Symantec ZTNA API (V2)

Download OpenAPI specification:Download

What's New

Effective from	Change
May 5th, 2024	The APIs Get Application, Create Application and Update Application have been updated by removing the legacy fields "connectorsStatus" and "totalNumberOfAvailableConnectors" from the response, as they now appear under Site object.

Introduction

Symantec ZTNA API uses common RESTful resourced based URL conventions and JSON as the exchange format.
Properties names are case-sensitive.
Some of Symantec ZTNA API calls omit None values from the API response.

The base-URL is api.<tenant-name>.luminatesec.com. For example, if your administration portal URL is admin.acme.luminatesec.com, then your API base-URL is api.acme.luminatesec.com.

All examples below are performed on a tenant called acme.

Common Operations Steps

Below you may find a list of common operations and the relevant API calls for each. Each of these operations can also be performed by using the administrative portal at https://admin.acme.luminatesec.com.

Creating a site and deploying a connector:
1. Creating a new site using the Create site API.
2. Once a site is created you can use its Id (returned in the response of the Create Site request) and call the Create connector API.
3. Deploy the Symantec ZTNA connector:
  1. Retrieve the deployment command using the Connector Deployment Command API.
  2. Execute the command on the target machine.
Creating an application:
1. An application is always associated with a specific site for routing the traffic to the application via the connectors associated with the same site. In order to create the application, call the Create Application API
2. Once the application is created, you *must* assign the application to a specific site in order to make it accessible. Assign the application to the required site using the Bind Application to Site API.
3. In order to grant access to the application for specific entities (users/groups), you should assign the application to the access policy using the Access and Activity Policy API

Object Model

The object model of the API is built around the following:

Sites - Site is a representation of the physical or virtual data center your applications reside in.
Connectors - A connector is a lightweight piece of software connecting your site to the Symantec ZTNA platform.
Applications - Application is the internal resource you would like to publish using Symantec ZTNA.
Access and Activity Policies - Symantec ZTNA continuously authorize each user request for the contextual access and activity, in order to control access to resources and restrict user’s actions within resources, based on the user/device context (such as the user’s group membership, user’s location, MFA status and managed/unmanaged device status) and the requested resource.
Cloud Integration - Integration with Cloud Providers like Amazon Web Services to provide a smoother and cloud-native integration with SIEM solutions and to allow access to resources based on their associated tags.
Logs - Symantec ZTNA internal logs for audit and forensics purposes:
1. Audit Logs audit all operations done through the administration portal
2. Forensics Logs audit any user's access to any application as well as user's activity for any application.

Authentication

Authentication is done using OAuth2 with the Bearer authentication scheme.

OAuth

Standard OAuth2 clientCredentials flow

Security Scheme Type	OAuth2
clientCredentials OAuth Flow	Token URL: https://api.acme.luminatesec.com/v1/oauth/token Scopes:

The Symantec ZTNA API is available to Symantec ZTNA users who have administrative privileges in their Symantec ZTNA tenant. An administrator should create an API client through the Symantec ZTNA Admin portal and copy the ‘Client Id’ and the ‘Client Secret’. Then the administrator should assign the API client an appropriate role in 'Tenant Roles' page.

Retrieving the API access token is done using Basic-Authentication scheme, POST of a Base64 encoded Client-ID and Client-Secret:

curl -X POST \ https://api.acme.luminatesec.com/v1/oauth/token \ -u yourApiClientId:yourApiClientSecret

This call returns the following JSON: { "access_token":"edfe22e3-eb4c-4c83-8ce3-3152e6a2XXX", "expires_in":3600, "scope":"luminate-scope", "token_type":"Bearer", "error":"", "error_description":""}

All further API calls should include the ‘Authorization’ header with value “Bearer AccessToken”

For example:

curl -H "Authorization: Bearer edfe22e3-eb4c-4c83-8ce3-3152e6a2XXX" "https://api.acme.luminatesec.com/v2/applications"

Versioning and Compatibility

The latest Major Version is v2.

The Major Version is included in the URL path (e.g. /v2/applications ) and it denotes breaking changes to the API. Minor and Patch versions are transparent to the client.

Auditing

All authentication operations and modify operations (POST, PUT, DELETE) are audited.

Rate-limiting

The API has a rate limit of 5 requests per second. If you have hit the rate limit, then a ‘429’ status code will be returned. In such cases, you should back-off from submitting new requests for 1 second before resuming.

Note that rate-limitation applies to the accumulated requests of all of your clients. For example, if you have 6 clients submitting requests simultaneously at a rate of 1 request per second for each one then one of them is likely to get a 429 status code.

DNS Server

DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications.
DNS Server operations - You can create, read, update and delete a DNS Server using the application endpoint.
Add a DNS Server

Support

For additional help you may refer to our support at https://support.broadcom.com

Each request submitted to the API returns a unique request ID that is generated by the API. The request ID will be returned in header x-lum-request-id. If you need to contact us about any specific request then this ID will serve as a reference to the given request.

Sites

Site is a representation of the physical or virtual data center your applications reside in.

Create Site

post /sites

Default server.

https://api.acme.luminatesec.com/v2/sites

Creates a Site in your Symantec ZTNA tenant.

Authorizations:

OAuth

Request Body schema: application/json

name required	string [ 2 .. 700 ] A descriptive name of the site.
kubernetes_persistent_volume_name	string (kubernetes_persistent_volume_name) Default: null A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate. The persistent volume must be defined for deployments of type Kubernetes in order to support connector failovers. This property value is inherited from the contained site and can be overridden at the connector level.
mute_health_notification	boolean Default: false Indication whether health notifications are enabled for this site.
kerberos_configuration	object (KerberosConfiguration) Configuring Kerberos Constrained Delegation (KCD) SSO for Corporate Web Applications Note: This configuration applies to new connectors only.
region	string The connectivity region of the site. If not specified, the default region will be used.

Responses

201

successful operation.

Response Schema: application/json

name required	string [ 2 .. 700 ] A descriptive name of the site.
id	string <uuid> A unique identifier of this site. Note: This field is required for any operation other than initial creation.
kubernetes_persistent_volume_name	string (kubernetes_persistent_volume_name) Default: null A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate. The persistent volume must be defined for deployments of type Kubernetes in order to support connector failovers. This property value is inherited from the contained site and can be overridden at the connector level.
connectors	Array of strings <uuid> IDs of all connectors included in this site.
application_ids	Array of strings <uuid> IDs of all applications included in this site.
connector_objects	Array of objects (Connector)
site_status	object (SiteStatus)
mute_health_notification	boolean Default: false Indication whether health notifications are enabled for this site.
kerberos_configuration	object (KerberosConfiguration) Configuring Kerberos Constrained Delegation (KCD) SSO for Corporate Web Applications Note: This configuration applies to new connectors only.
countCollections	integer <int32> The number of collections that are associated with this site.
region	string The connectivity region of the site. If not specified, the default region will be used.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

409

Conflict - Value of one of the provided fields is already used by an existing object.

500

Internal Server Error.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all


{"name": "DataCenterEurope",
"kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420",
"mute_health_notification": false,
"kerberos_configuration": 
{"domain": "acme.example.com",
"kdc_address": "acme.example.com",
"keytab_path": "/opt/keytab"
},
"region": "europe-west1"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"name": "DataCenterEurope",
"kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420",
"connectors": 
["2db3162f-b720-40d3-8067-345a5a25c9ec",
"a784ec20-24b9-445b-877d-cbbd7f67c444"
],
"application_ids": 
["2db3162f-b720-40d3-8067-345a5a25c9ec",
"a784ec20-24b9-445b-877d-cbbd7f67c444"
],
"connector_objects": 
[
{"id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
"name": "TestSite-Connector-3",
"version": "2.5.1+964",
"registered": true,
"otp": null,
"date_created": "2024-04-11T14:59:30Z",
"date_registered": "2024-04-11T14:59:30Z",
"date_otp_expire": "2024-04-11T14:59:30Z",
"send_logs": false,
"enabled": true,
"connector_status": "StatusReady",
"update_status": "UpdateFailed",
"update_status_info": "error downloading new connector",
"internal_ip": "10.10.10.1",
"external_ip": "109.155.209.167",
"hostname": "TestSite-Connector-3-Linux",
"geo_location": "Microsoft Azure, Netherlands, Amsterdam",
"deployment_type": "kubernetes",
"kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
}
],
"site_status": 
{"ConnectorsUp": 
[
{"Id": "72e508f9-33fd-4166-ae82-8a25b0e90915",
"last_seen": "2019-02-24T12:05:51.000Z"
},
{"Id": "d05ccd0f-0cec-4de2-a815-281169c9ca7b",
"last_seen": "2019-02-24T12:05:51.000Z"
}
],
"ConnectorsDown": null,
"ConnectorsNotConfigured": 
[
{"Id": "50f4837b-ec1d-4cbd-aefa-5a54733f0558",
"last_seen": "1901-01-01T00:00:00.000Z"
}
],
"ConnectorsDisabled": null,
"Status": "not-configured"
},
"mute_health_notification": false,
"kerberos_configuration": 
{"domain": "acme.example.com",
"kdc_address": "acme.example.com",
"keytab_path": "/opt/keytab"
},
"countCollections": 1,
"region": "europe-west1"
}

List Sites

get /sites

Default server.

https://api.acme.luminatesec.com/v2/sites

Return an array of paginated JSON objects. Each object represents a site configured in your Symantec ZTNA tenant.
The supported sort keys are either ‘name’ for sorting by site name.
Filter applies for the following fields: "name" and "description".
Using the query filter=test will return all the sites for which one or more of the above listed fields contain "test" Filtering by Application ID may be applied - in such a case, Sites that are associated with this Application will be returned. If the Application ID does not exist then an empty array is returned.

Authorizations:

OAuth

query Parameters

sort	string Default: "id,asc" Example: sort=name,desc The value of this parameter is a comma-separated list of sort key and sort direction. By default, query results are sorted in ascending order by item id. The supported sort directions are either 'asc' for ascending or 'desc' for descending.
size	number <int32> <= 100 Default: 50 Example: size=10 The number of items returned in a single page.
page	number <int32> The page number.
filter	string Example: filter=test The string by which the results are filtered (see description)

Responses

200

successful operation.

Response Schema: application/json

content	Array of objects (Site)
first	boolean Indicates whether the current page is the first one.
last	boolean Indicates whether the current page is the last one.
size	integer <int32> Maximum number of elements per page.
totalElements	integer <int32> Number of elements included in the response.
totalPages	integer <int32> Number of pages included in the response.
number	integer <int32> Page number
numberOfElements	integer <int32> Number of elements in current page.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/sites?sort=name,desc&size=10&page=0&filter=test' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"content": 
[
{"id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"name": "DataCenterEurope",
"kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420",
"connectors": 
["2db3162f-b720-40d3-8067-345a5a25c9ec",
"a784ec20-24b9-445b-877d-cbbd7f67c444"
],
"application_ids": 
["2db3162f-b720-40d3-8067-345a5a25c9ec",
"a784ec20-24b9-445b-877d-cbbd7f67c444"
],
"connector_objects": 
[
{"id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
"name": "TestSite-Connector-3",
"version": "2.5.1+964",
"registered": true,
"otp": null,
"date_created": "2024-04-11T14:59:30Z",
"date_registered": "2024-04-11T14:59:30Z",
"date_otp_expire": "2024-04-11T14:59:30Z",
"send_logs": false,
"enabled": true,
"connector_status": "StatusReady",
"update_status": "UpdateFailed",
"update_status_info": "error downloading new connector",
"internal_ip": "10.10.10.1",
"external_ip": "109.155.209.167",
"hostname": "TestSite-Connector-3-Linux",
"geo_location": "Microsoft Azure, Netherlands, Amsterdam",
"deployment_type": "kubernetes",
"kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
}
],
"site_status": 
{"ConnectorsUp": 
[
{"Id": "72e508f9-33fd-4166-ae82-8a25b0e90915",
"last_seen": "2019-02-24T12:05:51.000Z"
},
{"Id": "d05ccd0f-0cec-4de2-a815-281169c9ca7b",
"last_seen": "2019-02-24T12:05:51.000Z"
}
],
"ConnectorsDown": null,
"ConnectorsNotConfigured": 
[
{"Id": "50f4837b-ec1d-4cbd-aefa-5a54733f0558",
"last_seen": "1901-01-01T00:00:00.000Z"
}
],
"ConnectorsDisabled": null,
"Status": "not-configured"
},
"mute_health_notification": false,
"kerberos_configuration": 
{"domain": "acme.example.com",
"kdc_address": "acme.example.com",
"keytab_path": "/opt/keytab"
},
"countCollections": 1,
"region": "europe-west1"
}
],
"first": true,
"last": true,
"size": 50,
"totalElements": 1,
"totalPages": 1,
"number": 0,
"numberOfElements": 1
}

Update Site

put /sites/{site-id}

Default server.

https://api.acme.luminatesec.com/v2/sites/{site-id}

Update an existing site in your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

site-id

required

string <uuid>

Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

The site ID.

Request Body schema: application/json

name required	string [ 2 .. 700 ] A descriptive name of the site.
kubernetes_persistent_volume_name	string (kubernetes_persistent_volume_name) Default: null A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate. The persistent volume must be defined for deployments of type Kubernetes in order to support connector failovers. This property value is inherited from the contained site and can be overridden at the connector level.
mute_health_notification	boolean Default: false Indication whether health notifications are enabled for this site.
kerberos_configuration	object (KerberosConfiguration) Configuring Kerberos Constrained Delegation (KCD) SSO for Corporate Web Applications Note: This configuration applies to new connectors only.
region	string The connectivity region of the site. If not specified, the default region will be used.

Responses

200

successful operation.

Response Schema: application/json

name required	string [ 2 .. 700 ] A descriptive name of the site.
id	string <uuid> A unique identifier of this site. Note: This field is required for any operation other than initial creation.
kubernetes_persistent_volume_name	string (kubernetes_persistent_volume_name) Default: null A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate. The persistent volume must be defined for deployments of type Kubernetes in order to support connector failovers. This property value is inherited from the contained site and can be overridden at the connector level.
connectors	Array of strings <uuid> IDs of all connectors included in this site.
application_ids	Array of strings <uuid> IDs of all applications included in this site.
connector_objects	Array of objects (Connector)
site_status	object (SiteStatus)
mute_health_notification	boolean Default: false Indication whether health notifications are enabled for this site.
kerberos_configuration	object (KerberosConfiguration) Configuring Kerberos Constrained Delegation (KCD) SSO for Corporate Web Applications Note: This configuration applies to new connectors only.
countCollections	integer <int32> The number of collections that are associated with this site.
region	string The connectivity region of the site. If not specified, the default region will be used.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

409

Conflict - Value of one of the provided fields is already used by an existing object.

500

Internal Server Error.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all


{"name": "DataCenterEurope",
"kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420",
"mute_health_notification": false,
"kerberos_configuration": 
{"domain": "acme.example.com",
"kdc_address": "acme.example.com",
"keytab_path": "/opt/keytab"
},
"region": "europe-west1"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"name": "DataCenterEurope",
"kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420",
"connectors": 
["2db3162f-b720-40d3-8067-345a5a25c9ec",
"a784ec20-24b9-445b-877d-cbbd7f67c444"
],
"application_ids": 
["2db3162f-b720-40d3-8067-345a5a25c9ec",
"a784ec20-24b9-445b-877d-cbbd7f67c444"
],
"connector_objects": 
[
{"id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
"name": "TestSite-Connector-3",
"version": "2.5.1+964",
"registered": true,
"otp": null,
"date_created": "2024-04-11T14:59:30Z",
"date_registered": "2024-04-11T14:59:30Z",
"date_otp_expire": "2024-04-11T14:59:30Z",
"send_logs": false,
"enabled": true,
"connector_status": "StatusReady",
"update_status": "UpdateFailed",
"update_status_info": "error downloading new connector",
"internal_ip": "10.10.10.1",
"external_ip": "109.155.209.167",
"hostname": "TestSite-Connector-3-Linux",
"geo_location": "Microsoft Azure, Netherlands, Amsterdam",
"deployment_type": "kubernetes",
"kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
}
],
"site_status": 
{"ConnectorsUp": 
[
{"Id": "72e508f9-33fd-4166-ae82-8a25b0e90915",
"last_seen": "2019-02-24T12:05:51.000Z"
},
{"Id": "d05ccd0f-0cec-4de2-a815-281169c9ca7b",
"last_seen": "2019-02-24T12:05:51.000Z"
}
],
"ConnectorsDown": null,
"ConnectorsNotConfigured": 
[
{"Id": "50f4837b-ec1d-4cbd-aefa-5a54733f0558",
"last_seen": "1901-01-01T00:00:00.000Z"
}
],
"ConnectorsDisabled": null,
"Status": "not-configured"
},
"mute_health_notification": false,
"kerberos_configuration": 
{"domain": "acme.example.com",
"kdc_address": "acme.example.com",
"keytab_path": "/opt/keytab"
},
"countCollections": 1,
"region": "europe-west1"
}

Get Site

get /sites/{site-id}

Default server.

https://api.acme.luminatesec.com/v2/sites/{site-id}

Returns the details of a Site from your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

site-id

required

string <uuid>

Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

The Site ID.

Responses

200

successful operation.

Response Schema: application/json

name required	string [ 2 .. 700 ] A descriptive name of the site.
id	string <uuid> A unique identifier of this site. Note: This field is required for any operation other than initial creation.
kubernetes_persistent_volume_name	string (kubernetes_persistent_volume_name) Default: null A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate. The persistent volume must be defined for deployments of type Kubernetes in order to support connector failovers. This property value is inherited from the contained site and can be overridden at the connector level.
connectors	Array of strings <uuid> IDs of all connectors included in this site.
application_ids	Array of strings <uuid> IDs of all applications included in this site.
connector_objects	Array of objects (Connector)
site_status	object (SiteStatus)
mute_health_notification	boolean Default: false Indication whether health notifications are enabled for this site.
kerberos_configuration	object (KerberosConfiguration) Configuring Kerberos Constrained Delegation (KCD) SSO for Corporate Web Applications Note: This configuration applies to new connectors only.
countCollections	integer <int32> The number of collections that are associated with this site.
region	string The connectivity region of the site. If not specified, the default region will be used.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/sites/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"name": "DataCenterEurope",
"kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420",
"connectors": 
["2db3162f-b720-40d3-8067-345a5a25c9ec",
"a784ec20-24b9-445b-877d-cbbd7f67c444"
],
"application_ids": 
["2db3162f-b720-40d3-8067-345a5a25c9ec",
"a784ec20-24b9-445b-877d-cbbd7f67c444"
],
"connector_objects": 
[
{"id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
"name": "TestSite-Connector-3",
"version": "2.5.1+964",
"registered": true,
"otp": null,
"date_created": "2024-04-11T14:59:30Z",
"date_registered": "2024-04-11T14:59:30Z",
"date_otp_expire": "2024-04-11T14:59:30Z",
"send_logs": false,
"enabled": true,
"connector_status": "StatusReady",
"update_status": "UpdateFailed",
"update_status_info": "error downloading new connector",
"internal_ip": "10.10.10.1",
"external_ip": "109.155.209.167",
"hostname": "TestSite-Connector-3-Linux",
"geo_location": "Microsoft Azure, Netherlands, Amsterdam",
"deployment_type": "kubernetes",
"kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
}
],
"site_status": 
{"ConnectorsUp": 
[
{"Id": "72e508f9-33fd-4166-ae82-8a25b0e90915",
"last_seen": "2019-02-24T12:05:51.000Z"
},
{"Id": "d05ccd0f-0cec-4de2-a815-281169c9ca7b",
"last_seen": "2019-02-24T12:05:51.000Z"
}
],
"ConnectorsDown": null,
"ConnectorsNotConfigured": 
[
{"Id": "50f4837b-ec1d-4cbd-aefa-5a54733f0558",
"last_seen": "1901-01-01T00:00:00.000Z"
}
],
"ConnectorsDisabled": null,
"Status": "not-configured"
},
"mute_health_notification": false,
"kerberos_configuration": 
{"domain": "acme.example.com",
"kdc_address": "acme.example.com",
"keytab_path": "/opt/keytab"
},
"countCollections": 1,
"region": "europe-west1"
}

Delete Site

delete /sites/{site-id}

Default server.

https://api.acme.luminatesec.com/v2/sites/{site-id}

Delete a site from your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

site-id

required

string <uuid>

Example: 3c536623-4763-4f67-a45a-e88f3d08cdd5

Site ID.

Responses

204

successful operation.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X DELETE 'https://api.acme.luminatesec.com/v2/sites/3c536623-4763-4f67-a45a-e88f3d08cdd5' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
"timestamp": 1548259503065,
"status": 400,
"reasonPhrase": "Bad Request",
"message": "Invalid request parameters: Invalid ID format - failed to process request"
}

Get Site Health Status

get /sites/{site-id}/status

Default server.

https://api.acme.luminatesec.com/v2/sites/{site-id}/status

Returns the health status of a site from your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

site-id

required

string <uuid>

Example: 3c536623-4763-4f67-a45a-e88f3d08cdd5

Site ID.

Responses

200

successful operation.

Response Schema: application/json

ConnectorsUp	Array of objects (ConnectorLastSeen) A list of online connectors represented by their ID and their last communication date.
ConnectorsDown	Array of objects (ConnectorLastSeen) A list of offline connectors represented by their ID and their last communication date.
ConnectorsNotConfigured	Array of objects (ConnectorLastSeen) A list of connectors that were yet established initial communication with Symantec ZTNA Cloud Service.
ConnectorsDisabled	Array of objects (ConnectorLastSeen) A list of disabled connectors (connectors that don't serve applications defined under the contained site).
Status	string Enum: "online" "offline" "not-configured" Site health status. The site is online when there is at least one online connector.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/sites/3c536623-4763-4f67-a45a-e88f3d08cdd5/status' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"ConnectorsUp": 
[
{"Id": "72e508f9-33fd-4166-ae82-8a25b0e90915",
"last_seen": "2019-02-24T12:05:51.000Z"
},
{"Id": "d05ccd0f-0cec-4de2-a815-281169c9ca7b",
"last_seen": "2019-02-24T12:05:51.000Z"
}
],
"ConnectorsDown": null,
"ConnectorsNotConfigured": 
[
{"Id": "50f4837b-ec1d-4cbd-aefa-5a54733f0558",
"last_seen": "1901-01-01T00:00:00.000Z"
}
],
"ConnectorsDisabled": null,
"Status": "not-configured"
}

Connectors

A connector is a lightweight piece of software connecting your site to the Symantec ZTNA platform.

Create Connector

post /connectors

Default server.

https://api.acme.luminatesec.com/v2/connectors

Creates a Connector in your Symantec ZTNA tenant. To complete configuring the Symantec ZTNA connector, you should retrieve the deployment command using Connector Deployment Command API and execute it on the target machine.

Authorizations:

OAuth

query Parameters

bind_to_site_id

required

string <uuid>

Example: bind_to_site_id=6fd0a892-8b70-471a-9dd7-bf374b07451f

The ID of the site that should contain this connector.

Request Body schema: application/json

name required	string >= 1 A descriptive name of the Connector.
deployment_type required	string (DeploymentType) Enum: "windows" "linux" "docker-compose" "kubernetes" The deployment type of the host running the Symantec ZTNA connector.
send_logs	boolean Default: false Indicates whether to set connector debug log level to the highest one.
enabled	boolean Default: true Indicates whether the connector serves applications defined under the contained site. A disabled connector still communicates with Symantec ZTNA cloud service to support enabling it later on.
kubernetes_persistent_volume_name	string (kubernetes_persistent_volume_name) Default: null A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate. The persistent volume must be defined for deployments of type Kubernetes in order to support connector failovers. This property value is inherited from the contained site and can be overridden at the connector level.

Responses

201

successful operation.

Response Schema: application/json

name required	string >= 1 A descriptive name of the Connector.
deployment_type required	string (DeploymentType) Enum: "windows" "linux" "docker-compose" "kubernetes" The deployment type of the host running the Symantec ZTNA connector.
id	string <uuid> A unique identifier of this connector. Note: This field is required for any operation other than initial creation.
version	string The version of the running connector. This version equals to or higher than container_version.
registered	boolean Indicates whether the connector has already established a successful handshake with the Symantec ZTNA Cloud.
otp	string When initiated, the Symantec ZTNA Connector receives an ephemeral OTP, allowing it to establish initial communication. with Symantec ZTNA Cloud Service and pull a TLS Certificate to be used for further communications. This property holds an empty value after the connector establishes a successful handshake with the Symantec ZTNA Cloud.
date_created	string <date-time> Connector creation date.
date_registered	string <date-time> The date when the connector established a successful handshake with the Symantec ZTNA Cloud.
date_otp_expire	string <date-time> The date when the connector OTP expires. By default OTP is valid for 24 hours after connector creation date.
send_logs	boolean Default: false Indicates whether to set connector debug log level to the highest one.
enabled	boolean Default: true Indicates whether the connector serves applications defined under the contained site. A disabled connector still communicates with Symantec ZTNA cloud service to support enabling it later on.
connector_status	string Enum: "StatusUndefined" "StatusReady" "StatusDownloadStarted" "StatusDownloadCompleted" "StatusMigrationStarted" "StatusMigrationCompleted" "StatusExecuteStarted" "StatusExecuteCompleted" "StatusRetired" "StatusFailed" "StatusRetireStarted"
update_status	string Enum: "UpToDate" "UpdateAvailable" "UpdateStarted" "UpdateCompleted" "UpdateFailed" Indicates the connector upgrade status: UpToDate - Connector version is the latest available. UpdateAvailable - New connector version is available. UpdateStarted - Connector upgrade is in progress. UpdateCompleted - Connector upgrade was just completed. This is a temporary state until upgrade result is calculated. UpdateFailed - Connector upgrade attempt has failed.
update_status_info	string A detailed description of the connector upgrade failure reason in case a recent upgrade has failed.
internal_ip	string The internal IP address of the host running the Symantec ZTNA connector container.
external_ip	string The IP address used by Symantec ZTNA connector to address Symantec ZTNA cloud.
hostname	string The name of the host running the Symantec ZTNA connector container.
geo_location	string Geo location based on the external-ip, including the hosted cloud service if applicable.
kubernetes_persistent_volume_name	string (kubernetes_persistent_volume_name) Default: null A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate. The persistent volume must be defined for deployments of type Kubernetes in order to support connector failovers. This property value is inherited from the contained site and can be overridden at the connector level.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

409

Conflict - Value of one of the provided fields is already used by an existing object.

500

Internal Server Error.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all


{"name": "TestSite-Connector-3",
"send_logs": false,
"enabled": true,
"deployment_type": "kubernetes",
"kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
"name": "TestSite-Connector-3",
"version": "2.5.1+964",
"registered": true,
"otp": null,
"date_created": "2024-04-11T14:59:30Z",
"date_registered": "2024-04-11T14:59:30Z",
"date_otp_expire": "2024-04-11T14:59:30Z",
"send_logs": false,
"enabled": true,
"connector_status": "StatusReady",
"update_status": "UpdateFailed",
"update_status_info": "error downloading new connector",
"internal_ip": "10.10.10.1",
"external_ip": "109.155.209.167",
"hostname": "TestSite-Connector-3-Linux",
"geo_location": "Microsoft Azure, Netherlands, Amsterdam",
"deployment_type": "kubernetes",
"kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
}

List Connectors

get /connectors

Default server.

https://api.acme.luminatesec.com/v2/connectors

Return an array of paginated JSON objects. Each object represents a connector configured in your Symantec ZTNA tenant.
The supported sort keys are either ‘name’ for sorting by connector name or ‘id’ for sorting by connector id.
Filter applies for the following fields: "name", "internal-address", "external-address", "custom-domain" and "custom-root-path".
Using the query filter=test will return all the connectors for which one or more of the above listed fields contain "test".

Authorizations:

OAuth

query Parameters

sort	string Default: "id,asc" Example: sort=name,desc The value of this parameter is a comma-separated list of sort key and sort direction. By default, query results are sorted in ascending order by item id. The supported sort directions are either 'asc' for ascending or 'desc' for descending.
size	number <int32> <= 100 Default: 50 Example: size=10 The number of items returned in a single page.
page	number <int32> The page number.
filter	string Example: filter=test The string by which the results are filtered (see description)

Responses

200

successful operation.

Response Schema: application/json

content	Array of objects (Connector)
first	boolean Indicates whether the current page is the first one.
last	boolean Indicates whether the current page is the last one.
size	integer <int32> Maximum number of elements per page.
totalElements	integer <int32> Number of elements included in the response.
totalPages	integer <int32> Number of pages included in the response.
number	integer <int32> Page number
numberOfElements	integer <int32> Number of elements in current page.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/connectors?sort=name,desc&size=10&page=0&filter=test' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"content": 
[
{"id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
"name": "TestSite-Connector-3",
"version": "2.5.1+964",
"registered": true,
"otp": null,
"date_created": "2024-04-11T14:59:30Z",
"date_registered": "2024-04-11T14:59:30Z",
"date_otp_expire": "2024-04-11T14:59:30Z",
"send_logs": false,
"enabled": true,
"connector_status": "StatusReady",
"update_status": "UpdateFailed",
"update_status_info": "error downloading new connector",
"internal_ip": "10.10.10.1",
"external_ip": "109.155.209.167",
"hostname": "TestSite-Connector-3-Linux",
"geo_location": "Microsoft Azure, Netherlands, Amsterdam",
"deployment_type": "kubernetes",
"kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
}
],
"first": true,
"last": true,
"size": 50,
"totalElements": 1,
"totalPages": 1,
"number": 0,
"numberOfElements": 1
}

Get Connector

get /connectors/{connector-id}

Default server.

https://api.acme.luminatesec.com/v2/connectors/{connector-id}

Returns the details of a Connector from your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

connector-id

required

string <uuid>

Example: 18837193-a81a-400f-b38d-482379e3ab47

Connector ID.

Responses

200

successful operation.

Response Schema: application/json

name required	string >= 1 A descriptive name of the Connector.
deployment_type required	string (DeploymentType) Enum: "windows" "linux" "docker-compose" "kubernetes" The deployment type of the host running the Symantec ZTNA connector.
id	string <uuid> A unique identifier of this connector. Note: This field is required for any operation other than initial creation.
version	string The version of the running connector. This version equals to or higher than container_version.
registered	boolean Indicates whether the connector has already established a successful handshake with the Symantec ZTNA Cloud.
otp	string When initiated, the Symantec ZTNA Connector receives an ephemeral OTP, allowing it to establish initial communication. with Symantec ZTNA Cloud Service and pull a TLS Certificate to be used for further communications. This property holds an empty value after the connector establishes a successful handshake with the Symantec ZTNA Cloud.
date_created	string <date-time> Connector creation date.
date_registered	string <date-time> The date when the connector established a successful handshake with the Symantec ZTNA Cloud.
date_otp_expire	string <date-time> The date when the connector OTP expires. By default OTP is valid for 24 hours after connector creation date.
send_logs	boolean Default: false Indicates whether to set connector debug log level to the highest one.
enabled	boolean Default: true Indicates whether the connector serves applications defined under the contained site. A disabled connector still communicates with Symantec ZTNA cloud service to support enabling it later on.
connector_status	string Enum: "StatusUndefined" "StatusReady" "StatusDownloadStarted" "StatusDownloadCompleted" "StatusMigrationStarted" "StatusMigrationCompleted" "StatusExecuteStarted" "StatusExecuteCompleted" "StatusRetired" "StatusFailed" "StatusRetireStarted"
update_status	string Enum: "UpToDate" "UpdateAvailable" "UpdateStarted" "UpdateCompleted" "UpdateFailed" Indicates the connector upgrade status: UpToDate - Connector version is the latest available. UpdateAvailable - New connector version is available. UpdateStarted - Connector upgrade is in progress. UpdateCompleted - Connector upgrade was just completed. This is a temporary state until upgrade result is calculated. UpdateFailed - Connector upgrade attempt has failed.
update_status_info	string A detailed description of the connector upgrade failure reason in case a recent upgrade has failed.
internal_ip	string The internal IP address of the host running the Symantec ZTNA connector container.
external_ip	string The IP address used by Symantec ZTNA connector to address Symantec ZTNA cloud.
hostname	string The name of the host running the Symantec ZTNA connector container.
geo_location	string Geo location based on the external-ip, including the hosted cloud service if applicable.
kubernetes_persistent_volume_name	string (kubernetes_persistent_volume_name) Default: null A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate. The persistent volume must be defined for deployments of type Kubernetes in order to support connector failovers. This property value is inherited from the contained site and can be overridden at the connector level.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/connectors/18837193-a81a-400f-b38d-482379e3ab47' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
"name": "TestSite-Connector-3",
"version": "2.5.1+964",
"registered": true,
"otp": null,
"date_created": "2024-04-11T14:59:30Z",
"date_registered": "2024-04-11T14:59:30Z",
"date_otp_expire": "2024-04-11T14:59:30Z",
"send_logs": false,
"enabled": true,
"connector_status": "StatusReady",
"update_status": "UpdateFailed",
"update_status_info": "error downloading new connector",
"internal_ip": "10.10.10.1",
"external_ip": "109.155.209.167",
"hostname": "TestSite-Connector-3-Linux",
"geo_location": "Microsoft Azure, Netherlands, Amsterdam",
"deployment_type": "kubernetes",
"kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
}

Delete Connector

delete /connectors/{connector-id}

Default server.

https://api.acme.luminatesec.com/v2/connectors/{connector-id}

Delete the connector from the contained site in your Symantec ZTNA tenant.
In order to complete the action the connector container that runs in the corresponding datacenter should be removed.

Authorizations:

OAuth

path Parameters

connector-id

required

string <uuid>

Example: 18837193-a81a-400f-b38d-482379e3ab47

Connector ID.

Responses

204

successful operation.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X DELETE 'https://api.acme.luminatesec.com/v2/connectors/18837193-a81a-400f-b38d-482379e3ab47' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
"timestamp": 1548259503065,
"status": 400,
"reasonPhrase": "Bad Request",
"message": "Invalid request parameters: Invalid ID format - failed to process request"
}

Get Connector Deployment Command

get /connectors/{connector-id}/command

Default server.

https://api.acme.luminatesec.com/v2/connectors/{connector-id}/command

Returns the command for deploying Symantec ZTNA connector as a docker image. This endpoint is valid for connectors of version 2.5.10 and higher. The command is generated based on the deployment_type that was set for the connector: windows / linux / docker-compose / Kubernetes. Executing the command on the target machine is the last step in configuring the Symantec ZTNA Connector.

Authorizations:

OAuth

path Parameters

connector-id

required

string <uuid>

Example: 18837193-a81a-400f-b38d-482379e3ab47

Connector ID.

Responses

200

successful operation.

Response Schema: application/json

deployment_commands

string

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/connectors/18837193-a81a-400f-b38d-482379e3ab47/command' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"deployment_commands": "sudo docker run --ulimit nofile=2048 -e ENDPOINT_URL='acme.luminatesite.com' \\\n-e TENANT_IDENTIFIER='12f3e95861234567a123a7c582a0a51f_acme' \\ --network=host \\\n-d \\ --name='TestSite-Connector-3' \\ --restart=on-failure \\ -e HTTPS_SKIP_CERT_VERIFY='true' \\\n-e OTP='2d1e1bfa-1234-41bf-a805-a3d1aa7eb5d1' \\ -e LOG_LEVEL=debug \\ -e DISABLE_ERROR_TRACKER=true \\\nluminate/connector:2.5.8\n"
}

Get Connector Environment Variables

get /connectors/{connector-id}/environment_variables

Default server.

https://api.acme.luminatesec.com/v2/connectors/{connector-id}/environment_variables

Returns the set of environment variables required for deployed connector in a conveniently JSON format. Applicable for all connector types that was set for the connector: windows / linux / docker-compose / Kubernetes.

Authorizations:

OAuth

path Parameters

connector-id

required

string <uuid>

Example: 18837193-a81a-400f-b38d-482379e3ab47

Connector ID.

Responses

200

successful operation.

Response Schema: application/json

container_name	string
environment_variables	Array of objects An array of environment variables

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/connectors/18837193-a81a-400f-b38d-482379e3ab47/environment_variables' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"container_name": "TestSite-Connector-3",
"environment_variables": 
[
{"name": "ENDPOINT_URL",
"value": "acme.luminatesec.com"
},
{"name": "TENANT_IDENTIFIER",
"value": "12f3e95861234567a123a7c582a0a51f_acme"
},
{"name": "HTTPS_SKIP_CERT_VERIFY",
"value": true
},
{"name": "OTP",
"value": "2d1e1bfa-1234-41bf-a805-a3d1aa7eb5d1"
},
{"name": "LOG_LEVEL",
"value": "debug"
},
{"name": "DISABLE_ERROR_TRACKER",
"value": true
}
]
}

Get Connector Version

get /connectors/version

Default server.

https://api.acme.luminatesec.com/v2/connectors/version

Returns the latest connector version available for the tenant

Authorizations:

OAuth

Responses

200

successful operation.

Response Schema: application/json

connector_version

string

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/connectors/version' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"connector_version": "2.5.8"
}

Applications

Application is the internal resource you would like to publish using Symantec ZTNA.

Create Application

post /applications

Default server.

https://api.acme.luminatesec.com/v2/applications

Creates an application in your Symantec ZTNA tenant.

Note: To allow access to a newly created application, you should have a Site defined and Symantec ZTNA Connectors deployed, as well as access policy, this application assigned to. You can then assign the application to the required site using Bind Application to Site API. You can assign the application to the policy using Assign Application to policies.

Authorizations:

OAuth

Request Body schema: application/json

name required	string [ 2 .. 40 ] A descriptive name of the application.
id required	string <uuid> (ApplicationID) A unique identifier of the application. Note: This field is required for any operation other than initial creation.
type required	string (ApplicationType) DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications. SSH
connectionSettings required	object (ApplicationConnectionSettingsSSH)
icon	string Nullable Default: null Base64 representation of the icon file, size should be up to 40x40 pixels.
isVisible	boolean Nullable Default: true Indicates whether to show this application in the applications portal.
isNotificationEnabled	boolean Nullable Default: true Indicates whether notifications are enabled for this application.
enabled	boolean Nullable Default: true Indicates the application status configured by Admin (enabled/disabled).
collectionId	string <uuid> Nullable A unique identifier of the collection assigned to application. Note: if field not provided application will created on default collection.

Responses

201

successful operation.

Response Schema: application/json

name required	string [ 2 .. 40 ] A descriptive name of the application.
id required	string <uuid> (ApplicationID) A unique identifier of the application. Note: This field is required for any operation other than initial creation.
type required	string (ApplicationType) Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" "DNS" DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications.
internalAddress required	string (InternalAddress) "Internal Address" is the connection used by the Symantec ZTNA Connector to open internal communications to the application. It can contain either an internal IP address or an internal DNS. Note: If URI schema and/or port are not specified: For web applications, http and port 80 are used. For SSH, SSH Gateway applications, tcp and port 22 are used. . For RDP applications, tcp and port 3389 are used.
dnsSettings required	object (DNSServerData)
createdOn	number Application creation date, epoch time in milliseconds. Note: This field is automatically populated.
modifiedOn	number Application last modification date, epoch time in milliseconds. Note: This field is automatically populated.
icon	string Nullable Default: null Base64 representation of the icon file, size should be up to 40x40 pixels.
isVisible	boolean Nullable Default: true Indicates whether to show this application in the applications portal.
isNotificationEnabled	boolean Nullable Default: true Indicates whether notifications are enabled for this application.
enabled	boolean Nullable Default: true Indicates the application status configured by Admin (enabled/disabled).
health	object (ApplicationHealth)
collectionId	string <uuid> Nullable A unique identifier of the collection assigned to application. Note: if field not provided application will created on default collection.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

409

Conflict - Value of one of the provided fields is already used by an existing object.

500

Internal Server Error.

Request samples

Payload
cURL

Content type

application/json

Example

Copy

Expand all Collapse all


{"id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"name": "TestApplication",
"type": "SSH",
"icon": null,
"isVisible": true,
"isNotificationEnabled": true,
"enabled": true,
"collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"connectionSettings": 
{"internalAddress": "tcp://127.0.0.1:22",
"externalAddress": "testapp.acme.luminatesec.com",
"luminateAddress": "testapp.acme.luminatesec.com",
"subdomain": null
}
}

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"name": "TestApplication",
"type": "HTTP",
"createdOn": 1539000953351,
"modifiedOn": 1539000956235,
"icon": null,
"isVisible": true,
"isNotificationEnabled": true,
"enabled": true,
"health": 
{"applicationId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"status": "PartiallyAvailable",
"cause": "Some connector fail to expose application",
"lastUpdatedOn": 1539680482000,
"totalNumberOfConnectors": 2,
"lastAvailableOn": 1539680482000
},
"collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"internalAddress": "string",
"dnsSettings": 
{"domainSuffixes": 
["mycompany.com"
]
},
"ApplicationHTTP": "DNSServer"
}

List Applications

get /applications

Default server.

https://api.acme.luminatesec.com/v2/applications

Return an array of paginated JSON objects. Each object represents an application configured in your Symantec ZTNA tenant.
The supported sort keys are either ‘name’ for sorting by application name or ‘id’ for sorting by application id.
Filter applies for the following fields: "name", "internal-address", "external-address", "custom-domain" and "custom-root-path".
Using the query filter=testapp will return all the applications for which one or more of the above listed fields contain "testapp"

Authorizations:

OAuth

query Parameters

sort	string Default: "id,asc" Example: sort=name,desc The value of this parameter is a comma-separated list of sort key and sort direction. By default, query results are sorted in ascending order by item id. The supported sort directions are either 'asc' for ascending or 'desc' for descending.
size	number <int32> <= 100 Default: 50 Example: size=10 The number of items returned in a single page.
page	number <int32> The page number.
filter	string Example: filter=test The string by which the results are filtered (see description)
type	string Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" "DNS" Example: type=HTTP Application type by which the results are filtered.
siteId	string <uuid> Example: siteId=5fa7bfe9e312345bce28f0a2ad9698b8 Site ID by which the results are filtered.

Responses

200

successful operation.

Response Schema: application/json

content	Array of objects (Application)
sort	Array of objects (ApplicationSort) Response sorting techniques.
first	boolean Indicates whether the current page is the first one.
last	boolean Indicates whether the current page is the last one.
size	integer <int32> Maximum number of elements per page.
totalElements	integer <int32> Number of elements included in the response.
totalPages	integer <int32> Number of pages included in the response.
number	integer <int32> Page number
numberOfElements	integer <int32> Number of elements in current page.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/applications?sort=name,desc&size=10&page=0&filter=test&type=HTTP&siteId=5fa7bfe9e312345bce28f0a2ad9698b8' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"content": 
[
{"id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"name": "TestApplication",
"type": "HTTP",
"createdOn": 1539000953351,
"modifiedOn": 1539000956235,
"icon": null,
"isVisible": true,
"isNotificationEnabled": true,
"enabled": true,
"health": 
{"applicationId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"status": "PartiallyAvailable",
"cause": "Some connector fail to expose application",
"lastUpdatedOn": 1539680482000,
"totalNumberOfConnectors": 2,
"lastAvailableOn": 1539680482000
},
"collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"subType": "HTTP_LUMINATE_DOMAIN",
"connectionSettings": 
{"internalAddress": "https://127.0.0.1:443",
"externalAddress": "https://testapp.acme.luminatesec.com",
"luminateAddress": "https://testapp.acme.luminatesec.com",
"subdomain": null,
"customExternalAddress": null,
"customRootPath": null,
"healthUrl": "/HealthCheck",
"healthMethod": "Head",
"customSSLCertificate": null,
"wildcardPrivateKey": null
},
"linkTranslationSettings": 
{"isDefaultContentRewriteRulesEnabled": true,
"isDefaultHeaderRewriteRulesEnabled": true,
"useExternalAddressForHostAndSni": false,
"linkedApplications": [ ]
},
"requestCustomizationSettings": 
{"headerCustomization": "X-Forwarded-For: '$SOURCEIP$'\nX-Forwarded-Host: '$ORIGINALHOST$'\nX-Forwarded-Proto: '$PROTOCOL$'\nX-EMAIL-ADDRESS: '$EMAIL$'\n"
},
"tcpTunnelSettings": 
[
{"target": "127.0.0.1",
"ports": 
[80,
8080
]
},
{"target": "127.0.0.2",
"ports": 
[80,
8080
]
}
],
"cloudIntegrationData": 
{"tags": 
[
{"key": "key1",
"value": "value1"
},
{"key": "key2",
"value": "value2"
}
],
"segmentId": "bd3e5b97-3521-4f08-b7b1-9970a47fd984",
"vpcs": 
[
{"id": "5fa7bfe9e312345bce28f0a2ad9698b8",
"vpc": "vpc-ab123456",
"region": "eu-west-1",
"cidr_block": "194.24.0.0/16",
"integration_id": "0c0aa97c-0f47-1234-80cc-5fedc03ea4c7",
"integration_name": "acmeAws"
},
{"id": "ad12345eac234b66b00b6f35de23ba0e",
"vpc": "vpc-ed123456",
"region": "eu-west-1",
"cidr_block": "194.24.0.0/16",
"integration_id": "0c0aa97c-0f47-1234-80cc-5fedc03ea4c7",
"integration_name": "acmeAws"
}
]
},
"segmentSettings": 
{"originalIp": "string"
},
"multipleSegmentSettings": 
[
{"originalIp": "10.0.0.0"
}
],
"internalAddress": "string",
"dnsSettings": 
{"domainSuffixes": 
["mycompany.com"
]
}
}
],
"sort": 
[
{"direction": "asc",
"property": "name",
"ignoreCase": false,
"nullHandling": 1,
"ascending": true,
"descending": false
}
],
"first": true,
"last": true,
"size": 50,
"totalElements": 1,
"totalPages": 1,
"number": 0,
"numberOfElements": 1
}

Get Application

get /applications/{application-id}

Default server.

https://api.acme.luminatesec.com/v2/applications/{application-id}

Returns the details of an Application from your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

application-id

required

string <uuid>

Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

Application ID.

Responses

200

successful operation.

Response Schema: application/json

name required	string [ 2 .. 40 ] A descriptive name of the application.
id required	string <uuid> (ApplicationID) A unique identifier of the application. Note: This field is required for any operation other than initial creation.
type required	string (ApplicationType) Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" "DNS" DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications.
internalAddress required	string (InternalAddress) "Internal Address" is the connection used by the Symantec ZTNA Connector to open internal communications to the application. It can contain either an internal IP address or an internal DNS. Note: If URI schema and/or port are not specified: For web applications, http and port 80 are used. For SSH, SSH Gateway applications, tcp and port 22 are used. . For RDP applications, tcp and port 3389 are used.
dnsSettings required	object (DNSServerData)
createdOn	number Application creation date, epoch time in milliseconds. Note: This field is automatically populated.
modifiedOn	number Application last modification date, epoch time in milliseconds. Note: This field is automatically populated.
icon	string Nullable Default: null Base64 representation of the icon file, size should be up to 40x40 pixels.
isVisible	boolean Nullable Default: true Indicates whether to show this application in the applications portal.
isNotificationEnabled	boolean Nullable Default: true Indicates whether notifications are enabled for this application.
enabled	boolean Nullable Default: true Indicates the application status configured by Admin (enabled/disabled).
health	object (ApplicationHealth)
collectionId	string <uuid> Nullable A unique identifier of the collection assigned to application. Note: if field not provided application will created on default collection.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/applications/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"name": "TestApplication",
"type": "HTTP",
"createdOn": 1539000953351,
"modifiedOn": 1539000956235,
"icon": null,
"isVisible": true,
"isNotificationEnabled": true,
"enabled": true,
"health": 
{"applicationId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"status": "PartiallyAvailable",
"cause": "Some connector fail to expose application",
"lastUpdatedOn": 1539680482000,
"totalNumberOfConnectors": 2,
"lastAvailableOn": 1539680482000
},
"collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"internalAddress": "string",
"dnsSettings": 
{"domainSuffixes": 
["mycompany.com"
]
},
"ApplicationHTTP": "DNSServer"
}

Update Application

put /applications/{application-id}

Default server.

https://api.acme.luminatesec.com/v2/applications/{application-id}

Update an existing application in your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

application-id

required

string <uuid>

Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

Application ID.

Request Body schema: application/json

name required	string [ 2 .. 40 ] A descriptive name of the application.
id required	string <uuid> (ApplicationID) A unique identifier of the application. Note: This field is required for any operation other than initial creation.
type required	string (ApplicationType) DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications. SSH
connectionSettings required	object (ApplicationConnectionSettingsSSH)
icon	string Nullable Default: null Base64 representation of the icon file, size should be up to 40x40 pixels.
isVisible	boolean Nullable Default: true Indicates whether to show this application in the applications portal.
isNotificationEnabled	boolean Nullable Default: true Indicates whether notifications are enabled for this application.
enabled	boolean Nullable Default: true Indicates the application status configured by Admin (enabled/disabled).
collectionId	string <uuid> Nullable A unique identifier of the collection assigned to application. Note: if field not provided application will created on default collection.

Responses

200

successful operation.

Response Schema: application/json

name required	string [ 2 .. 40 ] A descriptive name of the application.
id required	string <uuid> (ApplicationID) A unique identifier of the application. Note: This field is required for any operation other than initial creation.
type required	string (ApplicationType) Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" "DNS" DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications.
internalAddress required	string (InternalAddress) "Internal Address" is the connection used by the Symantec ZTNA Connector to open internal communications to the application. It can contain either an internal IP address or an internal DNS. Note: If URI schema and/or port are not specified: For web applications, http and port 80 are used. For SSH, SSH Gateway applications, tcp and port 22 are used. . For RDP applications, tcp and port 3389 are used.
dnsSettings required	object (DNSServerData)
createdOn	number Application creation date, epoch time in milliseconds. Note: This field is automatically populated.
modifiedOn	number Application last modification date, epoch time in milliseconds. Note: This field is automatically populated.
icon	string Nullable Default: null Base64 representation of the icon file, size should be up to 40x40 pixels.
isVisible	boolean Nullable Default: true Indicates whether to show this application in the applications portal.
isNotificationEnabled	boolean Nullable Default: true Indicates whether notifications are enabled for this application.
enabled	boolean Nullable Default: true Indicates the application status configured by Admin (enabled/disabled).
health	object (ApplicationHealth)
collectionId	string <uuid> Nullable A unique identifier of the collection assigned to application. Note: if field not provided application will created on default collection.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

409

Conflict - Value of one of the provided fields is already used by an existing object.

500

Internal Server Error.

Request samples

Payload
cURL

Content type

application/json

Example

Copy

Expand all Collapse all


{"id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"name": "TestApplication",
"type": "SSH",
"icon": null,
"isVisible": true,
"isNotificationEnabled": true,
"enabled": true,
"collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"connectionSettings": 
{"internalAddress": "tcp://127.0.0.1:22",
"externalAddress": "testapp.acme.luminatesec.com",
"luminateAddress": "testapp.acme.luminatesec.com",
"subdomain": null
}
}

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"name": "TestApplication",
"type": "HTTP",
"createdOn": 1539000953351,
"modifiedOn": 1539000956235,
"icon": null,
"isVisible": true,
"isNotificationEnabled": true,
"enabled": true,
"health": 
{"applicationId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"status": "PartiallyAvailable",
"cause": "Some connector fail to expose application",
"lastUpdatedOn": 1539680482000,
"totalNumberOfConnectors": 2,
"lastAvailableOn": 1539680482000
},
"collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"internalAddress": "string",
"dnsSettings": 
{"domainSuffixes": 
["mycompany.com"
]
},
"ApplicationHTTP": "DNSServer"
}

Delete Application

delete /applications/{application-id}

Default server.

https://api.acme.luminatesec.com/v2/applications/{application-id}

Delete an application from your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

application-id

required

string <uuid>

Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

Application ID.

Responses

204

successful operation.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X DELETE 'https://api.acme.luminatesec.com/v2/applications/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
"timestamp": 1548259503065,
"status": 400,
"reasonPhrase": "Bad Request",
"message": "Invalid request parameters: Invalid ID format - failed to process request"
}

Bind Application to Site

put /applications/{application-id}/site-binding/{site-id}

Default server.

https://api.acme.luminatesec.com/v2/applications/{application-id}/site-binding/{site-id}

Bind your Application to an existing Site in your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

application-id required	string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f Application ID.
site-id required	string <uuid> Example: 3c536623-4763-4f67-a45a-e88f3d08cdd5 Site ID.

Request Body schema: application/json

any

Responses

200

successful operation.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all

null

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
"timestamp": 1548259503065,
"status": 400,
"reasonPhrase": "Bad Request",
"message": "Invalid request parameters: Invalid ID format - failed to process request"
}

Get Application Health Status

get /applications/{application-id}/status

Default server.

https://api.acme.luminatesec.com/v2/applications/{application-id}/status

Returns the health status of the given Application from your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

application-id

required

string <uuid>

Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

Application ID.

Responses

200

successful operation.

Response Schema: application/json

applicationId	string <uuid>
status	string Enum: "Available" "Unavailable" "Pending" "PartiallyAvailable" The application accessibility status.
cause	string Root cause for status different than "Available".
lastUpdatedOn	number Date when Application health was last updated on, epoch time in milliseconds.
totalNumberOfConnectors	integer <int32> The number of connectors that expose the application regardless of their health status.
lastAvailableOn	number Date when Application was last available, epoch time in milliseconds.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/applications/6fd0a892-8b70-471a-9dd7-bf374b07451f/status' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"applicationId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"status": "PartiallyAvailable",
"cause": "Some connector fail to expose application",
"lastUpdatedOn": 1539680482000,
"totalNumberOfConnectors": 2,
"lastAvailableOn": 1539680482000
}

Access and Activity Policies

Symantec ZTNA continuously enforce contextual access and activity policies to control access to resources and restrict user’s actions within resources, based on the user/device context (such as the user’s group membership, user’s location, MFA status and managed/unmanaged device status) and the requested resource.

Policy Evaluation
For each access request, Symantec ZTNA processes the policies against the request context (user, device and the requested resource) to calculate the effective policies and to determine whether the request should be allowed or denied. If no access policy could be matched, the access is blocked.

Access Policy configuration
When defining an access policy, the following configuration is supported:

Filter conditions - The conditions specify the context under which the activity policy will apply.
Context includes information about the source IP address, source location and source device.
The policy is effective only when *ALL* conditions are satisfied (evaluate to TRUE).
Entities - users/groups/api-clients to which the policy applies.
Resources - the applications to which the policy applies.
Access settings - settings that are specific for the policy target protocol. For example SSH accounts as well as the supported authentication methods (temporary tokens or certificates) for target protocol SSH.
Validators - The controls you want to enforce as a prerequisite for granting access to the requested resource. Examples are Multi-factor authentication and Web Verification.

Activity Policy configuration
Activity policies are used to control specific user’s actions within the resource to which the user has been granted access by Access Policy. Examples are restricting file downloads, controling access to specific URIs, limiting SSH commands and others). The activity policy consists of the entities (users or groups to which the policy applies), the applications to which the policy apply as well as filter conditions and rules.

Activity policy filter conditions
The conditions specify the context under which the activity policy will apply. Context includes information about the source IP address, source location and source device.
The policy is effective only when *ALL* conditions are satisfied (evaluate to TRUE).
Activity policy rules
The rules specify the constraints on the action that the user wants to perform. For example URI black list for web applications or file download restrictions.
Each rule contains the the activity which triggers the rule and the action, which determines how the Symantec ZTNA should react when such activity is triggered. For example block action in case of an attempt to access a non-allowed URI.

Create Policy

post /policies

Default server.

https://api.acme.luminatesec.com/v2/policies

Creates an Access / Activity Policy in your Symantec ZTNA tenant.

Authorizations:

OAuth

Request Body schema: application/json

type required	string (PolicyType) Determines the policy type: ACCESS - control access to resources by continuously enforcing contextual authorization ACTIVITY - control user activity within resources to which access was granted. ACCESS
targetProtocol required	string (PolicyTargetProtocol) Enum: "HTTP" "SSH" "RDP" "TCP"
name required	string A descriptive name of the policy. The name must be unique.
id	string <uuid> A unique identifier of the policy. Note: This field is required for any operation other than initial creation.
enabled	boolean Indicates whether this policy is enabled.
collectionId	string <uuid> Nullable A unique identifier of the collection assigned to policy. Note: if field not provided policy will created on default collection.
directoryEntities	Array of objects (DirectoryEntity) The entities to which this policy applies.
applications	Array of objects (ApplicationBase) The applications to which this policy applies.
filterConditions	Array of objects (PolicyCondition) Filter conditions that specify the context of the user and the device in which the policy will apply. This Context includes information about the source IP address, source location and source device. The policy is effective only when ALL conditions are satisfied (evaluate to TRUE). Conditions are formed by using properties of the request context and describing their required state. For example, source IP should be one of the listed IP addresses. To retrieve the supported conditions use Get Supported Conditions API.
timeSettingsType	string Default: "permanent" Enum: "permanent" "temporary" configures the time settings type for the policy.
Status	string Indicates the policy status
validators	object The controls you want to enforce as a prerequisite for granting access to the requested resource. Examples are Multi-factor authentication and Web Verification. To configure the required controls, you should retrieve the supported validators IDs by using Get Supported Validators and set the proper ones to TRUE. Note: Applicable for policies of type ACCESS only.
rdpSettings	object (PolicyRDPSettings) Policy settings that are specific to applications of type RDP
sshSettings	object (PolicySSHSettings) Policy settings that are specific to applications of type SSH
tcpSettings	object (PolicyTCPSettings) Policy settings that are specific to applications of type RDP
timeSettings	object (PolicyTimeSettings) Holds additional information regarding time settings of rules. This property applies only in case timeSettingsType is set to "temporary".

Responses

200

successful operation.

Response Schema: application/json

type required	string (PolicyType) Enum: "ACCESS" "ACTIVITY" Determines the policy type: ACCESS - control access to resources by continuously enforcing contextual authorization ACTIVITY - control user activity within resources to which access was granted.
targetProtocol required	string (PolicyTargetProtocol) Enum: "HTTP" "SSH" "RDP" "TCP"
name required	string A descriptive name of the policy. The name must be unique.
id	string <uuid> A unique identifier of the policy. Note: This field is required for any operation other than initial creation.
enabled	boolean Indicates whether this policy is enabled.
createdAt	string <date-time>
collectionId	string <uuid> Nullable A unique identifier of the collection assigned to policy. Note: if field not provided policy will created on default collection.
directoryEntities	Array of objects (DirectoryEntity) The entities to which this policy applies.
applications	Array of objects (ApplicationBase) The applications to which this policy applies.
filterConditions	Array of objects (PolicyCondition) Filter conditions that specify the context of the user and the device in which the policy will apply. This Context includes information about the source IP address, source location and source device. The policy is effective only when ALL conditions are satisfied (evaluate to TRUE). Conditions are formed by using properties of the request context and describing their required state. For example, source IP should be one of the listed IP addresses. To retrieve the supported conditions use Get Supported Conditions API.
timeSettingsType	string Default: "permanent" Enum: "permanent" "temporary" configures the time settings type for the policy.
Status	string Indicates the policy status
validators	object The controls you want to enforce as a prerequisite for granting access to the requested resource. Examples are Multi-factor authentication and Web Verification. To configure the required controls, you should retrieve the supported validators IDs by using Get Supported Validators and set the proper ones to TRUE. Note: Applicable for policies of type ACCESS only.
rdpSettings	object (PolicyRDPSettings) Policy settings that are specific to applications of type RDP
sshSettings	object (PolicySSHSettings) Policy settings that are specific to applications of type SSH
tcpSettings	object (PolicyTCPSettings) Policy settings that are specific to applications of type RDP
timeSettings	object (PolicyTimeSettings) Holds additional information regarding time settings of rules. This property applies only in case timeSettingsType is set to "temporary".
containers	Array of objects (PolicyRule) The rules specify the constraints on the action that the user wants to perform. For example URI black list for web applications or file download restrictions. Each rule contains the the activity which triggers the rule and the action, which determines how the Symantec ZTNA should react when such activity is triggered. Example actions are ‘block action’ in case of an attempt to access a non-allowed URI.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

409

Conflict - Value of one of the provided fields is already used by an existing object.

500

Internal Server Error.

Request samples

Payload
cURL

Content type

application/json

Example

Copy

Expand all Collapse all


{"type": "ACCESS",
"targetProtocol": "SSH",
"id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
"enabled": true,
"name": "Contractors Policy to Jira",
"collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"directoryEntities": 
[
{"identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
"identityProviderId": "local",
"identityProviderType": "local",
"type": "User",
"displayName": "John Doe"
}
],
"applications": 
[
{"id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"type": "HTTP"
}
],
"filterConditions": 
[
{"conditionDefinitionId": "LOCATION_RESTRICTION",
"arguments": 
{"COUNTRIES": 
["Argentina",
"Angola"
]
}
}
],
"timeSettingsType": "permanent",
"Status": "expired",
"validators": 
{"VALIDATOR_MFA": true
},
"rdpSettings": 
{"longTermPassword": false
},
"sshSettings": 
{"accounts": 
["ubuntu",
"root"
],
"autoMapping": true,
"fullUpnAutoMapping": false,
"agentForward": false,
"acceptTemporaryToken": false,
"acceptCertificate": false
},
"tcpSettings": 
{"acceptTemporaryToken": false,
"acceptCertificate": false
},
"timeSettings": 
{"fromDate": "1985-04-12T23:20:50.52Z",
"toDate": "1985-04-12T23:20:50.52Z"
}
}

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"type": "ACCESS",
"targetProtocol": "SSH",
"id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
"enabled": true,
"createdAt": { },
"name": "Contractors Policy to Jira",
"collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"directoryEntities": 
[
{"id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
"identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
"identityProviderId": "local",
"identityProviderType": "local",
"type": "User",
"displayName": "John Doe"
}
],
"applications": 
[
{"id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"type": "HTTP"
}
],
"filterConditions": 
[
{"conditionDefinitionId": "LOCATION_RESTRICTION",
"arguments": 
{"COUNTRIES": 
["Argentina",
"Angola"
]
}
}
],
"timeSettingsType": "permanent",
"Status": "expired",
"validators": 
{"VALIDATOR_MFA": true
},
"rdpSettings": 
{"longTermPassword": false
},
"sshSettings": 
{"accounts": 
["ubuntu",
"root"
],
"autoMapping": true,
"fullUpnAutoMapping": false,
"agentForward": false,
"acceptTemporaryToken": false,
"acceptCertificate": false
},
"tcpSettings": 
{"acceptTemporaryToken": false,
"acceptCertificate": false
},
"timeSettings": 
{"fromDate": "1985-04-12T23:20:50.52Z",
"toDate": "1985-04-12T23:20:50.52Z"
},
"containers": 
[
{"conditions": 
[
{"arguments": 
{"SSH_COMMAND": 
["sudo",
"ls",
"chmod"
]
},
"conditionDefinitionId": "SSH_COMMAND_WHITELIST"
}
],
"actionId": "ALLOW"
}
],
"PolicyAccess": "Policy"
}

List Policies

get /policies

Default server.

https://api.acme.luminatesec.com/v2/policies

Return an array of paginated JSON objects. Each object represents a policy configured in your Symantec ZTNA tenant.
The supported sort keys are either ‘name’ for sorting by policy name or ‘id’ for sorting by policy id.
Filter applies for the policy name only.
Using the query filter=testpolicy will return all the policies for which one or more of the above listed fields contain "testpolicy"

Authorizations:

OAuth

query Parameters

sort	string Default: "id,asc" Example: sort=name,desc The value of this parameter is a comma-separated list of sort key and sort direction. By default, query results are sorted in ascending order by item id. The supported sort directions are either 'asc' for ascending or 'desc' for descending.
size	number <int32> <= 100 Default: 50 Example: size=10 The number of items returned in a single page.
page	number <int32> The page number.
filter	string Example: filter=test The string by which the results are filtered (see description)

Responses

200

successful operation.

Response Schema: application/json

content	Array of objects (PolicyByType)
first	boolean Indicates whether the current page is the first one.
last	boolean Indicates whether the current page is the last one.
size	integer <int32> Maximum number of elements per page.
totalElements	integer <int32> Number of elements included in the response.
totalPages	integer <int32> Number of pages included in the response.
number	integer <int32> Page number
numberOfElements	integer <int32> Number of elements in current page.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/policies?sort=name,desc&size=10&page=0&filter=test' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"content": 
[
{"type": "ACCESS",
"targetProtocol": "SSH",
"id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
"enabled": true,
"createdAt": "1985-04-12T23:20:50.520Z",
"name": "Contractors Policy to Jira",
"collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"directoryEntities": 
[
{"id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
"identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
"identityProviderId": "local",
"identityProviderType": "local",
"type": "User",
"displayName": "John Doe"
}
],
"applications": 
[
{"id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"type": "HTTP"
}
],
"filterConditions": 
[
{"conditionDefinitionId": "LOCATION_RESTRICTION",
"arguments": 
{"COUNTRIES": 
["Argentina",
"Angola"
]
}
}
],
"timeSettingsType": "permanent",
"Status": "expired",
"validators": 
{"VALIDATOR_MFA": true
},
"rdpSettings": 
{"longTermPassword": false
},
"sshSettings": 
{"accounts": 
["ubuntu",
"root"
],
"autoMapping": true,
"fullUpnAutoMapping": false,
"agentForward": false,
"acceptTemporaryToken": false,
"acceptCertificate": false
},
"tcpSettings": 
{"acceptTemporaryToken": false,
"acceptCertificate": false
},
"timeSettings": 
{"fromDate": "1985-04-12T23:20:50.52Z",
"toDate": "1985-04-12T23:20:50.52Z"
}
}
],
"first": true,
"last": true,
"size": 50,
"totalElements": 1,
"totalPages": 1,
"number": 0,
"numberOfElements": 1
}

Get Policy

get /policies/{policy-id}

Default server.

https://api.acme.luminatesec.com/v2/policies/{policy-id}

Returns the details of a Policy from your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

policy-id

required

string <uuid>

Example: 6fd0a531-6b70-471a-9dd7-bf374b07814f

Policy ID.

Responses

200

successful operation.

Response Schema: application/json

type required	string (PolicyType) Enum: "ACCESS" "ACTIVITY" Determines the policy type: ACCESS - control access to resources by continuously enforcing contextual authorization ACTIVITY - control user activity within resources to which access was granted.
targetProtocol required	string (PolicyTargetProtocol) Enum: "HTTP" "SSH" "RDP" "TCP"
name required	string A descriptive name of the policy. The name must be unique.
id	string <uuid> A unique identifier of the policy. Note: This field is required for any operation other than initial creation.
enabled	boolean Indicates whether this policy is enabled.
createdAt	string <date-time>
collectionId	string <uuid> Nullable A unique identifier of the collection assigned to policy. Note: if field not provided policy will created on default collection.
directoryEntities	Array of objects (DirectoryEntity) The entities to which this policy applies.
applications	Array of objects (ApplicationBase) The applications to which this policy applies.
filterConditions	Array of objects (PolicyCondition) Filter conditions that specify the context of the user and the device in which the policy will apply. This Context includes information about the source IP address, source location and source device. The policy is effective only when ALL conditions are satisfied (evaluate to TRUE). Conditions are formed by using properties of the request context and describing their required state. For example, source IP should be one of the listed IP addresses. To retrieve the supported conditions use Get Supported Conditions API.
timeSettingsType	string Default: "permanent" Enum: "permanent" "temporary" configures the time settings type for the policy.
Status	string Indicates the policy status
validators	object The controls you want to enforce as a prerequisite for granting access to the requested resource. Examples are Multi-factor authentication and Web Verification. To configure the required controls, you should retrieve the supported validators IDs by using Get Supported Validators and set the proper ones to TRUE. Note: Applicable for policies of type ACCESS only.
rdpSettings	object (PolicyRDPSettings) Policy settings that are specific to applications of type RDP
sshSettings	object (PolicySSHSettings) Policy settings that are specific to applications of type SSH
tcpSettings	object (PolicyTCPSettings) Policy settings that are specific to applications of type RDP
timeSettings	object (PolicyTimeSettings) Holds additional information regarding time settings of rules. This property applies only in case timeSettingsType is set to "temporary".
containers	Array of objects (PolicyRule) The rules specify the constraints on the action that the user wants to perform. For example URI black list for web applications or file download restrictions. Each rule contains the the activity which triggers the rule and the action, which determines how the Symantec ZTNA should react when such activity is triggered. Example actions are ‘block action’ in case of an attempt to access a non-allowed URI.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/policies/6fd0a531-6b70-471a-9dd7-bf374b07814f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"type": "ACCESS",
"targetProtocol": "SSH",
"id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
"enabled": true,
"createdAt": { },
"name": "Contractors Policy to Jira",
"collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"directoryEntities": 
[
{"id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
"identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
"identityProviderId": "local",
"identityProviderType": "local",
"type": "User",
"displayName": "John Doe"
}
],
"applications": 
[
{"id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"type": "HTTP"
}
],
"filterConditions": 
[
{"conditionDefinitionId": "LOCATION_RESTRICTION",
"arguments": 
{"COUNTRIES": 
["Argentina",
"Angola"
]
}
}
],
"timeSettingsType": "permanent",
"Status": "expired",
"validators": 
{"VALIDATOR_MFA": true
},
"rdpSettings": 
{"longTermPassword": false
},
"sshSettings": 
{"accounts": 
["ubuntu",
"root"
],
"autoMapping": true,
"fullUpnAutoMapping": false,
"agentForward": false,
"acceptTemporaryToken": false,
"acceptCertificate": false
},
"tcpSettings": 
{"acceptTemporaryToken": false,
"acceptCertificate": false
},
"timeSettings": 
{"fromDate": "1985-04-12T23:20:50.52Z",
"toDate": "1985-04-12T23:20:50.52Z"
},
"containers": 
[
{"conditions": 
[
{"arguments": 
{"SSH_COMMAND": 
["sudo",
"ls",
"chmod"
]
},
"conditionDefinitionId": "SSH_COMMAND_WHITELIST"
}
],
"actionId": "ALLOW"
}
],
"PolicyAccess": "Policy"
}

Update Policy

put /policies/{policy-id}

Default server.

https://api.acme.luminatesec.com/v2/policies/{policy-id}

Update an existing policy in your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

policy-id

required

string <uuid>

Example: 6fd0a531-6b70-471a-9dd7-bf374b07814f

Policy ID.

Request Body schema: application/json

type required	string (PolicyType) Enum: "ACCESS" "ACTIVITY" Determines the policy type: ACCESS - control access to resources by continuously enforcing contextual authorization ACTIVITY - control user activity within resources to which access was granted.
targetProtocol required	string (PolicyTargetProtocol) Enum: "HTTP" "SSH" "RDP" "TCP"
name required	string A descriptive name of the policy. The name must be unique.
id	string <uuid> A unique identifier of the policy. Note: This field is required for any operation other than initial creation.
enabled	boolean Indicates whether this policy is enabled.
collectionId	string <uuid> Nullable A unique identifier of the collection assigned to policy. Note: if field not provided policy will created on default collection.
directoryEntities	Array of objects (DirectoryEntity) The entities to which this policy applies.
applications	Array of objects (ApplicationBase) The applications to which this policy applies.
filterConditions	Array of objects (PolicyCondition) Filter conditions that specify the context of the user and the device in which the policy will apply. This Context includes information about the source IP address, source location and source device. The policy is effective only when ALL conditions are satisfied (evaluate to TRUE). Conditions are formed by using properties of the request context and describing their required state. For example, source IP should be one of the listed IP addresses. To retrieve the supported conditions use Get Supported Conditions API.
timeSettingsType	string Default: "permanent" Enum: "permanent" "temporary" configures the time settings type for the policy.
Status	string Indicates the policy status
validators	object The controls you want to enforce as a prerequisite for granting access to the requested resource. Examples are Multi-factor authentication and Web Verification. To configure the required controls, you should retrieve the supported validators IDs by using Get Supported Validators and set the proper ones to TRUE. Note: Applicable for policies of type ACCESS only.
rdpSettings	object (PolicyRDPSettings) Policy settings that are specific to applications of type RDP
sshSettings	object (PolicySSHSettings) Policy settings that are specific to applications of type SSH
tcpSettings	object (PolicyTCPSettings) Policy settings that are specific to applications of type RDP
timeSettings	object (PolicyTimeSettings) Holds additional information regarding time settings of rules. This property applies only in case timeSettingsType is set to "temporary".
containers	Array of objects (PolicyRule) The rules specify the constraints on the action that the user wants to perform. For example URI black list for web applications or file download restrictions. Each rule contains the the activity which triggers the rule and the action, which determines how the Symantec ZTNA should react when such activity is triggered. Example actions are ‘block action’ in case of an attempt to access a non-allowed URI.

Responses

200

successful operation.

Response Schema: application/json

type required	string (PolicyType) Enum: "ACCESS" "ACTIVITY" Determines the policy type: ACCESS - control access to resources by continuously enforcing contextual authorization ACTIVITY - control user activity within resources to which access was granted.
targetProtocol required	string (PolicyTargetProtocol) Enum: "HTTP" "SSH" "RDP" "TCP"
name required	string A descriptive name of the policy. The name must be unique.
id	string <uuid> A unique identifier of the policy. Note: This field is required for any operation other than initial creation.
enabled	boolean Indicates whether this policy is enabled.
createdAt	string <date-time>
collectionId	string <uuid> Nullable A unique identifier of the collection assigned to policy. Note: if field not provided policy will created on default collection.
directoryEntities	Array of objects (DirectoryEntity) The entities to which this policy applies.
applications	Array of objects (ApplicationBase) The applications to which this policy applies.
filterConditions	Array of objects (PolicyCondition) Filter conditions that specify the context of the user and the device in which the policy will apply. This Context includes information about the source IP address, source location and source device. The policy is effective only when ALL conditions are satisfied (evaluate to TRUE). Conditions are formed by using properties of the request context and describing their required state. For example, source IP should be one of the listed IP addresses. To retrieve the supported conditions use Get Supported Conditions API.
timeSettingsType	string Default: "permanent" Enum: "permanent" "temporary" configures the time settings type for the policy.
Status	string Indicates the policy status
validators	object The controls you want to enforce as a prerequisite for granting access to the requested resource. Examples are Multi-factor authentication and Web Verification. To configure the required controls, you should retrieve the supported validators IDs by using Get Supported Validators and set the proper ones to TRUE. Note: Applicable for policies of type ACCESS only.
rdpSettings	object (PolicyRDPSettings) Policy settings that are specific to applications of type RDP
sshSettings	object (PolicySSHSettings) Policy settings that are specific to applications of type SSH
tcpSettings	object (PolicyTCPSettings) Policy settings that are specific to applications of type RDP
timeSettings	object (PolicyTimeSettings) Holds additional information regarding time settings of rules. This property applies only in case timeSettingsType is set to "temporary".
containers	Array of objects (PolicyRule) The rules specify the constraints on the action that the user wants to perform. For example URI black list for web applications or file download restrictions. Each rule contains the the activity which triggers the rule and the action, which determines how the Symantec ZTNA should react when such activity is triggered. Example actions are ‘block action’ in case of an attempt to access a non-allowed URI.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

409

Conflict - Value of one of the provided fields is already used by an existing object.

500

Internal Server Error.

Request samples

Payload
cURL

Content type

application/json

Example

Copy

Expand all Collapse all


{"type": "ACCESS",
"targetProtocol": "SSH",
"id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
"enabled": true,
"name": "Contractors Policy to Jira",
"collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"directoryEntities": 
[
{"identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
"identityProviderId": "local",
"identityProviderType": "local",
"type": "User",
"displayName": "John Doe"
}
],
"applications": 
[
{"id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"type": "HTTP"
}
],
"filterConditions": 
[
{"conditionDefinitionId": "LOCATION_RESTRICTION",
"arguments": 
{"COUNTRIES": 
["Argentina",
"Angola"
]
}
}
],
"timeSettingsType": "permanent",
"Status": "expired",
"validators": 
{"VALIDATOR_MFA": true
},
"rdpSettings": 
{"longTermPassword": false
},
"sshSettings": 
{"accounts": 
["ubuntu",
"root"
],
"autoMapping": true,
"fullUpnAutoMapping": false,
"agentForward": false,
"acceptTemporaryToken": false,
"acceptCertificate": false
},
"tcpSettings": 
{"acceptTemporaryToken": false,
"acceptCertificate": false
},
"timeSettings": 
{"fromDate": "1985-04-12T23:20:50.52Z",
"toDate": "1985-04-12T23:20:50.52Z"
},
"containers": 
[
{"conditions": 
[
{"arguments": 
{"SSH_COMMAND": 
["sudo",
"ls",
"chmod"
]
},
"conditionDefinitionId": "SSH_COMMAND_WHITELIST"
}
],
"actionId": "ALLOW"
}
],
"PolicyAccess": "Policy"
}

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"type": "ACCESS",
"targetProtocol": "SSH",
"id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
"enabled": true,
"createdAt": { },
"name": "Contractors Policy to Jira",
"collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"directoryEntities": 
[
{"id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
"identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
"identityProviderId": "local",
"identityProviderType": "local",
"type": "User",
"displayName": "John Doe"
}
],
"applications": 
[
{"id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"type": "HTTP"
}
],
"filterConditions": 
[
{"conditionDefinitionId": "LOCATION_RESTRICTION",
"arguments": 
{"COUNTRIES": 
["Argentina",
"Angola"
]
}
}
],
"timeSettingsType": "permanent",
"Status": "expired",
"validators": 
{"VALIDATOR_MFA": true
},
"rdpSettings": 
{"longTermPassword": false
},
"sshSettings": 
{"accounts": 
["ubuntu",
"root"
],
"autoMapping": true,
"fullUpnAutoMapping": false,
"agentForward": false,
"acceptTemporaryToken": false,
"acceptCertificate": false
},
"tcpSettings": 
{"acceptTemporaryToken": false,
"acceptCertificate": false
},
"timeSettings": 
{"fromDate": "1985-04-12T23:20:50.52Z",
"toDate": "1985-04-12T23:20:50.52Z"
},
"containers": 
[
{"conditions": 
[
{"arguments": 
{"SSH_COMMAND": 
["sudo",
"ls",
"chmod"
]
},
"conditionDefinitionId": "SSH_COMMAND_WHITELIST"
}
],
"actionId": "ALLOW"
}
],
"PolicyAccess": "Policy"
}

Delete Policy

delete /policies/{policy-id}

Default server.

https://api.acme.luminatesec.com/v2/policies/{policy-id}

Delete a policy from your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

policy-id

required

string <uuid>

Example: 6fd0a531-6b70-471a-9dd7-bf374b07814f

Policy ID.

Responses

204

successful operation.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X DELETE 'https://api.acme.luminatesec.com/v2/policies/6fd0a531-6b70-471a-9dd7-bf374b07814f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
"timestamp": 1548259503065,
"status": 400,
"reasonPhrase": "Bad Request",
"message": "Invalid request parameters: Invalid ID format - failed to process request"
}

Get Supported Conditions Definitions

get /policies/config/condition-definitions

Default server.

https://api.acme.luminatesec.com/v2/policies/config/condition-definitions

Returns all supported conditions that can be used as building blocks when defining policies. Conditions Definitions are used to define filter conditions and activity policy rules.

Authorizations:

OAuth

Responses

200

successful operation.

Response Schema: application/json

id	string (PolicyConditionDefinitionID) String that uniquly represents the condition and used as its identifier.
displayName	string Human readable name of this Condition.
description	string Condition scope extended information.
conditionParameters	Array of objects (PolicyConditionParameter) Determine the parameters that are required for evaluating the condition. The order of the parameters matters.
typeMapping	Array of objects (PolicyConditionTypeMapping) This property specifies the policy type and the application type for which this condition applies.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/policies/config/condition-definitions' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "LOCATION_RESTRICTION",
"displayName": "Location",
"description": "List of countries that will be allowed to access",
"conditionParameters": 
[
{"parameterId": "COUNTRIES",
"displayName": "conditions",
"elementType": "enum",
"enumSettings": 
{"isMultiple": true,
"values": 
[
{"id": "IL",
"displayName": "Israel"
}
]
},
"stringSettings": 
{"regexValidator": "^Symantec ZTNA1$",
"isMultiple": true,
"example": "Symantec ZTNA1"
},
"numberSettings": 
{"min": 5,
"max": 10
}
}
],
"typeMapping": 
[
{"applicationType": "HTTP",
"policyType": "ACCESS"
}
]
}

Get Supported Rules Actions

get /policies/config/action-types

Default server.

https://api.acme.luminatesec.com/v2/policies/config/action-types

Returns the actions that can be enforced when a user performs a specific operation. Examples are: ALLOW to allow the action, BLOCK to block the action, BLOCK USER to disconnect all active sessions of the user and block further login attempts.

Authorizations:

OAuth

Responses

200

successful operation.

Response Schema: application/json

Array

id	string Unique id for this Action, this ID should be used when setting the Action in a Container
name	string Human readable name for this action type
description	string extended information about the action

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/policies/config/action-types' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


[
{"id": "BLOCK",
"name": "block",
"description": "block the action"
}
]

Get Supported Validators

get /policies/config/validator-types

Default server.

https://api.acme.luminatesec.com/v2/policies/config/validator-types

Returns the validators that can be used as a prerequisite for granting access to a requested resource. Examples are Multi-factor authentication and Web Verification.
Note: The validators are applicable for policies of type ACCESS only.

Authorizations:

OAuth

Responses

200

successful operation.

Response Schema: application/json

Array

id	string
displayName	string
description	string
applicationType	string Enum: "HTTP" "SSH" "TCP" "RDP" "DYNAMIC_SSH" type of applications for that condition

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/policies/config/validator-types' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


[
{"id": "MFA",
"displayName": "MFA",
"description": "Multi Factor authentication",
"applicationType": "HTTP"
}
]

Get Application Assigned Policies.

get /policies/by-app-id/{application-id}

Default server.

https://api.acme.luminatesec.com/v2/policies/by-app-id/{application-id}

Returns an array of JSON objects.
Each object represents a policy assigned to the provided application in your Symantec ZTNA.

Authorizations:

OAuth

path Parameters

application-id

required

string <uuid>

Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

Application ID.

Responses

200

successful operation.

Response Schema: application/json

Array

type required	string (PolicyType) Determines the policy type: ACCESS - control access to resources by continuously enforcing contextual authorization ACTIVITY - control user activity within resources to which access was granted. ACCESS
targetProtocol required	string (PolicyTargetProtocol) Enum: "HTTP" "SSH" "RDP" "TCP"
name required	string A descriptive name of the policy. The name must be unique.
id	string <uuid> A unique identifier of the policy. Note: This field is required for any operation other than initial creation.
enabled	boolean Indicates whether this policy is enabled.
createdAt	string <date-time>
collectionId	string <uuid> Nullable A unique identifier of the collection assigned to policy. Note: if field not provided policy will created on default collection.
directoryEntities	Array of objects (DirectoryEntity) The entities to which this policy applies.
applications	Array of objects (ApplicationBase) The applications to which this policy applies.
filterConditions	Array of objects (PolicyCondition) Filter conditions that specify the context of the user and the device in which the policy will apply. This Context includes information about the source IP address, source location and source device. The policy is effective only when ALL conditions are satisfied (evaluate to TRUE). Conditions are formed by using properties of the request context and describing their required state. For example, source IP should be one of the listed IP addresses. To retrieve the supported conditions use Get Supported Conditions API.
timeSettingsType	string Default: "permanent" Enum: "permanent" "temporary" configures the time settings type for the policy.
Status	string Indicates the policy status
validators	object The controls you want to enforce as a prerequisite for granting access to the requested resource. Examples are Multi-factor authentication and Web Verification. To configure the required controls, you should retrieve the supported validators IDs by using Get Supported Validators and set the proper ones to TRUE. Note: Applicable for policies of type ACCESS only.
rdpSettings	object (PolicyRDPSettings) Policy settings that are specific to applications of type RDP
sshSettings	object (PolicySSHSettings) Policy settings that are specific to applications of type SSH
tcpSettings	object (PolicyTCPSettings) Policy settings that are specific to applications of type RDP
timeSettings	object (PolicyTimeSettings) Holds additional information regarding time settings of rules. This property applies only in case timeSettingsType is set to "temporary".

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/policies/by-app-id/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


[
{"type": "ACCESS",
"targetProtocol": "SSH",
"id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
"enabled": true,
"createdAt": "1985-04-12T23:20:50.520Z",
"name": "Contractors Policy to Jira",
"collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"directoryEntities": 
[
{"id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
"identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
"identityProviderId": "local",
"identityProviderType": "local",
"type": "User",
"displayName": "John Doe"
}
],
"applications": 
[
{"id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"type": "HTTP"
}
],
"filterConditions": 
[
{"conditionDefinitionId": "LOCATION_RESTRICTION",
"arguments": 
{"COUNTRIES": 
["Argentina",
"Angola"
]
}
}
],
"timeSettingsType": "permanent",
"Status": "expired",
"validators": 
{"VALIDATOR_MFA": true
},
"rdpSettings": 
{"longTermPassword": false
},
"sshSettings": 
{"accounts": 
["ubuntu",
"root"
],
"autoMapping": true,
"fullUpnAutoMapping": false,
"agentForward": false,
"acceptTemporaryToken": false,
"acceptCertificate": false
},
"tcpSettings": 
{"acceptTemporaryToken": false,
"acceptCertificate": false
},
"timeSettings": 
{"fromDate": "1985-04-12T23:20:50.52Z",
"toDate": "1985-04-12T23:20:50.52Z"
}
}
]

Update application in policies

put /policies/by-app-id/{application-id}

Default server.

https://api.acme.luminatesec.com/v2/policies/by-app-id/{application-id}

Update explicit application assignment in the list of the policies where this application assigned to. The application will be removed from the policies which doesn’t mentioned in the request body.

Authorizations:

OAuth

path Parameters

application-id

required

string <uuid>

Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

Application ID.

Request Body schema: application/json

applicationType required	string (ApplicationType) Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" "DNS" DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications.
policyIds required	Array of strings Identifiers of the policies to apply on the given application.

Responses

204

successful operation.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

500

Internal Server Error.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all


{"applicationType": "HTTP",
"policyIds": 
["string"
]
}

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
"timestamp": 1548259503065,
"status": 400,
"reasonPhrase": "Bad Request",
"message": "Invalid request parameters: Invalid ID format - failed to process request"
}

Assign Application to policies

post /policies/by-app-id/{application-id}

Default server.

https://api.acme.luminatesec.com/v2/policies/by-app-id/{application-id}

Assign explicit application to the existent policies.

Authorizations:

OAuth

path Parameters

application-id

required

string <uuid>

Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

Application ID.

Request Body schema: application/json

applicationType required	string (ApplicationType) Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" "DNS" DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications.
policyIds required	Array of strings Identifiers of the policies to apply on the given application.

Responses

204

successful operation.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

500

Internal Server Error.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all


{"applicationType": "HTTP",
"policyIds": 
["string"
]
}

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
"timestamp": 1548259503065,
"status": 400,
"reasonPhrase": "Bad Request",
"message": "Invalid request parameters: Invalid ID format - failed to process request"
}

Remove application from policies

delete /policies/by-app-id/{application-id}

Default server.

https://api.acme.luminatesec.com/v2/policies/by-app-id/{application-id}

Remove explicit application from the policies.

Authorizations:

OAuth

path Parameters

application-id

required

string <uuid>

Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

Application ID.

Request Body schema: application/json

applicationType required	string (ApplicationType) Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" "DNS" DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications.
policyIds required	Array of strings Identifiers of the policies to apply on the given application.

Responses

204

successful operation.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

500

Internal Server Error.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all


{"applicationType": "HTTP",
"policyIds": 
["string"
]
}

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
"timestamp": 1548259503065,
"status": 400,
"reasonPhrase": "Bad Request",
"message": "Invalid request parameters: Invalid ID format - failed to process request"
}

Shared Objects

Shared object is an instance which might be assigned to other instances, for ease of provisioning. "Network Location" is such a shared object which might be assigned to access or activity policy conditions.

Create Shared Object

post /policies/shared-objects

Default server.

https://api.acme.luminatesec.com/v2/policies/shared-objects

Creates a shared object in your Symantec ZTNA tenant.

Authorizations:

OAuth

Request Body schema: application/json

name required	string A descriptive name of the shared object. The name must be unique.
type required	string Value: "IP_LIST" Determines the shared object value type: IP_LIST - List of Source IPs that will be allowed to access
values required	Array of objects (SharedObjectValue)
id	string <uuid> A unique identifier of the shared object. Note: This field is required for any operation other than initial creation.
modifiedOn	string <date-time> the last time the shared object been modified

Responses

200

successful operation.

Response Schema: application/json

name required	string A descriptive name of the shared object. The name must be unique.
type required	string Value: "IP_LIST" Determines the shared object value type: IP_LIST - List of Source IPs that will be allowed to access
values required	Array of objects (SharedObjectValue)
id	string <uuid> A unique identifier of the shared object. Note: This field is required for any operation other than initial creation.
modifiedOn	string <date-time> the last time the shared object been modified
createdAt	string <date-time> the time at the creation of the shared object

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

409

Conflict - Value of one of the provided fields is already used by an existing object.

500

Internal Server Error.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all


{"id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
"name": "NY Office",
"type": "IP_LIST",
"modifiedOn": "2017-10-02T15:40:01.318Z",
"values": 
[
{"value": "192.168.0.0/24"
}
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
"name": "NY Office",
"type": "IP_LIST",
"modifiedOn": "2017-10-02T15:40:01.318Z",
"createdAt": "2017-10-02T15:40:01.318Z",
"values": 
[
{"value": "192.168.0.0/24"
}
]
}

List Shared Objects

get /policies/shared-objects

Default server.

https://api.acme.luminatesec.com/v2/policies/shared-objects

Return an array of paginated JSON objects. Each object represents a shared object configured in your Symantec ZTNA tenant.
The supported sort keys are either ‘name’ for sorting by shared object name or ‘created_at’/'modified_on' for sorting by date
Filter applies for the shared object name only.
Using the query filter=test will return all the shared objects for which one or more of the above listed fields contain "test"

Authorizations:

OAuth

query Parameters

sort	string Default: "id,asc" Example: sort=name,desc The value of this parameter is a comma-separated list of sort key and sort direction. By default, query results are sorted in ascending order by item id. The supported sort directions are either 'asc' for ascending or 'desc' for descending.
size	number <int32> <= 100 Default: 50 Example: size=10 The number of items returned in a single page.
page	number <int32> The page number.
filter	string Example: filter=test The string by which the results are filtered (see description)

Responses

200

successful operation.

Response Schema: application/json

name required	string A descriptive name of the shared object. The name must be unique.
type required	string Value: "IP_LIST" Determines the shared object value type: IP_LIST - List of Source IPs that will be allowed to access
values required	Array of objects (SharedObjectValue)
id	string <uuid> A unique identifier of the shared object. Note: This field is required for any operation other than initial creation.
modifiedOn	string <date-time> the last time the shared object been modified
createdAt	string <date-time> the time at the creation of the shared object

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/policies/shared-objects?sort=name,desc&size=10&page=0&filter=test' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
"name": "NY Office",
"type": "IP_LIST",
"modifiedOn": "2017-10-02T15:40:01.318Z",
"createdAt": "2017-10-02T15:40:01.318Z",
"values": 
[
{"value": "192.168.0.0/24"
}
]
}

Get Shared Object

get /policies/shared-objects/{shared-object-id}

Default server.

https://api.acme.luminatesec.com/v2/policies/shared-objects/{shared-object-id}

Returns the details of a Shared Object from your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

shared-object-id

required

string <uuid>

Example: 6fd0a531-6b70-471a-9dd7-bf374b07814f

Shared Object ID.

Responses

200

successful operation.

Response Schema: application/json

name required	string A descriptive name of the shared object. The name must be unique.
type required	string Value: "IP_LIST" Determines the shared object value type: IP_LIST - List of Source IPs that will be allowed to access
values required	Array of objects (SharedObjectValue)
id	string <uuid> A unique identifier of the shared object. Note: This field is required for any operation other than initial creation.
modifiedOn	string <date-time> the last time the shared object been modified
createdAt	string <date-time> the time at the creation of the shared object

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/policies/shared-objects/6fd0a531-6b70-471a-9dd7-bf374b07814f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
"name": "NY Office",
"type": "IP_LIST",
"modifiedOn": "2017-10-02T15:40:01.318Z",
"createdAt": "2017-10-02T15:40:01.318Z",
"values": 
[
{"value": "192.168.0.0/24"
}
]
}

Update Shared Object

put /policies/shared-objects/{shared-object-id}

Default server.

https://api.acme.luminatesec.com/v2/policies/shared-objects/{shared-object-id}

Update an existing shared object in your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

shared-object-id

required

string <uuid>

Example: 6fd0a531-6b70-471a-9dd7-bf374b07814f

Shared Object ID.

Request Body schema: application/json

name required	string A descriptive name of the shared object. The name must be unique.
type required	string Value: "IP_LIST" Determines the shared object value type: IP_LIST - List of Source IPs that will be allowed to access
values required	Array of objects (SharedObjectValue)
id	string <uuid> A unique identifier of the shared object. Note: This field is required for any operation other than initial creation.
modifiedOn	string <date-time> the last time the shared object been modified

Responses

200

successful operation.

Response Schema: application/json

name required	string A descriptive name of the shared object. The name must be unique.
type required	string Value: "IP_LIST" Determines the shared object value type: IP_LIST - List of Source IPs that will be allowed to access
values required	Array of objects (SharedObjectValue)
id	string <uuid> A unique identifier of the shared object. Note: This field is required for any operation other than initial creation.
modifiedOn	string <date-time> the last time the shared object been modified
createdAt	string <date-time> the time at the creation of the shared object

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

409

Conflict - Value of one of the provided fields is already used by an existing object.

500

Internal Server Error.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all


{"id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
"name": "NY Office",
"type": "IP_LIST",
"modifiedOn": "2017-10-02T15:40:01.318Z",
"values": 
[
{"value": "192.168.0.0/24"
}
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
"name": "NY Office",
"type": "IP_LIST",
"modifiedOn": "2017-10-02T15:40:01.318Z",
"createdAt": "2017-10-02T15:40:01.318Z",
"values": 
[
{"value": "192.168.0.0/24"
}
]
}

Delete Shared Object

delete /policies/shared-objects/{shared-object-id}

Default server.

https://api.acme.luminatesec.com/v2/policies/shared-objects/{shared-object-id}

Delete a shared object from your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

shared-object-id

required

string <uuid>

Example: 6fd0a531-6b70-471a-9dd7-bf374b07814f

Shared Object ID.

Responses

204

successful operation.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X DELETE 'https://api.acme.luminatesec.com/v2/policies/shared-objects/6fd0a531-6b70-471a-9dd7-bf374b07814f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
"timestamp": 1548259503065,
"status": 400,
"reasonPhrase": "Bad Request",
"message": "Invalid request parameters: Invalid ID format - failed to process request"
}

Collections

Link Site to Collection.

post /collection/site-links

Default server.

https://api.acme.luminatesec.com/v2/collection/site-links

Link a Site to a Collection in your Symantec ZTNA tenant.

Authorizations:

OAuth

Request Body schema: application/json

links

Array of objects (CollectionSiteLink)

Responses

200

successful operation.

Response Schema: application/json

links

Array of objects (CollectionSiteLink)

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Unauthorized - Authentication is required and has failed or has not yet been provided.

409

Conflict - Value of one of the provided fields is already used by an existing object.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all


{"links": 
[
{"siteId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"collectionId": "dd5ef47d-3e9c-418b-abfc-a1f702fa0c59"
}
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"links": 
[
{"siteId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"collectionId": "dd5ef47d-3e9c-418b-abfc-a1f702fa0c59"
}
]
}

Get Collection Linked Sites.

get /collection/site-links/{collection-id}

Default server.

https://api.acme.luminatesec.com/v2/collection/site-links/{collection-id}

Get the Sites linked to the Collection in your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

collection-id

required

string <uuid>

Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

The collection ID.

Responses

200

successful operation.

Response Schema: application/json

links

Array of objects (CollectionSiteLink)

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Unauthorized - Authentication is required and has failed or has not yet been provided.

404

NotFound - The specified resource was not found.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/collection/site-links/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"links": 
[
{"siteId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"collectionId": "dd5ef47d-3e9c-418b-abfc-a1f702fa0c59"
}
]
}

Unlinks site from collection

delete /collection/site-links/{collection-id}/{site-id}

Default server.

https://api.acme.luminatesec.com/v2/collection/site-links/{collection-id}/{site-id}

Unlink Site from Collection in your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

collection-id required	string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The collection ID.
site-id required	string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The site ID.

Request Body schema: application/json

any

Responses

200

successful operation.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Unauthorized - Authentication is required and has failed or has not yet been provided.

404

NotFound - The specified resource was not found.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all

null

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
"timestamp": 1548259503065,
"status": 400,
"reasonPhrase": "Bad Request",
"message": "Invalid request parameters: Invalid ID format - failed to process request"
}

List Collections

get /collection

Default server.

https://api.acme.luminatesec.com/v2/collection

Return an array of paginated JSON objects. Each object represents an collection configured in your Symantec ZTNA tenant.
Using the query filter=testCollection will return all the collection for which one or more of the above listed fields contain "testCollection"

Authorizations:

OAuth

query Parameters

sort	string Default: "id,asc" Example: sort=name,desc The value of this parameter is a comma-separated list of sort key and sort direction. By default, query results are sorted in ascending order by item id. The supported sort directions are either 'asc' for ascending or 'desc' for descending.
size	number <int32> <= 100 Default: 50 Example: size=10 The number of items returned in a single page.
page	number <int32> The page number.
name	string Example: name=test The name of the resource.
application-id	string <uuid> Example: application-id=6fd0a892-8b70-471a-9dd7-bf374b07451f Application ID.
site-id	string <uuid> Example: site-id=3c536623-4763-4f67-a45a-e88f3d08cdd5 Site ID.
policy-id	string <uuid> Example: policy-id=6fd0a531-6b70-471a-9dd7-bf374b07814f Policy ID.

Responses

200

successful operation.

Response Schema: application/json

content	Array of objects (Collection)
first	boolean Indicates whether the current page is the first one.
last	boolean Indicates whether the current page is the last one.
size	integer <int32> Maximum number of elements per page.
totalElements	integer <int32> Number of elements included in the response.
totalPages	integer <int32> Number of pages included in the response.
number	integer <int32> Page number
numberOfElements	integer <int32> Number of elements in current page.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/collection?sort=name,desc&size=10&page=0&name=test&application-id=6fd0a892-8b70-471a-9dd7-bf374b07451f&site-id=3c536623-4763-4f67-a45a-e88f3d08cdd5&policy-id=6fd0a531-6b70-471a-9dd7-bf374b07814f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"content": 
[
{"id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"name": "string",
"countResources": 0,
"countLinkedSites": 0,
"fqdn": "string"
}
],
"first": true,
"last": true,
"size": 50,
"totalElements": 1,
"totalPages": 1,
"number": 0,
"numberOfElements": 1
}

Create Collection

post /collection

Default server.

https://api.acme.luminatesec.com/v2/collection

Create Collection in your Symantec ZTNA tenant.

Authorizations:

OAuth

Request Body schema: application/json

id	string <uuid>
name	string

Responses

200

successful operation.

Response Schema: application/json

id	string <uuid>
parentId	string <uuid>
name	string
countResources	integer <int32>
countLinkedSites	integer <int32>
fqdn	string authorization fqdn

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Unauthorized - Authentication is required and has failed or has not yet been provided.

409

Conflict - Value of one of the provided fields is already used by an existing object.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all


{"id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"name": "string"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"name": "string",
"countResources": 0,
"countLinkedSites": 0,
"fqdn": "string"
}

Get Collection

get /collection/{collection-id}

Default server.

https://api.acme.luminatesec.com/v2/collection/{collection-id}

Get Collection in your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

collection-id

required

string <uuid>

Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

The collection ID.

Responses

200

successful operation.

Response Schema: application/json

id	string <uuid>
parentId	string <uuid>
name	string
countResources	integer <int32>
countLinkedSites	integer <int32>
fqdn	string authorization fqdn

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Unauthorized - Authentication is required and has failed or has not yet been provided.

404

NotFound - The specified resource was not found.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/collection/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"name": "string",
"countResources": 0,
"countLinkedSites": 0,
"fqdn": "string"
}

Update Collection

put /collection/{collection-id}

Default server.

https://api.acme.luminatesec.com/v2/collection/{collection-id}

Update Collection in your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

collection-id

required

string <uuid>

Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

The collection ID.

Request Body schema: application/json

name

string

Responses

200

successful operation.

Response Schema: application/json

id	string <uuid>
parentId	string <uuid>
name	string
countResources	integer <int32>
countLinkedSites	integer <int32>
fqdn	string authorization fqdn

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Unauthorized - Authentication is required and has failed or has not yet been provided.

404

NotFound - The specified resource was not found.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all


{"name": "string"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"name": "string",
"countResources": 0,
"countLinkedSites": 0,
"fqdn": "string"
}

Delete Collection

delete /collection/{collection-id}

Default server.

https://api.acme.luminatesec.com/v2/collection/{collection-id}

Delete Collection in your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

collection-id

required

string <uuid>

Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

The collection ID.

Request Body schema: application/json

any

Responses

204

successful operation.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Unauthorized - Authentication is required and has failed or has not yet been provided.

404

NotFound - The specified resource was not found.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all

null

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
"timestamp": 1548259503065,
"status": 400,
"reasonPhrase": "Bad Request",
"message": "Invalid request parameters: Invalid ID format - failed to process request"
}

Get Collections by Site

get /collection/site/{site-id}

Default server.

https://api.acme.luminatesec.com/v2/collection/site/{site-id}

Get Collections by Site in your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

site-id

required

string <uuid>

Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f

The site ID.

Responses

200

successful operation.

Response Schema: application/json

collectionIds

Array of strings <uuid>

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Unauthorized - Authentication is required and has failed or has not yet been provided.

404

NotFound - The specified resource was not found.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/collection/site/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"collectionIds": 
["ff5ef47d-3e9c-418b-abfc-a1f702fa0c59"
]
}

List Role Bindings

get /collection/role-bindings

Default server.

https://api.acme.luminatesec.com/v2/collection/role-bindings

List Role Bindings in your Symantec ZTNA tenant.

Authorizations:

OAuth

query Parameters

sort	any Default: "displayName" Enum: "displayName" "entityType" "role" "createdAt" "subjectType" Example: sort=name The value of this parameter is a comma-separated list of sort key.
direction	string Default: "asc" Enum: "asc" "desc" Example: direction=asc The value of this parameter is a comma-separated list of sort direction.
page	number <int32> The page number.
size	number <int32> <= 100 Default: 50 Example: size=10 The number of items returned in a single page.
entityIdInIdp	string Example: entityIdInIdp=18837193-a81a-400f-b38d-482379e3ab47 Entity identifier as determined by the owning Identity Provider. This identifier can be retrieved using Search Users By Identity Provider API for users or Search Groups By Identity Provider API for groups.
entityType	any Enum: "User" "Group" "ApiClient" Example: entityType=User The directory entity type (User/Group/OU/API Client).
entityName	string Example: entityName=test The value of this parameter is entity name.
subjectId	string <uuid> Example: subjectId=18837193-a81a-400f-b38d-482379e3ab47 The ID of the Resource that assigned.
subjectType	string (SubjectType) Enum: "Site" "App" "Policy" "Collection" Example: subjectType=Site The Resource that assigned to the role type (Site/App/Policy).
subjectName	string Example: subjectName=siteName The Resource that assigned to the role name.
roleType	string (RoleType) Enum: "TenantAdmin" "TenantViewer" "SiteEditor" "SiteConnectorDeployer" "ApplicationOwner" "PolicyOwner" Example: roleType=TenantAdmin The role type (TenantAdmin/TenantViewer/SiteEditor/SiteConnectorDeployer/ApplicationOwner/PolicyOwner) that will assign to entity.

Responses

200

successful operation.

Response Schema: application/json

content	Array of objects (RoleBinding)
first	boolean Indicates whether the current page is the first one.
last	boolean Indicates whether the current page is the last one.
size	integer <int32> Maximum number of elements per page.
totalElements	integer <int32> Number of elements included in the response.
totalPages	integer <int32> Number of pages included in the response.
number	integer <int32> Page number
numberOfElements	integer <int32> Number of elements in current page.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Unauthorized - Authentication is required and has failed or has not yet been provided.

404

NotFound - The specified resource was not found.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/collection/role-bindings?sort=name&direction=asc&page=0&size=10&entityIdInIdp=18837193-a81a-400f-b38d-482379e3ab47&entityType=User&entityName=test&subjectId=18837193-a81a-400f-b38d-482379e3ab47&subjectType=undefined&subjectName=siteName&roleType=TenantAdmin' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"content": 
[
{"id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"createdAt": "2024-04-11T14:59:31Z",
"role": 
{"id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"name": "Tenant Viewer",
"RoleType": "TenantAdmin"
},
"Collection": 
{"id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"name": "string",
"countResources": 0,
"countLinkedSites": 0,
"fqdn": "string"
},
"entity": 
{"id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
"identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
"identityProviderId": "local",
"identityProviderType": "local",
"type": "User",
"displayName": "John Doe"
},
"resource": 
{"id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"collectionID": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"fqdn": "r::site",
"name": "SiteName",
"originalResourceId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"subjectType": "Site"
}
}
],
"first": true,
"last": true,
"size": 50,
"totalElements": 1,
"totalPages": 1,
"number": 0,
"numberOfElements": 1
}

Create Tenant Role Binding

post /collection/tenant-role-bindings

Default server.

https://api.acme.luminatesec.com/v2/collection/tenant-role-bindings

Create Tenant Role Binding in your Symantec ZTNA tenant.

Authorizations:

OAuth

Request Body schema: application/json

roleType	string (TenantRoleType) Enum: "TenantAdmin" "TenantViewer" Tenant role type (TenantAdmin/TenantViewer) that will assign to entity.
entities	Array of objects (DirectoryEntity)

Responses

201

successful operation.

Response Schema: application/json

roleBindings

Array of objects (RoleBinding)

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Unauthorized - Authentication is required and has failed or has not yet been provided.

404

NotFound - The specified resource was not found.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all


{"roleType": "TenantAdmin",
"entities": 
[
{"identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
"identityProviderId": "local",
"identityProviderType": "local",
"type": "User",
"displayName": "John Doe"
}
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"roleBindings": 
[
{"id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"createdAt": "2024-04-11T14:59:31Z",
"role": 
{"id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"name": "Tenant Viewer",
"RoleType": "TenantAdmin"
},
"Collection": 
{"id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"name": "string",
"countResources": 0,
"countLinkedSites": 0,
"fqdn": "string"
},
"entity": 
{"id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
"identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
"identityProviderId": "local",
"identityProviderType": "local",
"type": "User",
"displayName": "John Doe"
},
"resource": 
{"id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"collectionID": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"fqdn": "r::site",
"name": "SiteName",
"originalResourceId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"subjectType": "Site"
}
}
]
}

Create Collection Role Binding

post /collection/collection-role-bindings

Default server.

https://api.acme.luminatesec.com/v2/collection/collection-role-bindings

Create Collection Role Binding in your Symantec ZTNA tenant.

Authorizations:

OAuth

Request Body schema: application/json

roleType	string (CollectionRoleType) Enum: "ApplicationOwner" "PolicyOwner" Collection role type (CollectionAdmin/CollectionViewer) that will assign to entity.
collectionId	string <uuid>
entities	Array of objects (DirectoryEntity)

Responses

201

successful operation.

Response Schema: application/json

roleBindings

Array of objects (RoleBinding)

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Unauthorized - Authentication is required and has failed or has not yet been provided.

404

NotFound - The specified resource was not found.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all


{"roleType": "CollectionAdmin",
"collectionId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"entities": 
[
{"identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
"identityProviderId": "local",
"identityProviderType": "local",
"type": "User",
"displayName": "John Doe"
}
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"roleBindings": 
[
{"id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"createdAt": "2024-04-11T14:59:31Z",
"role": 
{"id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"name": "Tenant Viewer",
"RoleType": "TenantAdmin"
},
"Collection": 
{"id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"name": "string",
"countResources": 0,
"countLinkedSites": 0,
"fqdn": "string"
},
"entity": 
{"id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
"identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
"identityProviderId": "local",
"identityProviderType": "local",
"type": "User",
"displayName": "John Doe"
},
"resource": 
{"id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"collectionID": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"fqdn": "r::site",
"name": "SiteName",
"originalResourceId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"subjectType": "Site"
}
}
]
}

Create Site Role Binding

post /collection/site-role-bindings

Default server.

https://api.acme.luminatesec.com/v2/collection/site-role-bindings

Create Site Role Binding in your Symantec ZTNA tenant.

Authorizations:

OAuth

Request Body schema: application/json

roleType	string (SiteRoleType) Enum: "SiteEditor" "SiteConnectorDeployer" Site role type (SiteEditor/SiteConnectorDeployer) that will assign to entity.
siteId	string <uuid>
entities	Array of objects (DirectoryEntity)

Responses

201

successful operation.

Response Schema: application/json

roleBindings

Array of objects (RoleBinding)

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Unauthorized - Authentication is required and has failed or has not yet been provided.

404

NotFound - The specified resource was not found.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all


{"roleType": "SiteEditor",
"siteId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"entities": 
[
{"identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
"identityProviderId": "local",
"identityProviderType": "local",
"type": "User",
"displayName": "John Doe"
}
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"roleBindings": 
[
{"id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"createdAt": "2024-04-11T14:59:31Z",
"role": 
{"id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"name": "Tenant Viewer",
"RoleType": "TenantAdmin"
},
"Collection": 
{"id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"name": "string",
"countResources": 0,
"countLinkedSites": 0,
"fqdn": "string"
},
"entity": 
{"id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
"identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
"identityProviderId": "local",
"identityProviderType": "local",
"type": "User",
"displayName": "John Doe"
},
"resource": 
{"id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"collectionID": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"fqdn": "r::site",
"name": "SiteName",
"originalResourceId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"subjectType": "Site"
}
}
]
}

Delete Role Binding

post /collection/role-bindings/delete

Default server.

https://api.acme.luminatesec.com/v2/collection/role-bindings/delete

Delete Collection Role Binding in your Symantec ZTNA tenant by role binding IDs. you can retrieve role bindings ids from List Role Bindings API.

Authorizations:

OAuth

Request Body schema: application/json

roleBindingIds

Array of strings <uuid>

Responses

204

successful operation.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Unauthorized - Authentication is required and has failed or has not yet been provided.

404

NotFound - The specified resource was not found.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all


{"roleBindingIds": 
["6fd0a892-8b70-471a-9dd7-bf374b07451f"
]
}

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
"timestamp": 1548259503065,
"status": 400,
"reasonPhrase": "Bad Request",
"message": "Invalid request parameters: Invalid ID format - failed to process request"
}

Identity Providers

Working agains one of the supported Identity Providers or with Symantec ZTNA internal Identity Provider.

List Identity Providers

get /identities/settings/identity-providers

Default server.

https://api.acme.luminatesec.com/v2/identities/settings/identity-providers

Return an array of JSON objects. Each object represents an Identity Provider configuration in your Symantec ZTNA tenant.

Authorizations:

OAuth

query Parameters

includeLocal

boolean

Default: false

Indication whether to include Symantec ZTNA internal Identity Provider in the response.

Responses

200

successful operation.

Response Schema: application/json

Array

name required	string >= 1 A descriptive name of the Identity Provider.
provider required	string (IdentityProviderType) Identity provider name. okta
settings	object (DirectoryProviderSettingsOkta)
instructions	object (DirectoryProviderInstructionsOneLoginOrOkta)
id	string <uuid> A unique identifier of this Identity Provider. Note: This field is required for any operation other than initial creation.
is_authenticator	boolean Default: true Indication whether this identity provider is used for authentication.
is_user_store	boolean Default: true Indication whether this identity provider is used for storing identities.
authenticator_id	string <uuid> Nullable Symantec ZTNA internal identifier of the Identity Provider used for authentication. This property holds a value only in case the Identity Provider is used for storing identities only (is_authenticator=false).
created_at	string <date-time> Identity Provider object creation date.
updated_at	string <date-time> The date when the Identity Provider object was last updated.
auth0_connection_id	string Symantec ZTNA internal identifier of the Identity Provider connection.
upn_override_value_data_mapping	string

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/identities/settings/identity-providers?includeLocal=false' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


[
{"id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
"name": "Okta ACME",
"provider": "local",
"is_authenticator": true,
"is_user_store": true,
"authenticator_id": null,
"created_at": "2024-04-11T14:59:31Z",
"updated_at": "2024-04-11T14:59:31Z",
"auth0_connection_id": "con_RWvVa2P2YCCDzZt1",
"upn_override_value_data_mapping": null
}
]

Users

A user that is managed by one of the supported Identity Providers or locally by Symantec ZTNA internal Identity Provider.

Search Users By Identity Provider

get /identities/{identity-provider-id}/users

Default server.

https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/users

Return an array of JSON objects. Each object represents a user in the given IDP.
Pagination support is defined per Identity Provider. Filter applies for user name only.

Authorizations:

OAuth

path Parameters

identity-provider-id

required

string

Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
For Symantec ZTNA internal Identity Provider, set this property to local.

query Parameters

filter	string Example: filter=test The string by which the results are filtered (see description)
pageOffset	string or number Example: pageOffset=1 Page number. Depending on the Identity Provider, this field can either be a number or a string. It can't be assumed and a valid value must be used from the response returned for the previous page. If not specified, first page is returned.
sortBy	string Example: sortBy=email:desc The value of this parameter is a combination of sort key and sort direction: <field>:<direction>. Sort directions are either 'asc' for ascending or 'desc' for descending. The supported sort keys are ‘email’ for a user and name for a group. By default, query results are sorted in ascending order by ‘email’.
perPage	number <int32> [ 1 .. 100 ] Default: 25 Example: perPage=10 The number of items returned in a single page.
email	string Example: email=john e-mail by which the results are filtered. Using the query email=john will return all the entities whose email address contains "john"

Responses

200

successful operation.

Response Schema: application/json

content	Array of objects (User)
first	boolean Indicates whether the current page is the first one.
last	boolean Indicates whether the current page is the last one.
size	integer <int32> Maximum number of elements per page.
totalElements	integer <int32> Number of elements included in the response.
perPage	integer <int32> Number of elements in current page.
nextPage	number Next page offset indicator. Its value should be passed in the `pageOffset` query parameter. when requesting the next page. Its type depends on the Identity Provider.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/users?filter=test&pageOffset=1&sortBy=email:desc&perPage=10&email=john' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"content": 
[
{"username": "john.doe@acme.luminatesec.com",
"notification_email": "john.doe@gmail.com",
"upn": "john.doe@acme.com",
"first_name": "John",
"last_name": "Doe",
"email": "john.doe@acme.com",
"created_at": "2024-04-11T14:59:31Z",
"updated_at": "2024-04-11T14:59:31Z",
"last_login": "2024-04-11T14:59:31Z",
"logins_count": 1235,
"repository_type": "local",
"upn_forward_for_sso_enabled": false,
"is_admin": false,
"is_deleted": false,
"blocked": false,
"hasMfaSecret": false,
"id": "978f38e3-ec9f-4779-829d-19f1f443dec8",
"identity_provider_id": "local"
}
],
"first": true,
"last": true,
"size": 50,
"totalElements": 1,
"perPage": 1,
"nextPage": 1
}

Get User

get /identities/{identity-provider-id}/users/{entity-id}

Default server.

https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/users/{entity-id}

Return user by ID from the specified identity provider. For the local users repository in your Symantec ZTNA tenant, set identity-provider-id to 'local'.

Authorizations:

OAuth

path Parameters

identity-provider-id required	string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using List Identity Providers API. For Symantec ZTNA internal Identity Provider, set this property to local.
entity-id required	string Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f Entity identifier as determined by the owning Identity Provider. This identifier can be retrieved using Search Users By Identity Provider API for users or Search Groups By Identity Provider API for groups.

Responses

200

successful operation.

Response Schema: application/json

username required	string The identity with which the user logs in. Should be in the format `anyText@`<`tenant-name`>`.`<`domain-name`>.
notification_email required	string The email address to which notifications are sent.
identity_provider_id required	string <uuid> (IdentityProviderId) Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one.
upn	string User principal name.
first_name	string Nullable First name.
last_name	string Nullable Last name.
email	string The email address to which outgoing mails are sent. This field is deprecated. Please use username & notification_email fields.
created_at	string <date-time> The date when the user was created.
updated_at	string <date-time> The date when the user was last updated (modified).
last_login	string <date-time> Date when the user last logged in.
logins_count	integer <int32> The number of logins made by this user.
repository_type	string (IdentityProviderType) Enum: "local" "ad" "okta" "adfs" "gapps" "onelogin" Identity provider name.
upn_forward_for_sso_enabled	boolean Applies for local users only. Indication whether Kerberos SSO is enabled for this user. Enabling Kerberos SSO allows performing single sign-on against Kerberos enabled applications by transforming local user email prefix to target AD user name. (requires Kerberos Constrained Delegation ).
is_admin	boolean Default: false Indication whether the user holds an administrator role.
is_deleted	boolean Default: false Indication whether the user was deleted from the system.
blocked	boolean Default: false Indication whether the user is blocked from logging into your tenant.
hasMfaSecret	boolean Default: false Indication whether the user has already registered to the configured multi-factor authenticator provider.
id	string <uuid> A unique identifier of the user.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/users/4fd0a357-8b70-345a-9dd7-bf359b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"username": "john.doe@acme.luminatesec.com",
"notification_email": "john.doe@gmail.com",
"upn": "john.doe@acme.com",
"first_name": "John",
"last_name": "Doe",
"email": "john.doe@acme.com",
"created_at": "2024-04-11T14:59:31Z",
"updated_at": "2024-04-11T14:59:31Z",
"last_login": "2024-04-11T14:59:31Z",
"logins_count": 1235,
"repository_type": "local",
"upn_forward_for_sso_enabled": false,
"is_admin": false,
"is_deleted": false,
"blocked": false,
"hasMfaSecret": false,
"id": "978f38e3-ec9f-4779-829d-19f1f443dec8",
"identity_provider_id": "local"
}

Create Local User

post /identities/local/users

Default server.

https://api.acme.luminatesec.com/v2/identities/local/users

Creates a new user in Symantec ZTNA Identity Provider in your Symantec ZTNA tenant. In the request body. repository_type should be set to local.

Authorizations:

OAuth

Request Body schema: application/json

username required	string The identity with which the user logs in. Should be in the format `anyText@`<`tenant-name`>`.`<`domain-name`>.
notification_email required	string The email address to which notifications are sent.
identity_provider_id required	string <uuid> (IdentityProviderId) Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one.
upn	string User principal name.
first_name	string Nullable First name.
last_name	string Nullable Last name.
email	string The email address to which outgoing mails are sent. This field is deprecated. Please use username & notification_email fields.
repository_type	string (IdentityProviderType) Enum: "local" "ad" "okta" "adfs" "gapps" "onelogin" Identity provider name.
upn_forward_for_sso_enabled	boolean Applies for local users only. Indication whether Kerberos SSO is enabled for this user. Enabling Kerberos SSO allows performing single sign-on against Kerberos enabled applications by transforming local user email prefix to target AD user name. (requires Kerberos Constrained Delegation ).

Responses

201

successful operation.

Response Schema: application/json

username required	string The identity with which the user logs in. Should be in the format `anyText@`<`tenant-name`>`.`<`domain-name`>.
notification_email required	string The email address to which notifications are sent.
identity_provider_id required	string <uuid> (IdentityProviderId) Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one.
upn	string User principal name.
first_name	string Nullable First name.
last_name	string Nullable Last name.
email	string The email address to which outgoing mails are sent. This field is deprecated. Please use username & notification_email fields.
created_at	string <date-time> The date when the user was created.
updated_at	string <date-time> The date when the user was last updated (modified).
last_login	string <date-time> Date when the user last logged in.
logins_count	integer <int32> The number of logins made by this user.
repository_type	string (IdentityProviderType) Enum: "local" "ad" "okta" "adfs" "gapps" "onelogin" Identity provider name.
upn_forward_for_sso_enabled	boolean Applies for local users only. Indication whether Kerberos SSO is enabled for this user. Enabling Kerberos SSO allows performing single sign-on against Kerberos enabled applications by transforming local user email prefix to target AD user name. (requires Kerberos Constrained Delegation ).
is_admin	boolean Default: false Indication whether the user holds an administrator role.
is_deleted	boolean Default: false Indication whether the user was deleted from the system.
blocked	boolean Default: false Indication whether the user is blocked from logging into your tenant.
hasMfaSecret	boolean Default: false Indication whether the user has already registered to the configured multi-factor authenticator provider.
id	string <uuid> A unique identifier of the user.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all


{"username": "john.doe@acme.luminatesec.com",
"notification_email": "john.doe@gmail.com",
"upn": "john.doe@acme.com",
"first_name": "John",
"last_name": "Doe",
"email": "john.doe@acme.com",
"repository_type": "local",
"upn_forward_for_sso_enabled": false,
"identity_provider_id": "local"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"username": "john.doe@acme.luminatesec.com",
"notification_email": "john.doe@gmail.com",
"upn": "john.doe@acme.com",
"first_name": "John",
"last_name": "Doe",
"email": "john.doe@acme.com",
"created_at": "2024-04-11T14:59:31Z",
"updated_at": "2024-04-11T14:59:31Z",
"last_login": "2024-04-11T14:59:31Z",
"logins_count": 1235,
"repository_type": "local",
"upn_forward_for_sso_enabled": false,
"is_admin": false,
"is_deleted": false,
"blocked": false,
"hasMfaSecret": false,
"id": "978f38e3-ec9f-4779-829d-19f1f443dec8",
"identity_provider_id": "local"
}

Update Local User

put /identities/local/users/{entity-id}

Default server.

https://api.acme.luminatesec.com/v2/identities/local/users/{entity-id}

Updates an existing user in Symantec ZTNA Identity Provider in your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

entity-id

required

string

Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f

Entity identifier as determined by the owning Identity Provider.
This identifier can be retrieved using Search Users By Identity Provider API for users or Search Groups By Identity Provider API for groups.

Request Body schema: application/json

username required	string The identity with which the user logs in. Should be in the format `anyText@`<`tenant-name`>`.`<`domain-name`>.
notification_email required	string The email address to which notifications are sent.
identity_provider_id required	string <uuid> (IdentityProviderId) Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one.
upn	string User principal name.
first_name	string Nullable First name.
last_name	string Nullable Last name.
email	string The email address to which outgoing mails are sent. This field is deprecated. Please use username & notification_email fields.
repository_type	string (IdentityProviderType) Enum: "local" "ad" "okta" "adfs" "gapps" "onelogin" Identity provider name.
upn_forward_for_sso_enabled	boolean Applies for local users only. Indication whether Kerberos SSO is enabled for this user. Enabling Kerberos SSO allows performing single sign-on against Kerberos enabled applications by transforming local user email prefix to target AD user name. (requires Kerberos Constrained Delegation ).

Responses

200

successful operation.

Response Schema: application/json

username required	string The identity with which the user logs in. Should be in the format `anyText@`<`tenant-name`>`.`<`domain-name`>.
notification_email required	string The email address to which notifications are sent.
identity_provider_id required	string <uuid> (IdentityProviderId) Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one.
upn	string User principal name.
first_name	string Nullable First name.
last_name	string Nullable Last name.
email	string The email address to which outgoing mails are sent. This field is deprecated. Please use username & notification_email fields.
created_at	string <date-time> The date when the user was created.
updated_at	string <date-time> The date when the user was last updated (modified).
last_login	string <date-time> Date when the user last logged in.
logins_count	integer <int32> The number of logins made by this user.
repository_type	string (IdentityProviderType) Enum: "local" "ad" "okta" "adfs" "gapps" "onelogin" Identity provider name.
upn_forward_for_sso_enabled	boolean Applies for local users only. Indication whether Kerberos SSO is enabled for this user. Enabling Kerberos SSO allows performing single sign-on against Kerberos enabled applications by transforming local user email prefix to target AD user name. (requires Kerberos Constrained Delegation ).
is_admin	boolean Default: false Indication whether the user holds an administrator role.
is_deleted	boolean Default: false Indication whether the user was deleted from the system.
blocked	boolean Default: false Indication whether the user is blocked from logging into your tenant.
hasMfaSecret	boolean Default: false Indication whether the user has already registered to the configured multi-factor authenticator provider.
id	string <uuid> A unique identifier of the user.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

409

Conflict - Value of one of the provided fields is already used by an existing object.

500

Internal Server Error.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all


{"username": "john.doe@acme.luminatesec.com",
"notification_email": "john.doe@gmail.com",
"upn": "john.doe@acme.com",
"first_name": "John",
"last_name": "Doe",
"email": "john.doe@acme.com",
"repository_type": "local",
"upn_forward_for_sso_enabled": false,
"identity_provider_id": "local"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"username": "john.doe@acme.luminatesec.com",
"notification_email": "john.doe@gmail.com",
"upn": "john.doe@acme.com",
"first_name": "John",
"last_name": "Doe",
"email": "john.doe@acme.com",
"created_at": "2024-04-11T14:59:31Z",
"updated_at": "2024-04-11T14:59:31Z",
"last_login": "2024-04-11T14:59:31Z",
"logins_count": 1235,
"repository_type": "local",
"upn_forward_for_sso_enabled": false,
"is_admin": false,
"is_deleted": false,
"blocked": false,
"hasMfaSecret": false,
"id": "978f38e3-ec9f-4779-829d-19f1f443dec8",
"identity_provider_id": "local"
}

Delete Local User

delete /identities/local/users/{entity-id}

Default server.

https://api.acme.luminatesec.com/v2/identities/local/users/{entity-id}

Deletes a user permanently from Symantec ZTNA Identity Provider in your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

entity-id

required

string

Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f

Responses

204

successful operation.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X DELETE 'https://api.acme.luminatesec.com/v2/identities/local/users/4fd0a357-8b70-345a-9dd7-bf359b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
"timestamp": 1548259503065,
"status": 400,
"reasonPhrase": "Bad Request",
"message": "Invalid request parameters: Invalid ID format - failed to process request"
}

List Blocked Users

get /identities/settings/blocked-users

Default server.

https://api.acme.luminatesec.com/v2/identities/settings/blocked-users

Lists of blocked users in your Symantec ZTNA tenant.

Authorizations:

OAuth

Responses

200

successful operation.

Response Schema: application/json

Array

identity_provider_id required	string <uuid> (IdentityProviderId) Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one.
user_id required	string (EntityId) Entity identifier as determined by the owning Identity Provider. This identifier can be retrieved using Search Users By Identity Provider API for users or Search Groups By Identity Provider API for groups.
created_at	string <date-time> The date when the user was blocked.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/identities/settings/blocked-users' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


[
{"identity_provider_id": "local",
"user_id": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
"created_at": "2024-04-11T14:59:31Z"
}
]

Block User

post /identities/{identity-provider-id}/users/{entity-id}/block

Default server.

https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/users/{entity-id}/block

Blocks a user in your Symantec ZTNA tenant. Blocking a group of users is not supported. All active sessions of the given user will get disconnected and the user will no longer be able to login to your tenant.

Authorizations:

OAuth

path Parameters

identity-provider-id required	string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using List Identity Providers API. For Symantec ZTNA internal Identity Provider, set this property to local.
entity-id required	string Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f Entity identifier as determined by the owning Identity Provider. This identifier can be retrieved using Search Users By Identity Provider API for users or Search Groups By Identity Provider API for groups.

Responses

204

successful operation.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X POST 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/users/4fd0a357-8b70-345a-9dd7-bf359b07451f/block' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
"timestamp": 1548259503065,
"status": 400,
"reasonPhrase": "Bad Request",
"message": "Invalid request parameters: Invalid ID format - failed to process request"
}

Unblock User

delete /identities/{identity-provider-id}/users/{entity-id}/block

Default server.

https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/users/{entity-id}/block

Unblocks a user in your Symantec ZTNA tenant. Unblocking a group of users is not supported. Upon a successful operation, the user will be able to login to your tenant.

Authorizations:

OAuth

path Parameters

identity-provider-id required	string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using List Identity Providers API. For Symantec ZTNA internal Identity Provider, set this property to local.
entity-id required	string Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f Entity identifier as determined by the owning Identity Provider. This identifier can be retrieved using Search Users By Identity Provider API for users or Search Groups By Identity Provider API for groups.

Responses

204

successful operation.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X DELETE 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/users/4fd0a357-8b70-345a-9dd7-bf359b07451f/block' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
"timestamp": 1548259503065,
"status": 400,
"reasonPhrase": "Bad Request",
"message": "Invalid request parameters: Invalid ID format - failed to process request"
}

Groups

A group that is managed by one of the supported Identity Providers or locally by Symantec ZTNA internal Identity Provider.

Get Group

get /identities/{identity-provider-id}/groups/{entity-id}

Default server.

https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/groups/{entity-id}

Return group by ID from the specified identity provider. For the local users repository in your Symantec ZTNA tenant, set identity-provider-id to 'local'.

Authorizations:

OAuth

path Parameters

identity-provider-id required	string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using List Identity Providers API. For Symantec ZTNA internal Identity Provider, set this property to local.
entity-id required	string Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f Entity identifier as determined by the owning Identity Provider. This identifier can be retrieved using Search Users By Identity Provider API for users or Search Groups By Identity Provider API for groups.

Responses

200

successful operation.

Response Schema: application/json

name required	string Group name
id	string Group uuid
repository_type	string (IdentityProviderType) Enum: "local" "ad" "okta" "adfs" "gapps" "onelogin" Identity provider name.
identity_provider_id	string <uuid> (IdentityProviderId) Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one.
created_at	string <date-time>
updated_at	string <date-time>

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/groups/4fd0a357-8b70-345a-9dd7-bf359b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "d8028639-a76a-4614-965a-7e3d4832d94b",
"name": "Administrators",
"repository_type": "local",
"identity_provider_id": "local",
"created_at": "2024-04-11T14:59:31Z",
"updated_at": "2024-04-11T14:59:31Z"
}

Search Groups By Identity Provider

get /identities/{identity-provider-id}/groups

Default server.

https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/groups

Return an array of JSON objects. Each object represents a group in the given IDP.
Pagination support is defined per Identity Provider. Filter applies for group name only.

Authorizations:

OAuth

path Parameters

identity-provider-id

required

string

Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
For Symantec ZTNA internal Identity Provider, set this property to local.

query Parameters

filter	string Example: filter=test The string by which the results are filtered (see description)
pageOffset	string or number Example: pageOffset=1 Page number. Depending on the Identity Provider, this field can either be a number or a string. It can't be assumed and a valid value must be used from the response returned for the previous page. If not specified, first page is returned.
sortBy	string Example: sortBy=email:desc The value of this parameter is a combination of sort key and sort direction: <field>:<direction>. Sort directions are either 'asc' for ascending or 'desc' for descending. The supported sort keys are ‘email’ for a user and name for a group. By default, query results are sorted in ascending order by ‘email’.
perPage	number <int32> [ 1 .. 100 ] Default: 25 Example: perPage=10 The number of items returned in a single page.

Responses

200

successful operation.

Response Schema: application/json

content	Array of objects (Group)
first	boolean Indicates whether the current page is the first one.
last	boolean Indicates whether the current page is the last one.
size	integer <int32> Maximum number of elements per page.
totalElements	integer <int32> Number of elements included in the response.
perPage	integer <int32> Number of elements in current page.
nextPage	number Next page offset indicator. Its value should be passed in the `pageOffset` query parameter. when requesting the next page. Its type depends on the Identity Provider.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/groups?filter=test&pageOffset=1&sortBy=email:desc&perPage=10' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"content": 
[
{"id": "d8028639-a76a-4614-965a-7e3d4832d94b",
"name": "Administrators",
"repository_type": "local",
"identity_provider_id": "local",
"created_at": "2024-04-11T14:59:31Z",
"updated_at": "2024-04-11T14:59:31Z"
}
],
"first": true,
"last": true,
"size": 50,
"totalElements": 1,
"perPage": 1,
"nextPage": 1
}

List Assigned Users

get /identities/{identity-provider-id}/groups/{entity-id}/users

Default server.

https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/groups/{entity-id}/users

Returns a group's user list by ID from the specified identity provider For the local users repository in your Symantec ZTNA tenant, set identity-provider-id to 'local'.

Authorizations:

OAuth

path Parameters

identity-provider-id required	string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using List Identity Providers API. For Symantec ZTNA internal Identity Provider, set this property to local.
entity-id required	string Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f Entity identifier as determined by the owning Identity Provider. This identifier can be retrieved using Search Users By Identity Provider API for users or Search Groups By Identity Provider API for groups.

query Parameters

pageOffset	string or number Example: pageOffset=1 Page number. Depending on the Identity Provider, this field can either be a number or a string. It can't be assumed and a valid value must be used from the response returned for the previous page. If not specified, first page is returned.
perPage	number <int32> [ 1 .. 100 ] Default: 25 Example: perPage=10 The number of items returned in a single page.

Responses

200

successful operation.

Response Schema: application/json

content	Array of objects (User)
first	boolean Indicates whether the current page is the first one.
last	boolean Indicates whether the current page is the last one.
size	integer <int32> Maximum number of elements per page.
totalElements	integer <int32> Number of elements included in the response.
perPage	integer <int32> Number of elements in current page.
nextPage	number Next page offset indicator. Its value should be passed in the `pageOffset` query parameter. when requesting the next page. Its type depends on the Identity Provider.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/groups/{entity-id}/users?pageOffset=1&perPage=10' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"content": 
[
{"username": "john.doe@acme.luminatesec.com",
"notification_email": "john.doe@gmail.com",
"upn": "john.doe@acme.com",
"first_name": "John",
"last_name": "Doe",
"email": "john.doe@acme.com",
"created_at": "2024-04-11T14:59:31Z",
"updated_at": "2024-04-11T14:59:31Z",
"last_login": "2024-04-11T14:59:31Z",
"logins_count": 1235,
"repository_type": "local",
"upn_forward_for_sso_enabled": false,
"is_admin": false,
"is_deleted": false,
"blocked": false,
"hasMfaSecret": false,
"id": "978f38e3-ec9f-4779-829d-19f1f443dec8",
"identity_provider_id": "local"
}
],
"first": true,
"last": true,
"size": 50,
"totalElements": 1,
"perPage": 1,
"nextPage": 1
}

Remove User From Group

delete /identities/local/groups/{group-id}/users/{user-id}

Default server.

https://api.acme.luminatesec.com/v2/identities/local/groups/{group-id}/users/{user-id}

Remove user from group.

Authorizations:

OAuth

path Parameters

group-id required	string Example: b7188113-b9c6-4dee-9a3c-3963236f19a8 Group ID
user-id required	string Example: 64b2d04f-157f-48a3-a277-e1b4147c46c4 User ID

Responses

204

successful operation.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X DELETE 'https://api.acme.luminatesec.com/v2/identities/local/groups/{group-id}/users/{user-id}' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
"timestamp": 1548259503065,
"status": 400,
"reasonPhrase": "Bad Request",
"message": "Invalid request parameters: Invalid ID format - failed to process request"
}

Assign User To Group

put /identities/local/groups/{group-id}/users/{user-id}

Default server.

https://api.acme.luminatesec.com/v2/identities/local/groups/{group-id}/users/{user-id}

Add user to group.

Authorizations:

OAuth

path Parameters

group-id required	string Example: b7188113-b9c6-4dee-9a3c-3963236f19a8 Group ID
user-id required	string Example: 64b2d04f-157f-48a3-a277-e1b4147c46c4 User ID

Responses

204

successful operation.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X PUT 'https://api.acme.luminatesec.com/v2/identities/local/groups/{group-id}/users/{user-id}' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
"timestamp": 1548259503065,
"status": 400,
"reasonPhrase": "Bad Request",
"message": "Invalid request parameters: Invalid ID format - failed to process request"
}

SSH Clients

List SSH Clients

get /ssh-clients

Default server.

https://api.acme.luminatesec.com/v2/ssh-clients

Return an array of paginated JSON objects. Each object represents a ssh-client configured in your Symantec ZTNA tenant.
Using the query filter=test will return all the ssh-clients for which one or more of the above listed fields contain "test"

Authorizations:

OAuth

query Parameters

sort	string Enum: "name" "created_on" "last_accessed" "expires" "description" Name of field to sort
size	number <int32> <= 100 Default: 50 Example: size=10 The number of items returned in a single page.
page	number <int32> The page number.
filter	string Example: filter=test The string by which the results are filtered (see description)

Responses

200

successful operation.

Response Schema: application/json

content	Array of objects (SSH-Client)
first	boolean Indicates whether the current page is the first one.
last	boolean Indicates whether the current page is the last one.
size	integer <int32> Maximum number of elements per page.
totalElements	integer <int32> Number of elements included in the response.
totalPages	integer <int32> Number of pages included in the response.
number	integer <int32> Page number
numberOfElements	integer <int32> Number of elements in current page.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/ssh-clients?sort=undefined&size=10&page=0&filter=test' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"content": 
[
{"id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
"name": "mysshclient",
"description": "This ssh client is used to access our production server",
"key_size": 2048,
"created_on": "2021-10-02T15:40:01.318Z",
"modified_on": "2021-10-02T15:40:01.318Z",
"last_accessed": "2021-10-02T15:40:01.318Z",
"expires": "2022-04-02T15:40:01.318Z"
}
],
"first": true,
"last": true,
"size": 50,
"totalElements": 1,
"totalPages": 1,
"number": 0,
"numberOfElements": 1
}

SCIM

When working with Generic SAML IDP, the users and groups are managed with the following APIs which comply with SCIM 2.0 protocol.

For the search the user/group, the following search API should be used:
List Users API.
List Groups API.

Create SCIM User

post /identities/{identity-provider-id}/scim/users

Default server.

https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/scim/users

Create a SCIM user.

Authorizations:

OAuth

path Parameters

identity-provider-id

required

string

Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
For Symantec ZTNA internal Identity Provider, set this property to local.

Request Body schema: application/json

emails required	Array of objects (SCIMUserEmail) SCIM-user's emails list.
userName required	string SCIM-user's username.
name required	object (SCIMUserFullName)
schemas	Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:User" the relevant schemas for the request
externalId	string <uuid> SCIM user's external id
displayName	string SCIM-user's display name.
targetWorkstations	Array of strings SCIM-user's target workstations addresses.

Responses

201

successful operation.

Response Schema: application/json

emails required	Array of objects (SCIMUserEmail) SCIM-user's emails list.
userName required	string SCIM-user's username.
name required	object (SCIMUserFullName)
id	string <uuid> A unique identifier of this user. Note: This field is required for any operation other than initial creation.
schemas	Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:User" the relevant schemas for the request
externalId	string <uuid> SCIM user's external id
displayName	string SCIM-user's display name.
targetWorkstations	Array of strings SCIM-user's target workstations addresses.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

409

Conflict - Value of one of the provided fields is already used by an existing object.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all


{"schemas": 
["urn:ietf:params:scim:schemas:core:2.0:User"
],
"name": 
{"givenName": "string",
"familyName": "string"
},
"emails": 
[
{"value": "string",
"primary": true
}
],
"userName": "user3",
"externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
"displayName": "string",
"targetWorkstations": 
["string"
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"schemas": 
["urn:ietf:params:scim:schemas:core:2.0:User"
],
"name": 
{"givenName": "string",
"familyName": "string"
},
"emails": 
[
{"value": "string",
"primary": true
}
],
"userName": "user3",
"externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
"displayName": "string",
"targetWorkstations": 
["string"
]
}

List SCIM Users

get /identities/{identity-provider-id}/scim/users

Default server.

https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/scim/users

Return an array of paginated JSON objects. Each object represents a SCIM user.

Authorizations:

OAuth

path Parameters

identity-provider-id

required

string

Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
For Symantec ZTNA internal Identity Provider, set this property to local.

Responses

200

successful operation.

Response Schema: application/json

content	Array of objects (SCIM-User)
itemsPerPage	integer <int32> Number of elements in current page.
schemas	Array of strings Items Value: "urn:ietf:params:scim:api:messages:2.0:ListResponse" SCIM list schema
startIndex	integer <int32> The 1-based index of the first result in the current set of list results.
totalResults	integer <int32> Number of elements included in the response.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/scim/users' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"content": 
[
{"id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"schemas": 
["urn:ietf:params:scim:schemas:core:2.0:User"
],
"name": 
{"givenName": "string",
"familyName": "string"
},
"emails": 
[
{"value": "string",
"primary": true
}
],
"userName": "user3",
"externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
"displayName": "string",
"targetWorkstations": 
["string"
]
}
],
"itemsPerPage": 1,
"schemas": 
["urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"startIndex": 1,
"totalResults": 1
}

Get SCIM User

get /identities/{identity-provider-id}/scim/users/{user-id}

Default server.

https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/scim/users/{user-id}

Return the details of a SCIM user.

Authorizations:

OAuth

path Parameters

identity-provider-id required	string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using List Identity Providers API. For Symantec ZTNA internal Identity Provider, set this property to local.
user-id required	string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The user ID.

Responses

200

successful operation.

Response Schema: application/json

emails required	Array of objects (SCIMUserEmail) SCIM-user's emails list.
userName required	string SCIM-user's username.
name required	object (SCIMUserFullName)
id	string <uuid> A unique identifier of this user. Note: This field is required for any operation other than initial creation.
schemas	Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:User" the relevant schemas for the request
externalId	string <uuid> SCIM user's external id
displayName	string SCIM-user's display name.
targetWorkstations	Array of strings SCIM-user's target workstations addresses.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

404

Not Found - The specified resource was not found.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/scim/users/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"schemas": 
["urn:ietf:params:scim:schemas:core:2.0:User"
],
"name": 
{"givenName": "string",
"familyName": "string"
},
"emails": 
[
{"value": "string",
"primary": true
}
],
"userName": "user3",
"externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
"displayName": "string",
"targetWorkstations": 
["string"
]
}

Delete SCIM User

delete /identities/{identity-provider-id}/scim/users/{user-id}

Default server.

https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/scim/users/{user-id}

Delete a SCIM user.

Authorizations:

OAuth

path Parameters

identity-provider-id required	string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using List Identity Providers API. For Symantec ZTNA internal Identity Provider, set this property to local.
user-id required	string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The user ID.

Responses

204

successful operation.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

Request samples

cURL

Copy

curl -X DELETE 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/scim/users/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
"timestamp": 1551881524069,
"status": 401,
"reasonPhrase": "Unauthorized",
"message": "You are not authorized to perform this operation.",
"errors": 
["Invalid session"
]
}

Update SCIM User

put /identities/{identity-provider-id}/scim/users/{user-id}

Default server.

https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/scim/users/{user-id}

Update an existing SCIM user.

Authorizations:

OAuth

path Parameters

identity-provider-id required	string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using List Identity Providers API. For Symantec ZTNA internal Identity Provider, set this property to local.
user-id required	string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The user ID.

Request Body schema: application/json

emails required	Array of objects (SCIMUserEmail) SCIM-user's emails list.
userName required	string SCIM-user's username.
name required	object (SCIMUserFullName)
schemas	Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:User" the relevant schemas for the request
externalId	string <uuid> SCIM user's external id
displayName	string SCIM-user's display name.
targetWorkstations	Array of strings SCIM-user's target workstations addresses.

Responses

200

successful operation.

Response Schema: application/json

emails required	Array of objects (SCIMUserEmail) SCIM-user's emails list.
userName required	string SCIM-user's username.
name required	object (SCIMUserFullName)
id	string <uuid> A unique identifier of this user. Note: This field is required for any operation other than initial creation.
schemas	Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:User" the relevant schemas for the request
externalId	string <uuid> SCIM user's external id
displayName	string SCIM-user's display name.
targetWorkstations	Array of strings SCIM-user's target workstations addresses.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

409

Conflict - Value of one of the provided fields is already used by an existing object.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all


{"schemas": 
["urn:ietf:params:scim:schemas:core:2.0:User"
],
"name": 
{"givenName": "string",
"familyName": "string"
},
"emails": 
[
{"value": "string",
"primary": true
}
],
"userName": "user3",
"externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
"displayName": "string",
"targetWorkstations": 
["string"
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"schemas": 
["urn:ietf:params:scim:schemas:core:2.0:User"
],
"name": 
{"givenName": "string",
"familyName": "string"
},
"emails": 
[
{"value": "string",
"primary": true
}
],
"userName": "user3",
"externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
"displayName": "string",
"targetWorkstations": 
["string"
]
}

Create a SCIM Group

post /identities/{identity-provider-id}/scim/groups

Default server.

https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/scim/groups

Create a SCIM group.

Authorizations:

OAuth

path Parameters

identity-provider-id

required

string

Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
For Symantec ZTNA internal Identity Provider, set this property to local.

Request Body schema: application/json

displayName required	string SCIM-group's name.
schemas	Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:Group" the relevant schemas for the request
externalId	string <uuid> SCIM group's external id.
members	Array of objects (SCIMGroupMembers) all group members.

Responses

201

successful operation.

Response Schema: application/json

displayName required	string SCIM-group's name.
id	string <uuid> A unique identifier of this group. Note: This field is required for any operation other than initial creation.
schemas	Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:Group" the relevant schemas for the request
externalId	string <uuid> SCIM group's external id.
members	Array of objects (SCIMGroupMembers) all group members.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

404

Not Found - The specified resource was not found.

409

Conflict - Value of one of the provided fields is already used by an existing object.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all


{"schemas": 
["urn:ietf:params:scim:schemas:core:2.0:Group"
],
"externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
"displayName": "string",
"members": 
[
{"value": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"type": "User"
}
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"schemas": 
["urn:ietf:params:scim:schemas:core:2.0:Group"
],
"externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
"displayName": "string",
"members": 
[
{"value": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"type": "User"
}
]
}

List SCIM Groups

get /identities/{identity-provider-id}/scim/groups

Default server.

https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/scim/groups

Return an array of paginated JSON objects. Each object represents a SCIM group.

Authorizations:

OAuth

path Parameters

identity-provider-id

required

string

Example: a5ea5f01-f73c-427f-b3b6-da66433e7694

The identity provider id. This unique identifier can be retrieved using List Identity Providers API.
For Symantec ZTNA internal Identity Provider, set this property to local.

Responses

200

successful operation.

Response Schema: application/json

content	Array of objects (SCIM-Group)
itemsPerPage	integer <int32> Number of elements in current page.
schemas	Array of strings Items Value: "urn:ietf:params:scim:api:messages:2.0:ListResponse" SCIM list schema
startIndex	integer <int32> The 1-based index of the first result in the current set of list results.
totalResults	integer <int32> Number of elements included in the response.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/scim/groups' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"content": 
[
{"id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"schemas": 
["urn:ietf:params:scim:schemas:core:2.0:Group"
],
"externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
"displayName": "string",
"members": 
[
{"value": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"type": "User"
}
]
}
],
"itemsPerPage": 1,
"schemas": 
["urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"startIndex": 1,
"totalResults": 1
}

Get SCIM Group

get /identities/{identity-provider-id}/scim/groups/{group-id}

Default server.

https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/scim/groups/{group-id}

Return the details of a SCIM group.

Authorizations:

OAuth

path Parameters

identity-provider-id required	string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using List Identity Providers API. For Symantec ZTNA internal Identity Provider, set this property to local.
group-id required	string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The group ID.

Responses

200

successful operation.

Response Schema: application/json

displayName required	string SCIM-group's name.
id	string <uuid> A unique identifier of this group. Note: This field is required for any operation other than initial creation.
schemas	Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:Group" the relevant schemas for the request
externalId	string <uuid> SCIM group's external id.
members	Array of objects (SCIMGroupMembers) all group members.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

404

Not Found - The specified resource was not found.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/scim/groups/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"schemas": 
["urn:ietf:params:scim:schemas:core:2.0:Group"
],
"externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
"displayName": "string",
"members": 
[
{"value": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"type": "User"
}
]
}

Update SCIM Group

put /identities/{identity-provider-id}/scim/groups/{group-id}

Default server.

https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/scim/groups/{group-id}

Update an existing group.

Authorizations:

OAuth

path Parameters

identity-provider-id required	string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using List Identity Providers API. For Symantec ZTNA internal Identity Provider, set this property to local.
group-id required	string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The group ID.

Request Body schema: application/json

displayName required	string SCIM-group's name.
schemas	Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:Group" the relevant schemas for the request
externalId	string <uuid> SCIM group's external id.
members	Array of objects (SCIMGroupMembers) all group members.

Responses

200

successful operation.

Response Schema: application/json

displayName required	string SCIM-group's name.
id	string <uuid> A unique identifier of this group. Note: This field is required for any operation other than initial creation.
schemas	Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:Group" the relevant schemas for the request
externalId	string <uuid> SCIM group's external id.
members	Array of objects (SCIMGroupMembers) all group members.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

404

Not Found - The specified resource was not found.

409

Conflict - Value of one of the provided fields is already used by an existing object.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all


{"schemas": 
["urn:ietf:params:scim:schemas:core:2.0:Group"
],
"externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
"displayName": "string",
"members": 
[
{"value": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"type": "User"
}
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"schemas": 
["urn:ietf:params:scim:schemas:core:2.0:Group"
],
"externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
"displayName": "string",
"members": 
[
{"value": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"type": "User"
}
]
}

Delete SCIM Group

delete /identities/{identity-provider-id}/scim/groups/{group-id}

Default server.

https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/scim/groups/{group-id}

Delete a SCIM group.

Authorizations:

OAuth

path Parameters

identity-provider-id required	string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using List Identity Providers API. For Symantec ZTNA internal Identity Provider, set this property to local.
group-id required	string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The group ID.

Responses

204

successful operation.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

Request samples

cURL

Copy

curl -X DELETE 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/scim/groups/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
"timestamp": 1551881524069,
"status": 401,
"reasonPhrase": "Unauthorized",
"message": "You are not authorized to perform this operation.",
"errors": 
["Invalid session"
]
}

Modify a SCIM Group

patch /identities/{identity-provider-id}/scim/groups/{group-id}

Default server.

https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/scim/groups/{group-id}

Modify a SCIM group that has one or more required SCIM 2.0 attributes. Supports only add/remove/replace operations.

Authorizations:

OAuth

path Parameters

identity-provider-id required	string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using List Identity Providers API. For Symantec ZTNA internal Identity Provider, set this property to local.
group-id required	string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The group ID.

Request Body schema: application/json

Operations required	Array of objects (SCIMGroupOperation)
schemas required	Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:PatchOp" the relevant schemas for the request

Responses

200

successful operation.

Response Schema: application/json

displayName required	string SCIM-group's name.
id	string <uuid> A unique identifier of this group. Note: This field is required for any operation other than initial creation.
schemas	Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:Group" the relevant schemas for the request
externalId	string <uuid> SCIM group's external id.
members	Array of objects (SCIMGroupMembers) all group members.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

404

Not Found - The specified resource was not found.

Request samples

Payload
cURL

Content type

application/json

Example

Copy

Expand all Collapse all


{"schemas": 
["urn:ietf:params:scim:schemas:core:2.0:PatchOp"
],
"Operations": 
[
{"op": "add",
"path": "members",
"value": 
[
{"value": "99116c18-d842-4d2e-82b7-a493cc86e649",
"type": "User"
}
]
}
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"schemas": 
["urn:ietf:params:scim:schemas:core:2.0:Group"
],
"externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
"displayName": "string",
"members": 
[
{"value": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
"type": "User"
}
]
}

Cloud Integration

Integration with Cloud Providers like Amazon Web Services to provide a smoother and cloud-native integration with SIEM solutions and to allow access to resources based on their associated tags.

List Cloud Integration Configurations

get /cloud-integrations/integrations

Default server.

https://api.acme.luminatesec.com/v2/cloud-integrations/integrations

Return an array of JSON objects. Each object represents a Cloud Integration configuration in your Symantec ZTNA tenant.

Authorizations:

OAuth

Responses

200

successful operation.

Response Schema: application/json

Array

name required	string (CloudIntegrationName) A descriptive name of the Cloud Integration.
provider required	string (CloudIntegrationProvider) Default: "amazon" Value: "amazon" Cloud Provider name.
id	string A unique identifier of thœe Cloud Integration.
created_at	string <date-time>
updated_at	string <date-time>
aws_external_id	string AWS External ID.
aws_role_arn	string (CloudIntegrationArn) The AWS role ARN.
regions	Array of strings (CloudIntegrationRegions) A list of regions that are applicable for the configured Cloud Integration.
hostname_tag_name	string (CloudIntegrationHostnameTagName) Default: "Name" The tag that represents the hostname.
health	object (CloudIntegrationHealth)
luminate_aws_account_id	string The tag that represents the hostname.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/cloud-integrations/integrations' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


[
{"name": "AWS EU Integration",
"provider": "amazon",
"id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
"created_at": "2024-04-11T14:59:31Z",
"updated_at": "2024-04-11T14:59:31Z",
"aws_external_id": "aaabbbcccc",
"aws_role_arn": "arn:xxx:yyy:zzz",
"regions": 
["string"
],
"hostname_tag_name": "Name",
"health": 
{"status": "Ready",
"message": "string",
"error": 
{"message": "string",
"region": "string",
"provider_err_code": "string",
"provider_description": "string"
}
},
"luminate_aws_account_id": 12312312
}
]

Create Cloud Integration Configuration

post /cloud-integrations/integrations

Default server.

https://api.acme.luminatesec.com/v2/cloud-integrations/integrations

Create a new cloud integration configuration in your Symantec ZTNA tenant.

Authorizations:

OAuth

Request Body schema: application/json

name required	string (CloudIntegrationName) A descriptive name of the Cloud Integration.
provider required	string (CloudIntegrationProvider) Default: "amazon" Value: "amazon" Cloud Provider name.
regions	Array of strings (CloudIntegrationRegions) A list of regions that are applicable for the configured Cloud Integration.
hostname_tag_name	string (CloudIntegrationHostnameTagName) Default: "Name" The tag that represents the hostname.

Responses

201

successful operation.

Response Schema: application/json

name required	string (CloudIntegrationName) A descriptive name of the Cloud Integration.
provider required	string (CloudIntegrationProvider) Default: "amazon" Value: "amazon" Cloud Provider name.
id	string A unique identifier of thœe Cloud Integration.
created_at	string <date-time>
updated_at	string <date-time>
aws_external_id	string AWS External ID.
aws_role_arn	string (CloudIntegrationArn) The AWS role ARN.
regions	Array of strings (CloudIntegrationRegions) A list of regions that are applicable for the configured Cloud Integration.
hostname_tag_name	string (CloudIntegrationHostnameTagName) Default: "Name" The tag that represents the hostname.
health	object (CloudIntegrationHealth)
luminate_aws_account_id	string The tag that represents the hostname.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

409

Conflict - Value of one of the provided fields is already used by an existing object.

500

Internal Server Error.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all


{"name": "AWS EU Integration",
"provider": "amazon",
"regions": 
["string"
],
"hostname_tag_name": "Name"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"name": "AWS EU Integration",
"provider": "amazon",
"id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
"created_at": "2024-04-11T14:59:31Z",
"updated_at": "2024-04-11T14:59:31Z",
"aws_external_id": "aaabbbcccc",
"aws_role_arn": "arn:xxx:yyy:zzz",
"regions": 
["string"
],
"hostname_tag_name": "Name",
"health": 
{"status": "Ready",
"message": "string",
"error": 
{"message": "string",
"region": "string",
"provider_err_code": "string",
"provider_description": "string"
}
},
"luminate_aws_account_id": 12312312
}

Get Cloud Integration Configuration

get /cloud-integrations/integrations/{cloud-integration-id}

Default server.

https://api.acme.luminatesec.com/v2/cloud-integrations/integrations/{cloud-integration-id}

Return a Cloud Integration configuration from your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

cloud-integration-id

required

string <uuid>

Example: 18837193-a81a-400f-b38d-482379e3ab47

Cloud Integration ID

Responses

200

successful operation.

Response Schema: application/json

name required	string (CloudIntegrationName) A descriptive name of the Cloud Integration.
provider required	string (CloudIntegrationProvider) Default: "amazon" Value: "amazon" Cloud Provider name.
id	string A unique identifier of thœe Cloud Integration.
created_at	string <date-time>
updated_at	string <date-time>
aws_external_id	string AWS External ID.
aws_role_arn	string (CloudIntegrationArn) The AWS role ARN.
regions	Array of strings (CloudIntegrationRegions) A list of regions that are applicable for the configured Cloud Integration.
hostname_tag_name	string (CloudIntegrationHostnameTagName) Default: "Name" The tag that represents the hostname.
health	object (CloudIntegrationHealth)
luminate_aws_account_id	string The tag that represents the hostname.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X GET 'https://api.acme.luminatesec.com/v2/cloud-integrations/integrations/18837193-a81a-400f-b38d-482379e3ab47' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"name": "AWS EU Integration",
"provider": "amazon",
"id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
"created_at": "2024-04-11T14:59:31Z",
"updated_at": "2024-04-11T14:59:31Z",
"aws_external_id": "aaabbbcccc",
"aws_role_arn": "arn:xxx:yyy:zzz",
"regions": 
["string"
],
"hostname_tag_name": "Name",
"health": 
{"status": "Ready",
"message": "string",
"error": 
{"message": "string",
"region": "string",
"provider_err_code": "string",
"provider_description": "string"
}
},
"luminate_aws_account_id": 12312312
}

Update Cloud Integration Configuration

put /cloud-integrations/integrations/{cloud-integration-id}

Default server.

https://api.acme.luminatesec.com/v2/cloud-integrations/integrations/{cloud-integration-id}

Update an existing Cloud Integration configuration in your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

cloud-integration-id

required

string <uuid>

Example: 18837193-a81a-400f-b38d-482379e3ab47

Cloud Integration ID

Request Body schema: application/json

name required	string (CloudIntegrationName) A descriptive name of the Cloud Integration.
provider required	string (CloudIntegrationProvider) Default: "amazon" Value: "amazon" Cloud Provider name.
aws_role_arn required	string (CloudIntegrationArn) The AWS role ARN.
regions	Array of strings (CloudIntegrationRegions) A list of regions that are applicable for the configured Cloud Integration.
hostname_tag_name	string (CloudIntegrationHostnameTagName) Default: "Name" The tag that represents the hostname.

Responses

200

successful operation.

Response Schema: application/json

name required	string (CloudIntegrationName) A descriptive name of the Cloud Integration.
provider required	string (CloudIntegrationProvider) Default: "amazon" Value: "amazon" Cloud Provider name.
id	string A unique identifier of thœe Cloud Integration.
created_at	string <date-time>
updated_at	string <date-time>
aws_external_id	string AWS External ID.
aws_role_arn	string (CloudIntegrationArn) The AWS role ARN.
regions	Array of strings (CloudIntegrationRegions) A list of regions that are applicable for the configured Cloud Integration.
hostname_tag_name	string (CloudIntegrationHostnameTagName) Default: "Name" The tag that represents the hostname.
health	object (CloudIntegrationHealth)
luminate_aws_account_id	string The tag that represents the hostname.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

409

Conflict - Value of one of the provided fields is already used by an existing object.

500

Internal Server Error.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all


{"name": "AWS EU Integration",
"provider": "amazon",
"aws_role_arn": "arn:xxx:yyy:zzz",
"regions": 
["string"
],
"hostname_tag_name": "Name"
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"name": "AWS EU Integration",
"provider": "amazon",
"id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
"created_at": "2024-04-11T14:59:31Z",
"updated_at": "2024-04-11T14:59:31Z",
"aws_external_id": "aaabbbcccc",
"aws_role_arn": "arn:xxx:yyy:zzz",
"regions": 
["string"
],
"hostname_tag_name": "Name",
"health": 
{"status": "Ready",
"message": "string",
"error": 
{"message": "string",
"region": "string",
"provider_err_code": "string",
"provider_description": "string"
}
},
"luminate_aws_account_id": 12312312
}

Delete Cloud Integration

delete /cloud-integrations/integrations/{cloud-integration-id}

Default server.

https://api.acme.luminatesec.com/v2/cloud-integrations/integrations/{cloud-integration-id}

Delete a Cloud Integration configuration from your Symantec ZTNA tenant.

Authorizations:

OAuth

path Parameters

cloud-integration-id

required

string <uuid>

Example: 18837193-a81a-400f-b38d-482379e3ab47

Cloud Integration ID

Responses

204

successful operation.

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

500

Internal Server Error.

Request samples

cURL

Copy

curl -X DELETE 'https://api.acme.luminatesec.com/v2/cloud-integrations/integrations/18837193-a81a-400f-b38d-482379e3ab47' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i

Response samples

Content type

application/json

Example

Copy

Expand all Collapse all


{"request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
"timestamp": 1548259503065,
"status": 400,
"reasonPhrase": "Bad Request",
"message": "Invalid request parameters: Invalid ID format - failed to process request"
}

Audit Logs

Audit logs audit all operations done through the administration portal.

Search Audit logs

post /logs/audit

Default server.

https://api.acme.luminatesec.com/v2/logs/audit

Searches your tenant audit logs using the Elasticsearch query language. Timeframe between from_date to to_date is limited to 30 days. Results are always sorted by date in ascending order.

Authorizations:

OAuth

Request Body schema: application/json

query required	object (SearchQuery)
size	integer <int32> [ 0 .. 1000 ] Default: 1000 The maximum number of results to return.
search_after	Array of strings or numbers (SearchAfter) Nullable Elasticsearch Search After Syntax. To get the next page, copy the SearchAfterValues value from previous response.

Responses

200

successful operation.

Response Schema: application/json

Hits	number <int32> (Hits) Total number of logs found that match the query.
Logs	Array of objects (AuditLogResult)

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all


{"size": 500,
"query": 
{"free_text": "John Doe",
"from_date": 1553502809000,
"to_date": 1553675609000,
"match_or_fields": 
[
{"field_name": "clientip",
"field_values": 
["213.12.11.10",
"0.0.1.10"
]
}
]
},
"search_after": 
[1553589827407,
"luminate-<log type>#6aebc61f-7e2f-46b3-805f-d206de8899c0"
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"Hits": 1,
"Logs": 
[
{"Id": "6aebc61f-7e2f-46b3-805f-d206de8899c0",
"Data": 
{"@timestamp": "2021-01-01T12:35:03.724Z",
"additionalInfo": { },
"eventStatus": "SUCCEEDED",
"eventType": "LOGIN",
"geoip": 
{"city_name": "Jerusalem",
"country": "Israel",
"country_code": "IL",
"latitude": 31.5,
"longitude": 34.75,
"location": 
{"lon": 34.75,
"lat": 31.5
}
},
"id": "6aebc61f-7e2f-46b3-805f-d206de8899c0",
"message": "{\\\"id\\\":\\\"6aebc61f-7e2f-46b3-805f-d206de8899c0\\\",\\\"date\\\":\\\"2019-02-13T12:35:03.724386395Z\\\",\\\"tenantId\\\":\\\"12f3e95861234567a123a7c582a0a51f_acme\\\",\\\"user\\\":\\\"user@acme.com\\\",\\\"sourceHost\\\":\\\"10.10.10.50\\\",\\\"targetService\\\":\\\"AUTH_SERVICE\\\",\\\"eventType\\\":\\\"LOGIN\\\",\\\"resourceType\\\":\\\"Authentication\\\",\\\"resourceName\\\":\\\"user@acme.com\\\",\\\"resourceId\\\":\\\"auth0|5ac324095d12345678931c97\\\",\\\"eventStatus\\\":\\\"SUCCEEDED\\\",\\\"sourceAgent\\\":\\\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\\\"}\n",
"resourceId": "auth0|9daa694c-d8d0-47cb-8e94-e84694153d1d",
"resourceName": "user@acme.com",
"resourceType": "Authentication",
"role": "",
"sourceAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36",
"sourceHost": "10.10.10.50",
"tenant_id": "12f3e95861234567a123a7c582a0a51f_acme",
"entity_id": "494b5b76-4418-4a89-858e-774463c95b78",
"entity_idp_id": "local",
"entity_type": "User",
"entity_name": "first last",
"client_ip": "192.192.250.250",
"client_port": "8080",
"previous_revision": "\"{\"name\" :\"username\"}\"",
"current_revision": "\"{\"name\" :\"updated_username\"}\"",
"user": "user@acme.com",
"user_agent_full": 
{"browser": "Chrome",
"browser_major_version": 83,
"browser_type": "Browser",
"device_type": "Desktop",
"platform": "Linux",
"platform_version": "Intel x86_64",
"raw_user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36"
}
},
"SearchAfterValues": 
[1553589827407,
"luminate-<log type>#6aebc61f-7e2f-46b3-805f-d206de8899c0"
]
}
]
}

Forensics Logs

Forensics logs audit any user's access to any application as well as user's activity for any application.

Search Forensics logs

post /logs/forensics

Default server.

https://api.acme.luminatesec.com/v2/logs/forensics

Searches for the tenant's forensics logs using the Elasticsearch query language. Time search frame between [from_date to to_date] limited to 30 days. Results are always sorted by date in ascending order.

Authorizations:

OAuth

Request Body schema: application/json

query required	object (SearchQuery)
size	integer <int32> [ 0 .. 1000 ] Default: 1000 The maximum number of results to return.
search_after	Array of strings or numbers (SearchAfter) Nullable Elasticsearch Search After Syntax. To get the next page, copy the SearchAfterValues value from previous response.

Responses

200

successful operation.

Response Schema: application/json

Hits	number <int32> (Hits) Total number of logs found that match the query.
Logs	Array of objects (ForensicsLogResult)

400

Bad Request - The server cannot or will not process the request due to an apparent client error.

401

Unauthorized - Authentication is required and has failed or has not yet been provided.

403

Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.

404

NotFound - The specified resource was not found.

500

Internal Server Error.

Request samples

Payload
cURL

Content type

application/json

Copy

Expand all Collapse all


{"size": 500,
"query": 
{"free_text": "John Doe",
"from_date": 1553502809000,
"to_date": 1553675609000,
"match_or_fields": 
[
{"field_name": "clientip",
"field_values": 
["213.12.11.10",
"0.0.1.10"
]
}
]
},
"search_after": 
[1553589827407,
"luminate-<log type>#6aebc61f-7e2f-46b3-805f-d206de8899c0"
]
}

Response samples

Content type

application/json

Copy

Expand all Collapse all


{"Hits": 1,
"Logs": 
[
{"Id": "6aebc61f-7e2f-46b3-805f-d206de8899c0",
"Data": 
{"@timestamp": "2019-02-13T12:35:03.724Z",
"action_result": "SUCCESS",
"activity_type": "URI Access",
"app_external_address": "app.acme.luminatesec.com",
"app_id": "abcdefgh-5b31-41d7-b4a3-1d53faff6bad",
"app_name": "app",
"app_type": "HTTP",
"authentication_method": "PUBLIC_KEY\n",
"bytes_sent": 687,
"client": "SSH-2.0-SSHJ_0.22.0",
"client_ip": "10.10.10.50",
"client_port": 51262,
"client_type": "BROWSER",
"compliance_state": "NOT_COMPLIANT",
"description": "Accessing Web application app",
"device_validation_action_type": "CLIENT_CERTIFICATE\n",
"entity_id": "auth0|a1b2c3d4e5f6g7h8i9j0klmn",
"entity_name": "user@acme.com",
"entity_type": "User",
"entity_idp_id": "local",
"error_type": "",
"event_type": "ACCESS\n",
"geoip": 
{"city_name": "Jerusalem",
"country": "Israel",
"country_code": "IL",
"latitude": 31.5,
"longitude": 34.75,
"location": 
{"lon": 34.75,
"lat": 31.5
}
},
"global_request_id": "abcdefgh-5b31-41d7-b4a3-1d53faff6bad",
"hashed_session_id": "abcdefg1d883af497cf57a44d4950a32",
"http_command": "GET",
"http_version": "HTTP/1.1",
"internal_ip": "http://127.0.0.1:32109",
"key_action_type": "CREATE\n",
"key_event_target_user_name": "user@luminatesec.com\n",
"log_id": "abcdefgh-5b31-41d7-b4a3-1d53faff6bad",
"log_type": "WEB_ACCESS_LOG\n",
"mfa_action_type": "GOOGLE\n",
"policy_id": "abcdefgh-5b31-41d7-b4a3-1d53faff6bad",
"policy_name": "my-policy",
"policy_type": "ACCESS",
"policy_is_static": "NO",
"referrer": "https://acme.luminatesec.com/home",
"response_time": 0.029,
"ssh_activity_command": "echo -n 'hello world'\n",
"ssh_client_internal_user": "user",
"ssh_internal_resource_identifier": "app-ssh.staging.eu-west-1.acmeops.com",
"ssh_internal_resource_port": 22,
"status_code": 200,
"summary": "'user@acme.com' succeeded accessing HTTP application 'app'\n",
"tcp_internal_resource_identifier": "127.0.0.1\n",
"tcp_internal_resource_port": "22\n",
"tenant_id": "12f3e95861234567a123a7c582a0a51f_acme",
"time_to_first_byte": 0.001,
"up_stream_response_time": 0.012,
"uri": "/",
"user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36",
"user_agent_full": 
{"browser": "Chrome",
"browser_major_version": 83,
"browser_type": "Browser",
"device_type": "Desktop",
"platform": "Linux",
"platform_version": "Intel x86_64",
"raw_user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36"
},
"wss_agent_device_id": "29129c76-8940-11c7-beeb-5y347b5667c1f",
"wss_agent_device_version": "8.1.0",
"wss_agent_type": "wss-agent",
"wss_device_name": "EXAMPLE-10",
"wss_os_info": "architecture=x86_64 name=Windows 10 Pro version=10.0.19043"
},
"SearchAfterValues": 
[1553589827407,
"luminate-<log type>#6aebc61f-7e2f-46b3-805f-d206de8899c0"
]
}
]
}