Download OpenAPI specification:Download
Effective from | Change |
---|---|
March 24th, 2025 |
You can now choose the authentication mode for registering Connectors
by specifying the authentication_mode field during site creation.
The available options are: ['Connector', 'Site'] .
This value is immutable and must be set at creation.
Default Behavior (
By default, the Connector mode is used, which aligns with the previous behavior.
In this mode:
• Connectors are created and bound via API calls.
• During Connector creation, the API returns a one-time password (OTP).
• The OTP is passed as an environment variable and used by the Connector Container for registration.
• Once the registration is complete, the OTP becomes invalid, and the Connector’s persistent storage must be maintained to ensure resiliency.
|
Dec 18th, 2024 | The APIs Get Application, Create Application and Update Application have been updated by removing DNS type from both response and request, You can now perform all necessary operations in the new DNS Resiliency section DNS Resiliency. |
Symantec ZTNA API uses common RESTful resourced based URL conventions and JSON as the exchange format.
Properties names are case-sensitive.
Some of Symantec ZTNA API calls omit None values from the API response.
The base-URL is api.
<tenant-name
>.luminatesec.com
.
For example, if your administration portal URL is admin.acme.luminatesec.com,
then your API base-URL is api.acme.luminatesec.com.
All examples below are performed on a tenant called acme.
Below you may find a list of common operations and the relevant API calls for each. Each of these operations can also be performed by using the administrative portal at https://admin.acme.luminatesec.com.
The object model of the API is built around the following:
Authentication is done using OAuth2 with the Bearer authentication scheme.
The Symantec ZTNA API is available to Symantec ZTNA users who have administrative privileges in their Symantec ZTNA tenant. An administrator should create an API client through the Symantec ZTNA Admin portal and copy the ‘Client Id’ and the ‘Client Secret’. Then the administrator should assign the API client an appropriate role in 'Tenant Roles' page.
Retrieving the API access token is done using Basic-Authentication scheme, POST of a Base64 encoded Client-ID and Client-Secret:
curl -X POST \
https://api.acme.luminatesec.com/v1/oauth/token \
-u yourApiClientId:yourApiClientSecret
This call returns the following JSON: { "access_token":"edfe22e3-eb4c-4c83-8ce3-3152e6a2XXX", "expires_in":3600, "scope":"luminate-scope", "token_type":"Bearer", "error":"", "error_description":""}
All further API calls should include the ‘Authorization’ header with value “Bearer AccessToken”
For example:
curl -H "Authorization: Bearer edfe22e3-eb4c-4c83-8ce3-3152e6a2XXX" "https://api.acme.luminatesec.com/v2/applications"
The Symantec ZTNA API is available to Symantec ZTNA users who have administrative privileges in their Symantec ZTNA tenant.
An administrator can create a token through the Symantec ZTNA Admin portal, with type 'Token' and copy the ‘Client Token'.
Make sure to copy the token once it's generated, it won't be presented again!
Then, the administrator should assign the token an appropriate role in 'Tenant Roles' page.
To enforce the new role, the administrator must click the 'Enforce Roles' button on the token entity page.
All further API calls should include the ‘Authorization’ header with value “Bearer <client-token-value>”
For example:
curl -H "Authorization: Bearer 2d902c58adc30cfaa12c83b7a524fdf753b7f6adb9d13a5d8e4122f643c2c6ca8c597ade37d198e799b338d2448018dddecd341b770d495305d93f39e53e6f6ab691456e25768e76ac7e53282b2b7a24a9d2f3636acca2dd894b1279e4e93aa4db010a0922f612f7253af71b3a414ad5435489bc7987cd6648eeb05ec6643e00ba33c920e2eea9d55cbb4167bc5d58aecfbc0acfc82be613e1176894fd6ded83943374e30fa5724d4b4088494f59eefe2164c6c6373163029b551c195c9251c633ccda6a498a0d48a43fXXX01bd88da0edc5dba6XXXc86d828256d0b8de0af11e3e1e81cf1d1651657c88af8cab57358886d680f36de53608f48b0a9b769aXXX" "https://api.acme.luminatesec.com/v2/sites"
The latest Major Version is v2
.
The Major Version is included in the URL path (e.g. /v2/applications ) and it denotes breaking changes to the API. Minor and Patch versions are transparent to the client.
Some of our API responses are paginated, meaning that only a certain number of items are returned at a time.
The default number of items returned in a single page is 50.
You can override this by passing a size parameter to set the maximum number of results, but cannot exceed 100.
Specifying the page number sets the starting point for the result set, allowing you to fetch subsequent items
that are not in the initial set of results. The sort order for returned data can be controlled using the sort parameter.
You can constrain the results by using a filter.
Note: Most methods that support pagination use the approach specified above. However, some methods use varied
versions of pagination. The individual documentation for each API method is your source of truth for which pattern the method follows.
The API has a rate limit of 5 requests per second. If you have hit the rate limit, then a ‘429’ status code will be returned. In such cases, you should back-off from submitting new requests for 1 second before resuming.
Note that rate-limitation applies to the accumulated requests of all of your clients. For example, if you have 6 clients submitting requests simultaneously at a rate of 1 request per second for each one then one of them is likely to get a 429 status code.
For additional help you may refer to our support at https://support.broadcom.com
Each request submitted to the API returns a unique request ID that is generated by
the API.
The request ID will be returned in header x-lum-request-id
.
If you need to contact us about any specific request then this ID will serve as a
reference to the given request.
Default server.
Creates a Site in your Symantec ZTNA tenant.
name required | string [ 2 .. 700 ] A descriptive name of the site. |
kubernetes_persistent_volume_name | string (kubernetes_persistent_volume_name) Default: null A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate. |
mute_health_notification | boolean Default: false Indication whether health notifications are enabled for this site. |
region | string The connectivity region of the site. If not specified, the default region will be used. |
authentication_mode | string (SiteAuthenticationMode) Default: "connector" Enum: "connector" "site" This value is un mutable can be chosen only on creation! |
successful operation.
name required | string [ 2 .. 700 ] A descriptive name of the site. |
id | string <uuid> A unique identifier of this site. Note: This field is required for any operation other than initial creation. |
kubernetes_persistent_volume_name | string (kubernetes_persistent_volume_name) Default: null A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate. |
connectors | Array of strings <uuid> IDs of all connectors included in this site. |
application_ids | Array of strings <uuid> IDs of all applications included in this site. |
connector_objects | Array of objects (Connector) |
site_status | object (SiteStatus) |
mute_health_notification | boolean Default: false Indication whether health notifications are enabled for this site. |
countCollections | integer <int32> The number of collections that are associated with this site. |
region | string The connectivity region of the site. If not specified, the default region will be used. |
authentication_mode | string (SiteAuthenticationMode) Default: "connector" Enum: "connector" "site" This value is un mutable can be chosen only on creation! |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Conflict - Value of one of the provided fields is already used by an existing object.
Internal Server Error.
{- "name": "DataCenterEurope",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420",
- "mute_health_notification": false,
- "region": "europe-west1",
- "authentication_mode": "connector"
}
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "name": "DataCenterEurope",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420",
- "connectors": [
- "2db3162f-b720-40d3-8067-345a5a25c9ec",
- "a784ec20-24b9-445b-877d-cbbd7f67c444"
], - "application_ids": [
- "2db3162f-b720-40d3-8067-345a5a25c9ec",
- "a784ec20-24b9-445b-877d-cbbd7f67c444"
], - "connector_objects": [
- {
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "name": "TestSite-Connector-3",
- "version": "2.5.1+964",
- "registered": true,
- "otp": null,
- "date_created": "2025-07-28T13:34:24Z",
- "date_registered": "2025-07-28T13:34:24Z",
- "date_otp_expire": "2025-07-28T13:34:24Z",
- "send_logs": false,
- "enabled": true,
- "connector_status": "StatusReady",
- "update_status": "UpdateFailed",
- "update_status_info": "error downloading new connector",
- "internal_ip": "10.10.10.1",
- "external_ip": "109.155.209.167",
- "hostname": "TestSite-Connector-3-Linux",
- "geo_location": "Microsoft Azure, Netherlands, Amsterdam",
- "deployment_type": "kubernetes",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
}
], - "site_status": {
- "ConnectorsUp": [
- {
- "Id": "72e508f9-33fd-4166-ae82-8a25b0e90915",
- "last_seen": "2019-02-24T12:05:51.000Z"
}, - {
- "Id": "d05ccd0f-0cec-4de2-a815-281169c9ca7b",
- "last_seen": "2019-02-24T12:05:51.000Z"
}
], - "ConnectorsDown": null,
- "ConnectorsNotConfigured": [
- {
- "Id": "50f4837b-ec1d-4cbd-aefa-5a54733f0558",
- "last_seen": "1901-01-01T00:00:00.000Z"
}
], - "ConnectorsDisabled": null,
- "Status": "not-configured"
}, - "mute_health_notification": false,
- "countCollections": 1,
- "region": "europe-west1",
- "authentication_mode": "connector"
}
Default server.
Return an array of paginated JSON objects. Each object represents a site configured in your Symantec ZTNA tenant.
The supported sort keys are either ‘name’ for sorting by site name.
Filter applies for the following fields: "name" and "description".
Using the query filter=test will return all the sites for which one or more of the above listed fields contain "test"
Filtering by Application ID may be applied - in such a case, Sites that are associated with this Application will be returned. If the
Application ID does not exist then an empty array is returned.
sort | string Default: "id,asc" Example: sort=name,desc The value of this parameter is a comma-separated list of sort key and sort direction. By default, query results are sorted in ascending order by item id. The supported sort directions are either 'asc' for ascending or 'desc' for descending. |
size | number <int32> <= 100 Default: 50 Example: size=10 The number of items returned in a single page. |
page | number <int32> The page number. |
filter | string Example: filter=test The string by which the results are filtered (see description) |
successful operation.
content | Array of objects (Site) |
first | boolean Indicates whether the current page is the first one. |
last | boolean Indicates whether the current page is the last one. |
size | integer <int32> Maximum number of elements per page. |
totalElements | integer <int32> Number of elements included in the response. |
totalPages | integer <int32> Number of pages included in the response. |
number | integer <int32> Page number |
numberOfElements | integer <int32> Number of elements in current page. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/sites?sort=name,desc&size=10&page=0&filter=test' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "content": [
- {
- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "name": "DataCenterEurope",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420",
- "connectors": [
- "2db3162f-b720-40d3-8067-345a5a25c9ec",
- "a784ec20-24b9-445b-877d-cbbd7f67c444"
], - "application_ids": [
- "2db3162f-b720-40d3-8067-345a5a25c9ec",
- "a784ec20-24b9-445b-877d-cbbd7f67c444"
], - "connector_objects": [
- {
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "name": "TestSite-Connector-3",
- "version": "2.5.1+964",
- "registered": true,
- "otp": null,
- "date_created": "2025-07-28T13:34:24Z",
- "date_registered": "2025-07-28T13:34:24Z",
- "date_otp_expire": "2025-07-28T13:34:24Z",
- "send_logs": false,
- "enabled": true,
- "connector_status": "StatusReady",
- "update_status": "UpdateFailed",
- "update_status_info": "error downloading new connector",
- "internal_ip": "10.10.10.1",
- "external_ip": "109.155.209.167",
- "hostname": "TestSite-Connector-3-Linux",
- "geo_location": "Microsoft Azure, Netherlands, Amsterdam",
- "deployment_type": "kubernetes",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
}
], - "site_status": {
- "ConnectorsUp": [
- {
- "Id": "72e508f9-33fd-4166-ae82-8a25b0e90915",
- "last_seen": "2019-02-24T12:05:51.000Z"
}, - {
- "Id": "d05ccd0f-0cec-4de2-a815-281169c9ca7b",
- "last_seen": "2019-02-24T12:05:51.000Z"
}
], - "ConnectorsDown": null,
- "ConnectorsNotConfigured": [
- {
- "Id": "50f4837b-ec1d-4cbd-aefa-5a54733f0558",
- "last_seen": "1901-01-01T00:00:00.000Z"
}
], - "ConnectorsDisabled": null,
- "Status": "not-configured"
}, - "mute_health_notification": false,
- "countCollections": 1,
- "region": "europe-west1",
- "authentication_mode": "connector"
}
], - "first": true,
- "last": true,
- "size": 50,
- "totalElements": 1,
- "totalPages": 1,
- "number": 0,
- "numberOfElements": 1
}
Default server.
Update an existing site in your Symantec ZTNA tenant.
site-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The site ID. |
name required | string [ 2 .. 700 ] A descriptive name of the site. |
kubernetes_persistent_volume_name | string (kubernetes_persistent_volume_name) Default: null A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate. |
mute_health_notification | boolean Default: false Indication whether health notifications are enabled for this site. |
region | string The connectivity region of the site. If not specified, the default region will be used. |
authentication_mode | string (SiteAuthenticationMode) Default: "connector" Enum: "connector" "site" This value is un mutable can be chosen only on creation! |
successful operation.
name required | string [ 2 .. 700 ] A descriptive name of the site. |
id | string <uuid> A unique identifier of this site. Note: This field is required for any operation other than initial creation. |
kubernetes_persistent_volume_name | string (kubernetes_persistent_volume_name) Default: null A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate. |
connectors | Array of strings <uuid> IDs of all connectors included in this site. |
application_ids | Array of strings <uuid> IDs of all applications included in this site. |
connector_objects | Array of objects (Connector) |
site_status | object (SiteStatus) |
mute_health_notification | boolean Default: false Indication whether health notifications are enabled for this site. |
countCollections | integer <int32> The number of collections that are associated with this site. |
region | string The connectivity region of the site. If not specified, the default region will be used. |
authentication_mode | string (SiteAuthenticationMode) Default: "connector" Enum: "connector" "site" This value is un mutable can be chosen only on creation! |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Conflict - Value of one of the provided fields is already used by an existing object.
Internal Server Error.
{- "name": "DataCenterEurope",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420",
- "mute_health_notification": false,
- "region": "europe-west1",
- "authentication_mode": "connector"
}
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "name": "DataCenterEurope",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420",
- "connectors": [
- "2db3162f-b720-40d3-8067-345a5a25c9ec",
- "a784ec20-24b9-445b-877d-cbbd7f67c444"
], - "application_ids": [
- "2db3162f-b720-40d3-8067-345a5a25c9ec",
- "a784ec20-24b9-445b-877d-cbbd7f67c444"
], - "connector_objects": [
- {
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "name": "TestSite-Connector-3",
- "version": "2.5.1+964",
- "registered": true,
- "otp": null,
- "date_created": "2025-07-28T13:34:25Z",
- "date_registered": "2025-07-28T13:34:25Z",
- "date_otp_expire": "2025-07-28T13:34:25Z",
- "send_logs": false,
- "enabled": true,
- "connector_status": "StatusReady",
- "update_status": "UpdateFailed",
- "update_status_info": "error downloading new connector",
- "internal_ip": "10.10.10.1",
- "external_ip": "109.155.209.167",
- "hostname": "TestSite-Connector-3-Linux",
- "geo_location": "Microsoft Azure, Netherlands, Amsterdam",
- "deployment_type": "kubernetes",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
}
], - "site_status": {
- "ConnectorsUp": [
- {
- "Id": "72e508f9-33fd-4166-ae82-8a25b0e90915",
- "last_seen": "2019-02-24T12:05:51.000Z"
}, - {
- "Id": "d05ccd0f-0cec-4de2-a815-281169c9ca7b",
- "last_seen": "2019-02-24T12:05:51.000Z"
}
], - "ConnectorsDown": null,
- "ConnectorsNotConfigured": [
- {
- "Id": "50f4837b-ec1d-4cbd-aefa-5a54733f0558",
- "last_seen": "1901-01-01T00:00:00.000Z"
}
], - "ConnectorsDisabled": null,
- "Status": "not-configured"
}, - "mute_health_notification": false,
- "countCollections": 1,
- "region": "europe-west1",
- "authentication_mode": "connector"
}
Default server.
Returns the details of a Site from your Symantec ZTNA tenant.
site-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The Site ID. |
successful operation.
name required | string [ 2 .. 700 ] A descriptive name of the site. |
id | string <uuid> A unique identifier of this site. Note: This field is required for any operation other than initial creation. |
kubernetes_persistent_volume_name | string (kubernetes_persistent_volume_name) Default: null A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate. |
connectors | Array of strings <uuid> IDs of all connectors included in this site. |
application_ids | Array of strings <uuid> IDs of all applications included in this site. |
connector_objects | Array of objects (Connector) |
site_status | object (SiteStatus) |
mute_health_notification | boolean Default: false Indication whether health notifications are enabled for this site. |
countCollections | integer <int32> The number of collections that are associated with this site. |
region | string The connectivity region of the site. If not specified, the default region will be used. |
authentication_mode | string (SiteAuthenticationMode) Default: "connector" Enum: "connector" "site" This value is un mutable can be chosen only on creation! |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/sites/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "name": "DataCenterEurope",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420",
- "connectors": [
- "2db3162f-b720-40d3-8067-345a5a25c9ec",
- "a784ec20-24b9-445b-877d-cbbd7f67c444"
], - "application_ids": [
- "2db3162f-b720-40d3-8067-345a5a25c9ec",
- "a784ec20-24b9-445b-877d-cbbd7f67c444"
], - "connector_objects": [
- {
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "name": "TestSite-Connector-3",
- "version": "2.5.1+964",
- "registered": true,
- "otp": null,
- "date_created": "2025-07-28T13:34:25Z",
- "date_registered": "2025-07-28T13:34:25Z",
- "date_otp_expire": "2025-07-28T13:34:25Z",
- "send_logs": false,
- "enabled": true,
- "connector_status": "StatusReady",
- "update_status": "UpdateFailed",
- "update_status_info": "error downloading new connector",
- "internal_ip": "10.10.10.1",
- "external_ip": "109.155.209.167",
- "hostname": "TestSite-Connector-3-Linux",
- "geo_location": "Microsoft Azure, Netherlands, Amsterdam",
- "deployment_type": "kubernetes",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
}
], - "site_status": {
- "ConnectorsUp": [
- {
- "Id": "72e508f9-33fd-4166-ae82-8a25b0e90915",
- "last_seen": "2019-02-24T12:05:51.000Z"
}, - {
- "Id": "d05ccd0f-0cec-4de2-a815-281169c9ca7b",
- "last_seen": "2019-02-24T12:05:51.000Z"
}
], - "ConnectorsDown": null,
- "ConnectorsNotConfigured": [
- {
- "Id": "50f4837b-ec1d-4cbd-aefa-5a54733f0558",
- "last_seen": "1901-01-01T00:00:00.000Z"
}
], - "ConnectorsDisabled": null,
- "Status": "not-configured"
}, - "mute_health_notification": false,
- "countCollections": 1,
- "region": "europe-west1",
- "authentication_mode": "connector"
}
Default server.
Delete a site from your Symantec ZTNA tenant.
site-id required | string <uuid> Example: 3c536623-4763-4f67-a45a-e88f3d08cdd5 Site ID. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
curl -X DELETE 'https://api.acme.luminatesec.com/v2/sites/3c536623-4763-4f67-a45a-e88f3d08cdd5' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Returns the health status of a site from your Symantec ZTNA tenant.
site-id required | string <uuid> Example: 3c536623-4763-4f67-a45a-e88f3d08cdd5 Site ID. |
successful operation.
ConnectorsUp | Array of objects (ConnectorLastSeen) A list of online connectors represented by their ID and their last communication date. |
ConnectorsDown | Array of objects (ConnectorLastSeen) A list of offline connectors represented by their ID and their last communication date. |
ConnectorsNotConfigured | Array of objects (ConnectorLastSeen) A list of connectors that were yet established initial communication with Symantec ZTNA Cloud Service. |
ConnectorsDisabled | Array of objects (ConnectorLastSeen) A list of disabled connectors (connectors that don't serve applications defined under the contained site). |
Status | string Enum: "online" "offline" "not-configured" Site health status. The site is online when there is at least one online connector. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/sites/3c536623-4763-4f67-a45a-e88f3d08cdd5/status' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "ConnectorsUp": [
- {
- "Id": "72e508f9-33fd-4166-ae82-8a25b0e90915",
- "last_seen": "2019-02-24T12:05:51.000Z"
}, - {
- "Id": "d05ccd0f-0cec-4de2-a815-281169c9ca7b",
- "last_seen": "2019-02-24T12:05:51.000Z"
}
], - "ConnectorsDown": null,
- "ConnectorsNotConfigured": [
- {
- "Id": "50f4837b-ec1d-4cbd-aefa-5a54733f0558",
- "last_seen": "1901-01-01T00:00:00.000Z"
}
], - "ConnectorsDisabled": null,
- "Status": "not-configured"
}
Default server.
Returns a list of available connectivity regions
successful operation.
name required | string (RegionName) The name of the region |
is_default required | boolean (RegionIsDefault) A boolean indicating if the region is the default region |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/regions' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
[- {
- "name": "us-west1",
- "is_default": true
}
]
Default server.
Returns details of a connectivity region
region-name required | string Example: us-west1 Region name |
successful operation.
name required | string (RegionName) The name of the region |
is_default required | boolean (RegionIsDefault) A boolean indicating if the region is the default region |
Bad Request - The server cannot or will not process the request due to an apparent client error.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/regions/{region_name}' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "name": "us-west1",
- "is_default": true
}
Registration Keys are available for sites with authentication_mode
set to Site
.
which is primarily designed for managed container orchestrators (e.g., Kubernetes, Fargate),
but is also compatible with environments where Connector
mode is currently being used.
• A registration key acts as a long-lived token associated with the site.
• The key is shown only once upon creation, and it is the user’s responsibility to store it securely in a secret manager.
• The token is reusable and allows the creation of new Connector entities upon registration.
• The Connector Container uses this token, passed as an environment variable, to register itself.
• Resiliency is ensured as the container dynamically handles the Connector creation and deletion
• Persistent storage is not required, and direct Connector creation via API is disabled in this mode.
A site can have up to two active registration keys at a time:
One primary key, and the second (if exists) is a temporarily active key
Default server.
Returns the site's registration keys list.
site-id required | string <uuid> Example: 3c536623-4763-4f67-a45a-e88f3d08cdd5 Site ID. |
successful operation.
registration_keys | Array of objects (SiteRegistrationKey) |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/sites/3c536623-4763-4f67-a45a-e88f3d08cdd5/registration_keys' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "registration_keys": [
- {
- "id": "string",
- "date_created": "1985-04-12T23:20:50.52Z",
- "last_used": "2025-07-28T13:34:25Z",
- "expiration_date": "2025-07-28T13:34:25Z",
- "status": "active"
}
]
}
Default server.
Rotates the site's registration keys.
If no registration key exists, the first request generates one.
Future rotation requests replace the primary key.
site-id required | string <uuid> Example: 3c536623-4763-4f67-a45a-e88f3d08cdd5 Site ID. |
revoke_immediately | boolean Default: false true: → |
successful operation.
registration_key_id | string <uuid> |
registration_key | string |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
{- "revoke_immediately": false
}
{- "registration_key_id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "registration_key": "string"
}
Default server.
Cleans the site's registration keys list.
site-id required | string <uuid> Example: 3c536623-4763-4f67-a45a-e88f3d08cdd5 Site ID. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
curl -X DELETE 'https://api.acme.luminatesec.com/v2/sites/3c536623-4763-4f67-a45a-e88f3d08cdd5/registration_keys' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
A connector is a lightweight piece of software connecting your site to the Symantec ZTNA platform.
Default server.
Creates a Connector in your Symantec ZTNA tenant. To complete configuring the Symantec ZTNA connector, you should retrieve the deployment command using Connector Deployment Command API and execute it on the target machine.
bind_to_site_id required | string <uuid> Example: bind_to_site_id=6fd0a892-8b70-471a-9dd7-bf374b07451f The ID of the site that should contain this connector. |
name required | string >= 1 A descriptive name of the Connector. |
deployment_type required | string (DeploymentType) Enum: "windows" "linux" "docker-compose" "kubernetes" The deployment type of the host running the Symantec ZTNA connector. |
send_logs | boolean Default: false Indicates whether to set connector debug log level to the highest one. |
enabled | boolean Default: true Indicates whether the connector serves applications defined under the contained site. A disabled connector still communicates with Symantec ZTNA cloud service to support enabling it later on. |
kubernetes_persistent_volume_name | string (kubernetes_persistent_volume_name) Default: null A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate. |
successful operation.
name required | string >= 1 A descriptive name of the Connector. |
deployment_type required | string (DeploymentType) Enum: "windows" "linux" "docker-compose" "kubernetes" The deployment type of the host running the Symantec ZTNA connector. |
id | string <uuid> A unique identifier of this connector. Note: This field is required for any operation other than initial creation. |
version | string The version of the running connector. This version equals to or higher than container_version. |
registered | boolean Indicates whether the connector has already established a successful handshake with the Symantec ZTNA Cloud. |
otp | string When initiated, the Symantec ZTNA Connector receives an ephemeral OTP, allowing it to establish initial communication. with Symantec ZTNA Cloud Service and pull a TLS Certificate to be used for further communications. This property holds an empty value after the connector establishes a successful handshake with the Symantec ZTNA Cloud. |
date_created | string <date-time> Connector creation date. |
date_registered | string <date-time> The date when the connector established a successful handshake with the Symantec ZTNA Cloud. |
date_otp_expire | string <date-time> The date when the connector OTP expires. By default OTP is valid for 24 hours after connector creation date. |
send_logs | boolean Default: false Indicates whether to set connector debug log level to the highest one. |
enabled | boolean Default: true Indicates whether the connector serves applications defined under the contained site. A disabled connector still communicates with Symantec ZTNA cloud service to support enabling it later on. |
connector_status | string Enum: "StatusUndefined" "StatusReady" "StatusDownloadStarted" "StatusDownloadCompleted" "StatusMigrationStarted" "StatusMigrationCompleted" "StatusExecuteStarted" "StatusExecuteCompleted" "StatusRetired" "StatusFailed" "StatusRetireStarted" |
update_status | string Enum: "UpToDate" "UpdateAvailable" "UpdateStarted" "UpdateCompleted" "UpdateFailed" Indicates the connector upgrade status: |
update_status_info | string A detailed description of the connector upgrade failure reason in case a recent upgrade has failed. |
internal_ip | string The internal IP address of the host running the Symantec ZTNA connector container. |
external_ip | string The IP address used by Symantec ZTNA connector to address Symantec ZTNA cloud. |
hostname | string The name of the host running the Symantec ZTNA connector container. |
geo_location | string Geo location based on the external-ip, including the hosted cloud service if applicable. |
kubernetes_persistent_volume_name | string (kubernetes_persistent_volume_name) Default: null A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Conflict - Value of one of the provided fields is already used by an existing object.
Internal Server Error.
{- "name": "TestSite-Connector-3",
- "send_logs": false,
- "enabled": true,
- "deployment_type": "kubernetes",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
}
{- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "name": "TestSite-Connector-3",
- "version": "2.5.1+964",
- "registered": true,
- "otp": null,
- "date_created": "2025-07-28T13:34:25Z",
- "date_registered": "2025-07-28T13:34:25Z",
- "date_otp_expire": "2025-07-28T13:34:25Z",
- "send_logs": false,
- "enabled": true,
- "connector_status": "StatusReady",
- "update_status": "UpdateFailed",
- "update_status_info": "error downloading new connector",
- "internal_ip": "10.10.10.1",
- "external_ip": "109.155.209.167",
- "hostname": "TestSite-Connector-3-Linux",
- "geo_location": "Microsoft Azure, Netherlands, Amsterdam",
- "deployment_type": "kubernetes",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
}
Default server.
Return an array of paginated JSON objects. Each object represents a connector configured in your Symantec ZTNA tenant.
The supported sort keys are either ‘name’ for sorting by connector name or ‘id’ for sorting by connector id.
Filter applies for the following fields: "name", "internal-address", "external-address", "custom-domain" and "custom-root-path".
Using the query filter=test will return all the connectors for which one or more of the above listed fields contain "test".
sort | string Default: "id,asc" Example: sort=name,desc The value of this parameter is a comma-separated list of sort key and sort direction. By default, query results are sorted in ascending order by item id. The supported sort directions are either 'asc' for ascending or 'desc' for descending. |
size | number <int32> <= 100 Default: 50 Example: size=10 The number of items returned in a single page. |
page | number <int32> The page number. |
filter | string Example: filter=test The string by which the results are filtered (see description) |
successful operation.
content | Array of objects (Connector) |
first | boolean Indicates whether the current page is the first one. |
last | boolean Indicates whether the current page is the last one. |
size | integer <int32> Maximum number of elements per page. |
totalElements | integer <int32> Number of elements included in the response. |
totalPages | integer <int32> Number of pages included in the response. |
number | integer <int32> Page number |
numberOfElements | integer <int32> Number of elements in current page. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/connectors?sort=name,desc&size=10&page=0&filter=test' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "content": [
- {
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "name": "TestSite-Connector-3",
- "version": "2.5.1+964",
- "registered": true,
- "otp": null,
- "date_created": "2025-07-28T13:34:25Z",
- "date_registered": "2025-07-28T13:34:25Z",
- "date_otp_expire": "2025-07-28T13:34:25Z",
- "send_logs": false,
- "enabled": true,
- "connector_status": "StatusReady",
- "update_status": "UpdateFailed",
- "update_status_info": "error downloading new connector",
- "internal_ip": "10.10.10.1",
- "external_ip": "109.155.209.167",
- "hostname": "TestSite-Connector-3-Linux",
- "geo_location": "Microsoft Azure, Netherlands, Amsterdam",
- "deployment_type": "kubernetes",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
}
], - "first": true,
- "last": true,
- "size": 50,
- "totalElements": 1,
- "totalPages": 1,
- "number": 0,
- "numberOfElements": 1
}
Default server.
Returns the details of a Connector from your Symantec ZTNA tenant.
connector-id required | string <uuid> Example: 18837193-a81a-400f-b38d-482379e3ab47 Connector ID. |
successful operation.
name required | string >= 1 A descriptive name of the Connector. |
deployment_type required | string (DeploymentType) Enum: "windows" "linux" "docker-compose" "kubernetes" The deployment type of the host running the Symantec ZTNA connector. |
id | string <uuid> A unique identifier of this connector. Note: This field is required for any operation other than initial creation. |
version | string The version of the running connector. This version equals to or higher than container_version. |
registered | boolean Indicates whether the connector has already established a successful handshake with the Symantec ZTNA Cloud. |
otp | string When initiated, the Symantec ZTNA Connector receives an ephemeral OTP, allowing it to establish initial communication. with Symantec ZTNA Cloud Service and pull a TLS Certificate to be used for further communications. This property holds an empty value after the connector establishes a successful handshake with the Symantec ZTNA Cloud. |
date_created | string <date-time> Connector creation date. |
date_registered | string <date-time> The date when the connector established a successful handshake with the Symantec ZTNA Cloud. |
date_otp_expire | string <date-time> The date when the connector OTP expires. By default OTP is valid for 24 hours after connector creation date. |
send_logs | boolean Default: false Indicates whether to set connector debug log level to the highest one. |
enabled | boolean Default: true Indicates whether the connector serves applications defined under the contained site. A disabled connector still communicates with Symantec ZTNA cloud service to support enabling it later on. |
connector_status | string Enum: "StatusUndefined" "StatusReady" "StatusDownloadStarted" "StatusDownloadCompleted" "StatusMigrationStarted" "StatusMigrationCompleted" "StatusExecuteStarted" "StatusExecuteCompleted" "StatusRetired" "StatusFailed" "StatusRetireStarted" |
update_status | string Enum: "UpToDate" "UpdateAvailable" "UpdateStarted" "UpdateCompleted" "UpdateFailed" Indicates the connector upgrade status: |
update_status_info | string A detailed description of the connector upgrade failure reason in case a recent upgrade has failed. |
internal_ip | string The internal IP address of the host running the Symantec ZTNA connector container. |
external_ip | string The IP address used by Symantec ZTNA connector to address Symantec ZTNA cloud. |
hostname | string The name of the host running the Symantec ZTNA connector container. |
geo_location | string Geo location based on the external-ip, including the hosted cloud service if applicable. |
kubernetes_persistent_volume_name | string (kubernetes_persistent_volume_name) Default: null A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/connectors/18837193-a81a-400f-b38d-482379e3ab47' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "name": "TestSite-Connector-3",
- "version": "2.5.1+964",
- "registered": true,
- "otp": null,
- "date_created": "2025-07-28T13:34:25Z",
- "date_registered": "2025-07-28T13:34:25Z",
- "date_otp_expire": "2025-07-28T13:34:25Z",
- "send_logs": false,
- "enabled": true,
- "connector_status": "StatusReady",
- "update_status": "UpdateFailed",
- "update_status_info": "error downloading new connector",
- "internal_ip": "10.10.10.1",
- "external_ip": "109.155.209.167",
- "hostname": "TestSite-Connector-3-Linux",
- "geo_location": "Microsoft Azure, Netherlands, Amsterdam",
- "deployment_type": "kubernetes",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
}
Default server.
Delete the connector from the contained site in your Symantec ZTNA tenant.
In order to complete the action the connector container that runs in the corresponding datacenter should be removed.
connector-id required | string <uuid> Example: 18837193-a81a-400f-b38d-482379e3ab47 Connector ID. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
curl -X DELETE 'https://api.acme.luminatesec.com/v2/connectors/18837193-a81a-400f-b38d-482379e3ab47' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Returns the command for deploying Symantec ZTNA connector as a docker image. This endpoint is valid for connectors of version 2.5.10 and higher. The command is generated based on the deployment_type that was set for the connector: windows / linux / docker-compose / Kubernetes. Executing the command on the target machine is the last step in configuring the Symantec ZTNA Connector.
connector-id required | string <uuid> Example: 18837193-a81a-400f-b38d-482379e3ab47 Connector ID. |
successful operation.
deployment_commands | string |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/connectors/18837193-a81a-400f-b38d-482379e3ab47/command' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "deployment_commands": "sudo docker run --ulimit nofile=2048 -e ENDPOINT_URL='acme.luminatesite.com' \\\n-e TENANT_IDENTIFIER='12f3e95861234567a123a7c582a0a51f_acme' \\ --network=host \\\n-d \\ --name='TestSite-Connector-3' \\ --restart=on-failure \\ -e HTTPS_SKIP_CERT_VERIFY='true' \\\n-e OTP='2d1e1bfa-1234-41bf-a805-a3d1aa7eb5d1' \\ -e LOG_LEVEL=debug \\ -e DISABLE_ERROR_TRACKER=true \\\nluminate/connector:2.5.8\n"
}
Default server.
Returns the set of environment variables required for deployed connector in a conveniently JSON format. Applicable for all connector types that was set for the connector: windows / linux / docker-compose / Kubernetes.
connector-id required | string <uuid> Example: 18837193-a81a-400f-b38d-482379e3ab47 Connector ID. |
successful operation.
container_name | string |
environment_variables | Array of objects An array of environment variables |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/connectors/18837193-a81a-400f-b38d-482379e3ab47/environment_variables' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "container_name": "TestSite-Connector-3",
- "environment_variables": [
- {
- "name": "ENDPOINT_URL",
- "value": "acme.luminatesec.com"
}, - {
- "name": "TENANT_IDENTIFIER",
- "value": "12f3e95861234567a123a7c582a0a51f_acme"
}, - {
- "name": "HTTPS_SKIP_CERT_VERIFY",
- "value": true
}, - {
- "name": "OTP",
- "value": "2d1e1bfa-1234-41bf-a805-a3d1aa7eb5d1"
}, - {
- "name": "LOG_LEVEL",
- "value": "debug"
}, - {
- "name": "DISABLE_ERROR_TRACKER",
- "value": true
}
]
}
Default server.
Returns the latest connector version available for the tenant
successful operation.
connector_version | string |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/connectors/version' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "connector_version": "2.5.8"
}
Default server.
Creates an application in your Symantec ZTNA tenant.
Note: To allow access to a newly created application, you should have a Site defined and Symantec ZTNA Connectors deployed, as well as access policy, this application assigned to. You can then assign the application to the required site using Bind Application to Site API. You can assign the application to the policy using Assign Application to policies.
name required | string [ 2 .. 40 ] A descriptive name of the application. |
id required | string <uuid> (ApplicationID) A unique identifier of the application. Note: This field is required for any operation other than initial creation. |
type required | string (ApplicationType) DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications. SSH |
connectionSettings required | object (ApplicationConnectionSettingsSSH) |
icon | string Nullable Default: null Base64 representation of the icon file, size should be up to 40x40 pixels. |
isVisible | boolean Nullable Default: true Indicates whether to show this application in the applications portal. |
isNotificationEnabled | boolean Nullable Default: true Indicates whether notifications are enabled for this application. |
enabled | boolean Nullable Default: true Indicates the application status configured by Admin (enabled/disabled). |
collectionId | string <uuid> Nullable A unique identifier of the collection assigned to application. Note: if field not provided application will created on default collection. |
successful operation.
name required | string [ 2 .. 40 ] A descriptive name of the application. |
id required | string <uuid> (ApplicationID) A unique identifier of the application. Note: This field is required for any operation other than initial creation. |
type required | string (ApplicationType) Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" "DNS" DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications. |
connectionSettings required | object (ApplicationConnectionSettings) |
createdOn | number Application creation date, epoch time in milliseconds. Note: This field is automatically populated. |
modifiedOn | number Application last modification date, epoch time in milliseconds. Note: This field is automatically populated. |
icon | string Nullable Default: null Base64 representation of the icon file, size should be up to 40x40 pixels. |
isVisible | boolean Nullable Default: true Indicates whether to show this application in the applications portal. |
isNotificationEnabled | boolean Nullable Default: true Indicates whether notifications are enabled for this application. |
enabled | boolean Nullable Default: true Indicates the application status configured by Admin (enabled/disabled). |
health | object (ApplicationHealth) |
collectionId | string <uuid> Nullable A unique identifier of the collection assigned to application. Note: if field not provided application will created on default collection. |
subType | string (ApplicationSubType) Enum: "HTTP_LUMINATE_DOMAIN" "HTTP_CUSTOM_DOMAIN" "HTTP_WILDCARD_DOMAIN" "SINGLE_MACHINE" "MULTIPLE_MACHINES" "SEGMENT_SPECIFIC_IPS" "SEGMENT_RANGE" "RDP_BROWSER_SINGLE_MACHINE" "RDP_BROWSER_MULTIPLE_MACHINES" Valid sub-types for HTTP applications: |
linkTranslationSettings | object (ApplicationLinkTranslationSettings) |
requestCustomizationSettings | object (ApplicationRequestCustomizationSettings) |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Conflict - Value of one of the provided fields is already used by an existing object.
Internal Server Error.
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "name": "TestApplication",
- "type": "SSH",
- "icon": null,
- "isVisible": true,
- "isNotificationEnabled": true,
- "enabled": true,
- "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "connectionSettings": {
- "internalAddress": "tcp://127.0.0.1:22",
- "externalAddress": "testapp.acme.luminatesec.com",
- "luminateAddress": "testapp.acme.luminatesec.com",
- "subdomain": null
}
}
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "name": "TestApplication",
- "type": "HTTP",
- "createdOn": 1539000953351,
- "modifiedOn": 1539000956235,
- "icon": null,
- "isVisible": true,
- "isNotificationEnabled": true,
- "enabled": true,
- "health": {
- "applicationId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "status": "PartiallyAvailable",
- "cause": "Some connector fail to expose application",
- "lastUpdatedOn": 1539680482000,
- "totalNumberOfConnectors": 2,
- "lastAvailableOn": 1539680482000
}, - "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "subType": "HTTP_LUMINATE_DOMAIN",
- "connectionSettings": {
- "subdomain": null,
- "customExternalAddress": null,
- "customRootPath": null,
- "healthUrl": "/HealthCheck",
- "healthMethod": "Head",
- "customSSLCertificate": null,
- "wildcardPrivateKey": null
}, - "linkTranslationSettings": {
- "isDefaultContentRewriteRulesEnabled": true,
- "isDefaultHeaderRewriteRulesEnabled": true,
- "useExternalAddressForHostAndSni": false,
- "linkedApplications": [ ]
}, - "requestCustomizationSettings": {
- "headerCustomization": "X-Forwarded-For: '$SOURCEIP$'\nX-Forwarded-Host: '$ORIGINALHOST$'\nX-Forwarded-Proto: '$PROTOCOL$'\nX-EMAIL-ADDRESS: '$EMAIL$'\n"
}, - "ApplicationHTTP": "ApplicationHTTP"
}
Default server.
Return an array of paginated JSON objects. Each object represents an application configured in your Symantec ZTNA tenant.
The supported sort keys are either ‘name’ for sorting by application name or ‘id’ for sorting by application id.
Filter applies for the following fields: "name", "internal-address", "external-address", "custom-domain" and "custom-root-path".
Using the query filter=testapp will return all the applications for which one or more of the above listed fields contain "testapp"
sort | string Default: "id,asc" Example: sort=name,desc The value of this parameter is a comma-separated list of sort key and sort direction. By default, query results are sorted in ascending order by item id. The supported sort directions are either 'asc' for ascending or 'desc' for descending. |
size | number <int32> <= 100 Default: 50 Example: size=10 The number of items returned in a single page. |
page | number <int32> The page number. |
filter | string Example: filter=test The string by which the results are filtered (see description) |
type | string Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" Example: type=HTTP Application type by which the results are filtered. |
siteId | string <uuid> Example: siteId=5fa7bfe9e312345bce28f0a2ad9698b8 Site ID by which the results are filtered. |
successful operation.
content | Array of objects (Application) |
sort | Array of objects (ApplicationSort) Response sorting techniques. |
first | boolean Indicates whether the current page is the first one. |
last | boolean Indicates whether the current page is the last one. |
size | integer <int32> Maximum number of elements per page. |
totalElements | integer <int32> Number of elements included in the response. |
totalPages | integer <int32> Number of pages included in the response. |
number | integer <int32> Page number |
numberOfElements | integer <int32> Number of elements in current page. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/applications?sort=name,desc&size=10&page=0&filter=test&type=HTTP&siteId=5fa7bfe9e312345bce28f0a2ad9698b8' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "content": [
- {
- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "name": "TestApplication",
- "type": "HTTP",
- "createdOn": 1539000953351,
- "modifiedOn": 1539000956235,
- "icon": null,
- "isVisible": true,
- "isNotificationEnabled": true,
- "enabled": true,
- "health": {
- "applicationId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "status": "PartiallyAvailable",
- "cause": "Some connector fail to expose application",
- "lastUpdatedOn": 1539680482000,
- "totalNumberOfConnectors": 2,
- "lastAvailableOn": 1539680482000
}, - "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "subType": "HTTP_LUMINATE_DOMAIN",
- "connectionSettings": {
- "subdomain": null,
- "customExternalAddress": null,
- "customRootPath": null,
- "healthUrl": "/HealthCheck",
- "healthMethod": "Head",
- "customSSLCertificate": null,
- "wildcardPrivateKey": null
}, - "linkTranslationSettings": {
- "isDefaultContentRewriteRulesEnabled": true,
- "isDefaultHeaderRewriteRulesEnabled": true,
- "useExternalAddressForHostAndSni": false,
- "linkedApplications": [ ]
}, - "requestCustomizationSettings": {
- "headerCustomization": "X-Forwarded-For: '$SOURCEIP$'\nX-Forwarded-Host: '$ORIGINALHOST$'\nX-Forwarded-Proto: '$PROTOCOL$'\nX-EMAIL-ADDRESS: '$EMAIL$'\n"
}, - "tcpTunnelSettings": [
- {
- "target": "127.0.0.1",
- "ports": [
- 80,
- 8080
]
}, - {
- "target": "127.0.0.2",
- "ports": [
- 80,
- 8080
]
}
], - "cloudIntegrationData": {
- "tags": [
- {
- "key": "key1",
- "value": "value1"
}, - {
- "key": "key2",
- "value": "value2"
}
], - "segmentId": "bd3e5b97-3521-4f08-b7b1-9970a47fd984",
- "vpcs": [
- {
- "id": "5fa7bfe9e312345bce28f0a2ad9698b8",
- "vpc": "vpc-ab123456",
- "region": "eu-west-1",
- "cidr_block": "194.24.0.0/16",
- "integration_id": "0c0aa97c-0f47-1234-80cc-5fedc03ea4c7",
- "integration_name": "acmeAws"
}, - {
- "id": "ad12345eac234b66b00b6f35de23ba0e",
- "vpc": "vpc-ed123456",
- "region": "eu-west-1",
- "cidr_block": "194.24.0.0/16",
- "integration_id": "0c0aa97c-0f47-1234-80cc-5fedc03ea4c7",
- "integration_name": "acmeAws"
}
]
}, - "segmentSettings": {
- "originalIp": "string"
}, - "multipleSegmentSettings": [
- {
- "originalIp": "10.0.0.0"
}
]
}
], - "sort": [
- {
- "direction": "asc",
- "property": "name",
- "ignoreCase": false,
- "nullHandling": 1,
- "ascending": true,
- "descending": false
}
], - "first": true,
- "last": true,
- "size": 50,
- "totalElements": 1,
- "totalPages": 1,
- "number": 0,
- "numberOfElements": 1
}
Default server.
Returns the details of an Application from your Symantec ZTNA tenant.
application-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f Application ID. |
successful operation.
name required | string [ 2 .. 40 ] A descriptive name of the application. |
id required | string <uuid> (ApplicationID) A unique identifier of the application. Note: This field is required for any operation other than initial creation. |
type required | string (ApplicationType) Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" "DNS" DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications. |
connectionSettings required | object (ApplicationConnectionSettings) |
createdOn | number Application creation date, epoch time in milliseconds. Note: This field is automatically populated. |
modifiedOn | number Application last modification date, epoch time in milliseconds. Note: This field is automatically populated. |
icon | string Nullable Default: null Base64 representation of the icon file, size should be up to 40x40 pixels. |
isVisible | boolean Nullable Default: true Indicates whether to show this application in the applications portal. |
isNotificationEnabled | boolean Nullable Default: true Indicates whether notifications are enabled for this application. |
enabled | boolean Nullable Default: true Indicates the application status configured by Admin (enabled/disabled). |
health | object (ApplicationHealth) |
collectionId | string <uuid> Nullable A unique identifier of the collection assigned to application. Note: if field not provided application will created on default collection. |
subType | string (ApplicationSubType) Enum: "HTTP_LUMINATE_DOMAIN" "HTTP_CUSTOM_DOMAIN" "HTTP_WILDCARD_DOMAIN" "SINGLE_MACHINE" "MULTIPLE_MACHINES" "SEGMENT_SPECIFIC_IPS" "SEGMENT_RANGE" "RDP_BROWSER_SINGLE_MACHINE" "RDP_BROWSER_MULTIPLE_MACHINES" Valid sub-types for HTTP applications: |
linkTranslationSettings | object (ApplicationLinkTranslationSettings) |
requestCustomizationSettings | object (ApplicationRequestCustomizationSettings) |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/applications/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "name": "TestApplication",
- "type": "HTTP",
- "createdOn": 1539000953351,
- "modifiedOn": 1539000956235,
- "icon": null,
- "isVisible": true,
- "isNotificationEnabled": true,
- "enabled": true,
- "health": {
- "applicationId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "status": "PartiallyAvailable",
- "cause": "Some connector fail to expose application",
- "lastUpdatedOn": 1539680482000,
- "totalNumberOfConnectors": 2,
- "lastAvailableOn": 1539680482000
}, - "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "subType": "HTTP_LUMINATE_DOMAIN",
- "connectionSettings": {
- "subdomain": null,
- "customExternalAddress": null,
- "customRootPath": null,
- "healthUrl": "/HealthCheck",
- "healthMethod": "Head",
- "customSSLCertificate": null,
- "wildcardPrivateKey": null
}, - "linkTranslationSettings": {
- "isDefaultContentRewriteRulesEnabled": true,
- "isDefaultHeaderRewriteRulesEnabled": true,
- "useExternalAddressForHostAndSni": false,
- "linkedApplications": [ ]
}, - "requestCustomizationSettings": {
- "headerCustomization": "X-Forwarded-For: '$SOURCEIP$'\nX-Forwarded-Host: '$ORIGINALHOST$'\nX-Forwarded-Proto: '$PROTOCOL$'\nX-EMAIL-ADDRESS: '$EMAIL$'\n"
}, - "ApplicationHTTP": "ApplicationHTTP"
}
Default server.
Update an existing application in your Symantec ZTNA tenant.
application-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f Application ID. |
name required | string [ 2 .. 40 ] A descriptive name of the application. |
id required | string <uuid> (ApplicationID) A unique identifier of the application. Note: This field is required for any operation other than initial creation. |
type required | string (ApplicationType) DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications. SSH |
connectionSettings required | object (ApplicationConnectionSettingsSSH) |
icon | string Nullable Default: null Base64 representation of the icon file, size should be up to 40x40 pixels. |
isVisible | boolean Nullable Default: true Indicates whether to show this application in the applications portal. |
isNotificationEnabled | boolean Nullable Default: true Indicates whether notifications are enabled for this application. |
enabled | boolean Nullable Default: true Indicates the application status configured by Admin (enabled/disabled). |
collectionId | string <uuid> Nullable A unique identifier of the collection assigned to application. Note: if field not provided application will created on default collection. |
successful operation.
name required | string [ 2 .. 40 ] A descriptive name of the application. |
id required | string <uuid> (ApplicationID) A unique identifier of the application. Note: This field is required for any operation other than initial creation. |
type required | string (ApplicationType) Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" "DNS" DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications. |
connectionSettings required | object (ApplicationConnectionSettings) |
createdOn | number Application creation date, epoch time in milliseconds. Note: This field is automatically populated. |
modifiedOn | number Application last modification date, epoch time in milliseconds. Note: This field is automatically populated. |
icon | string Nullable Default: null Base64 representation of the icon file, size should be up to 40x40 pixels. |
isVisible | boolean Nullable Default: true Indicates whether to show this application in the applications portal. |
isNotificationEnabled | boolean Nullable Default: true Indicates whether notifications are enabled for this application. |
enabled | boolean Nullable Default: true Indicates the application status configured by Admin (enabled/disabled). |
health | object (ApplicationHealth) |
collectionId | string <uuid> Nullable A unique identifier of the collection assigned to application. Note: if field not provided application will created on default collection. |
subType | string (ApplicationSubType) Enum: "HTTP_LUMINATE_DOMAIN" "HTTP_CUSTOM_DOMAIN" "HTTP_WILDCARD_DOMAIN" "SINGLE_MACHINE" "MULTIPLE_MACHINES" "SEGMENT_SPECIFIC_IPS" "SEGMENT_RANGE" "RDP_BROWSER_SINGLE_MACHINE" "RDP_BROWSER_MULTIPLE_MACHINES" Valid sub-types for HTTP applications: |
linkTranslationSettings | object (ApplicationLinkTranslationSettings) |
requestCustomizationSettings | object (ApplicationRequestCustomizationSettings) |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Conflict - Value of one of the provided fields is already used by an existing object.
Internal Server Error.
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "name": "TestApplication",
- "type": "SSH",
- "icon": null,
- "isVisible": true,
- "isNotificationEnabled": true,
- "enabled": true,
- "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "connectionSettings": {
- "internalAddress": "tcp://127.0.0.1:22",
- "externalAddress": "testapp.acme.luminatesec.com",
- "luminateAddress": "testapp.acme.luminatesec.com",
- "subdomain": null
}
}
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "name": "TestApplication",
- "type": "HTTP",
- "createdOn": 1539000953351,
- "modifiedOn": 1539000956235,
- "icon": null,
- "isVisible": true,
- "isNotificationEnabled": true,
- "enabled": true,
- "health": {
- "applicationId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "status": "PartiallyAvailable",
- "cause": "Some connector fail to expose application",
- "lastUpdatedOn": 1539680482000,
- "totalNumberOfConnectors": 2,
- "lastAvailableOn": 1539680482000
}, - "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "subType": "HTTP_LUMINATE_DOMAIN",
- "connectionSettings": {
- "subdomain": null,
- "customExternalAddress": null,
- "customRootPath": null,
- "healthUrl": "/HealthCheck",
- "healthMethod": "Head",
- "customSSLCertificate": null,
- "wildcardPrivateKey": null
}, - "linkTranslationSettings": {
- "isDefaultContentRewriteRulesEnabled": true,
- "isDefaultHeaderRewriteRulesEnabled": true,
- "useExternalAddressForHostAndSni": false,
- "linkedApplications": [ ]
}, - "requestCustomizationSettings": {
- "headerCustomization": "X-Forwarded-For: '$SOURCEIP$'\nX-Forwarded-Host: '$ORIGINALHOST$'\nX-Forwarded-Proto: '$PROTOCOL$'\nX-EMAIL-ADDRESS: '$EMAIL$'\n"
}, - "ApplicationHTTP": "ApplicationHTTP"
}
Default server.
Delete an application from your Symantec ZTNA tenant.
application-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f Application ID. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
curl -X DELETE 'https://api.acme.luminatesec.com/v2/applications/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Bind your Application to an existing Site in your Symantec ZTNA tenant.
application-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f Application ID. |
site-id required | string <uuid> Example: 3c536623-4763-4f67-a45a-e88f3d08cdd5 Site ID. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
null
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Returns the health status of the given Application from your Symantec ZTNA tenant.
application-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f Application ID. |
successful operation.
applicationId | string <uuid> |
status | string Enum: "Available" "Unavailable" "Pending" "PartiallyAvailable" The application accessibility status. |
cause | string Root cause for status different than "Available". |
lastUpdatedOn | number Date when Application health was last updated on, epoch time in milliseconds. |
totalNumberOfConnectors | integer <int32> The number of connectors that expose the application regardless of their health status. |
lastAvailableOn | number Date when Application was last available, epoch time in milliseconds. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/applications/6fd0a892-8b70-471a-9dd7-bf374b07451f/status' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "applicationId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "status": "PartiallyAvailable",
- "cause": "Some connector fail to expose application",
- "lastUpdatedOn": 1539680482000,
- "totalNumberOfConnectors": 2,
- "lastAvailableOn": 1539680482000
}
Symantec ZTNA continuously enforce contextual access and activity policies to control access to resources and restrict user’s actions within resources, based on the user/device context (such as the user’s group membership, user’s location, MFA status and managed/unmanaged device status) and the requested resource.
Policy Evaluation
For each access request, Symantec ZTNA processes the policies against the request context
(user, device and the requested resource) to calculate the effective policies and to
determine whether the request should be allowed or denied.
If no access policy could be matched, the access is blocked.
Access Policy configuration
When defining an access policy, the following configuration is supported:
Default server.
Creates an Access / Activity Policy in your Symantec ZTNA tenant.
type required | string (PolicyType) Determines the policy type:
ACCESS |
targetProtocol required | string (PolicyTargetProtocol) Enum: "HTTP" "SSH" "RDP" "TCP" |
name required | string A descriptive name of the policy. The name must be unique. |
targetProtocolSubType | string (PolicyTargetProtocolSubType) Enum: "RDP_BROWSER" "RDP_NATIVE" Valid sub-types for Policies: If no value is given then a default value is set to RDP_NATIVE. |
id | string <uuid> A unique identifier of the policy. |
enabled | boolean Indicates whether this policy is enabled. |
collectionId | string <uuid> Nullable A unique identifier of the collection assigned to policy. Note: if field not provided policy will created on default collection. |
directoryEntities | Array of objects (DirectoryEntity) The entities to which this policy applies. |
applications | Array of objects (ApplicationBase) The applications to which this policy applies. |
filterConditions | Array of objects (PolicyCondition) Filter conditions that specify the context of the user and the device in which the policy will apply. This Context includes information about the source IP address, source location and source device. The policy is effective only when ALL conditions are satisfied (evaluate to TRUE). Conditions are formed by using properties of the request context and describing their required state. For example, source IP should be one of the listed IP addresses. To retrieve the supported conditions use Get Supported Conditions API. |
timeSettingsType | string Default: "permanent" Enum: "permanent" "temporary" "working_hours" configures the time settings type for the policy. |
Status | string Indicates the policy status |
validators | object The controls you want to enforce as a prerequisite for granting access to the requested resource. Examples are Multi-factor authentication and Web Verification. To configure the required controls, you should retrieve the supported validators IDs by using Get Supported Validators and set the proper ones to TRUE. Note: Applicable for policies of type ACCESS only. |
rdpSettings | object (PolicyRDPSettings) Policy settings that are specific to applications of type RDP |
sshSettings | object (PolicySSHSettings) Policy settings that are specific to applications of type SSH |
tcpSettings | object (PolicyTCPSettings) Policy settings that are specific to applications of type RDP |
timeSettings | object (PolicyTimeSettings) Holds additional information regarding time settings of rules. This property applies only in case timeSettingsType is set to "temporary". |
workingHoursSettings | object (WorkingHoursSettings) Specifies time slots and weekdays for the secure access. This property applies only in case timeSettingsType is set to "working_hours". |
successful operation.
type required | string (PolicyType) Enum: "ACCESS" "ACTIVITY" Determines the policy type:
|
targetProtocol required | string (PolicyTargetProtocol) Enum: "HTTP" "SSH" "RDP" "TCP" |
name required | string A descriptive name of the policy. The name must be unique. |
targetProtocolSubType | string (PolicyTargetProtocolSubType) Enum: "RDP_BROWSER" "RDP_NATIVE" Valid sub-types for Policies: If no value is given then a default value is set to RDP_NATIVE. |
id | string <uuid> A unique identifier of the policy. |
enabled | boolean Indicates whether this policy is enabled. |
createdAt | string <date-time> |
collectionId | string <uuid> Nullable A unique identifier of the collection assigned to policy. Note: if field not provided policy will created on default collection. |
directoryEntities | Array of objects (DirectoryEntity) The entities to which this policy applies. |
applications | Array of objects (ApplicationBase) The applications to which this policy applies. |
filterConditions | Array of objects (PolicyCondition) Filter conditions that specify the context of the user and the device in which the policy will apply. This Context includes information about the source IP address, source location and source device. The policy is effective only when ALL conditions are satisfied (evaluate to TRUE). Conditions are formed by using properties of the request context and describing their required state. For example, source IP should be one of the listed IP addresses. To retrieve the supported conditions use Get Supported Conditions API. |
timeSettingsType | string Default: "permanent" Enum: "permanent" "temporary" "working_hours" configures the time settings type for the policy. |
Status | string Indicates the policy status |
validators | object The controls you want to enforce as a prerequisite for granting access to the requested resource. Examples are Multi-factor authentication and Web Verification. To configure the required controls, you should retrieve the supported validators IDs by using Get Supported Validators and set the proper ones to TRUE. Note: Applicable for policies of type ACCESS only. |
rdpSettings | object (PolicyRDPSettings) Policy settings that are specific to applications of type RDP |
sshSettings | object (PolicySSHSettings) Policy settings that are specific to applications of type SSH |
tcpSettings | object (PolicyTCPSettings) Policy settings that are specific to applications of type RDP |
timeSettings | object (PolicyTimeSettings) Holds additional information regarding time settings of rules. This property applies only in case timeSettingsType is set to "temporary". |
workingHoursSettings | object (WorkingHoursSettings) Specifies time slots and weekdays for the secure access. This property applies only in case timeSettingsType is set to "working_hours". |
containers | Array of objects (PolicyRule) The rules specify the constraints on the action that the user wants to perform. For example URI black list for web applications or file download restrictions. Each rule contains the the activity which triggers the rule and the action, which determines how the Symantec ZTNA should react when such activity is triggered. Example actions are ‘block action’ in case of an attempt to access a non-allowed URI. |
isWhitelist | boolean Indicates whether Allow rules enabled for this policy, if disabled only Deny rules apply. For Allow rules only "ALLOW" action ID could be applied. |
isIsolation | boolean Indicates whether Web Isolation is enabled for this policy. This flag is relevant only for Web Activity policies (type=”ACTIVITY” and targetProtocol=”HTTP”). |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Conflict - Value of one of the provided fields is already used by an existing object.
Internal Server Error.
{- "type": "ACCESS",
- "targetProtocol": "SSH",
- "targetProtocolSubType": "RDP_NATIVE",
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "enabled": true,
- "name": "Contractors Policy to Jira",
- "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "directoryEntities": [
- {
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}
], - "applications": [
- {
- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "HTTP"
}
], - "filterConditions": [
- {
- "conditionDefinitionId": "LOCATION_RESTRICTION",
- "arguments": {
- "COUNTRIES": [
- "Argentina",
- "Angola"
]
}
}
], - "timeSettingsType": "permanent",
- "Status": "expired",
- "validators": {
- "VALIDATOR_MFA": true
}, - "rdpSettings": {
- "longTermPassword": false
}, - "sshSettings": {
- "accounts": [
- "ubuntu",
- "root"
], - "autoMapping": true,
- "fullUpnAutoMapping": false,
- "agentForward": false,
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "tcpSettings": {
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "timeSettings": {
- "fromDate": "1985-04-12T23:20:50.52Z",
- "toDate": "1985-04-12T23:20:50.52Z"
}, - "workingHoursSettings": {
- "days": [
- true,
- true,
- true,
- true,
- false,
- false,
- false
], - "fromHour": "08:00",
- "toHour": "17:00",
- "endDate": "2025-04-14T23:20:50.52Z"
}
}
{- "type": "ACCESS",
- "targetProtocol": "SSH",
- "targetProtocolSubType": "RDP_NATIVE",
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "enabled": true,
- "createdAt": { },
- "name": "Contractors Policy to Jira",
- "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "directoryEntities": [
- {
- "id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}
], - "applications": [
- {
- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "HTTP"
}
], - "filterConditions": [
- {
- "conditionDefinitionId": "LOCATION_RESTRICTION",
- "arguments": {
- "COUNTRIES": [
- "Argentina",
- "Angola"
]
}
}
], - "timeSettingsType": "permanent",
- "Status": "expired",
- "validators": {
- "VALIDATOR_MFA": true
}, - "rdpSettings": {
- "longTermPassword": false
}, - "sshSettings": {
- "accounts": [
- "ubuntu",
- "root"
], - "autoMapping": true,
- "fullUpnAutoMapping": false,
- "agentForward": false,
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "tcpSettings": {
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "timeSettings": {
- "fromDate": "1985-04-12T23:20:50.52Z",
- "toDate": "1985-04-12T23:20:50.52Z"
}, - "workingHoursSettings": {
- "days": [
- true,
- true,
- true,
- true,
- false,
- false,
- false
], - "fromHour": "08:00",
- "toHour": "17:00",
- "endDate": "2025-04-14T23:20:50.52Z"
}, - "containers": [
- {
- "conditions": [
- {
- "arguments": {
- "SSH_COMMAND": [
- "sudo",
- "ls",
- "chmod"
]
}, - "conditionDefinitionId": "SSH_COMMAND_WHITELIST"
}
], - "actionId": "ALLOW",
- "isolationProfileId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "dlpFilterId": "6fd0a892-8b70-471a-9dd7-bf374b07451f"
}
], - "isWhitelist": true,
- "isIsolation": true,
- "PolicyAccess": "Policy"
}
Default server.
Return an array of paginated JSON objects. Each object represents a policy configured in your Symantec ZTNA tenant.
The supported sort keys are either ‘name’ for sorting by policy name or ‘id’ for sorting by policy id.
Filter applies for the policy name only.
Using the query filter=testpolicy will return all the policies for which one or more of the above listed fields contain "testpolicy"
sort | string Default: "id,asc" Example: sort=name,desc The value of this parameter is a comma-separated list of sort key and sort direction. By default, query results are sorted in ascending order by item id. The supported sort directions are either 'asc' for ascending or 'desc' for descending. |
size | number <int32> <= 100 Default: 50 Example: size=10 The number of items returned in a single page. |
page | number <int32> The page number. |
filter | string Example: filter=test The string by which the results are filtered (see description) |
successful operation.
content | Array of objects (PolicyByType) |
first | boolean Indicates whether the current page is the first one. |
last | boolean Indicates whether the current page is the last one. |
size | integer <int32> Maximum number of elements per page. |
totalElements | integer <int32> Number of elements included in the response. |
totalPages | integer <int32> Number of pages included in the response. |
number | integer <int32> Page number |
numberOfElements | integer <int32> Number of elements in current page. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/policies?sort=name,desc&size=10&page=0&filter=test' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "content": [
- {
- "type": "ACCESS",
- "targetProtocol": "SSH",
- "targetProtocolSubType": "RDP_NATIVE",
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "enabled": true,
- "createdAt": "1985-04-12T23:20:50.520Z",
- "name": "Contractors Policy to Jira",
- "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "directoryEntities": [
- {
- "id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}
], - "applications": [
- {
- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "HTTP"
}
], - "filterConditions": [
- {
- "conditionDefinitionId": "LOCATION_RESTRICTION",
- "arguments": {
- "COUNTRIES": [
- "Argentina",
- "Angola"
]
}
}
], - "timeSettingsType": "permanent",
- "Status": "expired",
- "validators": {
- "VALIDATOR_MFA": true
}, - "rdpSettings": {
- "longTermPassword": false
}, - "sshSettings": {
- "accounts": [
- "ubuntu",
- "root"
], - "autoMapping": true,
- "fullUpnAutoMapping": false,
- "agentForward": false,
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "tcpSettings": {
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "timeSettings": {
- "fromDate": "1985-04-12T23:20:50.52Z",
- "toDate": "1985-04-12T23:20:50.52Z"
}, - "workingHoursSettings": {
- "days": [
- true,
- true,
- true,
- true,
- false,
- false,
- false
], - "fromHour": "08:00",
- "toHour": "17:00",
- "endDate": "2025-04-14T23:20:50.52Z"
}
}
], - "first": true,
- "last": true,
- "size": 50,
- "totalElements": 1,
- "totalPages": 1,
- "number": 0,
- "numberOfElements": 1
}
Default server.
Returns the details of a Policy from your Symantec ZTNA tenant.
policy-id required | string <uuid> Example: 6fd0a531-6b70-471a-9dd7-bf374b07814f Policy ID. |
successful operation.
type required | string (PolicyType) Enum: "ACCESS" "ACTIVITY" Determines the policy type:
|
targetProtocol required | string (PolicyTargetProtocol) Enum: "HTTP" "SSH" "RDP" "TCP" |
name required | string A descriptive name of the policy. The name must be unique. |
targetProtocolSubType | string (PolicyTargetProtocolSubType) Enum: "RDP_BROWSER" "RDP_NATIVE" Valid sub-types for Policies: If no value is given then a default value is set to RDP_NATIVE. |
id | string <uuid> A unique identifier of the policy. |
enabled | boolean Indicates whether this policy is enabled. |
createdAt | string <date-time> |
collectionId | string <uuid> Nullable A unique identifier of the collection assigned to policy. Note: if field not provided policy will created on default collection. |
directoryEntities | Array of objects (DirectoryEntity) The entities to which this policy applies. |
applications | Array of objects (ApplicationBase) The applications to which this policy applies. |
filterConditions | Array of objects (PolicyCondition) Filter conditions that specify the context of the user and the device in which the policy will apply. This Context includes information about the source IP address, source location and source device. The policy is effective only when ALL conditions are satisfied (evaluate to TRUE). Conditions are formed by using properties of the request context and describing their required state. For example, source IP should be one of the listed IP addresses. To retrieve the supported conditions use Get Supported Conditions API. |
timeSettingsType | string Default: "permanent" Enum: "permanent" "temporary" "working_hours" configures the time settings type for the policy. |
Status | string Indicates the policy status |
validators | object The controls you want to enforce as a prerequisite for granting access to the requested resource. Examples are Multi-factor authentication and Web Verification. To configure the required controls, you should retrieve the supported validators IDs by using Get Supported Validators and set the proper ones to TRUE. Note: Applicable for policies of type ACCESS only. |
rdpSettings | object (PolicyRDPSettings) Policy settings that are specific to applications of type RDP |
sshSettings | object (PolicySSHSettings) Policy settings that are specific to applications of type SSH |
tcpSettings | object (PolicyTCPSettings) Policy settings that are specific to applications of type RDP |
timeSettings | object (PolicyTimeSettings) Holds additional information regarding time settings of rules. This property applies only in case timeSettingsType is set to "temporary". |
workingHoursSettings | object (WorkingHoursSettings) Specifies time slots and weekdays for the secure access. This property applies only in case timeSettingsType is set to "working_hours". |
containers | Array of objects (PolicyRule) The rules specify the constraints on the action that the user wants to perform. For example URI black list for web applications or file download restrictions. Each rule contains the the activity which triggers the rule and the action, which determines how the Symantec ZTNA should react when such activity is triggered. Example actions are ‘block action’ in case of an attempt to access a non-allowed URI. |
isWhitelist | boolean Indicates whether Allow rules enabled for this policy, if disabled only Deny rules apply. For Allow rules only "ALLOW" action ID could be applied. |
isIsolation | boolean Indicates whether Web Isolation is enabled for this policy. This flag is relevant only for Web Activity policies (type=”ACTIVITY” and targetProtocol=”HTTP”). |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/policies/6fd0a531-6b70-471a-9dd7-bf374b07814f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "type": "ACCESS",
- "targetProtocol": "SSH",
- "targetProtocolSubType": "RDP_NATIVE",
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "enabled": true,
- "createdAt": { },
- "name": "Contractors Policy to Jira",
- "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "directoryEntities": [
- {
- "id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}
], - "applications": [
- {
- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "HTTP"
}
], - "filterConditions": [
- {
- "conditionDefinitionId": "LOCATION_RESTRICTION",
- "arguments": {
- "COUNTRIES": [
- "Argentina",
- "Angola"
]
}
}
], - "timeSettingsType": "permanent",
- "Status": "expired",
- "validators": {
- "VALIDATOR_MFA": true
}, - "rdpSettings": {
- "longTermPassword": false
}, - "sshSettings": {
- "accounts": [
- "ubuntu",
- "root"
], - "autoMapping": true,
- "fullUpnAutoMapping": false,
- "agentForward": false,
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "tcpSettings": {
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "timeSettings": {
- "fromDate": "1985-04-12T23:20:50.52Z",
- "toDate": "1985-04-12T23:20:50.52Z"
}, - "workingHoursSettings": {
- "days": [
- true,
- true,
- true,
- true,
- false,
- false,
- false
], - "fromHour": "08:00",
- "toHour": "17:00",
- "endDate": "2025-04-14T23:20:50.52Z"
}, - "containers": [
- {
- "conditions": [
- {
- "arguments": {
- "SSH_COMMAND": [
- "sudo",
- "ls",
- "chmod"
]
}, - "conditionDefinitionId": "SSH_COMMAND_WHITELIST"
}
], - "actionId": "ALLOW",
- "isolationProfileId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "dlpFilterId": "6fd0a892-8b70-471a-9dd7-bf374b07451f"
}
], - "isWhitelist": true,
- "isIsolation": true,
- "PolicyAccess": "Policy"
}
Default server.
Update an existing policy in your Symantec ZTNA tenant.
policy-id required | string <uuid> Example: 6fd0a531-6b70-471a-9dd7-bf374b07814f Policy ID. |
type required | string (PolicyType) Enum: "ACCESS" "ACTIVITY" Determines the policy type:
|
targetProtocol required | string (PolicyTargetProtocol) Enum: "HTTP" "SSH" "RDP" "TCP" |
name required | string A descriptive name of the policy. The name must be unique. |
targetProtocolSubType | string (PolicyTargetProtocolSubType) Enum: "RDP_BROWSER" "RDP_NATIVE" Valid sub-types for Policies: If no value is given then a default value is set to RDP_NATIVE. |
id | string <uuid> A unique identifier of the policy. |
enabled | boolean Indicates whether this policy is enabled. |
collectionId | string <uuid> Nullable A unique identifier of the collection assigned to policy. Note: if field not provided policy will created on default collection. |
directoryEntities | Array of objects (DirectoryEntity) The entities to which this policy applies. |
applications | Array of objects (ApplicationBase) The applications to which this policy applies. |
filterConditions | Array of objects (PolicyCondition) Filter conditions that specify the context of the user and the device in which the policy will apply. This Context includes information about the source IP address, source location and source device. The policy is effective only when ALL conditions are satisfied (evaluate to TRUE). Conditions are formed by using properties of the request context and describing their required state. For example, source IP should be one of the listed IP addresses. To retrieve the supported conditions use Get Supported Conditions API. |
timeSettingsType | string Default: "permanent" Enum: "permanent" "temporary" "working_hours" configures the time settings type for the policy. |
Status | string Indicates the policy status |
validators | object The controls you want to enforce as a prerequisite for granting access to the requested resource. Examples are Multi-factor authentication and Web Verification. To configure the required controls, you should retrieve the supported validators IDs by using Get Supported Validators and set the proper ones to TRUE. Note: Applicable for policies of type ACCESS only. |
rdpSettings | object (PolicyRDPSettings) Policy settings that are specific to applications of type RDP |
sshSettings | object (PolicySSHSettings) Policy settings that are specific to applications of type SSH |
tcpSettings | object (PolicyTCPSettings) Policy settings that are specific to applications of type RDP |
timeSettings | object (PolicyTimeSettings) Holds additional information regarding time settings of rules. This property applies only in case timeSettingsType is set to "temporary". |
workingHoursSettings | object (WorkingHoursSettings) Specifies time slots and weekdays for the secure access. This property applies only in case timeSettingsType is set to "working_hours". |
containers | Array of objects (PolicyRule) The rules specify the constraints on the action that the user wants to perform. For example URI black list for web applications or file download restrictions. Each rule contains the the activity which triggers the rule and the action, which determines how the Symantec ZTNA should react when such activity is triggered. Example actions are ‘block action’ in case of an attempt to access a non-allowed URI. |
isWhitelist | boolean Indicates whether Allow rules enabled for this policy, if disabled only Deny rules apply. For Allow rules only "ALLOW" action ID could be applied. |
isIsolation | boolean Indicates whether Web Isolation is enabled for this policy. This flag is relevant only for Web Activity policies (type=”ACTIVITY” and targetProtocol=”HTTP”). |
successful operation.
type required | string (PolicyType) Enum: "ACCESS" "ACTIVITY" Determines the policy type:
|
targetProtocol required | string (PolicyTargetProtocol) Enum: "HTTP" "SSH" "RDP" "TCP" |
name required | string A descriptive name of the policy. The name must be unique. |
targetProtocolSubType | string (PolicyTargetProtocolSubType) Enum: "RDP_BROWSER" "RDP_NATIVE" Valid sub-types for Policies: If no value is given then a default value is set to RDP_NATIVE. |
id | string <uuid> A unique identifier of the policy. |
enabled | boolean Indicates whether this policy is enabled. |
createdAt | string <date-time> |
collectionId | string <uuid> Nullable A unique identifier of the collection assigned to policy. Note: if field not provided policy will created on default collection. |
directoryEntities | Array of objects (DirectoryEntity) The entities to which this policy applies. |
applications | Array of objects (ApplicationBase) The applications to which this policy applies. |
filterConditions | Array of objects (PolicyCondition) Filter conditions that specify the context of the user and the device in which the policy will apply. This Context includes information about the source IP address, source location and source device. The policy is effective only when ALL conditions are satisfied (evaluate to TRUE). Conditions are formed by using properties of the request context and describing their required state. For example, source IP should be one of the listed IP addresses. To retrieve the supported conditions use Get Supported Conditions API. |
timeSettingsType | string Default: "permanent" Enum: "permanent" "temporary" "working_hours" configures the time settings type for the policy. |
Status | string Indicates the policy status |
validators | object The controls you want to enforce as a prerequisite for granting access to the requested resource. Examples are Multi-factor authentication and Web Verification. To configure the required controls, you should retrieve the supported validators IDs by using Get Supported Validators and set the proper ones to TRUE. Note: Applicable for policies of type ACCESS only. |
rdpSettings | object (PolicyRDPSettings) Policy settings that are specific to applications of type RDP |
sshSettings | object (PolicySSHSettings) Policy settings that are specific to applications of type SSH |
tcpSettings | object (PolicyTCPSettings) Policy settings that are specific to applications of type RDP |
timeSettings | object (PolicyTimeSettings) Holds additional information regarding time settings of rules. This property applies only in case timeSettingsType is set to "temporary". |
workingHoursSettings | object (WorkingHoursSettings) Specifies time slots and weekdays for the secure access. This property applies only in case timeSettingsType is set to "working_hours". |
containers | Array of objects (PolicyRule) The rules specify the constraints on the action that the user wants to perform. For example URI black list for web applications or file download restrictions. Each rule contains the the activity which triggers the rule and the action, which determines how the Symantec ZTNA should react when such activity is triggered. Example actions are ‘block action’ in case of an attempt to access a non-allowed URI. |
isWhitelist | boolean Indicates whether Allow rules enabled for this policy, if disabled only Deny rules apply. For Allow rules only "ALLOW" action ID could be applied. |
isIsolation | boolean Indicates whether Web Isolation is enabled for this policy. This flag is relevant only for Web Activity policies (type=”ACTIVITY” and targetProtocol=”HTTP”). |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Conflict - Value of one of the provided fields is already used by an existing object.
Internal Server Error.
{- "type": "ACCESS",
- "targetProtocol": "SSH",
- "targetProtocolSubType": "RDP_NATIVE",
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "enabled": true,
- "name": "Contractors Policy to Jira",
- "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "directoryEntities": [
- {
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}
], - "applications": [
- {
- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "HTTP"
}
], - "filterConditions": [
- {
- "conditionDefinitionId": "LOCATION_RESTRICTION",
- "arguments": {
- "COUNTRIES": [
- "Argentina",
- "Angola"
]
}
}
], - "timeSettingsType": "permanent",
- "Status": "expired",
- "validators": {
- "VALIDATOR_MFA": true
}, - "rdpSettings": {
- "longTermPassword": false
}, - "sshSettings": {
- "accounts": [
- "ubuntu",
- "root"
], - "autoMapping": true,
- "fullUpnAutoMapping": false,
- "agentForward": false,
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "tcpSettings": {
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "timeSettings": {
- "fromDate": "1985-04-12T23:20:50.52Z",
- "toDate": "1985-04-12T23:20:50.52Z"
}, - "workingHoursSettings": {
- "days": [
- true,
- true,
- true,
- true,
- false,
- false,
- false
], - "fromHour": "08:00",
- "toHour": "17:00",
- "endDate": "2025-04-14T23:20:50.52Z"
}, - "containers": [
- {
- "conditions": [
- {
- "arguments": {
- "SSH_COMMAND": [
- "sudo",
- "ls",
- "chmod"
]
}, - "conditionDefinitionId": "SSH_COMMAND_WHITELIST"
}
], - "actionId": "ALLOW",
- "isolationProfileId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "dlpFilterId": "6fd0a892-8b70-471a-9dd7-bf374b07451f"
}
], - "isWhitelist": true,
- "isIsolation": true,
- "PolicyAccess": "Policy"
}
{- "type": "ACCESS",
- "targetProtocol": "SSH",
- "targetProtocolSubType": "RDP_NATIVE",
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "enabled": true,
- "createdAt": { },
- "name": "Contractors Policy to Jira",
- "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "directoryEntities": [
- {
- "id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}
], - "applications": [
- {
- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "HTTP"
}
], - "filterConditions": [
- {
- "conditionDefinitionId": "LOCATION_RESTRICTION",
- "arguments": {
- "COUNTRIES": [
- "Argentina",
- "Angola"
]
}
}
], - "timeSettingsType": "permanent",
- "Status": "expired",
- "validators": {
- "VALIDATOR_MFA": true
}, - "rdpSettings": {
- "longTermPassword": false
}, - "sshSettings": {
- "accounts": [
- "ubuntu",
- "root"
], - "autoMapping": true,
- "fullUpnAutoMapping": false,
- "agentForward": false,
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "tcpSettings": {
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "timeSettings": {
- "fromDate": "1985-04-12T23:20:50.52Z",
- "toDate": "1985-04-12T23:20:50.52Z"
}, - "workingHoursSettings": {
- "days": [
- true,
- true,
- true,
- true,
- false,
- false,
- false
], - "fromHour": "08:00",
- "toHour": "17:00",
- "endDate": "2025-04-14T23:20:50.52Z"
}, - "containers": [
- {
- "conditions": [
- {
- "arguments": {
- "SSH_COMMAND": [
- "sudo",
- "ls",
- "chmod"
]
}, - "conditionDefinitionId": "SSH_COMMAND_WHITELIST"
}
], - "actionId": "ALLOW",
- "isolationProfileId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "dlpFilterId": "6fd0a892-8b70-471a-9dd7-bf374b07451f"
}
], - "isWhitelist": true,
- "isIsolation": true,
- "PolicyAccess": "Policy"
}
Default server.
Delete a policy from your Symantec ZTNA tenant.
policy-id required | string <uuid> Example: 6fd0a531-6b70-471a-9dd7-bf374b07814f Policy ID. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
curl -X DELETE 'https://api.acme.luminatesec.com/v2/policies/6fd0a531-6b70-471a-9dd7-bf374b07814f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Returns all supported conditions that can be used as building blocks when defining policies. Conditions Definitions are used to define filter conditions and activity policy rules.
successful operation.
id | string (PolicyConditionDefinitionID) String that uniquly represents the condition and used as its identifier. |
displayName | string Human readable name of this Condition. |
description | string Condition scope extended information. |
conditionParameters | Array of objects (PolicyConditionParameter) Determine the parameters that are required for evaluating the condition. |
typeMapping | Array of objects (PolicyConditionTypeMapping) This property specifies the policy type and the application type for which this condition applies. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/policies/config/condition-definitions' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "id": "LOCATION_RESTRICTION",
- "displayName": "Location",
- "description": "List of countries that will be allowed to access",
- "conditionParameters": [
- {
- "parameterId": "COUNTRIES",
- "displayName": "conditions",
- "elementType": "enum",
- "enumSettings": {
- "isMultiple": true,
- "values": [
- {
- "id": "IL",
- "displayName": "Israel"
}
]
}, - "stringSettings": {
- "regexValidator": "^Symantec ZTNA1$",
- "isMultiple": true,
- "example": "Symantec ZTNA1"
}, - "numberSettings": {
- "min": 5,
- "max": 10
}
}
], - "typeMapping": [
- {
- "applicationType": "HTTP",
- "policyType": "ACCESS"
}
]
}
Default server.
Returns the actions that can be enforced when a user performs a specific operation.
Examples are: ALLOW to allow the action, BLOCK to block the action, BLOCK_USER to disconnect all active sessions of
the user and block further login attempts.
successful operation.
id | string Unique id for this Action, this ID should be used when setting the Action in a Container |
name | string Human readable name for this action type |
description | string extended information about the action |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/policies/config/action-types' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
[- {
- "id": "BLOCK",
- "name": "block",
- "description": "block the action"
}
]
Default server.
Returns the validators that can be used as a prerequisite for granting access to a requested resource.
Examples are Multi-factor authentication and Web Verification.
Note: The validators are applicable for policies of type ACCESS only.
successful operation.
id | string |
displayName | string |
description | string |
applicationType | string Enum: "HTTP" "SSH" "TCP" "RDP" "DYNAMIC_SSH" type of applications for that condition |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/policies/config/validator-types' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
[- {
- "id": "MFA",
- "displayName": "MFA",
- "description": "Multi Factor authentication",
- "applicationType": "HTTP"
}
]
Default server.
Returns an array of JSON objects.
Each object represents a policy assigned to the provided application in your Symantec ZTNA.
application-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f Application ID. |
successful operation.
type required | string (PolicyType) Determines the policy type:
ACCESS |
targetProtocol required | string (PolicyTargetProtocol) Enum: "HTTP" "SSH" "RDP" "TCP" |
name required | string A descriptive name of the policy. The name must be unique. |
targetProtocolSubType | string (PolicyTargetProtocolSubType) Enum: "RDP_BROWSER" "RDP_NATIVE" Valid sub-types for Policies: If no value is given then a default value is set to RDP_NATIVE. |
id | string <uuid> A unique identifier of the policy. |
enabled | boolean Indicates whether this policy is enabled. |
createdAt | string <date-time> |
collectionId | string <uuid> Nullable A unique identifier of the collection assigned to policy. Note: if field not provided policy will created on default collection. |
directoryEntities | Array of objects (DirectoryEntity) The entities to which this policy applies. |
applications | Array of objects (ApplicationBase) The applications to which this policy applies. |
filterConditions | Array of objects (PolicyCondition) Filter conditions that specify the context of the user and the device in which the policy will apply. This Context includes information about the source IP address, source location and source device. The policy is effective only when ALL conditions are satisfied (evaluate to TRUE). Conditions are formed by using properties of the request context and describing their required state. For example, source IP should be one of the listed IP addresses. To retrieve the supported conditions use Get Supported Conditions API. |
timeSettingsType | string Default: "permanent" Enum: "permanent" "temporary" "working_hours" configures the time settings type for the policy. |
Status | string Indicates the policy status |
validators | object The controls you want to enforce as a prerequisite for granting access to the requested resource. Examples are Multi-factor authentication and Web Verification. To configure the required controls, you should retrieve the supported validators IDs by using Get Supported Validators and set the proper ones to TRUE. Note: Applicable for policies of type ACCESS only. |
rdpSettings | object (PolicyRDPSettings) Policy settings that are specific to applications of type RDP |
sshSettings | object (PolicySSHSettings) Policy settings that are specific to applications of type SSH |
tcpSettings | object (PolicyTCPSettings) Policy settings that are specific to applications of type RDP |
timeSettings | object (PolicyTimeSettings) Holds additional information regarding time settings of rules. This property applies only in case timeSettingsType is set to "temporary". |
workingHoursSettings | object (WorkingHoursSettings) Specifies time slots and weekdays for the secure access. This property applies only in case timeSettingsType is set to "working_hours". |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/policies/by-app-id/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
[- {
- "type": "ACCESS",
- "targetProtocol": "SSH",
- "targetProtocolSubType": "RDP_NATIVE",
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "enabled": true,
- "createdAt": "1985-04-12T23:20:50.520Z",
- "name": "Contractors Policy to Jira",
- "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "directoryEntities": [
- {
- "id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}
], - "applications": [
- {
- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "HTTP"
}
], - "filterConditions": [
- {
- "conditionDefinitionId": "LOCATION_RESTRICTION",
- "arguments": {
- "COUNTRIES": [
- "Argentina",
- "Angola"
]
}
}
], - "timeSettingsType": "permanent",
- "Status": "expired",
- "validators": {
- "VALIDATOR_MFA": true
}, - "rdpSettings": {
- "longTermPassword": false
}, - "sshSettings": {
- "accounts": [
- "ubuntu",
- "root"
], - "autoMapping": true,
- "fullUpnAutoMapping": false,
- "agentForward": false,
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "tcpSettings": {
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "timeSettings": {
- "fromDate": "1985-04-12T23:20:50.52Z",
- "toDate": "1985-04-12T23:20:50.52Z"
}, - "workingHoursSettings": {
- "days": [
- true,
- true,
- true,
- true,
- false,
- false,
- false
], - "fromHour": "08:00",
- "toHour": "17:00",
- "endDate": "2025-04-14T23:20:50.52Z"
}
}
]
Default server.
Update explicit application assignment in the list of the policies where this application assigned to. The application will be removed from the policies which doesn’t mentioned in the request body.
application-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f Application ID. |
applicationType required | string (ApplicationType) Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" "DNS" DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications. |
policyIds required | Array of strings Identifiers of the policies to apply on the given application. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
{- "applicationType": "HTTP",
- "policyIds": [
- "string"
]
}
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Assign explicit application to the existent policies.
application-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f Application ID. |
applicationType required | string (ApplicationType) Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" "DNS" DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications. |
policyIds required | Array of strings Identifiers of the policies to apply on the given application. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
{- "applicationType": "HTTP",
- "policyIds": [
- "string"
]
}
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Remove explicit application from the policies.
application-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f Application ID. |
applicationType required | string (ApplicationType) Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" "DNS" DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications. |
policyIds required | Array of strings Identifiers of the policies to apply on the given application. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
{- "applicationType": "HTTP",
- "policyIds": [
- "string"
]
}
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Link a Site to a Collection in your Symantec ZTNA tenant.
links | Array of objects (CollectionSiteLink) |
successful operation.
links | Array of objects (CollectionSiteLink) |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Conflict - Value of one of the provided fields is already used by an existing object.
{- "links": [
- {
- "siteId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "collectionId": "dd5ef47d-3e9c-418b-abfc-a1f702fa0c59"
}
]
}
{- "links": [
- {
- "siteId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "collectionId": "dd5ef47d-3e9c-418b-abfc-a1f702fa0c59"
}
]
}
Default server.
Get the Sites linked to the Collection in your Symantec ZTNA tenant.
collection-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The collection ID. |
successful operation.
links | Array of objects (CollectionSiteLink) |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
curl -X GET 'https://api.acme.luminatesec.com/v2/collection/site-links/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "links": [
- {
- "siteId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "collectionId": "dd5ef47d-3e9c-418b-abfc-a1f702fa0c59"
}
]
}
Default server.
Unlink Site from Collection in your Symantec ZTNA tenant.
collection-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The collection ID. |
site-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The site ID. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
null
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Return an array of paginated JSON objects. Each object represents an collection configured in your Symantec ZTNA tenant.
Using the query filter=testCollection will return all the collection for which one or more of the above listed fields contain "testCollection"
sort | string Default: "id,asc" Example: sort=name,desc The value of this parameter is a comma-separated list of sort key and sort direction. By default, query results are sorted in ascending order by item id. The supported sort directions are either 'asc' for ascending or 'desc' for descending. |
size | number <int32> <= 100 Default: 50 Example: size=10 The number of items returned in a single page. |
page | number <int32> The page number. |
name | string Example: name=test The name of the resource. |
application-id | string <uuid> Example: application-id=6fd0a892-8b70-471a-9dd7-bf374b07451f Application ID. |
site-id | string <uuid> Example: site-id=3c536623-4763-4f67-a45a-e88f3d08cdd5 Site ID. |
policy-id | string <uuid> Example: policy-id=6fd0a531-6b70-471a-9dd7-bf374b07814f Policy ID. |
successful operation.
content | Array of objects (Collection) |
first | boolean Indicates whether the current page is the first one. |
last | boolean Indicates whether the current page is the last one. |
size | integer <int32> Maximum number of elements per page. |
totalElements | integer <int32> Number of elements included in the response. |
totalPages | integer <int32> Number of pages included in the response. |
number | integer <int32> Page number |
numberOfElements | integer <int32> Number of elements in current page. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/collection?sort=name,desc&size=10&page=0&name=test&application-id=6fd0a892-8b70-471a-9dd7-bf374b07451f&site-id=3c536623-4763-4f67-a45a-e88f3d08cdd5&policy-id=6fd0a531-6b70-471a-9dd7-bf374b07814f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "content": [
- {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "string",
- "countResources": 0,
- "countLinkedSites": 0,
- "fqdn": "string"
}
], - "first": true,
- "last": true,
- "size": 50,
- "totalElements": 1,
- "totalPages": 1,
- "number": 0,
- "numberOfElements": 1
}
Default server.
Create Collection in your Symantec ZTNA tenant.
id | string <uuid> |
name | string |
successful operation.
id | string <uuid> |
parentId | string <uuid> |
name | string |
countResources | integer <int32> |
countLinkedSites | integer <int32> |
fqdn | string authorization fqdn |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Conflict - Value of one of the provided fields is already used by an existing object.
{- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "string"
}
{- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "string",
- "countResources": 0,
- "countLinkedSites": 0,
- "fqdn": "string"
}
Default server.
Get Collection in your Symantec ZTNA tenant.
collection-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The collection ID. |
successful operation.
id | string <uuid> |
parentId | string <uuid> |
name | string |
countResources | integer <int32> |
countLinkedSites | integer <int32> |
fqdn | string authorization fqdn |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
curl -X GET 'https://api.acme.luminatesec.com/v2/collection/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "string",
- "countResources": 0,
- "countLinkedSites": 0,
- "fqdn": "string"
}
Default server.
Update Collection in your Symantec ZTNA tenant.
collection-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The collection ID. |
name | string |
successful operation.
id | string <uuid> |
parentId | string <uuid> |
name | string |
countResources | integer <int32> |
countLinkedSites | integer <int32> |
fqdn | string authorization fqdn |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
{- "name": "string"
}
{- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "string",
- "countResources": 0,
- "countLinkedSites": 0,
- "fqdn": "string"
}
Default server.
Delete Collection in your Symantec ZTNA tenant.
collection-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The collection ID. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
null
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Get Collections by Site in your Symantec ZTNA tenant.
site-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The site ID. |
successful operation.
collectionIds | Array of strings <uuid> |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
curl -X GET 'https://api.acme.luminatesec.com/v2/collection/site/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "collectionIds": [
- "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59"
]
}
Default server.
List Role Bindings in your Symantec ZTNA tenant.
sort | any Default: "displayName" Enum: "displayName" "entityType" "role" "createdAt" "subjectType" Example: sort=name The value of this parameter is a comma-separated list of sort key. |
direction | string Default: "asc" Enum: "asc" "desc" Example: direction=asc The value of this parameter is a comma-separated list of sort direction. |
page | number <int32> The page number. |
size | number <int32> <= 100 Default: 50 Example: size=10 The number of items returned in a single page. |
entityIdInIdp | string Example: entityIdInIdp=18837193-a81a-400f-b38d-482379e3ab47 Entity identifier as determined by the owning Identity Provider. |
entityType | any Enum: "User" "Group" "ApiClient" Example: entityType=User The directory entity type (User/Group/OU/API Client). |
entityName | string Example: entityName=test The value of this parameter is entity name. |
subjectId | string <uuid> Example: subjectId=18837193-a81a-400f-b38d-482379e3ab47 The ID of the Resource that assigned. |
subjectType | string (SubjectType) Enum: "Site" "App" "Policy" "Collection" Example: subjectType=Site The Resource that assigned to the role type (Site/App/Policy). |
subjectName | string Example: subjectName=siteName The Resource that assigned to the role name. |
roleType | string (RoleType) Enum: "TenantAdmin" "TenantViewer" "SiteEditor" "SiteConnectorDeployer" "ApplicationOwner" "PolicyOwner" Example: roleType=TenantAdmin The role type (TenantAdmin/TenantViewer/SiteEditor/SiteConnectorDeployer/ApplicationOwner/PolicyOwner) that will assign to entity. |
successful operation
content | Array of objects (RoleBinding) |
first | boolean Indicates whether the current page is the first one. |
last | boolean Indicates whether the current page is the last one. |
size | integer <int32> Maximum number of elements per page. |
totalElements | integer <int32> Number of elements included in the response. |
totalPages | integer <int32> Number of pages included in the response. |
number | integer <int32> Page number |
numberOfElements | integer <int32> Number of elements in current page. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
curl -X GET 'https://api.acme.luminatesec.com/v2/collection/role-bindings?sort=name&direction=asc&page=0&size=10&entityIdInIdp=18837193-a81a-400f-b38d-482379e3ab47&entityType=User&entityName=test&subjectId=18837193-a81a-400f-b38d-482379e3ab47&subjectType=undefined&subjectName=siteName&roleType=TenantAdmin' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "content": [
- {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "createdAt": "2025-07-28T13:34:25Z",
- "role": {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "Tenant Viewer",
- "RoleType": "TenantAdmin"
}, - "Collection": {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "string",
- "countResources": 0,
- "countLinkedSites": 0,
- "fqdn": "string"
}, - "entity": {
- "id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}, - "resource": {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "collectionID": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "fqdn": "r::site",
- "name": "SiteName",
- "originalResourceId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "subjectType": "Site"
}
}
], - "first": true,
- "last": true,
- "size": 50,
- "totalElements": 1,
- "totalPages": 1,
- "number": 0,
- "numberOfElements": 1
}
Default server.
Create Tenant Role Binding in your Symantec ZTNA tenant.
roleType | string (TenantRoleType) Enum: "TenantAdmin" "TenantViewer" Tenant role type (TenantAdmin/TenantViewer) that will assign to entity. |
entities | Array of objects (DirectoryEntity) |
successful operation.
roleBindings | Array of objects (RoleBinding) |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
{- "roleType": "TenantAdmin",
- "entities": [
- {
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}
]
}
{- "roleBindings": [
- {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "createdAt": "2025-07-28T13:34:25Z",
- "role": {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "Tenant Viewer",
- "RoleType": "TenantAdmin"
}, - "Collection": {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "string",
- "countResources": 0,
- "countLinkedSites": 0,
- "fqdn": "string"
}, - "entity": {
- "id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}, - "resource": {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "collectionID": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "fqdn": "r::site",
- "name": "SiteName",
- "originalResourceId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "subjectType": "Site"
}
}
]
}
Default server.
Create Collection Role Binding in your Symantec ZTNA tenant.
roleType | string (CollectionRoleType) Enum: "ApplicationOwner" "PolicyOwner" Collection role type (CollectionAdmin/CollectionViewer) that will assign to entity. |
collectionId | string <uuid> |
entities | Array of objects (DirectoryEntity) |
successful operation.
roleBindings | Array of objects (RoleBinding) |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
{- "roleType": "CollectionAdmin",
- "collectionId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "entities": [
- {
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}
]
}
{- "roleBindings": [
- {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "createdAt": "2025-07-28T13:34:25Z",
- "role": {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "Tenant Viewer",
- "RoleType": "TenantAdmin"
}, - "Collection": {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "string",
- "countResources": 0,
- "countLinkedSites": 0,
- "fqdn": "string"
}, - "entity": {
- "id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}, - "resource": {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "collectionID": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "fqdn": "r::site",
- "name": "SiteName",
- "originalResourceId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "subjectType": "Site"
}
}
]
}
Default server.
Create Site Role Binding in your Symantec ZTNA tenant.
roleType | string (SiteRoleType) Enum: "SiteEditor" "SiteConnectorDeployer" Site role type (SiteEditor/SiteConnectorDeployer) that will assign to entity. |
siteId | string <uuid> |
entities | Array of objects (DirectoryEntity) |
successful operation.
roleBindings | Array of objects (RoleBinding) |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
{- "roleType": "SiteEditor",
- "siteId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "entities": [
- {
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}
]
}
{- "roleBindings": [
- {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "createdAt": "2025-07-28T13:34:25Z",
- "role": {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "Tenant Viewer",
- "RoleType": "TenantAdmin"
}, - "Collection": {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "string",
- "countResources": 0,
- "countLinkedSites": 0,
- "fqdn": "string"
}, - "entity": {
- "id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}, - "resource": {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "collectionID": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "fqdn": "r::site",
- "name": "SiteName",
- "originalResourceId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "subjectType": "Site"
}
}
]
}
Default server.
Delete Collection Role Binding in your Symantec ZTNA tenant by role binding IDs. you can retrieve role bindings ids from List Role Bindings API.
roleBindingIds | Array of strings <uuid> |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
{- "roleBindingIds": [
- "6fd0a892-8b70-471a-9dd7-bf374b07451f"
]
}
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Create New DNS Group.
name required | string The name of the group. |
domainSuffixes required | Array of strings |
sendNotifications required | boolean Indicates whether notifications should be sent to admin. |
DNS Group has been created successfully.
id | string <uuid> The id of the group. |
name | string The name of the group. |
status | string The status of the group. |
domainSuffixes | Array of strings List of domain suffixes. |
sendNotifications | boolean Indicates whether notifications should be sent to admin. |
servers | Array of strings list of dns servers ids. |
serverInUsed | string <uuid> Indicates the id of the active server in the group |
activeServerAddress | string the address of the active dns server. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Conflict - Value of one of the provided fields is already used by an existing object.
{- "name": "group1",
- "domainSuffixes": [
- "[\"dns-group.com\",\"example.com\"]"
], - "sendNotifications": "true"
}
{- "id": "0115deec-b583-4335-92f2-8269f0bfd493",
- "name": "DNS Group 1",
- "status": "Available",
- "domainSuffixes": "[\"dns-group.com\",\"other-group.com\"]",
- "sendNotifications": "true",
- "servers": "[\"0115deec-b583-4335-92f2-8269f0bfd493\",\"cf5780a0-4c72-45db-92c4-c7ce517f86e9\"]",
- "serverInUsed": "0115deec-b583-4335-92f2-8269f0bfd493",
- "activeServerAddress": "1.1.1.1"
}
Default server.
List DNS Groups.
sort | string Default: "id,asc" Example: sort=name,desc The value of this parameter is a comma-separated list of sort key and sort direction. By default, query results are sorted in ascending order by item id. The supported sort directions are either 'asc' for ascending or 'desc' for descending. |
size | number <int32> <= 100 Default: 50 Example: size=10 The number of items returned in a single page. |
page | number <int32> The page number. |
filter | string Example: filter=test The string by which the results are filtered (see description) |
List Dns Groups.
content | Array of objects (DnsGroupOutput) |
first | boolean Indicates whether the current page is the first one. |
last | boolean Indicates whether the current page is the last one. |
size | integer <int32> Maximum number of elements per page. |
totalElements | integer <int32> Number of elements included in the response. |
totalPages | integer <int32> Number of pages included in the response. |
number | integer <int32> Page number |
numberOfElements | integer <int32> Number of elements in current page. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
curl -X GET 'https://api.acme.luminatesec.com/v2/wss-integration-tenant/dns-groups?sort=name,desc&size=10&page=0&filter=test' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "content": [
- {
- "id": "0115deec-b583-4335-92f2-8269f0bfd493",
- "name": "DNS Group 1",
- "status": "Available",
- "domainSuffixes": "[\"dns-group.com\",\"other-group.com\"]",
- "sendNotifications": "true",
- "servers": "[\"0115deec-b583-4335-92f2-8269f0bfd493\",\"cf5780a0-4c72-45db-92c4-c7ce517f86e9\"]",
- "serverInUsed": "0115deec-b583-4335-92f2-8269f0bfd493",
- "activeServerAddress": "1.1.1.1"
}
], - "first": true,
- "last": true,
- "size": 50,
- "totalElements": 1,
- "totalPages": 1,
- "number": 0,
- "numberOfElements": 1
}
Default server.
Retrieve a group by its ID.
dnsGroupId required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The ID of the group to retrieve, update or delete. |
Successful response.
id | string <uuid> The id of the group. |
name | string The name of the group. |
status | string The status of the group. |
domainSuffixes | Array of strings List of domain suffixes. |
sendNotifications | boolean Indicates whether notifications should be sent to admin. |
servers | Array of strings list of dns servers ids. |
serverInUsed | string <uuid> Indicates the id of the active server in the group |
activeServerAddress | string the address of the active dns server. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
curl -X GET 'https://api.acme.luminatesec.com/v2/wss-integration-tenant/dns-groups/{dnsGroupId}' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "id": "0115deec-b583-4335-92f2-8269f0bfd493",
- "name": "DNS Group 1",
- "status": "Available",
- "domainSuffixes": "[\"dns-group.com\",\"other-group.com\"]",
- "sendNotifications": "true",
- "servers": "[\"0115deec-b583-4335-92f2-8269f0bfd493\",\"cf5780a0-4c72-45db-92c4-c7ce517f86e9\"]",
- "serverInUsed": "0115deec-b583-4335-92f2-8269f0bfd493",
- "activeServerAddress": "1.1.1.1"
}
Default server.
Update a group by its ID.
dnsGroupId required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The ID of the group to retrieve, update or delete. |
name required | string The name of the group. |
domainSuffixes required | Array of strings |
sendNotifications required | boolean Indicates whether notifications should be sent to admin. |
Group updated successfully.
id | string <uuid> The id of the group. |
name | string The name of the group. |
status | string The status of the group. |
domainSuffixes | Array of strings List of domain suffixes. |
sendNotifications | boolean Indicates whether notifications should be sent to admin. |
servers | Array of strings list of dns servers ids. |
serverInUsed | string <uuid> Indicates the id of the active server in the group |
activeServerAddress | string the address of the active dns server. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
{- "name": "group1",
- "domainSuffixes": [
- "[\"dns-group.com\",\"example.com\"]"
], - "sendNotifications": "true"
}
{- "id": "0115deec-b583-4335-92f2-8269f0bfd493",
- "name": "DNS Group 1",
- "status": "Available",
- "domainSuffixes": "[\"dns-group.com\",\"other-group.com\"]",
- "sendNotifications": "true",
- "servers": "[\"0115deec-b583-4335-92f2-8269f0bfd493\",\"cf5780a0-4c72-45db-92c4-c7ce517f86e9\"]",
- "serverInUsed": "0115deec-b583-4335-92f2-8269f0bfd493",
- "activeServerAddress": "1.1.1.1"
}
Default server.
Delete a group by ID.
dnsGroupId required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The ID of the group to retrieve, update or delete. |
Group deleted successfully.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
curl -X DELETE 'https://api.acme.luminatesec.com/v2/wss-integration-tenant/dns-groups/{dnsGroupId}' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Create New DNS Server in Group.
dnsGroupId required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The ID of the group to create a server for. |
name required | string The name of the DNS Server. |
internalAddress required | string The IP address of the server. |
siteId required | string <uuid> The site ID associated with the DNS Server. |
groupId required | string <uuid> The group ID associated with the DNS Server. |
Server created successfully in group.
id | string <uuid> |
groupId | string <uuid> The group ID associated with the DNS Server. |
siteId | string The site ID associated with the DNS Server. |
name | string The name of the DNS Server. |
internalAddress | string The IP address of the server. |
healthStatus | string Enum: "Available" "UnAvailable" DNS server status. |
createdAt | string <date-time> |
updatedAt | string <date-time> |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Conflict - Value of one of the provided fields is already used by an existing object.
{- "name": "server1",
- "internalAddress": "1.1.1.1",
- "siteId": "8577c221-7f35-4019-b8d7-31d936bda96b",
- "groupId": "gg5ef47d-3e9c-418b-abfc-a1f702fa0c60"
}
{- "id": "8577c221-7f35-4019-b8d7-31d936bda96b",
- "groupId": "9977c221-7f35-4019-b8d7-31d936bda95f",
- "siteId": "3377c221-7f35-4019-b8d7-31d936bda98d",
- "name": "server1",
- "internalAddress": "1.1.1.1",
- "healthStatus": "Available",
- "createdAt": "2024-04-12T23:20:50.52Z",
- "updatedAt": "2024-04-12T23:20:50.52Z"
}
Default server.
Retrieve a list of servers for a specific group.
dnsGroupId required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The ID of the group to retrieve servers for. |
Get dns group's servers.
id | string <uuid> |
groupId | string <uuid> The group ID associated with the DNS Server. |
siteId | string The site ID associated with the DNS Server. |
name | string The name of the DNS Server. |
internalAddress | string The IP address of the server. |
healthStatus | string Enum: "Available" "UnAvailable" DNS server status. |
createdAt | string <date-time> |
updatedAt | string <date-time> |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
curl -X GET 'https://api.acme.luminatesec.com/v2/wss-integration-tenant/dns-groups/6fd0a892-8b70-471a-9dd7-bf374b07451f/servers/' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
[- {
- "id": "8577c221-7f35-4019-b8d7-31d936bda96b",
- "groupId": "9977c221-7f35-4019-b8d7-31d936bda95f",
- "siteId": "3377c221-7f35-4019-b8d7-31d936bda98d",
- "name": "server1",
- "internalAddress": "1.1.1.1",
- "healthStatus": "Available",
- "createdAt": "2024-04-12T23:20:50.52Z",
- "updatedAt": "2024-04-12T23:20:50.52Z"
}
]
Default server.
Retrieve a server of a specific group by id.
dnsGroupId required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The ID of the group to get the server for. |
serverId required | string <uuid> Example: 5gd0a892-8b70-471a-9dd7-bf374b07453g The ID of the DNS server to retrieve. |
Get DNS server.
id | string <uuid> |
groupId | string <uuid> The group ID associated with the DNS Server. |
siteId | string The site ID associated with the DNS Server. |
name | string The name of the DNS Server. |
internalAddress | string The IP address of the server. |
healthStatus | string Enum: "Available" "UnAvailable" DNS server status. |
createdAt | string <date-time> |
updatedAt | string <date-time> |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
curl -X GET 'https://api.acme.luminatesec.com/v2/wss-integration-tenant/dns-groups/6fd0a892-8b70-471a-9dd7-bf374b07451f/servers/5gd0a892-8b70-471a-9dd7-bf374b07453g' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "id": "8577c221-7f35-4019-b8d7-31d936bda96b",
- "groupId": "9977c221-7f35-4019-b8d7-31d936bda95f",
- "siteId": "3377c221-7f35-4019-b8d7-31d936bda98d",
- "name": "server1",
- "internalAddress": "1.1.1.1",
- "healthStatus": "Available",
- "createdAt": "2024-04-12T23:20:50.52Z",
- "updatedAt": "2024-04-12T23:20:50.52Z"
}
Default server.
Update DNS server of a specific group by id.
dnsGroupId required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The ID of the DNS resiliency group. |
serverId required | string <uuid> Example: 5gd0a892-8b70-471a-9dd7-bf374b07453g The ID of the DNS server to update. |
name required | string The name of the DNS Server. |
internalAddress required | string The IP address of the server. |
siteId required | string <uuid> The site ID associated with the DNS Server. |
groupId required | string <uuid> The group ID associated with the DNS Server. |
update DNS server.
id | string <uuid> |
groupId | string <uuid> The group ID associated with the DNS Server. |
siteId | string The site ID associated with the DNS Server. |
name | string The name of the DNS Server. |
internalAddress | string The IP address of the server. |
healthStatus | string Enum: "Available" "UnAvailable" DNS server status. |
createdAt | string <date-time> |
updatedAt | string <date-time> |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
{- "name": "server1",
- "internalAddress": "1.1.1.1",
- "siteId": "8577c221-7f35-4019-b8d7-31d936bda96b",
- "groupId": "gg5ef47d-3e9c-418b-abfc-a1f702fa0c60"
}
{- "id": "8577c221-7f35-4019-b8d7-31d936bda96b",
- "groupId": "9977c221-7f35-4019-b8d7-31d936bda95f",
- "siteId": "3377c221-7f35-4019-b8d7-31d936bda98d",
- "name": "server1",
- "internalAddress": "1.1.1.1",
- "healthStatus": "Available",
- "createdAt": "2024-04-12T23:20:50.52Z",
- "updatedAt": "2024-04-12T23:20:50.52Z"
}
Default server.
Delete DNS server by group id and dns server ids.
dnsGroupId required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The ID of the DNS resiliency group. |
DnsServerIds | Array of strings <uuid> |
DNS servers have been deleted.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
{- "DnsServerIds": [
- "6fd0a892-8b70-471a-9dd7-bf374b07451f"
]
}
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Update DNS Server resiliency order and the agent if needed. Send an array which contains ordered DNS server ids, The 1st item has the highest priority.
dnsGroupId required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The ID of the group of the DNS server. |
DnsServerIds | Array of strings <uuid> |
updated servers order in DNS group
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
{- "DnsServerIds": [
- "6fd0a892-8b70-471a-9dd7-bf374b07451f"
]
}
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Enable or Disable DNS Groups.
enable required | boolean enable or disable groups. |
groupIds required | Array of strings List of group ids to enable or disable. |
successfully enabled/disabled group
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
{- "enable": "true",
- "groupIds": [
- "[\"99116c18-d842-4d2e-82b7-a493cc86e649\"]"
]
}
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Working agains one of the supported Identity Providers or with Symantec ZTNA internal Identity Provider.
Default server.
Return an array of JSON objects. Each object represents an Identity Provider configuration in your Symantec ZTNA tenant.
includeLocal | boolean Default: false Indication whether to include Symantec ZTNA internal Identity Provider in the response. |
successful operation.
name required | string >= 1 A descriptive name of the Identity Provider. |
provider required | string (IdentityProviderType) Identity provider name. okta |
settings | object (DirectoryProviderSettingsOkta) |
instructions | object (DirectoryProviderInstructionsOneLoginOrOkta) |
id | string <uuid> A unique identifier of this Identity Provider. Note: This field is required for any operation other than initial creation. |
is_authenticator | boolean Default: true Indication whether this identity provider is used for authentication. |
is_user_store | boolean Default: true Indication whether this identity provider is used for storing identities. |
authenticator_id | string <uuid> Nullable Symantec ZTNA internal identifier of the Identity Provider used for authentication. This property holds a value only in case the Identity Provider is used for storing identities only (is_authenticator=false). |
created_at | string <date-time> Identity Provider object creation date. |
updated_at | string <date-time> The date when the Identity Provider object was last updated. |
auth0_connection_id | string Symantec ZTNA internal identifier of the Identity Provider connection. |
upn_override_value_data_mapping | string |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/identities/settings/identity-providers?includeLocal=false' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
[- {
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "name": "Okta ACME",
- "provider": "local",
- "is_authenticator": true,
- "is_user_store": true,
- "authenticator_id": null,
- "created_at": "2025-07-28T13:34:25Z",
- "updated_at": "2025-07-28T13:34:25Z",
- "auth0_connection_id": "con_RWvVa2P2YCCDzZt1",
- "upn_override_value_data_mapping": null
}
]
A user that is managed by one of the supported Identity Providers or locally by Symantec ZTNA internal Identity Provider.
Default server.
Return an array of JSON objects. Each object represents a user in the given IDP.
Pagination support is defined per Identity Provider.
Filter applies for user name only.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
filter | string Example: filter=test The string by which the results are filtered (see description) |
pageOffset | string or number Example: pageOffset=1 Page number. Depending on the Identity Provider, this field can either be a number or a string. It can't be assumed and a valid value must be used from the response returned for the previous page. If not specified, first page is returned. |
sortBy | string Example: sortBy=email:desc The value of this parameter is a combination of sort key and sort direction: <field>:<direction>. Sort directions are either 'asc' for ascending or 'desc' for descending. The supported sort keys are ‘email’ for a user and name for a group. By default, query results are sorted in ascending order by ‘email’. |
perPage | number <int32> [ 1 .. 100 ] Default: 25 Example: perPage=10 The number of items returned in a single page. |
string Example: email=john e-mail by which the results are filtered. |
successful operation.
content | Array of objects (User) |
first | boolean Indicates whether the current page is the first one. |
last | boolean Indicates whether the current page is the last one. |
size | integer <int32> Maximum number of elements per page. |
totalElements | integer <int32> Number of elements included in the response. |
perPage | integer <int32> Number of elements in current page. |
nextPage | number Next page offset indicator. Its value should be passed in the |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/users?filter=test&pageOffset=1&sortBy=email:desc&perPage=10&email=john' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "content": [
- {
- "username": "john.doe@acme.luminatesec.com",
- "notification_email": "john.doe@gmail.com",
- "upn": "john.doe@acme.com",
- "first_name": "John",
- "last_name": "Doe",
- "email": "john.doe@acme.com",
- "created_at": "2025-07-28T13:34:25Z",
- "updated_at": "2025-07-28T13:34:25Z",
- "last_login": "2025-07-28T13:34:25Z",
- "logins_count": 1235,
- "repository_type": "local",
- "is_admin": false,
- "is_deleted": false,
- "blocked": false,
- "hasMfaSecret": false,
- "id": "978f38e3-ec9f-4779-829d-19f1f443dec8",
- "identity_provider_id": "local"
}
], - "first": true,
- "last": true,
- "size": 50,
- "totalElements": 1,
- "perPage": 1,
- "nextPage": 1
}
Default server.
Return user by ID from the specified identity provider. For the local users repository in your Symantec ZTNA tenant, set identity-provider-id to 'local'.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
entity-id required | string Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f Entity identifier as determined by the owning Identity Provider. |
successful operation.
username required | string The identity with which the user logs in.
Should be in the format |
notification_email required | string The email address to which notifications are sent. |
identity_provider_id required | string <uuid> (IdentityProviderId) Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one. |
upn | string User principal name. |
first_name | string Nullable First name. |
last_name | string Nullable Last name. |
string The email address to which outgoing mails are sent. This field is deprecated. Please use username & notification_email fields. | |
created_at | string <date-time> The date when the user was created. |
updated_at | string <date-time> The date when the user was last updated (modified). |
last_login | string <date-time> Date when the user last logged in. |
logins_count | integer <int32> The number of logins made by this user. |
repository_type | string (IdentityProviderType) Enum: "local" "ad" "okta" "adfs" "gapps" "onelogin" "generic-saml" Identity provider name. |
is_admin | boolean Default: false Indication whether the user holds an administrator role. |
is_deleted | boolean Default: false Indication whether the user was deleted from the system. |
blocked | boolean Default: false Indication whether the user is blocked from logging into your tenant. |
hasMfaSecret | boolean Default: false Indication whether the user has already registered to the configured multi-factor authenticator provider. |
id | string <uuid> A unique identifier of the user. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/users/4fd0a357-8b70-345a-9dd7-bf359b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "username": "john.doe@acme.luminatesec.com",
- "notification_email": "john.doe@gmail.com",
- "upn": "john.doe@acme.com",
- "first_name": "John",
- "last_name": "Doe",
- "email": "john.doe@acme.com",
- "created_at": "2025-07-28T13:34:25Z",
- "updated_at": "2025-07-28T13:34:25Z",
- "last_login": "2025-07-28T13:34:25Z",
- "logins_count": 1235,
- "repository_type": "local",
- "is_admin": false,
- "is_deleted": false,
- "blocked": false,
- "hasMfaSecret": false,
- "id": "978f38e3-ec9f-4779-829d-19f1f443dec8",
- "identity_provider_id": "local"
}
Default server.
Deletes a user permanently from Symantec ZTNA tenant's repository. Applicable for Generic SAML (SAML attributes) integration or Local Users only. For the local users repository in your Symantec ZTNA tenant, set identity-provider-id to 'local'.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
entity-id required | string Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f Entity identifier as determined by the owning Identity Provider. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X DELETE 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/users/4fd0a357-8b70-345a-9dd7-bf359b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Creates a new user in Symantec ZTNA Identity Provider in your Symantec ZTNA tenant. In the request body. repository_type should be set to local.
username required | string The identity with which the user logs in.
Should be in the format |
notification_email required | string The email address to which notifications are sent. |
identity_provider_id required | string <uuid> (IdentityProviderId) Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one. |
upn | string User principal name. |
first_name | string Nullable First name. |
last_name | string Nullable Last name. |
string The email address to which outgoing mails are sent. This field is deprecated. Please use username & notification_email fields. | |
repository_type | string (IdentityProviderType) Enum: "local" "ad" "okta" "adfs" "gapps" "onelogin" "generic-saml" Identity provider name. |
successful operation.
username required | string The identity with which the user logs in.
Should be in the format |
notification_email required | string The email address to which notifications are sent. |
identity_provider_id required | string <uuid> (IdentityProviderId) Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one. |
upn | string User principal name. |
first_name | string Nullable First name. |
last_name | string Nullable Last name. |
string The email address to which outgoing mails are sent. This field is deprecated. Please use username & notification_email fields. | |
created_at | string <date-time> The date when the user was created. |
updated_at | string <date-time> The date when the user was last updated (modified). |
last_login | string <date-time> Date when the user last logged in. |
logins_count | integer <int32> The number of logins made by this user. |
repository_type | string (IdentityProviderType) Enum: "local" "ad" "okta" "adfs" "gapps" "onelogin" "generic-saml" Identity provider name. |
is_admin | boolean Default: false Indication whether the user holds an administrator role. |
is_deleted | boolean Default: false Indication whether the user was deleted from the system. |
blocked | boolean Default: false Indication whether the user is blocked from logging into your tenant. |
hasMfaSecret | boolean Default: false Indication whether the user has already registered to the configured multi-factor authenticator provider. |
id | string <uuid> A unique identifier of the user. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
{- "username": "john.doe@acme.luminatesec.com",
- "notification_email": "john.doe@gmail.com",
- "upn": "john.doe@acme.com",
- "first_name": "John",
- "last_name": "Doe",
- "email": "john.doe@acme.com",
- "repository_type": "local",
- "identity_provider_id": "local"
}
{- "username": "john.doe@acme.luminatesec.com",
- "notification_email": "john.doe@gmail.com",
- "upn": "john.doe@acme.com",
- "first_name": "John",
- "last_name": "Doe",
- "email": "john.doe@acme.com",
- "created_at": "2025-07-28T13:34:25Z",
- "updated_at": "2025-07-28T13:34:25Z",
- "last_login": "2025-07-28T13:34:25Z",
- "logins_count": 1235,
- "repository_type": "local",
- "is_admin": false,
- "is_deleted": false,
- "blocked": false,
- "hasMfaSecret": false,
- "id": "978f38e3-ec9f-4779-829d-19f1f443dec8",
- "identity_provider_id": "local"
}
Default server.
Updates an existing user in Symantec ZTNA Identity Provider in your Symantec ZTNA tenant.
entity-id required | string Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f Entity identifier as determined by the owning Identity Provider. |
username required | string The identity with which the user logs in.
Should be in the format |
notification_email required | string The email address to which notifications are sent. |
identity_provider_id required | string <uuid> (IdentityProviderId) Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one. |
upn | string User principal name. |
first_name | string Nullable First name. |
last_name | string Nullable Last name. |
string The email address to which outgoing mails are sent. This field is deprecated. Please use username & notification_email fields. | |
repository_type | string (IdentityProviderType) Enum: "local" "ad" "okta" "adfs" "gapps" "onelogin" "generic-saml" Identity provider name. |
successful operation.
username required | string The identity with which the user logs in.
Should be in the format |
notification_email required | string The email address to which notifications are sent. |
identity_provider_id required | string <uuid> (IdentityProviderId) Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one. |
upn | string User principal name. |
first_name | string Nullable First name. |
last_name | string Nullable Last name. |
string The email address to which outgoing mails are sent. This field is deprecated. Please use username & notification_email fields. | |
created_at | string <date-time> The date when the user was created. |
updated_at | string <date-time> The date when the user was last updated (modified). |
last_login | string <date-time> Date when the user last logged in. |
logins_count | integer <int32> The number of logins made by this user. |
repository_type | string (IdentityProviderType) Enum: "local" "ad" "okta" "adfs" "gapps" "onelogin" "generic-saml" Identity provider name. |
is_admin | boolean Default: false Indication whether the user holds an administrator role. |
is_deleted | boolean Default: false Indication whether the user was deleted from the system. |
blocked | boolean Default: false Indication whether the user is blocked from logging into your tenant. |
hasMfaSecret | boolean Default: false Indication whether the user has already registered to the configured multi-factor authenticator provider. |
id | string <uuid> A unique identifier of the user. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Conflict - Value of one of the provided fields is already used by an existing object.
Internal Server Error.
{- "username": "john.doe@acme.luminatesec.com",
- "notification_email": "john.doe@gmail.com",
- "upn": "john.doe@acme.com",
- "first_name": "John",
- "last_name": "Doe",
- "email": "john.doe@acme.com",
- "repository_type": "local",
- "identity_provider_id": "local"
}
{- "username": "john.doe@acme.luminatesec.com",
- "notification_email": "john.doe@gmail.com",
- "upn": "john.doe@acme.com",
- "first_name": "John",
- "last_name": "Doe",
- "email": "john.doe@acme.com",
- "created_at": "2025-07-28T13:34:25Z",
- "updated_at": "2025-07-28T13:34:25Z",
- "last_login": "2025-07-28T13:34:25Z",
- "logins_count": 1235,
- "repository_type": "local",
- "is_admin": false,
- "is_deleted": false,
- "blocked": false,
- "hasMfaSecret": false,
- "id": "978f38e3-ec9f-4779-829d-19f1f443dec8",
- "identity_provider_id": "local"
}
Default server.
Deletes a user permanently from Symantec ZTNA Identity Provider in your Symantec ZTNA tenant.
entity-id required | string Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f Entity identifier as determined by the owning Identity Provider. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X DELETE 'https://api.acme.luminatesec.com/v2/identities/local/users/4fd0a357-8b70-345a-9dd7-bf359b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Lists of blocked users in your Symantec ZTNA tenant.
successful operation.
identity_provider_id required | string <uuid> (IdentityProviderId) Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one. |
user_id required | string (EntityId) Entity identifier as determined by the owning Identity Provider. |
created_at | string <date-time> The date when the user was blocked. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/identities/settings/blocked-users' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
[- {
- "identity_provider_id": "local",
- "user_id": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "created_at": "2025-07-28T13:34:25Z"
}
]
Default server.
Blocks a user in your Symantec ZTNA tenant. Blocking a group of users is not supported. All active sessions of the given user will get disconnected and the user will no longer be able to login to your tenant.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
entity-id required | string Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f Entity identifier as determined by the owning Identity Provider. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X POST 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/users/4fd0a357-8b70-345a-9dd7-bf359b07451f/block' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Unblocks a user in your Symantec ZTNA tenant. Unblocking a group of users is not supported. Upon a successful operation, the user will be able to login to your tenant.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
entity-id required | string Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f Entity identifier as determined by the owning Identity Provider. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X DELETE 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/users/4fd0a357-8b70-345a-9dd7-bf359b07451f/block' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
A group that is managed by one of the supported Identity Providers or locally by Symantec ZTNA internal Identity Provider.
Default server.
Return group by ID from the specified identity provider. For the local groups repository in your Symantec ZTNA tenant, set identity-provider-id to 'local'.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
entity-id required | string Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f Entity identifier as determined by the owning Identity Provider. |
successful operation.
name required | string Group name |
id | string Group uuid |
repository_type | string (IdentityProviderType) Enum: "local" "ad" "okta" "adfs" "gapps" "onelogin" "generic-saml" Identity provider name. |
identity_provider_id | string <uuid> (IdentityProviderId) Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one. |
created_at | string <date-time> |
updated_at | string <date-time> |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/groups/4fd0a357-8b70-345a-9dd7-bf359b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "id": "d8028639-a76a-4614-965a-7e3d4832d94b",
- "name": "Administrators",
- "repository_type": "local",
- "identity_provider_id": "local",
- "created_at": "2025-07-28T13:34:25Z",
- "updated_at": "2025-07-28T13:34:25Z"
}
Default server.
Deletes a group permanently from Symantec ZTNA tenant's repository. Applicable for Generic SAML (SAML attributes) integration or Local Groups only. For the local groups repository in your Symantec ZTNA tenant, set identity-provider-id to 'local'.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
entity-id required | string Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f Entity identifier as determined by the owning Identity Provider. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X DELETE 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/groups/4fd0a357-8b70-345a-9dd7-bf359b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Return an array of JSON objects. Each object represents a group in the given IDP.
Pagination support is defined per Identity Provider.
Filter applies for group name only.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
filter | string Example: filter=test The string by which the results are filtered (see description) |
pageOffset | string or number Example: pageOffset=1 Page number. Depending on the Identity Provider, this field can either be a number or a string. It can't be assumed and a valid value must be used from the response returned for the previous page. If not specified, first page is returned. |
sortBy | string Example: sortBy=email:desc The value of this parameter is a combination of sort key and sort direction: <field>:<direction>. Sort directions are either 'asc' for ascending or 'desc' for descending. The supported sort keys are ‘email’ for a user and name for a group. By default, query results are sorted in ascending order by ‘email’. |
perPage | number <int32> [ 1 .. 100 ] Default: 25 Example: perPage=10 The number of items returned in a single page. |
successful operation.
content | Array of objects (Group) |
first | boolean Indicates whether the current page is the first one. |
last | boolean Indicates whether the current page is the last one. |
size | integer <int32> Maximum number of elements per page. |
totalElements | integer <int32> Number of elements included in the response. |
perPage | integer <int32> Number of elements in current page. |
nextPage | number Next page offset indicator. Its value should be passed in the |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/groups?filter=test&pageOffset=1&sortBy=email:desc&perPage=10' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "content": [
- {
- "id": "d8028639-a76a-4614-965a-7e3d4832d94b",
- "name": "Administrators",
- "repository_type": "local",
- "identity_provider_id": "local",
- "created_at": "2025-07-28T13:34:25Z",
- "updated_at": "2025-07-28T13:34:25Z"
}
], - "first": true,
- "last": true,
- "size": 50,
- "totalElements": 1,
- "perPage": 1,
- "nextPage": 1
}
Default server.
Creates a new group in Symantec ZTNA tenant repository. Applicable for Generic SAML (SAML attributes) integration or Local Groups only. For the local groups repository in your Symantec ZTNA tenant, set identity-provider-id to 'local'.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
name required | string Group name |
successful operation.
name required | string Group name |
id | string Group uuid |
repository_type | string (IdentityProviderType) Enum: "local" "ad" "okta" "adfs" "gapps" "onelogin" "generic-saml" Identity provider name. |
identity_provider_id | string <uuid> (IdentityProviderId) Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one. |
created_at | string <date-time> |
updated_at | string <date-time> |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
{- "name": "Administrators"
}
{- "id": "d8028639-a76a-4614-965a-7e3d4832d94b",
- "name": "Administrators",
- "repository_type": "local",
- "identity_provider_id": "local",
- "created_at": "2025-07-28T13:34:25Z",
- "updated_at": "2025-07-28T13:34:25Z"
}
Default server.
Returns a group's user list by ID from the specified identity provider For the local users repository in your Symantec ZTNA tenant, set identity-provider-id to 'local'.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
entity-id required | string Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f Entity identifier as determined by the owning Identity Provider. |
pageOffset | string or number Example: pageOffset=1 Page number. Depending on the Identity Provider, this field can either be a number or a string. It can't be assumed and a valid value must be used from the response returned for the previous page. If not specified, first page is returned. |
perPage | number <int32> [ 1 .. 100 ] Default: 25 Example: perPage=10 The number of items returned in a single page. |
successful operation.
content | Array of objects (User) |
first | boolean Indicates whether the current page is the first one. |
last | boolean Indicates whether the current page is the last one. |
size | integer <int32> Maximum number of elements per page. |
totalElements | integer <int32> Number of elements included in the response. |
perPage | integer <int32> Number of elements in current page. |
nextPage | number Next page offset indicator. Its value should be passed in the |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/groups/{entity-id}/users?pageOffset=1&perPage=10' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "content": [
- {
- "username": "john.doe@acme.luminatesec.com",
- "notification_email": "john.doe@gmail.com",
- "upn": "john.doe@acme.com",
- "first_name": "John",
- "last_name": "Doe",
- "email": "john.doe@acme.com",
- "created_at": "2025-07-28T13:34:25Z",
- "updated_at": "2025-07-28T13:34:25Z",
- "last_login": "2025-07-28T13:34:25Z",
- "logins_count": 1235,
- "repository_type": "local",
- "is_admin": false,
- "is_deleted": false,
- "blocked": false,
- "hasMfaSecret": false,
- "id": "978f38e3-ec9f-4779-829d-19f1f443dec8",
- "identity_provider_id": "local"
}
], - "first": true,
- "last": true,
- "size": 50,
- "totalElements": 1,
- "perPage": 1,
- "nextPage": 1
}
Default server.
Remove user from group.
group-id required | string Example: b7188113-b9c6-4dee-9a3c-3963236f19a8 Group ID |
user-id required | string Example: 64b2d04f-157f-48a3-a277-e1b4147c46c4 User ID |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X DELETE 'https://api.acme.luminatesec.com/v2/identities/local/groups/{group-id}/users/{user-id}' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Add user to group.
group-id required | string Example: b7188113-b9c6-4dee-9a3c-3963236f19a8 Group ID |
user-id required | string Example: 64b2d04f-157f-48a3-a277-e1b4147c46c4 User ID |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X PUT 'https://api.acme.luminatesec.com/v2/identities/local/groups/{group-id}/users/{user-id}' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Return an array of paginated JSON objects. Each object represents a ssh-client configured in your Symantec ZTNA tenant.
Using the query filter=test will return all the ssh-clients for which one or more of the above listed fields contain "test"
sort | string Enum: "name" "created_on" "last_accessed" "expires" "description" Name of field to sort |
size | number <int32> <= 100 Default: 50 Example: size=10 The number of items returned in a single page. |
page | number <int32> The page number. |
filter | string Example: filter=test The string by which the results are filtered (see description) |
successful operation.
content | Array of objects (SSH-Client) |
first | boolean Indicates whether the current page is the first one. |
last | boolean Indicates whether the current page is the last one. |
size | integer <int32> Maximum number of elements per page. |
totalElements | integer <int32> Number of elements included in the response. |
totalPages | integer <int32> Number of pages included in the response. |
number | integer <int32> Page number |
numberOfElements | integer <int32> Number of elements in current page. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/ssh-clients?sort=undefined&size=10&page=0&filter=test' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "content": [
- {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "mysshclient",
- "description": "This ssh client is used to access our production server",
- "key_size": 2048,
- "created_on": "2021-10-02T15:40:01.318Z",
- "modified_on": "2021-10-02T15:40:01.318Z",
- "last_accessed": "2021-10-02T15:40:01.318Z",
- "expires": "2022-04-02T15:40:01.318Z"
}
], - "first": true,
- "last": true,
- "size": 50,
- "totalElements": 1,
- "totalPages": 1,
- "number": 0,
- "numberOfElements": 1
}
When working with Generic SAML IDP, the users and groups are managed with the following APIs which comply with SCIM 2.0 protocol.
For the search the user/group, the following search API should be used:
List Users API.
List Groups API.
Default server.
Create a SCIM user.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
emails required | Array of objects (SCIMUserEmail) SCIM-user's emails list. |
userName required | string SCIM-user's username. |
name required | object (SCIMUserFullName) |
schemas | Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:User" the relevant schemas for the request |
externalId | string <uuid> SCIM user's external id |
displayName | string SCIM-user's display name. |
targetWorkstations | Array of strings SCIM-user's target workstations addresses. |
successful operation.
emails required | Array of objects (SCIMUserEmail) SCIM-user's emails list. |
userName required | string SCIM-user's username. |
name required | object (SCIMUserFullName) |
id | string <uuid> A unique identifier of this user. Note: This field is required for any operation other than initial creation. |
schemas | Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:User" the relevant schemas for the request |
externalId | string <uuid> SCIM user's external id |
displayName | string SCIM-user's display name. |
targetWorkstations | Array of strings SCIM-user's target workstations addresses. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Conflict - Value of one of the provided fields is already used by an existing object.
{- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:User"
], - "name": {
- "givenName": "string",
- "familyName": "string"
}, - "emails": [
- {
- "value": "string",
- "primary": true
}
], - "userName": "user3",
- "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
- "displayName": "string",
- "targetWorkstations": [
- "string"
]
}
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:User"
], - "name": {
- "givenName": "string",
- "familyName": "string"
}, - "emails": [
- {
- "value": "string",
- "primary": true
}
], - "userName": "user3",
- "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
- "displayName": "string",
- "targetWorkstations": [
- "string"
]
}
Default server.
Return an array of paginated JSON objects. Each object represents a SCIM user.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
successful operation.
content | Array of objects (SCIM-User) |
itemsPerPage | integer <int32> Number of elements in current page. |
schemas | Array of strings Items Value: "urn:ietf:params:scim:api:messages:2.0:ListResponse" SCIM list schema |
startIndex | integer <int32> The 1-based index of the first result in the current set of list results. |
totalResults | integer <int32> Number of elements included in the response. |
Unauthorized - Authentication is required and has failed or has not yet been provided.
curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/scim/users' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "content": [
- {
- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:User"
], - "name": {
- "givenName": "string",
- "familyName": "string"
}, - "emails": [
- {
- "value": "string",
- "primary": true
}
], - "userName": "user3",
- "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
- "displayName": "string",
- "targetWorkstations": [
- "string"
]
}
], - "itemsPerPage": 1,
- "schemas": [
- "urn:ietf:params:scim:api:messages:2.0:ListResponse"
], - "startIndex": 1,
- "totalResults": 1
}
Default server.
Return the details of a SCIM user.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
user-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The user ID. |
successful operation.
emails required | Array of objects (SCIMUserEmail) SCIM-user's emails list. |
userName required | string SCIM-user's username. |
name required | object (SCIMUserFullName) |
id | string <uuid> A unique identifier of this user. Note: This field is required for any operation other than initial creation. |
schemas | Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:User" the relevant schemas for the request |
externalId | string <uuid> SCIM user's external id |
displayName | string SCIM-user's display name. |
targetWorkstations | Array of strings SCIM-user's target workstations addresses. |
Unauthorized - Authentication is required and has failed or has not yet been provided.
Not Found - The specified resource was not found.
curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/scim/users/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:User"
], - "name": {
- "givenName": "string",
- "familyName": "string"
}, - "emails": [
- {
- "value": "string",
- "primary": true
}
], - "userName": "user3",
- "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
- "displayName": "string",
- "targetWorkstations": [
- "string"
]
}
Default server.
Delete a SCIM user.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
user-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The user ID. |
successful operation.
Unauthorized - Authentication is required and has failed or has not yet been provided.
curl -X DELETE 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/scim/users/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1551881524069,
- "status": 401,
- "reasonPhrase": "Unauthorized",
- "message": "You are not authorized to perform this operation.",
- "errors": [
- "Invalid session"
]
}
Default server.
Update an existing SCIM user.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
user-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The user ID. |
emails required | Array of objects (SCIMUserEmail) SCIM-user's emails list. |
userName required | string SCIM-user's username. |
name required | object (SCIMUserFullName) |
schemas | Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:User" the relevant schemas for the request |
externalId | string <uuid> SCIM user's external id |
displayName | string SCIM-user's display name. |
targetWorkstations | Array of strings SCIM-user's target workstations addresses. |
successful operation.
emails required | Array of objects (SCIMUserEmail) SCIM-user's emails list. |
userName required | string SCIM-user's username. |
name required | object (SCIMUserFullName) |
id | string <uuid> A unique identifier of this user. Note: This field is required for any operation other than initial creation. |
schemas | Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:User" the relevant schemas for the request |
externalId | string <uuid> SCIM user's external id |
displayName | string SCIM-user's display name. |
targetWorkstations | Array of strings SCIM-user's target workstations addresses. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Conflict - Value of one of the provided fields is already used by an existing object.
{- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:User"
], - "name": {
- "givenName": "string",
- "familyName": "string"
}, - "emails": [
- {
- "value": "string",
- "primary": true
}
], - "userName": "user3",
- "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
- "displayName": "string",
- "targetWorkstations": [
- "string"
]
}
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:User"
], - "name": {
- "givenName": "string",
- "familyName": "string"
}, - "emails": [
- {
- "value": "string",
- "primary": true
}
], - "userName": "user3",
- "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
- "displayName": "string",
- "targetWorkstations": [
- "string"
]
}
Default server.
Create a SCIM group.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
displayName required | string SCIM-group's name. |
schemas | Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:Group" the relevant schemas for the request |
externalId | string <uuid> SCIM group's external id. |
members | Array of objects (SCIMGroupMembers) all group members. |
successful operation.
displayName required | string SCIM-group's name. |
id | string <uuid> A unique identifier of this group. Note: This field is required for any operation other than initial creation. |
schemas | Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:Group" the relevant schemas for the request |
externalId | string <uuid> SCIM group's external id. |
members | Array of objects (SCIMGroupMembers) all group members. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Not Found - The specified resource was not found.
Conflict - Value of one of the provided fields is already used by an existing object.
{- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:Group"
], - "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
- "displayName": "string",
- "members": [
- {
- "value": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "User"
}
]
}
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:Group"
], - "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
- "displayName": "string",
- "members": [
- {
- "value": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "User"
}
]
}
Default server.
Return an array of paginated JSON objects. Each object represents a SCIM group.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
successful operation.
content | Array of objects (SCIM-Group) |
itemsPerPage | integer <int32> Number of elements in current page. |
schemas | Array of strings Items Value: "urn:ietf:params:scim:api:messages:2.0:ListResponse" SCIM list schema |
startIndex | integer <int32> The 1-based index of the first result in the current set of list results. |
totalResults | integer <int32> Number of elements included in the response. |
Unauthorized - Authentication is required and has failed or has not yet been provided.
curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/scim/groups' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "content": [
- {
- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:Group"
], - "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
- "displayName": "string",
- "members": [
- {
- "value": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "User"
}
]
}
], - "itemsPerPage": 1,
- "schemas": [
- "urn:ietf:params:scim:api:messages:2.0:ListResponse"
], - "startIndex": 1,
- "totalResults": 1
}
Default server.
Return the details of a SCIM group.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
group-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The group ID. |
successful operation.
displayName required | string SCIM-group's name. |
id | string <uuid> A unique identifier of this group. Note: This field is required for any operation other than initial creation. |
schemas | Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:Group" the relevant schemas for the request |
externalId | string <uuid> SCIM group's external id. |
members | Array of objects (SCIMGroupMembers) all group members. |
Unauthorized - Authentication is required and has failed or has not yet been provided.
Not Found - The specified resource was not found.
curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/scim/groups/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:Group"
], - "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
- "displayName": "string",
- "members": [
- {
- "value": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "User"
}
]
}
Default server.
Update an existing group.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
group-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The group ID. |
displayName required | string SCIM-group's name. |
schemas | Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:Group" the relevant schemas for the request |
externalId | string <uuid> SCIM group's external id. |
members | Array of objects (SCIMGroupMembers) all group members. |
successful operation.
displayName required | string SCIM-group's name. |
id | string <uuid> A unique identifier of this group. Note: This field is required for any operation other than initial creation. |
schemas | Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:Group" the relevant schemas for the request |
externalId | string <uuid> SCIM group's external id. |
members | Array of objects (SCIMGroupMembers) all group members. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Not Found - The specified resource was not found.
Conflict - Value of one of the provided fields is already used by an existing object.
{- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:Group"
], - "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
- "displayName": "string",
- "members": [
- {
- "value": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "User"
}
]
}
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:Group"
], - "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
- "displayName": "string",
- "members": [
- {
- "value": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "User"
}
]
}
Default server.
Delete a SCIM group.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
group-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The group ID. |
successful operation.
Unauthorized - Authentication is required and has failed or has not yet been provided.
curl -X DELETE 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/scim/groups/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1551881524069,
- "status": 401,
- "reasonPhrase": "Unauthorized",
- "message": "You are not authorized to perform this operation.",
- "errors": [
- "Invalid session"
]
}
Default server.
Modify a SCIM group that has one or more required SCIM 2.0 attributes. Supports only add/remove/replace operations.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
group-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The group ID. |
Operations required | Array of objects (SCIMGroupOperation) |
schemas required | Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:PatchOp" the relevant schemas for the request |
successful operation.
displayName required | string SCIM-group's name. |
id | string <uuid> A unique identifier of this group. Note: This field is required for any operation other than initial creation. |
schemas | Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:Group" the relevant schemas for the request |
externalId | string <uuid> SCIM group's external id. |
members | Array of objects (SCIMGroupMembers) all group members. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Not Found - The specified resource was not found.
{- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:PatchOp"
], - "Operations": [
- {
- "op": "add",
- "path": "members",
- "value": [
- {
- "value": "99116c18-d842-4d2e-82b7-a493cc86e649",
- "type": "User"
}
]
}
]
}
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:Group"
], - "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
- "displayName": "string",
- "members": [
- {
- "value": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "User"
}
]
}
Integration with Cloud Providers like Amazon Web Services to provide a smoother and cloud-native integration with SIEM solutions and to allow access to resources based on their associated tags.
Default server.
Return an array of JSON objects. Each object represents a Cloud Integration configuration in your Symantec ZTNA tenant.
successful operation.
name required | string (CloudIntegrationName) A descriptive name of the Cloud Integration. |
provider required | string (CloudIntegrationProvider) Default: "amazon" Value: "amazon" Cloud Provider name. |
id | string A unique identifier of thœe Cloud Integration. |
created_at | string <date-time> |
updated_at | string <date-time> |
aws_external_id | string AWS External ID. |
aws_role_arn | string (CloudIntegrationArn) The AWS role ARN. |
regions | Array of strings (CloudIntegrationRegions) A list of regions that are applicable for the configured Cloud Integration. |
hostname_tag_name | string (CloudIntegrationHostnameTagName) Default: "Name" The tag that represents the hostname. |
health | object (CloudIntegrationHealth) |
luminate_aws_account_id | string The tag that represents the hostname. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/cloud-integrations/integrations' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
[- {
- "name": "AWS EU Integration",
- "provider": "amazon",
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "created_at": "2025-07-28T13:34:25Z",
- "updated_at": "2025-07-28T13:34:25Z",
- "aws_external_id": "aaabbbcccc",
- "aws_role_arn": "arn:xxx:yyy:zzz",
- "regions": [
- "string"
], - "hostname_tag_name": "Name",
- "health": {
- "status": "Ready",
- "message": "string",
- "error": {
- "message": "string",
- "region": "string",
- "provider_err_code": "string",
- "provider_description": "string"
}
}, - "luminate_aws_account_id": 12312312
}
]
Default server.
Create a new cloud integration configuration in your Symantec ZTNA tenant.
name required | string (CloudIntegrationName) A descriptive name of the Cloud Integration. |
provider required | string (CloudIntegrationProvider) Default: "amazon" Value: "amazon" Cloud Provider name. |
regions | Array of strings (CloudIntegrationRegions) A list of regions that are applicable for the configured Cloud Integration. |
hostname_tag_name | string (CloudIntegrationHostnameTagName) Default: "Name" The tag that represents the hostname. |
successful operation.
name required | string (CloudIntegrationName) A descriptive name of the Cloud Integration. |
provider required | string (CloudIntegrationProvider) Default: "amazon" Value: "amazon" Cloud Provider name. |
id | string A unique identifier of thœe Cloud Integration. |
created_at | string <date-time> |
updated_at | string <date-time> |
aws_external_id | string AWS External ID. |
aws_role_arn | string (CloudIntegrationArn) The AWS role ARN. |
regions | Array of strings (CloudIntegrationRegions) A list of regions that are applicable for the configured Cloud Integration. |
hostname_tag_name | string (CloudIntegrationHostnameTagName) Default: "Name" The tag that represents the hostname. |
health | object (CloudIntegrationHealth) |
luminate_aws_account_id | string The tag that represents the hostname. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Conflict - Value of one of the provided fields is already used by an existing object.
Internal Server Error.
{- "name": "AWS EU Integration",
- "provider": "amazon",
- "regions": [
- "string"
], - "hostname_tag_name": "Name"
}
{- "name": "AWS EU Integration",
- "provider": "amazon",
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "created_at": "2025-07-28T13:34:25Z",
- "updated_at": "2025-07-28T13:34:25Z",
- "aws_external_id": "aaabbbcccc",
- "aws_role_arn": "arn:xxx:yyy:zzz",
- "regions": [
- "string"
], - "hostname_tag_name": "Name",
- "health": {
- "status": "Ready",
- "message": "string",
- "error": {
- "message": "string",
- "region": "string",
- "provider_err_code": "string",
- "provider_description": "string"
}
}, - "luminate_aws_account_id": 12312312
}
Default server.
Return a Cloud Integration configuration from your Symantec ZTNA tenant.
cloud-integration-id required | string <uuid> Example: 18837193-a81a-400f-b38d-482379e3ab47 Cloud Integration ID |
successful operation.
name required | string (CloudIntegrationName) A descriptive name of the Cloud Integration. |
provider required | string (CloudIntegrationProvider) Default: "amazon" Value: "amazon" Cloud Provider name. |
id | string A unique identifier of thœe Cloud Integration. |
created_at | string <date-time> |
updated_at | string <date-time> |
aws_external_id | string AWS External ID. |
aws_role_arn | string (CloudIntegrationArn) The AWS role ARN. |
regions | Array of strings (CloudIntegrationRegions) A list of regions that are applicable for the configured Cloud Integration. |
hostname_tag_name | string (CloudIntegrationHostnameTagName) Default: "Name" The tag that represents the hostname. |
health | object (CloudIntegrationHealth) |
luminate_aws_account_id | string The tag that represents the hostname. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/cloud-integrations/integrations/18837193-a81a-400f-b38d-482379e3ab47' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "name": "AWS EU Integration",
- "provider": "amazon",
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "created_at": "2025-07-28T13:34:25Z",
- "updated_at": "2025-07-28T13:34:25Z",
- "aws_external_id": "aaabbbcccc",
- "aws_role_arn": "arn:xxx:yyy:zzz",
- "regions": [
- "string"
], - "hostname_tag_name": "Name",
- "health": {
- "status": "Ready",
- "message": "string",
- "error": {
- "message": "string",
- "region": "string",
- "provider_err_code": "string",
- "provider_description": "string"
}
}, - "luminate_aws_account_id": 12312312
}
Default server.
Update an existing Cloud Integration configuration in your Symantec ZTNA tenant.
cloud-integration-id required | string <uuid> Example: 18837193-a81a-400f-b38d-482379e3ab47 Cloud Integration ID |
name required | string (CloudIntegrationName) A descriptive name of the Cloud Integration. |
provider required | string (CloudIntegrationProvider) Default: "amazon" Value: "amazon" Cloud Provider name. |
aws_role_arn required | string (CloudIntegrationArn) The AWS role ARN. |
regions | Array of strings (CloudIntegrationRegions) A list of regions that are applicable for the configured Cloud Integration. |
hostname_tag_name | string (CloudIntegrationHostnameTagName) Default: "Name" The tag that represents the hostname. |
successful operation.
name required | string (CloudIntegrationName) A descriptive name of the Cloud Integration. |
provider required | string (CloudIntegrationProvider) Default: "amazon" Value: "amazon" Cloud Provider name. |
id | string A unique identifier of thœe Cloud Integration. |
created_at | string <date-time> |
updated_at | string <date-time> |
aws_external_id | string AWS External ID. |
aws_role_arn | string (CloudIntegrationArn) The AWS role ARN. |
regions | Array of strings (CloudIntegrationRegions) A list of regions that are applicable for the configured Cloud Integration. |
hostname_tag_name | string (CloudIntegrationHostnameTagName) Default: "Name" The tag that represents the hostname. |
health | object (CloudIntegrationHealth) |
luminate_aws_account_id | string The tag that represents the hostname. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Conflict - Value of one of the provided fields is already used by an existing object.
Internal Server Error.
{- "name": "AWS EU Integration",
- "provider": "amazon",
- "aws_role_arn": "arn:xxx:yyy:zzz",
- "regions": [
- "string"
], - "hostname_tag_name": "Name"
}
{- "name": "AWS EU Integration",
- "provider": "amazon",
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "created_at": "2025-07-28T13:34:25Z",
- "updated_at": "2025-07-28T13:34:25Z",
- "aws_external_id": "aaabbbcccc",
- "aws_role_arn": "arn:xxx:yyy:zzz",
- "regions": [
- "string"
], - "hostname_tag_name": "Name",
- "health": {
- "status": "Ready",
- "message": "string",
- "error": {
- "message": "string",
- "region": "string",
- "provider_err_code": "string",
- "provider_description": "string"
}
}, - "luminate_aws_account_id": 12312312
}
Default server.
Delete a Cloud Integration configuration from your Symantec ZTNA tenant.
cloud-integration-id required | string <uuid> Example: 18837193-a81a-400f-b38d-482379e3ab47 Cloud Integration ID |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
curl -X DELETE 'https://api.acme.luminatesec.com/v2/cloud-integrations/integrations/18837193-a81a-400f-b38d-482379e3ab47' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Searches your tenant audit logs using the Elasticsearch query language. Timeframe between from_date to to_date is limited to 30 days. Results are always sorted by date in ascending order.
query required | object (SearchQuery) |
size | integer <int32> [ 0 .. 1000 ] Default: 1000 The maximum number of results to return. |
search_after | Array of strings or numbers (SearchAfter) Nullable Elasticsearch Search After Syntax. |
successful operation.
Hits | number <int32> (Hits) Total number of logs found that match the query. |
Logs | Array of objects (AuditLogResult) |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
{- "size": 500,
- "query": {
- "free_text": "John Doe",
- "from_date": 1553502809000,
- "to_date": 1553675609000,
- "match_or_fields": [
- {
- "field_name": "clientip",
- "field_values": [
- "213.12.11.10",
- "0.0.1.10"
]
}
]
}, - "search_after": [
- 1553589827407,
- "luminate-<log type>#6aebc61f-7e2f-46b3-805f-d206de8899c0"
]
}
{- "Hits": 1,
- "Logs": [
- {
- "Id": "6aebc61f-7e2f-46b3-805f-d206de8899c0",
- "Data": {
- "@timestamp": "2021-01-01T12:35:03.724Z",
- "additionalInfo": { },
- "eventStatus": "SUCCEEDED",
- "eventType": "LOGIN",
- "geoip": {
- "city_name": "Jerusalem",
- "country": "Israel",
- "country_code": "IL",
- "latitude": 31.5,
- "longitude": 34.75,
- "location": {
- "lon": 34.75,
- "lat": 31.5
}
}, - "id": "6aebc61f-7e2f-46b3-805f-d206de8899c0",
- "message": "{\\\"id\\\":\\\"6aebc61f-7e2f-46b3-805f-d206de8899c0\\\",\\\"date\\\":\\\"2019-02-13T12:35:03.724386395Z\\\",\\\"tenantId\\\":\\\"12f3e95861234567a123a7c582a0a51f_acme\\\",\\\"user\\\":\\\"user@acme.com\\\",\\\"sourceHost\\\":\\\"10.10.10.50\\\",\\\"targetService\\\":\\\"AUTH_SERVICE\\\",\\\"eventType\\\":\\\"LOGIN\\\",\\\"resourceType\\\":\\\"Authentication\\\",\\\"resourceName\\\":\\\"user@acme.com\\\",\\\"resourceId\\\":\\\"auth0|5ac324095d12345678931c97\\\",\\\"eventStatus\\\":\\\"SUCCEEDED\\\",\\\"sourceAgent\\\":\\\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\\\"}\n",
- "resourceId": "auth0|9daa694c-d8d0-47cb-8e94-e84694153d1d",
- "resourceName": "user@acme.com",
- "resourceType": "Authentication",
- "role": "",
- "sourceAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36",
- "sourceHost": "10.10.10.50",
- "tenant_id": "12f3e95861234567a123a7c582a0a51f_acme",
- "entity_id": "494b5b76-4418-4a89-858e-774463c95b78",
- "entity_idp_id": "local",
- "entity_type": "User",
- "entity_name": "first last",
- "client_ip": "192.192.250.250",
- "client_port": "8080",
- "previous_revision": "\"{\"name\" :\"username\"}\"",
- "current_revision": "\"{\"name\" :\"updated_username\"}\"",
- "user": "user@acme.com",
- "user_agent_full": {
- "browser": "Chrome",
- "browser_major_version": 83,
- "browser_type": "Browser",
- "device_type": "Desktop",
- "platform": "Linux",
- "platform_version": "Intel x86_64",
- "raw_user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36"
}
}, - "SearchAfterValues": [
- 1553589827407,
- "luminate-<log type>#6aebc61f-7e2f-46b3-805f-d206de8899c0"
]
}
]
}
Forensics logs audit any user's access to any application as well as user's activity for any application.
Default server.
Searches for the tenant's forensics logs using the Elasticsearch query language. Time search frame between [from_date to to_date] limited to 30 days. Results are always sorted by date in ascending order.
query required | object (SearchQuery) |
size | integer <int32> [ 0 .. 1000 ] Default: 1000 The maximum number of results to return. |
search_after | Array of strings or numbers (SearchAfter) Nullable Elasticsearch Search After Syntax. |
successful operation.
Hits | number <int32> (Hits) Total number of logs found that match the query. |
Logs | Array of objects (ForensicsLogResult) |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
{- "size": 500,
- "query": {
- "free_text": "John Doe",
- "from_date": 1553502809000,
- "to_date": 1553675609000,
- "match_or_fields": [
- {
- "field_name": "clientip",
- "field_values": [
- "213.12.11.10",
- "0.0.1.10"
]
}
]
}, - "search_after": [
- 1553589827407,
- "luminate-<log type>#6aebc61f-7e2f-46b3-805f-d206de8899c0"
]
}
{- "Hits": 1,
- "Logs": [
- {
- "Id": "6aebc61f-7e2f-46b3-805f-d206de8899c0",
- "Data": {
- "@timestamp": "2019-02-13T12:35:03.724Z",
- "action_result": "SUCCESS",
- "activity_type": "URI Access",
- "app_external_address": "app.acme.luminatesec.com",
- "app_id": "abcdefgh-5b31-41d7-b4a3-1d53faff6bad",
- "app_name": "app",
- "app_type": "HTTP",
- "authentication_method": "PUBLIC_KEY\n",
- "bytes_sent": 687,
- "client": "SSH-2.0-SSHJ_0.22.0",
- "client_ip": "10.10.10.50",
- "client_port": 51262,
- "client_type": "BROWSER",
- "compliance_state": "NOT_COMPLIANT",
- "description": "Accessing Web application app",
- "device_validation_action_type": "CLIENT_CERTIFICATE\n",
- "entity_id": "auth0|a1b2c3d4e5f6g7h8i9j0klmn",
- "entity_name": "user@acme.com",
- "entity_type": "User",
- "entity_idp_id": "local",
- "error_type": "",
- "event_type": "ACCESS\n",
- "geoip": {
- "city_name": "Jerusalem",
- "country": "Israel",
- "country_code": "IL",
- "latitude": 31.5,
- "longitude": 34.75,
- "location": {
- "lon": 34.75,
- "lat": 31.5
}
}, - "global_request_id": "abcdefgh-5b31-41d7-b4a3-1d53faff6bad",
- "hashed_session_id": "abcdefg1d883af497cf57a44d4950a32",
- "http_command": "GET",
- "http_version": "HTTP/1.1",
- "key_action_type": "CREATE\n",
- "key_event_target_user_name": "user@luminatesec.com\n",
- "log_id": "abcdefgh-5b31-41d7-b4a3-1d53faff6bad",
- "log_type": "WEB_ACCESS_LOG\n",
- "mfa_action_type": "GOOGLE\n",
- "policy_id": "abcdefgh-5b31-41d7-b4a3-1d53faff6bad",
- "policy_name": "my-policy",
- "policy_type": "ACCESS",
- "policy_is_static": "NO",
- "response_time": 0.029,
- "ssh_activity_command": "echo -n 'hello world'\n",
- "ssh_client_internal_user": "user",
- "ssh_internal_resource_identifier": "app-ssh.staging.eu-west-1.acmeops.com",
- "ssh_internal_resource_port": 22,
- "status_code": 200,
- "summary": "'user@acme.com' succeeded accessing HTTP application 'app'\n",
- "tcp_internal_resource_identifier": "127.0.0.1\n",
- "tcp_internal_resource_port": "22\n",
- "tenant_id": "12f3e95861234567a123a7c582a0a51f_acme",
- "time_to_first_byte": 0.001,
- "up_stream_response_time": 0.012,
- "uri": "/",
- "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36",
- "user_agent_full": {
- "browser": "Chrome",
- "browser_major_version": 83,
- "browser_type": "Browser",
- "device_type": "Desktop",
- "platform": "Linux",
- "platform_version": "Intel x86_64",
- "raw_user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36"
}, - "wss_agent_device_id": "29129c76-8940-11c7-beeb-5y347b5667c1f",
- "wss_agent_device_version": "8.1.0",
- "wss_agent_type": "wss-agent",
- "wss_device_name": "EXAMPLE-10",
- "wss_os_info": "architecture=x86_64 name=Windows 10 Pro version=10.0.19043"
}, - "SearchAfterValues": [
- 1553589827407,
- "luminate-<log type>#6aebc61f-7e2f-46b3-805f-d206de8899c0"
]
}
]
}