Download OpenAPI specification:Download
Effective from | Change |
---|---|
May 5th, 2024 | The APIs Get Application, Create Application and Update Application have been updated by removing the legacy fields "connectorsStatus" and "totalNumberOfAvailableConnectors" from the response, as they now appear under Site object. |
Symantec ZTNA API uses common RESTful resourced based URL conventions and JSON as the exchange format.
Properties names are case-sensitive.
Some of Symantec ZTNA API calls omit None values from the API response.
The base-URL is api.
<tenant-name
>.luminatesec.com
.
For example, if your administration portal URL is admin.acme.luminatesec.com,
then your API base-URL is api.acme.luminatesec.com.
All examples below are performed on a tenant called acme.
Below you may find a list of common operations and the relevant API calls for each. Each of these operations can also be performed by using the administrative portal at https://admin.acme.luminatesec.com.
The object model of the API is built around the following:
Authentication is done using OAuth2 with the Bearer authentication scheme.
The Symantec ZTNA API is available to Symantec ZTNA users who have administrative privileges in their Symantec ZTNA tenant. An administrator should create an API client through the Symantec ZTNA Admin portal and copy the ‘Client Id’ and the ‘Client Secret’. Then the administrator should assign the API client an appropriate role in 'Tenant Roles' page.
Retrieving the API access token is done using Basic-Authentication scheme, POST of a Base64 encoded Client-ID and Client-Secret:
curl -X POST \
https://api.acme.luminatesec.com/v1/oauth/token \
-u yourApiClientId:yourApiClientSecret
This call returns the following JSON: { "access_token":"edfe22e3-eb4c-4c83-8ce3-3152e6a2XXX", "expires_in":3600, "scope":"luminate-scope", "token_type":"Bearer", "error":"", "error_description":""}
All further API calls should include the ‘Authorization’ header with value “Bearer AccessToken”
For example:
curl -H "Authorization: Bearer edfe22e3-eb4c-4c83-8ce3-3152e6a2XXX" "https://api.acme.luminatesec.com/v2/applications"
The latest Major Version is v2
.
The Major Version is included in the URL path (e.g. /v2/applications ) and it denotes breaking changes to the API. Minor and Patch versions are transparent to the client.
Some of our API responses are paginated, meaning that only a certain number of items are returned at a time.
The default number of items returned in a single page is 50.
You can override this by passing a size parameter to set the maximum number of results, but cannot exceed 100.
Specifying the page number sets the starting point for the result set, allowing you to fetch subsequent items
that are not in the initial set of results. The sort order for returned data can be controlled using the sort parameter.
You can constrain the results by using a filter.
Note: Most methods that support pagination use the approach specified above. However, some methods use varied
versions of pagination. The individual documentation for each API method is your source of truth for which pattern the method follows.
The API has a rate limit of 5 requests per second. If you have hit the rate limit, then a ‘429’ status code will be returned. In such cases, you should back-off from submitting new requests for 1 second before resuming.
Note that rate-limitation applies to the accumulated requests of all of your clients. For example, if you have 6 clients submitting requests simultaneously at a rate of 1 request per second for each one then one of them is likely to get a 429 status code.
DNS servers are published through Symantec ZTNA,
leveraging the organization’s domain resolution for Segment Applications.
DNS Server operations - You can create, read, update
and delete a DNS Server using the application endpoint.
Add a DNS Server
For additional help you may refer to our support at https://support.broadcom.com
Each request submitted to the API returns a unique request ID that is generated by
the API.
The request ID will be returned in header x-lum-request-id
.
If you need to contact us about any specific request then this ID will serve as a
reference to the given request.
Default server.
Creates a Site in your Symantec ZTNA tenant.
name required | string [ 2 .. 700 ] A descriptive name of the site. |
kubernetes_persistent_volume_name | string (kubernetes_persistent_volume_name) Default: null A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate. |
mute_health_notification | boolean Default: false Indication whether health notifications are enabled for this site. |
kerberos_configuration | object (KerberosConfiguration) Configuring Kerberos Constrained Delegation (KCD) SSO for Corporate Web Applications |
region | string The connectivity region of the site. If not specified, the default region will be used. |
successful operation.
name required | string [ 2 .. 700 ] A descriptive name of the site. |
id | string <uuid> A unique identifier of this site. Note: This field is required for any operation other than initial creation. |
kubernetes_persistent_volume_name | string (kubernetes_persistent_volume_name) Default: null A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate. |
connectors | Array of strings <uuid> IDs of all connectors included in this site. |
application_ids | Array of strings <uuid> IDs of all applications included in this site. |
connector_objects | Array of objects (Connector) |
site_status | object (SiteStatus) |
mute_health_notification | boolean Default: false Indication whether health notifications are enabled for this site. |
kerberos_configuration | object (KerberosConfiguration) Configuring Kerberos Constrained Delegation (KCD) SSO for Corporate Web Applications |
countCollections | integer <int32> The number of collections that are associated with this site. |
region | string The connectivity region of the site. If not specified, the default region will be used. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Conflict - Value of one of the provided fields is already used by an existing object.
Internal Server Error.
{- "name": "DataCenterEurope",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420",
- "mute_health_notification": false,
- "kerberos_configuration": {
- "domain": "acme.example.com",
- "kdc_address": "acme.example.com",
- "keytab_path": "/opt/keytab"
}, - "region": "europe-west1"
}
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "name": "DataCenterEurope",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420",
- "connectors": [
- "2db3162f-b720-40d3-8067-345a5a25c9ec",
- "a784ec20-24b9-445b-877d-cbbd7f67c444"
], - "application_ids": [
- "2db3162f-b720-40d3-8067-345a5a25c9ec",
- "a784ec20-24b9-445b-877d-cbbd7f67c444"
], - "connector_objects": [
- {
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "name": "TestSite-Connector-3",
- "version": "2.5.1+964",
- "registered": true,
- "otp": null,
- "date_created": "2024-04-11T14:59:30Z",
- "date_registered": "2024-04-11T14:59:30Z",
- "date_otp_expire": "2024-04-11T14:59:30Z",
- "send_logs": false,
- "enabled": true,
- "connector_status": "StatusReady",
- "update_status": "UpdateFailed",
- "update_status_info": "error downloading new connector",
- "internal_ip": "10.10.10.1",
- "external_ip": "109.155.209.167",
- "hostname": "TestSite-Connector-3-Linux",
- "geo_location": "Microsoft Azure, Netherlands, Amsterdam",
- "deployment_type": "kubernetes",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
}
], - "site_status": {
- "ConnectorsUp": [
- {
- "Id": "72e508f9-33fd-4166-ae82-8a25b0e90915",
- "last_seen": "2019-02-24T12:05:51.000Z"
}, - {
- "Id": "d05ccd0f-0cec-4de2-a815-281169c9ca7b",
- "last_seen": "2019-02-24T12:05:51.000Z"
}
], - "ConnectorsDown": null,
- "ConnectorsNotConfigured": [
- {
- "Id": "50f4837b-ec1d-4cbd-aefa-5a54733f0558",
- "last_seen": "1901-01-01T00:00:00.000Z"
}
], - "ConnectorsDisabled": null,
- "Status": "not-configured"
}, - "mute_health_notification": false,
- "kerberos_configuration": {
- "domain": "acme.example.com",
- "kdc_address": "acme.example.com",
- "keytab_path": "/opt/keytab"
}, - "countCollections": 1,
- "region": "europe-west1"
}
Default server.
Return an array of paginated JSON objects. Each object represents a site configured in your Symantec ZTNA tenant.
The supported sort keys are either ‘name’ for sorting by site name.
Filter applies for the following fields: "name" and "description".
Using the query filter=test will return all the sites for which one or more of the above listed fields contain "test"
Filtering by Application ID may be applied - in such a case, Sites that are associated with this Application will be returned. If the
Application ID does not exist then an empty array is returned.
sort | string Default: "id,asc" Example: sort=name,desc The value of this parameter is a comma-separated list of sort key and sort direction. By default, query results are sorted in ascending order by item id. The supported sort directions are either 'asc' for ascending or 'desc' for descending. |
size | number <int32> <= 100 Default: 50 Example: size=10 The number of items returned in a single page. |
page | number <int32> The page number. |
filter | string Example: filter=test The string by which the results are filtered (see description) |
successful operation.
content | Array of objects (Site) |
first | boolean Indicates whether the current page is the first one. |
last | boolean Indicates whether the current page is the last one. |
size | integer <int32> Maximum number of elements per page. |
totalElements | integer <int32> Number of elements included in the response. |
totalPages | integer <int32> Number of pages included in the response. |
number | integer <int32> Page number |
numberOfElements | integer <int32> Number of elements in current page. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/sites?sort=name,desc&size=10&page=0&filter=test' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "content": [
- {
- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "name": "DataCenterEurope",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420",
- "connectors": [
- "2db3162f-b720-40d3-8067-345a5a25c9ec",
- "a784ec20-24b9-445b-877d-cbbd7f67c444"
], - "application_ids": [
- "2db3162f-b720-40d3-8067-345a5a25c9ec",
- "a784ec20-24b9-445b-877d-cbbd7f67c444"
], - "connector_objects": [
- {
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "name": "TestSite-Connector-3",
- "version": "2.5.1+964",
- "registered": true,
- "otp": null,
- "date_created": "2024-04-11T14:59:30Z",
- "date_registered": "2024-04-11T14:59:30Z",
- "date_otp_expire": "2024-04-11T14:59:30Z",
- "send_logs": false,
- "enabled": true,
- "connector_status": "StatusReady",
- "update_status": "UpdateFailed",
- "update_status_info": "error downloading new connector",
- "internal_ip": "10.10.10.1",
- "external_ip": "109.155.209.167",
- "hostname": "TestSite-Connector-3-Linux",
- "geo_location": "Microsoft Azure, Netherlands, Amsterdam",
- "deployment_type": "kubernetes",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
}
], - "site_status": {
- "ConnectorsUp": [
- {
- "Id": "72e508f9-33fd-4166-ae82-8a25b0e90915",
- "last_seen": "2019-02-24T12:05:51.000Z"
}, - {
- "Id": "d05ccd0f-0cec-4de2-a815-281169c9ca7b",
- "last_seen": "2019-02-24T12:05:51.000Z"
}
], - "ConnectorsDown": null,
- "ConnectorsNotConfigured": [
- {
- "Id": "50f4837b-ec1d-4cbd-aefa-5a54733f0558",
- "last_seen": "1901-01-01T00:00:00.000Z"
}
], - "ConnectorsDisabled": null,
- "Status": "not-configured"
}, - "mute_health_notification": false,
- "kerberos_configuration": {
- "domain": "acme.example.com",
- "kdc_address": "acme.example.com",
- "keytab_path": "/opt/keytab"
}, - "countCollections": 1,
- "region": "europe-west1"
}
], - "first": true,
- "last": true,
- "size": 50,
- "totalElements": 1,
- "totalPages": 1,
- "number": 0,
- "numberOfElements": 1
}
Default server.
Update an existing site in your Symantec ZTNA tenant.
site-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The site ID. |
name required | string [ 2 .. 700 ] A descriptive name of the site. |
kubernetes_persistent_volume_name | string (kubernetes_persistent_volume_name) Default: null A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate. |
mute_health_notification | boolean Default: false Indication whether health notifications are enabled for this site. |
kerberos_configuration | object (KerberosConfiguration) Configuring Kerberos Constrained Delegation (KCD) SSO for Corporate Web Applications |
region | string The connectivity region of the site. If not specified, the default region will be used. |
successful operation.
name required | string [ 2 .. 700 ] A descriptive name of the site. |
id | string <uuid> A unique identifier of this site. Note: This field is required for any operation other than initial creation. |
kubernetes_persistent_volume_name | string (kubernetes_persistent_volume_name) Default: null A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate. |
connectors | Array of strings <uuid> IDs of all connectors included in this site. |
application_ids | Array of strings <uuid> IDs of all applications included in this site. |
connector_objects | Array of objects (Connector) |
site_status | object (SiteStatus) |
mute_health_notification | boolean Default: false Indication whether health notifications are enabled for this site. |
kerberos_configuration | object (KerberosConfiguration) Configuring Kerberos Constrained Delegation (KCD) SSO for Corporate Web Applications |
countCollections | integer <int32> The number of collections that are associated with this site. |
region | string The connectivity region of the site. If not specified, the default region will be used. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Conflict - Value of one of the provided fields is already used by an existing object.
Internal Server Error.
{- "name": "DataCenterEurope",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420",
- "mute_health_notification": false,
- "kerberos_configuration": {
- "domain": "acme.example.com",
- "kdc_address": "acme.example.com",
- "keytab_path": "/opt/keytab"
}, - "region": "europe-west1"
}
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "name": "DataCenterEurope",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420",
- "connectors": [
- "2db3162f-b720-40d3-8067-345a5a25c9ec",
- "a784ec20-24b9-445b-877d-cbbd7f67c444"
], - "application_ids": [
- "2db3162f-b720-40d3-8067-345a5a25c9ec",
- "a784ec20-24b9-445b-877d-cbbd7f67c444"
], - "connector_objects": [
- {
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "name": "TestSite-Connector-3",
- "version": "2.5.1+964",
- "registered": true,
- "otp": null,
- "date_created": "2024-04-11T14:59:30Z",
- "date_registered": "2024-04-11T14:59:30Z",
- "date_otp_expire": "2024-04-11T14:59:30Z",
- "send_logs": false,
- "enabled": true,
- "connector_status": "StatusReady",
- "update_status": "UpdateFailed",
- "update_status_info": "error downloading new connector",
- "internal_ip": "10.10.10.1",
- "external_ip": "109.155.209.167",
- "hostname": "TestSite-Connector-3-Linux",
- "geo_location": "Microsoft Azure, Netherlands, Amsterdam",
- "deployment_type": "kubernetes",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
}
], - "site_status": {
- "ConnectorsUp": [
- {
- "Id": "72e508f9-33fd-4166-ae82-8a25b0e90915",
- "last_seen": "2019-02-24T12:05:51.000Z"
}, - {
- "Id": "d05ccd0f-0cec-4de2-a815-281169c9ca7b",
- "last_seen": "2019-02-24T12:05:51.000Z"
}
], - "ConnectorsDown": null,
- "ConnectorsNotConfigured": [
- {
- "Id": "50f4837b-ec1d-4cbd-aefa-5a54733f0558",
- "last_seen": "1901-01-01T00:00:00.000Z"
}
], - "ConnectorsDisabled": null,
- "Status": "not-configured"
}, - "mute_health_notification": false,
- "kerberos_configuration": {
- "domain": "acme.example.com",
- "kdc_address": "acme.example.com",
- "keytab_path": "/opt/keytab"
}, - "countCollections": 1,
- "region": "europe-west1"
}
Default server.
Returns the details of a Site from your Symantec ZTNA tenant.
site-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The Site ID. |
successful operation.
name required | string [ 2 .. 700 ] A descriptive name of the site. |
id | string <uuid> A unique identifier of this site. Note: This field is required for any operation other than initial creation. |
kubernetes_persistent_volume_name | string (kubernetes_persistent_volume_name) Default: null A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate. |
connectors | Array of strings <uuid> IDs of all connectors included in this site. |
application_ids | Array of strings <uuid> IDs of all applications included in this site. |
connector_objects | Array of objects (Connector) |
site_status | object (SiteStatus) |
mute_health_notification | boolean Default: false Indication whether health notifications are enabled for this site. |
kerberos_configuration | object (KerberosConfiguration) Configuring Kerberos Constrained Delegation (KCD) SSO for Corporate Web Applications |
countCollections | integer <int32> The number of collections that are associated with this site. |
region | string The connectivity region of the site. If not specified, the default region will be used. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/sites/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "name": "DataCenterEurope",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420",
- "connectors": [
- "2db3162f-b720-40d3-8067-345a5a25c9ec",
- "a784ec20-24b9-445b-877d-cbbd7f67c444"
], - "application_ids": [
- "2db3162f-b720-40d3-8067-345a5a25c9ec",
- "a784ec20-24b9-445b-877d-cbbd7f67c444"
], - "connector_objects": [
- {
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "name": "TestSite-Connector-3",
- "version": "2.5.1+964",
- "registered": true,
- "otp": null,
- "date_created": "2024-04-11T14:59:30Z",
- "date_registered": "2024-04-11T14:59:30Z",
- "date_otp_expire": "2024-04-11T14:59:30Z",
- "send_logs": false,
- "enabled": true,
- "connector_status": "StatusReady",
- "update_status": "UpdateFailed",
- "update_status_info": "error downloading new connector",
- "internal_ip": "10.10.10.1",
- "external_ip": "109.155.209.167",
- "hostname": "TestSite-Connector-3-Linux",
- "geo_location": "Microsoft Azure, Netherlands, Amsterdam",
- "deployment_type": "kubernetes",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
}
], - "site_status": {
- "ConnectorsUp": [
- {
- "Id": "72e508f9-33fd-4166-ae82-8a25b0e90915",
- "last_seen": "2019-02-24T12:05:51.000Z"
}, - {
- "Id": "d05ccd0f-0cec-4de2-a815-281169c9ca7b",
- "last_seen": "2019-02-24T12:05:51.000Z"
}
], - "ConnectorsDown": null,
- "ConnectorsNotConfigured": [
- {
- "Id": "50f4837b-ec1d-4cbd-aefa-5a54733f0558",
- "last_seen": "1901-01-01T00:00:00.000Z"
}
], - "ConnectorsDisabled": null,
- "Status": "not-configured"
}, - "mute_health_notification": false,
- "kerberos_configuration": {
- "domain": "acme.example.com",
- "kdc_address": "acme.example.com",
- "keytab_path": "/opt/keytab"
}, - "countCollections": 1,
- "region": "europe-west1"
}
Default server.
Delete a site from your Symantec ZTNA tenant.
site-id required | string <uuid> Example: 3c536623-4763-4f67-a45a-e88f3d08cdd5 Site ID. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
curl -X DELETE 'https://api.acme.luminatesec.com/v2/sites/3c536623-4763-4f67-a45a-e88f3d08cdd5' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Returns the health status of a site from your Symantec ZTNA tenant.
site-id required | string <uuid> Example: 3c536623-4763-4f67-a45a-e88f3d08cdd5 Site ID. |
successful operation.
ConnectorsUp | Array of objects (ConnectorLastSeen) A list of online connectors represented by their ID and their last communication date. |
ConnectorsDown | Array of objects (ConnectorLastSeen) A list of offline connectors represented by their ID and their last communication date. |
ConnectorsNotConfigured | Array of objects (ConnectorLastSeen) A list of connectors that were yet established initial communication with Symantec ZTNA Cloud Service. |
ConnectorsDisabled | Array of objects (ConnectorLastSeen) A list of disabled connectors (connectors that don't serve applications defined under the contained site). |
Status | string Enum: "online" "offline" "not-configured" Site health status. The site is online when there is at least one online connector. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/sites/3c536623-4763-4f67-a45a-e88f3d08cdd5/status' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "ConnectorsUp": [
- {
- "Id": "72e508f9-33fd-4166-ae82-8a25b0e90915",
- "last_seen": "2019-02-24T12:05:51.000Z"
}, - {
- "Id": "d05ccd0f-0cec-4de2-a815-281169c9ca7b",
- "last_seen": "2019-02-24T12:05:51.000Z"
}
], - "ConnectorsDown": null,
- "ConnectorsNotConfigured": [
- {
- "Id": "50f4837b-ec1d-4cbd-aefa-5a54733f0558",
- "last_seen": "1901-01-01T00:00:00.000Z"
}
], - "ConnectorsDisabled": null,
- "Status": "not-configured"
}
A connector is a lightweight piece of software connecting your site to the Symantec ZTNA platform.
Default server.
Creates a Connector in your Symantec ZTNA tenant. To complete configuring the Symantec ZTNA connector, you should retrieve the deployment command using Connector Deployment Command API and execute it on the target machine.
bind_to_site_id required | string <uuid> Example: bind_to_site_id=6fd0a892-8b70-471a-9dd7-bf374b07451f The ID of the site that should contain this connector. |
name required | string >= 1 A descriptive name of the Connector. |
deployment_type required | string (DeploymentType) Enum: "windows" "linux" "docker-compose" "kubernetes" The deployment type of the host running the Symantec ZTNA connector. |
send_logs | boolean Default: false Indicates whether to set connector debug log level to the highest one. |
enabled | boolean Default: true Indicates whether the connector serves applications defined under the contained site. A disabled connector still communicates with Symantec ZTNA cloud service to support enabling it later on. |
kubernetes_persistent_volume_name | string (kubernetes_persistent_volume_name) Default: null A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate. |
successful operation.
name required | string >= 1 A descriptive name of the Connector. |
deployment_type required | string (DeploymentType) Enum: "windows" "linux" "docker-compose" "kubernetes" The deployment type of the host running the Symantec ZTNA connector. |
id | string <uuid> A unique identifier of this connector. Note: This field is required for any operation other than initial creation. |
version | string The version of the running connector. This version equals to or higher than container_version. |
registered | boolean Indicates whether the connector has already established a successful handshake with the Symantec ZTNA Cloud. |
otp | string When initiated, the Symantec ZTNA Connector receives an ephemeral OTP, allowing it to establish initial communication. with Symantec ZTNA Cloud Service and pull a TLS Certificate to be used for further communications. This property holds an empty value after the connector establishes a successful handshake with the Symantec ZTNA Cloud. |
date_created | string <date-time> Connector creation date. |
date_registered | string <date-time> The date when the connector established a successful handshake with the Symantec ZTNA Cloud. |
date_otp_expire | string <date-time> The date when the connector OTP expires. By default OTP is valid for 24 hours after connector creation date. |
send_logs | boolean Default: false Indicates whether to set connector debug log level to the highest one. |
enabled | boolean Default: true Indicates whether the connector serves applications defined under the contained site. A disabled connector still communicates with Symantec ZTNA cloud service to support enabling it later on. |
connector_status | string Enum: "StatusUndefined" "StatusReady" "StatusDownloadStarted" "StatusDownloadCompleted" "StatusMigrationStarted" "StatusMigrationCompleted" "StatusExecuteStarted" "StatusExecuteCompleted" "StatusRetired" "StatusFailed" "StatusRetireStarted" |
update_status | string Enum: "UpToDate" "UpdateAvailable" "UpdateStarted" "UpdateCompleted" "UpdateFailed" Indicates the connector upgrade status: |
update_status_info | string A detailed description of the connector upgrade failure reason in case a recent upgrade has failed. |
internal_ip | string The internal IP address of the host running the Symantec ZTNA connector container. |
external_ip | string The IP address used by Symantec ZTNA connector to address Symantec ZTNA cloud. |
hostname | string The name of the host running the Symantec ZTNA connector container. |
geo_location | string Geo location based on the external-ip, including the hosted cloud service if applicable. |
kubernetes_persistent_volume_name | string (kubernetes_persistent_volume_name) Default: null A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Conflict - Value of one of the provided fields is already used by an existing object.
Internal Server Error.
{- "name": "TestSite-Connector-3",
- "send_logs": false,
- "enabled": true,
- "deployment_type": "kubernetes",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
}
{- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "name": "TestSite-Connector-3",
- "version": "2.5.1+964",
- "registered": true,
- "otp": null,
- "date_created": "2024-04-11T14:59:30Z",
- "date_registered": "2024-04-11T14:59:30Z",
- "date_otp_expire": "2024-04-11T14:59:30Z",
- "send_logs": false,
- "enabled": true,
- "connector_status": "StatusReady",
- "update_status": "UpdateFailed",
- "update_status_info": "error downloading new connector",
- "internal_ip": "10.10.10.1",
- "external_ip": "109.155.209.167",
- "hostname": "TestSite-Connector-3-Linux",
- "geo_location": "Microsoft Azure, Netherlands, Amsterdam",
- "deployment_type": "kubernetes",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
}
Default server.
Return an array of paginated JSON objects. Each object represents a connector configured in your Symantec ZTNA tenant.
The supported sort keys are either ‘name’ for sorting by connector name or ‘id’ for sorting by connector id.
Filter applies for the following fields: "name", "internal-address", "external-address", "custom-domain" and "custom-root-path".
Using the query filter=test will return all the connectors for which one or more of the above listed fields contain "test".
sort | string Default: "id,asc" Example: sort=name,desc The value of this parameter is a comma-separated list of sort key and sort direction. By default, query results are sorted in ascending order by item id. The supported sort directions are either 'asc' for ascending or 'desc' for descending. |
size | number <int32> <= 100 Default: 50 Example: size=10 The number of items returned in a single page. |
page | number <int32> The page number. |
filter | string Example: filter=test The string by which the results are filtered (see description) |
successful operation.
content | Array of objects (Connector) |
first | boolean Indicates whether the current page is the first one. |
last | boolean Indicates whether the current page is the last one. |
size | integer <int32> Maximum number of elements per page. |
totalElements | integer <int32> Number of elements included in the response. |
totalPages | integer <int32> Number of pages included in the response. |
number | integer <int32> Page number |
numberOfElements | integer <int32> Number of elements in current page. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/connectors?sort=name,desc&size=10&page=0&filter=test' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "content": [
- {
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "name": "TestSite-Connector-3",
- "version": "2.5.1+964",
- "registered": true,
- "otp": null,
- "date_created": "2024-04-11T14:59:30Z",
- "date_registered": "2024-04-11T14:59:30Z",
- "date_otp_expire": "2024-04-11T14:59:30Z",
- "send_logs": false,
- "enabled": true,
- "connector_status": "StatusReady",
- "update_status": "UpdateFailed",
- "update_status_info": "error downloading new connector",
- "internal_ip": "10.10.10.1",
- "external_ip": "109.155.209.167",
- "hostname": "TestSite-Connector-3-Linux",
- "geo_location": "Microsoft Azure, Netherlands, Amsterdam",
- "deployment_type": "kubernetes",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
}
], - "first": true,
- "last": true,
- "size": 50,
- "totalElements": 1,
- "totalPages": 1,
- "number": 0,
- "numberOfElements": 1
}
Default server.
Returns the details of a Connector from your Symantec ZTNA tenant.
connector-id required | string <uuid> Example: 18837193-a81a-400f-b38d-482379e3ab47 Connector ID. |
successful operation.
name required | string >= 1 A descriptive name of the Connector. |
deployment_type required | string (DeploymentType) Enum: "windows" "linux" "docker-compose" "kubernetes" The deployment type of the host running the Symantec ZTNA connector. |
id | string <uuid> A unique identifier of this connector. Note: This field is required for any operation other than initial creation. |
version | string The version of the running connector. This version equals to or higher than container_version. |
registered | boolean Indicates whether the connector has already established a successful handshake with the Symantec ZTNA Cloud. |
otp | string When initiated, the Symantec ZTNA Connector receives an ephemeral OTP, allowing it to establish initial communication. with Symantec ZTNA Cloud Service and pull a TLS Certificate to be used for further communications. This property holds an empty value after the connector establishes a successful handshake with the Symantec ZTNA Cloud. |
date_created | string <date-time> Connector creation date. |
date_registered | string <date-time> The date when the connector established a successful handshake with the Symantec ZTNA Cloud. |
date_otp_expire | string <date-time> The date when the connector OTP expires. By default OTP is valid for 24 hours after connector creation date. |
send_logs | boolean Default: false Indicates whether to set connector debug log level to the highest one. |
enabled | boolean Default: true Indicates whether the connector serves applications defined under the contained site. A disabled connector still communicates with Symantec ZTNA cloud service to support enabling it later on. |
connector_status | string Enum: "StatusUndefined" "StatusReady" "StatusDownloadStarted" "StatusDownloadCompleted" "StatusMigrationStarted" "StatusMigrationCompleted" "StatusExecuteStarted" "StatusExecuteCompleted" "StatusRetired" "StatusFailed" "StatusRetireStarted" |
update_status | string Enum: "UpToDate" "UpdateAvailable" "UpdateStarted" "UpdateCompleted" "UpdateFailed" Indicates the connector upgrade status: |
update_status_info | string A detailed description of the connector upgrade failure reason in case a recent upgrade has failed. |
internal_ip | string The internal IP address of the host running the Symantec ZTNA connector container. |
external_ip | string The IP address used by Symantec ZTNA connector to address Symantec ZTNA cloud. |
hostname | string The name of the host running the Symantec ZTNA connector container. |
geo_location | string Geo location based on the external-ip, including the hosted cloud service if applicable. |
kubernetes_persistent_volume_name | string (kubernetes_persistent_volume_name) Default: null A persistent volume to be used for storing the Symantec ZTNA connector TLS Certificate. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/connectors/18837193-a81a-400f-b38d-482379e3ab47' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "name": "TestSite-Connector-3",
- "version": "2.5.1+964",
- "registered": true,
- "otp": null,
- "date_created": "2024-04-11T14:59:30Z",
- "date_registered": "2024-04-11T14:59:30Z",
- "date_otp_expire": "2024-04-11T14:59:30Z",
- "send_logs": false,
- "enabled": true,
- "connector_status": "StatusReady",
- "update_status": "UpdateFailed",
- "update_status_info": "error downloading new connector",
- "internal_ip": "10.10.10.1",
- "external_ip": "109.155.209.167",
- "hostname": "TestSite-Connector-3-Linux",
- "geo_location": "Microsoft Azure, Netherlands, Amsterdam",
- "deployment_type": "kubernetes",
- "kubernetes_persistent_volume_name": "pv-81e55b9b-298b-11e9-b2bd-0ace4f35b420"
}
Default server.
Delete the connector from the contained site in your Symantec ZTNA tenant.
In order to complete the action the connector container that runs in the corresponding datacenter should be removed.
connector-id required | string <uuid> Example: 18837193-a81a-400f-b38d-482379e3ab47 Connector ID. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
curl -X DELETE 'https://api.acme.luminatesec.com/v2/connectors/18837193-a81a-400f-b38d-482379e3ab47' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Returns the command for deploying Symantec ZTNA connector as a docker image. This endpoint is valid for connectors of version 2.5.10 and higher. The command is generated based on the deployment_type that was set for the connector: windows / linux / docker-compose / Kubernetes. Executing the command on the target machine is the last step in configuring the Symantec ZTNA Connector.
connector-id required | string <uuid> Example: 18837193-a81a-400f-b38d-482379e3ab47 Connector ID. |
successful operation.
deployment_commands | string |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/connectors/18837193-a81a-400f-b38d-482379e3ab47/command' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "deployment_commands": "sudo docker run --ulimit nofile=2048 -e ENDPOINT_URL='acme.luminatesite.com' \\\n-e TENANT_IDENTIFIER='12f3e95861234567a123a7c582a0a51f_acme' \\ --network=host \\\n-d \\ --name='TestSite-Connector-3' \\ --restart=on-failure \\ -e HTTPS_SKIP_CERT_VERIFY='true' \\\n-e OTP='2d1e1bfa-1234-41bf-a805-a3d1aa7eb5d1' \\ -e LOG_LEVEL=debug \\ -e DISABLE_ERROR_TRACKER=true \\\nluminate/connector:2.5.8\n"
}
Default server.
Returns the set of environment variables required for deployed connector in a conveniently JSON format. Applicable for all connector types that was set for the connector: windows / linux / docker-compose / Kubernetes.
connector-id required | string <uuid> Example: 18837193-a81a-400f-b38d-482379e3ab47 Connector ID. |
successful operation.
container_name | string |
environment_variables | Array of objects An array of environment variables |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/connectors/18837193-a81a-400f-b38d-482379e3ab47/environment_variables' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "container_name": "TestSite-Connector-3",
- "environment_variables": [
- {
- "name": "ENDPOINT_URL",
- "value": "acme.luminatesec.com"
}, - {
- "name": "TENANT_IDENTIFIER",
- "value": "12f3e95861234567a123a7c582a0a51f_acme"
}, - {
- "name": "HTTPS_SKIP_CERT_VERIFY",
- "value": true
}, - {
- "name": "OTP",
- "value": "2d1e1bfa-1234-41bf-a805-a3d1aa7eb5d1"
}, - {
- "name": "LOG_LEVEL",
- "value": "debug"
}, - {
- "name": "DISABLE_ERROR_TRACKER",
- "value": true
}
]
}
Default server.
Returns the latest connector version available for the tenant
successful operation.
connector_version | string |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/connectors/version' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "connector_version": "2.5.8"
}
Default server.
Creates an application in your Symantec ZTNA tenant.
Note: To allow access to a newly created application, you should have a Site defined and Symantec ZTNA Connectors deployed, as well as access policy, this application assigned to. You can then assign the application to the required site using Bind Application to Site API. You can assign the application to the policy using Assign Application to policies.
name required | string [ 2 .. 40 ] A descriptive name of the application. |
id required | string <uuid> (ApplicationID) A unique identifier of the application. Note: This field is required for any operation other than initial creation. |
type required | string (ApplicationType) DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications. SSH |
connectionSettings required | object (ApplicationConnectionSettingsSSH) |
icon | string Nullable Default: null Base64 representation of the icon file, size should be up to 40x40 pixels. |
isVisible | boolean Nullable Default: true Indicates whether to show this application in the applications portal. |
isNotificationEnabled | boolean Nullable Default: true Indicates whether notifications are enabled for this application. |
enabled | boolean Nullable Default: true Indicates the application status configured by Admin (enabled/disabled). |
collectionId | string <uuid> Nullable A unique identifier of the collection assigned to application. Note: if field not provided application will created on default collection. |
successful operation.
name required | string [ 2 .. 40 ] A descriptive name of the application. |
id required | string <uuid> (ApplicationID) A unique identifier of the application. Note: This field is required for any operation other than initial creation. |
type required | string (ApplicationType) Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" "DNS" DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications. |
internalAddress required | string (InternalAddress) "Internal Address" is the connection used by the Symantec ZTNA Connector to open internal communications to the application. It can contain either an internal IP address or an internal DNS. Note: If URI schema and/or port are not specified:
|
dnsSettings required | object (DNSServerData) |
createdOn | number Application creation date, epoch time in milliseconds. Note: This field is automatically populated. |
modifiedOn | number Application last modification date, epoch time in milliseconds. Note: This field is automatically populated. |
icon | string Nullable Default: null Base64 representation of the icon file, size should be up to 40x40 pixels. |
isVisible | boolean Nullable Default: true Indicates whether to show this application in the applications portal. |
isNotificationEnabled | boolean Nullable Default: true Indicates whether notifications are enabled for this application. |
enabled | boolean Nullable Default: true Indicates the application status configured by Admin (enabled/disabled). |
health | object (ApplicationHealth) |
collectionId | string <uuid> Nullable A unique identifier of the collection assigned to application. Note: if field not provided application will created on default collection. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Conflict - Value of one of the provided fields is already used by an existing object.
Internal Server Error.
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "name": "TestApplication",
- "type": "SSH",
- "icon": null,
- "isVisible": true,
- "isNotificationEnabled": true,
- "enabled": true,
- "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "connectionSettings": {
- "internalAddress": "tcp://127.0.0.1:22",
- "externalAddress": "testapp.acme.luminatesec.com",
- "luminateAddress": "testapp.acme.luminatesec.com",
- "subdomain": null
}
}
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "name": "TestApplication",
- "type": "HTTP",
- "createdOn": 1539000953351,
- "modifiedOn": 1539000956235,
- "icon": null,
- "isVisible": true,
- "isNotificationEnabled": true,
- "enabled": true,
- "health": {
- "applicationId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "status": "PartiallyAvailable",
- "cause": "Some connector fail to expose application",
- "lastUpdatedOn": 1539680482000,
- "totalNumberOfConnectors": 2,
- "lastAvailableOn": 1539680482000
}, - "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "internalAddress": "string",
- "dnsSettings": {
- "domainSuffixes": [
- "mycompany.com"
]
}, - "ApplicationHTTP": "DNSServer"
}
Default server.
Return an array of paginated JSON objects. Each object represents an application configured in your Symantec ZTNA tenant.
The supported sort keys are either ‘name’ for sorting by application name or ‘id’ for sorting by application id.
Filter applies for the following fields: "name", "internal-address", "external-address", "custom-domain" and "custom-root-path".
Using the query filter=testapp will return all the applications for which one or more of the above listed fields contain "testapp"
sort | string Default: "id,asc" Example: sort=name,desc The value of this parameter is a comma-separated list of sort key and sort direction. By default, query results are sorted in ascending order by item id. The supported sort directions are either 'asc' for ascending or 'desc' for descending. |
size | number <int32> <= 100 Default: 50 Example: size=10 The number of items returned in a single page. |
page | number <int32> The page number. |
filter | string Example: filter=test The string by which the results are filtered (see description) |
type | string Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" "DNS" Example: type=HTTP Application type by which the results are filtered. |
siteId | string <uuid> Example: siteId=5fa7bfe9e312345bce28f0a2ad9698b8 Site ID by which the results are filtered. |
successful operation.
content | Array of objects (Application) |
sort | Array of objects (ApplicationSort) Response sorting techniques. |
first | boolean Indicates whether the current page is the first one. |
last | boolean Indicates whether the current page is the last one. |
size | integer <int32> Maximum number of elements per page. |
totalElements | integer <int32> Number of elements included in the response. |
totalPages | integer <int32> Number of pages included in the response. |
number | integer <int32> Page number |
numberOfElements | integer <int32> Number of elements in current page. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/applications?sort=name,desc&size=10&page=0&filter=test&type=HTTP&siteId=5fa7bfe9e312345bce28f0a2ad9698b8' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "content": [
- {
- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "name": "TestApplication",
- "type": "HTTP",
- "createdOn": 1539000953351,
- "modifiedOn": 1539000956235,
- "icon": null,
- "isVisible": true,
- "isNotificationEnabled": true,
- "enabled": true,
- "health": {
- "applicationId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "status": "PartiallyAvailable",
- "cause": "Some connector fail to expose application",
- "lastUpdatedOn": 1539680482000,
- "totalNumberOfConnectors": 2,
- "lastAvailableOn": 1539680482000
}, - "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "subType": "HTTP_LUMINATE_DOMAIN",
- "connectionSettings": {
- "subdomain": null,
- "customExternalAddress": null,
- "customRootPath": null,
- "healthUrl": "/HealthCheck",
- "healthMethod": "Head",
- "customSSLCertificate": null,
- "wildcardPrivateKey": null
}, - "linkTranslationSettings": {
- "isDefaultContentRewriteRulesEnabled": true,
- "isDefaultHeaderRewriteRulesEnabled": true,
- "useExternalAddressForHostAndSni": false,
- "linkedApplications": [ ]
}, - "requestCustomizationSettings": {
- "headerCustomization": "X-Forwarded-For: '$SOURCEIP$'\nX-Forwarded-Host: '$ORIGINALHOST$'\nX-Forwarded-Proto: '$PROTOCOL$'\nX-EMAIL-ADDRESS: '$EMAIL$'\n"
}, - "tcpTunnelSettings": [
- {
- "target": "127.0.0.1",
- "ports": [
- 80,
- 8080
]
}, - {
- "target": "127.0.0.2",
- "ports": [
- 80,
- 8080
]
}
], - "cloudIntegrationData": {
- "tags": [
- {
- "key": "key1",
- "value": "value1"
}, - {
- "key": "key2",
- "value": "value2"
}
], - "segmentId": "bd3e5b97-3521-4f08-b7b1-9970a47fd984",
- "vpcs": [
- {
- "id": "5fa7bfe9e312345bce28f0a2ad9698b8",
- "vpc": "vpc-ab123456",
- "region": "eu-west-1",
- "cidr_block": "194.24.0.0/16",
- "integration_id": "0c0aa97c-0f47-1234-80cc-5fedc03ea4c7",
- "integration_name": "acmeAws"
}, - {
- "id": "ad12345eac234b66b00b6f35de23ba0e",
- "vpc": "vpc-ed123456",
- "region": "eu-west-1",
- "cidr_block": "194.24.0.0/16",
- "integration_id": "0c0aa97c-0f47-1234-80cc-5fedc03ea4c7",
- "integration_name": "acmeAws"
}
]
}, - "segmentSettings": {
- "originalIp": "string"
}, - "multipleSegmentSettings": [
- {
- "originalIp": "10.0.0.0"
}
], - "internalAddress": "string",
- "dnsSettings": {
- "domainSuffixes": [
- "mycompany.com"
]
}
}
], - "sort": [
- {
- "direction": "asc",
- "property": "name",
- "ignoreCase": false,
- "nullHandling": 1,
- "ascending": true,
- "descending": false
}
], - "first": true,
- "last": true,
- "size": 50,
- "totalElements": 1,
- "totalPages": 1,
- "number": 0,
- "numberOfElements": 1
}
Default server.
Returns the details of an Application from your Symantec ZTNA tenant.
application-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f Application ID. |
successful operation.
name required | string [ 2 .. 40 ] A descriptive name of the application. |
id required | string <uuid> (ApplicationID) A unique identifier of the application. Note: This field is required for any operation other than initial creation. |
type required | string (ApplicationType) Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" "DNS" DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications. |
internalAddress required | string (InternalAddress) "Internal Address" is the connection used by the Symantec ZTNA Connector to open internal communications to the application. It can contain either an internal IP address or an internal DNS. Note: If URI schema and/or port are not specified:
|
dnsSettings required | object (DNSServerData) |
createdOn | number Application creation date, epoch time in milliseconds. Note: This field is automatically populated. |
modifiedOn | number Application last modification date, epoch time in milliseconds. Note: This field is automatically populated. |
icon | string Nullable Default: null Base64 representation of the icon file, size should be up to 40x40 pixels. |
isVisible | boolean Nullable Default: true Indicates whether to show this application in the applications portal. |
isNotificationEnabled | boolean Nullable Default: true Indicates whether notifications are enabled for this application. |
enabled | boolean Nullable Default: true Indicates the application status configured by Admin (enabled/disabled). |
health | object (ApplicationHealth) |
collectionId | string <uuid> Nullable A unique identifier of the collection assigned to application. Note: if field not provided application will created on default collection. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/applications/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "name": "TestApplication",
- "type": "HTTP",
- "createdOn": 1539000953351,
- "modifiedOn": 1539000956235,
- "icon": null,
- "isVisible": true,
- "isNotificationEnabled": true,
- "enabled": true,
- "health": {
- "applicationId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "status": "PartiallyAvailable",
- "cause": "Some connector fail to expose application",
- "lastUpdatedOn": 1539680482000,
- "totalNumberOfConnectors": 2,
- "lastAvailableOn": 1539680482000
}, - "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "internalAddress": "string",
- "dnsSettings": {
- "domainSuffixes": [
- "mycompany.com"
]
}, - "ApplicationHTTP": "DNSServer"
}
Default server.
Update an existing application in your Symantec ZTNA tenant.
application-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f Application ID. |
name required | string [ 2 .. 40 ] A descriptive name of the application. |
id required | string <uuid> (ApplicationID) A unique identifier of the application. Note: This field is required for any operation other than initial creation. |
type required | string (ApplicationType) DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications. SSH |
connectionSettings required | object (ApplicationConnectionSettingsSSH) |
icon | string Nullable Default: null Base64 representation of the icon file, size should be up to 40x40 pixels. |
isVisible | boolean Nullable Default: true Indicates whether to show this application in the applications portal. |
isNotificationEnabled | boolean Nullable Default: true Indicates whether notifications are enabled for this application. |
enabled | boolean Nullable Default: true Indicates the application status configured by Admin (enabled/disabled). |
collectionId | string <uuid> Nullable A unique identifier of the collection assigned to application. Note: if field not provided application will created on default collection. |
successful operation.
name required | string [ 2 .. 40 ] A descriptive name of the application. |
id required | string <uuid> (ApplicationID) A unique identifier of the application. Note: This field is required for any operation other than initial creation. |
type required | string (ApplicationType) Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" "DNS" DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications. |
internalAddress required | string (InternalAddress) "Internal Address" is the connection used by the Symantec ZTNA Connector to open internal communications to the application. It can contain either an internal IP address or an internal DNS. Note: If URI schema and/or port are not specified:
|
dnsSettings required | object (DNSServerData) |
createdOn | number Application creation date, epoch time in milliseconds. Note: This field is automatically populated. |
modifiedOn | number Application last modification date, epoch time in milliseconds. Note: This field is automatically populated. |
icon | string Nullable Default: null Base64 representation of the icon file, size should be up to 40x40 pixels. |
isVisible | boolean Nullable Default: true Indicates whether to show this application in the applications portal. |
isNotificationEnabled | boolean Nullable Default: true Indicates whether notifications are enabled for this application. |
enabled | boolean Nullable Default: true Indicates the application status configured by Admin (enabled/disabled). |
health | object (ApplicationHealth) |
collectionId | string <uuid> Nullable A unique identifier of the collection assigned to application. Note: if field not provided application will created on default collection. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Conflict - Value of one of the provided fields is already used by an existing object.
Internal Server Error.
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "name": "TestApplication",
- "type": "SSH",
- "icon": null,
- "isVisible": true,
- "isNotificationEnabled": true,
- "enabled": true,
- "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "connectionSettings": {
- "internalAddress": "tcp://127.0.0.1:22",
- "externalAddress": "testapp.acme.luminatesec.com",
- "luminateAddress": "testapp.acme.luminatesec.com",
- "subdomain": null
}
}
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "name": "TestApplication",
- "type": "HTTP",
- "createdOn": 1539000953351,
- "modifiedOn": 1539000956235,
- "icon": null,
- "isVisible": true,
- "isNotificationEnabled": true,
- "enabled": true,
- "health": {
- "applicationId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "status": "PartiallyAvailable",
- "cause": "Some connector fail to expose application",
- "lastUpdatedOn": 1539680482000,
- "totalNumberOfConnectors": 2,
- "lastAvailableOn": 1539680482000
}, - "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "internalAddress": "string",
- "dnsSettings": {
- "domainSuffixes": [
- "mycompany.com"
]
}, - "ApplicationHTTP": "DNSServer"
}
Default server.
Delete an application from your Symantec ZTNA tenant.
application-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f Application ID. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
curl -X DELETE 'https://api.acme.luminatesec.com/v2/applications/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Bind your Application to an existing Site in your Symantec ZTNA tenant.
application-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f Application ID. |
site-id required | string <uuid> Example: 3c536623-4763-4f67-a45a-e88f3d08cdd5 Site ID. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
null
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Returns the health status of the given Application from your Symantec ZTNA tenant.
application-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f Application ID. |
successful operation.
applicationId | string <uuid> |
status | string Enum: "Available" "Unavailable" "Pending" "PartiallyAvailable" The application accessibility status. |
cause | string Root cause for status different than "Available". |
lastUpdatedOn | number Date when Application health was last updated on, epoch time in milliseconds. |
totalNumberOfConnectors | integer <int32> The number of connectors that expose the application regardless of their health status. |
lastAvailableOn | number Date when Application was last available, epoch time in milliseconds. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/applications/6fd0a892-8b70-471a-9dd7-bf374b07451f/status' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "applicationId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "status": "PartiallyAvailable",
- "cause": "Some connector fail to expose application",
- "lastUpdatedOn": 1539680482000,
- "totalNumberOfConnectors": 2,
- "lastAvailableOn": 1539680482000
}
Symantec ZTNA continuously enforce contextual access and activity policies to control access to resources and restrict user’s actions within resources, based on the user/device context (such as the user’s group membership, user’s location, MFA status and managed/unmanaged device status) and the requested resource.
Policy Evaluation
For each access request, Symantec ZTNA processes the policies against the request context
(user, device and the requested resource) to calculate the effective policies and to
determine whether the request should be allowed or denied.
If no access policy could be matched, the access is blocked.
Access Policy configuration
When defining an access policy, the following configuration is supported:
Default server.
Creates an Access / Activity Policy in your Symantec ZTNA tenant.
type required | string (PolicyType) Determines the policy type:
ACCESS |
targetProtocol required | string (PolicyTargetProtocol) Enum: "HTTP" "SSH" "RDP" "TCP" |
name required | string A descriptive name of the policy. The name must be unique. |
id | string <uuid> A unique identifier of the policy. |
enabled | boolean Indicates whether this policy is enabled. |
collectionId | string <uuid> Nullable A unique identifier of the collection assigned to policy. Note: if field not provided policy will created on default collection. |
directoryEntities | Array of objects (DirectoryEntity) The entities to which this policy applies. |
applications | Array of objects (ApplicationBase) The applications to which this policy applies. |
filterConditions | Array of objects (PolicyCondition) Filter conditions that specify the context of the user and the device in which the policy will apply. This Context includes information about the source IP address, source location and source device. The policy is effective only when ALL conditions are satisfied (evaluate to TRUE). Conditions are formed by using properties of the request context and describing their required state. For example, source IP should be one of the listed IP addresses. To retrieve the supported conditions use Get Supported Conditions API. |
timeSettingsType | string Default: "permanent" Enum: "permanent" "temporary" configures the time settings type for the policy. |
Status | string Indicates the policy status |
validators | object The controls you want to enforce as a prerequisite for granting access to the requested resource. Examples are Multi-factor authentication and Web Verification. To configure the required controls, you should retrieve the supported validators IDs by using Get Supported Validators and set the proper ones to TRUE. Note: Applicable for policies of type ACCESS only. |
rdpSettings | object (PolicyRDPSettings) Policy settings that are specific to applications of type RDP |
sshSettings | object (PolicySSHSettings) Policy settings that are specific to applications of type SSH |
tcpSettings | object (PolicyTCPSettings) Policy settings that are specific to applications of type RDP |
timeSettings | object (PolicyTimeSettings) Holds additional information regarding time settings of rules. This property applies only in case timeSettingsType is set to "temporary". |
successful operation.
type required | string (PolicyType) Enum: "ACCESS" "ACTIVITY" Determines the policy type:
|
targetProtocol required | string (PolicyTargetProtocol) Enum: "HTTP" "SSH" "RDP" "TCP" |
name required | string A descriptive name of the policy. The name must be unique. |
id | string <uuid> A unique identifier of the policy. |
enabled | boolean Indicates whether this policy is enabled. |
createdAt | string <date-time> |
collectionId | string <uuid> Nullable A unique identifier of the collection assigned to policy. Note: if field not provided policy will created on default collection. |
directoryEntities | Array of objects (DirectoryEntity) The entities to which this policy applies. |
applications | Array of objects (ApplicationBase) The applications to which this policy applies. |
filterConditions | Array of objects (PolicyCondition) Filter conditions that specify the context of the user and the device in which the policy will apply. This Context includes information about the source IP address, source location and source device. The policy is effective only when ALL conditions are satisfied (evaluate to TRUE). Conditions are formed by using properties of the request context and describing their required state. For example, source IP should be one of the listed IP addresses. To retrieve the supported conditions use Get Supported Conditions API. |
timeSettingsType | string Default: "permanent" Enum: "permanent" "temporary" configures the time settings type for the policy. |
Status | string Indicates the policy status |
validators | object The controls you want to enforce as a prerequisite for granting access to the requested resource. Examples are Multi-factor authentication and Web Verification. To configure the required controls, you should retrieve the supported validators IDs by using Get Supported Validators and set the proper ones to TRUE. Note: Applicable for policies of type ACCESS only. |
rdpSettings | object (PolicyRDPSettings) Policy settings that are specific to applications of type RDP |
sshSettings | object (PolicySSHSettings) Policy settings that are specific to applications of type SSH |
tcpSettings | object (PolicyTCPSettings) Policy settings that are specific to applications of type RDP |
timeSettings | object (PolicyTimeSettings) Holds additional information regarding time settings of rules. This property applies only in case timeSettingsType is set to "temporary". |
containers | Array of objects (PolicyRule) The rules specify the constraints on the action that the user wants to perform. For example URI black list for web applications or file download restrictions. Each rule contains the the activity which triggers the rule and the action, which determines how the Symantec ZTNA should react when such activity is triggered. Example actions are ‘block action’ in case of an attempt to access a non-allowed URI. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Conflict - Value of one of the provided fields is already used by an existing object.
Internal Server Error.
{- "type": "ACCESS",
- "targetProtocol": "SSH",
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "enabled": true,
- "name": "Contractors Policy to Jira",
- "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "directoryEntities": [
- {
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}
], - "applications": [
- {
- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "HTTP"
}
], - "filterConditions": [
- {
- "conditionDefinitionId": "LOCATION_RESTRICTION",
- "arguments": {
- "COUNTRIES": [
- "Argentina",
- "Angola"
]
}
}
], - "timeSettingsType": "permanent",
- "Status": "expired",
- "validators": {
- "VALIDATOR_MFA": true
}, - "rdpSettings": {
- "longTermPassword": false
}, - "sshSettings": {
- "accounts": [
- "ubuntu",
- "root"
], - "autoMapping": true,
- "fullUpnAutoMapping": false,
- "agentForward": false,
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "tcpSettings": {
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "timeSettings": {
- "fromDate": "1985-04-12T23:20:50.52Z",
- "toDate": "1985-04-12T23:20:50.52Z"
}
}
{- "type": "ACCESS",
- "targetProtocol": "SSH",
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "enabled": true,
- "createdAt": { },
- "name": "Contractors Policy to Jira",
- "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "directoryEntities": [
- {
- "id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}
], - "applications": [
- {
- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "HTTP"
}
], - "filterConditions": [
- {
- "conditionDefinitionId": "LOCATION_RESTRICTION",
- "arguments": {
- "COUNTRIES": [
- "Argentina",
- "Angola"
]
}
}
], - "timeSettingsType": "permanent",
- "Status": "expired",
- "validators": {
- "VALIDATOR_MFA": true
}, - "rdpSettings": {
- "longTermPassword": false
}, - "sshSettings": {
- "accounts": [
- "ubuntu",
- "root"
], - "autoMapping": true,
- "fullUpnAutoMapping": false,
- "agentForward": false,
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "tcpSettings": {
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "timeSettings": {
- "fromDate": "1985-04-12T23:20:50.52Z",
- "toDate": "1985-04-12T23:20:50.52Z"
}, - "containers": [
- {
- "conditions": [
- {
- "arguments": {
- "SSH_COMMAND": [
- "sudo",
- "ls",
- "chmod"
]
}, - "conditionDefinitionId": "SSH_COMMAND_WHITELIST"
}
], - "actionId": "ALLOW"
}
], - "PolicyAccess": "Policy"
}
Default server.
Return an array of paginated JSON objects. Each object represents a policy configured in your Symantec ZTNA tenant.
The supported sort keys are either ‘name’ for sorting by policy name or ‘id’ for sorting by policy id.
Filter applies for the policy name only.
Using the query filter=testpolicy will return all the policies for which one or more of the above listed fields contain "testpolicy"
sort | string Default: "id,asc" Example: sort=name,desc The value of this parameter is a comma-separated list of sort key and sort direction. By default, query results are sorted in ascending order by item id. The supported sort directions are either 'asc' for ascending or 'desc' for descending. |
size | number <int32> <= 100 Default: 50 Example: size=10 The number of items returned in a single page. |
page | number <int32> The page number. |
filter | string Example: filter=test The string by which the results are filtered (see description) |
successful operation.
content | Array of objects (PolicyByType) |
first | boolean Indicates whether the current page is the first one. |
last | boolean Indicates whether the current page is the last one. |
size | integer <int32> Maximum number of elements per page. |
totalElements | integer <int32> Number of elements included in the response. |
totalPages | integer <int32> Number of pages included in the response. |
number | integer <int32> Page number |
numberOfElements | integer <int32> Number of elements in current page. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/policies?sort=name,desc&size=10&page=0&filter=test' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "content": [
- {
- "type": "ACCESS",
- "targetProtocol": "SSH",
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "enabled": true,
- "createdAt": "1985-04-12T23:20:50.520Z",
- "name": "Contractors Policy to Jira",
- "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "directoryEntities": [
- {
- "id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}
], - "applications": [
- {
- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "HTTP"
}
], - "filterConditions": [
- {
- "conditionDefinitionId": "LOCATION_RESTRICTION",
- "arguments": {
- "COUNTRIES": [
- "Argentina",
- "Angola"
]
}
}
], - "timeSettingsType": "permanent",
- "Status": "expired",
- "validators": {
- "VALIDATOR_MFA": true
}, - "rdpSettings": {
- "longTermPassword": false
}, - "sshSettings": {
- "accounts": [
- "ubuntu",
- "root"
], - "autoMapping": true,
- "fullUpnAutoMapping": false,
- "agentForward": false,
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "tcpSettings": {
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "timeSettings": {
- "fromDate": "1985-04-12T23:20:50.52Z",
- "toDate": "1985-04-12T23:20:50.52Z"
}
}
], - "first": true,
- "last": true,
- "size": 50,
- "totalElements": 1,
- "totalPages": 1,
- "number": 0,
- "numberOfElements": 1
}
Default server.
Returns the details of a Policy from your Symantec ZTNA tenant.
policy-id required | string <uuid> Example: 6fd0a531-6b70-471a-9dd7-bf374b07814f Policy ID. |
successful operation.
type required | string (PolicyType) Enum: "ACCESS" "ACTIVITY" Determines the policy type:
|
targetProtocol required | string (PolicyTargetProtocol) Enum: "HTTP" "SSH" "RDP" "TCP" |
name required | string A descriptive name of the policy. The name must be unique. |
id | string <uuid> A unique identifier of the policy. |
enabled | boolean Indicates whether this policy is enabled. |
createdAt | string <date-time> |
collectionId | string <uuid> Nullable A unique identifier of the collection assigned to policy. Note: if field not provided policy will created on default collection. |
directoryEntities | Array of objects (DirectoryEntity) The entities to which this policy applies. |
applications | Array of objects (ApplicationBase) The applications to which this policy applies. |
filterConditions | Array of objects (PolicyCondition) Filter conditions that specify the context of the user and the device in which the policy will apply. This Context includes information about the source IP address, source location and source device. The policy is effective only when ALL conditions are satisfied (evaluate to TRUE). Conditions are formed by using properties of the request context and describing their required state. For example, source IP should be one of the listed IP addresses. To retrieve the supported conditions use Get Supported Conditions API. |
timeSettingsType | string Default: "permanent" Enum: "permanent" "temporary" configures the time settings type for the policy. |
Status | string Indicates the policy status |
validators | object The controls you want to enforce as a prerequisite for granting access to the requested resource. Examples are Multi-factor authentication and Web Verification. To configure the required controls, you should retrieve the supported validators IDs by using Get Supported Validators and set the proper ones to TRUE. Note: Applicable for policies of type ACCESS only. |
rdpSettings | object (PolicyRDPSettings) Policy settings that are specific to applications of type RDP |
sshSettings | object (PolicySSHSettings) Policy settings that are specific to applications of type SSH |
tcpSettings | object (PolicyTCPSettings) Policy settings that are specific to applications of type RDP |
timeSettings | object (PolicyTimeSettings) Holds additional information regarding time settings of rules. This property applies only in case timeSettingsType is set to "temporary". |
containers | Array of objects (PolicyRule) The rules specify the constraints on the action that the user wants to perform. For example URI black list for web applications or file download restrictions. Each rule contains the the activity which triggers the rule and the action, which determines how the Symantec ZTNA should react when such activity is triggered. Example actions are ‘block action’ in case of an attempt to access a non-allowed URI. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/policies/6fd0a531-6b70-471a-9dd7-bf374b07814f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "type": "ACCESS",
- "targetProtocol": "SSH",
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "enabled": true,
- "createdAt": { },
- "name": "Contractors Policy to Jira",
- "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "directoryEntities": [
- {
- "id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}
], - "applications": [
- {
- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "HTTP"
}
], - "filterConditions": [
- {
- "conditionDefinitionId": "LOCATION_RESTRICTION",
- "arguments": {
- "COUNTRIES": [
- "Argentina",
- "Angola"
]
}
}
], - "timeSettingsType": "permanent",
- "Status": "expired",
- "validators": {
- "VALIDATOR_MFA": true
}, - "rdpSettings": {
- "longTermPassword": false
}, - "sshSettings": {
- "accounts": [
- "ubuntu",
- "root"
], - "autoMapping": true,
- "fullUpnAutoMapping": false,
- "agentForward": false,
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "tcpSettings": {
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "timeSettings": {
- "fromDate": "1985-04-12T23:20:50.52Z",
- "toDate": "1985-04-12T23:20:50.52Z"
}, - "containers": [
- {
- "conditions": [
- {
- "arguments": {
- "SSH_COMMAND": [
- "sudo",
- "ls",
- "chmod"
]
}, - "conditionDefinitionId": "SSH_COMMAND_WHITELIST"
}
], - "actionId": "ALLOW"
}
], - "PolicyAccess": "Policy"
}
Default server.
Update an existing policy in your Symantec ZTNA tenant.
policy-id required | string <uuid> Example: 6fd0a531-6b70-471a-9dd7-bf374b07814f Policy ID. |
type required | string (PolicyType) Enum: "ACCESS" "ACTIVITY" Determines the policy type:
|
targetProtocol required | string (PolicyTargetProtocol) Enum: "HTTP" "SSH" "RDP" "TCP" |
name required | string A descriptive name of the policy. The name must be unique. |
id | string <uuid> A unique identifier of the policy. |
enabled | boolean Indicates whether this policy is enabled. |
collectionId | string <uuid> Nullable A unique identifier of the collection assigned to policy. Note: if field not provided policy will created on default collection. |
directoryEntities | Array of objects (DirectoryEntity) The entities to which this policy applies. |
applications | Array of objects (ApplicationBase) The applications to which this policy applies. |
filterConditions | Array of objects (PolicyCondition) Filter conditions that specify the context of the user and the device in which the policy will apply. This Context includes information about the source IP address, source location and source device. The policy is effective only when ALL conditions are satisfied (evaluate to TRUE). Conditions are formed by using properties of the request context and describing their required state. For example, source IP should be one of the listed IP addresses. To retrieve the supported conditions use Get Supported Conditions API. |
timeSettingsType | string Default: "permanent" Enum: "permanent" "temporary" configures the time settings type for the policy. |
Status | string Indicates the policy status |
validators | object The controls you want to enforce as a prerequisite for granting access to the requested resource. Examples are Multi-factor authentication and Web Verification. To configure the required controls, you should retrieve the supported validators IDs by using Get Supported Validators and set the proper ones to TRUE. Note: Applicable for policies of type ACCESS only. |
rdpSettings | object (PolicyRDPSettings) Policy settings that are specific to applications of type RDP |
sshSettings | object (PolicySSHSettings) Policy settings that are specific to applications of type SSH |
tcpSettings | object (PolicyTCPSettings) Policy settings that are specific to applications of type RDP |
timeSettings | object (PolicyTimeSettings) Holds additional information regarding time settings of rules. This property applies only in case timeSettingsType is set to "temporary". |
containers | Array of objects (PolicyRule) The rules specify the constraints on the action that the user wants to perform. For example URI black list for web applications or file download restrictions. Each rule contains the the activity which triggers the rule and the action, which determines how the Symantec ZTNA should react when such activity is triggered. Example actions are ‘block action’ in case of an attempt to access a non-allowed URI. |
successful operation.
type required | string (PolicyType) Enum: "ACCESS" "ACTIVITY" Determines the policy type:
|
targetProtocol required | string (PolicyTargetProtocol) Enum: "HTTP" "SSH" "RDP" "TCP" |
name required | string A descriptive name of the policy. The name must be unique. |
id | string <uuid> A unique identifier of the policy. |
enabled | boolean Indicates whether this policy is enabled. |
createdAt | string <date-time> |
collectionId | string <uuid> Nullable A unique identifier of the collection assigned to policy. Note: if field not provided policy will created on default collection. |
directoryEntities | Array of objects (DirectoryEntity) The entities to which this policy applies. |
applications | Array of objects (ApplicationBase) The applications to which this policy applies. |
filterConditions | Array of objects (PolicyCondition) Filter conditions that specify the context of the user and the device in which the policy will apply. This Context includes information about the source IP address, source location and source device. The policy is effective only when ALL conditions are satisfied (evaluate to TRUE). Conditions are formed by using properties of the request context and describing their required state. For example, source IP should be one of the listed IP addresses. To retrieve the supported conditions use Get Supported Conditions API. |
timeSettingsType | string Default: "permanent" Enum: "permanent" "temporary" configures the time settings type for the policy. |
Status | string Indicates the policy status |
validators | object The controls you want to enforce as a prerequisite for granting access to the requested resource. Examples are Multi-factor authentication and Web Verification. To configure the required controls, you should retrieve the supported validators IDs by using Get Supported Validators and set the proper ones to TRUE. Note: Applicable for policies of type ACCESS only. |
rdpSettings | object (PolicyRDPSettings) Policy settings that are specific to applications of type RDP |
sshSettings | object (PolicySSHSettings) Policy settings that are specific to applications of type SSH |
tcpSettings | object (PolicyTCPSettings) Policy settings that are specific to applications of type RDP |
timeSettings | object (PolicyTimeSettings) Holds additional information regarding time settings of rules. This property applies only in case timeSettingsType is set to "temporary". |
containers | Array of objects (PolicyRule) The rules specify the constraints on the action that the user wants to perform. For example URI black list for web applications or file download restrictions. Each rule contains the the activity which triggers the rule and the action, which determines how the Symantec ZTNA should react when such activity is triggered. Example actions are ‘block action’ in case of an attempt to access a non-allowed URI. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Conflict - Value of one of the provided fields is already used by an existing object.
Internal Server Error.
{- "type": "ACCESS",
- "targetProtocol": "SSH",
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "enabled": true,
- "name": "Contractors Policy to Jira",
- "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "directoryEntities": [
- {
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}
], - "applications": [
- {
- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "HTTP"
}
], - "filterConditions": [
- {
- "conditionDefinitionId": "LOCATION_RESTRICTION",
- "arguments": {
- "COUNTRIES": [
- "Argentina",
- "Angola"
]
}
}
], - "timeSettingsType": "permanent",
- "Status": "expired",
- "validators": {
- "VALIDATOR_MFA": true
}, - "rdpSettings": {
- "longTermPassword": false
}, - "sshSettings": {
- "accounts": [
- "ubuntu",
- "root"
], - "autoMapping": true,
- "fullUpnAutoMapping": false,
- "agentForward": false,
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "tcpSettings": {
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "timeSettings": {
- "fromDate": "1985-04-12T23:20:50.52Z",
- "toDate": "1985-04-12T23:20:50.52Z"
}, - "containers": [
- {
- "conditions": [
- {
- "arguments": {
- "SSH_COMMAND": [
- "sudo",
- "ls",
- "chmod"
]
}, - "conditionDefinitionId": "SSH_COMMAND_WHITELIST"
}
], - "actionId": "ALLOW"
}
], - "PolicyAccess": "Policy"
}
{- "type": "ACCESS",
- "targetProtocol": "SSH",
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "enabled": true,
- "createdAt": { },
- "name": "Contractors Policy to Jira",
- "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "directoryEntities": [
- {
- "id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}
], - "applications": [
- {
- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "HTTP"
}
], - "filterConditions": [
- {
- "conditionDefinitionId": "LOCATION_RESTRICTION",
- "arguments": {
- "COUNTRIES": [
- "Argentina",
- "Angola"
]
}
}
], - "timeSettingsType": "permanent",
- "Status": "expired",
- "validators": {
- "VALIDATOR_MFA": true
}, - "rdpSettings": {
- "longTermPassword": false
}, - "sshSettings": {
- "accounts": [
- "ubuntu",
- "root"
], - "autoMapping": true,
- "fullUpnAutoMapping": false,
- "agentForward": false,
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "tcpSettings": {
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "timeSettings": {
- "fromDate": "1985-04-12T23:20:50.52Z",
- "toDate": "1985-04-12T23:20:50.52Z"
}, - "containers": [
- {
- "conditions": [
- {
- "arguments": {
- "SSH_COMMAND": [
- "sudo",
- "ls",
- "chmod"
]
}, - "conditionDefinitionId": "SSH_COMMAND_WHITELIST"
}
], - "actionId": "ALLOW"
}
], - "PolicyAccess": "Policy"
}
Default server.
Delete a policy from your Symantec ZTNA tenant.
policy-id required | string <uuid> Example: 6fd0a531-6b70-471a-9dd7-bf374b07814f Policy ID. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
curl -X DELETE 'https://api.acme.luminatesec.com/v2/policies/6fd0a531-6b70-471a-9dd7-bf374b07814f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Returns all supported conditions that can be used as building blocks when defining policies. Conditions Definitions are used to define filter conditions and activity policy rules.
successful operation.
id | string (PolicyConditionDefinitionID) String that uniquly represents the condition and used as its identifier. |
displayName | string Human readable name of this Condition. |
description | string Condition scope extended information. |
conditionParameters | Array of objects (PolicyConditionParameter) Determine the parameters that are required for evaluating the condition. |
typeMapping | Array of objects (PolicyConditionTypeMapping) This property specifies the policy type and the application type for which this condition applies. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/policies/config/condition-definitions' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "id": "LOCATION_RESTRICTION",
- "displayName": "Location",
- "description": "List of countries that will be allowed to access",
- "conditionParameters": [
- {
- "parameterId": "COUNTRIES",
- "displayName": "conditions",
- "elementType": "enum",
- "enumSettings": {
- "isMultiple": true,
- "values": [
- {
- "id": "IL",
- "displayName": "Israel"
}
]
}, - "stringSettings": {
- "regexValidator": "^Symantec ZTNA1$",
- "isMultiple": true,
- "example": "Symantec ZTNA1"
}, - "numberSettings": {
- "min": 5,
- "max": 10
}
}
], - "typeMapping": [
- {
- "applicationType": "HTTP",
- "policyType": "ACCESS"
}
]
}
Default server.
Returns the actions that can be enforced when a user performs a specific operation.
Examples are: ALLOW to allow the action, BLOCK to block the action, BLOCK USER to disconnect all active sessions of
the user and block further login attempts.
successful operation.
id | string Unique id for this Action, this ID should be used when setting the Action in a Container |
name | string Human readable name for this action type |
description | string extended information about the action |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/policies/config/action-types' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
[- {
- "id": "BLOCK",
- "name": "block",
- "description": "block the action"
}
]
Default server.
Returns the validators that can be used as a prerequisite for granting access to a requested resource.
Examples are Multi-factor authentication and Web Verification.
Note: The validators are applicable for policies of type ACCESS only.
successful operation.
id | string |
displayName | string |
description | string |
applicationType | string Enum: "HTTP" "SSH" "TCP" "RDP" "DYNAMIC_SSH" type of applications for that condition |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/policies/config/validator-types' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
[- {
- "id": "MFA",
- "displayName": "MFA",
- "description": "Multi Factor authentication",
- "applicationType": "HTTP"
}
]
Default server.
Returns an array of JSON objects.
Each object represents a policy assigned to the provided application in your Symantec ZTNA.
application-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f Application ID. |
successful operation.
type required | string (PolicyType) Determines the policy type:
ACCESS |
targetProtocol required | string (PolicyTargetProtocol) Enum: "HTTP" "SSH" "RDP" "TCP" |
name required | string A descriptive name of the policy. The name must be unique. |
id | string <uuid> A unique identifier of the policy. |
enabled | boolean Indicates whether this policy is enabled. |
createdAt | string <date-time> |
collectionId | string <uuid> Nullable A unique identifier of the collection assigned to policy. Note: if field not provided policy will created on default collection. |
directoryEntities | Array of objects (DirectoryEntity) The entities to which this policy applies. |
applications | Array of objects (ApplicationBase) The applications to which this policy applies. |
filterConditions | Array of objects (PolicyCondition) Filter conditions that specify the context of the user and the device in which the policy will apply. This Context includes information about the source IP address, source location and source device. The policy is effective only when ALL conditions are satisfied (evaluate to TRUE). Conditions are formed by using properties of the request context and describing their required state. For example, source IP should be one of the listed IP addresses. To retrieve the supported conditions use Get Supported Conditions API. |
timeSettingsType | string Default: "permanent" Enum: "permanent" "temporary" configures the time settings type for the policy. |
Status | string Indicates the policy status |
validators | object The controls you want to enforce as a prerequisite for granting access to the requested resource. Examples are Multi-factor authentication and Web Verification. To configure the required controls, you should retrieve the supported validators IDs by using Get Supported Validators and set the proper ones to TRUE. Note: Applicable for policies of type ACCESS only. |
rdpSettings | object (PolicyRDPSettings) Policy settings that are specific to applications of type RDP |
sshSettings | object (PolicySSHSettings) Policy settings that are specific to applications of type SSH |
tcpSettings | object (PolicyTCPSettings) Policy settings that are specific to applications of type RDP |
timeSettings | object (PolicyTimeSettings) Holds additional information regarding time settings of rules. This property applies only in case timeSettingsType is set to "temporary". |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/policies/by-app-id/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
[- {
- "type": "ACCESS",
- "targetProtocol": "SSH",
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "enabled": true,
- "createdAt": "1985-04-12T23:20:50.520Z",
- "name": "Contractors Policy to Jira",
- "collectionId": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "directoryEntities": [
- {
- "id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}
], - "applications": [
- {
- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "HTTP"
}
], - "filterConditions": [
- {
- "conditionDefinitionId": "LOCATION_RESTRICTION",
- "arguments": {
- "COUNTRIES": [
- "Argentina",
- "Angola"
]
}
}
], - "timeSettingsType": "permanent",
- "Status": "expired",
- "validators": {
- "VALIDATOR_MFA": true
}, - "rdpSettings": {
- "longTermPassword": false
}, - "sshSettings": {
- "accounts": [
- "ubuntu",
- "root"
], - "autoMapping": true,
- "fullUpnAutoMapping": false,
- "agentForward": false,
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "tcpSettings": {
- "acceptTemporaryToken": false,
- "acceptCertificate": false
}, - "timeSettings": {
- "fromDate": "1985-04-12T23:20:50.52Z",
- "toDate": "1985-04-12T23:20:50.52Z"
}
}
]
Default server.
Update explicit application assignment in the list of the policies where this application assigned to. The application will be removed from the policies which doesn’t mentioned in the request body.
application-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f Application ID. |
applicationType required | string (ApplicationType) Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" "DNS" DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications. |
policyIds required | Array of strings Identifiers of the policies to apply on the given application. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
{- "applicationType": "HTTP",
- "policyIds": [
- "string"
]
}
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Assign explicit application to the existent policies.
application-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f Application ID. |
applicationType required | string (ApplicationType) Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" "DNS" DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications. |
policyIds required | Array of strings Identifiers of the policies to apply on the given application. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
{- "applicationType": "HTTP",
- "policyIds": [
- "string"
]
}
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Remove explicit application from the policies.
application-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f Application ID. |
applicationType required | string (ApplicationType) Enum: "HTTP" "SSH" "RDP" "DYNAMIC_SSH" "TCP" "SEGMENT" "DNS" DNS is a not an application. DNS servers are published through Symantec ZTNA, leveraging the organization’s domain resolution for Segment Applications. |
policyIds required | Array of strings Identifiers of the policies to apply on the given application. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
{- "applicationType": "HTTP",
- "policyIds": [
- "string"
]
}
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Link a Site to a Collection in your Symantec ZTNA tenant.
links | Array of objects (CollectionSiteLink) |
successful operation.
links | Array of objects (CollectionSiteLink) |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Conflict - Value of one of the provided fields is already used by an existing object.
{- "links": [
- {
- "siteId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "collectionId": "dd5ef47d-3e9c-418b-abfc-a1f702fa0c59"
}
]
}
{- "links": [
- {
- "siteId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "collectionId": "dd5ef47d-3e9c-418b-abfc-a1f702fa0c59"
}
]
}
Default server.
Get the Sites linked to the Collection in your Symantec ZTNA tenant.
collection-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The collection ID. |
successful operation.
links | Array of objects (CollectionSiteLink) |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
curl -X GET 'https://api.acme.luminatesec.com/v2/collection/site-links/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "links": [
- {
- "siteId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "collectionId": "dd5ef47d-3e9c-418b-abfc-a1f702fa0c59"
}
]
}
Default server.
Unlink Site from Collection in your Symantec ZTNA tenant.
collection-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The collection ID. |
site-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The site ID. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
null
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Return an array of paginated JSON objects. Each object represents an collection configured in your Symantec ZTNA tenant.
Using the query filter=testCollection will return all the collection for which one or more of the above listed fields contain "testCollection"
sort | string Default: "id,asc" Example: sort=name,desc The value of this parameter is a comma-separated list of sort key and sort direction. By default, query results are sorted in ascending order by item id. The supported sort directions are either 'asc' for ascending or 'desc' for descending. |
size | number <int32> <= 100 Default: 50 Example: size=10 The number of items returned in a single page. |
page | number <int32> The page number. |
name | string Example: name=test The name of the resource. |
application-id | string <uuid> Example: application-id=6fd0a892-8b70-471a-9dd7-bf374b07451f Application ID. |
site-id | string <uuid> Example: site-id=3c536623-4763-4f67-a45a-e88f3d08cdd5 Site ID. |
policy-id | string <uuid> Example: policy-id=6fd0a531-6b70-471a-9dd7-bf374b07814f Policy ID. |
successful operation.
content | Array of objects (Collection) |
first | boolean Indicates whether the current page is the first one. |
last | boolean Indicates whether the current page is the last one. |
size | integer <int32> Maximum number of elements per page. |
totalElements | integer <int32> Number of elements included in the response. |
totalPages | integer <int32> Number of pages included in the response. |
number | integer <int32> Page number |
numberOfElements | integer <int32> Number of elements in current page. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/collection?sort=name,desc&size=10&page=0&name=test&application-id=6fd0a892-8b70-471a-9dd7-bf374b07451f&site-id=3c536623-4763-4f67-a45a-e88f3d08cdd5&policy-id=6fd0a531-6b70-471a-9dd7-bf374b07814f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "content": [
- {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "string",
- "countResources": 0,
- "countLinkedSites": 0,
- "fqdn": "string"
}
], - "first": true,
- "last": true,
- "size": 50,
- "totalElements": 1,
- "totalPages": 1,
- "number": 0,
- "numberOfElements": 1
}
Default server.
Create Collection in your Symantec ZTNA tenant.
id | string <uuid> |
name | string |
successful operation.
id | string <uuid> |
parentId | string <uuid> |
name | string |
countResources | integer <int32> |
countLinkedSites | integer <int32> |
fqdn | string authorization fqdn |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Conflict - Value of one of the provided fields is already used by an existing object.
{- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "string"
}
{- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "string",
- "countResources": 0,
- "countLinkedSites": 0,
- "fqdn": "string"
}
Default server.
Get Collection in your Symantec ZTNA tenant.
collection-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The collection ID. |
successful operation.
id | string <uuid> |
parentId | string <uuid> |
name | string |
countResources | integer <int32> |
countLinkedSites | integer <int32> |
fqdn | string authorization fqdn |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
curl -X GET 'https://api.acme.luminatesec.com/v2/collection/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "string",
- "countResources": 0,
- "countLinkedSites": 0,
- "fqdn": "string"
}
Default server.
Update Collection in your Symantec ZTNA tenant.
collection-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The collection ID. |
name | string |
successful operation.
id | string <uuid> |
parentId | string <uuid> |
name | string |
countResources | integer <int32> |
countLinkedSites | integer <int32> |
fqdn | string authorization fqdn |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
{- "name": "string"
}
{- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "string",
- "countResources": 0,
- "countLinkedSites": 0,
- "fqdn": "string"
}
Default server.
Delete Collection in your Symantec ZTNA tenant.
collection-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The collection ID. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
null
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Get Collections by Site in your Symantec ZTNA tenant.
site-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The site ID. |
successful operation.
collectionIds | Array of strings <uuid> |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
curl -X GET 'https://api.acme.luminatesec.com/v2/collection/site/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "collectionIds": [
- "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59"
]
}
Default server.
List Role Bindings in your Symantec ZTNA tenant.
sort | any Default: "displayName" Enum: "displayName" "entityType" "role" "createdAt" "subjectType" Example: sort=name The value of this parameter is a comma-separated list of sort key. |
direction | string Default: "asc" Enum: "asc" "desc" Example: direction=asc The value of this parameter is a comma-separated list of sort direction. |
page | number <int32> The page number. |
size | number <int32> <= 100 Default: 50 Example: size=10 The number of items returned in a single page. |
entityIdInIdp | string Example: entityIdInIdp=18837193-a81a-400f-b38d-482379e3ab47 Entity identifier as determined by the owning Identity Provider. |
entityType | any Enum: "User" "Group" "ApiClient" Example: entityType=User The directory entity type (User/Group/OU/API Client). |
entityName | string Example: entityName=test The value of this parameter is entity name. |
subjectId | string <uuid> Example: subjectId=18837193-a81a-400f-b38d-482379e3ab47 The ID of the Resource that assigned. |
subjectType | string (SubjectType) Enum: "Site" "App" "Policy" "Collection" Example: subjectType=Site The Resource that assigned to the role type (Site/App/Policy). |
subjectName | string Example: subjectName=siteName The Resource that assigned to the role name. |
roleType | string (RoleType) Enum: "TenantAdmin" "TenantViewer" "SiteEditor" "SiteConnectorDeployer" "ApplicationOwner" "PolicyOwner" Example: roleType=TenantAdmin The role type (TenantAdmin/TenantViewer/SiteEditor/SiteConnectorDeployer/ApplicationOwner/PolicyOwner) that will assign to entity. |
successful operation.
content | Array of objects (RoleBinding) |
first | boolean Indicates whether the current page is the first one. |
last | boolean Indicates whether the current page is the last one. |
size | integer <int32> Maximum number of elements per page. |
totalElements | integer <int32> Number of elements included in the response. |
totalPages | integer <int32> Number of pages included in the response. |
number | integer <int32> Page number |
numberOfElements | integer <int32> Number of elements in current page. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
curl -X GET 'https://api.acme.luminatesec.com/v2/collection/role-bindings?sort=name&direction=asc&page=0&size=10&entityIdInIdp=18837193-a81a-400f-b38d-482379e3ab47&entityType=User&entityName=test&subjectId=18837193-a81a-400f-b38d-482379e3ab47&subjectType=undefined&subjectName=siteName&roleType=TenantAdmin' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "content": [
- {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "createdAt": "2024-04-11T14:59:31Z",
- "role": {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "Tenant Viewer",
- "RoleType": "TenantAdmin"
}, - "Collection": {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "string",
- "countResources": 0,
- "countLinkedSites": 0,
- "fqdn": "string"
}, - "entity": {
- "id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}, - "resource": {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "collectionID": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "fqdn": "r::site",
- "name": "SiteName",
- "originalResourceId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "subjectType": "Site"
}
}
], - "first": true,
- "last": true,
- "size": 50,
- "totalElements": 1,
- "totalPages": 1,
- "number": 0,
- "numberOfElements": 1
}
Default server.
Create Tenant Role Binding in your Symantec ZTNA tenant.
roleType | string (TenantRoleType) Enum: "TenantAdmin" "TenantViewer" Tenant role type (TenantAdmin/TenantViewer) that will assign to entity. |
entities | Array of objects (DirectoryEntity) |
successful operation.
roleBindings | Array of objects (RoleBinding) |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
{- "roleType": "TenantAdmin",
- "entities": [
- {
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}
]
}
{- "roleBindings": [
- {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "createdAt": "2024-04-11T14:59:31Z",
- "role": {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "Tenant Viewer",
- "RoleType": "TenantAdmin"
}, - "Collection": {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "string",
- "countResources": 0,
- "countLinkedSites": 0,
- "fqdn": "string"
}, - "entity": {
- "id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}, - "resource": {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "collectionID": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "fqdn": "r::site",
- "name": "SiteName",
- "originalResourceId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "subjectType": "Site"
}
}
]
}
Default server.
Create Collection Role Binding in your Symantec ZTNA tenant.
roleType | string (CollectionRoleType) Enum: "ApplicationOwner" "PolicyOwner" Collection role type (CollectionAdmin/CollectionViewer) that will assign to entity. |
collectionId | string <uuid> |
entities | Array of objects (DirectoryEntity) |
successful operation.
roleBindings | Array of objects (RoleBinding) |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
{- "roleType": "CollectionAdmin",
- "collectionId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "entities": [
- {
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}
]
}
{- "roleBindings": [
- {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "createdAt": "2024-04-11T14:59:31Z",
- "role": {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "Tenant Viewer",
- "RoleType": "TenantAdmin"
}, - "Collection": {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "string",
- "countResources": 0,
- "countLinkedSites": 0,
- "fqdn": "string"
}, - "entity": {
- "id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}, - "resource": {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "collectionID": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "fqdn": "r::site",
- "name": "SiteName",
- "originalResourceId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "subjectType": "Site"
}
}
]
}
Default server.
Create Site Role Binding in your Symantec ZTNA tenant.
roleType | string (SiteRoleType) Enum: "SiteEditor" "SiteConnectorDeployer" Site role type (SiteEditor/SiteConnectorDeployer) that will assign to entity. |
siteId | string <uuid> |
entities | Array of objects (DirectoryEntity) |
successful operation.
roleBindings | Array of objects (RoleBinding) |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
{- "roleType": "SiteEditor",
- "siteId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "entities": [
- {
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}
]
}
{- "roleBindings": [
- {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "createdAt": "2024-04-11T14:59:31Z",
- "role": {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "Tenant Viewer",
- "RoleType": "TenantAdmin"
}, - "Collection": {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "parentId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "string",
- "countResources": 0,
- "countLinkedSites": 0,
- "fqdn": "string"
}, - "entity": {
- "id": "2fd0a178-8b70-296a-9dd7-bf260b07683f",
- "identifierInProvider": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "identityProviderId": "local",
- "identityProviderType": "local",
- "type": "User",
- "displayName": "John Doe"
}, - "resource": {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "collectionID": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "fqdn": "r::site",
- "name": "SiteName",
- "originalResourceId": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "subjectType": "Site"
}
}
]
}
Default server.
Delete Collection Role Binding in your Symantec ZTNA tenant by role binding IDs. you can retrieve role bindings ids from List Role Bindings API.
roleBindingIds | Array of strings <uuid> |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Unauthorized - Authentication is required and has failed or has not yet been provided.
NotFound - The specified resource was not found.
{- "roleBindingIds": [
- "6fd0a892-8b70-471a-9dd7-bf374b07451f"
]
}
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Working agains one of the supported Identity Providers or with Symantec ZTNA internal Identity Provider.
Default server.
Return an array of JSON objects. Each object represents an Identity Provider configuration in your Symantec ZTNA tenant.
includeLocal | boolean Default: false Indication whether to include Symantec ZTNA internal Identity Provider in the response. |
successful operation.
name required | string >= 1 A descriptive name of the Identity Provider. |
provider required | string (IdentityProviderType) Identity provider name. okta |
settings | object (DirectoryProviderSettingsOkta) |
instructions | object (DirectoryProviderInstructionsOneLoginOrOkta) |
id | string <uuid> A unique identifier of this Identity Provider. Note: This field is required for any operation other than initial creation. |
is_authenticator | boolean Default: true Indication whether this identity provider is used for authentication. |
is_user_store | boolean Default: true Indication whether this identity provider is used for storing identities. |
authenticator_id | string <uuid> Nullable Symantec ZTNA internal identifier of the Identity Provider used for authentication. This property holds a value only in case the Identity Provider is used for storing identities only (is_authenticator=false). |
created_at | string <date-time> Identity Provider object creation date. |
updated_at | string <date-time> The date when the Identity Provider object was last updated. |
auth0_connection_id | string Symantec ZTNA internal identifier of the Identity Provider connection. |
upn_override_value_data_mapping | string |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/identities/settings/identity-providers?includeLocal=false' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
[- {
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "name": "Okta ACME",
- "provider": "local",
- "is_authenticator": true,
- "is_user_store": true,
- "authenticator_id": null,
- "created_at": "2024-04-11T14:59:31Z",
- "updated_at": "2024-04-11T14:59:31Z",
- "auth0_connection_id": "con_RWvVa2P2YCCDzZt1",
- "upn_override_value_data_mapping": null
}
]
A user that is managed by one of the supported Identity Providers or locally by Symantec ZTNA internal Identity Provider.
Default server.
Return an array of JSON objects. Each object represents a user in the given IDP.
Pagination support is defined per Identity Provider.
Filter applies for user name only.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
filter | string Example: filter=test The string by which the results are filtered (see description) |
pageOffset | string or number Example: pageOffset=1 Page number. Depending on the Identity Provider, this field can either be a number or a string. It can't be assumed and a valid value must be used from the response returned for the previous page. If not specified, first page is returned. |
sortBy | string Example: sortBy=email:desc The value of this parameter is a combination of sort key and sort direction: <field>:<direction>. Sort directions are either 'asc' for ascending or 'desc' for descending. The supported sort keys are ‘email’ for a user and name for a group. By default, query results are sorted in ascending order by ‘email’. |
perPage | number <int32> [ 1 .. 100 ] Default: 25 Example: perPage=10 The number of items returned in a single page. |
string Example: email=john e-mail by which the results are filtered. |
successful operation.
content | Array of objects (User) |
first | boolean Indicates whether the current page is the first one. |
last | boolean Indicates whether the current page is the last one. |
size | integer <int32> Maximum number of elements per page. |
totalElements | integer <int32> Number of elements included in the response. |
perPage | integer <int32> Number of elements in current page. |
nextPage | number Next page offset indicator. Its value should be passed in the |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/users?filter=test&pageOffset=1&sortBy=email:desc&perPage=10&email=john' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "content": [
- {
- "username": "john.doe@acme.luminatesec.com",
- "notification_email": "john.doe@gmail.com",
- "upn": "john.doe@acme.com",
- "first_name": "John",
- "last_name": "Doe",
- "email": "john.doe@acme.com",
- "created_at": "2024-04-11T14:59:31Z",
- "updated_at": "2024-04-11T14:59:31Z",
- "last_login": "2024-04-11T14:59:31Z",
- "logins_count": 1235,
- "repository_type": "local",
- "upn_forward_for_sso_enabled": false,
- "is_admin": false,
- "is_deleted": false,
- "blocked": false,
- "hasMfaSecret": false,
- "id": "978f38e3-ec9f-4779-829d-19f1f443dec8",
- "identity_provider_id": "local"
}
], - "first": true,
- "last": true,
- "size": 50,
- "totalElements": 1,
- "perPage": 1,
- "nextPage": 1
}
Default server.
Return user by ID from the specified identity provider. For the local users repository in your Symantec ZTNA tenant, set identity-provider-id to 'local'.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
entity-id required | string Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f Entity identifier as determined by the owning Identity Provider. |
successful operation.
username required | string The identity with which the user logs in.
Should be in the format |
notification_email required | string The email address to which notifications are sent. |
identity_provider_id required | string <uuid> (IdentityProviderId) Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one. |
upn | string User principal name. |
first_name | string Nullable First name. |
last_name | string Nullable Last name. |
string The email address to which outgoing mails are sent. This field is deprecated. Please use username & notification_email fields. | |
created_at | string <date-time> The date when the user was created. |
updated_at | string <date-time> The date when the user was last updated (modified). |
last_login | string <date-time> Date when the user last logged in. |
logins_count | integer <int32> The number of logins made by this user. |
repository_type | string (IdentityProviderType) Enum: "local" "ad" "okta" "adfs" "gapps" "onelogin" Identity provider name. |
upn_forward_for_sso_enabled | boolean Applies for local users only. Indication whether Kerberos SSO is enabled for this user. |
is_admin | boolean Default: false Indication whether the user holds an administrator role. |
is_deleted | boolean Default: false Indication whether the user was deleted from the system. |
blocked | boolean Default: false Indication whether the user is blocked from logging into your tenant. |
hasMfaSecret | boolean Default: false Indication whether the user has already registered to the configured multi-factor authenticator provider. |
id | string <uuid> A unique identifier of the user. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/users/4fd0a357-8b70-345a-9dd7-bf359b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "username": "john.doe@acme.luminatesec.com",
- "notification_email": "john.doe@gmail.com",
- "upn": "john.doe@acme.com",
- "first_name": "John",
- "last_name": "Doe",
- "email": "john.doe@acme.com",
- "created_at": "2024-04-11T14:59:31Z",
- "updated_at": "2024-04-11T14:59:31Z",
- "last_login": "2024-04-11T14:59:31Z",
- "logins_count": 1235,
- "repository_type": "local",
- "upn_forward_for_sso_enabled": false,
- "is_admin": false,
- "is_deleted": false,
- "blocked": false,
- "hasMfaSecret": false,
- "id": "978f38e3-ec9f-4779-829d-19f1f443dec8",
- "identity_provider_id": "local"
}
Default server.
Creates a new user in Symantec ZTNA Identity Provider in your Symantec ZTNA tenant. In the request body. repository_type should be set to local.
username required | string The identity with which the user logs in.
Should be in the format |
notification_email required | string The email address to which notifications are sent. |
identity_provider_id required | string <uuid> (IdentityProviderId) Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one. |
upn | string User principal name. |
first_name | string Nullable First name. |
last_name | string Nullable Last name. |
string The email address to which outgoing mails are sent. This field is deprecated. Please use username & notification_email fields. | |
repository_type | string (IdentityProviderType) Enum: "local" "ad" "okta" "adfs" "gapps" "onelogin" Identity provider name. |
upn_forward_for_sso_enabled | boolean Applies for local users only. Indication whether Kerberos SSO is enabled for this user. |
successful operation.
username required | string The identity with which the user logs in.
Should be in the format |
notification_email required | string The email address to which notifications are sent. |
identity_provider_id required | string <uuid> (IdentityProviderId) Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one. |
upn | string User principal name. |
first_name | string Nullable First name. |
last_name | string Nullable Last name. |
string The email address to which outgoing mails are sent. This field is deprecated. Please use username & notification_email fields. | |
created_at | string <date-time> The date when the user was created. |
updated_at | string <date-time> The date when the user was last updated (modified). |
last_login | string <date-time> Date when the user last logged in. |
logins_count | integer <int32> The number of logins made by this user. |
repository_type | string (IdentityProviderType) Enum: "local" "ad" "okta" "adfs" "gapps" "onelogin" Identity provider name. |
upn_forward_for_sso_enabled | boolean Applies for local users only. Indication whether Kerberos SSO is enabled for this user. |
is_admin | boolean Default: false Indication whether the user holds an administrator role. |
is_deleted | boolean Default: false Indication whether the user was deleted from the system. |
blocked | boolean Default: false Indication whether the user is blocked from logging into your tenant. |
hasMfaSecret | boolean Default: false Indication whether the user has already registered to the configured multi-factor authenticator provider. |
id | string <uuid> A unique identifier of the user. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
{- "username": "john.doe@acme.luminatesec.com",
- "notification_email": "john.doe@gmail.com",
- "upn": "john.doe@acme.com",
- "first_name": "John",
- "last_name": "Doe",
- "email": "john.doe@acme.com",
- "repository_type": "local",
- "upn_forward_for_sso_enabled": false,
- "identity_provider_id": "local"
}
{- "username": "john.doe@acme.luminatesec.com",
- "notification_email": "john.doe@gmail.com",
- "upn": "john.doe@acme.com",
- "first_name": "John",
- "last_name": "Doe",
- "email": "john.doe@acme.com",
- "created_at": "2024-04-11T14:59:31Z",
- "updated_at": "2024-04-11T14:59:31Z",
- "last_login": "2024-04-11T14:59:31Z",
- "logins_count": 1235,
- "repository_type": "local",
- "upn_forward_for_sso_enabled": false,
- "is_admin": false,
- "is_deleted": false,
- "blocked": false,
- "hasMfaSecret": false,
- "id": "978f38e3-ec9f-4779-829d-19f1f443dec8",
- "identity_provider_id": "local"
}
Default server.
Updates an existing user in Symantec ZTNA Identity Provider in your Symantec ZTNA tenant.
entity-id required | string Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f Entity identifier as determined by the owning Identity Provider. |
username required | string The identity with which the user logs in.
Should be in the format |
notification_email required | string The email address to which notifications are sent. |
identity_provider_id required | string <uuid> (IdentityProviderId) Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one. |
upn | string User principal name. |
first_name | string Nullable First name. |
last_name | string Nullable Last name. |
string The email address to which outgoing mails are sent. This field is deprecated. Please use username & notification_email fields. | |
repository_type | string (IdentityProviderType) Enum: "local" "ad" "okta" "adfs" "gapps" "onelogin" Identity provider name. |
upn_forward_for_sso_enabled | boolean Applies for local users only. Indication whether Kerberos SSO is enabled for this user. |
successful operation.
username required | string The identity with which the user logs in.
Should be in the format |
notification_email required | string The email address to which notifications are sent. |
identity_provider_id required | string <uuid> (IdentityProviderId) Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one. |
upn | string User principal name. |
first_name | string Nullable First name. |
last_name | string Nullable Last name. |
string The email address to which outgoing mails are sent. This field is deprecated. Please use username & notification_email fields. | |
created_at | string <date-time> The date when the user was created. |
updated_at | string <date-time> The date when the user was last updated (modified). |
last_login | string <date-time> Date when the user last logged in. |
logins_count | integer <int32> The number of logins made by this user. |
repository_type | string (IdentityProviderType) Enum: "local" "ad" "okta" "adfs" "gapps" "onelogin" Identity provider name. |
upn_forward_for_sso_enabled | boolean Applies for local users only. Indication whether Kerberos SSO is enabled for this user. |
is_admin | boolean Default: false Indication whether the user holds an administrator role. |
is_deleted | boolean Default: false Indication whether the user was deleted from the system. |
blocked | boolean Default: false Indication whether the user is blocked from logging into your tenant. |
hasMfaSecret | boolean Default: false Indication whether the user has already registered to the configured multi-factor authenticator provider. |
id | string <uuid> A unique identifier of the user. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Conflict - Value of one of the provided fields is already used by an existing object.
Internal Server Error.
{- "username": "john.doe@acme.luminatesec.com",
- "notification_email": "john.doe@gmail.com",
- "upn": "john.doe@acme.com",
- "first_name": "John",
- "last_name": "Doe",
- "email": "john.doe@acme.com",
- "repository_type": "local",
- "upn_forward_for_sso_enabled": false,
- "identity_provider_id": "local"
}
{- "username": "john.doe@acme.luminatesec.com",
- "notification_email": "john.doe@gmail.com",
- "upn": "john.doe@acme.com",
- "first_name": "John",
- "last_name": "Doe",
- "email": "john.doe@acme.com",
- "created_at": "2024-04-11T14:59:31Z",
- "updated_at": "2024-04-11T14:59:31Z",
- "last_login": "2024-04-11T14:59:31Z",
- "logins_count": 1235,
- "repository_type": "local",
- "upn_forward_for_sso_enabled": false,
- "is_admin": false,
- "is_deleted": false,
- "blocked": false,
- "hasMfaSecret": false,
- "id": "978f38e3-ec9f-4779-829d-19f1f443dec8",
- "identity_provider_id": "local"
}
Default server.
Deletes a user permanently from Symantec ZTNA Identity Provider in your Symantec ZTNA tenant.
entity-id required | string Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f Entity identifier as determined by the owning Identity Provider. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X DELETE 'https://api.acme.luminatesec.com/v2/identities/local/users/4fd0a357-8b70-345a-9dd7-bf359b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Lists of blocked users in your Symantec ZTNA tenant.
successful operation.
identity_provider_id required | string <uuid> (IdentityProviderId) Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one. |
user_id required | string (EntityId) Entity identifier as determined by the owning Identity Provider. |
created_at | string <date-time> The date when the user was blocked. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/identities/settings/blocked-users' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
[- {
- "identity_provider_id": "local",
- "user_id": "4fd0a357-8b70-345a-9dd7-bf359b07451f",
- "created_at": "2024-04-11T14:59:31Z"
}
]
Default server.
Blocks a user in your Symantec ZTNA tenant. Blocking a group of users is not supported. All active sessions of the given user will get disconnected and the user will no longer be able to login to your tenant.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
entity-id required | string Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f Entity identifier as determined by the owning Identity Provider. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X POST 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/users/4fd0a357-8b70-345a-9dd7-bf359b07451f/block' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Unblocks a user in your Symantec ZTNA tenant. Unblocking a group of users is not supported. Upon a successful operation, the user will be able to login to your tenant.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
entity-id required | string Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f Entity identifier as determined by the owning Identity Provider. |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X DELETE 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/users/4fd0a357-8b70-345a-9dd7-bf359b07451f/block' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
A group that is managed by one of the supported Identity Providers or locally by Symantec ZTNA internal Identity Provider.
Default server.
Return group by ID from the specified identity provider. For the local users repository in your Symantec ZTNA tenant, set identity-provider-id to 'local'.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
entity-id required | string Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f Entity identifier as determined by the owning Identity Provider. |
successful operation.
name required | string Group name |
id | string Group uuid |
repository_type | string (IdentityProviderType) Enum: "local" "ad" "okta" "adfs" "gapps" "onelogin" Identity provider name. |
identity_provider_id | string <uuid> (IdentityProviderId) Identity Provider identifier. This property might include non-ascii characters (i.e. LDAP). In such a case, the client needs to use URL Encoding. This uuid can be retrieved using List Identity Providers API.. This property equals 'local' when the Identity Provider is Symantec ZTNA internal one. |
created_at | string <date-time> |
updated_at | string <date-time> |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/groups/4fd0a357-8b70-345a-9dd7-bf359b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "id": "d8028639-a76a-4614-965a-7e3d4832d94b",
- "name": "Administrators",
- "repository_type": "local",
- "identity_provider_id": "local",
- "created_at": "2024-04-11T14:59:31Z",
- "updated_at": "2024-04-11T14:59:31Z"
}
Default server.
Return an array of JSON objects. Each object represents a group in the given IDP.
Pagination support is defined per Identity Provider.
Filter applies for group name only.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
filter | string Example: filter=test The string by which the results are filtered (see description) |
pageOffset | string or number Example: pageOffset=1 Page number. Depending on the Identity Provider, this field can either be a number or a string. It can't be assumed and a valid value must be used from the response returned for the previous page. If not specified, first page is returned. |
sortBy | string Example: sortBy=email:desc The value of this parameter is a combination of sort key and sort direction: <field>:<direction>. Sort directions are either 'asc' for ascending or 'desc' for descending. The supported sort keys are ‘email’ for a user and name for a group. By default, query results are sorted in ascending order by ‘email’. |
perPage | number <int32> [ 1 .. 100 ] Default: 25 Example: perPage=10 The number of items returned in a single page. |
successful operation.
content | Array of objects (Group) |
first | boolean Indicates whether the current page is the first one. |
last | boolean Indicates whether the current page is the last one. |
size | integer <int32> Maximum number of elements per page. |
totalElements | integer <int32> Number of elements included in the response. |
perPage | integer <int32> Number of elements in current page. |
nextPage | number Next page offset indicator. Its value should be passed in the |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/groups?filter=test&pageOffset=1&sortBy=email:desc&perPage=10' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "content": [
- {
- "id": "d8028639-a76a-4614-965a-7e3d4832d94b",
- "name": "Administrators",
- "repository_type": "local",
- "identity_provider_id": "local",
- "created_at": "2024-04-11T14:59:31Z",
- "updated_at": "2024-04-11T14:59:31Z"
}
], - "first": true,
- "last": true,
- "size": 50,
- "totalElements": 1,
- "perPage": 1,
- "nextPage": 1
}
Default server.
Returns a group's user list by ID from the specified identity provider For the local users repository in your Symantec ZTNA tenant, set identity-provider-id to 'local'.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
entity-id required | string Example: 4fd0a357-8b70-345a-9dd7-bf359b07451f Entity identifier as determined by the owning Identity Provider. |
pageOffset | string or number Example: pageOffset=1 Page number. Depending on the Identity Provider, this field can either be a number or a string. It can't be assumed and a valid value must be used from the response returned for the previous page. If not specified, first page is returned. |
perPage | number <int32> [ 1 .. 100 ] Default: 25 Example: perPage=10 The number of items returned in a single page. |
successful operation.
content | Array of objects (User) |
first | boolean Indicates whether the current page is the first one. |
last | boolean Indicates whether the current page is the last one. |
size | integer <int32> Maximum number of elements per page. |
totalElements | integer <int32> Number of elements included in the response. |
perPage | integer <int32> Number of elements in current page. |
nextPage | number Next page offset indicator. Its value should be passed in the |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/identities/{identity-provider-id}/groups/{entity-id}/users?pageOffset=1&perPage=10' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "content": [
- {
- "username": "john.doe@acme.luminatesec.com",
- "notification_email": "john.doe@gmail.com",
- "upn": "john.doe@acme.com",
- "first_name": "John",
- "last_name": "Doe",
- "email": "john.doe@acme.com",
- "created_at": "2024-04-11T14:59:31Z",
- "updated_at": "2024-04-11T14:59:31Z",
- "last_login": "2024-04-11T14:59:31Z",
- "logins_count": 1235,
- "repository_type": "local",
- "upn_forward_for_sso_enabled": false,
- "is_admin": false,
- "is_deleted": false,
- "blocked": false,
- "hasMfaSecret": false,
- "id": "978f38e3-ec9f-4779-829d-19f1f443dec8",
- "identity_provider_id": "local"
}
], - "first": true,
- "last": true,
- "size": 50,
- "totalElements": 1,
- "perPage": 1,
- "nextPage": 1
}
Default server.
Remove user from group.
group-id required | string Example: b7188113-b9c6-4dee-9a3c-3963236f19a8 Group ID |
user-id required | string Example: 64b2d04f-157f-48a3-a277-e1b4147c46c4 User ID |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X DELETE 'https://api.acme.luminatesec.com/v2/identities/local/groups/{group-id}/users/{user-id}' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Add user to group.
group-id required | string Example: b7188113-b9c6-4dee-9a3c-3963236f19a8 Group ID |
user-id required | string Example: 64b2d04f-157f-48a3-a277-e1b4147c46c4 User ID |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X PUT 'https://api.acme.luminatesec.com/v2/identities/local/groups/{group-id}/users/{user-id}' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Return an array of paginated JSON objects. Each object represents a ssh-client configured in your Symantec ZTNA tenant.
Using the query filter=test will return all the ssh-clients for which one or more of the above listed fields contain "test"
sort | string Enum: "name" "created_on" "last_accessed" "expires" "description" Name of field to sort |
size | number <int32> <= 100 Default: 50 Example: size=10 The number of items returned in a single page. |
page | number <int32> The page number. |
filter | string Example: filter=test The string by which the results are filtered (see description) |
successful operation.
content | Array of objects (SSH-Client) |
first | boolean Indicates whether the current page is the first one. |
last | boolean Indicates whether the current page is the last one. |
size | integer <int32> Maximum number of elements per page. |
totalElements | integer <int32> Number of elements included in the response. |
totalPages | integer <int32> Number of pages included in the response. |
number | integer <int32> Page number |
numberOfElements | integer <int32> Number of elements in current page. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/ssh-clients?sort=undefined&size=10&page=0&filter=test' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "content": [
- {
- "id": "ff5ef47d-3e9c-418b-abfc-a1f702fa0c59",
- "name": "mysshclient",
- "description": "This ssh client is used to access our production server",
- "key_size": 2048,
- "created_on": "2021-10-02T15:40:01.318Z",
- "modified_on": "2021-10-02T15:40:01.318Z",
- "last_accessed": "2021-10-02T15:40:01.318Z",
- "expires": "2022-04-02T15:40:01.318Z"
}
], - "first": true,
- "last": true,
- "size": 50,
- "totalElements": 1,
- "totalPages": 1,
- "number": 0,
- "numberOfElements": 1
}
When working with Generic SAML IDP, the users and groups are managed with the following APIs which comply with SCIM 2.0 protocol.
For the search the user/group, the following search API should be used:
List Users API.
List Groups API.
Default server.
Create a SCIM user.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
emails required | Array of objects (SCIMUserEmail) SCIM-user's emails list. |
userName required | string SCIM-user's username. |
name required | object (SCIMUserFullName) |
schemas | Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:User" the relevant schemas for the request |
externalId | string <uuid> SCIM user's external id |
displayName | string SCIM-user's display name. |
targetWorkstations | Array of strings SCIM-user's target workstations addresses. |
successful operation.
emails required | Array of objects (SCIMUserEmail) SCIM-user's emails list. |
userName required | string SCIM-user's username. |
name required | object (SCIMUserFullName) |
id | string <uuid> A unique identifier of this user. Note: This field is required for any operation other than initial creation. |
schemas | Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:User" the relevant schemas for the request |
externalId | string <uuid> SCIM user's external id |
displayName | string SCIM-user's display name. |
targetWorkstations | Array of strings SCIM-user's target workstations addresses. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Conflict - Value of one of the provided fields is already used by an existing object.
{- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:User"
], - "name": {
- "givenName": "string",
- "familyName": "string"
}, - "emails": [
- {
- "value": "string",
- "primary": true
}
], - "userName": "user3",
- "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
- "displayName": "string",
- "targetWorkstations": [
- "string"
]
}
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:User"
], - "name": {
- "givenName": "string",
- "familyName": "string"
}, - "emails": [
- {
- "value": "string",
- "primary": true
}
], - "userName": "user3",
- "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
- "displayName": "string",
- "targetWorkstations": [
- "string"
]
}
Default server.
Return an array of paginated JSON objects. Each object represents a SCIM user.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
successful operation.
content | Array of objects (SCIM-User) |
itemsPerPage | integer <int32> Number of elements in current page. |
schemas | Array of strings Items Value: "urn:ietf:params:scim:api:messages:2.0:ListResponse" SCIM list schema |
startIndex | integer <int32> The 1-based index of the first result in the current set of list results. |
totalResults | integer <int32> Number of elements included in the response. |
Unauthorized - Authentication is required and has failed or has not yet been provided.
curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/scim/users' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "content": [
- {
- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:User"
], - "name": {
- "givenName": "string",
- "familyName": "string"
}, - "emails": [
- {
- "value": "string",
- "primary": true
}
], - "userName": "user3",
- "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
- "displayName": "string",
- "targetWorkstations": [
- "string"
]
}
], - "itemsPerPage": 1,
- "schemas": [
- "urn:ietf:params:scim:api:messages:2.0:ListResponse"
], - "startIndex": 1,
- "totalResults": 1
}
Default server.
Return the details of a SCIM user.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
user-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The user ID. |
successful operation.
emails required | Array of objects (SCIMUserEmail) SCIM-user's emails list. |
userName required | string SCIM-user's username. |
name required | object (SCIMUserFullName) |
id | string <uuid> A unique identifier of this user. Note: This field is required for any operation other than initial creation. |
schemas | Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:User" the relevant schemas for the request |
externalId | string <uuid> SCIM user's external id |
displayName | string SCIM-user's display name. |
targetWorkstations | Array of strings SCIM-user's target workstations addresses. |
Unauthorized - Authentication is required and has failed or has not yet been provided.
Not Found - The specified resource was not found.
curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/scim/users/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:User"
], - "name": {
- "givenName": "string",
- "familyName": "string"
}, - "emails": [
- {
- "value": "string",
- "primary": true
}
], - "userName": "user3",
- "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
- "displayName": "string",
- "targetWorkstations": [
- "string"
]
}
Default server.
Delete a SCIM user.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
user-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The user ID. |
successful operation.
Unauthorized - Authentication is required and has failed or has not yet been provided.
curl -X DELETE 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/scim/users/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1551881524069,
- "status": 401,
- "reasonPhrase": "Unauthorized",
- "message": "You are not authorized to perform this operation.",
- "errors": [
- "Invalid session"
]
}
Default server.
Update an existing SCIM user.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
user-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The user ID. |
emails required | Array of objects (SCIMUserEmail) SCIM-user's emails list. |
userName required | string SCIM-user's username. |
name required | object (SCIMUserFullName) |
schemas | Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:User" the relevant schemas for the request |
externalId | string <uuid> SCIM user's external id |
displayName | string SCIM-user's display name. |
targetWorkstations | Array of strings SCIM-user's target workstations addresses. |
successful operation.
emails required | Array of objects (SCIMUserEmail) SCIM-user's emails list. |
userName required | string SCIM-user's username. |
name required | object (SCIMUserFullName) |
id | string <uuid> A unique identifier of this user. Note: This field is required for any operation other than initial creation. |
schemas | Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:User" the relevant schemas for the request |
externalId | string <uuid> SCIM user's external id |
displayName | string SCIM-user's display name. |
targetWorkstations | Array of strings SCIM-user's target workstations addresses. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Conflict - Value of one of the provided fields is already used by an existing object.
{- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:User"
], - "name": {
- "givenName": "string",
- "familyName": "string"
}, - "emails": [
- {
- "value": "string",
- "primary": true
}
], - "userName": "user3",
- "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
- "displayName": "string",
- "targetWorkstations": [
- "string"
]
}
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:User"
], - "name": {
- "givenName": "string",
- "familyName": "string"
}, - "emails": [
- {
- "value": "string",
- "primary": true
}
], - "userName": "user3",
- "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
- "displayName": "string",
- "targetWorkstations": [
- "string"
]
}
Default server.
Create a SCIM group.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
displayName required | string SCIM-group's name. |
schemas | Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:Group" the relevant schemas for the request |
externalId | string <uuid> SCIM group's external id. |
members | Array of objects (SCIMGroupMembers) all group members. |
successful operation.
displayName required | string SCIM-group's name. |
id | string <uuid> A unique identifier of this group. Note: This field is required for any operation other than initial creation. |
schemas | Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:Group" the relevant schemas for the request |
externalId | string <uuid> SCIM group's external id. |
members | Array of objects (SCIMGroupMembers) all group members. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Not Found - The specified resource was not found.
Conflict - Value of one of the provided fields is already used by an existing object.
{- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:Group"
], - "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
- "displayName": "string",
- "members": [
- {
- "value": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "User"
}
]
}
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:Group"
], - "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
- "displayName": "string",
- "members": [
- {
- "value": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "User"
}
]
}
Default server.
Return an array of paginated JSON objects. Each object represents a SCIM group.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
successful operation.
content | Array of objects (SCIM-Group) |
itemsPerPage | integer <int32> Number of elements in current page. |
schemas | Array of strings Items Value: "urn:ietf:params:scim:api:messages:2.0:ListResponse" SCIM list schema |
startIndex | integer <int32> The 1-based index of the first result in the current set of list results. |
totalResults | integer <int32> Number of elements included in the response. |
Unauthorized - Authentication is required and has failed or has not yet been provided.
curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/scim/groups' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "content": [
- {
- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:Group"
], - "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
- "displayName": "string",
- "members": [
- {
- "value": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "User"
}
]
}
], - "itemsPerPage": 1,
- "schemas": [
- "urn:ietf:params:scim:api:messages:2.0:ListResponse"
], - "startIndex": 1,
- "totalResults": 1
}
Default server.
Return the details of a SCIM group.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
group-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The group ID. |
successful operation.
displayName required | string SCIM-group's name. |
id | string <uuid> A unique identifier of this group. Note: This field is required for any operation other than initial creation. |
schemas | Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:Group" the relevant schemas for the request |
externalId | string <uuid> SCIM group's external id. |
members | Array of objects (SCIMGroupMembers) all group members. |
Unauthorized - Authentication is required and has failed or has not yet been provided.
Not Found - The specified resource was not found.
curl -X GET 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/scim/groups/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:Group"
], - "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
- "displayName": "string",
- "members": [
- {
- "value": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "User"
}
]
}
Default server.
Update an existing group.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
group-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The group ID. |
displayName required | string SCIM-group's name. |
schemas | Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:Group" the relevant schemas for the request |
externalId | string <uuid> SCIM group's external id. |
members | Array of objects (SCIMGroupMembers) all group members. |
successful operation.
displayName required | string SCIM-group's name. |
id | string <uuid> A unique identifier of this group. Note: This field is required for any operation other than initial creation. |
schemas | Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:Group" the relevant schemas for the request |
externalId | string <uuid> SCIM group's external id. |
members | Array of objects (SCIMGroupMembers) all group members. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Not Found - The specified resource was not found.
Conflict - Value of one of the provided fields is already used by an existing object.
{- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:Group"
], - "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
- "displayName": "string",
- "members": [
- {
- "value": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "User"
}
]
}
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:Group"
], - "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
- "displayName": "string",
- "members": [
- {
- "value": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "User"
}
]
}
Default server.
Delete a SCIM group.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
group-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The group ID. |
successful operation.
Unauthorized - Authentication is required and has failed or has not yet been provided.
curl -X DELETE 'https://api.acme.luminatesec.com/v2/identities/a5ea5f01-f73c-427f-b3b6-da66433e7694/scim/groups/6fd0a892-8b70-471a-9dd7-bf374b07451f' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1551881524069,
- "status": 401,
- "reasonPhrase": "Unauthorized",
- "message": "You are not authorized to perform this operation.",
- "errors": [
- "Invalid session"
]
}
Default server.
Modify a SCIM group that has one or more required SCIM 2.0 attributes. Supports only add/remove/replace operations.
identity-provider-id required | string Example: a5ea5f01-f73c-427f-b3b6-da66433e7694 The identity provider id. This unique identifier can be retrieved using
List Identity Providers API. |
group-id required | string <uuid> Example: 6fd0a892-8b70-471a-9dd7-bf374b07451f The group ID. |
Operations required | Array of objects (SCIMGroupOperation) |
schemas required | Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:PatchOp" the relevant schemas for the request |
successful operation.
displayName required | string SCIM-group's name. |
id | string <uuid> A unique identifier of this group. Note: This field is required for any operation other than initial creation. |
schemas | Array of strings Items Value: "urn:ietf:params:scim:schemas:core:2.0:Group" the relevant schemas for the request |
externalId | string <uuid> SCIM group's external id. |
members | Array of objects (SCIMGroupMembers) all group members. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Not Found - The specified resource was not found.
{- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:PatchOp"
], - "Operations": [
- {
- "op": "add",
- "path": "members",
- "value": [
- {
- "value": "99116c18-d842-4d2e-82b7-a493cc86e649",
- "type": "User"
}
]
}
]
}
{- "id": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:Group"
], - "externalId": "3c536623-4763-4f67-a45a-e88f3d08cdd5",
- "displayName": "string",
- "members": [
- {
- "value": "6fd0a892-8b70-471a-9dd7-bf374b07451f",
- "type": "User"
}
]
}
Integration with Cloud Providers like Amazon Web Services to provide a smoother and cloud-native integration with SIEM solutions and to allow access to resources based on their associated tags.
Default server.
Return an array of JSON objects. Each object represents a Cloud Integration configuration in your Symantec ZTNA tenant.
successful operation.
name required | string (CloudIntegrationName) A descriptive name of the Cloud Integration. |
provider required | string (CloudIntegrationProvider) Default: "amazon" Value: "amazon" Cloud Provider name. |
id | string A unique identifier of thœe Cloud Integration. |
created_at | string <date-time> |
updated_at | string <date-time> |
aws_external_id | string AWS External ID. |
aws_role_arn | string (CloudIntegrationArn) The AWS role ARN. |
regions | Array of strings (CloudIntegrationRegions) A list of regions that are applicable for the configured Cloud Integration. |
hostname_tag_name | string (CloudIntegrationHostnameTagName) Default: "Name" The tag that represents the hostname. |
health | object (CloudIntegrationHealth) |
luminate_aws_account_id | string The tag that represents the hostname. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/cloud-integrations/integrations' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
[- {
- "name": "AWS EU Integration",
- "provider": "amazon",
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "created_at": "2024-04-11T14:59:31Z",
- "updated_at": "2024-04-11T14:59:31Z",
- "aws_external_id": "aaabbbcccc",
- "aws_role_arn": "arn:xxx:yyy:zzz",
- "regions": [
- "string"
], - "hostname_tag_name": "Name",
- "health": {
- "status": "Ready",
- "message": "string",
- "error": {
- "message": "string",
- "region": "string",
- "provider_err_code": "string",
- "provider_description": "string"
}
}, - "luminate_aws_account_id": 12312312
}
]
Default server.
Create a new cloud integration configuration in your Symantec ZTNA tenant.
name required | string (CloudIntegrationName) A descriptive name of the Cloud Integration. |
provider required | string (CloudIntegrationProvider) Default: "amazon" Value: "amazon" Cloud Provider name. |
regions | Array of strings (CloudIntegrationRegions) A list of regions that are applicable for the configured Cloud Integration. |
hostname_tag_name | string (CloudIntegrationHostnameTagName) Default: "Name" The tag that represents the hostname. |
successful operation.
name required | string (CloudIntegrationName) A descriptive name of the Cloud Integration. |
provider required | string (CloudIntegrationProvider) Default: "amazon" Value: "amazon" Cloud Provider name. |
id | string A unique identifier of thœe Cloud Integration. |
created_at | string <date-time> |
updated_at | string <date-time> |
aws_external_id | string AWS External ID. |
aws_role_arn | string (CloudIntegrationArn) The AWS role ARN. |
regions | Array of strings (CloudIntegrationRegions) A list of regions that are applicable for the configured Cloud Integration. |
hostname_tag_name | string (CloudIntegrationHostnameTagName) Default: "Name" The tag that represents the hostname. |
health | object (CloudIntegrationHealth) |
luminate_aws_account_id | string The tag that represents the hostname. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Conflict - Value of one of the provided fields is already used by an existing object.
Internal Server Error.
{- "name": "AWS EU Integration",
- "provider": "amazon",
- "regions": [
- "string"
], - "hostname_tag_name": "Name"
}
{- "name": "AWS EU Integration",
- "provider": "amazon",
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "created_at": "2024-04-11T14:59:31Z",
- "updated_at": "2024-04-11T14:59:31Z",
- "aws_external_id": "aaabbbcccc",
- "aws_role_arn": "arn:xxx:yyy:zzz",
- "regions": [
- "string"
], - "hostname_tag_name": "Name",
- "health": {
- "status": "Ready",
- "message": "string",
- "error": {
- "message": "string",
- "region": "string",
- "provider_err_code": "string",
- "provider_description": "string"
}
}, - "luminate_aws_account_id": 12312312
}
Default server.
Return a Cloud Integration configuration from your Symantec ZTNA tenant.
cloud-integration-id required | string <uuid> Example: 18837193-a81a-400f-b38d-482379e3ab47 Cloud Integration ID |
successful operation.
name required | string (CloudIntegrationName) A descriptive name of the Cloud Integration. |
provider required | string (CloudIntegrationProvider) Default: "amazon" Value: "amazon" Cloud Provider name. |
id | string A unique identifier of thœe Cloud Integration. |
created_at | string <date-time> |
updated_at | string <date-time> |
aws_external_id | string AWS External ID. |
aws_role_arn | string (CloudIntegrationArn) The AWS role ARN. |
regions | Array of strings (CloudIntegrationRegions) A list of regions that are applicable for the configured Cloud Integration. |
hostname_tag_name | string (CloudIntegrationHostnameTagName) Default: "Name" The tag that represents the hostname. |
health | object (CloudIntegrationHealth) |
luminate_aws_account_id | string The tag that represents the hostname. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
curl -X GET 'https://api.acme.luminatesec.com/v2/cloud-integrations/integrations/18837193-a81a-400f-b38d-482379e3ab47' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "name": "AWS EU Integration",
- "provider": "amazon",
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "created_at": "2024-04-11T14:59:31Z",
- "updated_at": "2024-04-11T14:59:31Z",
- "aws_external_id": "aaabbbcccc",
- "aws_role_arn": "arn:xxx:yyy:zzz",
- "regions": [
- "string"
], - "hostname_tag_name": "Name",
- "health": {
- "status": "Ready",
- "message": "string",
- "error": {
- "message": "string",
- "region": "string",
- "provider_err_code": "string",
- "provider_description": "string"
}
}, - "luminate_aws_account_id": 12312312
}
Default server.
Update an existing Cloud Integration configuration in your Symantec ZTNA tenant.
cloud-integration-id required | string <uuid> Example: 18837193-a81a-400f-b38d-482379e3ab47 Cloud Integration ID |
name required | string (CloudIntegrationName) A descriptive name of the Cloud Integration. |
provider required | string (CloudIntegrationProvider) Default: "amazon" Value: "amazon" Cloud Provider name. |
aws_role_arn required | string (CloudIntegrationArn) The AWS role ARN. |
regions | Array of strings (CloudIntegrationRegions) A list of regions that are applicable for the configured Cloud Integration. |
hostname_tag_name | string (CloudIntegrationHostnameTagName) Default: "Name" The tag that represents the hostname. |
successful operation.
name required | string (CloudIntegrationName) A descriptive name of the Cloud Integration. |
provider required | string (CloudIntegrationProvider) Default: "amazon" Value: "amazon" Cloud Provider name. |
id | string A unique identifier of thœe Cloud Integration. |
created_at | string <date-time> |
updated_at | string <date-time> |
aws_external_id | string AWS External ID. |
aws_role_arn | string (CloudIntegrationArn) The AWS role ARN. |
regions | Array of strings (CloudIntegrationRegions) A list of regions that are applicable for the configured Cloud Integration. |
hostname_tag_name | string (CloudIntegrationHostnameTagName) Default: "Name" The tag that represents the hostname. |
health | object (CloudIntegrationHealth) |
luminate_aws_account_id | string The tag that represents the hostname. |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Conflict - Value of one of the provided fields is already used by an existing object.
Internal Server Error.
{- "name": "AWS EU Integration",
- "provider": "amazon",
- "aws_role_arn": "arn:xxx:yyy:zzz",
- "regions": [
- "string"
], - "hostname_tag_name": "Name"
}
{- "name": "AWS EU Integration",
- "provider": "amazon",
- "id": "1e1513c8-3801-4e58-bba3-e2466bd3fbb4",
- "created_at": "2024-04-11T14:59:31Z",
- "updated_at": "2024-04-11T14:59:31Z",
- "aws_external_id": "aaabbbcccc",
- "aws_role_arn": "arn:xxx:yyy:zzz",
- "regions": [
- "string"
], - "hostname_tag_name": "Name",
- "health": {
- "status": "Ready",
- "message": "string",
- "error": {
- "message": "string",
- "region": "string",
- "provider_err_code": "string",
- "provider_description": "string"
}
}, - "luminate_aws_account_id": 12312312
}
Default server.
Delete a Cloud Integration configuration from your Symantec ZTNA tenant.
cloud-integration-id required | string <uuid> Example: 18837193-a81a-400f-b38d-482379e3ab47 Cloud Integration ID |
successful operation.
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Internal Server Error.
curl -X DELETE 'https://api.acme.luminatesec.com/v2/cloud-integrations/integrations/18837193-a81a-400f-b38d-482379e3ab47' -H 'Content-Type: application/json' -H 'Authorization:Bearer b8246240-8e79-495c-9959-332af85d5014' -i
{- "request-identifier": "c1f30631-de5d-4d5a-bba1-03571bdaf306",
- "timestamp": 1548259503065,
- "status": 400,
- "reasonPhrase": "Bad Request",
- "message": "Invalid request parameters: Invalid ID format - failed to process request"
}
Default server.
Searches your tenant audit logs using the Elasticsearch query language. Timeframe between from_date to to_date is limited to 30 days. Results are always sorted by date in ascending order.
query required | object (SearchQuery) |
size | integer <int32> [ 0 .. 1000 ] Default: 1000 The maximum number of results to return. |
search_after | Array of strings or numbers (SearchAfter) Nullable Elasticsearch Search After Syntax. |
successful operation.
Hits | number <int32> (Hits) Total number of logs found that match the query. |
Logs | Array of objects (AuditLogResult) |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
{- "size": 500,
- "query": {
- "free_text": "John Doe",
- "from_date": 1553502809000,
- "to_date": 1553675609000,
- "match_or_fields": [
- {
- "field_name": "clientip",
- "field_values": [
- "213.12.11.10",
- "0.0.1.10"
]
}
]
}, - "search_after": [
- 1553589827407,
- "luminate-<log type>#6aebc61f-7e2f-46b3-805f-d206de8899c0"
]
}
{- "Hits": 1,
- "Logs": [
- {
- "Id": "6aebc61f-7e2f-46b3-805f-d206de8899c0",
- "Data": {
- "@timestamp": "2021-01-01T12:35:03.724Z",
- "additionalInfo": { },
- "eventStatus": "SUCCEEDED",
- "eventType": "LOGIN",
- "geoip": {
- "city_name": "Jerusalem",
- "country": "Israel",
- "country_code": "IL",
- "latitude": 31.5,
- "longitude": 34.75,
- "location": {
- "lon": 34.75,
- "lat": 31.5
}
}, - "id": "6aebc61f-7e2f-46b3-805f-d206de8899c0",
- "message": "{\\\"id\\\":\\\"6aebc61f-7e2f-46b3-805f-d206de8899c0\\\",\\\"date\\\":\\\"2019-02-13T12:35:03.724386395Z\\\",\\\"tenantId\\\":\\\"12f3e95861234567a123a7c582a0a51f_acme\\\",\\\"user\\\":\\\"user@acme.com\\\",\\\"sourceHost\\\":\\\"10.10.10.50\\\",\\\"targetService\\\":\\\"AUTH_SERVICE\\\",\\\"eventType\\\":\\\"LOGIN\\\",\\\"resourceType\\\":\\\"Authentication\\\",\\\"resourceName\\\":\\\"user@acme.com\\\",\\\"resourceId\\\":\\\"auth0|5ac324095d12345678931c97\\\",\\\"eventStatus\\\":\\\"SUCCEEDED\\\",\\\"sourceAgent\\\":\\\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\\\"}\n",
- "resourceId": "auth0|9daa694c-d8d0-47cb-8e94-e84694153d1d",
- "resourceName": "user@acme.com",
- "resourceType": "Authentication",
- "role": "",
- "sourceAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36",
- "sourceHost": "10.10.10.50",
- "tenant_id": "12f3e95861234567a123a7c582a0a51f_acme",
- "entity_id": "494b5b76-4418-4a89-858e-774463c95b78",
- "entity_idp_id": "local",
- "entity_type": "User",
- "entity_name": "first last",
- "client_ip": "192.192.250.250",
- "client_port": "8080",
- "previous_revision": "\"{\"name\" :\"username\"}\"",
- "current_revision": "\"{\"name\" :\"updated_username\"}\"",
- "user": "user@acme.com",
- "user_agent_full": {
- "browser": "Chrome",
- "browser_major_version": 83,
- "browser_type": "Browser",
- "device_type": "Desktop",
- "platform": "Linux",
- "platform_version": "Intel x86_64",
- "raw_user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36"
}
}, - "SearchAfterValues": [
- 1553589827407,
- "luminate-<log type>#6aebc61f-7e2f-46b3-805f-d206de8899c0"
]
}
]
}
Forensics logs audit any user's access to any application as well as user's activity for any application.
Default server.
Searches for the tenant's forensics logs using the Elasticsearch query language. Time search frame between [from_date to to_date] limited to 30 days. Results are always sorted by date in ascending order.
query required | object (SearchQuery) |
size | integer <int32> [ 0 .. 1000 ] Default: 1000 The maximum number of results to return. |
search_after | Array of strings or numbers (SearchAfter) Nullable Elasticsearch Search After Syntax. |
successful operation.
Hits | number <int32> (Hits) Total number of logs found that match the query. |
Logs | Array of objects (ForensicsLogResult) |
Bad Request - The server cannot or will not process the request due to an apparent client error.
Unauthorized - Authentication is required and has failed or has not yet been provided.
Forbidden - The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
NotFound - The specified resource was not found.
Internal Server Error.
{- "size": 500,
- "query": {
- "free_text": "John Doe",
- "from_date": 1553502809000,
- "to_date": 1553675609000,
- "match_or_fields": [
- {
- "field_name": "clientip",
- "field_values": [
- "213.12.11.10",
- "0.0.1.10"
]
}
]
}, - "search_after": [
- 1553589827407,
- "luminate-<log type>#6aebc61f-7e2f-46b3-805f-d206de8899c0"
]
}
{- "Hits": 1,
- "Logs": [
- {
- "Id": "6aebc61f-7e2f-46b3-805f-d206de8899c0",
- "Data": {
- "@timestamp": "2019-02-13T12:35:03.724Z",
- "action_result": "SUCCESS",
- "activity_type": "URI Access",
- "app_external_address": "app.acme.luminatesec.com",
- "app_id": "abcdefgh-5b31-41d7-b4a3-1d53faff6bad",
- "app_name": "app",
- "app_type": "HTTP",
- "authentication_method": "PUBLIC_KEY\n",
- "bytes_sent": 687,
- "client": "SSH-2.0-SSHJ_0.22.0",
- "client_ip": "10.10.10.50",
- "client_port": 51262,
- "client_type": "BROWSER",
- "compliance_state": "NOT_COMPLIANT",
- "description": "Accessing Web application app",
- "device_validation_action_type": "CLIENT_CERTIFICATE\n",
- "entity_id": "auth0|a1b2c3d4e5f6g7h8i9j0klmn",
- "entity_name": "user@acme.com",
- "entity_type": "User",
- "entity_idp_id": "local",
- "error_type": "",
- "event_type": "ACCESS\n",
- "geoip": {
- "city_name": "Jerusalem",
- "country": "Israel",
- "country_code": "IL",
- "latitude": 31.5,
- "longitude": 34.75,
- "location": {
- "lon": 34.75,
- "lat": 31.5
}
}, - "global_request_id": "abcdefgh-5b31-41d7-b4a3-1d53faff6bad",
- "hashed_session_id": "abcdefg1d883af497cf57a44d4950a32",
- "http_command": "GET",
- "http_version": "HTTP/1.1",
- "key_action_type": "CREATE\n",
- "key_event_target_user_name": "user@luminatesec.com\n",
- "log_id": "abcdefgh-5b31-41d7-b4a3-1d53faff6bad",
- "log_type": "WEB_ACCESS_LOG\n",
- "mfa_action_type": "GOOGLE\n",
- "policy_id": "abcdefgh-5b31-41d7-b4a3-1d53faff6bad",
- "policy_name": "my-policy",
- "policy_type": "ACCESS",
- "policy_is_static": "NO",
- "response_time": 0.029,
- "ssh_activity_command": "echo -n 'hello world'\n",
- "ssh_client_internal_user": "user",
- "ssh_internal_resource_identifier": "app-ssh.staging.eu-west-1.acmeops.com",
- "ssh_internal_resource_port": 22,
- "status_code": 200,
- "summary": "'user@acme.com' succeeded accessing HTTP application 'app'\n",
- "tcp_internal_resource_identifier": "127.0.0.1\n",
- "tcp_internal_resource_port": "22\n",
- "tenant_id": "12f3e95861234567a123a7c582a0a51f_acme",
- "time_to_first_byte": 0.001,
- "up_stream_response_time": 0.012,
- "uri": "/",
- "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36",
- "user_agent_full": {
- "browser": "Chrome",
- "browser_major_version": 83,
- "browser_type": "Browser",
- "device_type": "Desktop",
- "platform": "Linux",
- "platform_version": "Intel x86_64",
- "raw_user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36"
}, - "wss_agent_device_id": "29129c76-8940-11c7-beeb-5y347b5667c1f",
- "wss_agent_device_version": "8.1.0",
- "wss_agent_type": "wss-agent",
- "wss_device_name": "EXAMPLE-10",
- "wss_os_info": "architecture=x86_64 name=Windows 10 Pro version=10.0.19043"
}, - "SearchAfterValues": [
- 1553589827407,
- "luminate-<log type>#6aebc61f-7e2f-46b3-805f-d206de8899c0"
]
}
]
}