API
Documentation Powered by ReDoc

Symantec ZTNA API (V2)

Download OpenAPI specification:Download

What's New

Effective from Change
March 24th, 2025 You can now choose the authentication mode for registering Connectors
by specifying the authentication_mode field during site creation.
The available options are: ['Connector', 'Site'].
This value is immutable and must be set at creation.

Default Behavior (Connector Mode)

By default, the Connector mode is used, which aligns with the previous behavior. In this mode:
• Connectors are created and bound via API calls.
• During Connector creation, the API returns a one-time password (OTP).
• The OTP is passed as an environment variable and used by the Connector Container for registration.
• Once the registration is complete, the OTP becomes invalid, and the Connector’s persistent storage must be maintained to ensure resiliency.

New Behavior (Site Mode)

The Site mode is primarily designed for managed container orchestrators (e.g., Kubernetes, Fargate),
but is also compatible with environments where Connector mode is currently being used. In this mode:
• A registration key acts as a long-lived token associated with the site.
• The key is shown only once upon creation, and it is the user’s responsibility to store it securely in a secret manager.
• The token is reusable and allows the creation of new Connector entities upon registration.
• The Connector Container uses this token, passed as an environment variable, to register itself.
• Resiliency is ensured as the container dynamically handles the Connector creation and deletion
• Persistent storage is not required, and direct Connector creation via API is disabled in this mode.

New APIs for Managing Site Registration Keys:
Get site registration keys
Rotate site registration key
Delete site registration keys
Dec 18th, 2024 The APIs Get Application, Create Application and Update Application have been updated by removing DNS type from both response and request, You can now perform all necessary operations in the new DNS Resiliency section DNS Resiliency.

Introduction

Symantec ZTNA API uses common RESTful resourced based URL conventions and JSON as the exchange format.
Properties names are case-sensitive.
Some of Symantec ZTNA API calls omit None values from the API response.

The base-URL is api.<tenant-name>.luminatesec.com. For example, if your administration portal URL is admin.acme.luminatesec.com, then your API base-URL is api.acme.luminatesec.com.

All examples below are performed on a tenant called acme.

Common Operations Steps

Below you may find a list of common operations and the relevant API calls for each. Each of these operations can also be performed by using the administrative portal at https://admin.acme.luminatesec.com.

  1. Creating a site and deploying a connector:
    1. Creating a new site using the Create site API.
    2. Once a site is created you can use its Id (returned in the response of the Create Site request) and call the Create connector API.
    3. Deploy the Symantec ZTNA connector:
      1. Retrieve the deployment command using the Connector Deployment Command API.
      2. Execute the command on the target machine.
  2. Creating an application:
    1. An application is always associated with a specific site for routing the traffic to the application via the connectors associated with the same site. In order to create the application, call the Create Application API
    2. Once the application is created, you *must* assign the application to a specific site in order to make it accessible. Assign the application to the required site using the Bind Application to Site API.
    3. In order to grant access to the application for specific entities (users/groups), you should assign the application to the access policy using the Access and Activity Policy API

Object Model

The object model of the API is built around the following:

  1. Sites - Site is a representation of the physical or virtual data center your applications reside in.
  2. Connectors - A connector is a lightweight piece of software connecting your site to the Symantec ZTNA platform.
  3. Applications - Application is the internal resource you would like to publish using Symantec ZTNA.
  4. Access and Activity Policies - Symantec ZTNA continuously authorize each user request for the contextual access and activity, in order to control access to resources and restrict user’s actions within resources, based on the user/device context (such as the user’s group membership, user’s location, MFA status and managed/unmanaged device status) and the requested resource.
  5. Cloud Integration - Integration with Cloud Providers like Amazon Web Services to provide a smoother and cloud-native integration with SIEM solutions and to allow access to resources based on their associated tags.
  6. Logs - Symantec ZTNA internal logs for audit and forensics purposes:
    1. Audit Logs audit all operations done through the administration portal
    2. Forensics Logs audit any user's access to any application as well as user's activity for any application.

Authentication

Authentication is done using OAuth2 with the Bearer authentication scheme.

OAuth

Standard OAuth2 clientCredentials flow

Security Scheme Type OAuth2
clientCredentials OAuth Flow
Token URL: https://api.acme.luminatesec.com/v1/oauth/token
Scopes:

    The Symantec ZTNA API is available to Symantec ZTNA users who have administrative privileges in their Symantec ZTNA tenant. An administrator should create an API client through the Symantec ZTNA Admin portal and copy the ‘Client Id’ and the ‘Client Secret’. Then the administrator should assign the API client an appropriate role in 'Tenant Roles' page.

    Retrieving the API access token is done using Basic-Authentication scheme, POST of a Base64 encoded Client-ID and Client-Secret: 

    curl -X POST \

https://api.acme.luminatesec.com/v1/oauth/token \

-u yourApiClientId:yourApiClientSecret

    This call returns the following JSON: { "access_token":"edfe22e3-eb4c-4c83-8ce3-3152e6a2XXX", "expires_in":3600, "scope":"luminate-scope", "token_type":"Bearer", "error":"", "error_description":""}

    All further API calls should include the ‘Authorization’ header with value “Bearer AccessToken”

    For example: 

      curl -H "Authorization: Bearer edfe22e3-eb4c-4c83-8ce3-3152e6a2XXX" "https://api.acme.luminatesec.com/v2/applications"




    Token

    The Symantec ZTNA API is available to Symantec ZTNA users who have administrative privileges in their Symantec ZTNA tenant. An administrator can create a token through the Symantec ZTNA Admin portal, with type 'Token' and copy the ‘Client Token'.
    Make sure to copy the token once it's generated, it won't be presented again!

    Then, the administrator should assign the token an appropriate role in 'Tenant Roles' page.
    To enforce the new role, the administrator must click the 'Enforce Roles' button on the token entity page.

    All further API calls should include the ‘Authorization’ header with value “Bearer <client-token-value>”

    For example: 

      curl -H "Authorization: Bearer 2d902c58adc30cfaa12c83b7a524fdf753b7f6adb9d13a5d8e4122f643c2c6ca8c597ade37d198e799b338d2448018dddecd341b770d495305d93f39e53e6f6ab691456e25768e76ac7e53282b2b7a24a9d2f3636acca2dd894b1279e4e93aa4db010a0922f612f7253af71b3a414ad5435489bc7987cd6648eeb05ec6643e00ba33c920e2eea9d55cbb4167bc5d58aecfbc0acfc82be613e1176894fd6ded83943374e30fa5724d4b4088494f59eefe2164c6c6373163029b551c195c9251c633ccda6a498a0d48a43fXXX01bd88da0edc5dba6XXXc86d828256d0b8de0af11e3e1e81cf1d1651657c88af8cab57358886d680f36de53608f48b0a9b769aXXX" "https://api.acme.luminatesec.com/v2/sites"

    Versioning and Compatibility

    The latest Major Version is v2.

    The Major Version is included in the URL path (e.g. /v2/applications ) and it denotes breaking changes to the API. Minor and Patch versions are transparent to the client.

    Pagination

    Some of our API responses are paginated, meaning that only a certain number of items are returned at a time. The default number of items returned in a single page is 50. You can override this by passing a size parameter to set the maximum number of results, but cannot exceed 100. Specifying the page number sets the starting point for the result set, allowing you to fetch subsequent items that are not in the initial set of results. The sort order for returned data can be controlled using the sort parameter.
    You can constrain the results by using a filter.

    Note: Most methods that support pagination use the approach specified above. However, some methods use varied versions of pagination. The individual documentation for each API method is your source of truth for which pattern the method follows.

    Auditing

    All authentication operations and modify operations (POST, PUT, DELETE) are audited.

    Rate-limiting

    The API has a rate limit of 5 requests per second. If you have hit the rate limit, then a ‘429’ status code will be returned. In such cases, you should back-off from submitting new requests for 1 second before resuming.

    Note that rate-limitation applies to the accumulated requests of all of your clients. For example, if you have 6 clients submitting requests simultaneously at a rate of 1 request per second for each one then one of them is likely to get a 429 status code.

    Support

    For additional help you may refer to our support at https://support.broadcom.com

    Each request submitted to the API returns a unique request ID that is generated by the API. The request ID will be returned in header x-lum-request-id. If you need to contact us about any specific request then this ID will serve as a reference to the given request.

    Sites

    Site is a representation of the physical or virtual data center your applications reside in.

    Create Site

    post /sites

    Default server.

    https://api.acme.luminatesec.com/v2/sites

    Creates a Site in your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    Request Body schema: application/json
    name
    required
    string [ 2 .. 700 ]

    A descriptive name of the site.

    kubernetes_persistent_volume_name
    string (kubernetes_persistent_volume_name)
    Default: null

    A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate.
    The persistent volume must be defined for deployments of type Kubernetes in order to support connector failovers. This property value is inherited from the contained site and can be overridden at the connector level.

    mute_health_notification
    boolean
    Default: false

    Indication whether health notifications are enabled for this site.

    region
    string

    The connectivity region of the site. If not specified, the default region will be used.

    authentication_mode
    string (SiteAuthenticationMode)
    Default: "connector"
    Enum: "connector" "site"

    This value is un mutable can be chosen only on creation!

    The value Connector allows creating and binding Connectors through API calls.
    During Connector creation you get a response with an OTP,
    which is passed as an env var and used by the Connector Container to in order to register the Connector entity.
    Once this is done, the OTP can't be used any more and the Container storage must be persistent in order to ensure Container resiliency

    The value Site is meant to be used in a managed Containers Orchestrator (such as K8s, Fargate and so on)
    This mode allows creating a registration key (See: Site Registration Keys)

    Responses

    201

    successful operation.

    Response Schema: application/json
    name
    required
    string [ 2 .. 700 ]

    A descriptive name of the site.

    id
    string <uuid>

    A unique identifier of this site. Note: This field is required for any operation other than initial creation.

    kubernetes_persistent_volume_name
    string (kubernetes_persistent_volume_name)
    Default: null

    A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate.
    The persistent volume must be defined for deployments of type Kubernetes in order to support connector failovers. This property value is inherited from the contained site and can be overridden at the connector level.

    connectors
    Array of strings <uuid>

    IDs of all connectors included in this site.

    application_ids
    Array of strings <uuid>

    IDs of all applications included in this site.

    connector_objects
    Array of objects (Connector)
    site_status
    object (SiteStatus)
    mute_health_notification
    boolean
    Default: false

    Indication whether health notifications are enabled for this site.

    countCollections
    integer <int32>

    The number of collections that are associated with this site.

    region
    string

    The connectivity region of the site. If not specified, the default region will be used.

    authentication_mode
    string (SiteAuthenticationMode)
    Default: "connector"
    Enum: "connector" "site"

    This value is un mutable can be chosen only on creation!

    The value Connector allows creating and binding Connectors through API calls.
    During Connector creation you get a response with an OTP,
    which is passed as an env var and used by the Connector Container to in order to register the Connector entity.
    Once this is done, the OTP can't be used any more and the Container storage must be persistent in order to ensure Container resiliency

    The value Site is meant to be used in a managed Containers Orchestrator (such as K8s, Fargate and so on)
    This mode allows creating a registration key (See: Site Registration Keys)

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    409

    Conflict - Value of one of the provided fields is already used by an existing object.

    500

    Internal Server Error.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "name": "DataCenterEurope",
    • "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420",
    • "mute_health_notification": false,
    • "region": "europe-west1",
    • "authentication_mode": "connector"
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "name": "DataCenterEurope",
    • "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420",
    • "connectors":
      [
      ],
    • "application_ids":
      [
      ],
    • "connector_objects":
      [
      ],
    • "site_status":
      {
      },
    • "mute_health_notification": false,
    • "countCollections": 1,
    • "region": "europe-west1",
    • "authentication_mode": "connector"
    }

    List Sites

    get /sites

    Default server.

    https://api.acme.luminatesec.com/v2/sites

    Return an array of paginated JSON objects. Each object represents a site configured in your Symantec ZTNA tenant.
    The supported sort keys are either ‘name’ for sorting by site name.
    Filter applies for the following fields: "name" and "description".
    Using the query filter=test will return all the sites for which one or more of the above listed fields contain "test" Filtering by Application ID may be applied - in such a case, Sites that are associated with this Application will be returned. If the Application ID does not exist then an empty array is returned.

    Authorizations:
    OAuth
    query Parameters
    sort
    string
    Default: "id,asc"
    Example: sort=name,desc

    The value of this parameter is a comma-separated list of sort key and sort direction. By default, query results are sorted in ascending order by item id. The supported sort directions are either 'asc' for ascending or 'desc' for descending.

    size
    number <int32> <= 100
    Default: 50
    Example: size=10

    The number of items returned in a single page.

    page
    number <int32>

    The page number.

    filter
    string
    Example: filter=test

    The string by which the results are filtered (see description)

    Responses

    200

    successful operation.

    Response Schema: application/json
    content
    Array of objects (Site)
    first
    boolean

    Indicates whether the current page is the first one.

    last
    boolean

    Indicates whether the current page is the last one.

    size
    integer <int32>

    Maximum number of elements per page.

    totalElements
    integer <int32>

    Number of elements included in the response.

    totalPages
    integer <int32>

    Number of pages included in the response.

    number
    integer <int32>

    Page number

    numberOfElements
    integer <int32>

    Number of elements in current page.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/sites?sort=name,desc&size=10&page=0&filter=test' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "content":
      [
      ],
    • "first": true,
    • "last": true,
    • "size": 50,
    • "totalElements": 1,
    • "totalPages": 1,
    • "number": 0,
    • "numberOfElements": 1
    }

    Update Site

    put /sites/{site-id}

    Default server.

    https://api.acme.luminatesec.com/v2/sites/{site-id}

    Update an existing site in your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    path Parameters
    site-id
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    The site ID.

    Request Body schema: application/json
    name
    required
    string [ 2 .. 700 ]

    A descriptive name of the site.

    kubernetes_persistent_volume_name
    string (kubernetes_persistent_volume_name)
    Default: null

    A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate.
    The persistent volume must be defined for deployments of type Kubernetes in order to support connector failovers. This property value is inherited from the contained site and can be overridden at the connector level.

    mute_health_notification
    boolean
    Default: false

    Indication whether health notifications are enabled for this site.

    region
    string

    The connectivity region of the site. If not specified, the default region will be used.

    authentication_mode
    string (SiteAuthenticationMode)
    Default: "connector"
    Enum: "connector" "site"

    This value is un mutable can be chosen only on creation!

    The value Connector allows creating and binding Connectors through API calls.
    During Connector creation you get a response with an OTP,
    which is passed as an env var and used by the Connector Container to in order to register the Connector entity.
    Once this is done, the OTP can't be used any more and the Container storage must be persistent in order to ensure Container resiliency

    The value Site is meant to be used in a managed Containers Orchestrator (such as K8s, Fargate and so on)
    This mode allows creating a registration key (See: Site Registration Keys)

    Responses

    200

    successful operation.

    Response Schema: application/json
    name
    required
    string [ 2 .. 700 ]

    A descriptive name of the site.

    id
    string <uuid>

    A unique identifier of this site. Note: This field is required for any operation other than initial creation.

    kubernetes_persistent_volume_name
    string (kubernetes_persistent_volume_name)
    Default: null

    A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate.
    The persistent volume must be defined for deployments of type Kubernetes in order to support connector failovers. This property value is inherited from the contained site and can be overridden at the connector level.

    connectors
    Array of strings <uuid>

    IDs of all connectors included in this site.

    application_ids
    Array of strings <uuid>

    IDs of all applications included in this site.

    connector_objects
    Array of objects (Connector)
    site_status
    object (SiteStatus)
    mute_health_notification
    boolean
    Default: false

    Indication whether health notifications are enabled for this site.

    countCollections
    integer <int32>

    The number of collections that are associated with this site.

    region
    string

    The connectivity region of the site. If not specified, the default region will be used.

    authentication_mode
    string (SiteAuthenticationMode)
    Default: "connector"
    Enum: "connector" "site"

    This value is un mutable can be chosen only on creation!

    The value Connector allows creating and binding Connectors through API calls.
    During Connector creation you get a response with an OTP,
    which is passed as an env var and used by the Connector Container to in order to register the Connector entity.
    Once this is done, the OTP can't be used any more and the Container storage must be persistent in order to ensure Container resiliency

    The value Site is meant to be used in a managed Containers Orchestrator (such as K8s, Fargate and so on)
    This mode allows creating a registration key (See: Site Registration Keys)

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    409

    Conflict - Value of one of the provided fields is already used by an existing object.

    500

    Internal Server Error.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "name": "DataCenterEurope",
    • "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420",
    • "mute_health_notification": false,
    • "region": "europe-west1",
    • "authentication_mode": "connector"
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "name": "DataCenterEurope",
    • "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420",
    • "connectors":
      [
      ],
    • "application_ids":
      [
      ],
    • "connector_objects":
      [
      ],
    • "site_status":
      {
      },
    • "mute_health_notification": false,
    • "countCollections": 1,
    • "region": "europe-west1",
    • "authentication_mode": "connector"
    }

    Get Site

    get /sites/{site-id}

    Default server.

    https://api.acme.luminatesec.com/v2/sites/{site-id}

    Returns the details of a Site from your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    path Parameters
    site-id
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    The Site ID.

    Responses

    200

    successful operation.

    Response Schema: application/json
    name
    required
    string [ 2 .. 700 ]

    A descriptive name of the site.

    id
    string <uuid>

    A unique identifier of this site. Note: This field is required for any operation other than initial creation.

    kubernetes_persistent_volume_name
    string (kubernetes_persistent_volume_name)
    Default: null

    A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate.
    The persistent volume must be defined for deployments of type Kubernetes in order to support connector failovers. This property value is inherited from the contained site and can be overridden at the connector level.

    connectors
    Array of strings <uuid>

    IDs of all connectors included in this site.

    application_ids
    Array of strings <uuid>

    IDs of all applications included in this site.

    connector_objects
    Array of objects (Connector)
    site_status
    object (SiteStatus)
    mute_health_notification
    boolean
    Default: false

    Indication whether health notifications are enabled for this site.

    countCollections
    integer <int32>

    The number of collections that are associated with this site.

    region
    string

    The connectivity region of the site. If not specified, the default region will be used.

    authentication_mode
    string (SiteAuthenticationMode)
    Default: "connector"
    Enum: "connector" "site"

    This value is un mutable can be chosen only on creation!

    The value Connector allows creating and binding Connectors through API calls.
    During Connector creation you get a response with an OTP,
    which is passed as an env var and used by the Connector Container to in order to register the Connector entity.
    Once this is done, the OTP can't be used any more and the Container storage must be persistent in order to ensure Container resiliency

    The value Site is meant to be used in a managed Containers Orchestrator (such as K8s, Fargate and so on)
    This mode allows creating a registration key (See: Site Registration Keys)

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/sites/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "name": "DataCenterEurope",
    • "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420",
    • "connectors":
      [
      ],
    • "application_ids":
      [
      ],
    • "connector_objects":
      [
      ],
    • "site_status":
      {
      },
    • "mute_health_notification": false,
    • "countCollections": 1,
    • "region": "europe-west1",
    • "authentication_mode": "connector"
    }

    Delete Site

    delete /sites/{site-id}

    Default server.

    https://api.acme.luminatesec.com/v2/sites/{site-id}

    Delete a site from your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    path Parameters
    site-id
    required
    string <uuid>
    Example: 3c536623-4763-4f67-a45a-e88f3d08cdd5

    Site ID.

    Responses

    204

    successful operation.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X DELETE 'https://api.acme.luminatesec.com/v2/sites/3c536623-4763-4f67-a45a-e88f3d08cdd5' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Example
    InvalidIDParameter
    Copy
     Expand all Collapse all
    {
    • "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
    • "timestamp": 1548259503065,
    • "status": 400,
    • "reasonPhrase": "Bad Request",
    • "message": "Invalid request parameters: Invalid ID format - failed to process request"
    }

    Get Site Health Status

    get /sites/{site-id}/status

    Default server.

    https://api.acme.luminatesec.com/v2/sites/{site-id}/status

    Returns the health status of a site from your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    path Parameters
    site-id
    required
    string <uuid>
    Example: 3c536623-4763-4f67-a45a-e88f3d08cdd5

    Site ID.

    Responses

    200

    successful operation.

    Response Schema: application/json
    ConnectorsUp
    Array of objects (ConnectorLastSeen)

    A list of online connectors represented by their ID and their last communication date.

    ConnectorsDown
    Array of objects (ConnectorLastSeen)

    A list of offline connectors represented by their ID and their last communication date.

    ConnectorsNotConfigured
    Array of objects (ConnectorLastSeen)

    A list of connectors that were yet established initial communication with Symantec ZTNA Cloud Service.

    ConnectorsDisabled
    Array of objects (ConnectorLastSeen)

    A list of disabled connectors (connectors that don't serve applications defined under the contained site).

    Status
    string
    Enum: "online" "offline" "not-configured"

    Site health status. The site is online when there is at least one online connector.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/sites/3c536623-4763-4f67-a45a-e88f3d08cdd5/status' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "ConnectorsUp":
      [
      ],
    • "ConnectorsDown": null,
    • "ConnectorsNotConfigured":
      [
      ],
    • "ConnectorsDisabled": null,
    • "Status": "not-configured"
    }

    List Regions

    get /regions

    Default server.

    https://api.acme.luminatesec.com/v2/regions

    Returns a list of available connectivity regions

    Authorizations:
    OAuth

    Responses

    200

    successful operation.

    Response Schema: application/json
    Array
    name
    required
    string (RegionName)

    The name of the region

    is_default
    required
    boolean (RegionIsDefault)

    A boolean indicating if the region is the default region

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/regions' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    [
    • {
      }
    ]

    Get Region By Name

    get /regions/{region_name}

    Default server.

    https://api.acme.luminatesec.com/v2/regions/{region_name}

    Returns details of a connectivity region

    Authorizations:
    OAuth
    path Parameters
    region-name
    required
    string
    Example: us-west1

    Region name

    Responses

    200

    successful operation.

    Response Schema: application/json
    name
    required
    string (RegionName)

    The name of the region

    is_default
    required
    boolean (RegionIsDefault)

    A boolean indicating if the region is the default region

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/regions/{region_name}' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "name": "us-west1",
    • "is_default": true
    }

    Site Registration Keys

    Registration Keys are available for sites with authentication_mode set to Site.
    which is primarily designed for managed container orchestrators (e.g., Kubernetes, Fargate),
    but is also compatible with environments where Connector mode is currently being used.

    • A registration key acts as a long-lived token associated with the site.
    • The key is shown only once upon creation, and it is the user’s responsibility to store it securely in a secret manager.
    • The token is reusable and allows the creation of new Connector entities upon registration.
    • The Connector Container uses this token, passed as an environment variable, to register itself.
    • Resiliency is ensured as the container dynamically handles the Connector creation and deletion
    • Persistent storage is not required, and direct Connector creation via API is disabled in this mode.

    A site can have up to two active registration keys at a time:
    One primary key, and the second (if exists) is a temporarily active key

    List Site Registration Keys

    get /sites/{site-id}/registration_keys

    Default server.

    https://api.acme.luminatesec.com/v2/sites/{site-id}/registration_keys

    Returns the site's registration keys list.

    Authorizations:
    OAuth
    path Parameters
    site-id
    required
    string <uuid>
    Example: 3c536623-4763-4f67-a45a-e88f3d08cdd5

    Site ID.

    Responses

    200

    successful operation.

    Response Schema: application/json
    registration_keys
    Array of objects (SiteRegistrationKey)
    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/sites/3c536623-4763-4f67-a45a-e88f3d08cdd5/registration_keys' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "registration_keys":
      [
      ]
    }

    Rotate Site Registration Keys

    post /sites/{site-id}/registration_keys

    Default server.

    https://api.acme.luminatesec.com/v2/sites/{site-id}/registration_keys

    Rotates the site's registration keys.
    If no registration key exists, the first request generates one.
    Future rotation requests replace the primary key.

    Authorizations:
    OAuth
    path Parameters
    site-id
    required
    string <uuid>
    Example: 3c536623-4763-4f67-a45a-e88f3d08cdd5

    Site ID.

    Request Body schema: application/json
    revoke_immediately
    boolean
    Default: false

    true:
    All existing keys are deleted.
    false:
    The primary key becomes temporarily active (72-hour expiration).
    If there's an existing temporarily active key already, it will be deleted.

    Responses

    200

    successful operation.

    Response Schema: application/json
    registration_key_id
    string <uuid>
    registration_key
    string
    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "revoke_immediately": false
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "registration_key_id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "registration_key": "string"
    }

    Clean Site Registration Keys

    delete /sites/{site-id}/registration_keys

    Default server.

    https://api.acme.luminatesec.com/v2/sites/{site-id}/registration_keys

    Cleans the site's registration keys list.

    Authorizations:
    OAuth
    path Parameters
    site-id
    required
    string <uuid>
    Example: 3c536623-4763-4f67-a45a-e88f3d08cdd5

    Site ID.

    Responses

    204

    successful operation.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X DELETE 'https://api.acme.luminatesec.com/v2/sites/3c536623-4763-4f67-a45a-e88f3d08cdd5/registration_keys' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Example
    InvalidIDParameter
    Copy
     Expand all Collapse all
    {
    • "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
    • "timestamp": 1548259503065,
    • "status": 400,
    • "reasonPhrase": "Bad Request",
    • "message": "Invalid request parameters: Invalid ID format - failed to process request"
    }

    Connectors

    A connector is a lightweight piece of software connecting your site to the Symantec ZTNA platform.

    Create Connector

    post /connectors

    Default server.

    https://api.acme.luminatesec.com/v2/connectors

    Creates a Connector in your Symantec ZTNA tenant. To complete configuring the Symantec ZTNA connector, you should retrieve the deployment command using Connector Deployment Command API and execute it on the target machine.

    Authorizations:
    OAuth
    query Parameters
    bind_to_site_id
    required
    string <uuid>
    Example: bind_to_site_id=6fd0a892-8b70-471a-9dd7-bf374b07451f

    The ID of the site that should contain this connector.

    Request Body schema: application/json
    name
    required
    string >= 1

    A descriptive name of the Connector.

    deployment_type
    required
    string (DeploymentType)
    Enum: "windows" "linux" "docker-compose" "kubernetes"

    The deployment type of the host running the Symantec ZTNA connector.

    send_logs
    boolean
    Default: false

    Indicates whether to set connector debug log level to the highest one.

    enabled
    boolean
    Default: true

    Indicates whether the connector serves applications defined under the contained site. A disabled connector still communicates with Symantec ZTNA cloud service to support enabling it later on.

    kubernetes_persistent_volume_name
    string (kubernetes_persistent_volume_name)
    Default: null

    A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate.
    The persistent volume must be defined for deployments of type Kubernetes in order to support connector failovers. This property value is inherited from the contained site and can be overridden at the connector level.

    Responses

    201

    successful operation.

    Response Schema: application/json
    name
    required
    string >= 1

    A descriptive name of the Connector.

    deployment_type
    required
    string (DeploymentType)
    Enum: "windows" "linux" "docker-compose" "kubernetes"

    The deployment type of the host running the Symantec ZTNA connector.

    id
    string <uuid>

    A unique identifier of this connector. Note: This field is required for any operation other than initial creation.

    version
    string

    The version of the running connector. This version equals to or higher than container_version.

    registered
    boolean

    Indicates whether the connector has already established a successful handshake with the Symantec ZTNA Cloud.

    otp
    string

    When initiated, the Symantec ZTNA Connector receives an ephemeral OTP, allowing it to establish initial communication. with Symantec ZTNA Cloud Service and pull a TLS Certificate to be used for further communications. This property holds an empty value after the connector establishes a successful handshake with the Symantec ZTNA Cloud.

    date_created
    string <date-time>

    Connector creation date.

    date_registered
    string <date-time>

    The date when the connector established a successful handshake with the Symantec ZTNA Cloud.

    date_otp_expire
    string <date-time>

    The date when the connector OTP expires. By default OTP is valid for 24 hours after connector creation date.

    send_logs
    boolean
    Default: false

    Indicates whether to set connector debug log level to the highest one.

    enabled
    boolean
    Default: true

    Indicates whether the connector serves applications defined under the contained site. A disabled connector still communicates with Symantec ZTNA cloud service to support enabling it later on.

    connector_status
    string
    Enum: "StatusUndefined" "StatusReady" "StatusDownloadStarted" "StatusDownloadCompleted" "StatusMigrationStarted" "StatusMigrationCompleted" "StatusExecuteStarted" "StatusExecuteCompleted" "StatusRetired" "StatusFailed" "StatusRetireStarted"
    update_status
    string
    Enum: "UpToDate" "UpdateAvailable" "UpdateStarted" "UpdateCompleted" "UpdateFailed"

    Indicates the connector upgrade status:
    UpToDate - Connector version is the latest available.
    UpdateAvailable - New connector version is available.
    UpdateStarted - Connector upgrade is in progress.
    UpdateCompleted - Connector upgrade was just completed. This is a temporary state until upgrade result is calculated.
    UpdateFailed - Connector upgrade attempt has failed.

    update_status_info
    string

    A detailed description of the connector upgrade failure reason in case a recent upgrade has failed.

    internal_ip
    string

    The internal IP address of the host running the Symantec ZTNA connector container.

    external_ip
    string

    The IP address used by Symantec ZTNA connector to address Symantec ZTNA cloud.

    hostname
    string

    The name of the host running the Symantec ZTNA connector container.

    geo_location
    string

    Geo location based on the external-ip, including the hosted cloud service if applicable.

    kubernetes_persistent_volume_name
    string (kubernetes_persistent_volume_name)
    Default: null

    A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate.
    The persistent volume must be defined for deployments of type Kubernetes in order to support connector failovers. This property value is inherited from the contained site and can be overridden at the connector level.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    409

    Conflict - Value of one of the provided fields is already used by an existing object.

    500

    Internal Server Error.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "name": "TestSite-Connector-3",
    • "send_logs": false,
    • "enabled": true,
    • "deployment_type": "kubernetes",
    • "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
    • "name": "TestSite-Connector-3",
    • "version": "2.5.1+964",
    • "registered": true,
    • "otp": null,
    • "date_created": "2025-07-28T13:34:25Z",
    • "date_registered": "2025-07-28T13:34:25Z",
    • "date_otp_expire": "2025-07-28T13:34:25Z",
    • "send_logs": false,
    • "enabled": true,
    • "connector_status": "StatusReady",
    • "update_status": "UpdateFailed",
    • "update_status_info": "error downloading new connector",
    • "internal_ip": "10.10.10.1",
    • "external_ip": "109.155.209.167",
    • "hostname": "TestSite-Connector-3-Linux",
    • "geo_location": "Microsoft Azure, Netherlands, Amsterdam",
    • "deployment_type": "kubernetes",
    • "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
    }

    List Connectors

    get /connectors

    Default server.

    https://api.acme.luminatesec.com/v2/connectors

    Return an array of paginated JSON objects. Each object represents a connector configured in your Symantec ZTNA tenant.
    The supported sort keys are either ‘name’ for sorting by connector name or ‘id’ for sorting by connector id.
    Filter applies for the following fields: "name", "internal-address", "external-address", "custom-domain" and "custom-root-path".
    Using the query filter=test will return all the connectors for which one or more of the above listed fields contain "test".

    Authorizations:
    OAuth
    query Parameters
    sort
    string
    Default: "id,asc"
    Example: sort=name,desc

    The value of this parameter is a comma-separated list of sort key and sort direction. By default, query results are sorted in ascending order by item id. The supported sort directions are either 'asc' for ascending or 'desc' for descending.

    size
    number <int32> <= 100
    Default: 50
    Example: size=10

    The number of items returned in a single page.

    page
    number <int32>

    The page number.

    filter
    string
    Example: filter=test

    The string by which the results are filtered (see description)

    Responses

    200

    successful operation.

    Response Schema: application/json
    content
    Array of objects (Connector)
    first
    boolean

    Indicates whether the current page is the first one.

    last
    boolean

    Indicates whether the current page is the last one.

    size
    integer <int32>

    Maximum number of elements per page.

    totalElements
    integer <int32>

    Number of elements included in the response.

    totalPages
    integer <int32>

    Number of pages included in the response.

    number
    integer <int32>

    Page number

    numberOfElements
    integer <int32>

    Number of elements in current page.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/connectors?sort=name,desc&size=10&page=0&filter=test' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "content":
      [
      ],
    • "first": true,
    • "last": true,
    • "size": 50,
    • "totalElements": 1,
    • "totalPages": 1,
    • "number": 0,
    • "numberOfElements": 1
    }

    Get Connector

    get /connectors/{connector-id}

    Default server.

    https://api.acme.luminatesec.com/v2/connectors/{connector-id}

    Returns the details of a Connector from your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    path Parameters
    connector-id
    required
    string <uuid>
    Example: 18837193-a81a-400f-b38d-482379e3ab47

    Connector ID.

    Responses

    200

    successful operation.

    Response Schema: application/json
    name
    required
    string >= 1

    A descriptive name of the Connector.

    deployment_type
    required
    string (DeploymentType)
    Enum: "windows" "linux" "docker-compose" "kubernetes"

    The deployment type of the host running the Symantec ZTNA connector.

    id
    string <uuid>

    A unique identifier of this connector. Note: This field is required for any operation other than initial creation.

    version
    string

    The version of the running connector. This version equals to or higher than container_version.

    registered
    boolean

    Indicates whether the connector has already established a successful handshake with the Symantec ZTNA Cloud.

    otp
    string

    When initiated, the Symantec ZTNA Connector receives an ephemeral OTP, allowing it to establish initial communication. with Symantec ZTNA Cloud Service and pull a TLS Certificate to be used for further communications. This property holds an empty value after the connector establishes a successful handshake with the Symantec ZTNA Cloud.

    date_created
    string <date-time>

    Connector creation date.

    date_registered
    string <date-time>

    The date when the connector established a successful handshake with the Symantec ZTNA Cloud.

    date_otp_expire
    string <date-time>

    The date when the connector OTP expires. By default OTP is valid for 24 hours after connector creation date.

    send_logs
    boolean
    Default: false

    Indicates whether to set connector debug log level to the highest one.

    enabled
    boolean
    Default: true

    Indicates whether the connector serves applications defined under the contained site. A disabled connector still communicates with Symantec ZTNA cloud service to support enabling it later on.

    connector_status
    string
    Enum: "StatusUndefined" "StatusReady" "StatusDownloadStarted" "StatusDownloadCompleted" "StatusMigrationStarted" "StatusMigrationCompleted" "StatusExecuteStarted" "StatusExecuteCompleted" "StatusRetired" "StatusFailed" "StatusRetireStarted"
    update_status
    string
    Enum: "UpToDate" "UpdateAvailable" "UpdateStarted" "UpdateCompleted" "UpdateFailed"

    Indicates the connector upgrade status:
    UpToDate - Connector version is the latest available.
    UpdateAvailable - New connector version is available.
    UpdateStarted - Connector upgrade is in progress.
    UpdateCompleted - Connector upgrade was just completed. This is a temporary state until upgrade result is calculated.
    UpdateFailed - Connector upgrade attempt has failed.

    update_status_info
    string

    A detailed description of the connector upgrade failure reason in case a recent upgrade has failed.

    internal_ip
    string

    The internal IP address of the host running the Symantec ZTNA connector container.

    external_ip
    string

    The IP address used by Symantec ZTNA connector to address Symantec ZTNA cloud.

    hostname
    string

    The name of the host running the Symantec ZTNA connector container.

    geo_location
    string

    Geo location based on the external-ip, including the hosted cloud service if applicable.

    kubernetes_persistent_volume_name
    string (kubernetes_persistent_volume_name)
    Default: null

    A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate.
    The persistent volume must be defined for deployments of type Kubernetes in order to support connector failovers. This property value is inherited from the contained site and can be overridden at the connector level.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/connectors/18837193-a81a-400f-b38d-482379e3ab47' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
    • "name": "TestSite-Connector-3",
    • "version": "2.5.1+964",
    • "registered": true,
    • "otp": null,
    • "date_created": "2025-07-28T13:34:25Z",
    • "date_registered": "2025-07-28T13:34:25Z",
    • "date_otp_expire": "2025-07-28T13:34:25Z",
    • "send_logs": false,
    • "enabled": true,
    • "connector_status": "StatusReady",
    • "update_status": "UpdateFailed",
    • "update_status_info": "error downloading new connector",
    • "internal_ip": "10.10.10.1",
    • "external_ip": "109.155.209.167",
    • "hostname": "TestSite-Connector-3-Linux",
    • "geo_location": "Microsoft Azure, Netherlands, Amsterdam",
    • "deployment_type": "kubernetes",
    • "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
    }

    Delete Connector

    delete /connectors/{connector-id}

    Default server.

    https://api.acme.luminatesec.com/v2/connectors/{connector-id}

    Delete the connector from the contained site in your Symantec ZTNA tenant.
    In order to complete the action the connector container that runs in the corresponding datacenter should be removed.

    Authorizations:
    OAuth
    path Parameters
    connector-id
    required
    string <uuid>
    Example: 18837193-a81a-400f-b38d-482379e3ab47

    Connector ID.

    Responses

    204

    successful operation.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X DELETE 'https://api.acme.luminatesec.com/v2/connectors/18837193-a81a-400f-b38d-482379e3ab47' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Example
    InvalidIDParameter
    Copy
     Expand all Collapse all
    {
    • "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
    • "timestamp": 1548259503065,
    • "status": 400,
    • "reasonPhrase": "Bad Request",
    • "message": "Invalid request parameters: Invalid ID format - failed to process request"
    }

    Get Connector Deployment Command

    get /connectors/{connector-id}/command

    Default server.

    https://api.acme.luminatesec.com/v2/connectors/{connector-id}/command

    Returns the command for deploying Symantec ZTNA connector as a docker image. This endpoint is valid for connectors of version 2.5.10 and higher. The command is generated based on the deployment_type that was set for the connector: windows / linux / docker-compose / Kubernetes. Executing the command on the target machine is the last step in configuring the Symantec ZTNA Connector.

    Authorizations:
    OAuth
    path Parameters
    connector-id
    required
    string <uuid>
    Example: 18837193-a81a-400f-b38d-482379e3ab47

    Connector ID.

    Responses

    200

    successful operation.

    Response Schema: application/json
    deployment_commands
    string
    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/connectors/18837193-a81a-400f-b38d-482379e3ab47/command' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "deployment_commands": "sudo docker run --ulimit nofile=2048 -e ENDPOINT_URL='acme.luminatesite.com' \\\n-e TENANT_IDENTIFIER='12f3e95861234567a123a7c582a0a51f_acme' \\ --network=host \\\n-d \\ --name='TestSite-Connector-3' \\ --restart=on-failure \\ -e HTTPS_SKIP_CERT_VERIFY='true' \\\n-e OTP='2d1e1bfa-1234-41bf-a805-a3d1aa7eb5d1' \\ -e LOG_LEVEL=debug \\ -e DISABLE_ERROR_TRACKER=true \\\nluminate/connector:2.5.8\n"
    }

    Get Connector Environment Variables

    get /connectors/{connector-id}/environment_variables

    Default server.

    https://api.acme.luminatesec.com/v2/connectors/{connector-id}/environment_variables

    Returns the set of environment variables required for deployed connector in a conveniently JSON format. Applicable for all connector types that was set for the connector: windows / linux / docker-compose / Kubernetes.

    Authorizations:
    OAuth
    path Parameters
    connector-id
    required
    string <uuid>
    Example: 18837193-a81a-400f-b38d-482379e3ab47

    Connector ID.

    Responses

    200

    successful operation.

    Response Schema: application/json
    container_name
    string
    environment_variables
    Array of objects

    An array of environment variables

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/connectors/18837193-a81a-400f-b38d-482379e3ab47/environment_variables' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "container_name": "TestSite-Connector-3",
    • "environment_variables":
      [
      ]
    }

    Get Connector Version

    get /connectors/version

    Default server.

    https://api.acme.luminatesec.com/v2/connectors/version

    Returns the latest connector version available for the tenant

    Authorizations:
    OAuth

    Responses

    200

    successful operation.

    Response Schema: application/json
    connector_version
    string
    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/connectors/version' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "connector_version": "2.5.8"
    }

    Applications

    Application is the internal resource you would like to publish using Symantec ZTNA.

    Create Application

    post /applications

    Default server.

    https://api.acme.luminatesec.com/v2/applications

    Creates an application in your Symantec ZTNA tenant.

    Note: To allow access to a newly created application, you should have a Site defined and Symantec ZTNA Connectors deployed, as well as access policy, this application assigned to. You can then assign the application to the required site using Bind Application to Site API. You can assign the application to the policy using Assign Application to policies.

    Authorizations:
    OAuth
    Request Body schema: application/json
    name
    required
    string [ 2 .. 40 ]

    A descriptive name of the application.

    id
    required
    string <uuid> (ApplicationID)

    A unique identifier of the application.

    Note: This field is required for any operation other than initial creation.

    type
    required
    string (ApplicationType)

    DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications.

    SSH
    connectionSettings
    required
    object (ApplicationConnectionSettingsSSH)
    icon
    string Nullable
    Default: null

    Base64 representation of the icon file, size should be up to 40x40 pixels.

    isVisible
    boolean Nullable
    Default: true

    Indicates whether to show this application in the applications portal.

    isNotificationEnabled
    boolean Nullable
    Default: true

    Indicates whether notifications are enabled for this application.

    enabled
    boolean Nullable
    Default: true

    Indicates the application status configured by Admin (enabled/disabled).

    collectionId
    string <uuid> Nullable

    A unique identifier of the collection assigned to application. Note: if field not provided application will created on default collection.

    Responses

    201

    successful operation.

    Response Schema: application/json
    name
    required
    string [ 2 .. 40 ]

    A descriptive name of the application.

    id
    required
    string <uuid> (ApplicationID)

    A unique identifier of the application.

    Note: This field is required for any operation other than initial creation.

    type
    required
    string (ApplicationType)
    Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" "DNS"

    DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications.

    connectionSettings
    required
    object (ApplicationConnectionSettings)
    createdOn
    number

    Application creation date, epoch time in milliseconds.

    Note: This field is automatically populated.

    modifiedOn
    number

    Application last modification date, epoch time in milliseconds.

    Note: This field is automatically populated.

    icon
    string Nullable
    Default: null

    Base64 representation of the icon file, size should be up to 40x40 pixels.

    isVisible
    boolean Nullable
    Default: true

    Indicates whether to show this application in the applications portal.

    isNotificationEnabled
    boolean Nullable
    Default: true

    Indicates whether notifications are enabled for this application.

    enabled
    boolean Nullable
    Default: true

    Indicates the application status configured by Admin (enabled/disabled).

    health
    object (ApplicationHealth)
    collectionId
    string <uuid> Nullable

    A unique identifier of the collection assigned to application. Note: if field not provided application will created on default collection.

    subType
    string (ApplicationSubType)
    Enum: "HTTP_LUMINATE_DOMAIN" "HTTP_CUSTOM_DOMAIN" "HTTP_WILDCARD_DOMAIN" "SINGLE_MACHINE" "MULTIPLE_MACHINES" "SEGMENT_SPECIFIC_IPS" "SEGMENT_RANGE" "RDP_BROWSER_SINGLE_MACHINE" "RDP_BROWSER_MULTIPLE_MACHINES"

    Valid sub-types for HTTP applications:

    HTTP_LUMINATE_DOMAIN – Symantec ZTNA domain (i.e. testapp.acme.luminatesec.com).
    HTTP_CUSTOM_DOMAIN - custom domain (i.e. testapp.acme.com).
    HTTP_WILDCARD_DOMAIN - Wildcard with custom domain (i.e. *.acme.com).
    If no value is given then a default value is set as follows:
    HTTP_LUMINATE_DOMAIN for application with a null or empty customExternalAddress, HTTP_CUSTOM_DOMAIN otherwise.

    Valid sub-types for RDP applications:

    SINGLE_MACHINE - RDP application default sub type, one to one mapping.
    MULTIPLE_MACHINES - one to many mapping for RDP type.
    RDP_BROWSER_SINGLE_MACHINE - one to one mapping for RDP type.
    RDP_BROWSER_MULTIPLE_MACHINES - one to many mapping for RDP type.

    Valid sub-types for Segment applications:

    SEGMENT_SPECIFIC_IPS - Segment application with single or multipe IPs as targets (i.e 10.0.0.0).
    SEGMENT_RANGE - Segment application with IP range or mask as target (i.e 10.0.0.0/30 or 10.0.0.0-10.0.0.2).
    If no value is given then a default value is set as follows:
    SEGMENT_SPECIFIC_IPS for application with IP address, SEGMENT_RANGE for application with range or mask.

    linkTranslationSettings
    object (ApplicationLinkTranslationSettings)
    requestCustomizationSettings
    object (ApplicationRequestCustomizationSettings)
    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    409

    Conflict - Value of one of the provided fields is already used by an existing object.

    500

    Internal Server Error.

    Request samples

    Content type
    application/json
    Example
    SSH
    Copy
     Expand all Collapse all
    {
    • "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "name": "TestApplication",
    • "type": "SSH",
    • "icon": null,
    • "isVisible": true,
    • "isNotificationEnabled": true,
    • "enabled": true,
    • "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "connectionSettings":
      {
      }
    }

    Response samples

    Content type
    application/json
    Example
    ApplicationHTTP
    Copy
     Expand all Collapse all
    {
    • "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "name": "TestApplication",
    • "type": "HTTP",
    • "createdOn": 1539000953351,
    • "modifiedOn": 1539000956235,
    • "icon": null,
    • "isVisible": true,
    • "isNotificationEnabled": true,
    • "enabled": true,
    • "health":
      {
      },
    • "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "subType": "HTTP_LUMINATE_DOMAIN",
    • "connectionSettings":
      {},
    • "linkTranslationSettings":
      {
      },
    • "requestCustomizationSettings":
      {
      },
    • "ApplicationHTTP": "ApplicationHTTP"
    }

    List Applications

    get /applications

    Default server.

    https://api.acme.luminatesec.com/v2/applications

    Return an array of paginated JSON objects. Each object represents an application configured in your Symantec ZTNA tenant.
    The supported sort keys are either ‘name’ for sorting by application name or ‘id’ for sorting by application id.
    Filter applies for the following fields: "name", "internal-address", "external-address", "custom-domain" and "custom-root-path".
    Using the query filter=testapp will return all the applications for which one or more of the above listed fields contain "testapp"

    Authorizations:
    OAuth
    query Parameters
    sort
    string
    Default: "id,asc"
    Example: sort=name,desc

    The value of this parameter is a comma-separated list of sort key and sort direction. By default, query results are sorted in ascending order by item id. The supported sort directions are either 'asc' for ascending or 'desc' for descending.

    size
    number <int32> <= 100
    Default: 50
    Example: size=10

    The number of items returned in a single page.

    page
    number <int32>

    The page number.

    filter
    string
    Example: filter=test

    The string by which the results are filtered (see description)

    type
    string
    Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT"
    Example: type=HTTP

    Application type by which the results are filtered.

    siteId
    string <uuid>
    Example: siteId=5fa7bfe9e312345bce28f0a2ad9698b8

    Site ID by which the results are filtered.

    Responses

    200

    successful operation.

    Response Schema: application/json
    content
    Array of objects (Application)
    sort
    Array of objects (ApplicationSort)

    Response sorting techniques.

    first
    boolean

    Indicates whether the current page is the first one.

    last
    boolean

    Indicates whether the current page is the last one.

    size
    integer <int32>

    Maximum number of elements per page.

    totalElements
    integer <int32>

    Number of elements included in the response.

    totalPages
    integer <int32>

    Number of pages included in the response.

    number
    integer <int32>

    Page number

    numberOfElements
    integer <int32>

    Number of elements in current page.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/applications?sort=name,desc&size=10&page=0&filter=test&type=HTTP&siteId=5fa7bfe9e312345bce28f0a2ad9698b8' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "content":
      [
      ],
    • "sort":
      [
      ],
    • "first": true,
    • "last": true,
    • "size": 50,
    • "totalElements": 1,
    • "totalPages": 1,
    • "number": 0,
    • "numberOfElements": 1
    }

    Get Application

    get /applications/{application-id}

    Default server.

    https://api.acme.luminatesec.com/v2/applications/{application-id}

    Returns the details of an Application from your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    path Parameters
    application-id
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    Application ID.

    Responses

    200

    successful operation.

    Response Schema: application/json
    name
    required
    string [ 2 .. 40 ]

    A descriptive name of the application.

    id
    required
    string <uuid> (ApplicationID)

    A unique identifier of the application.

    Note: This field is required for any operation other than initial creation.

    type
    required
    string (ApplicationType)
    Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" "DNS"

    DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications.

    connectionSettings
    required
    object (ApplicationConnectionSettings)
    createdOn
    number

    Application creation date, epoch time in milliseconds.

    Note: This field is automatically populated.

    modifiedOn
    number

    Application last modification date, epoch time in milliseconds.

    Note: This field is automatically populated.

    icon
    string Nullable
    Default: null

    Base64 representation of the icon file, size should be up to 40x40 pixels.

    isVisible
    boolean Nullable
    Default: true

    Indicates whether to show this application in the applications portal.

    isNotificationEnabled
    boolean Nullable
    Default: true

    Indicates whether notifications are enabled for this application.

    enabled
    boolean Nullable
    Default: true

    Indicates the application status configured by Admin (enabled/disabled).

    health
    object (ApplicationHealth)
    collectionId
    string <uuid> Nullable

    A unique identifier of the collection assigned to application. Note: if field not provided application will created on default collection.

    subType
    string (ApplicationSubType)
    Enum: "HTTP_LUMINATE_DOMAIN" "HTTP_CUSTOM_DOMAIN" "HTTP_WILDCARD_DOMAIN" "SINGLE_MACHINE" "MULTIPLE_MACHINES" "SEGMENT_SPECIFIC_IPS" "SEGMENT_RANGE" "RDP_BROWSER_SINGLE_MACHINE" "RDP_BROWSER_MULTIPLE_MACHINES"

    Valid sub-types for HTTP applications:

    HTTP_LUMINATE_DOMAIN – Symantec ZTNA domain (i.e. testapp.acme.luminatesec.com).
    HTTP_CUSTOM_DOMAIN - custom domain (i.e. testapp.acme.com).
    HTTP_WILDCARD_DOMAIN - Wildcard with custom domain (i.e. *.acme.com).
    If no value is given then a default value is set as follows:
    HTTP_LUMINATE_DOMAIN for application with a null or empty customExternalAddress, HTTP_CUSTOM_DOMAIN otherwise.

    Valid sub-types for RDP applications:

    SINGLE_MACHINE - RDP application default sub type, one to one mapping.
    MULTIPLE_MACHINES - one to many mapping for RDP type.
    RDP_BROWSER_SINGLE_MACHINE - one to one mapping for RDP type.
    RDP_BROWSER_MULTIPLE_MACHINES - one to many mapping for RDP type.

    Valid sub-types for Segment applications:

    SEGMENT_SPECIFIC_IPS - Segment application with single or multipe IPs as targets (i.e 10.0.0.0).
    SEGMENT_RANGE - Segment application with IP range or mask as target (i.e 10.0.0.0/30 or 10.0.0.0-10.0.0.2).
    If no value is given then a default value is set as follows:
    SEGMENT_SPECIFIC_IPS for application with IP address, SEGMENT_RANGE for application with range or mask.

    linkTranslationSettings
    object (ApplicationLinkTranslationSettings)
    requestCustomizationSettings
    object (ApplicationRequestCustomizationSettings)
    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/applications/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Example
    ApplicationHTTP
    Copy
     Expand all Collapse all
    {
    • "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "name": "TestApplication",
    • "type": "HTTP",
    • "createdOn": 1539000953351,
    • "modifiedOn": 1539000956235,
    • "icon": null,
    • "isVisible": true,
    • "isNotificationEnabled": true,
    • "enabled": true,
    • "health":
      {
      },
    • "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "subType": "HTTP_LUMINATE_DOMAIN",
    • "connectionSettings":
      {},
    • "linkTranslationSettings":
      {
      },
    • "requestCustomizationSettings":
      {
      },
    • "ApplicationHTTP": "ApplicationHTTP"
    }

    Update Application

    put /applications/{application-id}

    Default server.

    https://api.acme.luminatesec.com/v2/applications/{application-id}

    Update an existing application in your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    path Parameters
    application-id
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    Application ID.

    Request Body schema: application/json
    name
    required
    string [ 2 .. 40 ]

    A descriptive name of the application.

    id
    required
    string <uuid> (ApplicationID)

    A unique identifier of the application.

    Note: This field is required for any operation other than initial creation.

    type
    required
    string (ApplicationType)

    DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications.

    SSH
    connectionSettings
    required
    object (ApplicationConnectionSettingsSSH)
    icon
    string Nullable
    Default: null

    Base64 representation of the icon file, size should be up to 40x40 pixels.

    isVisible
    boolean Nullable
    Default: true

    Indicates whether to show this application in the applications portal.

    isNotificationEnabled
    boolean Nullable
    Default: true

    Indicates whether notifications are enabled for this application.

    enabled
    boolean Nullable
    Default: true

    Indicates the application status configured by Admin (enabled/disabled).

    collectionId
    string <uuid> Nullable

    A unique identifier of the collection assigned to application. Note: if field not provided application will created on default collection.

    Responses

    200

    successful operation.

    Response Schema: application/json
    name
    required
    string [ 2 .. 40 ]

    A descriptive name of the application.

    id
    required
    string <uuid> (ApplicationID)

    A unique identifier of the application.

    Note: This field is required for any operation other than initial creation.

    type
    required
    string (ApplicationType)
    Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" "DNS"

    DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications.

    connectionSettings
    required
    object (ApplicationConnectionSettings)
    createdOn
    number

    Application creation date, epoch time in milliseconds.

    Note: This field is automatically populated.

    modifiedOn
    number

    Application last modification date, epoch time in milliseconds.

    Note: This field is automatically populated.

    icon
    string Nullable
    Default: null

    Base64 representation of the icon file, size should be up to 40x40 pixels.

    isVisible
    boolean Nullable
    Default: true

    Indicates whether to show this application in the applications portal.

    isNotificationEnabled
    boolean Nullable
    Default: true

    Indicates whether notifications are enabled for this application.

    enabled
    boolean Nullable
    Default: true

    Indicates the application status configured by Admin (enabled/disabled).

    health
    object (ApplicationHealth)
    collectionId
    string <uuid> Nullable

    A unique identifier of the collection assigned to application. Note: if field not provided application will created on default collection.

    subType
    string (ApplicationSubType)
    Enum: "HTTP_LUMINATE_DOMAIN" "HTTP_CUSTOM_DOMAIN" "HTTP_WILDCARD_DOMAIN" "SINGLE_MACHINE" "MULTIPLE_MACHINES" "SEGMENT_SPECIFIC_IPS" "SEGMENT_RANGE" "RDP_BROWSER_SINGLE_MACHINE" "RDP_BROWSER_MULTIPLE_MACHINES"

    Valid sub-types for HTTP applications:

    HTTP_LUMINATE_DOMAIN – Symantec ZTNA domain (i.e. testapp.acme.luminatesec.com).
    HTTP_CUSTOM_DOMAIN - custom domain (i.e. testapp.acme.com).
    HTTP_WILDCARD_DOMAIN - Wildcard with custom domain (i.e. *.acme.com).
    If no value is given then a default value is set as follows:
    HTTP_LUMINATE_DOMAIN for application with a null or empty customExternalAddress, HTTP_CUSTOM_DOMAIN otherwise.

    Valid sub-types for RDP applications:

    SINGLE_MACHINE - RDP application default sub type, one to one mapping.
    MULTIPLE_MACHINES - one to many mapping for RDP type.
    RDP_BROWSER_SINGLE_MACHINE - one to one mapping for RDP type.
    RDP_BROWSER_MULTIPLE_MACHINES - one to many mapping for RDP type.

    Valid sub-types for Segment applications:

    SEGMENT_SPECIFIC_IPS - Segment application with single or multipe IPs as targets (i.e 10.0.0.0).
    SEGMENT_RANGE - Segment application with IP range or mask as target (i.e 10.0.0.0/30 or 10.0.0.0-10.0.0.2).
    If no value is given then a default value is set as follows:
    SEGMENT_SPECIFIC_IPS for application with IP address, SEGMENT_RANGE for application with range or mask.

    linkTranslationSettings
    object (ApplicationLinkTranslationSettings)
    requestCustomizationSettings
    object (ApplicationRequestCustomizationSettings)
    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    409

    Conflict - Value of one of the provided fields is already used by an existing object.

    500

    Internal Server Error.

    Request samples

    Content type
    application/json
    Example
    SSH
    Copy
     Expand all Collapse all
    {
    • "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "name": "TestApplication",
    • "type": "SSH",
    • "icon": null,
    • "isVisible": true,
    • "isNotificationEnabled": true,
    • "enabled": true,
    • "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "connectionSettings":
      {
      }
    }

    Response samples

    Content type
    application/json
    Example
    ApplicationHTTP
    Copy
     Expand all Collapse all
    {
    • "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "name": "TestApplication",
    • "type": "HTTP",
    • "createdOn": 1539000953351,
    • "modifiedOn": 1539000956235,
    • "icon": null,
    • "isVisible": true,
    • "isNotificationEnabled": true,
    • "enabled": true,
    • "health":
      {
      },
    • "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "subType": "HTTP_LUMINATE_DOMAIN",
    • "connectionSettings":
      {},
    • "linkTranslationSettings":
      {
      },
    • "requestCustomizationSettings":
      {
      },
    • "ApplicationHTTP": "ApplicationHTTP"
    }

    Delete Application

    delete /applications/{application-id}

    Default server.

    https://api.acme.luminatesec.com/v2/applications/{application-id}

    Delete an application from your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    path Parameters
    application-id
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    Application ID.

    Responses

    204

    successful operation.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X DELETE 'https://api.acme.luminatesec.com/v2/applications/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Example
    InvalidIDParameter
    Copy
     Expand all Collapse all
    {
    • "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
    • "timestamp": 1548259503065,
    • "status": 400,
    • "reasonPhrase": "Bad Request",
    • "message": "Invalid request parameters: Invalid ID format - failed to process request"
    }

    Bind Application to Site

    put /applications/{application-id}/site-binding/{site-id}

    Default server.

    https://api.acme.luminatesec.com/v2/applications/{application-id}/site-binding/{site-id}

    Bind your Application to an existing Site in your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    path Parameters
    application-id
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    Application ID.

    site-id
    required
    string <uuid>
    Example: 3c536623-4763-4f67-a45a-e88f3d08cdd5

    Site ID.

    Request Body schema: application/json
    any

    Responses

    200

    successful operation.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    null

    Response samples

    Content type
    application/json
    Example
    InvalidIDParameter
    Copy
     Expand all Collapse all
    {
    • "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
    • "timestamp": 1548259503065,
    • "status": 400,
    • "reasonPhrase": "Bad Request",
    • "message": "Invalid request parameters: Invalid ID format - failed to process request"
    }

    Get Application Health Status

    get /applications/{application-id}/status

    Default server.

    https://api.acme.luminatesec.com/v2/applications/{application-id}/status

    Returns the health status of the given Application from your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    path Parameters
    application-id
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    Application ID.

    Responses

    200

    successful operation.

    Response Schema: application/json
    applicationId
    string <uuid>
    status
    string
    Enum: "Available" "Unavailable" "Pending" "PartiallyAvailable"

    The application accessibility status.

    cause
    string

    Root cause for status different than "Available".

    lastUpdatedOn
    number

    Date when Application health was last updated on, epoch time in milliseconds.

    totalNumberOfConnectors
    integer <int32>

    The number of connectors that expose the application regardless of their health status.

    lastAvailableOn
    number

    Date when Application was last available, epoch time in milliseconds.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/applications/6fd0a892-8b70-471a-9dd7-bf374b07451f/status' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "applicationId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "status": "PartiallyAvailable",
    • "cause": "Some connector fail to expose application",
    • "lastUpdatedOn": 1539680482000,
    • "totalNumberOfConnectors": 2,
    • "lastAvailableOn": 1539680482000
    }

    Access and Activity Policies

    Symantec ZTNA continuously enforce contextual access and activity policies to control access to resources and restrict user’s actions within resources, based on the user/device context (such as the user’s group membership, user’s location, MFA status and managed/unmanaged device status) and the requested resource.

    Policy Evaluation
    For each access request, Symantec ZTNA processes the policies against the request context (user, device and the requested resource) to calculate the effective policies and to determine whether the request should be allowed or denied. If no access policy could be matched, the access is blocked.

    Access Policy configuration
    When defining an access policy, the following configuration is supported:

    1. Filter conditions - The conditions specify the context under which the activity policy will apply.
      Context includes information about the source IP address, source location and source device.
      The policy is effective only when *ALL* conditions are satisfied (evaluate to TRUE).
    2. Entities - users/groups/api-clients to which the policy applies.
    3. Resources - the applications to which the policy applies.
    4. Access settings - settings that are specific for the policy target protocol. For example SSH accounts as well as the supported authentication methods (temporary tokens or certificates) for target protocol SSH.
    5. Validators - The controls you want to enforce as a prerequisite for granting access to the requested resource. Examples are Multi-factor authentication and Web Verification.
    Activity Policy configuration
    Activity policies are used to control specific user’s actions within the resource to which the user has been granted access by Access Policy. Examples are restricting file downloads, controling access to specific URIs, limiting SSH commands and others). The activity policy consists of the entities (users or groups to which the policy applies), the applications to which the policy apply as well as filter conditions and rules.
    1. Activity policy filter conditions
      The conditions specify the context under which the activity policy will apply. Context includes information about the source IP address, source location and source device.
      The policy is effective only when *ALL* conditions are satisfied (evaluate to TRUE).
    2. Activity policy rules
      The rules specify the constraints on the action that the user wants to perform. For example URI black list for web applications or file download restrictions.
      Each rule contains the the activity which triggers the rule and the action, which determines how the Symantec ZTNA should react when such activity is triggered. For example block action in case of an attempt to access a non-allowed URI.

    Create Policy

    post /policies

    Default server.

    https://api.acme.luminatesec.com/v2/policies

    Creates an Access / Activity Policy in your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    Request Body schema: application/json
    type
    required
    string (PolicyType)

    Determines the policy type:

    1. ACCESS - control access to resources by continuously enforcing contextual authorization
    2. ACTIVITY - control user activity within resources to which access was granted.
    ACCESS
    targetProtocol
    required
    string (PolicyTargetProtocol)
    Enum: "HTTP" "SSH" "RDP" "TCP"
    name
    required
    string

    A descriptive name of the policy. The name must be unique.

    targetProtocolSubType
    string (PolicyTargetProtocolSubType)
    Enum: "RDP_BROWSER" "RDP_NATIVE"

    Valid sub-types for Policies:

    RDP_BROWSER – For browser based RDP connection.
    RDP_NATIVE - For RDP connection using RDP client.

    If no value is given then a default value is set to RDP_NATIVE.

    id
    string <uuid>

    A unique identifier of the policy.
    Note: This field is required for any operation other than initial creation.

    enabled
    boolean

    Indicates whether this policy is enabled.

    collectionId
    string <uuid> Nullable

    A unique identifier of the collection assigned to policy. Note: if field not provided policy will created on default collection.

    directoryEntities
    Array of objects (DirectoryEntity)

    The entities to which this policy applies.

    applications
    Array of objects (ApplicationBase)

    The applications to which this policy applies.

    filterConditions
    Array of objects (PolicyCondition)

    Filter conditions that specify the context of the user and the device in which the policy will apply. This Context includes information about the source IP address, source location and source device. The policy is effective only when ALL conditions are satisfied (evaluate to TRUE). Conditions are formed by using properties of the request context and describing their required state. For example, source IP should be one of the listed IP addresses. To retrieve the supported conditions use Get Supported Conditions API.

    timeSettingsType
    string
    Default: "permanent"
    Enum: "permanent" "temporary" "working_hours"

    configures the time settings type for the policy.

    Status
    string

    Indicates the policy status

    validators
    object

    The controls you want to enforce as a prerequisite for granting access to the requested resource. Examples are Multi-factor authentication and Web Verification. To configure the required controls, you should retrieve the supported validators IDs by using Get Supported Validators and set the proper ones to TRUE. Note: Applicable for policies of type ACCESS only.

    rdpSettings
    object (PolicyRDPSettings)

    Policy settings that are specific to applications of type RDP

    sshSettings
    object (PolicySSHSettings)

    Policy settings that are specific to applications of type SSH

    tcpSettings
    object (PolicyTCPSettings)

    Policy settings that are specific to applications of type RDP

    timeSettings
    object (PolicyTimeSettings)

    Holds additional information regarding time settings of rules. This property applies only in case timeSettingsType is set to "temporary".

    workingHoursSettings
    object (WorkingHoursSettings)

    Specifies time slots and weekdays for the secure access. This property applies only in case timeSettingsType is set to "working_hours".

    Responses

    200

    successful operation.

    Response Schema: application/json
    type
    required
    string (PolicyType)
    Enum: "ACCESS" "ACTIVITY"

    Determines the policy type:

    1. ACCESS - control access to resources by continuously enforcing contextual authorization
    2. ACTIVITY - control user activity within resources to which access was granted.
    targetProtocol
    required
    string (PolicyTargetProtocol)
    Enum: "HTTP" "SSH" "RDP" "TCP"
    name
    required
    string

    A descriptive name of the policy. The name must be unique.

    targetProtocolSubType
    string (PolicyTargetProtocolSubType)
    Enum: "RDP_BROWSER" "RDP_NATIVE"

    Valid sub-types for Policies:

    RDP_BROWSER – For browser based RDP connection.
    RDP_NATIVE - For RDP connection using RDP client.

    If no value is given then a default value is set to RDP_NATIVE.

    id
    string <uuid>

    A unique identifier of the policy.
    Note: This field is required for any operation other than initial creation.

    enabled
    boolean

    Indicates whether this policy is enabled.

    createdAt
    string <date-time>
    collectionId
    string <uuid> Nullable

    A unique identifier of the collection assigned to policy. Note: if field not provided policy will created on default collection.

    directoryEntities
    Array of objects (DirectoryEntity)

    The entities to which this policy applies.

    applications
    Array of objects (ApplicationBase)

    The applications to which this policy applies.

    filterConditions
    Array of objects (PolicyCondition)

    Filter conditions that specify the context of the user and the device in which the policy will apply. This Context includes information about the source IP address, source location and source device. The policy is effective only when ALL conditions are satisfied (evaluate to TRUE). Conditions are formed by using properties of the request context and describing their required state. For example, source IP should be one of the listed IP addresses. To retrieve the supported conditions use Get Supported Conditions API.

    timeSettingsType
    string
    Default: "permanent"
    Enum: "permanent" "temporary" "working_hours"

    configures the time settings type for the policy.

    Status
    string

    Indicates the policy status

    validators
    object

    The controls you want to enforce as a prerequisite for granting access to the requested resource. Examples are Multi-factor authentication and Web Verification. To configure the required controls, you should retrieve the supported validators IDs by using Get Supported Validators and set the proper ones to TRUE. Note: Applicable for policies of type ACCESS only.

    rdpSettings
    object (PolicyRDPSettings)

    Policy settings that are specific to applications of type RDP

    sshSettings
    object (PolicySSHSettings)

    Policy settings that are specific to applications of type SSH

    tcpSettings
    object (PolicyTCPSettings)

    Policy settings that are specific to applications of type RDP

    timeSettings
    object (PolicyTimeSettings)

    Holds additional information regarding time settings of rules. This property applies only in case timeSettingsType is set to "temporary".

    workingHoursSettings
    object (WorkingHoursSettings)

    Specifies time slots and weekdays for the secure access. This property applies only in case timeSettingsType is set to "working_hours".

    containers
    Array of objects (PolicyRule)

    The rules specify the constraints on the action that the user wants to perform. For example URI black list for web applications or file download restrictions. Each rule contains the the activity which triggers the rule and the action, which determines how the Symantec ZTNA should react when such activity is triggered. Example actions are ‘block action’ in case of an attempt to access a non-allowed URI.

    isWhitelist
    boolean

    Indicates whether Allow rules enabled for this policy, if disabled only Deny rules apply. For Allow rules only "ALLOW" action ID could be applied.

    isIsolation
    boolean

    Indicates whether Web Isolation is enabled for this policy. This flag is relevant only for Web Activity policies (type=”ACTIVITY” and targetProtocol=”HTTP”).

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    409

    Conflict - Value of one of the provided fields is already used by an existing object.

    500

    Internal Server Error.

    Request samples

    Content type
    application/json
    Example
    ACCESS
    Copy
     Expand all Collapse all
    {
    • "type": "ACCESS",
    • "targetProtocol": "SSH",
    • "targetProtocolSubType": "RDP_NATIVE",
    • "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
    • "enabled": true,
    • "name": "Contractors Policy to Jira",
    • "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "directoryEntities":
      [
      ],
    • "applications":
      [
      ],
    • "filterConditions":
      [
      ],
    • "timeSettingsType": "permanent",
    • "Status": "expired",
    • "validators":
      {
      },
    • "rdpSettings":
      {
      },
    • "sshSettings":
      {
      },
    • "tcpSettings":
      {
      },
    • "timeSettings":
      {
      },
    • "workingHoursSettings":
      {
      }
    }

    Response samples

    Content type
    application/json
    Example
    Policy
    Copy
     Expand all Collapse all
    {
    • "type": "ACCESS",
    • "targetProtocol": "SSH",
    • "targetProtocolSubType": "RDP_NATIVE",
    • "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
    • "enabled": true,
    • "createdAt": { },
    • "name": "Contractors Policy to Jira",
    • "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "directoryEntities":
      [
      ],
    • "applications":
      [
      ],
    • "filterConditions":
      [
      ],
    • "timeSettingsType": "permanent",
    • "Status": "expired",
    • "validators":
      {
      },
    • "rdpSettings":
      {
      },
    • "sshSettings":
      {
      },
    • "tcpSettings":
      {
      },
    • "timeSettings":
      {
      },
    • "workingHoursSettings":
      {
      },
    • "containers":
      [
      ],
    • "isWhitelist": true,
    • "isIsolation": true,
    • "PolicyAccess": "Policy"
    }

    List Policies

    get /policies

    Default server.

    https://api.acme.luminatesec.com/v2/policies

    Return an array of paginated JSON objects. Each object represents a policy configured in your Symantec ZTNA tenant.
    The supported sort keys are either ‘name’ for sorting by policy name or ‘id’ for sorting by policy id.
    Filter applies for the policy name only.
    Using the query filter=testpolicy will return all the policies for which one or more of the above listed fields contain "testpolicy"

    Authorizations:
    OAuth
    query Parameters
    sort
    string
    Default: "id,asc"
    Example: sort=name,desc

    The value of this parameter is a comma-separated list of sort key and sort direction. By default, query results are sorted in ascending order by item id. The supported sort directions are either 'asc' for ascending or 'desc' for descending.

    size
    number <int32> <= 100
    Default: 50
    Example: size=10

    The number of items returned in a single page.

    page
    number <int32>

    The page number.

    filter
    string
    Example: filter=test

    The string by which the results are filtered (see description)

    Responses

    200

    successful operation.

    Response Schema: application/json
    content
    Array of objects (PolicyByType)
    first
    boolean

    Indicates whether the current page is the first one.

    last
    boolean

    Indicates whether the current page is the last one.

    size
    integer <int32>

    Maximum number of elements per page.

    totalElements
    integer <int32>

    Number of elements included in the response.

    totalPages
    integer <int32>

    Number of pages included in the response.

    number
    integer <int32>

    Page number

    numberOfElements
    integer <int32>

    Number of elements in current page.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/policies?sort=name,desc&size=10&page=0&filter=test' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "content":
      [
      ],
    • "first": true,
    • "last": true,
    • "size": 50,
    • "totalElements": 1,
    • "totalPages": 1,
    • "number": 0,
    • "numberOfElements": 1
    }

    Get Policy

    get /policies/{policy-id}

    Default server.

    https://api.acme.luminatesec.com/v2/policies/{policy-id}

    Returns the details of a Policy from your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    path Parameters
    policy-id
    required
    string <uuid>
    Example: 6fd0a531-6b70-471a-9dd7-bf374b07814f

    Policy ID.

    Responses

    200

    successful operation.

    Response Schema: application/json
    type
    required
    string (PolicyType)
    Enum: "ACCESS" "ACTIVITY"

    Determines the policy type:

    1. ACCESS - control access to resources by continuously enforcing contextual authorization
    2. ACTIVITY - control user activity within resources to which access was granted.
    targetProtocol
    required
    string (PolicyTargetProtocol)
    Enum: "HTTP" "SSH" "RDP" "TCP"
    name
    required
    string

    A descriptive name of the policy. The name must be unique.

    targetProtocolSubType
    string (PolicyTargetProtocolSubType)
    Enum: "RDP_BROWSER" "RDP_NATIVE"

    Valid sub-types for Policies:

    RDP_BROWSER – For browser based RDP connection.
    RDP_NATIVE - For RDP connection using RDP client.

    If no value is given then a default value is set to RDP_NATIVE.

    id
    string <uuid>

    A unique identifier of the policy.
    Note: This field is required for any operation other than initial creation.

    enabled
    boolean

    Indicates whether this policy is enabled.

    createdAt
    string <date-time>
    collectionId
    string <uuid> Nullable

    A unique identifier of the collection assigned to policy. Note: if field not provided policy will created on default collection.

    directoryEntities
    Array of objects (DirectoryEntity)

    The entities to which this policy applies.

    applications
    Array of objects (ApplicationBase)

    The applications to which this policy applies.

    filterConditions
    Array of objects (PolicyCondition)

    Filter conditions that specify the context of the user and the device in which the policy will apply. This Context includes information about the source IP address, source location and source device. The policy is effective only when ALL conditions are satisfied (evaluate to TRUE). Conditions are formed by using properties of the request context and describing their required state. For example, source IP should be one of the listed IP addresses. To retrieve the supported conditions use Get Supported Conditions API.

    timeSettingsType
    string
    Default: "permanent"
    Enum: "permanent" "temporary" "working_hours"

    configures the time settings type for the policy.

    Status
    string

    Indicates the policy status

    validators
    object

    The controls you want to enforce as a prerequisite for granting access to the requested resource. Examples are Multi-factor authentication and Web Verification. To configure the required controls, you should retrieve the supported validators IDs by using Get Supported Validators and set the proper ones to TRUE. Note: Applicable for policies of type ACCESS only.

    rdpSettings
    object (PolicyRDPSettings)

    Policy settings that are specific to applications of type RDP

    sshSettings
    object (PolicySSHSettings)

    Policy settings that are specific to applications of type SSH

    tcpSettings
    object (PolicyTCPSettings)

    Policy settings that are specific to applications of type RDP

    timeSettings
    object (PolicyTimeSettings)

    Holds additional information regarding time settings of rules. This property applies only in case timeSettingsType is set to "temporary".

    workingHoursSettings
    object (WorkingHoursSettings)

    Specifies time slots and weekdays for the secure access. This property applies only in case timeSettingsType is set to "working_hours".

    containers
    Array of objects (PolicyRule)

    The rules specify the constraints on the action that the user wants to perform. For example URI black list for web applications or file download restrictions. Each rule contains the the activity which triggers the rule and the action, which determines how the Symantec ZTNA should react when such activity is triggered. Example actions are ‘block action’ in case of an attempt to access a non-allowed URI.

    isWhitelist
    boolean

    Indicates whether Allow rules enabled for this policy, if disabled only Deny rules apply. For Allow rules only "ALLOW" action ID could be applied.

    isIsolation
    boolean

    Indicates whether Web Isolation is enabled for this policy. This flag is relevant only for Web Activity policies (type=”ACTIVITY” and targetProtocol=”HTTP”).

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/policies/6fd0a531-6b70-471a-9dd7-bf374b07814f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Example
    Policy
    Copy
     Expand all Collapse all
    {
    • "type": "ACCESS",
    • "targetProtocol": "SSH",
    • "targetProtocolSubType": "RDP_NATIVE",
    • "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
    • "enabled": true,
    • "createdAt": { },
    • "name": "Contractors Policy to Jira",
    • "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "directoryEntities":
      [
      ],
    • "applications":
      [
      ],
    • "filterConditions":
      [
      ],
    • "timeSettingsType": "permanent",
    • "Status": "expired",
    • "validators":
      {
      },
    • "rdpSettings":
      {
      },
    • "sshSettings":
      {
      },
    • "tcpSettings":
      {
      },
    • "timeSettings":
      {
      },
    • "workingHoursSettings":
      {
      },
    • "containers":
      [
      ],
    • "isWhitelist": true,
    • "isIsolation": true,
    • "PolicyAccess": "Policy"
    }

    Update Policy

    put /policies/{policy-id}

    Default server.

    https://api.acme.luminatesec.com/v2/policies/{policy-id}

    Update an existing policy in your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    path Parameters
    policy-id
    required
    string <uuid>
    Example: 6fd0a531-6b70-471a-9dd7-bf374b07814f

    Policy ID.

    Request Body schema: application/json
    type
    required
    string (PolicyType)
    Enum: "ACCESS" "ACTIVITY"

    Determines the policy type:

    1. ACCESS - control access to resources by continuously enforcing contextual authorization
    2. ACTIVITY - control user activity within resources to which access was granted.
    targetProtocol
    required
    string (PolicyTargetProtocol)
    Enum: "HTTP" "SSH" "RDP" "TCP"
    name
    required
    string

    A descriptive name of the policy. The name must be unique.

    targetProtocolSubType
    string (PolicyTargetProtocolSubType)
    Enum: "RDP_BROWSER" "RDP_NATIVE"

    Valid sub-types for Policies:

    RDP_BROWSER – For browser based RDP connection.
    RDP_NATIVE - For RDP connection using RDP client.

    If no value is given then a default value is set to RDP_NATIVE.

    id
    string <uuid>

    A unique identifier of the policy.
    Note: This field is required for any operation other than initial creation.

    enabled
    boolean

    Indicates whether this policy is enabled.

    collectionId
    string <uuid> Nullable

    A unique identifier of the collection assigned to policy. Note: if field not provided policy will created on default collection.

    directoryEntities
    Array of objects (DirectoryEntity)

    The entities to which this policy applies.

    applications
    Array of objects (ApplicationBase)

    The applications to which this policy applies.

    filterConditions
    Array of objects (PolicyCondition)

    Filter conditions that specify the context of the user and the device in which the policy will apply. This Context includes information about the source IP address, source location and source device. The policy is effective only when ALL conditions are satisfied (evaluate to TRUE). Conditions are formed by using properties of the request context and describing their required state. For example, source IP should be one of the listed IP addresses. To retrieve the supported conditions use Get Supported Conditions API.

    timeSettingsType
    string
    Default: "permanent"
    Enum: "permanent" "temporary" "working_hours"

    configures the time settings type for the policy.

    Status
    string

    Indicates the policy status

    validators
    object

    The controls you want to enforce as a prerequisite for granting access to the requested resource. Examples are Multi-factor authentication and Web Verification. To configure the required controls, you should retrieve the supported validators IDs by using Get Supported Validators and set the proper ones to TRUE. Note: Applicable for policies of type ACCESS only.

    rdpSettings
    object (PolicyRDPSettings)

    Policy settings that are specific to applications of type RDP

    sshSettings
    object (PolicySSHSettings)

    Policy settings that are specific to applications of type SSH

    tcpSettings
    object (PolicyTCPSettings)

    Policy settings that are specific to applications of type RDP

    timeSettings
    object (PolicyTimeSettings)

    Holds additional information regarding time settings of rules. This property applies only in case timeSettingsType is set to "temporary".

    workingHoursSettings
    object (WorkingHoursSettings)

    Specifies time slots and weekdays for the secure access. This property applies only in case timeSettingsType is set to "working_hours".

    containers
    Array of objects (PolicyRule)

    The rules specify the constraints on the action that the user wants to perform. For example URI black list for web applications or file download restrictions. Each rule contains the the activity which triggers the rule and the action, which determines how the Symantec ZTNA should react when such activity is triggered. Example actions are ‘block action’ in case of an attempt to access a non-allowed URI.

    isWhitelist
    boolean

    Indicates whether Allow rules enabled for this policy, if disabled only Deny rules apply. For Allow rules only "ALLOW" action ID could be applied.

    isIsolation
    boolean

    Indicates whether Web Isolation is enabled for this policy. This flag is relevant only for Web Activity policies (type=”ACTIVITY” and targetProtocol=”HTTP”).

    Responses

    200

    successful operation.

    Response Schema: application/json
    type
    required
    string (PolicyType)
    Enum: "ACCESS" "ACTIVITY"

    Determines the policy type:

    1. ACCESS - control access to resources by continuously enforcing contextual authorization
    2. ACTIVITY - control user activity within resources to which access was granted.
    targetProtocol
    required
    string (PolicyTargetProtocol)
    Enum: "HTTP" "SSH" "RDP" "TCP"
    name
    required
    string

    A descriptive name of the policy. The name must be unique.

    targetProtocolSubType
    string (PolicyTargetProtocolSubType)
    Enum: "RDP_BROWSER" "RDP_NATIVE"

    Valid sub-types for Policies:

    RDP_BROWSER – For browser based RDP connection.
    RDP_NATIVE - For RDP connection using RDP client.

    If no value is given then a default value is set to RDP_NATIVE.

    id
    string <uuid>

    A unique identifier of the policy.
    Note: This field is required for any operation other than initial creation.

    enabled
    boolean

    Indicates whether this policy is enabled.

    createdAt
    string <date-time>
    collectionId
    string <uuid> Nullable

    A unique identifier of the collection assigned to policy. Note: if field not provided policy will created on default collection.

    directoryEntities
    Array of objects (DirectoryEntity)

    The entities to which this policy applies.

    applications
    Array of objects (ApplicationBase)

    The applications to which this policy applies.

    filterConditions
    Array of objects (PolicyCondition)

    Filter conditions that specify the context of the user and the device in which the policy will apply. This Context includes information about the source IP address, source location and source device. The policy is effective only when ALL conditions are satisfied (evaluate to TRUE). Conditions are formed by using properties of the request context and describing their required state. For example, source IP should be one of the listed IP addresses. To retrieve the supported conditions use Get Supported Conditions API.

    timeSettingsType
    string
    Default: "permanent"
    Enum: "permanent" "temporary" "working_hours"

    configures the time settings type for the policy.

    Status
    string

    Indicates the policy status

    validators
    object

    The controls you want to enforce as a prerequisite for granting access to the requested resource. Examples are Multi-factor authentication and Web Verification. To configure the required controls, you should retrieve the supported validators IDs by using Get Supported Validators and set the proper ones to TRUE. Note: Applicable for policies of type ACCESS only.

    rdpSettings
    object (PolicyRDPSettings)

    Policy settings that are specific to applications of type RDP

    sshSettings
    object (PolicySSHSettings)

    Policy settings that are specific to applications of type SSH

    tcpSettings
    object (PolicyTCPSettings)

    Policy settings that are specific to applications of type RDP

    timeSettings
    object (PolicyTimeSettings)

    Holds additional information regarding time settings of rules. This property applies only in case timeSettingsType is set to "temporary".

    workingHoursSettings
    object (WorkingHoursSettings)

    Specifies time slots and weekdays for the secure access. This property applies only in case timeSettingsType is set to "working_hours".

    containers
    Array of objects (PolicyRule)

    The rules specify the constraints on the action that the user wants to perform. For example URI black list for web applications or file download restrictions. Each rule contains the the activity which triggers the rule and the action, which determines how the Symantec ZTNA should react when such activity is triggered. Example actions are ‘block action’ in case of an attempt to access a non-allowed URI.

    isWhitelist
    boolean

    Indicates whether Allow rules enabled for this policy, if disabled only Deny rules apply. For Allow rules only "ALLOW" action ID could be applied.

    isIsolation
    boolean

    Indicates whether Web Isolation is enabled for this policy. This flag is relevant only for Web Activity policies (type=”ACTIVITY” and targetProtocol=”HTTP”).

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    409

    Conflict - Value of one of the provided fields is already used by an existing object.

    500

    Internal Server Error.

    Request samples

    Content type
    application/json
    Example
    Policy
    Copy
     Expand all Collapse all
    {
    • "type": "ACCESS",
    • "targetProtocol": "SSH",
    • "targetProtocolSubType": "RDP_NATIVE",
    • "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
    • "enabled": true,
    • "name": "Contractors Policy to Jira",
    • "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "directoryEntities":
      [
      ],
    • "applications":
      [
      ],
    • "filterConditions":
      [
      ],
    • "timeSettingsType": "permanent",
    • "Status": "expired",
    • "validators":
      {
      },
    • "rdpSettings":
      {
      },
    • "sshSettings":
      {
      },
    • "tcpSettings":
      {
      },
    • "timeSettings":
      {
      },
    • "workingHoursSettings":
      {
      },
    • "containers":
      [
      ],
    • "isWhitelist": true,
    • "isIsolation": true,
    • "PolicyAccess": "Policy"
    }

    Response samples

    Content type
    application/json
    Example
    Policy
    Copy
     Expand all Collapse all
    {
    • "type": "ACCESS",
    • "targetProtocol": "SSH",
    • "targetProtocolSubType": "RDP_NATIVE",
    • "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
    • "enabled": true,
    • "createdAt": { },
    • "name": "Contractors Policy to Jira",
    • "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "directoryEntities":
      [
      ],
    • "applications":
      [
      ],
    • "filterConditions":
      [
      ],
    • "timeSettingsType": "permanent",
    • "Status": "expired",
    • "validators":
      {
      },
    • "rdpSettings":
      {
      },
    • "sshSettings":
      {
      },
    • "tcpSettings":
      {
      },
    • "timeSettings":
      {
      },
    • "workingHoursSettings":
      {
      },
    • "containers":
      [
      ],
    • "isWhitelist": true,
    • "isIsolation": true,
    • "PolicyAccess": "Policy"
    }

    Delete Policy

    delete /policies/{policy-id}

    Default server.

    https://api.acme.luminatesec.com/v2/policies/{policy-id}

    Delete a policy from your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    path Parameters
    policy-id
    required
    string <uuid>
    Example: 6fd0a531-6b70-471a-9dd7-bf374b07814f

    Policy ID.

    Responses

    204

    successful operation.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X DELETE 'https://api.acme.luminatesec.com/v2/policies/6fd0a531-6b70-471a-9dd7-bf374b07814f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Example
    InvalidIDParameter
    Copy
     Expand all Collapse all
    {
    • "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
    • "timestamp": 1548259503065,
    • "status": 400,
    • "reasonPhrase": "Bad Request",
    • "message": "Invalid request parameters: Invalid ID format - failed to process request"
    }

    Get Supported Conditions Definitions

    get /policies/config/condition-definitions

    Default server.

    https://api.acme.luminatesec.com/v2/policies/config/condition-definitions

    Returns all supported conditions that can be used as building blocks when defining policies. Conditions Definitions are used to define filter conditions and activity policy rules.

    Authorizations:
    OAuth

    Responses

    200

    successful operation.

    Response Schema: application/json
    id
    string (PolicyConditionDefinitionID)

    String that uniquly represents the condition and used as its identifier.

    displayName
    string

    Human readable name of this Condition.

    description
    string

    Condition scope extended information.

    conditionParameters
    Array of objects (PolicyConditionParameter)

    Determine the parameters that are required for evaluating the condition.
    The order of the parameters matters.

    typeMapping
    Array of objects (PolicyConditionTypeMapping)

    This property specifies the policy type and the application type for which this condition applies.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/policies/config/condition-definitions' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "LOCATION_RESTRICTION",
    • "displayName": "Location",
    • "description": "List of countries that will be allowed to access",
    • "conditionParameters":
      [
      ],
    • "typeMapping":
      [
      ]
    }

    Get Supported Rules Actions

    get /policies/config/action-types

    Default server.

    https://api.acme.luminatesec.com/v2/policies/config/action-types

    Returns the actions that can be enforced when a user performs a specific operation. Examples are: ALLOW to allow the action, BLOCK to block the action, BLOCK_USER to disconnect all active sessions of the user and block further login attempts.

    Authorizations:
    OAuth

    Responses

    200

    successful operation.

    Response Schema: application/json
    Array
    id
    string

    Unique id for this Action, this ID should be used when setting the Action in a Container

    name
    string

    Human readable name for this action type

    description
    string

    extended information about the action

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/policies/config/action-types' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    [
    • {
      }
    ]

    Get Supported Validators

    get /policies/config/validator-types

    Default server.

    https://api.acme.luminatesec.com/v2/policies/config/validator-types

    Returns the validators that can be used as a prerequisite for granting access to a requested resource. Examples are Multi-factor authentication and Web Verification.
    Note: The validators are applicable for policies of type ACCESS only.

    Authorizations:
    OAuth

    Responses

    200

    successful operation.

    Response Schema: application/json
    Array
    id
    string
    displayName
    string
    description
    string
    applicationType
    string
    Enum: "HTTP" "SSH" "TCP" "RDP" "DYNAMIC_SSH"

    type of applications for that condition

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/policies/config/validator-types' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    [
    • {
      }
    ]

    Get Application Assigned Policies.

    get /policies/by-app-id/{application-id}

    Default server.

    https://api.acme.luminatesec.com/v2/policies/by-app-id/{application-id}

    Returns an array of JSON objects.
    Each object represents a policy assigned to the provided application in your Symantec ZTNA.

    Authorizations:
    OAuth
    path Parameters
    application-id
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    Application ID.

    Responses

    200

    successful operation.

    Response Schema: application/json
    Array
    type
    required
    string (PolicyType)

    Determines the policy type:

    1. ACCESS - control access to resources by continuously enforcing contextual authorization
    2. ACTIVITY - control user activity within resources to which access was granted.
    ACCESS
    targetProtocol
    required
    string (PolicyTargetProtocol)
    Enum: "HTTP" "SSH" "RDP" "TCP"
    name
    required
    string

    A descriptive name of the policy. The name must be unique.

    targetProtocolSubType
    string (PolicyTargetProtocolSubType)
    Enum: "RDP_BROWSER" "RDP_NATIVE"

    Valid sub-types for Policies:

    RDP_BROWSER – For browser based RDP connection.
    RDP_NATIVE - For RDP connection using RDP client.

    If no value is given then a default value is set to RDP_NATIVE.

    id
    string <uuid>

    A unique identifier of the policy.
    Note: This field is required for any operation other than initial creation.

    enabled
    boolean

    Indicates whether this policy is enabled.

    createdAt
    string <date-time>
    collectionId
    string <uuid> Nullable

    A unique identifier of the collection assigned to policy. Note: if field not provided policy will created on default collection.

    directoryEntities
    Array of objects (DirectoryEntity)

    The entities to which this policy applies.

    applications
    Array of objects (ApplicationBase)

    The applications to which this policy applies.

    filterConditions
    Array of objects (PolicyCondition)

    Filter conditions that specify the context of the user and the device in which the policy will apply. This Context includes information about the source IP address, source location and source device. The policy is effective only when ALL conditions are satisfied (evaluate to TRUE). Conditions are formed by using properties of the request context and describing their required state. For example, source IP should be one of the listed IP addresses. To retrieve the supported conditions use Get Supported Conditions API.

    timeSettingsType
    string
    Default: "permanent"
    Enum: "permanent" "temporary" "working_hours"

    configures the time settings type for the policy.

    Status
    string

    Indicates the policy status

    validators
    object

    The controls you want to enforce as a prerequisite for granting access to the requested resource. Examples are Multi-factor authentication and Web Verification. To configure the required controls, you should retrieve the supported validators IDs by using Get Supported Validators and set the proper ones to TRUE. Note: Applicable for policies of type ACCESS only.

    rdpSettings
    object (PolicyRDPSettings)

    Policy settings that are specific to applications of type RDP

    sshSettings
    object (PolicySSHSettings)

    Policy settings that are specific to applications of type SSH

    tcpSettings
    object (PolicyTCPSettings)

    Policy settings that are specific to applications of type RDP

    timeSettings
    object (PolicyTimeSettings)

    Holds additional information regarding time settings of rules. This property applies only in case timeSettingsType is set to "temporary".

    workingHoursSettings
    object (WorkingHoursSettings)

    Specifies time slots and weekdays for the secure access. This property applies only in case timeSettingsType is set to "working_hours".

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/policies/by-app-id/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    [
    • {
      }
    ]

    Update application in policies

    put /policies/by-app-id/{application-id}

    Default server.

    https://api.acme.luminatesec.com/v2/policies/by-app-id/{application-id}

    Update explicit application assignment in the list of the policies where this application assigned to. The application will be removed from the policies which doesn’t mentioned in the request body.

    Authorizations:
    OAuth
    path Parameters
    application-id
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    Application ID.

    Request Body schema: application/json
    applicationType
    required
    string (ApplicationType)
    Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" "DNS"

    DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications.

    policyIds
    required
    Array of strings

    Identifiers of the policies to apply on the given application.

    Responses

    204

    successful operation.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    500

    Internal Server Error.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "applicationType": "HTTP",
    • "policyIds":
      [
      ]
    }

    Response samples

    Content type
    application/json
    Example
    InvalidIDParameter
    Copy
     Expand all Collapse all
    {
    • "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
    • "timestamp": 1548259503065,
    • "status": 400,
    • "reasonPhrase": "Bad Request",
    • "message": "Invalid request parameters: Invalid ID format - failed to process request"
    }

    Assign Application to policies

    post /policies/by-app-id/{application-id}

    Default server.

    https://api.acme.luminatesec.com/v2/policies/by-app-id/{application-id}

    Assign explicit application to the existent policies.

    Authorizations:
    OAuth
    path Parameters
    application-id
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    Application ID.

    Request Body schema: application/json
    applicationType
    required
    string (ApplicationType)
    Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" "DNS"

    DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications.

    policyIds
    required
    Array of strings

    Identifiers of the policies to apply on the given application.

    Responses

    204

    successful operation.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    500

    Internal Server Error.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "applicationType": "HTTP",
    • "policyIds":
      [
      ]
    }

    Response samples

    Content type
    application/json
    Example
    InvalidIDParameter
    Copy
     Expand all Collapse all
    {
    • "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
    • "timestamp": 1548259503065,
    • "status": 400,
    • "reasonPhrase": "Bad Request",
    • "message": "Invalid request parameters: Invalid ID format - failed to process request"
    }

    Remove application from policies

    delete /policies/by-app-id/{application-id}

    Default server.

    https://api.acme.luminatesec.com/v2/policies/by-app-id/{application-id}

    Remove explicit application from the policies.

    Authorizations:
    OAuth
    path Parameters
    application-id
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    Application ID.

    Request Body schema: application/json
    applicationType
    required
    string (ApplicationType)
    Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" "DNS"

    DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications.

    policyIds
    required
    Array of strings

    Identifiers of the policies to apply on the given application.

    Responses

    204

    successful operation.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    500

    Internal Server Error.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "applicationType": "HTTP",
    • "policyIds":
      [
      ]
    }

    Response samples

    Content type
    application/json
    Example
    InvalidIDParameter
    Copy
     Expand all Collapse all
    {
    • "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
    • "timestamp": 1548259503065,
    • "status": 400,
    • "reasonPhrase": "Bad Request",
    • "message": "Invalid request parameters: Invalid ID format - failed to process request"
    }

    Shared Objects

    Shared object is an instance which might be assigned to other instances, for ease of provisioning. "Network Location" is such a shared object which might be assigned to access or activity policy conditions.

    Create Shared Object

    post /policies/shared-objects

    Default server.

    https://api.acme.luminatesec.com/v2/policies/shared-objects

    Creates a shared object in your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    Request Body schema: application/json
    name
    required
    string

    A descriptive name of the shared object. The name must be unique.

    type
    required
    string
    Value: "IP_LIST"

    Determines the shared object value type:

    1. IP_LIST - List of Source IPs that will be allowed to access
    values
    required
    Array of objects (SharedObjectValue)
    id
    string <uuid>

    A unique identifier of the shared object.
    Note: This field is required for any operation other than initial creation.

    modifiedOn
    string <date-time>

    the last time the shared object been modified

    Responses

    200

    successful operation.

    Response Schema: application/json
    name
    required
    string

    A descriptive name of the shared object. The name must be unique.

    type
    required
    string
    Value: "IP_LIST"

    Determines the shared object value type:

    1. IP_LIST - List of Source IPs that will be allowed to access
    values
    required
    Array of objects (SharedObjectValue)
    id
    string <uuid>

    A unique identifier of the shared object.
    Note: This field is required for any operation other than initial creation.

    modifiedOn
    string <date-time>

    the last time the shared object been modified

    createdAt
    string <date-time>

    the time at the creation of the shared object

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    409

    Conflict - Value of one of the provided fields is already used by an existing object.

    500

    Internal Server Error.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
    • "name": "NY Office",
    • "type": "IP_LIST",
    • "modifiedOn": "2017-10-02T15:40:01.318Z",
    • "values":
      [
      ]
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
    • "name": "NY Office",
    • "type": "IP_LIST",
    • "modifiedOn": "2017-10-02T15:40:01.318Z",
    • "createdAt": "2017-10-02T15:40:01.318Z",
    • "values":
      [
      ]
    }

    List Shared Objects

    get /policies/shared-objects

    Default server.

    https://api.acme.luminatesec.com/v2/policies/shared-objects

    Return an array of paginated JSON objects. Each object represents a shared object configured in your Symantec ZTNA tenant.
    The supported sort keys are either ‘name’ for sorting by shared object name or ‘created_at’/'modified_on' for sorting by date
    Filter applies for the shared object name only.
    Using the query filter=test will return all the shared objects for which one or more of the above listed fields contain "test"

    Authorizations:
    OAuth
    query Parameters
    sort
    string
    Default: "id,asc"
    Example: sort=name,desc

    The value of this parameter is a comma-separated list of sort key and sort direction. By default, query results are sorted in ascending order by item id. The supported sort directions are either 'asc' for ascending or 'desc' for descending.

    size
    number <int32> <= 100
    Default: 50
    Example: size=10

    The number of items returned in a single page.

    page
    number <int32>

    The page number.

    filter
    string
    Example: filter=test

    The string by which the results are filtered (see description)

    type
    string
    Example: type=IP_LIST

    A shared object type to search by

    Responses

    200

    successful operation.

    Response Schema: application/json
    content
    Array of objects (SharedObject)
    first
    boolean

    Indicates whether the current page is the first one.

    last
    boolean

    Indicates whether the current page is the last one.

    size
    integer <int32>

    Maximum number of elements per page.

    totalElements
    integer <int32>

    Number of elements included in the response.

    totalPages
    integer <int32>

    Number of pages included in the response.

    number
    integer <int32>

    Page number

    numberOfElements
    integer <int32>

    Number of elements in current page.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/policies/shared-objects?sort=name,desc&size=10&page=0&filter=test&type=IP_LIST' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "content":
      [
      ],
    • "first": true,
    • "last": true,
    • "size": 50,
    • "totalElements": 1,
    • "totalPages": 1,
    • "number": 0,
    • "numberOfElements": 1
    }

    Get Shared Object

    get /policies/shared-objects/{shared-object-id}

    Default server.

    https://api.acme.luminatesec.com/v2/policies/shared-objects/{shared-object-id}

    Returns the details of a Shared Object from your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    path Parameters
    shared-object-id
    required
    string <uuid>
    Example: 6fd0a531-6b70-471a-9dd7-bf374b07814f

    Shared Object ID.

    Responses

    200

    successful operation.

    Response Schema: application/json
    name
    required
    string

    A descriptive name of the shared object. The name must be unique.

    type
    required
    string
    Value: "IP_LIST"

    Determines the shared object value type:

    1. IP_LIST - List of Source IPs that will be allowed to access
    values
    required
    Array of objects (SharedObjectValue)
    id
    string <uuid>

    A unique identifier of the shared object.
    Note: This field is required for any operation other than initial creation.

    modifiedOn
    string <date-time>

    the last time the shared object been modified

    createdAt
    string <date-time>

    the time at the creation of the shared object

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/policies/shared-objects/6fd0a531-6b70-471a-9dd7-bf374b07814f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
    • "name": "NY Office",
    • "type": "IP_LIST",
    • "modifiedOn": "2017-10-02T15:40:01.318Z",
    • "createdAt": "2017-10-02T15:40:01.318Z",
    • "values":
      [
      ]
    }

    Update Shared Object

    put /policies/shared-objects/{shared-object-id}

    Default server.

    https://api.acme.luminatesec.com/v2/policies/shared-objects/{shared-object-id}

    Update an existing shared object in your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    path Parameters
    shared-object-id
    required
    string <uuid>
    Example: 6fd0a531-6b70-471a-9dd7-bf374b07814f

    Shared Object ID.

    Request Body schema: application/json
    name
    required
    string

    A descriptive name of the shared object. The name must be unique.

    type
    required
    string
    Value: "IP_LIST"

    Determines the shared object value type:

    1. IP_LIST - List of Source IPs that will be allowed to access
    values
    required
    Array of objects (SharedObjectValue)
    id
    string <uuid>

    A unique identifier of the shared object.
    Note: This field is required for any operation other than initial creation.

    modifiedOn
    string <date-time>

    the last time the shared object been modified

    Responses

    200

    successful operation.

    Response Schema: application/json
    name
    required
    string

    A descriptive name of the shared object. The name must be unique.

    type
    required
    string
    Value: "IP_LIST"

    Determines the shared object value type:

    1. IP_LIST - List of Source IPs that will be allowed to access
    values
    required
    Array of objects (SharedObjectValue)
    id
    string <uuid>

    A unique identifier of the shared object.
    Note: This field is required for any operation other than initial creation.

    modifiedOn
    string <date-time>

    the last time the shared object been modified

    createdAt
    string <date-time>

    the time at the creation of the shared object

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    409

    Conflict - Value of one of the provided fields is already used by an existing object.

    500

    Internal Server Error.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
    • "name": "NY Office",
    • "type": "IP_LIST",
    • "modifiedOn": "2017-10-02T15:40:01.318Z",
    • "values":
      [
      ]
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
    • "name": "NY Office",
    • "type": "IP_LIST",
    • "modifiedOn": "2017-10-02T15:40:01.318Z",
    • "createdAt": "2017-10-02T15:40:01.318Z",
    • "values":
      [
      ]
    }

    Delete Shared Object

    delete /policies/shared-objects/{shared-object-id}

    Default server.

    https://api.acme.luminatesec.com/v2/policies/shared-objects/{shared-object-id}

    Delete a shared object from your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    path Parameters
    shared-object-id
    required
    string <uuid>
    Example: 6fd0a531-6b70-471a-9dd7-bf374b07814f

    Shared Object ID.

    Responses

    204

    successful operation.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X DELETE 'https://api.acme.luminatesec.com/v2/policies/shared-objects/6fd0a531-6b70-471a-9dd7-bf374b07814f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Example
    InvalidIDParameter
    Copy
     Expand all Collapse all
    {
    • "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
    • "timestamp": 1548259503065,
    • "status": 400,
    • "reasonPhrase": "Bad Request",
    • "message": "Invalid request parameters: Invalid ID format - failed to process request"
    }

    Collections

    List Collections

    get /collection

    Default server.

    https://api.acme.luminatesec.com/v2/collection

    Return an array of paginated JSON objects. Each object represents an collection configured in your Symantec ZTNA tenant.
    Using the query filter=testCollection will return all the collection for which one or more of the above listed fields contain "testCollection"

    Authorizations:
    OAuth
    query Parameters
    sort
    string
    Default: "id,asc"
    Example: sort=name,desc

    The value of this parameter is a comma-separated list of sort key and sort direction. By default, query results are sorted in ascending order by item id. The supported sort directions are either 'asc' for ascending or 'desc' for descending.

    size
    number <int32> <= 100
    Default: 50
    Example: size=10

    The number of items returned in a single page.

    page
    number <int32>

    The page number.

    name
    string
    Example: name=test

    The name of the resource.

    application-id
    string <uuid>
    Example: application-id=6fd0a892-8b70-471a-9dd7-bf374b07451f

    Application ID.

    site-id
    string <uuid>
    Example: site-id=3c536623-4763-4f67-a45a-e88f3d08cdd5

    Site ID.

    policy-id
    string <uuid>
    Example: policy-id=6fd0a531-6b70-471a-9dd7-bf374b07814f

    Policy ID.

    Responses

    200

    successful operation.

    Response Schema: application/json
    content
    Array of objects (Collection)
    first
    boolean

    Indicates whether the current page is the first one.

    last
    boolean

    Indicates whether the current page is the last one.

    size
    integer <int32>

    Maximum number of elements per page.

    totalElements
    integer <int32>

    Number of elements included in the response.

    totalPages
    integer <int32>

    Number of pages included in the response.

    number
    integer <int32>

    Page number

    numberOfElements
    integer <int32>

    Number of elements in current page.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/collection?sort=name,desc&size=10&page=0&name=test&application-id=6fd0a892-8b70-471a-9dd7-bf374b07451f&site-id=3c536623-4763-4f67-a45a-e88f3d08cdd5&policy-id=6fd0a531-6b70-471a-9dd7-bf374b07814f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "content":
      [
      ],
    • "first": true,
    • "last": true,
    • "size": 50,
    • "totalElements": 1,
    • "totalPages": 1,
    • "number": 0,
    • "numberOfElements": 1
    }

    Create Collection

    post /collection

    Default server.

    https://api.acme.luminatesec.com/v2/collection

    Create Collection in your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    Request Body schema: application/json
    id
    string <uuid>
    name
    string

    Responses

    200

    successful operation.

    Response Schema: application/json
    id
    string <uuid>
    parentId
    string <uuid>
    name
    string
    countResources
    integer <int32>
    countLinkedSites
    integer <int32>
    fqdn
    string

    authorization fqdn

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    409

    Conflict - Value of one of the provided fields is already used by an existing object.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
    • "name": "string"
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
    • "parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
    • "name": "string",
    • "countResources": 0,
    • "countLinkedSites": 0,
    • "fqdn": "string"
    }

    Get Collection

    get /collection/{collection-id}

    Default server.

    https://api.acme.luminatesec.com/v2/collection/{collection-id}

    Get Collection in your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    path Parameters
    collection-id
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    The collection ID.

    Responses

    200

    successful operation.

    Response Schema: application/json
    id
    string <uuid>
    parentId
    string <uuid>
    name
    string
    countResources
    integer <int32>
    countLinkedSites
    integer <int32>
    fqdn
    string

    authorization fqdn

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    404

    NotFound - The specified resource was not found.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/collection/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
    • "parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
    • "name": "string",
    • "countResources": 0,
    • "countLinkedSites": 0,
    • "fqdn": "string"
    }

    Update Collection

    put /collection/{collection-id}

    Default server.

    https://api.acme.luminatesec.com/v2/collection/{collection-id}

    Update Collection in your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    path Parameters
    collection-id
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    The collection ID.

    Request Body schema: application/json
    name
    string

    Responses

    200

    successful operation.

    Response Schema: application/json
    id
    string <uuid>
    parentId
    string <uuid>
    name
    string
    countResources
    integer <int32>
    countLinkedSites
    integer <int32>
    fqdn
    string

    authorization fqdn

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    404

    NotFound - The specified resource was not found.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "name": "string"
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
    • "parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
    • "name": "string",
    • "countResources": 0,
    • "countLinkedSites": 0,
    • "fqdn": "string"
    }

    Delete Collection

    delete /collection/{collection-id}

    Default server.

    https://api.acme.luminatesec.com/v2/collection/{collection-id}

    Delete Collection in your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    path Parameters
    collection-id
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    The collection ID.

    Request Body schema: application/json
    any

    Responses

    204

    successful operation.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    404

    NotFound - The specified resource was not found.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    null

    Response samples

    Content type
    application/json
    Example
    InvalidIDParameter
    Copy
     Expand all Collapse all
    {
    • "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
    • "timestamp": 1548259503065,
    • "status": 400,
    • "reasonPhrase": "Bad Request",
    • "message": "Invalid request parameters: Invalid ID format - failed to process request"
    }

    Get Collections by Site

    get /collection/site/{site-id}

    Default server.

    https://api.acme.luminatesec.com/v2/collection/site/{site-id}

    Get Collections by Site in your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    path Parameters
    site-id
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    The site ID.

    Responses

    200

    successful operation.

    Response Schema: application/json
    collectionIds
    Array of strings <uuid>
    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    404

    NotFound - The specified resource was not found.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/collection/site/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "collectionIds":
      [
      ]
    }

    List Role Bindings

    get /collection/role-bindings

    Default server.

    https://api.acme.luminatesec.com/v2/collection/role-bindings

    List Role Bindings in your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    query Parameters
    sort
    any
    Default: "displayName"
    Enum: "displayName" "entityType" "role" "createdAt" "subjectType"
    Example: sort=name

    The value of this parameter is a comma-separated list of sort key.

    direction
    string
    Default: "asc"
    Enum: "asc" "desc"
    Example: direction=asc

    The value of this parameter is a comma-separated list of sort direction.

    page
    number <int32>

    The page number.

    size
    number <int32> <= 100
    Default: 50
    Example: size=10

    The number of items returned in a single page.

    entityIdInIdp
    string
    Example: entityIdInIdp=18837193-a81a-400f-b38d-482379e3ab47

    Entity identifier as determined by the owning Identity Provider.
    This identifier can be retrieved using Search Users By Identity Provider API for users or Search Groups By Identity Provider API for groups.

    entityType
    any
    Enum: "User" "Group" "ApiClient"
    Example: entityType=User

    The directory entity type (User/Group/OU/API Client).

    entityName
    string
    Example: entityName=test

    The value of this parameter is entity name.

    subjectId
    string <uuid>
    Example: subjectId=18837193-a81a-400f-b38d-482379e3ab47

    The ID of the Resource that assigned.

    subjectType
    string (SubjectType)
    Enum: "Site" "App" "Policy" "Collection"
    Example: subjectType=Site

    The Resource that assigned to the role type (Site/App/Policy).

    subjectName
    string
    Example: subjectName=siteName

    The Resource that assigned to the role name.

    roleType
    string (RoleType)
    Enum: "TenantAdmin" "TenantViewer" "SiteEditor" "SiteConnectorDeployer" "ApplicationOwner" "PolicyOwner"
    Example: roleType=TenantAdmin

    The role type (TenantAdmin/TenantViewer/SiteEditor/SiteConnectorDeployer/ApplicationOwner/PolicyOwner) that will assign to entity.

    Responses

    200

    successful operation

    Response Schema: application/json
    content
    Array of objects (RoleBinding)
    first
    boolean

    Indicates whether the current page is the first one.

    last
    boolean

    Indicates whether the current page is the last one.

    size
    integer <int32>

    Maximum number of elements per page.

    totalElements
    integer <int32>

    Number of elements included in the response.

    totalPages
    integer <int32>

    Number of pages included in the response.

    number
    integer <int32>

    Page number

    numberOfElements
    integer <int32>

    Number of elements in current page.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    404

    NotFound - The specified resource was not found.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/collection/role-bindings?sort=name&direction=asc&page=0&size=10&entityIdInIdp=18837193-a81a-400f-b38d-482379e3ab47&entityType=User&entityName=test&subjectId=18837193-a81a-400f-b38d-482379e3ab47&subjectType=undefined&subjectName=siteName&roleType=TenantAdmin' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "content":
      [
      ],
    • "first": true,
    • "last": true,
    • "size": 50,
    • "totalElements": 1,
    • "totalPages": 1,
    • "number": 0,
    • "numberOfElements": 1
    }

    Create Tenant Role Binding

    post /collection/tenant-role-bindings

    Default server.

    https://api.acme.luminatesec.com/v2/collection/tenant-role-bindings

    Create Tenant Role Binding in your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    Request Body schema: application/json
    roleType
    string (TenantRoleType)
    Enum: "TenantAdmin" "TenantViewer"

    Tenant role type (TenantAdmin/TenantViewer) that will assign to entity.

    entities
    Array of objects (DirectoryEntity)

    Responses

    201

    successful operation.

    Response Schema: application/json
    roleBindings
    Array of objects (RoleBinding)
    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    404

    NotFound - The specified resource was not found.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "roleType": "TenantAdmin",
    • "entities":
      [
      ]
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "roleBindings":
      [
      ]
    }

    Create Collection Role Binding

    post /collection/collection-role-bindings

    Default server.

    https://api.acme.luminatesec.com/v2/collection/collection-role-bindings

    Create Collection Role Binding in your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    Request Body schema: application/json
    roleType
    string (CollectionRoleType)
    Enum: "ApplicationOwner" "PolicyOwner"

    Collection role type (CollectionAdmin/CollectionViewer) that will assign to entity.

    collectionId
    string <uuid>
    entities
    Array of objects (DirectoryEntity)

    Responses

    201

    successful operation.

    Response Schema: application/json
    roleBindings
    Array of objects (RoleBinding)
    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    404

    NotFound - The specified resource was not found.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "roleType": "CollectionAdmin",
    • "collectionId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
    • "entities":
      [
      ]
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "roleBindings":
      [
      ]
    }

    Create Site Role Binding

    post /collection/site-role-bindings

    Default server.

    https://api.acme.luminatesec.com/v2/collection/site-role-bindings

    Create Site Role Binding in your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    Request Body schema: application/json
    roleType
    string (SiteRoleType)
    Enum: "SiteEditor" "SiteConnectorDeployer"

    Site role type (SiteEditor/SiteConnectorDeployer) that will assign to entity.

    siteId
    string <uuid>
    entities
    Array of objects (DirectoryEntity)

    Responses

    201

    successful operation.

    Response Schema: application/json
    roleBindings
    Array of objects (RoleBinding)
    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    404

    NotFound - The specified resource was not found.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "roleType": "SiteEditor",
    • "siteId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
    • "entities":
      [
      ]
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "roleBindings":
      [
      ]
    }

    Delete Role Binding

    post /collection/role-bindings/delete

    Default server.

    https://api.acme.luminatesec.com/v2/collection/role-bindings/delete

    Delete Collection Role Binding in your Symantec ZTNA tenant by role binding IDs. you can retrieve role bindings ids from List Role Bindings API.

    Authorizations:
    OAuth
    Request Body schema: application/json
    roleBindingIds
    Array of strings <uuid>

    Responses

    204

    successful operation.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    404

    NotFound - The specified resource was not found.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "roleBindingIds":
      [
      ]
    }

    Response samples

    Content type
    application/json
    Example
    InvalidIDParameter
    Copy
     Expand all Collapse all
    {
    • "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
    • "timestamp": 1548259503065,
    • "status": 400,
    • "reasonPhrase": "Bad Request",
    • "message": "Invalid request parameters: Invalid ID format - failed to process request"
    }

    DNS Resiliency

    Create New DNS Group

    post /wss-integration-tenant/dns-groups

    Default server.

    https://api.acme.luminatesec.com/v2/wss-integration-tenant/dns-groups

    Create New DNS Group.

    Authorizations:
    OAuth
    Request Body schema: application/json
    name
    required
    string

    The name of the group.

    domainSuffixes
    required
    Array of strings
    sendNotifications
    required
    boolean

    Indicates whether notifications should be sent to admin.

    Responses

    201

    DNS Group has been created successfully.

    Response Schema: application/json
    id
    string <uuid>

    The id of the group.

    name
    string

    The name of the group.

    status
    string

    The status of the group.

    domainSuffixes
    Array of strings

    List of domain suffixes.

    sendNotifications
    boolean

    Indicates whether notifications should be sent to admin.

    servers
    Array of strings

    list of dns servers ids.

    serverInUsed
    string <uuid>

    Indicates the id of the active server in the group

    activeServerAddress
    string

    the address of the active dns server.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    409

    Conflict - Value of one of the provided fields is already used by an existing object.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "name": "group1",
    • "domainSuffixes":
      [
      ],
    • "sendNotifications": "true"
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "0115deec-b583-4335-92f2-8269f0bfd493",
    • "name": "DNS Group 1",
    • "status": "Available",
    • "domainSuffixes": "[\"dns-group.com\",\"other-group.com\"]",
    • "sendNotifications": "true",
    • "servers": "[\"0115deec-b583-4335-92f2-8269f0bfd493\",\"cf5780a0-4c72-45db-92c4-c7ce517f86e9\"]",
    • "serverInUsed": "0115deec-b583-4335-92f2-8269f0bfd493",
    • "activeServerAddress": "1.1.1.1"
    }

    List DNS Groups

    get /wss-integration-tenant/dns-groups

    Default server.

    https://api.acme.luminatesec.com/v2/wss-integration-tenant/dns-groups

    List DNS Groups.

    Authorizations:
    OAuth
    query Parameters
    sort
    string
    Default: "id,asc"
    Example: sort=name,desc

    The value of this parameter is a comma-separated list of sort key and sort direction. By default, query results are sorted in ascending order by item id. The supported sort directions are either 'asc' for ascending or 'desc' for descending.

    size
    number <int32> <= 100
    Default: 50
    Example: size=10

    The number of items returned in a single page.

    page
    number <int32>

    The page number.

    filter
    string
    Example: filter=test

    The string by which the results are filtered (see description)

    Responses

    200

    List Dns Groups.

    Response Schema: application/json
    content
    Array of objects (DnsGroupOutput)
    first
    boolean

    Indicates whether the current page is the first one.

    last
    boolean

    Indicates whether the current page is the last one.

    size
    integer <int32>

    Maximum number of elements per page.

    totalElements
    integer <int32>

    Number of elements included in the response.

    totalPages
    integer <int32>

    Number of pages included in the response.

    number
    integer <int32>

    Page number

    numberOfElements
    integer <int32>

    Number of elements in current page.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/wss-integration-tenant/dns-groups?sort=name,desc&size=10&page=0&filter=test' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "content":
      [
      ],
    • "first": true,
    • "last": true,
    • "size": 50,
    • "totalElements": 1,
    • "totalPages": 1,
    • "number": 0,
    • "numberOfElements": 1
    }

    Get DNS Group By ID

    get /wss-integration-tenant/dns-groups/{dnsGroupId}

    Default server.

    https://api.acme.luminatesec.com/v2/wss-integration-tenant/dns-groups/{dnsGroupId}

    Retrieve a group by its ID.

    Authorizations:
    OAuth
    path Parameters
    dnsGroupId
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    The ID of the group to retrieve, update or delete.

    Responses

    200

    Successful response.

    Response Schema: application/json
    id
    string <uuid>

    The id of the group.

    name
    string

    The name of the group.

    status
    string

    The status of the group.

    domainSuffixes
    Array of strings

    List of domain suffixes.

    sendNotifications
    boolean

    Indicates whether notifications should be sent to admin.

    servers
    Array of strings

    list of dns servers ids.

    serverInUsed
    string <uuid>

    Indicates the id of the active server in the group

    activeServerAddress
    string

    the address of the active dns server.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/wss-integration-tenant/dns-groups/{dnsGroupId}' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "0115deec-b583-4335-92f2-8269f0bfd493",
    • "name": "DNS Group 1",
    • "status": "Available",
    • "domainSuffixes": "[\"dns-group.com\",\"other-group.com\"]",
    • "sendNotifications": "true",
    • "servers": "[\"0115deec-b583-4335-92f2-8269f0bfd493\",\"cf5780a0-4c72-45db-92c4-c7ce517f86e9\"]",
    • "serverInUsed": "0115deec-b583-4335-92f2-8269f0bfd493",
    • "activeServerAddress": "1.1.1.1"
    }

    Update a group by ID

    put /wss-integration-tenant/dns-groups/{dnsGroupId}

    Default server.

    https://api.acme.luminatesec.com/v2/wss-integration-tenant/dns-groups/{dnsGroupId}

    Update a group by its ID.

    Authorizations:
    OAuth
    path Parameters
    dnsGroupId
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    The ID of the group to retrieve, update or delete.

    Request Body schema: application/json
    name
    required
    string

    The name of the group.

    domainSuffixes
    required
    Array of strings
    sendNotifications
    required
    boolean

    Indicates whether notifications should be sent to admin.

    Responses

    200

    Group updated successfully.

    Response Schema: application/json
    id
    string <uuid>

    The id of the group.

    name
    string

    The name of the group.

    status
    string

    The status of the group.

    domainSuffixes
    Array of strings

    List of domain suffixes.

    sendNotifications
    boolean

    Indicates whether notifications should be sent to admin.

    servers
    Array of strings

    list of dns servers ids.

    serverInUsed
    string <uuid>

    Indicates the id of the active server in the group

    activeServerAddress
    string

    the address of the active dns server.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "name": "group1",
    • "domainSuffixes":
      [
      ],
    • "sendNotifications": "true"
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "0115deec-b583-4335-92f2-8269f0bfd493",
    • "name": "DNS Group 1",
    • "status": "Available",
    • "domainSuffixes": "[\"dns-group.com\",\"other-group.com\"]",
    • "sendNotifications": "true",
    • "servers": "[\"0115deec-b583-4335-92f2-8269f0bfd493\",\"cf5780a0-4c72-45db-92c4-c7ce517f86e9\"]",
    • "serverInUsed": "0115deec-b583-4335-92f2-8269f0bfd493",
    • "activeServerAddress": "1.1.1.1"
    }

    Delete a group by ID

    delete /wss-integration-tenant/dns-groups/{dnsGroupId}

    Default server.

    https://api.acme.luminatesec.com/v2/wss-integration-tenant/dns-groups/{dnsGroupId}

    Delete a group by ID.

    Authorizations:
    OAuth
    path Parameters
    dnsGroupId
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    The ID of the group to retrieve, update or delete.

    Responses

    204

    Group deleted successfully.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    Request samples

    Copy
    curl -X DELETE 'https://api.acme.luminatesec.com/v2/wss-integration-tenant/dns-groups/{dnsGroupId}' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Example
    InvalidIDParameter
    Copy
     Expand all Collapse all
    {
    • "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
    • "timestamp": 1548259503065,
    • "status": 400,
    • "reasonPhrase": "Bad Request",
    • "message": "Invalid request parameters: Invalid ID format - failed to process request"
    }

    Create New DNS Server in Group

    post /wss-integration-tenant/dns-groups/{dnsGroupId}/servers/

    Default server.

    https://api.acme.luminatesec.com/v2/wss-integration-tenant/dns-groups/{dnsGroupId}/servers/

    Create New DNS Server in Group.

    Authorizations:
    OAuth
    path Parameters
    dnsGroupId
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    The ID of the group to create a server for.

    Request Body schema: application/json
    name
    required
    string

    The name of the DNS Server.

    internalAddress
    required
    string

    The IP address of the server.

    siteId
    required
    string <uuid>

    The site ID associated with the DNS Server.

    groupId
    required
    string <uuid>

    The group ID associated with the DNS Server.

    Responses

    201

    Server created successfully in group.

    Response Schema: application/json
    id
    string <uuid>
    groupId
    string <uuid>

    The group ID associated with the DNS Server.

    siteId
    string

    The site ID associated with the DNS Server.

    name
    string

    The name of the DNS Server.

    internalAddress
    string

    The IP address of the server.

    healthStatus
    string
    Enum: "Available" "UnAvailable"

    DNS server status.

    createdAt
    string <date-time>
    updatedAt
    string <date-time>
    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    409

    Conflict - Value of one of the provided fields is already used by an existing object.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "name": "server1",
    • "internalAddress": "1.1.1.1",
    • "siteId": "8577c221-7f35-4019-b8d7-31d936bda96b",
    • "groupId": "gg5ef47d-3e9c-418b-abfc-a1f702fa0c60"
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "8577c221-7f35-4019-b8d7-31d936bda96b",
    • "groupId": "9977c221-7f35-4019-b8d7-31d936bda95f",
    • "siteId": "3377c221-7f35-4019-b8d7-31d936bda98d",
    • "name": "server1",
    • "internalAddress": "1.1.1.1",
    • "healthStatus": "Available",
    • "createdAt": "2024-04-12T23:20:50.52Z",
    • "updatedAt": "2024-04-12T23:20:50.52Z"
    }

    Get All Servers Of a DNS Group

    get /wss-integration-tenant/dns-groups/{dnsGroupId}/servers/

    Default server.

    https://api.acme.luminatesec.com/v2/wss-integration-tenant/dns-groups/{dnsGroupId}/servers/

    Retrieve a list of servers for a specific group.

    Authorizations:
    OAuth
    path Parameters
    dnsGroupId
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    The ID of the group to retrieve servers for.

    Responses

    200

    Get dns group's servers.

    Response Schema: application/json
    Array
    id
    string <uuid>
    groupId
    string <uuid>

    The group ID associated with the DNS Server.

    siteId
    string

    The site ID associated with the DNS Server.

    name
    string

    The name of the DNS Server.

    internalAddress
    string

    The IP address of the server.

    healthStatus
    string
    Enum: "Available" "UnAvailable"

    DNS server status.

    createdAt
    string <date-time>
    updatedAt
    string <date-time>
    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/wss-integration-tenant/dns-groups/6fd0a892-8b70-471a-9dd7-bf374b07451f/servers/' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    [
    • {
      }
    ]

    Get DNS Server By Id

    get /wss-integration-tenant/dns-groups/{dnsGroupId}/servers/{serverId}

    Default server.

    https://api.acme.luminatesec.com/v2/wss-integration-tenant/dns-groups/{dnsGroupId}/servers/{serverId}

    Retrieve a server of a specific group by id.

    Authorizations:
    OAuth
    path Parameters
    dnsGroupId
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    The ID of the group to get the server for.

    serverId
    required
    string <uuid>
    Example: 5gd0a892-8b70-471a-9dd7-bf374b07453g

    The ID of the DNS server to retrieve.

    Responses

    200

    Get DNS server.

    Response Schema: application/json
    id
    string <uuid>
    groupId
    string <uuid>

    The group ID associated with the DNS Server.

    siteId
    string

    The site ID associated with the DNS Server.

    name
    string

    The name of the DNS Server.

    internalAddress
    string

    The IP address of the server.

    healthStatus
    string
    Enum: "Available" "UnAvailable"

    DNS server status.

    createdAt
    string <date-time>
    updatedAt
    string <date-time>
    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    404

    NotFound - The specified resource was not found.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/wss-integration-tenant/dns-groups/6fd0a892-8b70-471a-9dd7-bf374b07451f/servers/5gd0a892-8b70-471a-9dd7-bf374b07453g' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "8577c221-7f35-4019-b8d7-31d936bda96b",
    • "groupId": "9977c221-7f35-4019-b8d7-31d936bda95f",
    • "siteId": "3377c221-7f35-4019-b8d7-31d936bda98d",
    • "name": "server1",
    • "internalAddress": "1.1.1.1",
    • "healthStatus": "Available",
    • "createdAt": "2024-04-12T23:20:50.52Z",
    • "updatedAt": "2024-04-12T23:20:50.52Z"
    }

    Update DNS Server By Id

    put /wss-integration-tenant/dns-groups/{dnsGroupId}/servers/{serverId}

    Default server.

    https://api.acme.luminatesec.com/v2/wss-integration-tenant/dns-groups/{dnsGroupId}/servers/{serverId}

    Update DNS server of a specific group by id.

    Authorizations:
    OAuth
    path Parameters
    dnsGroupId
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    The ID of the DNS resiliency group.

    serverId
    required
    string <uuid>
    Example: 5gd0a892-8b70-471a-9dd7-bf374b07453g

    The ID of the DNS server to update.

    Request Body schema: application/json
    name
    required
    string

    The name of the DNS Server.

    internalAddress
    required
    string

    The IP address of the server.

    siteId
    required
    string <uuid>

    The site ID associated with the DNS Server.

    groupId
    required
    string <uuid>

    The group ID associated with the DNS Server.

    Responses

    200

    update DNS server.

    Response Schema: application/json
    id
    string <uuid>
    groupId
    string <uuid>

    The group ID associated with the DNS Server.

    siteId
    string

    The site ID associated with the DNS Server.

    name
    string

    The name of the DNS Server.

    internalAddress
    string

    The IP address of the server.

    healthStatus
    string
    Enum: "Available" "UnAvailable"

    DNS server status.

    createdAt
    string <date-time>
    updatedAt
    string <date-time>
    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    404

    NotFound - The specified resource was not found.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "name": "server1",
    • "internalAddress": "1.1.1.1",
    • "siteId": "8577c221-7f35-4019-b8d7-31d936bda96b",
    • "groupId": "gg5ef47d-3e9c-418b-abfc-a1f702fa0c60"
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "8577c221-7f35-4019-b8d7-31d936bda96b",
    • "groupId": "9977c221-7f35-4019-b8d7-31d936bda95f",
    • "siteId": "3377c221-7f35-4019-b8d7-31d936bda98d",
    • "name": "server1",
    • "internalAddress": "1.1.1.1",
    • "healthStatus": "Available",
    • "createdAt": "2024-04-12T23:20:50.52Z",
    • "updatedAt": "2024-04-12T23:20:50.52Z"
    }

    Delete DNS Servers By Ids

    post /wss-integration-tenant/dns-groups/{dnsGroupId}/servers/delete-by-ids

    Default server.

    https://api.acme.luminatesec.com/v2/wss-integration-tenant/dns-groups/{dnsGroupId}/servers/delete-by-ids

    Delete DNS server by group id and dns server ids.

    Authorizations:
    OAuth
    path Parameters
    dnsGroupId
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    The ID of the DNS resiliency group.

    Request Body schema: application/json
    DnsServerIds
    Array of strings <uuid>

    Responses

    204

    DNS servers have been deleted.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    404

    NotFound - The specified resource was not found.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "DnsServerIds":
      [
      ]
    }

    Response samples

    Content type
    application/json
    Example
    InvalidIDParameter
    Copy
     Expand all Collapse all
    {
    • "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
    • "timestamp": 1548259503065,
    • "status": 400,
    • "reasonPhrase": "Bad Request",
    • "message": "Invalid request parameters: Invalid ID format - failed to process request"
    }

    Update DNS Servers Order

    put /wss-integration-tenant/dns-groups/{dnsGroupId}/server-order

    Default server.

    https://api.acme.luminatesec.com/v2/wss-integration-tenant/dns-groups/{dnsGroupId}/server-order

    Update DNS Server resiliency order and the agent if needed. Send an array which contains ordered DNS server ids, The 1st item has the highest priority.

    Authorizations:
    OAuth
    path Parameters
    dnsGroupId
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    The ID of the group of the DNS server.

    Request Body schema: application/json
    DnsServerIds
    Array of strings <uuid>

    Responses

    200

    updated servers order in DNS group

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    404

    NotFound - The specified resource was not found.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "DnsServerIds":
      [
      ]
    }

    Response samples

    Content type
    application/json
    Example
    InvalidIDParameter
    Copy
     Expand all Collapse all
    {
    • "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
    • "timestamp": 1548259503065,
    • "status": 400,
    • "reasonPhrase": "Bad Request",
    • "message": "Invalid request parameters: Invalid ID format - failed to process request"
    }

    Enable/Disable DNS Groups

    post /wss-integration-tenant/dns-groups/enableByIds

    Default server.

    https://api.acme.luminatesec.com/v2/wss-integration-tenant/dns-groups/enableByIds

    Enable or Disable DNS Groups.

    Authorizations:
    OAuth
    Request Body schema: application/json
    enable
    required
    boolean

    enable or disable groups.

    groupIds
    required
    Array of strings

    List of group ids to enable or disable.

    Responses

    200

    successfully enabled/disabled group

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    404

    NotFound - The specified resource was not found.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "enable": "true",
    • "groupIds":
      [
      ]
    }

    Response samples

    Content type
    application/json
    Example
    InvalidIDParameter
    Copy
     Expand all Collapse all
    {
    • "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
    • "timestamp": 1548259503065,
    • "status": 400,
    • "reasonPhrase": "Bad Request",
    • "message": "Invalid request parameters: Invalid ID format - failed to process request"
    }

    Identity Providers

    Working agains one of the supported Identity Providers or with Symantec ZTNA internal Identity Provider.

    List Identity Providers

    get /identities/settings/identity-providers

    Default server.

    https://api.acme.luminatesec.com/v2/identities/settings/identity-providers

    Return an array of JSON objects. Each object represents an Identity Provider configuration in your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    query Parameters
    includeLocal
    boolean
    Default: false

    Indication whether to include Symantec ZTNA internal Identity Provider in the response.

    Responses

    200

    successful operation.

    Response Schema: application/json
    Array
    name
    required
    string >= 1

    A descriptive name of the Identity Provider.

    provider
    required
    string (IdentityProviderType)

    Identity provider name.

    okta
    settings
    object (DirectoryProviderSettingsOkta)
    instructions
    object (DirectoryProviderInstructionsOneLoginOrOkta)
    id
    string <uuid>

    A unique identifier of this Identity Provider. Note: This field is required for any operation other than initial creation.

    is_authenticator
    boolean
    Default: true

    Indication whether this identity provider is used for authentication.

    is_user_store
    boolean
    Default: true

    Indication whether this identity provider is used for storing identities.

    authenticator_id
    string <uuid> Nullable

    Symantec ZTNA internal identifier of the Identity Provider used for authentication. This property holds a value only in case the Identity Provider is used for storing identities only (is_authenticator=false).

    created_at
    string <date-time>

    Identity Provider object creation date.

    updated_at
    string <date-time>

    The date when the Identity Provider object was last updated.

    auth0_connection_id
    string

    Symantec ZTNA internal identifier of the Identity Provider connection.

    upn_override_value_data_mapping
    string
    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/identities/settings/identity-providers?includeLocal=false' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    [
    • {
      }
    ]

    Users

    A user that is managed by one of the supported Identity Providers or locally by Symantec ZTNA internal Identity Provider.

    Search Users By Identity Provider

    get /identities/{identity-provider-id}/users

    Default server.

    https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/users

    Return an array of JSON objects. Each object represents a user in the given IDP.
    Pagination support is defined per Identity Provider. Filter applies for user name only.

    Authorizations:
    OAuth
    path Parameters
    identity-provider-id
    required
    string
    Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

    The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
    For Symantec ZTNA internal Identity Provider, set this property to local.

    query Parameters
    filter
    string
    Example: filter=test

    The string by which the results are filtered (see description)

    pageOffset
    string or number
    Example: pageOffset=1

    Page number. Depending on the Identity Provider, this field can either be a number or a string. It can't be assumed and a valid value must be used from the response returned for the previous page. If not specified, first page is returned.

    sortBy
    string
    Example: sortBy=email:desc

    The value of this parameter is a combination of sort key and sort direction: <field>:<direction>. Sort directions are either 'asc' for ascending or 'desc' for descending. The supported sort keys are ‘email’ for a user and name for a group. By default, query results are sorted in ascending order by ‘email’.

    perPage
    number <int32> [ 1 .. 100 ]
    Default: 25
    Example: perPage=10

    The number of items returned in a single page.

    email
    string
    Example: email=john

    e-mail by which the results are filtered.
    Using the query email=john will return all the entities whose email address contains "john"

    Responses

    200

    successful operation.

    Response Schema: application/json
    content
    Array of objects (User)
    first
    boolean

    Indicates whether the current page is the first one.

    last
    boolean

    Indicates whether the current page is the last one.

    size
    integer <int32>

    Maximum number of elements per page.

    totalElements
    integer <int32>

    Number of elements included in the response.

    perPage
    integer <int32>

    Number of elements in current page.

    nextPage
    number

    Next page offset indicator. Its value should be passed in the pageOffset query parameter. when requesting the next page. Its type depends on the Identity Provider.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/users?filter=test&pageOffset=1&sortBy=email:desc&perPage=10&email=john' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "content":
      [
      ],
    • "first": true,
    • "last": true,
    • "size": 50,
    • "totalElements": 1,
    • "perPage": 1,
    • "nextPage": 1
    }

    Get User

    get /identities/{identity-provider-id}/users/{entity-id}

    Default server.

    https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/users/{entity-id}

    Return user by ID from the specified identity provider. For the local users repository in your Symantec ZTNA tenant, set identity-provider-id to 'local'.

    Authorizations:
    OAuth
    path Parameters
    identity-provider-id
    required
    string
    Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

    The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
    For Symantec ZTNA internal Identity Provider, set this property to local.

    entity-id
    required
    string
    Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f

    Entity identifier as determined by the owning Identity Provider.
    This identifier can be retrieved using Search Users By Identity Provider API for users or Search Groups By Identity Provider API for groups.

    Responses

    200

    successful operation.

    Response Schema: application/json
    username
    required
    string

    The identity with which the user logs in. Should be in the format anyText@<tenant-name>.<domain-name>.

    notification_email
    required
    string

    The email address to which notifications are sent.

    identity_provider_id
    required
    string <uuid> (IdentityProviderId)

    Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one.

    upn
    string

    User principal name.

    first_name
    string Nullable

    First name.

    last_name
    string Nullable

    Last name.

    email
    string

    The email address to which outgoing mails are sent. This field is deprecated. Please use username & notification_email fields.

    created_at
    string <date-time>

    The date when the user was created.

    updated_at
    string <date-time>

    The date when the user was last updated (modified).

    last_login
    string <date-time>

    Date when the user last logged in.

    logins_count
    integer <int32>

    The number of logins made by this user.

    repository_type
    string (IdentityProviderType)
    Enum: "local" "ad" "okta" "adfs" "gapps" "onelogin" "generic-saml"

    Identity provider name.

    is_admin
    boolean
    Default: false

    Indication whether the user holds an administrator role.

    is_deleted
    boolean
    Default: false

    Indication whether the user was deleted from the system.

    blocked
    boolean
    Default: false

    Indication whether the user is blocked from logging into your tenant.

    hasMfaSecret
    boolean
    Default: false

    Indication whether the user has already registered to the configured multi-factor authenticator provider.

    id
    string <uuid>

    A unique identifier of the user.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/users/4fd0a357-8b70-345a-9dd7-bf359b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "username": "john.doe@acme.luminatesec.com",
    • "notification_email": "john.doe@gmail.com",
    • "upn": "john.doe@acme.com",
    • "first_name": "John",
    • "last_name": "Doe",
    • "email": "john.doe@acme.com",
    • "created_at": "2025-07-28T13:34:25Z",
    • "updated_at": "2025-07-28T13:34:25Z",
    • "last_login": "2025-07-28T13:34:25Z",
    • "logins_count": 1235,
    • "repository_type": "local",
    • "is_admin": false,
    • "is_deleted": false,
    • "blocked": false,
    • "hasMfaSecret": false,
    • "id": "978f38e3-ec9f-4779-829d-19f1f443dec8",
    • "identity_provider_id": "local"
    }

    Delete User

    delete /identities/{identity-provider-id}/users/{entity-id}

    Default server.

    https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/users/{entity-id}

    Deletes a user permanently from Symantec ZTNA tenant's repository. Applicable for Generic SAML (SAML attributes) integration or Local Users only. For the local users repository in your Symantec ZTNA tenant, set identity-provider-id to 'local'.

    Authorizations:
    OAuth
    path Parameters
    identity-provider-id
    required
    string
    Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

    The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
    For Symantec ZTNA internal Identity Provider, set this property to local.

    entity-id
    required
    string
    Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f

    Entity identifier as determined by the owning Identity Provider.
    This identifier can be retrieved using Search Users By Identity Provider API for users or Search Groups By Identity Provider API for groups.

    Responses

    204

    successful operation.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X DELETE 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/users/4fd0a357-8b70-345a-9dd7-bf359b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Example
    InvalidIDParameter
    Copy
     Expand all Collapse all
    {
    • "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
    • "timestamp": 1548259503065,
    • "status": 400,
    • "reasonPhrase": "Bad Request",
    • "message": "Invalid request parameters: Invalid ID format - failed to process request"
    }

    Create Local User

    post /identities/local/users

    Default server.

    https://api.acme.luminatesec.com/v2/identities/local/users

    Creates a new user in Symantec ZTNA Identity Provider in your Symantec ZTNA tenant. In the request body. repository_type should be set to local.

    Authorizations:
    OAuth
    Request Body schema: application/json
    username
    required
    string

    The identity with which the user logs in. Should be in the format anyText@<tenant-name>.<domain-name>.

    notification_email
    required
    string

    The email address to which notifications are sent.

    identity_provider_id
    required
    string <uuid> (IdentityProviderId)

    Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one.

    upn
    string

    User principal name.

    first_name
    string Nullable

    First name.

    last_name
    string Nullable

    Last name.

    email
    string

    The email address to which outgoing mails are sent. This field is deprecated. Please use username & notification_email fields.

    repository_type
    string (IdentityProviderType)
    Enum: "local" "ad" "okta" "adfs" "gapps" "onelogin" "generic-saml"

    Identity provider name.

    Responses

    201

    successful operation.

    Response Schema: application/json
    username
    required
    string

    The identity with which the user logs in. Should be in the format anyText@<tenant-name>.<domain-name>.

    notification_email
    required
    string

    The email address to which notifications are sent.

    identity_provider_id
    required
    string <uuid> (IdentityProviderId)

    Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one.

    upn
    string

    User principal name.

    first_name
    string Nullable

    First name.

    last_name
    string Nullable

    Last name.

    email
    string

    The email address to which outgoing mails are sent. This field is deprecated. Please use username & notification_email fields.

    created_at
    string <date-time>

    The date when the user was created.

    updated_at
    string <date-time>

    The date when the user was last updated (modified).

    last_login
    string <date-time>

    Date when the user last logged in.

    logins_count
    integer <int32>

    The number of logins made by this user.

    repository_type
    string (IdentityProviderType)
    Enum: "local" "ad" "okta" "adfs" "gapps" "onelogin" "generic-saml"

    Identity provider name.

    is_admin
    boolean
    Default: false

    Indication whether the user holds an administrator role.

    is_deleted
    boolean
    Default: false

    Indication whether the user was deleted from the system.

    blocked
    boolean
    Default: false

    Indication whether the user is blocked from logging into your tenant.

    hasMfaSecret
    boolean
    Default: false

    Indication whether the user has already registered to the configured multi-factor authenticator provider.

    id
    string <uuid>

    A unique identifier of the user.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "username": "john.doe@acme.luminatesec.com",
    • "notification_email": "john.doe@gmail.com",
    • "upn": "john.doe@acme.com",
    • "first_name": "John",
    • "last_name": "Doe",
    • "email": "john.doe@acme.com",
    • "repository_type": "local",
    • "identity_provider_id": "local"
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "username": "john.doe@acme.luminatesec.com",
    • "notification_email": "john.doe@gmail.com",
    • "upn": "john.doe@acme.com",
    • "first_name": "John",
    • "last_name": "Doe",
    • "email": "john.doe@acme.com",
    • "created_at": "2025-07-28T13:34:25Z",
    • "updated_at": "2025-07-28T13:34:25Z",
    • "last_login": "2025-07-28T13:34:25Z",
    • "logins_count": 1235,
    • "repository_type": "local",
    • "is_admin": false,
    • "is_deleted": false,
    • "blocked": false,
    • "hasMfaSecret": false,
    • "id": "978f38e3-ec9f-4779-829d-19f1f443dec8",
    • "identity_provider_id": "local"
    }

    Update Local User

    put /identities/local/users/{entity-id}

    Default server.

    https://api.acme.luminatesec.com/v2/identities/local/users/{entity-id}

    Updates an existing user in Symantec ZTNA Identity Provider in your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    path Parameters
    entity-id
    required
    string
    Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f

    Entity identifier as determined by the owning Identity Provider.
    This identifier can be retrieved using Search Users By Identity Provider API for users or Search Groups By Identity Provider API for groups.

    Request Body schema: application/json
    username
    required
    string

    The identity with which the user logs in. Should be in the format anyText@<tenant-name>.<domain-name>.

    notification_email
    required
    string

    The email address to which notifications are sent.

    identity_provider_id
    required
    string <uuid> (IdentityProviderId)

    Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one.

    upn
    string

    User principal name.

    first_name
    string Nullable

    First name.

    last_name
    string Nullable

    Last name.

    email
    string

    The email address to which outgoing mails are sent. This field is deprecated. Please use username & notification_email fields.

    repository_type
    string (IdentityProviderType)
    Enum: "local" "ad" "okta" "adfs" "gapps" "onelogin" "generic-saml"

    Identity provider name.

    Responses

    200

    successful operation.

    Response Schema: application/json
    username
    required
    string

    The identity with which the user logs in. Should be in the format anyText@<tenant-name>.<domain-name>.

    notification_email
    required
    string

    The email address to which notifications are sent.

    identity_provider_id
    required
    string <uuid> (IdentityProviderId)

    Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one.

    upn
    string

    User principal name.

    first_name
    string Nullable

    First name.

    last_name
    string Nullable

    Last name.

    email
    string

    The email address to which outgoing mails are sent. This field is deprecated. Please use username & notification_email fields.

    created_at
    string <date-time>

    The date when the user was created.

    updated_at
    string <date-time>

    The date when the user was last updated (modified).

    last_login
    string <date-time>

    Date when the user last logged in.

    logins_count
    integer <int32>

    The number of logins made by this user.

    repository_type
    string (IdentityProviderType)
    Enum: "local" "ad" "okta" "adfs" "gapps" "onelogin" "generic-saml"

    Identity provider name.

    is_admin
    boolean
    Default: false

    Indication whether the user holds an administrator role.

    is_deleted
    boolean
    Default: false

    Indication whether the user was deleted from the system.

    blocked
    boolean
    Default: false

    Indication whether the user is blocked from logging into your tenant.

    hasMfaSecret
    boolean
    Default: false

    Indication whether the user has already registered to the configured multi-factor authenticator provider.

    id
    string <uuid>

    A unique identifier of the user.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    409

    Conflict - Value of one of the provided fields is already used by an existing object.

    500

    Internal Server Error.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "username": "john.doe@acme.luminatesec.com",
    • "notification_email": "john.doe@gmail.com",
    • "upn": "john.doe@acme.com",
    • "first_name": "John",
    • "last_name": "Doe",
    • "email": "john.doe@acme.com",
    • "repository_type": "local",
    • "identity_provider_id": "local"
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "username": "john.doe@acme.luminatesec.com",
    • "notification_email": "john.doe@gmail.com",
    • "upn": "john.doe@acme.com",
    • "first_name": "John",
    • "last_name": "Doe",
    • "email": "john.doe@acme.com",
    • "created_at": "2025-07-28T13:34:25Z",
    • "updated_at": "2025-07-28T13:34:25Z",
    • "last_login": "2025-07-28T13:34:25Z",
    • "logins_count": 1235,
    • "repository_type": "local",
    • "is_admin": false,
    • "is_deleted": false,
    • "blocked": false,
    • "hasMfaSecret": false,
    • "id": "978f38e3-ec9f-4779-829d-19f1f443dec8",
    • "identity_provider_id": "local"
    }

    Delete Local User

    delete /identities/local/users/{entity-id}

    Default server.

    https://api.acme.luminatesec.com/v2/identities/local/users/{entity-id}

    Deletes a user permanently from Symantec ZTNA Identity Provider in your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    path Parameters
    entity-id
    required
    string
    Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f

    Entity identifier as determined by the owning Identity Provider.
    This identifier can be retrieved using Search Users By Identity Provider API for users or Search Groups By Identity Provider API for groups.

    Responses

    204

    successful operation.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X DELETE 'https://api.acme.luminatesec.com/v2/identities/local/users/4fd0a357-8b70-345a-9dd7-bf359b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Example
    InvalidIDParameter
    Copy
     Expand all Collapse all
    {
    • "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
    • "timestamp": 1548259503065,
    • "status": 400,
    • "reasonPhrase": "Bad Request",
    • "message": "Invalid request parameters: Invalid ID format - failed to process request"
    }

    List Blocked Users

    get /identities/settings/blocked-users

    Default server.

    https://api.acme.luminatesec.com/v2/identities/settings/blocked-users

    Lists of blocked users in your Symantec ZTNA tenant.

    Authorizations:
    OAuth

    Responses

    200

    successful operation.

    Response Schema: application/json
    Array
    identity_provider_id
    required
    string <uuid> (IdentityProviderId)

    Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one.

    user_id
    required
    string (EntityId)

    Entity identifier as determined by the owning Identity Provider.
    This identifier can be retrieved using Search Users By Identity Provider API for users or Search Groups By Identity Provider API for groups.

    created_at
    string <date-time>

    The date when the user was blocked.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/identities/settings/blocked-users' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    [
    • {
      }
    ]

    Block User

    post /identities/{identity-provider-id}/users/{entity-id}/block

    Default server.

    https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/users/{entity-id}/block

    Blocks a user in your Symantec ZTNA tenant. Blocking a group of users is not supported. All active sessions of the given user will get disconnected and the user will no longer be able to login to your tenant.

    Authorizations:
    OAuth
    path Parameters
    identity-provider-id
    required
    string
    Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

    The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
    For Symantec ZTNA internal Identity Provider, set this property to local.

    entity-id
    required
    string
    Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f

    Entity identifier as determined by the owning Identity Provider.
    This identifier can be retrieved using Search Users By Identity Provider API for users or Search Groups By Identity Provider API for groups.

    Responses

    204

    successful operation.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X POST 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/users/4fd0a357-8b70-345a-9dd7-bf359b07451f/block' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Example
    InvalidIDParameter
    Copy
     Expand all Collapse all
    {
    • "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
    • "timestamp": 1548259503065,
    • "status": 400,
    • "reasonPhrase": "Bad Request",
    • "message": "Invalid request parameters: Invalid ID format - failed to process request"
    }

    Unblock User

    delete /identities/{identity-provider-id}/users/{entity-id}/block

    Default server.

    https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/users/{entity-id}/block

    Unblocks a user in your Symantec ZTNA tenant. Unblocking a group of users is not supported. Upon a successful operation, the user will be able to login to your tenant.

    Authorizations:
    OAuth
    path Parameters
    identity-provider-id
    required
    string
    Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

    The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
    For Symantec ZTNA internal Identity Provider, set this property to local.

    entity-id
    required
    string
    Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f

    Entity identifier as determined by the owning Identity Provider.
    This identifier can be retrieved using Search Users By Identity Provider API for users or Search Groups By Identity Provider API for groups.

    Responses

    204

    successful operation.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X DELETE 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/users/4fd0a357-8b70-345a-9dd7-bf359b07451f/block' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Example
    InvalidIDParameter
    Copy
     Expand all Collapse all
    {
    • "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
    • "timestamp": 1548259503065,
    • "status": 400,
    • "reasonPhrase": "Bad Request",
    • "message": "Invalid request parameters: Invalid ID format - failed to process request"
    }

    Groups

    A group that is managed by one of the supported Identity Providers or locally by Symantec ZTNA internal Identity Provider.

    Get Group

    get /identities/{identity-provider-id}/groups/{entity-id}

    Default server.

    https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/groups/{entity-id}

    Return group by ID from the specified identity provider. For the local groups repository in your Symantec ZTNA tenant, set identity-provider-id to 'local'.

    Authorizations:
    OAuth
    path Parameters
    identity-provider-id
    required
    string
    Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

    The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
    For Symantec ZTNA internal Identity Provider, set this property to local.

    entity-id
    required
    string
    Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f

    Entity identifier as determined by the owning Identity Provider.
    This identifier can be retrieved using Search Users By Identity Provider API for users or Search Groups By Identity Provider API for groups.

    Responses

    200

    successful operation.

    Response Schema: application/json
    name
    required
    string

    Group name

    id
    string

    Group uuid

    repository_type
    string (IdentityProviderType)
    Enum: "local" "ad" "okta" "adfs" "gapps" "onelogin" "generic-saml"

    Identity provider name.

    identity_provider_id
    string <uuid> (IdentityProviderId)

    Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one.

    created_at
    string <date-time>
    updated_at
    string <date-time>
    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/groups/4fd0a357-8b70-345a-9dd7-bf359b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "d8028639-a76a-4614-965a-7e3d4832d94b",
    • "name": "Administrators",
    • "repository_type": "local",
    • "identity_provider_id": "local",
    • "created_at": "2025-07-28T13:34:25Z",
    • "updated_at": "2025-07-28T13:34:25Z"
    }

    Delete Group

    delete /identities/{identity-provider-id}/groups/{entity-id}

    Default server.

    https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/groups/{entity-id}

    Deletes a group permanently from Symantec ZTNA tenant's repository. Applicable for Generic SAML (SAML attributes) integration or Local Groups only. For the local groups repository in your Symantec ZTNA tenant, set identity-provider-id to 'local'.

    Authorizations:
    OAuth
    path Parameters
    identity-provider-id
    required
    string
    Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

    The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
    For Symantec ZTNA internal Identity Provider, set this property to local.

    entity-id
    required
    string
    Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f

    Entity identifier as determined by the owning Identity Provider.
    This identifier can be retrieved using Search Users By Identity Provider API for users or Search Groups By Identity Provider API for groups.

    Responses

    204

    successful operation.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X DELETE 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/groups/4fd0a357-8b70-345a-9dd7-bf359b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Example
    InvalidIDParameter
    Copy
     Expand all Collapse all
    {
    • "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
    • "timestamp": 1548259503065,
    • "status": 400,
    • "reasonPhrase": "Bad Request",
    • "message": "Invalid request parameters: Invalid ID format - failed to process request"
    }

    Search Groups By Identity Provider

    get /identities/{identity-provider-id}/groups

    Default server.

    https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/groups

    Return an array of JSON objects. Each object represents a group in the given IDP.
    Pagination support is defined per Identity Provider. Filter applies for group name only.

    Authorizations:
    OAuth
    path Parameters
    identity-provider-id
    required
    string
    Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

    The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
    For Symantec ZTNA internal Identity Provider, set this property to local.

    query Parameters
    filter
    string
    Example: filter=test

    The string by which the results are filtered (see description)

    pageOffset
    string or number
    Example: pageOffset=1

    Page number. Depending on the Identity Provider, this field can either be a number or a string. It can't be assumed and a valid value must be used from the response returned for the previous page. If not specified, first page is returned.

    sortBy
    string
    Example: sortBy=email:desc

    The value of this parameter is a combination of sort key and sort direction: <field>:<direction>. Sort directions are either 'asc' for ascending or 'desc' for descending. The supported sort keys are ‘email’ for a user and name for a group. By default, query results are sorted in ascending order by ‘email’.

    perPage
    number <int32> [ 1 .. 100 ]
    Default: 25
    Example: perPage=10

    The number of items returned in a single page.

    Responses

    200

    successful operation.

    Response Schema: application/json
    content
    Array of objects (Group)
    first
    boolean

    Indicates whether the current page is the first one.

    last
    boolean

    Indicates whether the current page is the last one.

    size
    integer <int32>

    Maximum number of elements per page.

    totalElements
    integer <int32>

    Number of elements included in the response.

    perPage
    integer <int32>

    Number of elements in current page.

    nextPage
    number

    Next page offset indicator. Its value should be passed in the pageOffset query parameter. when requesting the next page. Its type depends on the Identity Provider.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/groups?filter=test&pageOffset=1&sortBy=email:desc&perPage=10' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "content":
      [
      ],
    • "first": true,
    • "last": true,
    • "size": 50,
    • "totalElements": 1,
    • "perPage": 1,
    • "nextPage": 1
    }

    Create Group

    post /identities/{identity-provider-id}/groups

    Default server.

    https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/groups

    Creates a new group in Symantec ZTNA tenant repository. Applicable for Generic SAML (SAML attributes) integration or Local Groups only. For the local groups repository in your Symantec ZTNA tenant, set identity-provider-id to 'local'.

    Authorizations:
    OAuth
    path Parameters
    identity-provider-id
    required
    string
    Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

    The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
    For Symantec ZTNA internal Identity Provider, set this property to local.

    Request Body schema: application/json
    name
    required
    string

    Group name

    Responses

    201

    successful operation.

    Response Schema: application/json
    name
    required
    string

    Group name

    id
    string

    Group uuid

    repository_type
    string (IdentityProviderType)
    Enum: "local" "ad" "okta" "adfs" "gapps" "onelogin" "generic-saml"

    Identity provider name.

    identity_provider_id
    string <uuid> (IdentityProviderId)

    Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one.

    created_at
    string <date-time>
    updated_at
    string <date-time>
    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "name": "Administrators"
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "d8028639-a76a-4614-965a-7e3d4832d94b",
    • "name": "Administrators",
    • "repository_type": "local",
    • "identity_provider_id": "local",
    • "created_at": "2025-07-28T13:34:25Z",
    • "updated_at": "2025-07-28T13:34:25Z"
    }

    List Assigned Users

    get /identities/{identity-provider-id}/groups/{entity-id}/users

    Default server.

    https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/groups/{entity-id}/users

    Returns a group's user list by ID from the specified identity provider For the local users repository in your Symantec ZTNA tenant, set identity-provider-id to 'local'.

    Authorizations:
    OAuth
    path Parameters
    identity-provider-id
    required
    string
    Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

    The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
    For Symantec ZTNA internal Identity Provider, set this property to local.

    entity-id
    required
    string
    Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f

    Entity identifier as determined by the owning Identity Provider.
    This identifier can be retrieved using Search Users By Identity Provider API for users or Search Groups By Identity Provider API for groups.

    query Parameters
    pageOffset
    string or number
    Example: pageOffset=1

    Page number. Depending on the Identity Provider, this field can either be a number or a string. It can't be assumed and a valid value must be used from the response returned for the previous page. If not specified, first page is returned.

    perPage
    number <int32> [ 1 .. 100 ]
    Default: 25
    Example: perPage=10

    The number of items returned in a single page.

    Responses

    200

    successful operation.

    Response Schema: application/json
    content
    Array of objects (User)
    first
    boolean

    Indicates whether the current page is the first one.

    last
    boolean

    Indicates whether the current page is the last one.

    size
    integer <int32>

    Maximum number of elements per page.

    totalElements
    integer <int32>

    Number of elements included in the response.

    perPage
    integer <int32>

    Number of elements in current page.

    nextPage
    number

    Next page offset indicator. Its value should be passed in the pageOffset query parameter. when requesting the next page. Its type depends on the Identity Provider.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/groups/{entity-id}/users?pageOffset=1&perPage=10' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "content":
      [
      ],
    • "first": true,
    • "last": true,
    • "size": 50,
    • "totalElements": 1,
    • "perPage": 1,
    • "nextPage": 1
    }

    Remove User From Group

    delete /identities/local/groups/{group-id}/users/{user-id}

    Default server.

    https://api.acme.luminatesec.com/v2/identities/local/groups/{group-id}/users/{user-id}

    Remove user from group.

    Authorizations:
    OAuth
    path Parameters
    group-id
    required
    string
    Example: b7188113-b9c6-4dee-9a3c-3963236f19a8

    Group ID

    user-id
    required
    string
    Example: 64b2d04f-157f-48a3-a277-e1b4147c46c4

    User ID

    Responses

    204

    successful operation.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X DELETE 'https://api.acme.luminatesec.com/v2/identities/local/groups/{group-id}/users/{user-id}' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Example
    InvalidIDParameter
    Copy
     Expand all Collapse all
    {
    • "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
    • "timestamp": 1548259503065,
    • "status": 400,
    • "reasonPhrase": "Bad Request",
    • "message": "Invalid request parameters: Invalid ID format - failed to process request"
    }

    Assign User To Group

    put /identities/local/groups/{group-id}/users/{user-id}

    Default server.

    https://api.acme.luminatesec.com/v2/identities/local/groups/{group-id}/users/{user-id}

    Add user to group.

    Authorizations:
    OAuth
    path Parameters
    group-id
    required
    string
    Example: b7188113-b9c6-4dee-9a3c-3963236f19a8

    Group ID

    user-id
    required
    string
    Example: 64b2d04f-157f-48a3-a277-e1b4147c46c4

    User ID

    Responses

    204

    successful operation.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X PUT 'https://api.acme.luminatesec.com/v2/identities/local/groups/{group-id}/users/{user-id}' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Example
    InvalidIDParameter
    Copy
     Expand all Collapse all
    {
    • "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
    • "timestamp": 1548259503065,
    • "status": 400,
    • "reasonPhrase": "Bad Request",
    • "message": "Invalid request parameters: Invalid ID format - failed to process request"
    }

    SSH Clients

    List SSH Clients

    get /ssh-clients

    Default server.

    https://api.acme.luminatesec.com/v2/ssh-clients

    Return an array of paginated JSON objects. Each object represents a ssh-client configured in your Symantec ZTNA tenant.
    Using the query filter=test will return all the ssh-clients for which one or more of the above listed fields contain "test"

    Authorizations:
    OAuth
    query Parameters
    sort
    string
    Enum: "name" "created_on" "last_accessed" "expires" "description"

    Name of field to sort

    size
    number <int32> <= 100
    Default: 50
    Example: size=10

    The number of items returned in a single page.

    page
    number <int32>

    The page number.

    filter
    string
    Example: filter=test

    The string by which the results are filtered (see description)

    Responses

    200

    successful operation.

    Response Schema: application/json
    content
    Array of objects (SSH-Client)
    first
    boolean

    Indicates whether the current page is the first one.

    last
    boolean

    Indicates whether the current page is the last one.

    size
    integer <int32>

    Maximum number of elements per page.

    totalElements
    integer <int32>

    Number of elements included in the response.

    totalPages
    integer <int32>

    Number of pages included in the response.

    number
    integer <int32>

    Page number

    numberOfElements
    integer <int32>

    Number of elements in current page.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/ssh-clients?sort=undefined&size=10&page=0&filter=test' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "content":
      [
      ],
    • "first": true,
    • "last": true,
    • "size": 50,
    • "totalElements": 1,
    • "totalPages": 1,
    • "number": 0,
    • "numberOfElements": 1
    }

    SCIM

    When working with Generic SAML IDP, the users and groups are managed with the following APIs which comply with SCIM 2.0 protocol.

    For the search the user/group, the following search API should be used:
    List Users API.
    List Groups API.

    Create SCIM User

    post /identities/{identity-provider-id}/scim/users

    Default server.

    https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/scim/users

    Create a SCIM user.

    Authorizations:
    OAuth
    path Parameters
    identity-provider-id
    required
    string
    Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

    The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
    For Symantec ZTNA internal Identity Provider, set this property to local.

    Request Body schema: application/json
    emails
    required
    Array of objects (SCIMUserEmail)

    SCIM-user's emails list.

    userName
    required
    string

    SCIM-user's username.

    name
    required
    object (SCIMUserFullName)
    schemas
    Array of strings
    Items Value: "urn:ietf:params:scim:schemas:core:2.0:User"

    the relevant schemas for the request

    externalId
    string <uuid>

    SCIM user's external id

    displayName
    string

    SCIM-user's display name.

    targetWorkstations
    Array of strings

    SCIM-user's target workstations addresses.

    Responses

    201

    successful operation.

    Response Schema: application/json
    emails
    required
    Array of objects (SCIMUserEmail)

    SCIM-user's emails list.

    userName
    required
    string

    SCIM-user's username.

    name
    required
    object (SCIMUserFullName)
    id
    string <uuid>

    A unique identifier of this user. Note: This field is required for any operation other than initial creation.

    schemas
    Array of strings
    Items Value: "urn:ietf:params:scim:schemas:core:2.0:User"

    the relevant schemas for the request

    externalId
    string <uuid>

    SCIM user's external id

    displayName
    string

    SCIM-user's display name.

    targetWorkstations
    Array of strings

    SCIM-user's target workstations addresses.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    409

    Conflict - Value of one of the provided fields is already used by an existing object.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "schemas":
      [
      ],
    • "name":
      {
      },
    • "emails":
      [
      ],
    • "userName": "user3",
    • "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
    • "displayName": "string",
    • "targetWorkstations":
      [
      ]
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "schemas":
      [
      ],
    • "name":
      {
      },
    • "emails":
      [
      ],
    • "userName": "user3",
    • "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
    • "displayName": "string",
    • "targetWorkstations":
      [
      ]
    }

    List SCIM Users

    get /identities/{identity-provider-id}/scim/users

    Default server.

    https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/scim/users

    Return an array of paginated JSON objects. Each object represents a SCIM user.

    Authorizations:
    OAuth
    path Parameters
    identity-provider-id
    required
    string
    Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

    The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
    For Symantec ZTNA internal Identity Provider, set this property to local.

    Responses

    200

    successful operation.

    Response Schema: application/json
    content
    Array of objects (SCIM-User)
    itemsPerPage
    integer <int32>

    Number of elements in current page.

    schemas
    Array of strings
    Items Value: "urn:ietf:params:scim:api:messages:2.0:ListResponse"

    SCIM list schema

    startIndex
    integer <int32>

    The 1-based index of the first result in the current set of list results.

    totalResults
    integer <int32>

    Number of elements included in the response.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/scim/users' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "content":
      [
      ],
    • "itemsPerPage": 1,
    • "schemas":
      [
      ],
    • "startIndex": 1,
    • "totalResults": 1
    }

    Get SCIM User

    get /identities/{identity-provider-id}/scim/users/{user-id}

    Default server.

    https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/scim/users/{user-id}

    Return the details of a SCIM user.

    Authorizations:
    OAuth
    path Parameters
    identity-provider-id
    required
    string
    Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

    The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
    For Symantec ZTNA internal Identity Provider, set this property to local.

    user-id
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    The user ID.

    Responses

    200

    successful operation.

    Response Schema: application/json
    emails
    required
    Array of objects (SCIMUserEmail)

    SCIM-user's emails list.

    userName
    required
    string

    SCIM-user's username.

    name
    required
    object (SCIMUserFullName)
    id
    string <uuid>

    A unique identifier of this user. Note: This field is required for any operation other than initial creation.

    schemas
    Array of strings
    Items Value: "urn:ietf:params:scim:schemas:core:2.0:User"

    the relevant schemas for the request

    externalId
    string <uuid>

    SCIM user's external id

    displayName
    string

    SCIM-user's display name.

    targetWorkstations
    Array of strings

    SCIM-user's target workstations addresses.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    404

    Not Found - The specified resource was not found.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/scim/users/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "schemas":
      [
      ],
    • "name":
      {
      },
    • "emails":
      [
      ],
    • "userName": "user3",
    • "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
    • "displayName": "string",
    • "targetWorkstations":
      [
      ]
    }

    Delete SCIM User

    delete /identities/{identity-provider-id}/scim/users/{user-id}

    Default server.

    https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/scim/users/{user-id}

    Delete a SCIM user.

    Authorizations:
    OAuth
    path Parameters
    identity-provider-id
    required
    string
    Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

    The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
    For Symantec ZTNA internal Identity Provider, set this property to local.

    user-id
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    The user ID.

    Responses

    204

    successful operation.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    Request samples

    Copy
    curl -X DELETE 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/scim/users/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
    • "timestamp": 1551881524069,
    • "status": 401,
    • "reasonPhrase": "Unauthorized",
    • "message": "You are not authorized to perform this operation.",
    • "errors":
      [
      ]
    }

    Update SCIM User

    put /identities/{identity-provider-id}/scim/users/{user-id}

    Default server.

    https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/scim/users/{user-id}

    Update an existing SCIM user.

    Authorizations:
    OAuth
    path Parameters
    identity-provider-id
    required
    string
    Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

    The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
    For Symantec ZTNA internal Identity Provider, set this property to local.

    user-id
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    The user ID.

    Request Body schema: application/json
    emails
    required
    Array of objects (SCIMUserEmail)

    SCIM-user's emails list.

    userName
    required
    string

    SCIM-user's username.

    name
    required
    object (SCIMUserFullName)
    schemas
    Array of strings
    Items Value: "urn:ietf:params:scim:schemas:core:2.0:User"

    the relevant schemas for the request

    externalId
    string <uuid>

    SCIM user's external id

    displayName
    string

    SCIM-user's display name.

    targetWorkstations
    Array of strings

    SCIM-user's target workstations addresses.

    Responses

    200

    successful operation.

    Response Schema: application/json
    emails
    required
    Array of objects (SCIMUserEmail)

    SCIM-user's emails list.

    userName
    required
    string

    SCIM-user's username.

    name
    required
    object (SCIMUserFullName)
    id
    string <uuid>

    A unique identifier of this user. Note: This field is required for any operation other than initial creation.

    schemas
    Array of strings
    Items Value: "urn:ietf:params:scim:schemas:core:2.0:User"

    the relevant schemas for the request

    externalId
    string <uuid>

    SCIM user's external id

    displayName
    string

    SCIM-user's display name.

    targetWorkstations
    Array of strings

    SCIM-user's target workstations addresses.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    409

    Conflict - Value of one of the provided fields is already used by an existing object.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "schemas":
      [
      ],
    • "name":
      {
      },
    • "emails":
      [
      ],
    • "userName": "user3",
    • "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
    • "displayName": "string",
    • "targetWorkstations":
      [
      ]
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "schemas":
      [
      ],
    • "name":
      {
      },
    • "emails":
      [
      ],
    • "userName": "user3",
    • "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
    • "displayName": "string",
    • "targetWorkstations":
      [
      ]
    }

    Create a SCIM Group

    post /identities/{identity-provider-id}/scim/groups

    Default server.

    https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/scim/groups

    Create a SCIM group.

    Authorizations:
    OAuth
    path Parameters
    identity-provider-id
    required
    string
    Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

    The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
    For Symantec ZTNA internal Identity Provider, set this property to local.

    Request Body schema: application/json
    displayName
    required
    string

    SCIM-group's name.

    schemas
    Array of strings
    Items Value: "urn:ietf:params:scim:schemas:core:2.0:Group"

    the relevant schemas for the request

    externalId
    string <uuid>

    SCIM group's external id.

    members
    Array of objects (SCIMGroupMembers)

    all group members.

    Responses

    201

    successful operation.

    Response Schema: application/json
    displayName
    required
    string

    SCIM-group's name.

    id
    string <uuid>

    A unique identifier of this group. Note: This field is required for any operation other than initial creation.

    schemas
    Array of strings
    Items Value: "urn:ietf:params:scim:schemas:core:2.0:Group"

    the relevant schemas for the request

    externalId
    string <uuid>

    SCIM group's external id.

    members
    Array of objects (SCIMGroupMembers)

    all group members.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    404

    Not Found - The specified resource was not found.

    409

    Conflict - Value of one of the provided fields is already used by an existing object.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "schemas":
      [
      ],
    • "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
    • "displayName": "string",
    • "members":
      [
      ]
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "schemas":
      [
      ],
    • "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
    • "displayName": "string",
    • "members":
      [
      ]
    }

    List SCIM Groups

    get /identities/{identity-provider-id}/scim/groups

    Default server.

    https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/scim/groups

    Return an array of paginated JSON objects. Each object represents a SCIM group.

    Authorizations:
    OAuth
    path Parameters
    identity-provider-id
    required
    string
    Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

    The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
    For Symantec ZTNA internal Identity Provider, set this property to local.

    Responses

    200

    successful operation.

    Response Schema: application/json
    content
    Array of objects (SCIM-Group)
    itemsPerPage
    integer <int32>

    Number of elements in current page.

    schemas
    Array of strings
    Items Value: "urn:ietf:params:scim:api:messages:2.0:ListResponse"

    SCIM list schema

    startIndex
    integer <int32>

    The 1-based index of the first result in the current set of list results.

    totalResults
    integer <int32>

    Number of elements included in the response.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/scim/groups' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "content":
      [
      ],
    • "itemsPerPage": 1,
    • "schemas":
      [
      ],
    • "startIndex": 1,
    • "totalResults": 1
    }

    Get SCIM Group

    get /identities/{identity-provider-id}/scim/groups/{group-id}

    Default server.

    https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/scim/groups/{group-id}

    Return the details of a SCIM group.

    Authorizations:
    OAuth
    path Parameters
    identity-provider-id
    required
    string
    Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

    The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
    For Symantec ZTNA internal Identity Provider, set this property to local.

    group-id
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    The group ID.

    Responses

    200

    successful operation.

    Response Schema: application/json
    displayName
    required
    string

    SCIM-group's name.

    id
    string <uuid>

    A unique identifier of this group. Note: This field is required for any operation other than initial creation.

    schemas
    Array of strings
    Items Value: "urn:ietf:params:scim:schemas:core:2.0:Group"

    the relevant schemas for the request

    externalId
    string <uuid>

    SCIM group's external id.

    members
    Array of objects (SCIMGroupMembers)

    all group members.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    404

    Not Found - The specified resource was not found.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/scim/groups/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "schemas":
      [
      ],
    • "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
    • "displayName": "string",
    • "members":
      [
      ]
    }

    Update SCIM Group

    put /identities/{identity-provider-id}/scim/groups/{group-id}

    Default server.

    https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/scim/groups/{group-id}

    Update an existing group.

    Authorizations:
    OAuth
    path Parameters
    identity-provider-id
    required
    string
    Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

    The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
    For Symantec ZTNA internal Identity Provider, set this property to local.

    group-id
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    The group ID.

    Request Body schema: application/json
    displayName
    required
    string

    SCIM-group's name.

    schemas
    Array of strings
    Items Value: "urn:ietf:params:scim:schemas:core:2.0:Group"

    the relevant schemas for the request

    externalId
    string <uuid>

    SCIM group's external id.

    members
    Array of objects (SCIMGroupMembers)

    all group members.

    Responses

    200

    successful operation.

    Response Schema: application/json
    displayName
    required
    string

    SCIM-group's name.

    id
    string <uuid>

    A unique identifier of this group. Note: This field is required for any operation other than initial creation.

    schemas
    Array of strings
    Items Value: "urn:ietf:params:scim:schemas:core:2.0:Group"

    the relevant schemas for the request

    externalId
    string <uuid>

    SCIM group's external id.

    members
    Array of objects (SCIMGroupMembers)

    all group members.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    404

    Not Found - The specified resource was not found.

    409

    Conflict - Value of one of the provided fields is already used by an existing object.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "schemas":
      [
      ],
    • "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
    • "displayName": "string",
    • "members":
      [
      ]
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "schemas":
      [
      ],
    • "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
    • "displayName": "string",
    • "members":
      [
      ]
    }

    Delete SCIM Group

    delete /identities/{identity-provider-id}/scim/groups/{group-id}

    Default server.

    https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/scim/groups/{group-id}

    Delete a SCIM group.

    Authorizations:
    OAuth
    path Parameters
    identity-provider-id
    required
    string
    Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

    The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
    For Symantec ZTNA internal Identity Provider, set this property to local.

    group-id
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    The group ID.

    Responses

    204

    successful operation.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    Request samples

    Copy
    curl -X DELETE 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/scim/groups/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
    • "timestamp": 1551881524069,
    • "status": 401,
    • "reasonPhrase": "Unauthorized",
    • "message": "You are not authorized to perform this operation.",
    • "errors":
      [
      ]
    }

    Modify a SCIM Group

    patch /identities/{identity-provider-id}/scim/groups/{group-id}

    Default server.

    https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/scim/groups/{group-id}

    Modify a SCIM group that has one or more required SCIM 2.0 attributes. Supports only add/remove/replace operations.

    Authorizations:
    OAuth
    path Parameters
    identity-provider-id
    required
    string
    Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

    The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
    For Symantec ZTNA internal Identity Provider, set this property to local.

    group-id
    required
    string <uuid>
    Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

    The group ID.

    Request Body schema: application/json
    Operations
    required
    Array of objects (SCIMGroupOperation)
    schemas
    required
    Array of strings
    Items Value: "urn:ietf:params:scim:schemas:core:2.0:PatchOp"

    the relevant schemas for the request

    Responses

    200

    successful operation.

    Response Schema: application/json
    displayName
    required
    string

    SCIM-group's name.

    id
    string <uuid>

    A unique identifier of this group. Note: This field is required for any operation other than initial creation.

    schemas
    Array of strings
    Items Value: "urn:ietf:params:scim:schemas:core:2.0:Group"

    the relevant schemas for the request

    externalId
    string <uuid>

    SCIM group's external id.

    members
    Array of objects (SCIMGroupMembers)

    all group members.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    404

    Not Found - The specified resource was not found.

    Request samples

    Content type
    application/json
    Example
    Add
    Copy
     Expand all Collapse all
    {
    • "schemas":
      [
      ],
    • "Operations":
      [
      ]
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
    • "schemas":
      [
      ],
    • "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
    • "displayName": "string",
    • "members":
      [
      ]
    }

    Cloud Integration

    Integration with Cloud Providers like Amazon Web Services to provide a smoother and cloud-native integration with SIEM solutions and to allow access to resources based on their associated tags.

    List Cloud Integration Configurations

    get /cloud-integrations/integrations

    Default server.

    https://api.acme.luminatesec.com/v2/cloud-integrations/integrations

    Return an array of JSON objects. Each object represents a Cloud Integration configuration in your Symantec ZTNA tenant.

    Authorizations:
    OAuth

    Responses

    200

    successful operation.

    Response Schema: application/json
    Array
    name
    required
    string (CloudIntegrationName)

    A descriptive name of the Cloud Integration.

    provider
    required
    string (CloudIntegrationProvider)
    Default: "amazon"
    Value: "amazon"

    Cloud Provider name.

    id
    string

    A unique identifier of thœe Cloud Integration.

    created_at
    string <date-time>
    updated_at
    string <date-time>
    aws_external_id
    string

    AWS External ID.

    aws_role_arn
    string (CloudIntegrationArn)

    The AWS role ARN.

    regions
    Array of strings (CloudIntegrationRegions)

    A list of regions that are applicable for the configured Cloud Integration.

    hostname_tag_name
    string (CloudIntegrationHostnameTagName)
    Default: "Name"

    The tag that represents the hostname.

    health
    object (CloudIntegrationHealth)
    luminate_aws_account_id
    string

    The tag that represents the hostname.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/cloud-integrations/integrations' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    [
    • {
      }
    ]

    Create Cloud Integration Configuration

    post /cloud-integrations/integrations

    Default server.

    https://api.acme.luminatesec.com/v2/cloud-integrations/integrations

    Create a new cloud integration configuration in your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    Request Body schema: application/json
    name
    required
    string (CloudIntegrationName)

    A descriptive name of the Cloud Integration.

    provider
    required
    string (CloudIntegrationProvider)
    Default: "amazon"
    Value: "amazon"

    Cloud Provider name.

    regions
    Array of strings (CloudIntegrationRegions)

    A list of regions that are applicable for the configured Cloud Integration.

    hostname_tag_name
    string (CloudIntegrationHostnameTagName)
    Default: "Name"

    The tag that represents the hostname.

    Responses

    201

    successful operation.

    Response Schema: application/json
    name
    required
    string (CloudIntegrationName)

    A descriptive name of the Cloud Integration.

    provider
    required
    string (CloudIntegrationProvider)
    Default: "amazon"
    Value: "amazon"

    Cloud Provider name.

    id
    string

    A unique identifier of thœe Cloud Integration.

    created_at
    string <date-time>
    updated_at
    string <date-time>
    aws_external_id
    string

    AWS External ID.

    aws_role_arn
    string (CloudIntegrationArn)

    The AWS role ARN.

    regions
    Array of strings (CloudIntegrationRegions)

    A list of regions that are applicable for the configured Cloud Integration.

    hostname_tag_name
    string (CloudIntegrationHostnameTagName)
    Default: "Name"

    The tag that represents the hostname.

    health
    object (CloudIntegrationHealth)
    luminate_aws_account_id
    string

    The tag that represents the hostname.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    409

    Conflict - Value of one of the provided fields is already used by an existing object.

    500

    Internal Server Error.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "name": "AWS EU Integration",
    • "provider": "amazon",
    • "regions":
      [
      ],
    • "hostname_tag_name": "Name"
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "name": "AWS EU Integration",
    • "provider": "amazon",
    • "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
    • "created_at": "2025-07-28T13:34:25Z",
    • "updated_at": "2025-07-28T13:34:25Z",
    • "aws_external_id": "aaabbbcccc",
    • "aws_role_arn": "arn:xxx:yyy:zzz",
    • "regions":
      [
      ],
    • "hostname_tag_name": "Name",
    • "health":
      {
      },
    • "luminate_aws_account_id": 12312312
    }

    Get Cloud Integration Configuration

    get /cloud-integrations/integrations/{cloud-integration-id}

    Default server.

    https://api.acme.luminatesec.com/v2/cloud-integrations/integrations/{cloud-integration-id}

    Return a Cloud Integration configuration from your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    path Parameters
    cloud-integration-id
    required
    string <uuid>
    Example: 18837193-a81a-400f-b38d-482379e3ab47

    Cloud Integration ID

    Responses

    200

    successful operation.

    Response Schema: application/json
    name
    required
    string (CloudIntegrationName)

    A descriptive name of the Cloud Integration.

    provider
    required
    string (CloudIntegrationProvider)
    Default: "amazon"
    Value: "amazon"

    Cloud Provider name.

    id
    string

    A unique identifier of thœe Cloud Integration.

    created_at
    string <date-time>
    updated_at
    string <date-time>
    aws_external_id
    string

    AWS External ID.

    aws_role_arn
    string (CloudIntegrationArn)

    The AWS role ARN.

    regions
    Array of strings (CloudIntegrationRegions)

    A list of regions that are applicable for the configured Cloud Integration.

    hostname_tag_name
    string (CloudIntegrationHostnameTagName)
    Default: "Name"

    The tag that represents the hostname.

    health
    object (CloudIntegrationHealth)
    luminate_aws_account_id
    string

    The tag that represents the hostname.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X GET 'https://api.acme.luminatesec.com/v2/cloud-integrations/integrations/18837193-a81a-400f-b38d-482379e3ab47' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "name": "AWS EU Integration",
    • "provider": "amazon",
    • "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
    • "created_at": "2025-07-28T13:34:25Z",
    • "updated_at": "2025-07-28T13:34:25Z",
    • "aws_external_id": "aaabbbcccc",
    • "aws_role_arn": "arn:xxx:yyy:zzz",
    • "regions":
      [
      ],
    • "hostname_tag_name": "Name",
    • "health":
      {
      },
    • "luminate_aws_account_id": 12312312
    }

    Update Cloud Integration Configuration

    put /cloud-integrations/integrations/{cloud-integration-id}

    Default server.

    https://api.acme.luminatesec.com/v2/cloud-integrations/integrations/{cloud-integration-id}

    Update an existing Cloud Integration configuration in your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    path Parameters
    cloud-integration-id
    required
    string <uuid>
    Example: 18837193-a81a-400f-b38d-482379e3ab47

    Cloud Integration ID

    Request Body schema: application/json
    name
    required
    string (CloudIntegrationName)

    A descriptive name of the Cloud Integration.

    provider
    required
    string (CloudIntegrationProvider)
    Default: "amazon"
    Value: "amazon"

    Cloud Provider name.

    aws_role_arn
    required
    string (CloudIntegrationArn)

    The AWS role ARN.

    regions
    Array of strings (CloudIntegrationRegions)

    A list of regions that are applicable for the configured Cloud Integration.

    hostname_tag_name
    string (CloudIntegrationHostnameTagName)
    Default: "Name"

    The tag that represents the hostname.

    Responses

    200

    successful operation.

    Response Schema: application/json
    name
    required
    string (CloudIntegrationName)

    A descriptive name of the Cloud Integration.

    provider
    required
    string (CloudIntegrationProvider)
    Default: "amazon"
    Value: "amazon"

    Cloud Provider name.

    id
    string

    A unique identifier of thœe Cloud Integration.

    created_at
    string <date-time>
    updated_at
    string <date-time>
    aws_external_id
    string

    AWS External ID.

    aws_role_arn
    string (CloudIntegrationArn)

    The AWS role ARN.

    regions
    Array of strings (CloudIntegrationRegions)

    A list of regions that are applicable for the configured Cloud Integration.

    hostname_tag_name
    string (CloudIntegrationHostnameTagName)
    Default: "Name"

    The tag that represents the hostname.

    health
    object (CloudIntegrationHealth)
    luminate_aws_account_id
    string

    The tag that represents the hostname.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    409

    Conflict - Value of one of the provided fields is already used by an existing object.

    500

    Internal Server Error.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "name": "AWS EU Integration",
    • "provider": "amazon",
    • "aws_role_arn": "arn:xxx:yyy:zzz",
    • "regions":
      [
      ],
    • "hostname_tag_name": "Name"
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "name": "AWS EU Integration",
    • "provider": "amazon",
    • "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
    • "created_at": "2025-07-28T13:34:25Z",
    • "updated_at": "2025-07-28T13:34:25Z",
    • "aws_external_id": "aaabbbcccc",
    • "aws_role_arn": "arn:xxx:yyy:zzz",
    • "regions":
      [
      ],
    • "hostname_tag_name": "Name",
    • "health":
      {
      },
    • "luminate_aws_account_id": 12312312
    }

    Delete Cloud Integration

    delete /cloud-integrations/integrations/{cloud-integration-id}

    Default server.

    https://api.acme.luminatesec.com/v2/cloud-integrations/integrations/{cloud-integration-id}

    Delete a Cloud Integration configuration from your Symantec ZTNA tenant.

    Authorizations:
    OAuth
    path Parameters
    cloud-integration-id
    required
    string <uuid>
    Example: 18837193-a81a-400f-b38d-482379e3ab47

    Cloud Integration ID

    Responses

    204

    successful operation.

    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    500

    Internal Server Error.

    Request samples

    Copy
    curl -X DELETE 'https://api.acme.luminatesec.com/v2/cloud-integrations/integrations/18837193-a81a-400f-b38d-482379e3ab47' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

    Response samples

    Content type
    application/json
    Example
    InvalidIDParameter
    Copy
     Expand all Collapse all
    {
    • "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
    • "timestamp": 1548259503065,
    • "status": 400,
    • "reasonPhrase": "Bad Request",
    • "message": "Invalid request parameters: Invalid ID format - failed to process request"
    }

    Audit Logs

    Audit logs audit all operations done through the administration portal.

    Search Audit logs

    post /logs/audit

    Default server.

    https://api.acme.luminatesec.com/v2/logs/audit

    Searches your tenant audit logs using the Elasticsearch query language. Timeframe between from_date to to_date is limited to 30 days. Results are always sorted by date in ascending order.

    Authorizations:
    OAuth
    Request Body schema: application/json
    query
    required
    object (SearchQuery)
    size
    integer <int32> [ 0 .. 1000 ]
    Default: 1000

    The maximum number of results to return.

    search_after
    Array of strings or numbers (SearchAfter) Nullable

    Elasticsearch Search After Syntax.
    To get the next page, copy the SearchAfterValues value from previous response.

    Responses

    200

    successful operation.

    Response Schema: application/json
    Hits
    number <int32> (Hits)

    Total number of logs found that match the query.

    Logs
    Array of objects (AuditLogResult)
    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "size": 500,
    • "query":
      {
      },
    • "search_after":
      [
      ]
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "Hits": 1,
    • "Logs":
      [
      ]
    }

    Forensics Logs

    Forensics logs audit any user's access to any application as well as user's activity for any application.

    Search Forensics logs

    post /logs/forensics

    Default server.

    https://api.acme.luminatesec.com/v2/logs/forensics

    Searches for the tenant's forensics logs using the Elasticsearch query language. Time search frame between [from_date to to_date] limited to 30 days. Results are always sorted by date in ascending order.

    Authorizations:
    OAuth
    Request Body schema: application/json
    query
    required
    object (SearchQuery)
    size
    integer <int32> [ 0 .. 1000 ]
    Default: 1000

    The maximum number of results to return.

    search_after
    Array of strings or numbers (SearchAfter) Nullable

    Elasticsearch Search After Syntax.
    To get the next page, copy the SearchAfterValues value from previous response.

    Responses

    200

    successful operation.

    Response Schema: application/json
    Hits
    number <int32> (Hits)

    Total number of logs found that match the query.

    Logs
    Array of objects (ForensicsLogResult)
    400

    Bad Request - The server cannot or will not process the request due to an apparent client error.

    401

    Unauthorized - Authentication is required and has failed or has not yet been provided.

    403

    Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

    404

    NotFound - The specified resource was not found.

    500

    Internal Server Error.

    Request samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "size": 500,
    • "query":
      {
      },
    • "search_after":
      [
      ]
    }

    Response samples

    Content type
    application/json
    Copy
     Expand all Collapse all
    {
    • "Hits": 1,
    • "Logs":
      [
      ]
    }