this event for the category it falls under
    »» org_id integer false org_id for this event.
    »» uuid string false Unique identifier for this event.
    »» event string false Correlation href identifying the API request / context from which events originated
    »» timestamp string(date-time) false RFC 3339 timestamp at which this event was originally created
    »» pce_fqdn string false Fully qualified domain name of the PCE, where this event originated
    »» created_by object false The entity responsible for the creation of this event

    oneOf

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    continued

    Name Type Required Description
    »» resource object true* Canonical representations of a resource

    oneOf

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    continued

    Name Type Required Description
    »» changes object false Properties of the resource that were changed as a result of the event, with their updated values
    »» change_type string true* Type of change, which occurred for this resource(s)
    » notifications [object] false Array of notification log events that were generated during this event
    »» href string false Unique href for this notification log event, which can be used for event lookup via the events API
    »» event string false Correlation href identifying the API request / context from which events originated
    »» timestamp string(date-time) false RFC 3339 timestamp at which this event was originally created
    »» pce_fqdn string false Fully qualified domain name of the PCE, where this event originated
    »» created_by object false The entity responsible for the creation of this event

    oneOf

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    continued

    Name Type Required Description
    »» notification_type string false Notification name that clearly describes the notification log event
    »» severity string false This event's level of importance
    »» info object false Extra information about the notification in json format

    Enumerated Values

    Property Value
    severity emerg
    severity alert
    severity crit
    severity err
    severity warning
    severity notice
    severity info
    severity debug

    Get an Event

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/events/{composite_log_event_id} \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/events/{composite_log_event_id}

    Authorization: Global Administrator, Global Organization Owner, Global Read Only, System Administrator

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    composite_log_event_id path string true* UUID of event to return

    Example Response Body

    {
      "href": "string",
      "org_id": 0,
      "version": "string",
      "event_id": "string",
      "event_type": "string",
      "status": "string",
      "severity": "string",
      "timestamp": "2018-12-12T04:17:11Z",
      "pce_fqdn": "string",
      "created_by": null,
      "action": {
        "href": "string",
        "event": "string",
        "timestamp": "2018-12-12T04:17:11Z",
        "pce_fqdn": "string",
        "created_by": null,
        "event_type": "string",
        "status": "string",
        "severity": "string",
        "task_name": "string",
        "api_endpoint": "string",
        "api_method": "string",
        "http_status_code": 0,
        "src_ip": "string",
        "errors": [
          {
            "token": "string",
            "message": "string"
          }
        ],
        "info": {}
      },
      "resource_changes": [
        {
          "href": "string",
          "version": "string",
          "org_id": 0,
          "uuid": "string",
          "event": "string",
          "timestamp": "2018-12-12T04:17:11Z",
          "pce_fqdn": "string",
          "created_by": null,
          "resource": null,
          "changes": {},
          "change_type": "string"
        }
      ],
      "notifications": [
        {
          "href": "string",
          "event": "string",
          "timestamp": "2018-12-12T04:17:11Z",
          "pce_fqdn": "string",
          "created_by": null,
          "notification_type": "string",
          "severity": "emerg",
          "info": {}
        }
      ]
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string false Unique href for this event, which can be used for event lookup via the events API
    » org_id integer false org_id for this event.
    » version string false The event version of this event for the category it falls under
    » event_id string false Unique request/transaction identifier of the API request / context from which this event was generated
    » event_type string true* Event name that clearly describes the event
    » status string true* Status of the event; usually a mapping of api_status_code to a generic result string; 'noop' if no action. For presentation purposes only.
    » severity string true* This event's level of importance
    » timestamp string(date-time) true* RFC 3339 timestamp at which this event was originally created
    » pce_fqdn string true* Fully qualified domain name of the PCE, where this event originated
    » created_by object true* The entity responsible for the creation of this event

    oneOf

    Name Type Required Description
    »» anonymous any false No description

    xor

    Name Type Required Description
    »» anonymous any false No description

    xor

    Name Type Required Description
    »» anonymous any false No description

    continued

    Name Type Required Description
    » action object false No description
    »» href string false Unique href for this action log event, which can be used for event lookup via the events API
    »» event string false Correlation href identifying the API request / context from which events originated
    »» timestamp string(date-time) false RFC 3339 timestamp at which this event was originally created
    »» pce_fqdn string false Fully qualified domain name of the PCE, where this event originated
    »» created_by object false The entity responsible for the creation of this event

    oneOf

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    continued

    Name Type Required Description
    »» event_type string false Event name that clearly describes the action log event
    »» status string false Status of the event; usually a mapping of api_status_code to a generic result string. For presentation purposes only.
    »» severity string false This event's level of importance
    »» task_name string false The name of the timed worker job from which this event originated
    »» api_endpoint string false URI of the API invoked
    »» api_method string false Name of API method invoked on some target resource(s)
    »» http_status_code integer false HTTP status code returned from the API call.
    »» src_ip string false Source IP of the request for which the event was generated. If the request is coming from the PCE itself, then we should log the IP of the PCE.
    »» errors [object] false Extra information regarding the reason for failure. This property is only for failure events and will not appear in successful events
    »»» token string false Machine readable error message
    »»» message string false Human readable error message
    »» info object false Extra information about the action log event in json format
    » resource_changes [object] false Array of resource log events that were generated during this event
    »» href string false Unique href for this resource log event, which can be used for event lookup via the events API
    »» version string false The event version of this event for the category it falls under
    »» org_id integer false org_id for this event.
    »» uuid string false Unique identifier for this event.
    »» event string false Correlation href identifying the API request / context from which events originated
    »» timestamp string(date-time) false RFC 3339 timestamp at which this event was originally created
    »» pce_fqdn string false Fully qualified domain name of the PCE, where this event originated
    »» created_by object false The entity responsible for the creation of this event

    oneOf

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    continued

    Name Type Required Description
    »» resource object true* Canonical representations of a resource

    oneOf

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    continued

    Name Type Required Description
    »» changes object false Properties of the resource that were changed as a result of the event, with their updated values
    »» change_type string true* Type of change, which occurred for this resource(s)
    » notifications [object] false Array of notification log events that were generated during this event
    »» href string false Unique href for this notification log event, which can be used for event lookup via the events API
    »» event string false Correlation href identifying the API request / context from which events originated
    »» timestamp string(date-time) false RFC 3339 timestamp at which this event was originally created
    »» pce_fqdn string false Fully qualified domain name of the PCE, where this event originated
    »» created_by object false The entity responsible for the creation of this event

    oneOf

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    continued

    Name Type Required Description
    »» notification_type string false Notification name that clearly describes the notification log event
    »» severity string false This event's level of importance
    »» info object false Extra information about the notification in json format

    Enumerated Values

    Property Value
    severity emerg
    severity alert
    severity crit
    severity err
    severity warning
    severity notice
    severity info
    severity debug

    Explorer

    Get Blocked Traffic

    Example Code

    
    curl -X POST /api/v2/orgs/{org_id}/traffic_flows/traffic_analysis_queries \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    POST /api/v2/orgs/{org_id}/traffic_flows/traffic_analysis_queries

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Experimental

    Auditable: No

    Example Request Body

    {
      "start_date": "2018-12-12",
      "end_date": "2018-12-12",
      "sources": {
        "include": [
          [
            {
              "label": {
                "href": "string"
              }
            }
          ]
        ],
        "exclude": [
          {
            "label": {
              "href": "string"
            }
          }
        ]
      },
      "destinations": {
        "include": [
          [
            {
              "label": {
                "href": "string"
              }
            }
          ]
        ],
        "exclude": [
          {
            "label": {
              "href": "string"
            }
          }
        ]
      },
      "services": {
        "include": [
          {
            "port": 0,
            "to_port": 0,
            "proto": 0,
            "process_name": "string",
            "windows_service_name": "string"
          }
        ],
        "exclude": [
          {
            "port": 0,
            "to_port": 0,
            "proto": 0,
            "process_name": "string",
            "windows_service_name": "string"
          }
        ]
      },
      "policy_decisions": [
        "allowed"
      ],
      "max_results": 0
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    body body object false No description
    » start_date body string(date) false Starting date for query
    » end_date body string(date) false Ending date for query
    » sources body object true* Source labels, workloads, IP addresses to include or exclude
    »» include body [array] true* List of included sources or targets
    »»» anonymous body object false A label parameter for a traffic query
    »»»» label body object true* No description
    »»»»» href body string true* Label URI
    »»»» anonymous body object false A workload parameter for a traffic query
    »»»»» workload body object true* No description
    »»»»»» href body string true* Workload URI
    »»»»» anonymous body object false An IP address parameter for a traffic query
    »»»»»» ip_address body object true* No description
    »»»»»»» value body string true* IP address value
    »»»»»» exclude body [anyOf] true* List of excluded sources or targets
    »»»»»»» anonymous body object false A label parameter for a traffic query
    »»»»»»»» label body object true* No description
    »»»»»»»»» href body string true* Label URI
    »»»»»»»» anonymous body object false A workload parameter for a traffic query
    »»»»»»»»» workload body object true* No description
    »»»»»»»»»» href body string true* Workload URI
    »»»»»»»»» anonymous body object false An IP address parameter for a traffic query
    »»»»»»»»»» ip_address body object true* No description
    »»»»»»»»»»» value body string true* IP address value
    »»»»»»»»»» destinations body object true* Target labels, workloads, IP addresses to include or exclude
    »»»»»»»»»»» include body [array] true* List of included sources or targets
    »»»»»»»»»»»» anonymous body object false A label parameter for a traffic query
    »»»»»»»»»»»»» label body object true* No description
    »»»»»»»»»»»»»» href body string true* Label URI
    »»»»»»»»»»»»» anonymous body object false A workload parameter for a traffic query
    »»»»»»»»»»»»»» workload body object true* No description
    »»»»»»»»»»»»»»» href body string true* Workload URI
    »»»»»»»»»»»»»» anonymous body object false An IP address parameter for a traffic query
    »»»»»»»»»»»»»»» ip_address body object true* No description
    »»»»»»»»»»»»»»»» value body string true* IP address value
    »»»»»»»»»»»»»»» exclude body [anyOf] true* List of excluded sources or targets
    »»»»»»»»»»»»»»»» anonymous body object false A label parameter for a traffic query
    »»»»»»»»»»»»»»»»» label body object true* No description
    »»»»»»»»»»»»»»»»»» href body string true* Label URI
    »»»»»»»»»»»»»»»»» anonymous body object false A workload parameter for a traffic query
    »»»»»»»»»»»»»»»»»» workload body object true* No description
    »»»»»»»»»»»»»»»»»»» href body string true* Workload URI
    »»»»»»»»»»»»»»»»»» anonymous body object false An IP address parameter for a traffic query
    »»»»»»»»»»»»»»»»»»» ip_address body object true* No description
    »»»»»»»»»»»»»»»»»»»» value body string true* IP address value
    »»»»»»»»»»»»»»»»»»» services body object true* Services (5-tuple of port/to_port/proto/process/service) to include or exclude
    »»»»»»»»»»»»»»»»»»»» include body [object] true* List of included services (5-tuple of port/to_port/proto/process/service)
    »»»»»»»»»»»»»»»»»»»»» port body integer false Port Number (integer 0-65535). Also the starting port when specifying a range.
    »»»»»»»»»»»»»»»»»»»»» to_port body integer false High end of port range inclusive if specifying a range. If not specifying a range then don't send this.
    »»»»»»»»»»»»»»»»»»»»» proto body integer false protocol number
    »»»»»»»»»»»»»»»»»»»»» process_name body string false Process Name
    »»»»»»»»»»»»»»»»»»»»» windows_service_name body string false Windows Service Name
    »»»»»»»»»»»»»»»»»»»» exclude body [object] true* List of excluded services (5-tuple of port/to_port/proto/process/service)
    »»»»»»»»»»»»»»»»»»»»» port body integer false Port Number (integer 0-65535). Also the starting port when specifying a range.
    »»»»»»»»»»»»»»»»»»»»» to_port body integer false High end of port range inclusive if specifying a range. If not specifying a range then don't send this.
    »»»»»»»»»»»»»»»»»»»»» proto body integer false protocol number
    »»»»»»»»»»»»»»»»»»»»» process_name body string false Process Name
    »»»»»»»»»»»»»»»»»»»»» windows_service_name body string false Windows Service Name
    »»»»»»»»»»»»»»»»»»»» policy_decisions body [string] true* List of policy decisions
    »»»»»»»»»»»»»»»»»»»» max_results body integer false maximum number of flows to return

    Enumerated Values

    Parameter Value
    »»»»»»»»»»»»»»»»»»»» policy_decisions allowed
    »»»»»»»»»»»»»»»»»»»» policy_decisions potentially_blocked
    »»»»»»»»»»»»»»»»»»»» policy_decisions blocked

    Responses

    Status Meaning Description Schema
    201 Created Success None

    Firewall Settings

    Get Firewall Policies

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/firewall_settings \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/firewall_settings

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version

    Example Response Body

    {
      "allow_dhcp_client": true,
      "log_dropped_broadcast": true,
      "log_dropped_multicast": true,
      "allow_traceroute": true,
      "allow_ipv6": true,
      "network_detection_mode": "string",
      "static_policy_scopes": [
        [
          {
            "label": {
              "href": "string"
            },
            "label_group": {
              "href": "string"
            }
          }
        ]
      ],
      "secure_connect_certs": null,
      "created_at": "2018-12-12T04:17:11Z",
      "updated_at": "2018-12-12T04:17:11Z",
      "deleted_at": "2018-12-12T04:17:11Z",
      "created_by": {
        "href": "string"
      },
      "updated_by": {
        "href": "string"
      },
      "deleted_by": {
        "href": "string"
      },
      "update_type": "string"
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » allow_dhcp_client boolean true* Allow all outbound DHCP client traffic
    » log_dropped_broadcast boolean true* Log dropped layer 2 broadcast traffic
    » log_dropped_multicast boolean true* Log dropped layer 2 multicast traffic
    » allow_traceroute boolean true* Allow the traceroute command
    » allow_ipv6 boolean false Allow IPv6
    » network_detection_mode string false Network Detection Mode
    » static_policy_scopes [array] false Rule set scopes
    »» label object false No description
    »»» href string true* Label URI
    »» label_group object false No description
    »»» href string true* Label group URI
    »» secure_connect_certs object,null false No description
    »»» default_issuer_name_match string true* No description
    »» created_at string(date-time) false Time stamp when these firewall settings were first created
    »» updated_at string(date-time) false Time stamp when these firewall settings were last updated
    »» deleted_at string(date-time) false Time stamp when these firewall settings were deleted
    »» created_by object false No description
    »»» href string true* User who originally created these firewall settings
    »» updated_by object false No description
    »»» href string true* User who last updated these firewall settings
    »» deleted_by object false No description
    »»» href string true* User who deleted these firewall settings
    »» update_type string true* Type of update

    Update Firewall Policies

    Example Code

    
    curl -X PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/firewall_settings \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/firewall_settings

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    {
      "allow_dhcp_client": true,
      "log_dropped_broadcast": true,
      "log_dropped_multicast": true,
      "allow_traceroute": true,
      "allow_ipv6": true,
      "update_type": "create",
      "network_detection_mode": "disabled",
      "static_policy_scopes": [
        [
          {
            "label": {
              "href": "string"
            },
            "label_group": {
              "href": "string"
            }
          }
        ]
      ],
      "secure_connect_certs": null
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    body body object false No description
    » allow_dhcp_client body boolean false Allow all outbound DHCP client traffic
    » log_dropped_broadcast body boolean false Log dropped layer 2 broadcast traffic
    » log_dropped_multicast body boolean false Log dropped layer 2 multicast traffic
    » allow_traceroute body boolean false Allow the traceroute command
    » allow_ipv6 body boolean false Allow IPv6
    » update_type body string false Type of update
    » network_detection_mode body string false Network Detection Mode
    » static_policy_scopes body [array] false Rule set scopes
    »» label body object false No description
    »»» href body string true* Label URI
    »» label_group body object false No description
    »»» href body string true* Label group URI
    »» secure_connect_certs body object,null false No description
    »»» default_issuer_name_match body string true* No description

    Enumerated Values

    Parameter Value
    » update_type create
    » update_type update
    » update_type delete
    » network_detection_mode disabled
    » network_detection_mode single_private_brn
    » network_detection_mode strict_brn
    » network_detection_mode cloud_private_brn
    » network_detection_mode single_brn

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Health

    Get Health

    Example Code

    
    curl -X GET /api/v2/health \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/health

    Authorization: Any Authenticated User

    Exposure: Public Experimental

    Auditable: No

    Example Response Body

    {
      "status": "string",
      "type": "string",
      "fqdn": "string",
      "available_seconds": 0,
      "notifications": [
        {
          "status": "string",
          "token": "string",
          "message": "string"
        }
      ],
      "listen_only_mode_enabled_at": null,
      "upgrade_pending": true,
      "nodes": [
        {
          "hostname": null,
          "ip_address": null,
          "type": null,
          "runlevel": null,
          "uptime_seconds": null,
          "cpu": {
            "status": "normal",
            "percent": 0
          },
          "disk": [
            {
              "location": "string",
              "value": {
                "status": "normal",
                "percent": 0
              }
            }
          ],
          "memory": {
            "status": "normal",
            "percent": 0
          },
          "services": {
            "status": "string",
            "running": [
              "string"
            ],
            "not_running": [
              "string"
            ],
            "partial": [
              "string"
            ],
            "optional": [
              "string"
            ],
            "unknown": [
              "string"
            ]
          },
          "generated_at": null
        }
      ],
      "network": {
        "replication": [
          {
            "type": "string",
            "details": {
              "database_name": "string",
              "master_fqdn": "string"
            },
            "value": {
              "status": "string",
              "lag_seconds": 0
            }
          }
        ],
        "illumination_sync": [
          {
            "fqdn": "string",
            "org_id": 0,
            "last_succeeded_at": null,
            "last_failed_at": null
          }
        ]
      },
      "generated_at": null
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Health information of PCE Cluster and its nodes

    Name Type Required Description
    » status string false Overall health status of the PCE
    » type string false Type of the PCE
    » fqdn string false FQDN of the PCE
    » available_seconds number false Seconds since this PCE has been available
    » notifications [object] false Notifications for the PCE
    »» status string true* Severity status of this notification
    »» token string true* Description token of this notification
    »» message string false Description string of this notification
    » listen_only_mode_enabled_at string,null(date-time) false Timestamp at which PCE Listen Only Mode was enabled
    » upgrade_pending boolean false A boolean showing whether this PCE needs to be upgraded
    » nodes [object] false Nodes in the PCE
    »» hostname string,null true* Hostname of the node
    »» ip_address string,null true* IP address of the node
    »» type string,null true* Type of the node
    »» runlevel number,null false Runlevel of the node
    »» uptime_seconds number,null false Seconds since this node cluster has been rebooted
    »» cpu object false No description
    »»» status string true* No description
    »»» percent number true* No description
    »» disk [object] false Disk usage of this node per individual location
    »»» location string true* No description
    »»» value object true* No description
    »»»» status string true* No description
    »»»» percent number true* No description
    »»» memory object false No description
    »»»» status string true* No description
    »»»» percent number true* No description
    »»» services object true* Status of all the PCE Services of this node
    »»»» status string false Overall Service status of the PCE
    »»»» running [string] false No description
    »»»» not_running [string] false No description
    »»»» partial [string] false No description
    »»»» optional [string] false No description
    »»»» unknown [string] false No description
    »»» generated_at string,null(date-time) true* Timestamp of when this node information was generated
    »» network object false Network information of the PCE
    »»» replication [object] true* Replication information for databases
    »»»» type string true* Type of replication
    »»»» details object true* No description

    oneOf

    Name Type Required Description
    »»»»» anonymous object false No description
    »»»»»» database_name string true* Name of the Database being replicated
    »»»»»» master_fqdn string true* FQDN of the node where the master database is

    xor

    Name Type Required Description
    »»»»» anonymous object false No description
    »»»»»» fqdn string true* FQDN of the PCE for replication

    continued

    Name Type Required Description
    »»»»» value object true* No description
    »»»»»» status string true* Lag status
    »»»»»» lag_seconds number true* The number of lag seconds
    »»»»» illumination_sync [any] true* Timestamps of the last illumination synchronization update
    »»»»»» fqdn string true* FQDN of the Member PCE for replication to leader
    »»»»»» org_id number true* Org ID to which the illumination_sync object belongs
    »»»»»» last_succeeded_at string,null(date-time) true* Timestamp when last succeeded
    »»»»»» last_failed_at string,null(date-time) true* Timestamp when last failed
    »»»»» generated_at string,null(date-time) false Timestamp of when this PCE information was generated

    Enumerated Values

    Property Value
    status normal
    status warning
    status critical
    status normal
    status warning
    status critical
    status normal
    status warning
    status critical

    IP Lists

    Get IP Lists

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/ip_lists \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/ip_lists

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Stable

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    description query string false Description of IP list(s) to return. Supports partial matches
    external_data_reference query string false A unique identifier within the external data source
    external_data_set query string false The data source from which a resource originates
    ip_address query string false IP address matching IP list(s) to return. Supports partial matches
    max_results query integer false Maximum number of IP Lists to return.
    name query string false Name of IP list(s) to return. Supports partial matches

    Example Response Body

    {
      "href": "string",
      "name": "string",
      "description": "string",
      "external_data_set": null,
      "external_data_reference": null,
      "ip_ranges": [
        {
          "description": "string",
          "from_ip": "string",
          "to_ip": "string",
          "exclusion": true
        }
      ],
      "created_at": "2018-12-12T04:17:11Z",
      "updated_at": "2018-12-12T04:17:11Z",
      "deleted_at": "2018-12-12T04:17:11Z",
      "created_by": {
        "href": "string"
      },
      "updated_by": {
        "href": "string"
      },
      "deleted_by": {
        "href": "string"
      },
      "update_type": "string"
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string false URI of the ip list
    » name string true* Name (must be unique)
    » description string false Description
    » external_data_set string,null false External data set identifier
    » external_data_reference string,null false External data reference identifier
    » ip_ranges [object] false IP addresses or ranges
    »» description string false Description
    »» from_ip string true* IP address or a low end of IP range. Might be specified with CIDR notation
    »» to_ip string false High end of an IP range
    »» exclusion boolean false Whether this IP address is an exclusion. Exclusions must be a strict subset of inclusive IP addresses.
    » created_at string(date-time) false Time stamp when this IP List was first created
    » updated_at string(date-time) false Time stamp when this IP List was last updated
    » deleted_at string(date-time) false Time stamp when this IP List was deleted
    » created_by object false No description
    »» href string true* User who originally created this IP List
    » updated_by object false No description
    »» href string true* User who last updated this IP List
    » deleted_by object false No description
    »» href string true* User who deleted this IP List
    » update_type string true* Type of update

    Get an IP List

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/ip_lists/{ip_list_id} \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/ip_lists/{ip_list_id}

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Stable

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    ip_list_id path string true* IP list ID

    Example Response Body

    {
      "href": "string",
      "name": "string",
      "description": "string",
      "external_data_set": null,
      "external_data_reference": null,
      "ip_ranges": [
        {
          "description": "string",
          "from_ip": "string",
          "to_ip": "string",
          "exclusion": true
        }
      ],
      "created_at": "2018-12-12T04:17:11Z",
      "updated_at": "2018-12-12T04:17:11Z",
      "deleted_at": "2018-12-12T04:17:11Z",
      "created_by": {
        "href": "string"
      },
      "updated_by": {
        "href": "string"
      },
      "deleted_by": {
        "href": "string"
      },
      "update_type": "string"
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string false URI of the ip list
    » name string true* Name (must be unique)
    » description string false Description
    » external_data_set string,null false External data set identifier
    » external_data_reference string,null false External data reference identifier
    » ip_ranges [object] false IP addresses or ranges
    »» description string false Description
    »» from_ip string true* IP address or a low end of IP range. Might be specified with CIDR notation
    »» to_ip string false High end of an IP range
    »» exclusion boolean false Whether this IP address is an exclusion. Exclusions must be a strict subset of inclusive IP addresses.
    » created_at string(date-time) false Time stamp when this IP List was first created
    » updated_at string(date-time) false Time stamp when this IP List was last updated
    » deleted_at string(date-time) false Time stamp when this IP List was deleted
    » created_by object false No description
    »» href string true* User who originally created this IP List
    » updated_by object false No description
    »» href string true* User who last updated this IP List
    » deleted_by object false No description
    »» href string true* User who deleted this IP List
    » update_type string true* Type of update

    Create an IP List

    Example Code

    
    curl -X POST /api/v2/orgs/{org_id}/sec_policy/{pversion}/ip_lists \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    POST /api/v2/orgs/{org_id}/sec_policy/{pversion}/ip_lists

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Stable

    Auditable: Yes

    Example Request Body

    {
      "name": "string",
      "description": "string",
      "external_data_set": null,
      "external_data_reference": null,
      "list_type": "black",
      "ip_ranges": [
        {
          "description": "string",
          "from_ip": "string",
          "to_ip": "string",
          "exclusion": true
        }
      ]
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    body body object false No description
    » name body string true* Name (must be unique)
    » description body string false Description
    » external_data_set body string,null false External data set identifier
    » external_data_reference body string,null false External data reference identifier
    » list_type body string false DEPRECATED WITH NO REPLACEMENT
    » ip_ranges body [object] true* IP addresses or ranges
    »» description body string false Description
    »» from_ip body string true* IP address or a low end of IP range. Might be specified with CIDR notation
    »» to_ip body string false High end of an IP range
    »» exclusion body boolean false Whether this IP address is an exclusion. Exclusions must be a strict subset of inclusive IP addresses.

    Enumerated Values

    Parameter Value
    » list_type black
    » list_type white

    Responses

    Status Meaning Description Schema
    201 Created Success None

    Update an IP List

    Example Code

    
    curl -X PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/ip_lists/{ip_list_id} \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/ip_lists/{ip_list_id}

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Stable

    Auditable: Yes

    Example Request Body

    {
      "name": "string",
      "description": "string",
      "external_data_set": null,
      "external_data_reference": null,
      "list_type": "black",
      "ip_ranges": [
        {
          "description": "string",
          "from_ip": "string",
          "to_ip": "string",
          "exclusion": true
        }
      ]
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    ip_list_id path string true* IP list ID
    body body object false No description
    » name body string false Name (must be unique)
    » description body string false Description
    » external_data_set body string,null false External data set identifier
    » external_data_reference body string,null false External data reference identifier
    » list_type body string false DEPRECATED WITH NO REPLACEMENT
    » ip_ranges body [object] false IP addresses or ranges
    »» description body string false Description
    »» from_ip body string true* IP address or a low end of IP range. Might be specified with CIDR notation
    »» to_ip body string false High end of an IP range
    »» exclusion body boolean false Whether this IP address is an exclusion. Exclusions must be a strict subset of inclusive IP addresses.

    Enumerated Values

    Parameter Value
    » list_type black
    » list_type white

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Delete an IP List

    Example Code

    
    curl -X DELETE /api/v2/orgs/{org_id}/sec_policy/{pversion}/ip_lists/{ip_list_id}
      \ -u $KEY:$TOKEN
    
    

    DELETE /api/v2/orgs/{org_id}/sec_policy/{pversion}/ip_lists/{ip_list_id}

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Stable

    Auditable: Yes

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    ip_list_id path string true* IP list ID

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Jobs

    Get Jobs

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/jobs \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/jobs

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    job_type query string false The job-type value to use for filtering the results.

    Example Response Body

    {
      "href": "string",
      "job_type": "string",
      "description": "string",
      "status": "string",
      "requested_at": "2018-12-12T04:17:11Z",
      "requested_by": {
        "href": "string"
      },
      "terminated_at": "2018-12-12T04:17:11Z",
      "result": {
        "href": "string"
      }
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string true* The job URI.
    » job_type string false An arbitrary designator for the job type or kind, typically supplied by the job requestor.
    » description string false An arbitrary free-form description of the job, as supplied by the job requestor.
    » status string true* The current state of the job, to the effect of its success, failure, etc.
    » requested_at string(date-time) false The time (rfc3339 timestamp) at which this job was requested or submitted.
    » requested_by object false No description
    »» href string true* The URI of the user who requested this job.
    » terminated_at string(date-time) false The time (rfc3339 timestamp) at which this job terminated, either successfully or failingly.
    » result object false The result produced by the job, typically a URI (with 'href' sub-property), or an error in case of failure.
    »» href string false The href to collect the response body

    Get a Job

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/jobs/{job_id} \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/jobs/{job_id}

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    job_id path string true* ID of a job.

    Example Response Body

    {
      "href": "string",
      "job_type": "string",
      "description": "string",
      "status": "string",
      "requested_at": "2018-12-12T04:17:11Z",
      "requested_by": {
        "href": "string"
      },
      "terminated_at": "2018-12-12T04:17:11Z",
      "result": {
        "href": "string"
      }
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string true* The job URI.
    » job_type string false An arbitrary designator for the job type or kind, typically supplied by the job requestor.
    » description string false An arbitrary free-form description of the job, as supplied by the job requestor.
    » status string true* The current state of the job, to the effect of its success, failure, etc.
    » requested_at string(date-time) false The time (rfc3339 timestamp) at which this job was requested or submitted.
    » requested_by object false No description
    »» href string true* The URI of the user who requested this job.
    » terminated_at string(date-time) false The time (rfc3339 timestamp) at which this job terminated, either successfully or failingly.
    » result object false The result produced by the job, typically a URI (with 'href' sub-property), or an error in case of failure.
    »» href string false The href to collect the response body

    Labels

    Get Labels

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/labels \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/labels

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Stable

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    external_data_reference query string false A unique identifier within the external data source
    external_data_set query string false The data source from which a resource originates
    include_deleted query boolean false Include deleted labels
    key query string false Key by which to filter
    max_results query integer false Maximum number of Labels to return.
    usage query boolean false Include label usage flags as well
    value query string false Value on which to filter. Supports partial matches

    Example Response Body

    [
      {
        "href": "string",
        "deleted": true,
        "key": "string",
        "value": "string",
        "external_data_set": null,
        "external_data_reference": null,
        "created_at": "2018-12-12T04:17:11Z",
        "updated_at": "2018-12-12T04:17:11Z",
        "created_by": {
          "href": "string"
        },
        "updated_by": {
          "href": "string"
        },
        "usage": {
          "workload": true,
          "rule_set": true,
          "pairing_profile": true,
          "permission": true,
          "virtual_service": true,
          "virtual_server": true,
          "label_group": true,
          "static_policy_scopes": true
        }
      }
    ]
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string false URI of this label
    » deleted boolean false This label has been deleted
    » key string true* Key in key-value pair
    » value string true* Value in key-value pair
    » external_data_set string,null false External data set identifier
    » external_data_reference string,null false External data reference identifier
    » created_at string(date-time) true* Timestamp when this label was first created
    » updated_at string(date-time) true* Timestamp when this label was last updated
    » created_by object false No description
    »» href string true* User who originally created this label
    » updated_by object false No description
    »» href string true* User who last updated this label
    » usage object false No description
    »» workload boolean true* Label is referenced by at least one workload
    »» rule_set boolean true* Label is referenced by at least one ruleset
    »» pairing_profile boolean true* Label is referenced by at least one pairing profile
    »» permission boolean true* Label is referenced by rbac permission object
    »» virtual_service boolean true* Label is referenced by at least one bound service
    »» virtual_server boolean true* Label is referenced by at least one virtual server
    »» label_group boolean true* Label is referenced by at least one label group
    »» static_policy_scopes boolean true* Label is referenced by static policy scopes

    Get a Label

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/labels/{label_id} \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/labels/{label_id}

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Stable

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    label_id path integer true* Label ID
    usage query boolean false Include label usage flags as well

    Example Response Body

    [
      {
        "href": "string",
        "deleted": true,
        "key": "string",
        "value": "string",
        "external_data_set": null,
        "external_data_reference": null,
        "created_at": "2018-12-12T04:17:11Z",
        "updated_at": "2018-12-12T04:17:11Z",
        "created_by": {
          "href": "string"
        },
        "updated_by": {
          "href": "string"
        },
        "usage": {
          "workload": true,
          "rule_set": true,
          "pairing_profile": true,
          "permission": true,
          "virtual_service": true,
          "virtual_server": true,
          "label_group": true,
          "static_policy_scopes": true
        }
      }
    ]
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string false URI of this label
    » deleted boolean false This label has been deleted
    » key string true* Key in key-value pair
    » value string true* Value in key-value pair
    » external_data_set string,null false External data set identifier
    » external_data_reference string,null false External data reference identifier
    » created_at string(date-time) true* Timestamp when this label was first created
    » updated_at string(date-time) true* Timestamp when this label was last updated
    » created_by object false No description
    »» href string true* User who originally created this label
    » updated_by object false No description
    »» href string true* User who last updated this label
    » usage object false No description
    »» workload boolean true* Label is referenced by at least one workload
    »» rule_set boolean true* Label is referenced by at least one ruleset
    »» pairing_profile boolean true* Label is referenced by at least one pairing profile
    »» permission boolean true* Label is referenced by rbac permission object
    »» virtual_service boolean true* Label is referenced by at least one bound service
    »» virtual_server boolean true* Label is referenced by at least one virtual server
    »» label_group boolean true* Label is referenced by at least one label group
    »» static_policy_scopes boolean true* Label is referenced by static policy scopes

    Create a Label

    Example Code

    
    curl -X POST /api/v2/orgs/{org_id}/labels \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    POST /api/v2/orgs/{org_id}/labels

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Stable

    Auditable: Yes

    Example Request Body

    {
      "key": "role",
      "value": "string",
      "external_data_set": null,
      "external_data_reference": null
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    body body object false No description
    » key body string true* Key in key-value pair
    » value body string true* Value in key-value pair
    » external_data_set body string,null false External data set identifier
    » external_data_reference body string,null false External data reference identifier

    Enumerated Values

    Parameter Value
    » key role
    » key loc
    » key env
    » key app

    Responses

    Status Meaning Description Schema
    201 Created Success None

    Update a Label

    Example Code

    
    curl -X PUT /api/v2/orgs/{org_id}/labels/{label_id} \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/orgs/{org_id}/labels/{label_id}

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Stable

    Auditable: Yes

    Example Request Body

    {
      "value": "string",
      "external_data_set": null,
      "external_data_reference": null
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    label_id path integer true* Label ID
    body body object false No description
    » value body string false Value in key-value pair
    » external_data_set body string,null false External data set identifier
    » external_data_reference body string,null false External data reference identifier

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Delete a Label

    Example Code

    
    curl -X DELETE /api/v2/orgs/{org_id}/labels/{label_id}
      \ -u $KEY:$TOKEN
    
    

    DELETE /api/v2/orgs/{org_id}/labels/{label_id}

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Stable

    Auditable: Yes

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    label_id path integer true* Label ID

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Label Groups

    Get Label Groups

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/label_groups \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/label_groups

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    description query string false Description of Label Group(s) to return. Supports partial matches
    external_data_reference query string false A unique identifier within the external data source
    external_data_set query string false The data source from which a resource originates
    key query string false Key by which to filter
    max_results query integer false Maximum number of Labels to return.
    name query string false Name of Label Group(s) to return. Supports partial matches
    usage query boolean false Include label usage flags as well

    Example Response Body

    {
      "name": "string",
      "description": "string",
      "key": "string",
      "labels": [
        {
          "href": "string",
          "value": "string"
        }
      ],
      "sub_groups": [
        {
          "href": "string",
          "name": "string"
        }
      ],
      "usage": {
        "label_group": true,
        "ruleset": true,
        "rule": true,
        "static_policy_scopes": true
      },
      "external_data_set": null,
      "external_data_reference": null
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » name string false Name of the label group
    » description string false The long description of the label group
    » key string false Key in key-value pair of contained labels or label groups
    » labels [object] false Contained labels
    »» href string true* Label URI
    »» value string false Label value in key-value pair
    » sub_groups [object] false Contained label groups
    »» href string true* Contained label group URI
    »» name string false Name of sub label group
    » usage object false No description
    »» label_group boolean true* Label group is referenced by another label group
    »» ruleset boolean true* Label is referenced by at least one ruleset
    »» rule boolean true* Label is referenced by at least one rule
    »» static_policy_scopes boolean false Label is referenced by static policy scopes
    » external_data_set string,null false External data set identifier
    » external_data_reference string,null false External data reference identifier

    Get a Label Group

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/label_groups/{label_group_id} \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/label_groups/{label_group_id}

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    label_group_id path string true* Label Group UUID
    usage query boolean false Include label usage flags as well

    Example Response Body

    {
      "name": "string",
      "description": "string",
      "key": "string",
      "labels": [
        {
          "href": "string",
          "value": "string"
        }
      ],
      "sub_groups": [
        {
          "href": "string",
          "name": "string"
        }
      ],
      "usage": {
        "label_group": true,
        "ruleset": true,
        "rule": true,
        "static_policy_scopes": true
      },
      "external_data_set": null,
      "external_data_reference": null
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » name string false Name of the label group
    » description string false The long description of the label group
    » key string false Key in key-value pair of contained labels or label groups
    » labels [object] false Contained labels
    »» href string true* Label URI
    »» value string false Label value in key-value pair
    » sub_groups [object] false Contained label groups
    »» href string true* Contained label group URI
    »» name string false Name of sub label group
    » usage object false No description
    »» label_group boolean true* Label group is referenced by another label group
    »» ruleset boolean true* Label is referenced by at least one ruleset
    »» rule boolean true* Label is referenced by at least one rule
    »» static_policy_scopes boolean false Label is referenced by static policy scopes
    » external_data_set string,null false External data set identifier
    » external_data_reference string,null false External data reference identifier

    Is Group Member of Other Groups?

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/label_groups/{label_group_id}/member_of \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/label_groups/{label_group_id}/member_of

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    label_group_id path string true* Label Group UUID

    Example Response Body

    [
      {
        "href": "string",
        "name": "string"
      }
    ]
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string true* Parent label group URI
    » name string false Name of parent label group

    Create a Label Group

    Example Code

    
    curl -X POST /api/v2/orgs/{org_id}/sec_policy/{pversion}/label_groups \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    POST /api/v2/orgs/{org_id}/sec_policy/{pversion}/label_groups

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    {
      "name": "string",
      "description": "string",
      "key": "string",
      "labels": [
        {
          "href": "string"
        }
      ],
      "sub_groups": [
        {
          "href": "string"
        }
      ],
      "external_data_set": null,
      "external_data_reference": null
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    body body object false No description
    » name body string true* Name of the label group
    » description body string false The long description of the label group
    » key body string true* Key in key-value pair of contained labels or label groups
    » labels body [object] false Contained labels
    »» href body string true* Label URI
    » sub_groups body [object] false Contained label groups
    »» href body string true* Sub label group URI
    » external_data_set body string,null false External data set identifier
    » external_data_reference body string,null false External data reference identifier

    Enumerated Values

    Parameter Value
    » key role
    » key loc
    » key env
    » key app

    Responses

    Status Meaning Description Schema
    201 Created Success None

    Update a Label Group

    Example Code

    
    curl -X PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/label_groups/{label_group_id} \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/label_groups/{label_group_id}

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    {
      "name": "string",
      "description": "string",
      "labels": [
        {
          "href": "string"
        }
      ],
      "sub_groups": [
        {
          "href": "string"
        }
      ],
      "external_data_set": null,
      "external_data_reference": null
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    label_group_id path string true* Label Group UUID
    body body object false No description
    » name body string false Name of the label group
    » description body string false The long description of the label group
    » labels body [object] false Contained labels
    »» href body string true* Label URI
    » sub_groups body [object] false Contained label groups
    »» href body string true* Sub label group URI
    » external_data_set body string,null false External data set identifier
    » external_data_reference body string,null false External data reference identifier

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Delete a Label Group

    Example Code

    
    curl -X DELETE /api/v2/orgs/{org_id}/sec_policy/{pversion}/label_groups/{label_group_id}
      \ -u $KEY:$TOKEN
    
    

    DELETE /api/v2/orgs/{org_id}/sec_policy/{pversion}/label_groups/{label_group_id}

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    label_group_id path string true* Label Group UUID

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Login Users

    Create a User Auth Token

    Example Code

    
    curl -X POST /api/v2/login_users/authenticate?pce_fqdn=string \
      -u user@my-company.com:'password' -H 'Content-Type: application/json'
    
    

    POST /api/v2/login_users/authenticate

    Authorization: Authenticated Local User

    Exposure: Public Stable

    Auditable: Yes

    Example Request Body

    {
      "auth_token": "string"
    }
    

    Parameters

    Parameter In Type Required Description
    pce_fqdn query string true* Fully qualified name of PCE
    body body object false No description
    » auth_token body string true* Expiring, single use authentication token valid for sign-in on the requested PCE

    Responses

    Status Meaning Description Schema
    201 Created Success None

    Update User Password

    Example Code

    
    curl -X PUT /api/v2/login_users/{user_uuid}/password \
      -u user_email_address:'current_user_login_password' \
      -H 'Content-Type: application/json'
    
    

    PUT /api/v2/login_users/{user_uuid}/password

    Authorization: Authenticated Local User

    Exposure: Public Stable

    Auditable: Yes

    This call must be made by the user currently authenticated in the session — even an administrator cannot change another user's password.

    The user's login name (typically the user's email address) and login password are used for authentication. An API key is not used with this API.

    The user's five most recent passwords cannot be used.

    Example Request Body

    {
      "password": "string"
    }
    

    Parameters

    Parameter In Type Required Description
    user_uuid path string true* User UUID; use 'me' for the currently authenticated user
    body body object false No description
    » password body string true* New password

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Pairing Profiles

    Get Pairing Profiles

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/pairing_profiles \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/pairing_profiles

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    agent_software_release query string false The agent software release for pairing profiles
    description query string false Description of Pairing Profile(s) to return. Supports partial matches
    external_data_reference query string false A unique identifier within the external data source
    external_data_set query string false The data source from which a resource originates
    labels query string false List of lists of label URIs, encoded as a JSON string
    max_results query integer false Maximum number of Pairing Profiles to return.
    name query string false Name of Pairing Profile(s) to return. Supports partial matches

    Example Response Body

    {
      "href": "string",
      "name": "string",
      "description": "string",
      "mode": "idle",
      "enabled": true,
      "total_use_count": 0,
      "allowed_uses_per_key": 1,
      "key_lifespan": 1,
      "last_pairing_at": "string",
      "created_at": "2018-12-12T04:17:11Z",
      "updated_at": "2018-12-12T04:17:11Z",
      "created_by": {
        "href": "string"
      },
      "updated_by": {
        "href": "string"
      },
      "is_default": true,
      "labels": [
        {
          "href": "string"
        }
      ],
      "env_label_lock": true,
      "loc_label_lock": true,
      "role_label_lock": true,
      "app_label_lock": true,
      "mode_lock": true,
      "log_traffic": true,
      "log_traffic_lock": true,
      "visibility_level": "string",
      "visibility_level_lock": true,
      "external_data_set": null,
      "external_data_reference": null,
      "agent_software_release": null
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string false URI of the pairing profile
    » name string true* The short friendly name of the pairing profile
    » description string true* The long description of the pairing profile
    » mode string true* Agent management mode
    » enabled boolean true* The enabled flag of the pairing profile
    » total_use_count integer true* The number of times the pairing profile has been used
    » allowed_uses_per_key any true* The number of times the pairing profile can be used

    oneOf

    Name Type Required Description
    »» anonymous integer false No description

    xor

    Name Type Required Description
    »» anonymous string false No description

    continued

    Name Type Required Description
    » key_lifespan any true* Number of seconds pairing profile keys will be valid for

    oneOf

    Name Type Required Description
    »» anonymous integer false No description

    xor

    Name Type Required Description
    »» anonymous string false No description

    continued

    Name Type Required Description
    » last_pairing_at string true* Timestamp when this pairing profile was last used for pairing a workload
    » created_at string(date-time) true* Timestamp when this pairing profile was first created
    » updated_at string(date-time) true* Timestamp when this pairing profile was last updated
    » created_by object false No description
    »» href string true* User who originally created this pairing profile
    » updated_by object false No description
    »» href string true* User who last updated this pairing_profile
    » is_default boolean true* Flag indicating this is default auto-created pairing profile
    » labels [object] true* Assigned labels
    »» href string true* Label URI
    » env_label_lock boolean true* Flag that controls whether env label can be overridden from pairing script
    » loc_label_lock boolean true* Flag that controls whether loc label can be overridden from pairing script
    » role_label_lock boolean true* Flag that controls whether role label can be overridden from pairing script
    » app_label_lock boolean true* Flag that controls whether app label can be overridden from pairing script
    » mode_lock boolean true* Flag that controls whether mode can be overridden from pairing script
    » log_traffic boolean true* Alerting status
    » log_traffic_lock boolean true* Flag that controls whether log_traffic can be overridden from pairing script
    » visibility_level string true* Visibility level of the agent
    » visibility_level_lock boolean true* Flag that controls whether visibility_level can be overridden from pairing script
    » external_data_set string,null false External data set identifier
    » external_data_reference string,null false External data reference identifier
    » agent_software_release string,null false Agent software release associated with this paring profile

    Enumerated Values

    Property Value
    mode idle
    mode illuminated
    mode enforced

    Get a Pairing Profile

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/pairing_profiles/{pairing_profile_id} \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/pairing_profiles/{pairing_profile_id}

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pairing_profile_id path integer true* Pairing Profile ID

    Example Response Body

    {
      "href": "string",
      "name": "string",
      "description": "string",
      "mode": "idle",
      "enabled": true,
      "total_use_count": 0,
      "allowed_uses_per_key": 1,
      "key_lifespan": 1,
      "last_pairing_at": "string",
      "created_at": "2018-12-12T04:17:11Z",
      "updated_at": "2018-12-12T04:17:11Z",
      "created_by": {
        "href": "string"
      },
      "updated_by": {
        "href": "string"
      },
      "is_default": true,
      "labels": [
        {
          "href": "string"
        }
      ],
      "env_label_lock": true,
      "loc_label_lock": true,
      "role_label_lock": true,
      "app_label_lock": true,
      "mode_lock": true,
      "log_traffic": true,
      "log_traffic_lock": true,
      "visibility_level": "string",
      "visibility_level_lock": true,
      "external_data_set": null,
      "external_data_reference": null,
      "agent_software_release": null
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string false URI of the pairing profile
    » name string true* The short friendly name of the pairing profile
    » description string true* The long description of the pairing profile
    » mode string true* Agent management mode
    » enabled boolean true* The enabled flag of the pairing profile
    » total_use_count integer true* The number of times the pairing profile has been used
    » allowed_uses_per_key any true* The number of times the pairing profile can be used

    oneOf

    Name Type Required Description
    »» anonymous integer false No description

    xor

    Name Type Required Description
    »» anonymous string false No description

    continued

    Name Type Required Description
    » key_lifespan any true* Number of seconds pairing profile keys will be valid for

    oneOf

    Name Type Required Description
    »» anonymous integer false No description

    xor

    Name Type Required Description
    »» anonymous string false No description

    continued

    Name Type Required Description
    » last_pairing_at string true* Timestamp when this pairing profile was last used for pairing a workload
    » created_at string(date-time) true* Timestamp when this pairing profile was first created
    » updated_at string(date-time) true* Timestamp when this pairing profile was last updated
    » created_by object false No description
    »» href string true* User who originally created this pairing profile
    » updated_by object false No description
    »» href string true* User who last updated this pairing_profile
    » is_default boolean true* Flag indicating this is default auto-created pairing profile
    » labels [object] true* Assigned labels
    »» href string true* Label URI
    » env_label_lock boolean true* Flag that controls whether env label can be overridden from pairing script
    » loc_label_lock boolean true* Flag that controls whether loc label can be overridden from pairing script
    » role_label_lock boolean true* Flag that controls whether role label can be overridden from pairing script
    » app_label_lock boolean true* Flag that controls whether app label can be overridden from pairing script
    » mode_lock boolean true* Flag that controls whether mode can be overridden from pairing script
    » log_traffic boolean true* Alerting status
    » log_traffic_lock boolean true* Flag that controls whether log_traffic can be overridden from pairing script
    » visibility_level string true* Visibility level of the agent
    » visibility_level_lock boolean true* Flag that controls whether visibility_level can be overridden from pairing script
    » external_data_set string,null false External data set identifier
    » external_data_reference string,null false External data reference identifier
    » agent_software_release string,null false Agent software release associated with this paring profile

    Enumerated Values

    Property Value
    mode idle
    mode illuminated
    mode enforced

    Create a Pairing Profile

    Example Code

    
    curl -X POST /api/v2/orgs/{org_id}/pairing_profiles \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    POST /api/v2/orgs/{org_id}/pairing_profiles

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    {
      "name": "string",
      "description": "string",
      "mode": "idle",
      "enabled": true,
      "allowed_uses_per_key": 1,
      "key_lifespan": 1,
      "labels": [
        {
          "href": "string"
        }
      ],
      "env_label_lock": true,
      "loc_label_lock": true,
      "role_label_lock": true,
      "app_label_lock": true,
      "mode_lock": true,
      "log_traffic": true,
      "log_traffic_lock": true,
      "visibility_level": "flow_full_detail",
      "visibility_level_lock": true,
      "external_data_set": null,
      "external_data_reference": null,
      "agent_software_release": null
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    body body object false No description
    » name body string false The short friendly name of the pairing profile
    » description body string false The long description of the pairing profile
    » mode body string false Agent management mode
    » enabled body boolean true* The enabled flag of the pairing profile
    » allowed_uses_per_key body any false The number of times pairing profile keys can be used
    »» anonymous body integer false No description
    »» anonymous body string false No description
    » key_lifespan body any false Number of seconds pairing profile keys will be valid for
    »» anonymous body integer false No description
    »» anonymous body string false No description
    » labels body [object] false Assigned labels
    »» href body string true* Label URI
    » env_label_lock body boolean false Flag that controls whether env label can be overridden from pairing script
    » loc_label_lock body boolean false Flag that controls whether loc label can be overridden from pairing script
    » role_label_lock body boolean false Flag that controls whether role label can be overridden from pairing script
    » app_label_lock body boolean false Flag that controls whether app label can be overridden from pairing script
    » mode_lock body boolean false Flag that controls whether mode can be overridden from pairing script
    » log_traffic body boolean false Alerting status
    » log_traffic_lock body boolean false Flag that controls whether log_traffic can be overridden from pairing script
    » visibility_level body string false Visibility level of the agent
    » visibility_level_lock body boolean false Flag that controls whether visibility_level can be overridden from pairing script
    » external_data_set body string,null false External data set identifier
    » external_data_reference body string,null false External data reference identifier
    » agent_software_release body string,null false Agent software release associated with this paring profile

    Enumerated Values

    Parameter Value
    » mode idle
    » mode illuminated
    » mode enforced
    »» anonymous unlimited
    »» anonymous unlimited
    » visibility_level flow_full_detail
    » visibility_level flow_summary
    » visibility_level flow_drops
    » visibility_level flow_off

    Responses

    Status Meaning Description Schema
    201 Created Success None

    Create a Pairing Key

    Example Code

    
    curl -X POST /api/v2/orgs/{org_id}/pairing_profiles/{pairing_profile_id}/pairing_key \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    POST /api/v2/orgs/{org_id}/pairing_profiles/{pairing_profile_id}/pairing_key

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Stable

    Auditable: Yes

    Example Request Body

    {}
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pairing_profile_id path integer true* Pairing Profile ID
    body body object false No description

    Responses

    Status Meaning Description Schema
    201 Created Success None

    Update a Pairing Profile

    Example Code

    
    curl -X PUT /api/v2/orgs/{org_id}/pairing_profiles/{pairing_profile_id} \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/orgs/{org_id}/pairing_profiles/{pairing_profile_id}

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    {
      "name": "string",
      "description": "string",
      "mode": "idle",
      "enabled": true,
      "allowed_uses_per_key": 1,
      "key_lifespan": 1,
      "labels": [
        {
          "href": "string"
        }
      ],
      "env_label_lock": true,
      "loc_label_lock": true,
      "role_label_lock": true,
      "app_label_lock": true,
      "mode_lock": true,
      "log_traffic": true,
      "log_traffic_lock": true,
      "visibility_level": "flow_full_detail",
      "visibility_level_lock": true,
      "external_data_set": null,
      "external_data_reference": null,
      "agent_software_release": null
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pairing_profile_id path integer true* Pairing Profile ID
    body body object false No description
    » name body string false The short friendly name of the pairing profile
    » description body string false The long description of the pairing profile
    » mode body string false Agent management mode
    » enabled body boolean false The enabled flag of the pairing profile
    » allowed_uses_per_key body any false The number of times pairing profile keys can be used
    »» anonymous body integer false No description
    »» anonymous body string false No description
    » key_lifespan body any false Number of seconds pairing profile keys will be valid for
    »» anonymous body integer false No description
    »» anonymous body string false No description
    » labels body [object] false Assigned labels
    »» href body string true* Label URI
    » env_label_lock body boolean false Flag that controls whether env label can be overridden from pairing script
    » loc_label_lock body boolean false Flag that controls whether loc label can be overridden from pairing script
    » role_label_lock body boolean false Flag that controls whether role label can be overridden from pairing script
    » app_label_lock body boolean false Flag that controls whether app label can be overridden from pairing script
    » mode_lock body boolean false Flag that controls whether mode can be overridden from pairing script
    » log_traffic body boolean false Alerting status
    » log_traffic_lock body boolean false Flag that controls whether log_traffic can be overridden from pairing script
    » visibility_level body string false Visibility level of the agent
    » visibility_level_lock body boolean false Flag that controls whether visibility_level can be overridden from pairing script
    » external_data_set body string,null false External data set identifier
    » external_data_reference body string,null false External data reference identifier
    » agent_software_release body string,null false Agent software release associated with this paring profile

    Enumerated Values

    Parameter Value
    » mode idle
    » mode illuminated
    » mode enforced
    »» anonymous unlimited
    »» anonymous unlimited
    » visibility_level flow_full_detail
    » visibility_level flow_summary
    » visibility_level flow_drops
    » visibility_level flow_off

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Delete a Pairing Profile

    Example Code

    
    curl -X DELETE /api/v2/orgs/{org_id}/pairing_profiles/{pairing_profile_id}
      \ -u $KEY:$TOKEN
    
    

    DELETE /api/v2/orgs/{org_id}/pairing_profiles/{pairing_profile_id}

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pairing_profile_id path integer true* Pairing Profile ID

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Permissions

    Get All Permissions

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/permissions \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/permissions

    Authorization: Global Organization Owner

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Org ID
    auth_security_principal query string false Auth_security_principal URI (JSON-encoded string) to filter on
    role query string false Role URI (JSON-encoded string) to filter on
    scope query string false Scope to filter on, where scope is a list of label URIs, encoded as a JSON string

    Example Response Body

    [
      {
        "role": {
          "href": "string"
        },
        "scope": [
          {
            "href": "string"
          }
        ],
        "auth_security_principal": {
          "href": "string"
        },
        "href": "string"
      }
    ]
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    The list of the auth_security_principals in this org

    Name Type Required Description
    » anonymous object false Permission granted
    »» role object true* No description
    »»» href string true* URI of Role
    »» scope [object] true* Assigned labels
    »»» href string true* Label URI
    »» auth_security_principal object true* No description
    »»» href string true* URI of auth_security_principal

    and

    Name Type Required Description
    »» anonymous object false No description
    »»» href string true* URI of permission

    Get a Permission

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/permissions/{permission_id} \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/permissions/{permission_id}

    Authorization: Global Organization Owner

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Org ID
    permission_id path string true* UUID of the permission

    Example Response Body

    [
      {
        "role": {
          "href": "string"
        },
        "scope": [
          {
            "href": "string"
          }
        ],
        "auth_security_principal": {
          "href": "string"
        },
        "href": "string"
      }
    ]
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    The list of the auth_security_principals in this org

    Name Type Required Description
    » anonymous object false Permission granted
    »» role object true* No description
    »»» href string true* URI of Role
    »» scope [object] true* Assigned labels
    »»» href string true* Label URI
    »» auth_security_principal object true* No description
    »»» href string true* URI of auth_security_principal

    and

    Name Type Required Description
    »» anonymous object false No description
    »»» href string true* URI of permission

    Create a Permission

    Example Code

    
    curl -X POST /api/v2/orgs/{org_id}/permissions \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    POST /api/v2/orgs/{org_id}/permissions

    Authorization: Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    {
      "role": {
        "href": "string"
      },
      "scope": [
        {
          "href": "string"
        }
      ],
      "auth_security_principal": {
        "href": "string"
      }
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Org ID
    body body object false No description
    » role body object true* No description
    »» href body string true* URI of Role
    » scope body [object] true* Assigned labels
    »» href body string true* Label URI
    » auth_security_principal body object true* No description
    »» href body string true* URI of auth_security_principal

    Responses

    Status Meaning Description Schema
    201 Created Success None

    Update a Permission

    Example Code

    
    curl -X PUT /api/v2/orgs/{org_id}/permissions/{permission_id} \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/orgs/{org_id}/permissions/{permission_id}

    Authorization: Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    {
      "role": {
        "href": "string"
      },
      "scope": [
        {
          "href": "string"
        }
      ],
      "auth_security_principal": {
        "href": "string"
      }
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Org ID
    permission_id path string true* UUID of the permission
    body body object false No description
    » role body object false No description
    »» href body string true* URI of Role
    » scope body [object] false Assigned labels
    »» href body string true* Label URI
    » auth_security_principal body object false No description
    »» href body string true* URI of auth_security_principal

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Delete a Permission

    Example Code

    
    curl -X DELETE /api/v2/orgs/{org_id}/permissions/{permission_id}
      \ -u $KEY:$TOKEN
    
    

    DELETE /api/v2/orgs/{org_id}/permissions/{permission_id}

    Authorization: Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Org ID
    permission_id path string true* UUID of the permission

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Organization Settings

    Get Events Settings

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/settings/events \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/settings/events

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Org ID

    Example Response Body

    {
      "audit_event_retention_seconds": 0,
      "audit_event_min_severity": "error",
      "format": "string"
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Org-based event setting

    Name Type Required Description
    » audit_event_retention_seconds integer true* The time in seconds an audit event is stored in the database. The default is 90 days (7776000 seconds). The maximum value is 200 days (17280000 seconds).
    » audit_event_min_severity string true* Minimum severity level of audit event messages.
    » format string true* The log format (JSON, CEF, LEEF), which applies to all remote syslog destinations

    Enumerated Values

    Property Value
    audit_event_min_severity error
    audit_event_min_severity warning
    audit_event_min_severity informational

    Update Events Settings

    Example Code

    
    curl -X PUT /api/v2/orgs/{org_id}/settings/events \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/orgs/{org_id}/settings/events

    Authorization: Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    {
      "audit_event_retention_seconds": 86400,
      "audit_event_min_severity": "error",
      "format": "JSON"
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Org ID
    body body object false No description
    » audit_event_retention_seconds body integer false The time in seconds an audit event is stored in the database. The default is 90 days (7776000 seconds). The maximum value is 200 days (17280000 seconds).
    » audit_event_min_severity body string false Minimum severity level of audit event messages.
    » format body string false The log format (JSON, CEF, LEEF), which applies to all syslog destinations

    Enumerated Values

    Parameter Value
    » audit_event_min_severity error
    » audit_event_min_severity warning
    » audit_event_min_severity informational
    » format JSON
    » format CEF
    » format LEEF

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    ====================

    Get Syslog Destinations

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/settings/syslog/destinations \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/settings/syslog/destinations

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Org ID

    Example Response Body

    [
      {
        "href": "string",
        "pce_scope": [
          "string"
        ],
        "type": "string",
        "description": "string",
        "audit_event_logger": {
          "configuration_event_included": true,
          "system_event_included": true,
          "min_severity": "error"
        },
        "traffic_event_logger": {
          "traffic_flow_allowed_event_included": true,
          "traffic_flow_potentially_blocked_event_included": true,
          "traffic_flow_blocked_event_included": true
        },
        "node_status_logger": {
          "node_status_included": true
        },
        "remote_syslog": {
          "address": "string",
          "port": 0,
          "protocol": 0,
          "tls_enabled": true,
          "tls_ca_bundle": "string",
          "tls_verify_cert": true
        }
      }
    ]
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    List of destinations

    Name Type Required Description
    » href string true* URI of the destination
    » pce_scope [string] true* No description
    » type string true* Destination type
    » description string true* Description of the destination
    » audit_event_logger object true* No description
    »» configuration_event_included boolean true* Configuration (Northbound) auditable events
    »» system_event_included boolean true* System (PCE) auditable events
    »» min_severity string true* Minimum severity level of audit event messages.
    » traffic_event_logger object true* No description
    »» traffic_flow_allowed_event_included boolean true* Set to enable traffic flow events
    »» traffic_flow_potentially_blocked_event_included boolean true* Set to enable traffic flow events
    »» traffic_flow_blocked_event_included boolean true* Set to enable traffic flow events
    » node_status_logger object true* No description
    »» node_status_included boolean true* Syslog messages regarding status of the nodes
    » remote_syslog object false No description
    »» address string true* The remote syslog IP or DNS address
    »» port integer true* The remote syslog port
    »» protocol integer true* The protocol for streaming syslog messages
    »» tls_enabled boolean true* To enable TLS
    »» tls_ca_bundle string false Trustee CA bundle
    »» tls_verify_cert boolean true* Perform TLS verification

    Enumerated Values

    Property Value
    min_severity error
    min_severity warning
    min_severity informational

    Get a Syslog Destination

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/settings/syslog/destinations/{syslog_destination_id} \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/settings/syslog/destinations/{syslog_destination_id}

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Org ID
    syslog_destination_id path string true* PCE destination UUID

    Example Response Body

    [
      {
        "href": "string",
        "pce_scope": [
          "string"
        ],
        "type": "string",
        "description": "string",
        "audit_event_logger": {
          "configuration_event_included": true,
          "system_event_included": true,
          "min_severity": "error"
        },
        "traffic_event_logger": {
          "traffic_flow_allowed_event_included": true,
          "traffic_flow_potentially_blocked_event_included": true,
          "traffic_flow_blocked_event_included": true
        },
        "node_status_logger": {
          "node_status_included": true
        },
        "remote_syslog": {
          "address": "string",
          "port": 0,
          "protocol": 0,
          "tls_enabled": true,
          "tls_ca_bundle": "string",
          "tls_verify_cert": true
        }
      }
    ]
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    List of destinations

    Name Type Required Description
    » href string true* URI of the destination
    » pce_scope [string] true* No description
    » type string true* Destination type
    » description string true* Description of the destination
    » audit_event_logger object true* No description
    »» configuration_event_included boolean true* Configuration (Northbound) auditable events
    »» system_event_included boolean true* System (PCE) auditable events
    »» min_severity string true* Minimum severity level of audit event messages.
    » traffic_event_logger object true* No description
    »» traffic_flow_allowed_event_included boolean true* Set to enable traffic flow events
    »» traffic_flow_potentially_blocked_event_included boolean true* Set to enable traffic flow events
    »» traffic_flow_blocked_event_included boolean true* Set to enable traffic flow events
    » node_status_logger object true* No description
    »» node_status_included boolean true* Syslog messages regarding status of the nodes
    » remote_syslog object false No description
    »» address string true* The remote syslog IP or DNS address
    »» port integer true* The remote syslog port
    »» protocol integer true* The protocol for streaming syslog messages
    »» tls_enabled boolean true* To enable TLS
    »» tls_ca_bundle string false Trustee CA bundle
    »» tls_verify_cert boolean true* Perform TLS verification

    Enumerated Values

    Property Value
    min_severity error
    min_severity warning
    min_severity informational

    Create a Syslog Destination

    Example Code

    
    curl -X POST /api/v2/orgs/{org_id}/settings/syslog/destinations \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    POST /api/v2/orgs/{org_id}/settings/syslog/destinations

    Authorization: Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    {
      "pce_scope": [
        "string"
      ],
      "type": "local_syslog",
      "description": "string",
      "audit_event_logger": {
        "configuration_event_included": true,
        "system_event_included": true,
        "min_severity": "error"
      },
      "traffic_event_logger": {
        "traffic_flow_allowed_event_included": true,
        "traffic_flow_potentially_blocked_event_included": true,
        "traffic_flow_blocked_event_included": true
      },
      "node_status_logger": {
        "node_status_included": true
      },
      "remote_syslog": {
        "address": "string",
        "port": 0,
        "protocol": 0,
        "tls_enabled": true,
        "tls_ca_bundle": "string",
        "tls_verify_cert": true
      }
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Org ID
    body body object false No description
    » pce_scope body [string] true* No description
    » type body string true* Destination type
    » description body string true* Description of the destination
    » audit_event_logger body object true* No description
    »» configuration_event_included body boolean true* Configuration (Northbound) auditable events
    »» system_event_included body boolean true* System (PCE) auditable events
    »» min_severity body string true* Minimum severity level of audit event messages.
    » traffic_event_logger body object true* No description
    »» traffic_flow_allowed_event_included body boolean true* Set to enable traffic flow events
    »» traffic_flow_potentially_blocked_event_included body boolean true* Set to enable traffic flow events
    »» traffic_flow_blocked_event_included body boolean true* Set to enable traffic flow events
    » node_status_logger body object true* No description
    »» node_status_included body boolean true* Syslog messages regarding status of the nodes
    » remote_syslog body object false No description
    »» address body string true* The remote syslog IP or DNS address
    »» port body integer true* The remote syslog port
    »» protocol body integer true* The protocol for streaming syslog messages
    »» tls_enabled body boolean true* To enable TLS
    »» tls_ca_bundle body string false Trustee CA bundle
    »» tls_verify_cert body boolean true* Perform TLS verification

    Enumerated Values

    Parameter Value
    » type local_syslog
    » type remote_syslog
    »» min_severity error
    »» min_severity warning
    »» min_severity informational

    Responses

    Status Meaning Description Schema
    201 Created Success None

    Update a Syslog Destination

    Example Code

    
    curl -X PUT /api/v2/orgs/{org_id}/settings/syslog/destinations/{syslog_destination_id} \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/orgs/{org_id}/settings/syslog/destinations/{syslog_destination_id}

    Authorization: Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    {
      "href": "string",
      "pce_scope": [
        "string"
      ],
      "type": "local_syslog",
      "description": "string",
      "audit_event_logger": {
        "configuration_event_included": true,
        "system_event_included": true,
        "min_severity": "error"
      },
      "traffic_event_logger": {
        "traffic_flow_allowed_event_included": true,
        "traffic_flow_potentially_blocked_event_included": true,
        "traffic_flow_blocked_event_included": true
      },
      "node_status_logger": {
        "node_status_included": true
      },
      "remote_syslog": {
        "address": "string",
        "port": 0,
        "protocol": 0,
        "tls_enabled": true,
        "tls_ca_bundle": "string",
        "tls_verify_cert": true
      }
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Org ID
    syslog_destination_id path string true* PCE destination UUID
    body body object false No description
    » href body string false URI of the destination
    » pce_scope body [string] false No description
    » type body string false Destination type
    » description body string false Description of the destination
    » audit_event_logger body object false No description
    »» configuration_event_included body boolean false Configuration (Northbound) auditable events
    »» system_event_included body boolean false System (PCE) auditable events
    »» min_severity body string false Minimum severity level of audit event messages.
    » traffic_event_logger body object false No description
    »» traffic_flow_allowed_event_included body boolean false Set to enable traffic flow events
    »» traffic_flow_potentially_blocked_event_included body boolean false Set to enable traffic flow events
    »» traffic_flow_blocked_event_included body boolean false Set to enable traffic flow events
    » node_status_logger body object false No description
    »» node_status_included body boolean false Syslog messages regarding status of the nodes
    » remote_syslog body object false No description
    »» address body string false The remote syslog IP or DNS address
    »» port body integer false The remote syslog port
    »» protocol body integer false The protocol for streaming syslog messages
    »» tls_enabled body boolean false To enable TLS
    »» tls_ca_bundle body string false Trustee CA bundle
    »» tls_verify_cert body boolean false Perform TLS verification

    Enumerated Values

    Parameter Value
    » type local_syslog
    » type remote_syslog
    »» min_severity error
    »» min_severity warning
    »» min_severity informational

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Delete a Syslog Destination

    Example Code

    
    curl -X DELETE /api/v2/orgs/{org_id}/settings/syslog/destinations/{syslog_destination_id}
      \ -u $KEY:$TOKEN
    
    

    DELETE /api/v2/orgs/{org_id}/settings/syslog/destinations/{syslog_destination_id}

    Authorization: Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Org ID
    syslog_destination_id path string true* PCE destination UUID

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Root Level Methods

    Get Supercluster Leader

    Example Code

    
    curl -X GET /api/v2/supercluster/leader
    
    

    GET /api/v2/supercluster/leader

    Authorization: None

    Exposure: Public Experimental

    Auditable: No

    Responses

    Status Meaning Description Schema
    200 OK Success None

    Get Available Node

    Example Code

    
    curl -i -X GET /api/v2/node_available
    
    

    GET /api/v2/node_available

    Authorization: None

    Exposure: Public Stable

    Auditable: No

    Responses

    Status Meaning Description Schema
    200 OK Success None

    Get Illumio ASP Version

    Example Code

    
    curl -X GET /api/v2/product_version \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/product_version

    Authorization: Any Authenticated User

    Exposure: Public Stable

    Auditable: No

    Example Response Body

    {
      "product_version": {
        "version": "string",
        "build": 0,
        "release_info": "string",
        "engineering_info": "string",
        "long_display": "string",
        "short_display": "string"
      }
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » product_version object true* The product version object
    »» version string true* The product version major.minor.patch
    »» build integer true* The build number
    »» release_info string false A extra string designator for the release
    »» engineering_info string false A extra string designator used for engineering only
    »» long_display string false A version string for human consumption
    »» short_display string false A version string for human consumption

    Get No Op

    Example Code

    
    curl -X GET /api/v2/noop \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/noop

    Authorization: Any Authenticated User

    Exposure: Public Stable

    Auditable: No

    Example Response Body

    {}
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200 No Content`

    Rulesets and Rules

    Get Rulesets

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Stable

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    description query string false Description of Rule Set(s) to return. Supports partial matches
    external_data_reference query string false A unique identifier within the external data source
    external_data_set query string false The data source from which a resource originates
    labels query string false List of lists of label URIs, encoded as a JSON string
    max_results query integer false Maximum number of rulesets to return.
    name query string false Name of Rule Set(s) to return. Supports partial matches

    Example Response Body

    {
      "href": "string",
      "created_at": "2018-12-12T04:17:11Z",
      "updated_at": "2018-12-12T04:17:11Z",
      "deleted_at": "2018-12-12T04:17:11Z",
      "created_by": {
        "href": "string"
      },
      "updated_by": {
        "href": "string"
      },
      "deleted_by": {
        "href": "string"
      },
      "update_type": "string",
      "name": "string",
      "description": "string",
      "external_data_set": null,
      "external_data_reference": null,
      "enabled": true,
      "scopes": [
        [
          {
            "label": {
              "href": "string"
            },
            "label_group": {
              "href": "string"
            }
          }
        ]
      ],
      "rules": [
        {
          "href": "string",
          "enabled": true,
          "description": "string",
          "external_data_set": null,
          "external_data_reference": null,
          "ingress_services": [
            {
              "href": "string"
            }
          ],
          "resolve_labels_as": {
            "providers": [
              "workloads"
            ],
            "consumers": [
              "workloads"
            ]
          },
          "sec_connect": true,
          "stateless": true,
          "machine_auth": true,
          "providers": [
            {
              "actors": "ams",
              "label": {
                "href": "string"
              },
              "label_group": {
                "href": "string"
              },
              "workload": {
                "href": "string"
              },
              "virtual_service": {
                "href": "string"
              },
              "virtual_server": {
                "href": "string"
              },
              "ip_list": {
                "href": "string"
              }
            }
          ],
          "consumers": [
            {
              "actors": "ams",
              "label": {
                "href": "string"
              },
              "label_group": {
                "href": "string"
              },
              "workload": {
                "href": "string"
              },
              "virtual_service": {
                "href": "string"
              },
              "ip_list": {
                "href": "string"
              }
            }
          ],
          "consuming_security_principals": [
            {
              "href": "string"
            }
          ],
          "unscoped_consumers": true,
          "update_type": "string"
        }
      ],
      "ip_tables_rules": [
        {
          "href": "string",
          "enabled": true,
          "description": "string",
          "statements": [
            {
              "table_name": "nat",
              "chain_name": "PREROUTING",
              "parameters": "string"
            }
          ],
          "actors": [
            {
              "actors": "string",
              "label": {
                "href": "string"
              },
              "label_group": {
                "href": "string"
              },
              "workload": {
                "href": "string"
              }
            }
          ],
          "ip_version": "4"
        }
      ],
      "caps": [
        "write"
      ]
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string false URI of the rule set
    » created_at string(date-time) true* Timestamp when this rule set was first created
    » updated_at string(date-time) true* Timestamp when this rule set was last updated
    » deleted_at string(date-time) true* Timestamp when this rule set was deleted
    » created_by object false No description
    »» href string true* User who originally created this rule set
    » updated_by object false No description
    »» href string true* User who last updated this rule set
    » deleted_by object false No description
    »» href string true* User who deleted this rule set
    » update_type string false Type of update
    » name string true* Name (must be unique)
    » description string true* Description
    » external_data_set string,null false External data set identifier
    » external_data_reference string,null false External data reference identifier
    » enabled boolean true* Enabled flag
    » scopes [array] true* Rule set scopes
    »» label object false No description
    »»» href string true* Label URI
    »» label_group object false No description
    »»» href string true* Label group URI
    »» rules [object] true* Array of rules in this rule set
    »»» href string false URI of object
    »»» enabled boolean true* Enabled flag
    »»» description string false Description
    »»» external_data_set string,null false External data set identifier
    »»» external_data_reference string,null false External data reference identifier
    »»» ingress_services [oneOf] true* Array of service URI and port/protocol combinations

    oneOf

    Name Type Required Description
    »»»» anonymous object false No description
    »»»»» href string true* No description

    xor

    Name Type Required Description
    »»»» anonymous object false No description
    »»»»» port integer false Port number, or the starting port of a range. If unspecified, this will apply to all ports for the given protocol.
    »»»»» to_port integer false Upper end of port range; this field should not be included if specifying an individual port.
    »»»»» proto integer true* Transport protocol (numeric)

    continued

    Name Type Required Description
    »»»» resolve_labels_as object true* No description
    »»»»» providers [string] true* No description
    »»»»» consumers [string] true* No description
    »»»» sec_connect boolean false Whether a secure connection is established
    »»»» stateless boolean false Whether packet filtering is stateless for the rule
    »»»» machine_auth boolean false Whether machine authentication is enabled
    »»»» providers [object] true* Providers
    »»»»» actors string false Rule actors are all workloads ('ams')
    »»»»» label object false No description
    »»»»»» href string true* Label URI
    »»»»» label_group object false No description
    »»»»»» href string true* Label group URI
    »»»»» workload object false No description
    »»»»»» href string true* Workload URI
    »»»»» virtual_service object false No description
    »»»»»» href string true* Virtual service URI
    »»»»» virtual_server object false No description
    »»»»»» href string true* Virtual server URI
    »»»»» ip_list object false URI of associated IP List
    »»»»»» href string true* IP List URI
    »»»»» consumers [object] true* Consumers
    »»»»»» actors string false Rule actors are all workloads ('ams')
    »»»»»» label object false No description
    »»»»»»» href string true* Label URI
    »»»»»» label_group object false No description
    »»»»»»» href string true* Label group URI
    »»»»»» workload object false No description
    »»»»»»» href string true* Workload URI
    »»»»»» virtual_service object false No description
    »»»»»»» href string true* Virtual service URI
    »»»»»» ip_list object false URI of associated IP List
    »»»»»»» href string true* IP List URI
    »»»»»» consuming_security_principals [object] false Hrefs of consuming security principals
    »»»»»»» href string false No description
    »»»»»» unscoped_consumers boolean false Set the scope for rule consumers to All
    »»»»»» update_type string false Type of update
    »»»»» ip_tables_rules [object] false Array of iptables rules in this rule set
    »»»»»» href string true* URI of object
    »»»»»» enabled boolean true* Enabled flag
    »»»»»» description string false Description
    »»»»»» statements [object] true* list of the iptables statements in this rule
    »»»»»»» table_name string true* name of the iptables table for this rule
    »»»»»»» chain_name string true* name of the iptables chain for this rule
    »»»»»»» parameters string true* the remainder of the iptables rules (excluding table/chain)
    »»»»»» actors [object] true* No description
    »»»»»»» actors string false Rule Actors are all workloads ('ams')
    »»»»»»» label object false No description
    »»»»»»»» href string true* Label URI
    »»»»»»» label_group object false No description
    »»»»»»»» href string true* Label group URI
    »»»»»»» workload object false No description
    »»»»»»»» href string true* Workload URI
    »»»»»»» ip_version string true* IP version for the rules to be applied to
    »»»»»» caps [string] false Array of permissions for the entity for the current user - an empty array implies read only access

    Enumerated Values

    Property Value
    proto 6
    proto 17
    actors ams
    actors ams
    table_name nat
    table_name mangle
    table_name filter
    chain_name PREROUTING
    chain_name INPUT
    chain_name OUTPUT
    chain_name FORWARD
    chain_name POSTROUTING
    ip_version 4
    ip_version 6

    Get a Ruleset

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id} \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Stable

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    rule_set_id path integer true* Ruleset ID

    Example Response Body

    {
      "href": "string",
      "created_at": "2018-12-12T04:17:11Z",
      "updated_at": "2018-12-12T04:17:11Z",
      "deleted_at": "2018-12-12T04:17:11Z",
      "created_by": {
        "href": "string"
      },
      "updated_by": {
        "href": "string"
      },
      "deleted_by": {
        "href": "string"
      },
      "update_type": "string",
      "name": "string",
      "description": "string",
      "external_data_set": null,
      "external_data_reference": null,
      "enabled": true,
      "scopes": [
        [
          {
            "label": {
              "href": "string"
            },
            "label_group": {
              "href": "string"
            }
          }
        ]
      ],
      "rules": [
        {
          "href": "string",
          "enabled": true,
          "description": "string",
          "external_data_set": null,
          "external_data_reference": null,
          "ingress_services": [
            {
              "href": "string"
            }
          ],
          "resolve_labels_as": {
            "providers": [
              "workloads"
            ],
            "consumers": [
              "workloads"
            ]
          },
          "sec_connect": true,
          "stateless": true,
          "machine_auth": true,
          "providers": [
            {
              "actors": "ams",
              "label": {
                "href": "string"
              },
              "label_group": {
                "href": "string"
              },
              "workload": {
                "href": "string"
              },
              "virtual_service": {
                "href": "string"
              },
              "virtual_server": {
                "href": "string"
              },
              "ip_list": {
                "href": "string"
              }
            }
          ],
          "consumers": [
            {
              "actors": "ams",
              "label": {
                "href": "string"
              },
              "label_group": {
                "href": "string"
              },
              "workload": {
                "href": "string"
              },
              "virtual_service": {
                "href": "string"
              },
              "ip_list": {
                "href": "string"
              }
            }
          ],
          "consuming_security_principals": [
            {
              "href": "string"
            }
          ],
          "unscoped_consumers": true,
          "update_type": "string"
        }
      ],
      "ip_tables_rules": [
        {
          "href": "string",
          "enabled": true,
          "description": "string",
          "statements": [
            {
              "table_name": "nat",
              "chain_name": "PREROUTING",
              "parameters": "string"
            }
          ],
          "actors": [
            {
              "actors": "string",
              "label": {
                "href": "string"
              },
              "label_group": {
                "href": "string"
              },
              "workload": {
                "href": "string"
              }
            }
          ],
          "ip_version": "4"
        }
      ],
      "caps": [
        "write"
      ]
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string false URI of the rule set
    » created_at string(date-time) true* Timestamp when this rule set was first created
    » updated_at string(date-time) true* Timestamp when this rule set was last updated
    » deleted_at string(date-time) true* Timestamp when this rule set was deleted
    » created_by object false No description
    »» href string true* User who originally created this rule set
    » updated_by object false No description
    »» href string true* User who last updated this rule set
    » deleted_by object false No description
    »» href string true* User who deleted this rule set
    » update_type string false Type of update
    » name string true* Name (must be unique)
    » description string true* Description
    » external_data_set string,null false External data set identifier
    » external_data_reference string,null false External data reference identifier
    » enabled boolean true* Enabled flag
    » scopes [array] true* Rule set scopes
    »» label object false No description
    »»» href string true* Label URI
    »» label_group object false No description
    »»» href string true* Label group URI
    »» rules [object] true* Array of rules in this rule set
    »»» href string false URI of object
    »»» enabled boolean true* Enabled flag
    »»» description string false Description
    »»» external_data_set string,null false External data set identifier
    »»» external_data_reference string,null false External data reference identifier
    »»» ingress_services [oneOf] true* Array of service URI and port/protocol combinations

    oneOf

    Name Type Required Description
    »»»» anonymous object false No description
    »»»»» href string true* No description

    xor

    Name Type Required Description
    »»»» anonymous object false No description
    »»»»» port integer false Port number, or the starting port of a range. If unspecified, this will apply to all ports for the given protocol.
    »»»»» to_port integer false Upper end of port range; this field should not be included if specifying an individual port.
    »»»»» proto integer true* Transport protocol (numeric)

    continued

    Name Type Required Description
    »»»» resolve_labels_as object true* No description
    »»»»» providers [string] true* No description
    »»»»» consumers [string] true* No description
    »»»» sec_connect boolean false Whether a secure connection is established
    »»»» stateless boolean false Whether packet filtering is stateless for the rule
    »»»» machine_auth boolean false Whether machine authentication is enabled
    »»»» providers [object] true* Providers
    »»»»» actors string false Rule actors are all workloads ('ams')
    »»»»» label object false No description
    »»»»»» href string true* Label URI
    »»»»» label_group object false No description
    »»»»»» href string true* Label group URI
    »»»»» workload object false No description
    »»»»»» href string true* Workload URI
    »»»»» virtual_service object false No description
    »»»»»» href string true* Virtual service URI
    »»»»» virtual_server object false No description
    »»»»»» href string true* Virtual server URI
    »»»»» ip_list object false URI of associated IP List
    »»»»»» href string true* IP List URI
    »»»»» consumers [object] true* Consumers
    »»»»»» actors string false Rule actors are all workloads ('ams')
    »»»»»» label object false No description
    »»»»»»» href string true* Label URI
    »»»»»» label_group object false No description
    »»»»»»» href string true* Label group URI
    »»»»»» workload object false No description
    »»»»»»» href string true* Workload URI
    »»»»»» virtual_service object false No description
    »»»»»»» href string true* Virtual service URI
    »»»»»» ip_list object false URI of associated IP List
    »»»»»»» href string true* IP List URI
    »»»»»» consuming_security_principals [object] false Hrefs of consuming security principals
    »»»»»»» href string false No description
    »»»»»» unscoped_consumers boolean false Set the scope for rule consumers to All
    »»»»»» update_type string false Type of update
    »»»»» ip_tables_rules [object] false Array of iptables rules in this rule set
    »»»»»» href string true* URI of object
    »»»»»» enabled boolean true* Enabled flag
    »»»»»» description string false Description
    »»»»»» statements [object] true* list of the iptables statements in this rule
    »»»»»»» table_name string true* name of the iptables table for this rule
    »»»»»»» chain_name string true* name of the iptables chain for this rule
    »»»»»»» parameters string true* the remainder of the iptables rules (excluding table/chain)
    »»»»»» actors [object] true* No description
    »»»»»»» actors string false Rule Actors are all workloads ('ams')
    »»»»»»» label object false No description
    »»»»»»»» href string true* Label URI
    »»»»»»» label_group object false No description
    »»»»»»»» href string true* Label group URI
    »»»»»»» workload object false No description
    »»»»»»»» href string true* Workload URI
    »»»»»»» ip_version string true* IP version for the rules to be applied to
    »»»»»» caps [string] false Array of permissions for the entity for the current user - an empty array implies read only access

    Enumerated Values

    Property Value
    proto 6
    proto 17
    actors ams
    actors ams
    table_name nat
    table_name mangle
    table_name filter
    chain_name PREROUTING
    chain_name INPUT
    chain_name OUTPUT
    chain_name FORWARD
    chain_name POSTROUTING
    ip_version 4
    ip_version 6

    Create a Ruleset

    Example Code

    
    curl -X POST /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    POST /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets

    Authorization: Global Administrator, Global Organization Owner, Ruleset Manager

    Exposure: Public Stable

    Auditable: Yes

    Example Request Body

    {
      "name": "string",
      "description": "string",
      "external_data_set": null,
      "external_data_reference": null,
      "enabled": true,
      "scopes": [
        [
          {
            "label": {
              "href": "string"
            },
            "label_group": {
              "href": "string"
            }
          }
        ]
      ],
      "rules": [
        {
          "enabled": true,
          "description": "string",
          "external_data_set": null,
          "external_data_reference": null,
          "ingress_services": [
            {
              "href": "string"
            }
          ],
          "resolve_labels_as": {
            "providers": [
              "workloads"
            ],
            "consumers": [
              "workloads"
            ]
          },
          "sec_connect": true,
          "stateless": true,
          "machine_auth": true,
          "providers": [
            {
              "actors": "ams",
              "label": {
                "href": "string"
              },
              "label_group": {
                "href": "string"
              },
              "workload": {
                "href": "string"
              },
              "virtual_service": {
                "href": "string"
              },
              "virtual_server": {
                "href": "string"
              },
              "ip_list": {
                "href": "string"
              }
            }
          ],
          "consumers": [
            {
              "actors": "ams",
              "label": {
                "href": "string"
              },
              "label_group": {
                "href": "string"
              },
              "workload": {
                "href": "string"
              },
              "virtual_service": {
                "href": "string"
              },
              "ip_list": {
                "href": "string"
              }
            }
          ],
          "consuming_security_principals": [
            {
              "href": "string"
            }
          ],
          "unscoped_consumers": true
        }
      ],
      "ip_tables_rules": [
        {
          "enabled": true,
          "description": "string",
          "statements": [
            {
              "table_name": "nat",
              "chain_name": "PREROUTING",
              "parameters": "string"
            }
          ],
          "actors": [
            {
              "actors": "string",
              "label": {
                "href": "string"
              },
              "label_group": {
                "href": "string"
              },
              "workload": {
                "href": "string"
              }
            }
          ],
          "ip_version": "4"
        }
      ]
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    body body object false No description
    » name body string true* Name (must be unique)
    » description body string false Description
    » external_data_set body string,null false External data set identifier
    » external_data_reference body string,null false External data reference identifier
    » enabled body boolean false Enabled flag
    » scopes body [array] true* Rule set scopes
    »» label body object false No description
    »»» href body string true* Label URI
    »» label_group body object false No description
    »»» href body string true* Label group URI
    »» rules body [object] false Array of sec rules (access rules) in this rule set
    »»» enabled body boolean true* Enabled flag
    »»» description body string false Description
    »»» external_data_set body string,null false External data set identifier
    »»» external_data_reference body string,null false External data reference identifier
    »»» ingress_services body [oneOf] true* Array of service URI and port/protocol combinations
    »»»» anonymous body object false No description
    »»»»» href body string true* No description
    »»»» anonymous body object false No description
    »»»»» port body integer false Port number, or the starting port of a range. If unspecified, this will apply to all ports for the given protocol.
    »»»»» to_port body integer false Upper end of port range; this field should not be included if specifying an individual port.
    »»»»» proto body integer true* Transport protocol (numeric)
    »»»» resolve_labels_as body object true* No description
    »»»»» providers body [string] true* No description
    »»»»» consumers body [string] true* No description
    »»»» sec_connect body boolean false Whether a secure connection is established
    »»»» stateless body boolean false Whether packet filtering is stateless for the rule
    »»»» machine_auth body boolean false Whether machine authentication is enabled
    »»»» providers body [object] true* Providers
    »»»»» actors body string false Rule actors are all workloads ('ams')
    »»»»» label body object false No description
    »»»»»» href body string true* Label URI
    »»»»» label_group body object false No description
    »»»»»» href body string true* Label group URI
    »»»»» workload body object false No description
    »»»»»» href body string true* Workload URI
    »»»»» virtual_service body object false No description
    »»»»»» href body string true* Virtual service URI
    »»»»» virtual_server body object false No description
    »»»»»» href body string true* Virtual server URI
    »»»»» ip_list body object false URI of associated IP List
    »»»»»» href body string true* IP List URI
    »»»»» consumers body [object] true* Consumers
    »»»»»» actors body string false Rule actors are all workloads ('ams')
    »»»»»» label body object false No description
    »»»»»»» href body string true* Label URI
    »»»»»» label_group body object false No description
    »»»»»»» href body string true* Label group URI
    »»»»»» workload body object false No description
    »»»»»»» href body string true* Workload URI
    »»»»»» virtual_service body object false No description
    »»»»»»» href body string true* Virtual service URI
    »»»»»» ip_list body object false URI of associated IP List
    »»»»»»» href body string true* IP List URI
    »»»»»» consuming_security_principals body [object] false Hrefs of consuming security principals
    »»»»»»» href body string false No description
    »»»»»» unscoped_consumers body boolean false Set the scope for rule consumers to All
    »»»»» ip_tables_rules body [object] false Array of custom iptables rules in this rule set
    »»»»»» enabled body boolean true* Enabled flag
    »»»»»» description body string false Description
    »»»»»» statements body [object] true* list of the iptables statements in this rule
    »»»»»»» table_name body string true* name of the iptables table for this rule
    »»»»»»» chain_name body string true* name of the iptables chain for this rule
    »»»»»»» parameters body string true* the remainder of the iptables rules (excluding table/chain)
    »»»»»» actors body [object] true* No description
    »»»»»»» actors body string false Rule Actors are all workloads ('ams')
    »»»»»»» label body object false No description
    »»»»»»»» href body string true* Label URI
    »»»»»»» label_group body object false No description
    »»»»»»»» href body string true* Label group URI
    »»»»»»» workload body object false No description
    »»»»»»»» href body string true* Workload URI
    »»»»»»» ip_version body string true* IP version for the rules to be applied to

    Enumerated Values

    Parameter Value
    »»»»» proto 6
    »»»»» proto 17
    »»»»» providers workloads
    »»»»» providers virtual_services
    »»»»» consumers workloads
    »»»»» consumers virtual_services
    »»»»» actors ams
    »»»»»» actors ams
    »»»»»»» table_name nat
    »»»»»»» table_name mangle
    »»»»»»» table_name filter
    »»»»»»» chain_name PREROUTING
    »»»»»»» chain_name INPUT
    »»»»»»» chain_name OUTPUT
    »»»»»»» chain_name FORWARD
    »»»»»»» chain_name POSTROUTING
    »»»»»»» ip_version 4
    »»»»»»» ip_version 6

    Responses

    Status Meaning Description Schema
    201 Created Success None

    Update a Ruleset

    Example Code

    
    curl -X PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id} \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}

    Authorization: Global Administrator, Global Organization Owner, Ruleset Manager

    Exposure: Public Stable

    Auditable: Yes

    Example Request Body

    {
      "name": "string",
      "description": "string",
      "external_data_set": null,
      "external_data_reference": null,
      "enabled": true,
      "update_type": "create",
      "scopes": [
        [
          {
            "label": {
              "href": "string"
            },
            "label_group": {
              "href": "string"
            }
          }
        ]
      ],
      "rules": [
        {}
      ],
      "ip_tables_rules": [
        {}
      ]
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    rule_set_id path integer true* Rule Set ID
    body body object false No description
    » name body string false Name (must be unique)
    » description body string false Description
    » external_data_set body string,null false External data set identifier
    » external_data_reference body string,null false External data reference identifier
    » enabled body boolean false Enabled flag
    » update_type body string false Type of update
    » scopes body [array] false Rule set scopes
    »» label body object false No description
    »»» href body string true* Label URI
    »» label_group body object false No description
    »»» href body string true* Label group URI
    »» rules body [anyOf] false Array of rules in this rule set
    »»» href body string false URI of Rule
    »»» enabled body boolean false Enabled flag
    »»» description body string false Description
    »»» external_data_set body string,null false External data set identifier
    »»» external_data_reference body string false External data reference identifier
    »»» ingress_services body [oneOf] false Array of service URI and port/protocol combinations
    »»»» anonymous body object false No description
    »»»»» href body string true* No description
    »»»» anonymous body object false No description
    »»»»» port body integer false Port number, or the starting port of a range. If unspecified, this will apply to all ports for the given protocol.
    »»»»» to_port body integer false Upper end of port range; this field should not be included if specifying an individual port.
    »»»»» proto body integer true* Transport protocol (numeric)
    »»»» resolve_labels_as body object false No description
    »»»»» providers body [string] true* No description
    »»»»» consumers body [string] true* No description
    »»»» sec_connect body boolean false Whether a secure connection is established
    »»»» stateless body boolean false Whether packet filtering is stateless for the rule
    »»»» machine_auth body boolean false Whether machine authentication is enabled
    »»»» providers body [object] false Providers
    »»»»» actors body string false Rule actors are all workloads ('ams')
    »»»»» label body object false No description
    »»»»»» href body string true* Label URI
    »»»»» label_group body object false No description
    »»»»»» href body string true* Label group URI
    »»»»» workload body object false No description
    »»»»»» href body string true* Workload URI
    »»»»» virtual_service body object false No description
    »»»»»» href body string true* Virtual service URI
    »»»»» virtual_server body object false No description
    »»»»»» href body string true* Virtual server URI
    »»»»» ip_list body object false URI of associated IP List
    »»»»»» href body string true* IP List URI
    »»»»» consumers body [object] false Consumers
    »»»»»» actors body string false Rule actors are all workloads ('ams')
    »»»»»» label body object false No description
    »»»»»»» href body string true* Label URI
    »»»»»» label_group body object false No description
    »»»»»»» href body string true* Label group URI
    »»»»»» workload body object false No description
    »»»»»»» href body string true* Workload URI
    »»»»»» virtual_service body object false No description
    »»»»»»» href body string true* Virtual service URI
    »»»»»» ip_list body object false URI of associated IP List
    »»»»»»» href body string true* IP List URI
    »»»»»» consuming_security_principals body [object] false Hrefs of consuming security principals
    »»»»»»» href body string false No description
    »»»»»» update_type body string false Type of update
    »»»»»» unscoped_consumers body boolean false Set the scope for rule consumers to All
    »»»»»» anonymous body object false No description
    »»»»»» anonymous body object false No description
    »»»»» ip_tables_rules body [anyOf] false Array of iptables rules in this ruleset
    »»»»»» href body string false URI of Rule
    »»»»»» enabled body boolean false Enabled flag
    »»»»»» description body string false Description
    »»»»»» statements body [object] false list of the iptables statements in this rule
    »»»»»»» table_name body string true* name of the iptables table for this rule
    »»»»»»» chain_name body string true* name of the iptables chain for this rule
    »»»»»»» parameters body string true* the remainder of the iptables rules (excluding table/chain)
    »»»»»» actors body [object] false No description
    »»»»»»» actors body string false Rule Actors are all workloads ('ams')
    »»»»»»» label body object false No description
    »»»»»»»» href body string true* Label URI
    »»»»»»» label_group body object false No description
    »»»»»»»» href body string true* Label group URI
    »»»»»»» workload body object false No description
    »»»»»»»» href body string true* Workload URI
    »»»»»»» ip_version body string false IP version for the rules to be applied to
    »»»»»»» update_type body string false Type of update
    »»»»»»» anonymous body object false No description
    »»»»»»» anonymous body object false No description

    Enumerated Values

    Parameter Value
    » update_type create
    » update_type update
    » update_type delete
    »»»»» proto 6
    »»»»» proto 17
    »»»»» providers workloads
    »»»»» providers virtual_services
    »»»»» consumers workloads
    »»»»» consumers virtual_services
    »»»»» actors ams
    »»»»»» actors ams
    »»»»»» update_type create
    »»»»»» update_type update
    »»»»»» update_type delete
    »»»»»»» table_name nat
    »»»»»»» table_name mangle
    »»»»»»» table_name filter
    »»»»»»» chain_name PREROUTING
    »»»»»»» chain_name INPUT
    »»»»»»» chain_name OUTPUT
    »»»»»»» chain_name FORWARD
    »»»»»»» chain_name POSTROUTING
    »»»»»»» ip_version 4
    »»»»»»» ip_version 6
    »»»»»»» update_type create
    »»»»»»» update_type update
    »»»»»»» update_type delete

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Delete a Ruleset

    Example Code

    
    curl -X DELETE /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}
      \ -u $KEY:$TOKEN
    
    

    DELETE /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}

    Authorization: Global Administrator, Global Organization Owner, Ruleset Manager

    Exposure: Public Stable

    Auditable: Yes

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    rule_set_id path integer true* Rule Set ID

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    =================

    Get Security Rules

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}/sec_rules \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}/sec_rules

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Stable

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    rule_set_id path integer true* Rule Set ID
    external_data_reference query string false A unique identifier within the external data source
    external_data_set query string false The data source from which a resource originates

    Example Response Body

    {
      "href": "string",
      "enabled": true,
      "description": "string",
      "external_data_set": null,
      "external_data_reference": null,
      "ingress_services": [
        {
          "href": "string"
        }
      ],
      "resolve_labels_as": {
        "providers": [
          "workloads"
        ],
        "consumers": [
          "workloads"
        ]
      },
      "sec_connect": true,
      "stateless": true,
      "machine_auth": true,
      "providers": [
        {
          "actors": "ams",
          "label": {
            "href": "string"
          },
          "label_group": {
            "href": "string"
          },
          "workload": {
            "href": "string"
          },
          "virtual_service": {
            "href": "string"
          },
          "virtual_server": {
            "href": "string"
          },
          "ip_list": {
            "href": "string"
          }
        }
      ],
      "consumers": [
        {
          "actors": "ams",
          "label": {
            "href": "string"
          },
          "label_group": {
            "href": "string"
          },
          "workload": {
            "href": "string"
          },
          "virtual_service": {
            "href": "string"
          },
          "ip_list": {
            "href": "string"
          }
        }
      ],
      "consuming_security_principals": [
        {
          "href": "string"
        }
      ],
      "unscoped_consumers": true,
      "update_type": "string"
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string false URI of object
    » enabled boolean true* Enabled flag
    » description string false Description
    » external_data_set string,null false External data set identifier
    » external_data_reference string,null false External data reference identifier
    » ingress_services [oneOf] true* Array of service URI and port/protocol combinations

    oneOf

    Name Type Required Description
    »» anonymous object false No description
    »»» href string true* No description

    xor

    Name Type Required Description
    »» anonymous object false No description
    »»» port integer false Port number, or the starting port of a range. If unspecified, this will apply to all ports for the given protocol.
    »»» to_port integer false Upper end of port range; this field should not be included if specifying an individual port.
    »»» proto integer true* Transport protocol (numeric)

    continued

    Name Type Required Description
    »» resolve_labels_as object true* No description
    »»» providers [string] true* No description
    »»» consumers [string] true* No description
    »» sec_connect boolean false Whether a secure connection is established
    »» stateless boolean false Whether packet filtering is stateless for the rule
    »» machine_auth boolean false Whether machine authentication is enabled
    »» providers [object] true* Providers
    »»» actors string false Rule actors are all workloads ('ams')
    »»» label object false No description
    »»»» href string true* Label URI
    »»» label_group object false No description
    »»»» href string true* Label group URI
    »»» workload object false No description
    »»»» href string true* Workload URI
    »»» virtual_service object false No description
    »»»» href string true* Virtual service URI
    »»» virtual_server object false No description
    »»»» href string true* Virtual server URI
    »»» ip_list object false URI of associated IP List
    »»»» href string true* IP List URI
    »»» consumers [object] true* Consumers
    »»»» actors string false Rule actors are all workloads ('ams')
    »»»» label object false No description
    »»»»» href string true* Label URI
    »»»» label_group object false No description
    »»»»» href string true* Label group URI
    »»»» workload object false No description
    »»»»» href string true* Workload URI
    »»»» virtual_service object false No description
    »»»»» href string true* Virtual service URI
    »»»» ip_list object false URI of associated IP List
    »»»»» href string true* IP List URI
    »»»» consuming_security_principals [object] false Hrefs of consuming security principals
    »»»»» href string false No description
    »»»» unscoped_consumers boolean false Set the scope for rule consumers to All
    »»»» update_type string false Type of update

    Enumerated Values

    Property Value
    proto 6
    proto 17
    actors ams
    actors ams

    Get a Security Rule

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}/sec_rules/{sec_rule_id} \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}/sec_rules/{sec_rule_id}

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Stable

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    rule_set_id path integer true* Rule Set ID
    sec_rule_id path integer true* Rule ID

    Example Response Body

    {
      "href": "string",
      "enabled": true,
      "description": "string",
      "external_data_set": null,
      "external_data_reference": null,
      "ingress_services": [
        {
          "href": "string"
        }
      ],
      "resolve_labels_as": {
        "providers": [
          "workloads"
        ],
        "consumers": [
          "workloads"
        ]
      },
      "sec_connect": true,
      "stateless": true,
      "machine_auth": true,
      "providers": [
        {
          "actors": "ams",
          "label": {
            "href": "string"
          },
          "label_group": {
            "href": "string"
          },
          "workload": {
            "href": "string"
          },
          "virtual_service": {
            "href": "string"
          },
          "virtual_server": {
            "href": "string"
          },
          "ip_list": {
            "href": "string"
          }
        }
      ],
      "consumers": [
        {
          "actors": "ams",
          "label": {
            "href": "string"
          },
          "label_group": {
            "href": "string"
          },
          "workload": {
            "href": "string"
          },
          "virtual_service": {
            "href": "string"
          },
          "ip_list": {
            "href": "string"
          }
        }
      ],
      "consuming_security_principals": [
        {
          "href": "string"
        }
      ],
      "unscoped_consumers": true,
      "update_type": "string"
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string false URI of object
    » enabled boolean true* Enabled flag
    » description string false Description
    » external_data_set string,null false External data set identifier
    » external_data_reference string,null false External data reference identifier
    » ingress_services [oneOf] true* Array of service URI and port/protocol combinations

    oneOf

    Name Type Required Description
    »» anonymous object false No description
    »»» href string true* No description

    xor

    Name Type Required Description
    »» anonymous object false No description
    »»» port integer false Port number, or the starting port of a range. If unspecified, this will apply to all ports for the given protocol.
    »»» to_port integer false Upper end of port range; this field should not be included if specifying an individual port.
    »»» proto integer true* Transport protocol (numeric)

    continued

    Name Type Required Description
    »» resolve_labels_as object true* No description
    »»» providers [string] true* No description
    »»» consumers [string] true* No description
    »» sec_connect boolean false Whether a secure connection is established
    »» stateless boolean false Whether packet filtering is stateless for the rule
    »» machine_auth boolean false Whether machine authentication is enabled
    »» providers [object] true* Providers
    »»» actors string false Rule actors are all workloads ('ams')
    »»» label object false No description
    »»»» href string true* Label URI
    »»» label_group object false No description
    »»»» href string true* Label group URI
    »»» workload object false No description
    »»»» href string true* Workload URI
    »»» virtual_service object false No description
    »»»» href string true* Virtual service URI
    »»» virtual_server object false No description
    »»»» href string true* Virtual server URI
    »»» ip_list object false URI of associated IP List
    »»»» href string true* IP List URI
    »»» consumers [object] true* Consumers
    »»»» actors string false Rule actors are all workloads ('ams')
    »»»» label object false No description
    »»»»» href string true* Label URI
    »»»» label_group object false No description
    »»»»» href string true* Label group URI
    »»»» workload object false No description
    »»»»» href string true* Workload URI
    »»»» virtual_service object false No description
    »»»»» href string true* Virtual service URI
    »»»» ip_list object false URI of associated IP List
    »»»»» href string true* IP List URI
    »»»» consuming_security_principals [object] false Hrefs of consuming security principals
    »»»»» href string false No description
    »»»» unscoped_consumers boolean false Set the scope for rule consumers to All
    »»»» update_type string false Type of update

    Enumerated Values

    Property Value
    proto 6
    proto 17
    actors ams
    actors ams

    Create a Security Rule

    Example Code

    
    curl -X POST /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}/sec_rules \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    POST /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}/sec_rules

    Authorization: Global Administrator, Global Organization Owner, Ruleset Manager

    Exposure: Public Stable

    Auditable: Yes

    Example Request Body

    {
      "enabled": true,
      "description": "string",
      "external_data_set": null,
      "external_data_reference": null,
      "ingress_services": [
        {
          "href": "string"
        }
      ],
      "resolve_labels_as": {
        "providers": [
          "workloads"
        ],
        "consumers": [
          "workloads"
        ]
      },
      "sec_connect": true,
      "stateless": true,
      "machine_auth": true,
      "providers": [
        {
          "actors": "ams",
          "label": {
            "href": "string"
          },
          "label_group": {
            "href": "string"
          },
          "workload": {
            "href": "string"
          },
          "virtual_service": {
            "href": "string"
          },
          "virtual_server": {
            "href": "string"
          },
          "ip_list": {
            "href": "string"
          }
        }
      ],
      "consumers": [
        {
          "actors": "ams",
          "label": {
            "href": "string"
          },
          "label_group": {
            "href": "string"
          },
          "workload": {
            "href": "string"
          },
          "virtual_service": {
            "href": "string"
          },
          "ip_list": {
            "href": "string"
          }
        }
      ],
      "consuming_security_principals": [
        {
          "href": "string"
        }
      ],
      "unscoped_consumers": true
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    rule_set_id path integer true* Rule Set ID
    body body object false No description
    » enabled body boolean true* Enabled flag
    » description body string false Description
    » external_data_set body string,null false External data set identifier
    » external_data_reference body string,null false External data reference identifier
    » ingress_services body [oneOf] true* Array of service URI and port/protocol combinations
    »» anonymous body object false No description
    »»» href body string true* No description
    »» anonymous body object false No description
    »»» port body integer false Port number, or the starting port of a range. If unspecified, this will apply to all ports for the given protocol.
    »»» to_port body integer false Upper end of port range; this field should not be included if specifying an individual port.
    »»» proto body integer true* Transport protocol (numeric)
    »» resolve_labels_as body object true* No description
    »»» providers body [string] true* No description
    »»» consumers body [string] true* No description
    »» sec_connect body boolean false Whether a secure connection is established
    »» stateless body boolean false Whether packet filtering is stateless for the rule
    »» machine_auth body boolean false Whether machine authentication is enabled
    »» providers body [object] true* Providers
    »»» actors body string false Rule actors are all workloads ('ams')
    »»» label body object false No description
    »»»» href body string true* Label URI
    »»» label_group body object false No description
    »»»» href body string true* Label group URI
    »»» workload body object false No description
    »»»» href body string true* Workload URI
    »»» virtual_service body object false No description
    »»»» href body string true* Virtual service URI
    »»» virtual_server body object false No description
    »»»» href body string true* Virtual server URI
    »»» ip_list body object false URI of associated IP List
    »»»» href body string true* IP List URI
    »»» consumers body [object] true* Consumers
    »»»» actors body string false Rule actors are all workloads ('ams')
    »»»» label body object false No description
    »»»»» href body string true* Label URI
    »»»» label_group body object false No description
    »»»»» href body string true* Label group URI
    »»»» workload body object false No description
    »»»»» href body string true* Workload URI
    »»»» virtual_service body object false No description
    »»»»» href body string true* Virtual service URI
    »»»» ip_list body object false URI of associated IP List
    »»»»» href body string true* IP List URI
    »»»» consuming_security_principals body [object] false Hrefs of consuming security principals
    »»»»» href body string false No description
    »»»» unscoped_consumers body boolean false Set the scope for rule consumers to All

    Enumerated Values

    Parameter Value
    »»» proto 6
    »»» proto 17
    »»» providers workloads
    »»» providers virtual_services
    »»» consumers workloads
    »»» consumers virtual_services
    »»» actors ams
    »»»» actors ams

    Responses

    Status Meaning Description Schema
    201 Created Success None

    Update a Security Rule

    Example Code

    
    curl -X PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}/sec_rules/{sec_rule_id} \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}/sec_rules/{sec_rule_id}

    Authorization: Global Administrator, Global Organization Owner, Ruleset Manager

    Exposure: Public Stable

    Auditable: Yes

    Example Request Body

    {
      "enabled": true,
      "description": "string",
      "external_data_set": null,
      "external_data_reference": null,
      "ingress_services": [
        {
          "href": "string"
        }
      ],
      "resolve_labels_as": {
        "providers": [
          "workloads"
        ],
        "consumers": [
          "workloads"
        ]
      },
      "sec_connect": true,
      "stateless": true,
      "machine_auth": true,
      "providers": [
        {
          "actors": "ams",
          "label": {
            "href": "string"
          },
          "label_group": {
            "href": "string"
          },
          "workload": {
            "href": "string"
          },
          "virtual_service": {
            "href": "string"
          },
          "virtual_server": {
            "href": "string"
          },
          "ip_list": {
            "href": "string"
          }
        }
      ],
      "consumers": [
        {
          "actors": "ams",
          "label": {
            "href": "string"
          },
          "label_group": {
            "href": "string"
          },
          "workload": {
            "href": "string"
          },
          "virtual_service": {
            "href": "string"
          },
          "ip_list": {
            "href": "string"
          }
        }
      ],
      "consuming_security_principals": [
        {
          "href": "string"
        }
      ],
      "update_type": "create",
      "unscoped_consumers": true
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    rule_set_id path integer true* Rule Set ID
    sec_rule_id path integer true* Rule ID
    body body object false No description
    » enabled body boolean false Enabled flag
    » description body string false Description
    » external_data_set body string,null false External data set identifier
    » external_data_reference body string,null false External data reference identifier
    » ingress_services body [oneOf] false Array of service URI and port/protocol combinations
    »» anonymous body object false No description
    »»» href body string true* No description
    »» anonymous body object false No description
    »»» port body integer false Port number, or the starting port of a range. If unspecified, this will apply to all ports for the given protocol.
    »»» to_port body integer false Upper end of port range; this field should not be included if specifying an individual port.
    »»» proto body integer true* Transport protocol (numeric)
    »» resolve_labels_as body object false No description
    »»» providers body [string] true* No description
    »»» consumers body [string] true* No description
    »» sec_connect body boolean false Whether a secure connection is established
    »» stateless body boolean false Whether packet filtering is stateless for the rule
    »» machine_auth body boolean false Whether machine authentication is enabled
    »» providers body [object] false Providers
    »»» actors body string false Rule actors are all workloads ('ams')
    »»» label body object false No description
    »»»» href body string true* Label URI
    »»» label_group body object false No description
    »»»» href body string true* Label group URI
    »»» workload body object false No description
    »»»» href body string true* Workload URI
    »»» virtual_service body object false No description
    »»»» href body string true* Virtual service URI
    »»» virtual_server body object false No description
    »»»» href body string true* Virtual server URI
    »»» ip_list body object false URI of associated IP List
    »»»» href body string true* IP List URI
    »»» consumers body [object] false Consumers
    »»»» actors body string false Rule actors are all workloads ('ams')
    »»»» label body object false No description
    »»»»» href body string true* Label URI
    »»»» label_group body object false No description
    »»»»» href body string true* Label group URI
    »»»» workload body object false No description
    »»»»» href body string true* Workload URI
    »»»» virtual_service body object false No description
    »»»»» href body string true* Virtual service URI
    »»»» ip_list body object false URI of associated IP List
    »»»»» href body string true* IP List URI
    »»»» consuming_security_principals body [object] false Hrefs of consuming security principals
    »»»»» href body string false No description
    »»»» update_type body string false Type of update
    »»»» unscoped_consumers body boolean false Set the scope for rule consumers to All

    Enumerated Values

    Parameter Value
    »»» proto 6
    »»» proto 17
    »»» providers workloads
    »»» providers virtual_services
    »»» consumers workloads
    »»» consumers virtual_services
    »»» actors ams
    »»»» actors ams
    »»»» update_type create
    »»»» update_type update
    »»»» update_type delete

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Delete a Security Rule

    Example Code

    
    curl -X DELETE /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}/sec_rules/{sec_rule_id}
      \ -u $KEY:$TOKEN
    
    

    DELETE /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}/sec_rules/{sec_rule_id}

    Authorization: Global Administrator, Global Organization Owner, Ruleset Manager

    Exposure: Public Stable

    Auditable: Yes

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    rule_set_id path integer true* Rule Set ID
    sec_rule_id path integer true* Rule ID

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Security Policy

    Get Security Policy Versions

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/sec_policy \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/sec_policy

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Stable

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization

    Example Response Body

    {
      "href": "string",
      "version": "string",
      "workloads_affected": 0,
      "commit_message": "string",
      "object_counts": {
        "rule_sets": 0,
        "ip_lists": 0,
        "services": 0,
        "virtual_services": 0,
        "label_groups": 0,
        "virtual_servers": 0,
        "firewall_settings": 0,
        "secure_connect_gateways": 0
      },
      "created_at": "string",
      "created_by": {
        "href": "string"
      }
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string true* URI of the policy
    » version string true* Policy version
    » workloads_affected integer true* Number of workloads affected by the policy
    » commit_message string true* Commit message for the policy
    » object_counts object false Number of objects present in the given version of policy
    »» rule_sets integer false No description
    »» ip_lists integer false No description
    »» services integer false No description
    »» virtual_services integer false No description
    »» label_groups integer false No description
    »» virtual_servers integer false No description
    »» firewall_settings integer false No description
    »» secure_connect_gateways integer false No description
    » created_at string true* Timestamp when this label was first created
    » created_by object false No description
    »» href string true* User who originally created this label

    Get a Security Policy Version

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/sec_policy/{pversion} \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/sec_policy/{pversion}

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Stable

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version

    Example Response Body

    {
      "href": "string",
      "version": "string",
      "workloads_affected": 0,
      "commit_message": "string",
      "object_counts": {
        "rule_sets": 0,
        "ip_lists": 0,
        "services": 0,
        "virtual_services": 0,
        "label_groups": 0,
        "virtual_servers": 0,
        "firewall_settings": 0,
        "secure_connect_gateways": 0
      },
      "created_at": "string",
      "created_by": {
        "href": "string"
      }
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string true* URI of the policy
    » version string true* Policy version
    » workloads_affected integer true* Number of workloads affected by the policy
    » commit_message string true* Commit message for the policy
    » object_counts object false Number of objects present in the given version of policy
    »» rule_sets integer false No description
    »» ip_lists integer false No description
    »» services integer false No description
    »» virtual_services integer false No description
    »» label_groups integer false No description
    »» virtual_servers integer false No description
    »» firewall_settings integer false No description
    »» secure_connect_gateways integer false No description
    » created_at string true* Timestamp when this label was first created
    » created_by object false No description
    »» href string true* User who originally created this label

    Get Security Policy Modifications

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/modified_objects \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/modified_objects

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version

    Example Response Body

    [
      {
        "update_type": null,
        "object_type": null,
        "href": null,
        "name": "string",
        "modified_at": "string",
        "modified_by": "string"
      }
    ]
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » update_type any true* Type of update
    » object_type any true* Object Type
    » href any true* Href of modified object
    » name string true* Name
    » modified_at string true* Time stamp of when this object was last modified
    » modified_by string true* User who modified the object (href)

    Get Pending Security Policy

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/sec_policy/pending \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/sec_policy/pending

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization

    Example Response Body

    {
      "rule_sets": [
        {
          "name": "string",
          "href": "string",
          "updated_by": null,
          "updated_at": "2018-12-12T04:17:11Z",
          "update_type": "string",
          "related_ip_lists": [
            {
              "href": "string"
            }
          ],
          "related_services": [
            {
              "href": "string"
            }
          ],
          "caps": [
            "write"
          ]
        }
      ],
      "firewall_settings": {
        "href": "string",
        "update_type": "string",
        "updated_by": null,
        "updated_at": "2018-12-12T04:17:11Z",
        "caps": [
          "write"
        ]
      },
      "ip_lists": [
        {
          "name": "string",
          "href": "string",
          "updated_by": null,
          "updated_at": "2018-12-12T04:17:11Z",
          "update_type": "create",
          "caps": [
            "write"
          ]
        }
      ],
      "services": [
        {
          "name": "string",
          "href": "string",
          "updated_by": null,
          "updated_at": "2018-12-12T04:17:11Z",
          "update_type": "create",
          "caps": [
            "write"
          ]
        }
      ],
      "virtual_servers": [
        {
          "name": "string",
          "href": "string",
          "updated_by": null,
          "updated_at": "2018-12-12T04:17:11Z",
          "update_type": "create",
          "caps": [
            "write"
          ]
        }
      ],
      "label_groups": [
        {
          "name": "string",
          "href": "string",
          "updated_by": null,
          "updated_at": "2018-12-12T04:17:11Z",
          "update_type": "create",
          "caps": [
            "write"
          ]
        }
      ],
      "secure_connect_gateways": [
        {
          "name": "string",
          "href": "string",
          "updated_by": null,
          "updated_at": "2018-12-12T04:17:11Z",
          "update_type": "create",
          "caps": [
            "write"
          ]
        }
      ],
      "virtual_services": [
        {
          "name": "string",
          "href": "string",
          "updated_by": null,
          "updated_at": "2018-12-12T04:17:11Z",
          "update_type": "create",
          "caps": [
            "write"
          ]
        }
      ]
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » rule_sets [object] false Array of modified rulesets in the current policy draft
    »» name string true* Ruleset name
    »» href string false URI of the Ruleset
    »» updated_by any true* No description
    »» updated_at string(date-time) true* Time stamp when this resource was last updated
    »» update_type string true* Type of update
    »» related_ip_lists [any] false Related IP Lists
    »»» href string true* URI of IP List
    »» related_services [any] false Related Services
    »»» href string true* URI of Service
    »» caps [string] false Array of permissions for the entity for the current user - an empty array implies read only access
    » firewall_settings object false Firewall settings updated by the current policy draft
    »» href string false URI of the resource
    »» update_type string false Type of update
    »» updated_by any true* No description
    »» updated_at string(date-time) true* Time stamp when this resource was last updated
    »» caps [string] false Array of permissions for the entity for the current user - an empty array implies read only access
    » ip_lists [object] false Array of modified resources for a given type in the current policy draft
    »» name string true* Resource name
    »» href string false URI of the resource
    »» updated_by any true* No description
    »» updated_at string(date-time) true* Time stamp when this resource was last updated
    »» update_type string true* Type of update
    »» caps [string] false Array of permissions for the entity for the current user - an empty array implies read only access
    » services [object] false Array of modified resources for a given type in the current policy draft
    »» name string true* Resource name
    »» href string false URI of the resource
    »» updated_by any true* No description
    »» updated_at string(date-time) true* Time stamp when this resource was last updated
    »» update_type string true* Type of update
    »» caps [string] false Array of permissions for the entity for the current user - an empty array implies read only access
    » virtual_servers [object] false Array of modified resources for a given type in the current policy draft
    »» name string true* Resource name
    »» href string false URI of the resource
    »» updated_by any true* No description
    »» updated_at string(date-time) true* Time stamp when this resource was last updated
    »» update_type string true* Type of update
    »» caps [string] false Array of permissions for the entity for the current user - an empty array implies read only access
    » label_groups [object] false Array of modified resources for a given type in the current policy draft
    »» name string true* Resource name
    »» href string false URI of the resource
    »» updated_by any true* No description
    »» updated_at string(date-time) true* Time stamp when this resource was last updated
    »» update_type string true* Type of update
    »» caps [string] false Array of permissions for the entity for the current user - an empty array implies read only access
    » secure_connect_gateways [object] false Array of modified resources for a given type in the current policy draft
    »» name string true* Resource name
    »» href string false URI of the resource
    »» updated_by any true* No description
    »» updated_at string(date-time) true* Time stamp when this resource was last updated
    »» update_type string true* Type of update
    »» caps [string] false Array of permissions for the entity for the current user - an empty array implies read only access
    » virtual_services [object] false Array of modified resources for a given type in the current policy draft
    »» name string true* Resource name
    »» href string false URI of the resource
    »» updated_by any true* No description
    »» updated_at string(date-time) true* Time stamp when this resource was last updated
    »» update_type string true* Type of update
    »» caps [string] false Array of permissions for the entity for the current user - an empty array implies read only access

    Enumerated Values

    Property Value
    update_type create
    update_type update
    update_type delete
    update_type create
    update_type update
    update_type delete
    update_type create
    update_type update
    update_type delete
    update_type create
    update_type update
    update_type delete
    update_type create
    update_type update
    update_type delete
    update_type create
    update_type update
    update_type delete

    Revert Pending Security Policy

    Example Code

    
    curl -X PUT /api/v2/orgs/{org_id}/sec_policy/delete \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/orgs/{org_id}/sec_policy/delete

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    {
      "change_subset": {
        "label_groups": [
          {
            "href": "string"
          }
        ],
        "services": [
          {
            "href": "string"
          }
        ],
        "rule_sets": [
          {
            "href": "string"
          }
        ],
        "ip_lists": [
          {
            "href": "string"
          }
        ],
        "virtual_services": [
          {
            "href": "string"
          }
        ],
        "firewall_settings": [
          {
            "href": "string"
          }
        ],
        "secure_connect_gateways": [
          {
            "href": "string"
          }
        ],
        "virtual_servers": [
          {
            "href": "string"
          }
        ]
      }
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    body body object false No description
    » change_subset body object false Hash of pending hrefs, organized by model
    »» label_groups body [object] false No description
    »»» href body string true* No description
    »» services body [object] false No description
    »»» href body string true* No description
    »» rule_sets body [object] false No description
    »»» href body string true* No description
    »» ip_lists body [object] false No description
    »»» href body string true* No description
    »» virtual_services body [object] false No description
    »»» href body string true* No description
    »» firewall_settings body [object] false No description
    »»» href body string true* No description
    »» secure_connect_gateways body [object] false No description
    »»» href body string true* No description
    »» virtual_servers body [object] false No description
    »»» href body string true* No description

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Get Security Policy Dependencies

    Example Code

    
    curl -X POST /api/v2/orgs/{org_id}/sec_policy/{pversion}/dependencies \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    POST /api/v2/orgs/{org_id}/sec_policy/{pversion}/dependencies

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Experimental

    Auditable: No

    Example Request Body

    {
      "operation": "commit",
      "change_subset": {
        "label_groups": [
          {
            "href": "string"
          }
        ],
        "services": [
          {
            "href": "string"
          }
        ],
        "rule_sets": [
          {
            "href": "string"
          }
        ],
        "ip_lists": [
          {
            "href": "string"
          }
        ],
        "virtual_services": [
          {
            "href": "string"
          }
        ],
        "firewall_settings": [
          {
            "href": "string"
          }
        ],
        "secure_connect_gateways": [
          {
            "href": "string"
          }
        ],
        "virtual_servers": [
          {
            "href": "string"
          }
        ]
      }
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    body body object false No description
    » operation body string true* Commit or revert
    » change_subset body object true* Hash of pending hrefs, organized by policy object type
    »» label_groups body [object] false No description
    »»» href body string true* No description
    »» services body [object] false No description
    »»» href body string true* No description
    »» rule_sets body [object] false No description
    »»» href body string true* No description
    »» ip_lists body [object] false No description
    »»» href body string true* No description
    »» virtual_services body [object] false No description
    »»» href body string true* No description
    »» firewall_settings body [object] false No description
    »»» href body string true* No description
    »» secure_connect_gateways body [object] false No description
    »»» href body string true* No description
    »» virtual_servers body [object] false No description
    »»» href body string true* No description

    Enumerated Values

    Parameter Value
    » operation commit
    » operation revert

    Responses

    Status Meaning Description Schema
    201 Created Success None

    Provision Security Policy Changes

    Example Code

    
    curl -X POST /api/v2/orgs/{org_id}/sec_policy \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    POST /api/v2/orgs/{org_id}/sec_policy

    Authorization: Any Provisioner, Global Administrator, Global Organization Owner

    Exposure: Public Stable

    Auditable: Yes

    Example Request Body

    {
      "update_description": "string",
      "change_subset": {
        "label_groups": [
          {
            "href": "string"
          }
        ],
        "services": [
          {
            "href": "string"
          }
        ],
        "rule_sets": [
          {
            "href": "string"
          }
        ],
        "ip_lists": [
          {
            "href": "string"
          }
        ],
        "virtual_services": [
          {
            "href": "string"
          }
        ],
        "firewall_settings": [
          {
            "href": "string"
          }
        ],
        "secure_connect_gateways": [
          {
            "href": "string"
          }
        ],
        "virtual_servers": [
          {
            "href": "string"
          }
        ]
      }
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    body body object false No description
    » update_description body string false Optional description for the requested change or update.
    » change_subset body object false Hash of pending hrefs, organized by model
    »» label_groups body [object] false No description
    »»» href body string true* No description
    »» services body [object] false No description
    »»» href body string true* No description
    »» rule_sets body [object] false No description
    »»» href body string true* No description
    »» ip_lists body [object] false No description
    »»» href body string true* No description
    »» virtual_services body [object] false No description
    »»» href body string true* No description
    »» firewall_settings body [object] false No description
    »»» href body string true* No description
    »» secure_connect_gateways body [object] false No description
    »»» href body string true* No description
    »» virtual_servers body [object] false No description
    »»» href body string true* No description

    Responses

    Status Meaning Description Schema
    201 Created Success None

    Security Policy Check

    Get Rules Allowing Communication

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/allow \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/allow

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    dst_external_ip query string false The external IP of the destination workload
    dst_workload query string false The URI of the destination workload
    port query integer false The specific port number to check
    protocol query integer false The specific protocol number to check
    service query string false The specific service to check
    src_external_ip query string false The external IP of the source workload
    src_workload query string false The URI of the source workload

    Example Response Body

    [
      {
        "href": "string",
        "enabled": true,
        "description": "string",
        "service": {
          "href": "string"
        },
        "ub_service": null,
        "sec_connect": true,
        "providers": [
          {
            "actors": "string",
            "label": {
              "href": "string"
            },
            "agent": {
              "href": "string"
            },
            "workload": {
              "href": "string"
            },
            "bound_service": {
              "href": "string"
            },
            "virtual_server": {
              "href": "string"
            },
            "ip_list": {
              "href": "string"
            }
          }
        ],
        "consumers": [
          {
            "actors": "string",
            "label": {
              "href": "string"
            },
            "agent": {
              "href": "string"
            },
            "workload": {
              "href": "string"
            },
            "bound_service": {
              "href": "string"
            },
            "ip_list": {
              "href": "string"
            }
          }
        ]
      }
    ]
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string false URI of object
    » enabled boolean true* Enabled flag
    » description string false Description
    » service object false URI of associated service
    »» href string true* Service URI
    » ub_service object,null true* URI of UB side service
    » sec_connect boolean false Whether a secure connection is established
    » providers [object] true* Providers
    »» actors string false Rule actors are all workloads ('ams')
    »» label object false No description
    »»» href string true* Label URI
    »» agent object false No description
    »»» href string true* Agent URI
    »» workload object false No description
    »»» href string true* Workload URI
    »» bound_service object false No description
    »»» href string true* Bound service URI
    »» virtual_server object false No description
    »»» href string true* Virtual server URI
    »» ip_list object false URI of associated IP List
    »»» href string true* IP List URI
    »» consumers [object] true* Users
    »»» actors string false Rule actors are all workloads ('ams')
    »»» label object false No description
    »»»» href string true* Label URI
    »»» agent object false No description
    »»»» href string true* Agent URI
    »»» workload object false No description
    »»»» href string true* Workload URI
    »»» bound_service object false No description
    »»»» href string true* Bound service URI
    »»» ip_list object false URI of associated IP List
    »»»» href string true* IP List URI

    Services

    Get Security Policy Services

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/services \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/services

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Stable

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    description query string false Description of Service(s) to return. Supports partial matches
    external_data_reference query string false A unique identifier within the external data source
    external_data_set query string false The data source from which a resource originates
    max_results query integer false Maximum number of Services to return.
    name query string false Name of Service(s) to return. Supports partial matches
    port query string false Specify port or port range to filter results. The range is from -1 to 65535 (0 is not supported).
    proto query integer false Protocol to filter on

    Example Response Body

    {
      "href": "string",
      "name": "string",
      "description": "string",
      "description_url": "string",
      "process_name": "string",
      "service_ports": [
        {
          "port": 0,
          "to_port": 0,
          "proto": 0,
          "icmp_type": 0,
          "icmp_code": 0
        }
      ],
      "windows_services": [
        {
          "service_name": "string",
          "process_name": "string",
          "port": 1,
          "to_port": 1,
          "proto": 0,
          "icmp_type": 0,
          "icmp_code": 0
        }
      ],
      "external_data_set": null,
      "external_data_reference": null,
      "created_at": "2018-12-12T04:17:11Z",
      "updated_at": "2018-12-12T04:17:11Z",
      "deleted_at": "2018-12-12T04:17:11Z",
      "created_by": {
        "href": "string"
      },
      "updated_by": {
        "href": "string"
      },
      "deleted_by": {
        "href": "string"
      },
      "update_type": "string"
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string false URI of the service
    » name string true* Name (does not need to be unique)
    » description string false Description
    » description_url string false Description URL Read-only to prevent XSS attacks
    » process_name string false The process name
    » service_ports [object] false Service ports
    »» port integer false Port Number (integer 1-65535). If not provided and proto needs ports it defaults to any.Also the starting port when specifying a range.
    »» to_port integer false High end of port range inclusive if specifying a range. If not specifying a range then don't send this.
    »» proto integer true* Transport protocol
    »» icmp_type integer false ICMP Type (integer 0-255 for icmp protocol)
    »» icmp_code integer false ICMP Code (integer 0-15 for icmp protocol)
    » windows_services [object] false Windows services
    »» service_name string false Name of Windows Service
    »» process_name string false Name of running process
    »» port integer false Port Number (integer 1-65535). If not provided and proto needs ports it defaults to any.Also the starting port when specifying a range.
    »» to_port integer false High end of port range inclusive if specifying a range. If not specifying a range then don't send this.
    »» proto integer false Transport protocol
    »» icmp_type integer false ICMP Type (integer 0-255 for icmp protocol)
    »» icmp_code integer false ICMP Code (integer 0-15 for icmp protocol)
    » external_data_set string,null false External data set identifier
    » external_data_reference string,null false External data reference identifier
    » created_at string(date-time) false Time stamp when this Service was first created
    » updated_at string(date-time) false Time stamp when this Service was last updated
    » deleted_at string(date-time) false Time stamp when this Service was deleted
    » created_by object false No description
    »» href string true* User who originally created this Service
    » updated_by object false No description
    »» href string true* User who last updated this Service
    » deleted_by object false No description
    »» href string true* User who deleted this Service
    » update_type string true* Type of update

    Get a Security Policy Service

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/services/{service_id} \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/services/{service_id}

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Stable

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    service_id path string true* Service ID

    Example Response Body

    {
      "href": "string",
      "name": "string",
      "description": "string",
      "description_url": "string",
      "process_name": "string",
      "service_ports": [
        {
          "port": 0,
          "to_port": 0,
          "proto": 0,
          "icmp_type": 0,
          "icmp_code": 0
        }
      ],
      "windows_services": [
        {
          "service_name": "string",
          "process_name": "string",
          "port": 1,
          "to_port": 1,
          "proto": 0,
          "icmp_type": 0,
          "icmp_code": 0
        }
      ],
      "external_data_set": null,
      "external_data_reference": null,
      "created_at": "2018-12-12T04:17:11Z",
      "updated_at": "2018-12-12T04:17:11Z",
      "deleted_at": "2018-12-12T04:17:11Z",
      "created_by": {
        "href": "string"
      },
      "updated_by": {
        "href": "string"
      },
      "deleted_by": {
        "href": "string"
      },
      "update_type": "string"
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string false URI of the service
    » name string true* Name (does not need to be unique)
    » description string false Description
    » description_url string false Description URL Read-only to prevent XSS attacks
    » process_name string false The process name
    » service_ports [object] false Service ports
    »» port integer false Port Number (integer 1-65535). If not provided and proto needs ports it defaults to any.Also the starting port when specifying a range.
    »» to_port integer false High end of port range inclusive if specifying a range. If not specifying a range then don't send this.
    »» proto integer true* Transport protocol
    »» icmp_type integer false ICMP Type (integer 0-255 for icmp protocol)
    »» icmp_code integer false ICMP Code (integer 0-15 for icmp protocol)
    » windows_services [object] false Windows services
    »» service_name string false Name of Windows Service
    »» process_name string false Name of running process
    »» port integer false Port Number (integer 1-65535). If not provided and proto needs ports it defaults to any.Also the starting port when specifying a range.
    »» to_port integer false High end of port range inclusive if specifying a range. If not specifying a range then don't send this.
    »» proto integer false Transport protocol
    »» icmp_type integer false ICMP Type (integer 0-255 for icmp protocol)
    »» icmp_code integer false ICMP Code (integer 0-15 for icmp protocol)
    » external_data_set string,null false External data set identifier
    » external_data_reference string,null false External data reference identifier
    » created_at string(date-time) false Time stamp when this Service was first created
    » updated_at string(date-time) false Time stamp when this Service was last updated
    » deleted_at string(date-time) false Time stamp when this Service was deleted
    » created_by object false No description
    »» href string true* User who originally created this Service
    » updated_by object false No description
    »» href string true* User who last updated this Service
    » deleted_by object false No description
    »» href string true* User who deleted this Service
    » update_type string true* Type of update

    Create a Security Policy Service

    Example Code

    
    curl -X POST /api/v2/orgs/{org_id}/sec_policy/{pversion}/services \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    POST /api/v2/orgs/{org_id}/sec_policy/{pversion}/services

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Stable

    Auditable: Yes

    Example Request Body

    {
      "name": "string",
      "description": "string",
      "process_name": "string",
      "service_ports": [
        {
          "port": 0,
          "to_port": 0,
          "proto": 0,
          "icmp_type": 0,
          "icmp_code": 0
        }
      ],
      "windows_services": [
        {
          "service_name": "string",
          "process_name": "string",
          "port": 1,
          "to_port": 1,
          "proto": 0,
          "icmp_type": 0,
          "icmp_code": 0
        }
      ],
      "external_data_set": null,
      "external_data_reference": null
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    body body object false No description
    » name body string true* Name (does not need to be unique)
    » description body string false Description
    » process_name body string false The process name
    » service_ports body [object] false Service ports
    »» port body integer false Port Number (integer 1-65535). If not provided and proto needs ports it defaults to any.Also the starting port when specifying a range.
    »» to_port body integer false High end of port range inclusive if specifying a range. If not specifying a range then don't send this.
    »» proto body integer true* Transport protocol
    »» icmp_type body integer false ICMP Type (integer 0-255 for icmp protocol)
    »» icmp_code body integer false ICMP Code (integer 0-15 for icmp protocol)
    » windows_services body [object] false Windows services
    »» service_name body string false Name of Windows Service
    »» process_name body string false Name of running process
    »» port body integer false Port Number (integer 1-65535). If not provided and proto needs ports it defaults to any.Also the starting port when specifying a range.
    »» to_port body integer false High end of port range inclusive if specifying a range. If not specifying a range then don't send this.
    »» proto body integer false Transport protocol
    »» icmp_type body integer false ICMP Type (integer 0-255 for icmp protocol)
    »» icmp_code body integer false ICMP Code (integer 0-15 for icmp protocol)
    » external_data_set body string,null false External data set identifier
    » external_data_reference body string,null false External data reference identifier

    Responses

    Status Meaning Description Schema
    201 Created Success None

    Update a Security Policy Service

    Example Code

    
    curl -X PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/services/{service_id} \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/services/{service_id}

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Stable

    Auditable: Yes

    Example Request Body

    {
      "name": "string",
      "description": "string",
      "process_name": "string",
      "service_ports": [
        {
          "port": 0,
          "to_port": 0,
          "proto": 0,
          "icmp_type": 0,
          "icmp_code": 0
        }
      ],
      "windows_services": [
        {
          "service_name": "string",
          "process_name": "string",
          "port": 1,
          "to_port": 1,
          "proto": 0,
          "icmp_type": 0,
          "icmp_code": 0
        }
      ],
      "external_data_set": null,
      "external_data_reference": null
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    service_id path string true* Service ID
    body body object false No description
    » name body string false Name (does not need to be unique)
    » description body string false Description
    » process_name body string false The process name
    » service_ports body [object] false Service ports
    »» port body integer false Port Number (integer 1-65535). If not provided and proto needs ports it defaults to any.Also the starting port when specifying a range.
    »» to_port body integer false High end of port range inclusive if specifying a range. If not specifying a range then don't send this.
    »» proto body integer true* Transport protocol
    »» icmp_type body integer false ICMP Type (integer 0-255 for icmp protocol)
    »» icmp_code body integer false ICMP Code (integer 0-15 for icmp protocol)
    » windows_services body [object] false Windows services
    »» service_name body string false Name of Windows Service
    »» process_name body string false Name of running process
    »» port body integer false Port Number (integer 1-65535). If not provided and proto needs ports it defaults to any.Also the starting port when specifying a range.
    »» to_port body integer false High end of port range inclusive if specifying a range. If not specifying a range then don't send this.
    »» proto body integer false Transport protocol
    »» icmp_type body integer false ICMP Type (integer 0-255 for icmp protocol)
    »» icmp_code body integer false ICMP Code (integer 0-15 for icmp protocol)
    » external_data_set body string,null false External data set identifier
    » external_data_reference body string,null false External data reference identifier

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Delete a Security Policy Service

    Example Code

    
    curl -X DELETE /api/v2/orgs/{org_id}/sec_policy/{pversion}/services/{service_id}
      \ -u $KEY:$TOKEN
    
    

    DELETE /api/v2/orgs/{org_id}/sec_policy/{pversion}/services/{service_id}

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Stable

    Auditable: Yes

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    service_id path string true* Service ID

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    System Events

    Get System Events

    Example Code

    
    curl -X GET /api/v2/system_events \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/system_events

    Authorization: Any Authenticated User, System Administrator

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    created_by query string false User, agent, or system that created the event
    event_type query string false Type of event
    max_results query integer false Maximum number of results to return
    severity query string false Severity of event
    status query string false Status of event
    timestamp[gte] query string false Earliest event date to return (RFC 3339 format)
    timestamp[lte] query string false Latest event date to return (RFC 3339 format)

    Enumerated Values

    Parameter Value
    severity emerg
    severity alert
    severity crit
    severity warning
    severity err
    severity notice
    severity info
    severity debug
    status success
    status failure
    timestamp[gte] success
    timestamp[gte] failure
    timestamp[lte] success
    timestamp[lte] failure

    Example Response Body

    {
      "href": "string",
      "org_id": 0,
      "version": "string",
      "event_id": "string",
      "event_type": "string",
      "status": "string",
      "severity": "string",
      "timestamp": "2018-12-12T04:17:11Z",
      "pce_fqdn": "string",
      "created_by": null,
      "action": {
        "href": "string",
        "event": "string",
        "timestamp": "2018-12-12T04:17:11Z",
        "pce_fqdn": "string",
        "created_by": null,
        "event_type": "string",
        "status": "string",
        "severity": "string",
        "task_name": "string",
        "api_endpoint": "string",
        "api_method": "string",
        "http_status_code": 0,
        "src_ip": "string",
        "errors": [
          {
            "token": "string",
            "message": "string"
          }
        ],
        "info": {}
      },
      "resource_changes": [
        {
          "href": "string",
          "version": "string",
          "org_id": 0,
          "uuid": "string",
          "event": "string",
          "timestamp": "2018-12-12T04:17:11Z",
          "pce_fqdn": "string",
          "created_by": null,
          "resource": null,
          "changes": {},
          "change_type": "string"
        }
      ],
      "notifications": [
        {
          "href": "string",
          "event": "string",
          "timestamp": "2018-12-12T04:17:11Z",
          "pce_fqdn": "string",
          "created_by": null,
          "notification_type": "string",
          "severity": "emerg",
          "info": {}
        }
      ]
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string false Unique href for this event, which can be used for event lookup via the events API
    » org_id integer false org_id for this event.
    » version string false The event version of this event for the category it falls under
    » event_id string false Unique request/transaction identifier of the API request / context from which this event was generated
    » event_type string true* Event name that clearly describes the event
    » status string true* Status of the event; usually a mapping of api_status_code to a generic result string; 'noop' if no action. For presentation purposes only.
    » severity string true* This event's level of importance
    » timestamp string(date-time) true* RFC 3339 timestamp at which this event was originally created
    » pce_fqdn string true* Fully qualified domain name of the PCE, where this event originated
    » created_by object true* The entity responsible for the creation of this event

    oneOf

    Name Type Required Description
    »» anonymous any false No description

    xor

    Name Type Required Description
    »» anonymous any false No description

    xor

    Name Type Required Description
    »» anonymous any false No description

    continued

    Name Type Required Description
    » action object false No description
    »» href string false Unique href for this action log event, which can be used for event lookup via the events API
    »» event string false Correlation href identifying the API request / context from which events originated
    »» timestamp string(date-time) false RFC 3339 timestamp at which this event was originally created
    »» pce_fqdn string false Fully qualified domain name of the PCE, where this event originated
    »» created_by object false The entity responsible for the creation of this event

    oneOf

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    continued

    Name Type Required Description
    »» event_type string false Event name that clearly describes the action log event
    »» status string false Status of the event; usually a mapping of api_status_code to a generic result string. For presentation purposes only.
    »» severity string false This event's level of importance
    »» task_name string false The name of the timed worker job from which this event originated
    »» api_endpoint string false URI of the API invoked
    »» api_method string false Name of API method invoked on some target resource(s)
    »» http_status_code integer false HTTP status code returned from the API call.
    »» src_ip string false Source IP of the request for which the event was generated. If the request is coming from the PCE itself, then we should log the IP of the PCE.
    »» errors [object] false Extra information regarding the reason for failure. This property is only for failure events and will not appear in successful events
    »»» token string false Machine readable error message
    »»» message string false Human readable error message
    »» info object false Extra information about the action log event in json format
    » resource_changes [object] false Array of resource log events that were generated during this event
    »» href string false Unique href for this resource log event, which can be used for event lookup via the events API
    »» version string false The event version of this event for the category it falls under
    »» org_id integer false org_id for this event.
    »» uuid string false Unique identifier for this event.
    »» event string false Correlation href identifying the API request / context from which events originated
    »» timestamp string(date-time) false RFC 3339 timestamp at which this event was originally created
    »» pce_fqdn string false Fully qualified domain name of the PCE, where this event originated
    »» created_by object false The entity responsible for the creation of this event

    oneOf

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    continued

    Name Type Required Description
    »» resource object true* Canonical representations of a resource

    oneOf

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    continued

    Name Type Required Description
    »» changes object false Properties of the resource that were changed as a result of the event, with their updated values
    »» change_type string true* Type of change, which occurred for this resource(s)
    » notifications [object] false Array of notification log events that were generated during this event
    »» href string false Unique href for this notification log event, which can be used for event lookup via the events API
    »» event string false Correlation href identifying the API request / context from which events originated
    »» timestamp string(date-time) false RFC 3339 timestamp at which this event was originally created
    »» pce_fqdn string false Fully qualified domain name of the PCE, where this event originated
    »» created_by object false The entity responsible for the creation of this event

    oneOf

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    continued

    Name Type Required Description
    »» notification_type string false Notification name that clearly describes the notification log event
    »» severity string false This event's level of importance
    »» info object false Extra information about the notification in json format

    Enumerated Values

    Property Value
    severity emerg
    severity alert
    severity crit
    severity err
    severity warning
    severity notice
    severity info
    severity debug

    Get a System Event

    Example Code

    
    curl -X GET /api/v2/system_events/{composite_log_event_id} \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/system_events/{composite_log_event_id}

    Authorization: Any Authenticated User, System Administrator

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    composite_log_event_id path string true* UUID of system event to return

    Example Response Body

    {
      "href": "string",
      "org_id": 0,
      "version": "string",
      "event_id": "string",
      "event_type": "string",
      "status": "string",
      "severity": "string",
      "timestamp": "2018-12-12T04:17:11Z",
      "pce_fqdn": "string",
      "created_by": null,
      "action": {
        "href": "string",
        "event": "string",
        "timestamp": "2018-12-12T04:17:11Z",
        "pce_fqdn": "string",
        "created_by": null,
        "event_type": "string",
        "status": "string",
        "severity": "string",
        "task_name": "string",
        "api_endpoint": "string",
        "api_method": "string",
        "http_status_code": 0,
        "src_ip": "string",
        "errors": [
          {
            "token": "string",
            "message": "string"
          }
        ],
        "info": {}
      },
      "resource_changes": [
        {
          "href": "string",
          "version": "string",
          "org_id": 0,
          "uuid": "string",
          "event": "string",
          "timestamp": "2018-12-12T04:17:11Z",
          "pce_fqdn": "string",
          "created_by": null,
          "resource": null,
          "changes": {},
          "change_type": "string"
        }
      ],
      "notifications": [
        {
          "href": "string",
          "event": "string",
          "timestamp": "2018-12-12T04:17:11Z",
          "pce_fqdn": "string",
          "created_by": null,
          "notification_type": "string",
          "severity": "emerg",
          "info": {}
        }
      ]
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string false Unique href for this event, which can be used for event lookup via the events API
    » org_id integer false org_id for this event.
    » version string false The event version of this event for the category it falls under
    » event_id string false Unique request/transaction identifier of the API request / context from which this event was generated
    » event_type string true* Event name that clearly describes the event
    » status string true* Status of the event; usually a mapping of api_status_code to a generic result string; 'noop' if no action. For presentation purposes only.
    » severity string true* This event's level of importance
    » timestamp string(date-time) true* RFC 3339 timestamp at which this event was originally created
    » pce_fqdn string true* Fully qualified domain name of the PCE, where this event originated
    » created_by object true* The entity responsible for the creation of this event

    oneOf

    Name Type Required Description
    »» anonymous any false No description

    xor

    Name Type Required Description
    »» anonymous any false No description

    xor

    Name Type Required Description
    »» anonymous any false No description

    continued

    Name Type Required Description
    » action object false No description
    »» href string false Unique href for this action log event, which can be used for event lookup via the events API
    »» event string false Correlation href identifying the API request / context from which events originated
    »» timestamp string(date-time) false RFC 3339 timestamp at which this event was originally created
    »» pce_fqdn string false Fully qualified domain name of the PCE, where this event originated
    »» created_by object false The entity responsible for the creation of this event

    oneOf

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    continued

    Name Type Required Description
    »» event_type string false Event name that clearly describes the action log event
    »» status string false Status of the event; usually a mapping of api_status_code to a generic result string. For presentation purposes only.
    »» severity string false This event's level of importance
    »» task_name string false The name of the timed worker job from which this event originated
    »» api_endpoint string false URI of the API invoked
    »» api_method string false Name of API method invoked on some target resource(s)
    »» http_status_code integer false HTTP status code returned from the API call.
    »» src_ip string false Source IP of the request for which the event was generated. If the request is coming from the PCE itself, then we should log the IP of the PCE.
    »» errors [object] false Extra information regarding the reason for failure. This property is only for failure events and will not appear in successful events
    »»» token string false Machine readable error message
    »»» message string false Human readable error message
    »» info object false Extra information about the action log event in json format
    » resource_changes [object] false Array of resource log events that were generated during this event
    »» href string false Unique href for this resource log event, which can be used for event lookup via the events API
    »» version string false The event version of this event for the category it falls under
    »» org_id integer false org_id for this event.
    »» uuid string false Unique identifier for this event.
    »» event string false Correlation href identifying the API request / context from which events originated
    »» timestamp string(date-time) false RFC 3339 timestamp at which this event was originally created
    »» pce_fqdn string false Fully qualified domain name of the PCE, where this event originated
    »» created_by object false The entity responsible for the creation of this event

    oneOf

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    continued

    Name Type Required Description
    »» resource object true* Canonical representations of a resource

    oneOf

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    continued

    Name Type Required Description
    »» changes object false Properties of the resource that were changed as a result of the event, with their updated values
    »» change_type string true* Type of change, which occurred for this resource(s)
    » notifications [object] false Array of notification log events that were generated during this event
    »» href string false Unique href for this notification log event, which can be used for event lookup via the events API
    »» event string false Correlation href identifying the API request / context from which events originated
    »» timestamp string(date-time) false RFC 3339 timestamp at which this event was originally created
    »» pce_fqdn string false Fully qualified domain name of the PCE, where this event originated
    »» created_by object false The entity responsible for the creation of this event

    oneOf

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    xor

    Name Type Required Description
    »»» anonymous any false No description

    continued

    Name Type Required Description
    »» notification_type string false Notification name that clearly describes the notification log event
    »» severity string false This event's level of importance
    »» info object false Extra information about the notification in json format

    Enumerated Values

    Property Value
    severity emerg
    severity alert
    severity crit
    severity err
    severity warning
    severity notice
    severity info
    severity debug

    Users

    Get All Users' Information

    Example Code

    
    curl -X GET /api/v2/users \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/users

    Authorization: Any Authenticated User

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    type query string false User type which to filter, (e.g. local or external)

    Example Response Body

    {
      "href": "string",
      "username": "string",
      "last_login_on": "string",
      "last_login_ip_address": "string",
      "login_count": 0,
      "full_name": "string",
      "time_zone": "string",
      "locked": true,
      "effective_groups": [
        "string"
      ],
      "local_profile": {
        "pending_invitation": true
      },
      "updated_at": "2018-12-12T04:17:11Z",
      "created_at": "2018-12-12T04:17:11Z",
      "type": "string",
      "presence_status": "string"
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string true* URI of the user
    » username string true* The User name as an email address
    » last_login_on string true* This is populated automatically after a login
    » last_login_ip_address string true* This is populated automatically after a login
    » login_count integer true* Number of times this user logged in
    » full_name string true* User's full name
    » time_zone string true* Time Zone IANA Region Name
    » locked boolean false Flag to indicate whether account is locked
    » effective_groups [string] false List of group names the user is a member of
    » local_profile object false Local user profile
    »» pending_invitation boolean false Flag to indicate whether account has a pending invitation
    » updated_at string(date-time) true* Timestamp when this user was last updated
    » created_at string(date-time) true* Timestamp when this user was first created
    » type string true* User's type, i.e. user authenticated local or remotely via SAML
    » presence_status string false Status of the user

    Get All Org Users' Information

    Example Code

    
    curl -X GET /api/v2/users/{id}/orgs \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/users/{id}/orgs

    Authorization: Global Organization Owner, This Authenticated User

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    id path integer true* User ID

    Example Response Body

    {
      "href": "string",
      "username": "string",
      "last_login_on": "string",
      "last_login_ip_address": "string",
      "login_count": 0,
      "full_name": "string",
      "time_zone": "string",
      "locked": true,
      "effective_groups": [
        "string"
      ],
      "local_profile": {
        "pending_invitation": true
      },
      "updated_at": "2018-12-12T04:17:11Z",
      "created_at": "2018-12-12T04:17:11Z",
      "type": "string",
      "presence_status": "string"
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string true* URI of the user
    » username string true* The User name as an email address
    » last_login_on string true* This is populated automatically after a login
    » last_login_ip_address string true* This is populated automatically after a login
    » login_count integer true* Number of times this user logged in
    » full_name string true* User's full name
    » time_zone string true* Time Zone IANA Region Name
    » locked boolean false Flag to indicate whether account is locked
    » effective_groups [string] false List of group names the user is a member of
    » local_profile object false Local user profile
    »» pending_invitation boolean false Flag to indicate whether account has a pending invitation
    » updated_at string(date-time) true* Timestamp when this user was last updated
    » created_at string(date-time) true* Timestamp when this user was first created
    » type string true* User's type, i.e. user authenticated local or remotely via SAML
    » presence_status string false Status of the user

    Get a User's Information

    Example Code

    
    curl -X GET /api/v2/users/{id} \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/users/{id}

    Authorization: Global Organization Owner, This Authenticated User

    Exposure: Public Stable

    Auditable: No

    Parameters

    Parameter In Type Required Description
    id path integer true* User ID

    Example Response Body

    {
      "href": "string",
      "username": "string",
      "last_login_on": "string",
      "last_login_ip_address": "string",
      "login_count": 0,
      "full_name": "string",
      "time_zone": "string",
      "locked": true,
      "effective_groups": [
        "string"
      ],
      "local_profile": {
        "pending_invitation": true
      },
      "updated_at": "2018-12-12T04:17:11Z",
      "created_at": "2018-12-12T04:17:11Z",
      "type": "string",
      "presence_status": "string"
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string true* URI of the user
    » username string true* The User name as an email address
    » last_login_on string true* This is populated automatically after a login
    » last_login_ip_address string true* This is populated automatically after a login
    » login_count integer true* Number of times this user logged in
    » full_name string true* User's full name
    » time_zone string true* Time Zone IANA Region Name
    » locked boolean false Flag to indicate whether account is locked
    » effective_groups [string] false List of group names the user is a member of
    » local_profile object false Local user profile
    »» pending_invitation boolean false Flag to indicate whether account has a pending invitation
    » updated_at string(date-time) true* Timestamp when this user was last updated
    » created_at string(date-time) true* Timestamp when this user was first created
    » type string true* User's type, i.e. user authenticated local or remotely via SAML
    » presence_status string false Status of the user

    Create a Local User

    Example Code

    
    curl -X POST /api/v2/users \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    POST /api/v2/users

    Authorization: Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    {
      "username": "user@example.com",
      "full_name": "string",
      "time_zone": "string",
      "type": "local"
    }
    

    Parameters

    Parameter In Type Required Description
    body body object false No description
    » username body string(email) true* username is an email address e.g. user@example.com
    » full_name body string false User's full name
    » time_zone body string false Time Zone IANA Region Name
    » type body string true* User's type, i.e. user authenticated local or remotely via SAML

    Enumerated Values

    Parameter Value
    » type local

    Responses

    Status Meaning Description Schema
    201 Created Success None

    Update a User Password

    Example Code

    
    curl -X PUT /api/v2/users/{id} \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/users/{id}

    Authorization: Global Organization Owner, This Authenticated User

    Exposure: Public Stable

    Auditable: Yes

    Example Request Body

    {
      "full_name": "string",
      "time_zone": "string",
      "locked": true
    }
    

    Parameters

    Parameter In Type Required Description
    id path integer true* User ID
    body body object false No description
    » full_name body string false User's full name
    » time_zone body string false Time Zone IANA Region Name
    » locked body boolean false Flag to indicate whether account is locked

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Login & Get Session Token

    Example Code

    
    curl -X GET /api/v2/users/login \
      -H 'Authorization: Token token=<auth_token>'
    
    

    GET /api/v2/users/login

    Authorization: Anyone

    Exposure: Public Stable

    Auditable: Yes

    Example Response Body

    {
      "href": "string",
      "auth_username": "string",
      "session_token": "string",
      "certificate": {
        "expiration": "2018-12-12T04:17:11Z",
        "generated": true
      },
      "inactivity_expiration_minutes": 0,
      "start": "2018-12-12T04:17:11Z",
      "last_login_on": "2018-12-12T04:17:11Z",
      "last_login_ip_address": "string",
      "full_name": "string",
      "type": "string",
      "version_tag": "string",
      "version_date": "2018-12-12T04:17:11Z",
      "time_zone": "string",
      "product_version": {
        "product_version": {
          "version": "string",
          "build": 0,
          "release_info": "string",
          "engineering_info": "string",
          "long_display": "string",
          "short_display": "string"
        }
      },
      "orgs": [
        {
          "org_id": 0,
          "org_href": 0,
          "href": "string",
          "display_name": "string",
          "permissions": [
            {
              "role": {
                "href": "string"
              },
              "scope": [
                {
                  "href": "string"
                }
              ],
              "auth_security_principal": {
                "href": "string"
              },
              "href": "string"
            }
          ]
        }
      ],
      "health_dashboard_enabled": true,
      "pce_cluster_type": "string",
      "flow_analytics_enabled": true,
      "help_url": "string",
      "support_url": "string"
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string true* User URI
    » auth_username string true* Username required for authentication
    » session_token string true* A token used in place of a password for all REST API calls for this user - it is only valid for the IP the login was called from
    » certificate object true* Properties of the server certificate
    »» expiration string(date-time) true* UTC time when the server certificate expires
    »» generated boolean true* True if the server is using an Illumio-generated certificate
    » inactivity_expiration_minutes integer true* How long this token will remain active if not used. It will last for at least this long.
    » start string(date-time) true* The current server time UTC
    » last_login_on string(date-time) false Last time the user logged in
    » last_login_ip_address string false Last IP the user logged in from
    » full_name string true* User's full name
    » type string true* User's type, i.e. user authenticated local or remotely via SAML
    » version_tag string false The version commit tag
    » version_date string(date-time) false The date this version was created on
    » time_zone string false The time zone setting for this user
    » product_version object true* No description
    »» product_version object true* The product version object
    »»» version string true* The product version major.minor.patch
    »»» build integer true* The build number
    »»» release_info string false A extra string designator for the release
    »»» engineering_info string false A extra string designator used for engineering only
    »»» long_display string false A version string for human consumption
    »»» short_display string false A version string for human consumption
    »» orgs [object] true* A list of orgs the user has access to
    »»» org_id integer false DEPRECATED AND REPLACED (USE href property INSTEAD): ID of the org
    »»» org_href integer false DEPRECATED AND REPLACED (USE href property INSTEAD): URI of the org
    »»» href string true* URI of the org
    »»» display_name string true* The org name display name (e.g. Illumio, Inc)
    »»» permissions [allOf] false The list of permissions for this user

    allOf

    Name Type Required Description
    »»»» anonymous object false Permission granted
    »»»»» role object true* No description
    »»»»»» href string true* URI of Role
    »»»»» scope [object] true* Assigned labels
    »»»»»» href string true* Label URI
    »»»»» auth_security_principal object true* No description
    »»»»»» href string true* URI of auth_security_principal

    and

    Name Type Required Description
    »»»»» anonymous object false No description
    »»»»»» href string true* URI of permission

    continued

    Name Type Required Description
    »»»»» health_dashboard_enabled boolean false Show health dashboards in UI
    »»»»» pce_cluster_type string false PCE cluster type in a super cluster
    »»»»» flow_analytics_enabled boolean false Show state of flow analytics services
    »»»»» help_url string false Help URL for GUI
    »»»»» support_url string false Support URL for GUI

    Logout & Destroy Session Token

    Example Code

    
    curl -X PUT /api/v2/users/{id}/logout \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/users/{id}/logout

    Authorization: This Authenticated User

    Exposure: Public Stable

    Auditable: Yes

    Example Request Body

    {}
    

    Parameters

    Parameter In Type Required Description
    id path integer true* User ID
    body body object false No description

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Users Local Profile

    Create a Local User

    Example Code

    
    curl -X POST /api/v2/users/{user_id}/local_profile \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    POST /api/v2/users/{user_id}/local_profile

    Authorization: Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    {
      "locked": true
    }
    

    Parameters

    Parameter In Type Required Description
    user_id path integer true* User ID
    body body object false No description
    » locked body boolean false Flag to indicate if account is locked

    Responses

    Status Meaning Description Schema
    201 Created Success None

    Reinvite a User

    Example Code

    
    curl -X PUT /api/v2/users/{user_id}/local_profile/reinvite \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/users/{user_id}/local_profile/reinvite

    Authorization: Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    {}
    

    Parameters

    Parameter In Type Required Description
    user_id path integer true* User ID
    body body object false No description

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Change a User Password

    Example Code

    
    curl -X PUT /api/v2/users/{user_id}/local_profile/password \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/users/{user_id}/local_profile/password

    Authorization: This Authenticated User

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    {
      "current_password": "string",
      "new_password": "string"
    }
    

    Parameters

    Parameter In Type Required Description
    user_id path integer true* User ID
    body body object false No description
    » current_password body string true* current password
    » new_password body string true* new password

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Delete a Local User

    Example Code

    
    curl -X DELETE /api/v2/users/{user_id}/local_profile
      \ -u $KEY:$TOKEN
    
    

    DELETE /api/v2/users/{user_id}/local_profile

    Authorization: Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Parameters

    Parameter In Type Required Description
    user_id path integer true* User ID

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Virtual Services

    Get Virtual Services

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/virtual_services \
      -H 'Authorization: Token token=<auth_token>'
    
    

    GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/virtual_services

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    description query string false Description on which to filter. Supports partial matches
    external_data_reference query string false A unique identifier within the external data source
    external_data_set query string false The data source from which a resource originates
    max_results query integer false Maximum number of Virtual Services to return.
    name query string false Name on which to filter. Supports partial matches
    usage query boolean false Include Virtual Service usage flags

    Example Response Body

    {
      "href": "string",
      "created_at": "2018-12-12T04:17:11Z",
      "updated_at": "2018-12-12T04:17:11Z",
      "deleted_at": null,
      "created_by": {
        "href": "string"
      },
      "updated_by": {
        "href": "string"
      },
      "deleted_by": null,
      "update_type": "string",
      "name": "string",
      "description": null,
      "external_data_set": null,
      "external_data_reference": null,
      "labels": [
        {
          "href": "string"
        }
      ],
      "service": {},
      "apply_to": "string",
      "ip_overrides": [
        "string"
      ]
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string true* URI of the virtual service
    » created_at string(date-time) true* Timestamp when this virtual service was first created
    » updated_at string(date-time) true* Timestamp when this virtual service was last updated
    » deleted_at string,null(date-time) true* Timestamp when this virtual service was deleted
    » created_by object false No description
    »» href string true* User who originally created this virtual service
    » updated_by object false No description
    »» href string true* User who last updated this virtual service
    » deleted_by object,null false No description
    »» href string true* User who deleted this virtual service
    » update_type string false Type of update
    » name string true* Name
    » description string,null true* Description
    » external_data_set string,null false External data set identifier
    » external_data_reference string,null false External data reference identifier
    » labels [object] true* Assigned labels
    »» href string true* Label URI
    » service object true* URI of associated service
    » apply_to string false Firewall rule target for workloads bound to this virtual service: host_only or internal_bridge_network
    » ip_overrides [string] false Array of IPs or CIDRs as IP overrides

    Get a Virtual Service

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/virtual_services/{virtual_service_id} \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/virtual_services/{virtual_service_id}

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    virtual_service_id path string true* Virtual Service ID
    usage query boolean false Include Virtual Service usage flags

    Example Response Body

    {
      "href": "string",
      "created_at": "2018-12-12T04:17:11Z",
      "updated_at": "2018-12-12T04:17:11Z",
      "deleted_at": null,
      "created_by": {
        "href": "string"
      },
      "updated_by": {
        "href": "string"
      },
      "deleted_by": null,
      "update_type": "string",
      "name": "string",
      "description": null,
      "external_data_set": null,
      "external_data_reference": null,
      "labels": [
        {
          "href": "string"
        }
      ],
      "service": {},
      "apply_to": "string",
      "ip_overrides": [
        "string"
      ]
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string true* URI of the virtual service
    » created_at string(date-time) true* Timestamp when this virtual service was first created
    » updated_at string(date-time) true* Timestamp when this virtual service was last updated
    » deleted_at string,null(date-time) true* Timestamp when this virtual service was deleted
    » created_by object false No description
    »» href string true* User who originally created this virtual service
    » updated_by object false No description
    »» href string true* User who last updated this virtual service
    » deleted_by object,null false No description
    »» href string true* User who deleted this virtual service
    » update_type string false Type of update
    » name string true* Name
    » description string,null true* Description
    » external_data_set string,null false External data set identifier
    » external_data_reference string,null false External data reference identifier
    » labels [object] true* Assigned labels
    »» href string true* Label URI
    » service object true* URI of associated service
    » apply_to string false Firewall rule target for workloads bound to this virtual service: host_only or internal_bridge_network
    » ip_overrides [string] false Array of IPs or CIDRs as IP overrides

    Create a Virtual Service

    Example Code

    
    curl -X POST /api/v2/orgs/{org_id}/sec_policy/{pversion}/virtual_services \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    POST /api/v2/orgs/{org_id}/sec_policy/{pversion}/virtual_services

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    {
      "name": "string",
      "description": "string",
      "external_data_set": null,
      "external_data_reference": null,
      "labels": [
        {
          "href": "string"
        }
      ],
      "service": {},
      "apply_to": "host_only",
      "ip_overrides": [
        "string"
      ]
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    body body object false No description
    » name body string true* Name
    » description body string false Description
    » external_data_set body string,null false External data set identifier
    » external_data_reference body string,null false External data reference identifier
    » labels body [object] false Assigned labels
    »» href body string true* Label URI
    » service body object true* URI of associated service
    » apply_to body string false Firewall rule target for workloads bound to this virtual service: host_only or internal_bridge_network
    » ip_overrides body [string] false Array of IPs or CIDRs as IP overrides

    Enumerated Values

    Parameter Value
    » apply_to host_only
    » apply_to internal_bridge_network

    Responses

    Status Meaning Description Schema
    201 Created Success None

    Bulk Create Virtual Services

    Example Code

    
    curl -X PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/virtual_services/bulk_create \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/virtual_services/bulk_create

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    [
      {
        "name": "string",
        "description": "string",
        "external_data_set": null,
        "external_data_reference": null,
        "labels": [
          {
            "href": "string"
          }
        ],
        "service": {},
        "apply_to": "host_only",
        "ip_overrides": [
          "string"
        ]
      }
    ]
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    body body object false No description
    » name body string true* Name
    » description body string false Description
    » external_data_set body string,null false External data set identifier
    » external_data_reference body string,null false External data reference identifier
    » labels body [object] false Assigned labels
    »» href body string true* Label URI
    » service body object true* URI of associated service
    » apply_to body string false Firewall rule target for workloads bound to this virtual service: host_only or internal_bridge_network
    » ip_overrides body [string] false Array of IPs or CIDRs as IP overrides

    Enumerated Values

    Parameter Value
    » apply_to host_only
    » apply_to internal_bridge_network

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Update a Virtual Service

    Example Code

    
    curl -X PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/virtual_services/{virtual_service_id} \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/virtual_services/{virtual_service_id}

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    {
      "name": "string",
      "description": "string",
      "external_data_set": null,
      "external_data_reference": null,
      "labels": [
        {
          "href": "string"
        }
      ],
      "service": {},
      "apply_to": "host_only",
      "ip_overrides": [
        "string"
      ]
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    virtual_service_id path string true* Virtual Service ID
    body body object false No description
    » name body string false Name
    » description body string false Description
    » external_data_set body string,null false External data set identifier
    » external_data_reference body string,null false External data reference identifier
    » labels body [object] false Assigned labels
    »» href body string true* Label URI
    » service body object false URI of associated service
    » apply_to body string false Firewall rule target for workloads bound to this virtual service: host_only or internal_bridge_network
    » ip_overrides body [string] false Array of IPs or CIDRs as IP overrides

    Enumerated Values

    Parameter Value
    » apply_to host_only
    » apply_to internal_bridge_network

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Bulk Update Virtual Servcies

    Example Code

    
    curl -X PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/virtual_services/bulk_update \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/virtual_services/bulk_update

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    [
      {
        "href": "string",
        "name": "string",
        "description": "string",
        "external_data_set": null,
        "external_data_reference": null,
        "labels": [
          {
            "href": "string"
          }
        ],
        "service": {},
        "apply_to": "host_only",
        "ip_overrides": [
          "string"
        ]
      }
    ]
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    virtual_service_id path string true* Virtual Service ID
    body body object false No description
    » name body string false Name
    » description body string false Description
    » external_data_set body string,null false External data set identifier
    » external_data_reference body string,null false External data reference identifier
    » labels body [object] false Assigned labels
    »» href body string true* Label URI
    » service body object false URI of associated service
    » apply_to body string false Firewall rule target for workloads bound to this virtual service: host_only or internal_bridge_network
    » ip_overrides body [string] false Array of IPs or CIDRs as IP overrides

    Enumerated Values

    Parameter Value
    » apply_to host_only
    » apply_to internal_bridge_network

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Delete a Virtual Service

    Example Code

    
    curl -X DELETE /api/v2/orgs/{org_id}/sec_policy/{pversion}/virtual_services/{virtual_service_id}
      \ -u $KEY:$TOKEN
    
    

    DELETE /api/v2/orgs/{org_id}/sec_policy/{pversion}/virtual_services/{virtual_service_id}

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    pversion path string true* Security Policy Version
    virtual_service_id path string true* Virtual Service ID

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Vulnerabilities

    Get Vulnerabilities

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/vulnerabilities \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/vulnerabilities

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    max_results query integer false Maximum number of vulnerabilities to return.

    Example Response Body

    [
      {
        "href": "string",
        "score": 0,
        "cve_ids": [
          "string"
        ],
        "description": "string",
        "name": "string",
        "created_at": "2018-12-12T04:17:11Z",
        "updated_at": "2018-12-12T04:17:11Z",
        "created_by": {
          "href": "string"
        },
        "updated_by": {
          "href": "string"
        }
      }
    ]
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string true* The href of the vulnerability
    » score integer true* The normalized score of the vulnerability within the range of 0 to 100. CVSS Score can be used here with a 10x multiplier.
    » cve_ids [string] false The cve_ids for the vulnerability
    » description string false An arbitrary field to store some details of the vulnerability class
    » name string true* The title/name of the vulnerability
    » created_at string(date-time) false The time (rfc3339 timestamp) at which this report was created
    » updated_at string(date-time) false The time (rfc3339 timestamp) at which this report was last updated
    » created_by object false No description
    »» href string true* The URI of the user who created this report
    » updated_by object false No description
    »» href string true* The URI of the user who last updated this report

    Get a Vulnerability

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/vulnerabilities/{reference_id} \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/vulnerabilities/{reference_id}

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    reference_id path string true* Vulnerability Reference ID

    Example Response Body

    [
      {
        "href": "string",
        "score": 0,
        "cve_ids": [
          "string"
        ],
        "description": "string",
        "name": "string",
        "created_at": "2018-12-12T04:17:11Z",
        "updated_at": "2018-12-12T04:17:11Z",
        "created_by": {
          "href": "string"
        },
        "updated_by": {
          "href": "string"
        }
      }
    ]
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Name Type Required Description
    » href string true* The href of the vulnerability
    » score integer true* The normalized score of the vulnerability within the range of 0 to 100. CVSS Score can be used here with a 10x multiplier.
    » cve_ids [string] false The cve_ids for the vulnerability
    » description string false An arbitrary field to store some details of the vulnerability class
    » name string true* The title/name of the vulnerability
    » created_at string(date-time) false The time (rfc3339 timestamp) at which this report was created
    » updated_at string(date-time) false The time (rfc3339 timestamp) at which this report was last updated
    » created_by object false No description
    »» href string true* The URI of the user who created this report
    » updated_by object false No description
    »» href string true* The URI of the user who last updated this report

    Create or Modify a Vulnerability

    Example Code

    
    curl -X PUT /api/v2/orgs/{org_id}/vulnerabilities/{reference_id} \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/orgs/{org_id}/vulnerabilities/{reference_id}

    Authorization: Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    {
      "score": 0,
      "cve_ids": [
        "string"
      ],
      "description": "string",
      "name": "string"
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    reference_id path string true* Vulnerability Reference ID
    body body object false No description
    » score body integer true* The normalized score of the vulnerability within the range of 0 to 100. CVSS Score can be used here with a 10x multiplier.
    » cve_ids body [string] false The cve_ids for the vulnerability
    » description body string false An arbitrary field to store some details of the vulnerability class
    » name body string true* The title/name of the vulnerability

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Delete a Vulnerability

    Example Code

    
    curl -X DELETE /api/v2/orgs/{org_id}/vulnerabilities/{reference_id}
      \ -u $KEY:$TOKEN
    
    

    DELETE /api/v2/orgs/{org_id}/vulnerabilities/{reference_id}

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    reference_id path string true* Vulnerability Reference ID

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Vulnerability Reports

    Get Vulerability Reports

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/vulnerability_reports \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/vulnerability_reports

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    max_results query integer false Maximum number of vulnerability_reports to return.

    Example Response Body

    {
      "href": "string",
      "name": "string",
      "report_type": "string",
      "num_vulnerabilities": 0,
      "authoritative": true,
      "scanned_ips": [
        "string"
      ],
      "created_at": "2018-12-12T04:17:11Z",
      "updated_at": "2018-12-12T04:17:11Z",
      "created_by": {
        "href": "string"
      },
      "updated_by": {
        "href": "string"
      }
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Vulnerability report

    Name Type Required Description
    » href string true* The resource(URI) representation of the vulnerability report
    » name string true* User generated name of the vulnerability report
    » report_type string true* A string representing the type of the report
    » num_vulnerabilities integer true* Number of vulnerabilities that belong to this report
    » authoritative boolean false Boolean value specifies whether a report is authoritative (or) not
    » scanned_ips [string] false The ips on which the scan was performed
    » created_at string(date-time) true* The time (rfc3339 timestamp) at which this report was created
    » updated_at string(date-time) true* The time (rfc3339 timestamp) at which this report was last updated
    » created_by object true* No description
    »» href string true* The URI of the user who created this report
    » updated_by object true* No description
    »» href string true* The URI of the user who last updated this report

    Get a Vulerability Report

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/vulnerability_reports/{reference_id} \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/vulnerability_reports/{reference_id}

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    reference_id path string true* Vulnerability Report Reference ID

    Example Response Body

    {
      "href": "string",
      "name": "string",
      "report_type": "string",
      "num_vulnerabilities": 0,
      "authoritative": true,
      "scanned_ips": [
        "string"
      ],
      "created_at": "2018-12-12T04:17:11Z",
      "updated_at": "2018-12-12T04:17:11Z",
      "created_by": {
        "href": "string"
      },
      "updated_by": {
        "href": "string"
      }
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Vulnerability report

    Name Type Required Description
    » href string true* The resource(URI) representation of the vulnerability report
    » name string true* User generated name of the vulnerability report
    » report_type string true* A string representing the type of the report
    » num_vulnerabilities integer true* Number of vulnerabilities that belong to this report
    » authoritative boolean false Boolean value specifies whether a report is authoritative (or) not
    » scanned_ips [string] false The ips on which the scan was performed
    » created_at string(date-time) true* The time (rfc3339 timestamp) at which this report was created
    » updated_at string(date-time) true* The time (rfc3339 timestamp) at which this report was last updated
    » created_by object true* No description
    »» href string true* The URI of the user who created this report
    » updated_by object true* No description
    »» href string true* The URI of the user who last updated this report

    Update a Vulerability Report

    Example Code

    
    curl -X PUT /api/v2/orgs/{org_id}/vulnerability_reports/{reference_id} \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/orgs/{org_id}/vulnerability_reports/{reference_id}

    Authorization: Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    {
      "name": "string",
      "report_type": "string",
      "authoritative": true,
      "scanned_ips": [
        "string"
      ],
      "detected_vulnerabilities": [
        {
          "ip_address": "string",
          "port": 0,
          "proto": 0,
          "workload": {
            "href": "string"
          },
          "vulnerability": {
            "href": "string"
          }
        }
      ]
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    reference_id path string true* Vulnerability Report Reference ID
    body body object false No description
    » name body string true* User generated name of the vulnerability report
    » report_type body string true* A string representing the type of the report
    » authoritative body boolean false Boolean value specifies whether a report is authoritative (or) not
    » scanned_ips body [string] false The ips on which the scan was performed
    » detected_vulnerabilities body [object] false No description
    »» ip_address body string true* The ip address of the host where the vulnerability is found
    »» port body integer false The port which is associated with the vulnerability
    »» proto body integer false The protocol which is associated with the vulnerability
    »» workload body object true* No description
    »»» href body string true* The URI of the workload to which this vulnerability belongs
    »» vulnerability body object true* No description
    »»» href body string true* The URI of the vulnerability class to which this vulnerability belongs

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Delete a Vulerability Report

    Example Code

    
    curl -X DELETE /api/v2/orgs/{org_id}/vulnerability_reports/{reference_id}
      \ -u $KEY:$TOKEN
    
    

    DELETE /api/v2/orgs/{org_id}/vulnerability_reports/{reference_id}

    Authorization: Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    reference_id path string true* Vulnerability Report Reference ID

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Workload Interfaces

    Get All Workload Interface Statuses

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/workloads/{workload_id}/interfaces \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/workloads/{workload_id}/interfaces

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Stable

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    workload_id path string true* Workload UUID

    Example Response Body

    {
      "name": "string",
      "link_state": "string",
      "address": "string",
      "cidr_block": 0,
      "default_gateway_address": "string",
      "network_id": 0,
      "network_detection_mode": "string",
      "friendly_name": "string"
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Workload network interfaces

    Name Type Required Description
    » name string true* Interface name
    » link_state string true* Link State
    » address string true* The IP Address to assign to this interface
    » cidr_block integer true* The number of bits in the subnet /24 is 255.255.255.0
    » default_gateway_address string true* The IP Address of the default gateway
    » network_id integer true* Network ID
    » network_detection_mode string true* Network Detection Mode
    » friendly_name string true* User-friendly name for interface

    Get Workload Interface Status

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/workloads/{workload_id}/interfaces/{name} \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/workloads/{workload_id}/interfaces/{name}

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Stable

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    workload_id path string true* Workload UUID
    name path string true* Interface Name

    Example Response Body

    {
      "name": "string",
      "link_state": "string",
      "address": "string",
      "cidr_block": 0,
      "default_gateway_address": "string",
      "network_id": 0,
      "network_detection_mode": "string",
      "friendly_name": "string"
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Workload network interfaces

    Name Type Required Description
    » name string true* Interface name
    » link_state string true* Link State
    » address string true* The IP Address to assign to this interface
    » cidr_block integer true* The number of bits in the subnet /24 is 255.255.255.0
    » default_gateway_address string true* The IP Address of the default gateway
    » network_id integer true* Network ID
    » network_detection_mode string true* Network Detection Mode
    » friendly_name string true* User-friendly name for interface

    Create a Workload Interface

    Example Code

    
    curl -X POST /api/v2/orgs/{org_id}/workloads/{workload_id}/interfaces \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    POST /api/v2/orgs/{org_id}/workloads/{workload_id}/interfaces

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Stable

    Auditable: Yes

    Example Request Body

    {
      "name": "string",
      "link_state": "up",
      "address": "string",
      "cidr_block": 0,
      "default_gateway_address": "string",
      "network": null,
      "friendly_name": "string"
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    workload_id path string true* Workload UUID
    body body object false No description
    » name body string true* Interface name
    » link_state body string true* Link State
    » address body any false No description
    »» anonymous body number false No description
    »» anonymous body number false No description
    » cidr_block body integer false The number of bits in the subnet /24 is 255.255.255.0
    » default_gateway_address body any false No description
    »» anonymous body number false No description
    »» anonymous body number false No description
    » network body object,null false Associated network
    » friendly_name body string false User-friendly name for interface

    Enumerated Values

    Parameter Value
    » link_state up
    » link_state down
    » link_state unknown

    Responses

    Status Meaning Description Schema
    201 Created Success None

    Delete a Workload Interface

    Example Code

    
    curl -X DELETE /api/v2/orgs/{org_id}/workloads/{workload_id}/interfaces/{name}
      \ -u $KEY:$TOKEN
    
    

    DELETE /api/v2/orgs/{org_id}/workloads/{workload_id}/interfaces/{name}

    Authorization: Global Administrator, Global Organization Owner

    Exposure: Public Stable

    Auditable: Yes

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Organization
    workload_id path string true* Workload UUID
    name path string true* Interface Name

    Responses

    Status Meaning Description Schema
    204 No Content Success None

    Workload Settings

    Get Workloads Settings

    Example Code

    
    curl -X GET /api/v2/orgs/{org_id}/settings/workloads \
      -u $KEY:$TOKEN -H 'Accept: application/json'
    
    

    GET /api/v2/orgs/{org_id}/settings/workloads

    Authorization: Global Administrator, Global Organization Owner, Global Read Only

    Exposure: Public Experimental

    Auditable: No

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Org ID

    Example Response Body

    {
      "workload_disconnected_timeout_seconds": [
        {
          "scope": [
            {
              "href": "string"
            }
          ],
          "value": 0
        }
      ],
      "workload_goodbye_timeout_seconds": [
        {
          "scope": [
            {
              "href": "string"
            }
          ],
          "value": 0
        }
      ]
    }
    

    Responses

    Status Meaning Description Schema
    200 OK Success Inline

    Response Schema

    Status Code 200

    Workload setting properties

    Name Type Required Description
    » workload_disconnected_timeout_seconds [object] true* No description
    »» scope [object] true* Assigned labels
    »»» href string true* Label URI
    »» value integer true* Property value associated with the scope
    » workload_goodbye_timeout_seconds [object] true* No description
    »» scope [object] true* Assigned labels
    »»» href string true* Label URI
    »» value integer true* Property value associated with the scope

    Update Workloads Settings

    Example Code

    
    curl -X PUT /api/v2/orgs/{org_id}/settings/workloads \
      -u $KEY:$TOKEN -H 'Content-Type: application/json'
    
    

    PUT /api/v2/orgs/{org_id}/settings/workloads

    Authorization: Global Organization Owner

    Exposure: Public Experimental

    Auditable: Yes

    Example Request Body

    {
      "workload_disconnected_timeout_seconds": [
        {
          "scope": [
            {
              "href": "string"
            }
          ],
          "value": 0
        }
      ],
      "workload_goodbye_timeout_seconds": [
        {
          "scope": [
            {
              "href": "string"
            }
          ],
          "value": 0
        }
      ]
    }
    

    Parameters

    Parameter In Type Required Description
    org_id path integer true* Org ID
    body body object false No description
    » workload_disconnected_timeout_seconds body [object] false No description
    »» scope body [object] true* Assigned labels
    »»» href body string true* Label URI
    »» value body integer true* Property value associated with the scope
    » workload_goodbye_timeout_seconds body [object] false No description
    »» scope body [object] true* Assigned labels
    »»» href body string true* Label URI