ICS-Specific Configurations Using REST APIs
Monitoring NTP Status
To monitor NTP status:
Request
GET https://{{IP}}/api/v1/system/status/ntp
Response
{ "content-type": "application/json", "content-length": "1129" }
"{ "ntp-server-status": { "<IP Address>": { "delay": "0.000", "jitter": "0.000", "offset": "0.000", "pool": "64", "reach": "0", "refid": ".INIT.", "remote NTP Server": "<IP Address>", "stratum": "16", "type": "u", "when": "-" }, "<IP Address>\": { "delay": "0.000", "jitter": "0.000", "offset": "0.000", "pool": "64", "reach": "0", "refid": ".INIT.", "remote NTP Server": "<IP Address>", "stratum": "16", "type": "u", "when": "-" }, "<IP Address>": { "delay": "0.000", "jitter": "0.000", "offset": "0.000", "pool": "64", "reach": "0", "refid": ".INIT.", "remote NTP Server": "<IP Address>", "stratum": "16", "type": "u", "when": "-" }, "<IP Address>": { "delay": "0.000", "jitter": "0.000", "offset": "0.000", "pool": "64", "reach": "0", "refid": ".INIT.", "remote NTP Server": "<IP Address>", "stratum": "16", "type": "u", "when": "-" } } }" } |
Toggling Syslog Fault Tolerance setting
To toggle syslog fault tolerance settings:
Request
GET /api/v1/configuration/system/log/syslog-settings/syslog-setting/node1
Response
{ "content-type": "application/json", "content-length": "197" }
"{ "node": "node1", "syslog-servers": { "syslog-server": [ { "communication-type": "tcp", "fault-tolerant": "false", "name": "<IP Address>" } ] } }" }
Request
PUT /api/v1/configuration/system/log/syslog-settings/syslog-setting
"{ "node": "node1", "syslog-servers": { "syslog-server": [ { "communication-type": "tcp", "fault-tolerant": "true", "name": "<IP Address>" } ] } }"
Response
{ "content-type": "application/json", "content-length": "124" }
"{ "result": { "info": [ { "message": "Operation succeeded without warning or error!" } ] } }" } |
Toggling the Telemetry Settings
To toggle the telemetry settings:
Request
GET /api/v1/configuration/system/configuration/telemetry
Response
{ "content-type": "application/json", "content-length": "62" }
"{ "crash-analytics": "false", "google-analytics": "true" }" }
Request
PUT /api/v1/configuration/system/configuration/telemetry
"{ "crash-analytics": "true", "google-analytics": "true" }"
Response
{ "content-type": "application/json", "content-length": "124" }
"{ "result": { "info": [ { "message": "Operation succeeded without warning or error!" } ] } }" } |
SAML Metadata Providers
To configure SAML Metadata Providers
Request Put /api/v1/configuration/system/configuration/saml-configuration/metadata-providers/metadata-provider Response { "accept-unsigned-metadata" : false, "cert-subjectCN" : "", "enable-signing-cert-validation" : false, "entity-ids" : {}, "filename" : "saml_metadata.xml", "local-location" : { "saml-entity-ids" : null } "name" : "SAML", "select-idp" : true, "select-sp" : false, "validity" : "0" "xml-text" : "PG1kOkVudGl0eURlc2NyaXB0b3IgeG1sbnM6bWQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDptZXRhZGF0YSIgY2FjaGVEdXJhdGlvbj0iUDMzM0RUMEgwTTBTIiBlbnRpdHlJRD0iaHR0cHM6Ly9zc28ucHVsc2VzZWN1cmVhY2Nlc3MubmV0L2RhbmEtbmEvYXV0aC9zYW1sLWVuZHBvaW50LmNnaT9wPXNwMSI+PG1kOlNQU1NPRGVzY3JpcHRvciBwcm90b2NvbFN1cHBvcnRFbnVtZXJhdGlvbj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48bWQ6U2luZ2xlTG9nb3V0U2VydmljZSBCaW5kaW5nPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YmluZGluZ3M6SFRUUC1SZWRpcmVjdCIgTG9jYXRpb249Imh0dHBzOi8vc3NvLnB1bHNlc2VjdXJlYWNjZXNzLm5ldC9kYW5hLW5hL2F1dGgvc2FtbC1sb2dvdXQuY2dpP1NwSWQ9c3AxIi8+PG1kOk5hbWVJREZvcm1hdD51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDp1bnNwZWNpZmllZDwvbWQ6TmFtZUlERm9ybWF0PjxtZDpOYW1lSURGb3JtYXQ+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6ZW1haWxBZGRyZXNzPC9tZDpOYW1lSURGb3JtYXQ+PG1kOk5hbWVJREZvcm1hdD51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDpYNTA5U3ViamVjdE5hbWU8L21kOk5hbWVJREZvcm1hdD48bWQ6TmFtZUlERm9ybWF0PnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OldpbmRvd3NEb21haW5RdWFsaWZpZWROYW1lPC9tZDpOYW1lSURGb3JtYXQ+PG1kOk5hbWVJREZvcm1hdD51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDprZXJiZXJvczwvbWQ6TmFtZUlERm9ybWF0PjxtZDpOYW1lSURGb3JtYXQ+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5PC9tZDpOYW1lSURGb3JtYXQ+PG1kOk5hbWVJREZvcm1hdD51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDp0cmFuc2llbnQ8L21kOk5hbWVJREZvcm1hdD48bWQ6QXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlIEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIExvY2F0aW9uPSJodHRwczovL3Nzby5wdWxzZXNlY3VyZWFjY2Vzcy5uZXQvZGFuYS1uYS9hdXRoL3NhbWwtY29uc3VtZXIuY2dpIiBpbmRleD0iMSIgaXNEZWZhdWx0PSIxIi8+PC9tZDpTUFNTT0Rlc2NyaXB0b3I+PC9tZDpFbnRpdHlEZXNjcmlwdG9yPg==" |
Automatic Version Monitoring
To automate version monitoring:
Request
PUT /api/v1/configuration/system/maintenance/options
"{"automatic-version-monitoring": \"false\"}"
Response
{ "content-type": "application/json", "content-length": "124" }
"{ "result": { "info": [ { "message": "Operation succeeded without warning or error!" } ] } }" } |
Enabling Read-Only Mode for the Administrator
To enable read-only mode for the adminstrator:
Request
GET /api/v1/configuration/system/configuration/telemetry
Response { content-type: application/json content-length: 61 }
"{ "crash-analytics": "true", "google-analytics": "true" }"
Request
PUT /api/v1/configuration/system/configuration/telemetry
Response
Status: 403 forbidden |
Mapping Serial Numbers to Interfaces
To map serial numbers to interfaces:
You must mandatorily add "serial-number" attribute in JSON code for POST operations of certificates.
Request GET /api/v1/configuration/system/configuration/certificates/device-certificates/device-certificate/{serial-number} Host: <IP Address> Authorization: Basic YWRtaW5kYjpkYW5hMTIz Content-Type: application/json Response HTTP/1.1 200 OK Content-Type: application/json { "device-certificate": [ { "href": "/api/v1/configuration/system/configuration/certificates/device-certificates/device-certificate/0A%3A90%3A0D%3AD0%3AE6%3AAF%3AC8%3A7E", "serial-number": "0A:90:0D:D0:E6:AF:C8:7E" } ] }
Request PUT /api/v1/configuration/system/configuration/certificates/device-certificates/device- certificate/24%3AEE%3AC8%3ABB%3A00%3A00%3A00%3A00%3A12%3A73 "{ "internal-ports": { "internal-port": ["<Internal Port>"] }, "serial-number": "24:EE:C8:BB:00:00:00:00:12:73" }"
Response { "content-type": "application/json", "content-length": "128" } "{ "result": { "warnings": [ { "message": "The configuration has been implicitly changed" } ] } }" } |
Device Intermediate Certificates
To add Intermediate Certificate:
Request curl --location 'https://<ics-ip>/api/v1/configuration/system/configuration/certificates/device-intermediate-certificates/device-intermediate-certificate/' \ --header 'Content-Type: application/json' \ --header 'Authorization: Basic K3I0UzFSOWk0dmxMZHYzU0tiWXVzSTNsL1Vxd1JlVGpGbGsxWWI3K243WT06' \ --data '{ "cert-pem": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUd6akNDQkxhZ0F3SUJBZ0lRZUZTZWdtSHpGWWxJVk9MYzJXSnBFREFOQmdrcWhraUc5dzBCQVFzRkFEQXAKTVNjd0pRWURWUVFERXg1VVJsTWdUR0ZpY3lCRFpYSjBhV1pwWTJGMFpTQkJkWFJvYjNKcGRIa3dIaGNOTWpJeApNREV3TVRjeE5qTTVXaGNOTXpJeE1ERXdNVGN5TmpNNFdqQXBNU2N3SlFZRFZRUURFeDVVUmxNZ1RHRmljeUJEClpYSjBhV1pwWTJGMFpTQkJkWFJvYjNKcGRIa3dnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDRHdBd2dnSUsKQW9JQ0FRRGpXcE1mRU9LT0JPN2Y3RjRnOFpTUHd3d3Y2amd4UTNZVkZGZXJVYktlUC8rYTJCZnBKL2szWmY3NQpSUGp2UlVLcHVtdjB4emdxY0J1LzdaV2VpZ2xPYTE0N1kybkNhT2pETXo5QVV2T3Z6VFBheWlLUmt0SHU1R0hICnM3OGEvVzA2ajZyUkwwa3luWWY1SUxBaHZnak8zQlhBbWJSRHYrZHZUQTE4NUQwWHZ0Z1dtYjl6T1VFVC8vUnUKbUx3YVhjY2lrOGwzZ0d4WW5EOTJxbVlsd0g4YTN1azdxUSt0OGpHQVBrQTdGS3lBVHI3eS92UXZ4RytzOGRIOAp0SS9RdEhhUzd1WW5aczI2UURQUEJocGFjL2owLzh5V2NIa2FVYll0VndFRG56MExhQmtIUHU5bkp5aURGZ1MyCnVHQTRvby95alE5SHZSbTVlTytkZmlXd2VjbExyL01hcUZ1RnQ4NGN5Y25jL2o5djd3NjVYOGE3bjF1SkgzejcKbDhvNlk5SXpDVEVwY2FmZkpkd2xZU0Z2VjJpbjNOdXpTNzk4QnROMjZEOWs0OWluN0RmNHc3d1VwM3JRb2lqRQp0VTZCdUZFa2I1aVpET3ZyTXJoYTNZeHhuK1NMbW9IMUpYYjZQR3Y4VVM1K0RtN1cybXRPTURaYjdOSXprZnI5CisyTnRTRmtLb2txRStVQWoyRzJaWHpSQnU5a2R3c0RwMkJpaG41WUJSRGNsUWVSRHVyc0t6ekkvdHpyTTU0cGsKNUNMQllyRzFTejVVamhlTUVnenZHVythNU1Zd3BkVjNGcFVYbDB6K2FVQzVJdmpXU0k4Rjg5TkdJQlovemhEagpoSEQvbVEwTHVOYm9pZmNJK2Jvd2UyNnZURzNITGIvOTh2WU9BeTVkWWkxcDdKUllpUUlEQVFBQm80SUI4RENDCkFld3dDd1lEVlIwUEJBUURBZ0dHTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRkdxTHBZSTMKNUVTNFJVOVdZZ1B6LzN3WDBKSG9NQkFHQ1NzR0FRUUJnamNWQVFRREFnRUFNSUlCbVFZRFZSMGdCSUlCa0RDQwpBWXd3QmdZRVZSMGdBRENDQVlBR0NDb0RCSXN2UTFrRk1JSUJjakNDQVR3R0NDc0dBUVVGQndJQ01JSUJMaDZDCkFTb0FWQUJvQUdVQUlBQlVBRVlBVXdBZ0FFd0FZUUJpQUhNQUlBQkRBR1VBY2dCMEFHa0FaZ0JwQUdNQVlRQjAKQUdrQWJ3QnVBQ0FBUVFCMUFIUUFhQUJ2QUhJQWFRQjBBSGtBSUFCcEFITUFJQUJoQUc0QUlBQnBBRzRBZEFCbApBSElBYmdCaEFHd0FJQUJ5QUdVQWN3QnZBSFVBY2dCakFHVUFMZ0FnQUVNQVpRQnlBSFFBYVFCbUFHa0FZd0JoCkFIUUFaUUJ6QUNBQWRBQm9BR0VBZEFBZ0FHRUFjZ0JsQUNBQWFRQnpBSE1BZFFCbEFHUUFJQUJpQUhrQUlBQjAKQUdnQWFRQnpBQ0FBUXdCbEFISUFkQUJwQUdZQWFRQmpBR0VBZEFCbEFDQUFRUUIxQUhRQWFBQnZBSElBYVFCMApBSGtBSUFCaEFISUFaUUFnQUdZQWJ3QnlBQ0FBYVFCdUFIUUFaUUJ5QUc0QVlRQnNBQ0FBZFFCekFHRUFad0JsCkFDQUFid0J1QUd3QWVRQXVNREFHQ0NzR0FRVUZCd0lCRmlSb2RIUndPaTh2Y0d0cExtTnZjbkF1ZEdaemJHRmkKY3k1amIyMHZZM0J6TG1oMGJXd3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnSUJBQm56NEVqUm5ua2hlQWtGYUNyUgpLL1NUd3AwSFl4V2U3aXh5VmlTRldZcllwUHU5Mnl6dy80WjFyT3phN0FGQUdyelV5TlF4TEtib1JpaG9BZEE3CkNndzNJcWN2YmlsdU0vOU5LNUhnbExnK041Y2x4VlFpeXFjTVRtMW5MRHU0Qi9PeXdmb3lOb0wySm8yZTg0NEoKSGY5enNhSDJBMU9wOEY4c1R3elR2R3NBVVNSaGpabDdNZEsxb3MzLzVzbXRXTmlRT2c5dEtVOEYxSEtuakZSaApPZ3Azdkljc1l3eXBsbDIrUEJYNG1IclFmelBCSFgzdmFxV1VRcTl0MHhzM0pCR3FrYXBIcEdlODdXa3hrSXFkCmpISnhFVXFRbmR1RFBZVkN0c05kQnVRU1R3ZG9ySjRBdFc4RHd2YzA4RDJnSFc1cCs0d1hNelkwc212M3BmbTUKMmhXbTJwblNjR2REMGZrRHJ0dC9EREpUS0hzd3cxWnhqUlhJdHI5b3I1QjhKVDhYMEFPbnJrSEhsRlRIeW5rUgo5STE2Rmdrc1E0bC9PZ25IdHp1eVU5MDM3c1BzS29hTmZlS3lGWWhOZzM2WDB0dERHQ1p4KytBY3F3MjBod2VKClZjd2dZbjNLa0RsVFBWR3p0ZU40N3BRNHl0U0liQjU1dmZWQmJBVWlEaUpjWXl5bFQ2S0pjdWdNdXFTRkY0S20KVFpwQ1Y1d3dSWGM1aVpCYnhqdFE1Ykc3b1JOSWRnYmY0cXJzNFJqVnh4QUNNTFlKMWF1V3dMamREaGZkQWowRQpWSVRyckNTc1hRVk93RWZsTjNKajI1SzdvR3g4NDNSSWp1OVplU0tuUy93TWJiOXRUTnE3bmVoZUMwdXZGYVh1ClNPdEQ5VWdUY1VhWld1SUI0eEEzdkxRMgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==", "serial-number": "78:54:9E:82:61:F3:15:89:48:54:E2:DC:D9:62:69:10" }' Response { "result": { "warnings": [ { "message": "The configuration has been implicitly changed" } ] } } |
To Delete the Intermediate Certificates
curl --location --request DELETE 'https://10.204.52.75/api/v1/configuration/system/configuration/certificates/device-intermediate-certificates/device-intermediate-certificate/78:54:9E:82:61:F3:15:89:48:54:E2:DC:D9:62:69:10' \ --header 'Authorization: Basic K3I0UzFSOWk0dmxMZHYzU0tiWXVzSTNsL1Vxd1JlVGpGbGsxWWI3K243WT06' |
Upgrading System Software
Ensure that there is a minimum diskspace of 2 GB available in /tmp directory. Rebooting the Gateway clears the /tmp directory incase if there is not enough space.
To upgrade system software:
Request curl --location 'https://x.x.x.x/api/v1/system/maintenance/upgrade' \ --header 'Authorization: Basic WUJyZ0wvTFBNNEdETUI3NnZLNGd6aTRzWmR5ejNVOUtieWZsVk5JZDZlST06' \ --form 'file=@"/Users/User1/Downloads/package-354.1.pkg"' Response { "result": { "info": [ { "message": "Successfully Triggered Upgrade of System Software to 22.x (build xxxx). System will now reboot." } ] } |
Upload Package
Request curl --location 'https://x.x.x.x/api/v1/system/maintenance/upgrade?operation=stage-package' \ --header 'Authorization: Basic WUJyZ0wvTFBNNEdETUI3NnZLNGd6aTRzWmR5ejNVOUtieWZsVk5JZDZlST06' \ --form 'file=@"/Users/User1/Downloads/package-354.1.pkg" Response { "result": { "info": [ { "message": "Successfully staged service package 22.x (build xxxx)" } ] } |
Staged Package Version
Request curl --location 'https://x.x.x.x/api/v1/system/maintenance/staged-package-info' \ --header 'Authorization: Basic WUJyZ0wvTFBNNEdETUI3NnZLNGd6aTRzWmR5ejNVOUtieWZsVk5JZDZlST06' Response { "staged-package-version": " 22.x (build xxx) } |
Delete Stage Package
Request curl --location --request POST 'https://x.x.x.x/api/v1/system/maintenance/upgrade?operation=delete-staged-package' \ --header 'Authorization: Basic WUJyZ0wvTFBNNEdETUI3NnZLNGd6aTRzWmR5ejNVOUtieWZsVk5JZDZlST06' Response { "result": { "info": [ { "message": "Successfully deleted staged service package 22.x (buid xxxx)" } ] } |
Upgrade from Stage Package
Request curl --location --request POST 'https://x.x.x.x/api/v1/system/maintenance/upgrade?operation=upgrade-from-staged-package' \ --header 'Authorization: Basic WUJyZ0wvTFBNNEdETUI3NnZLNGd6aTRzWmR5ejNVOUtieWZsVk5JZDZlST06' Response { "result": { "info": [ { "message": "Successfully Triggered Upgrade of System Software to 22.x (build xxxx)using staged service package. System will now reboot." } ] } } |
Downgrade
Downgrade using clean=true. This allows admin to stage or upgrade to a lower version package form the present one.
Usage of clean=true:
https://x.x.x.x/api/v1/system/maintenance/upgrade?clean=true
https://x.x.x.x/api/v1/system/maintenance/upgrade?operation=stage-package&clean=true
https://x.x.x.x/api/v1/system/maintenance/upgrade?operation=upgrade-from-staged-package&clean=true
Request curl --location 'https://x.x.x.x/api/v1/system/maintenance/upgrade?clean=true ' \ --header 'Authorization: Basic WUJyZ0wvTFBNNEdETUI3NnZLNGd6aTRzWmR5ejNVOUtieWZsVk5JZDZlST06' \ --form 'file=@"/Users/User1/Downloads/package-354.1.pkg"' Response { "result": { "info": [ { "message": "Successfully Triggered Upgrade of System Software to 22.x (build xxxx). System will now reboot." } ] } |
Restarting System Services
To Restart system services:
Request POST /api/v1/system/maintenance HTTP/1.1 Host: <IP Address> Authorization: Basic YWRtaW4xOmRhbmExMjM= Content-Type: application/json { "operation": "restart" } Response HTTP/1.1 200 OK Content-Type: application/json { "name" : "{ \"result\": { \"info\": [ { \"message\": \"Successfully triggered Restart of System Services\" } ] } }" } |
Rebooting System
To Reboot the system:
Ensure that there is a minimum diskspace of 2 GB available in /tmp directory. Rebooting the Gateway clears the /tmp directory incase if there is no enough space.
Request POST /api/v1/system/maintenance HTTP/1.1 Host: <IP Address> Authorization: Basic YWRtaW4xOmRhbmExMjM= Content-Type: application/json { "operation": "reboot" } Response HTTP/1.1 200 OK Content-Type: application/json { "name" : "{ \"result\": { \"info\": [ { \"message\": \"Successfully triggered reboot\" } ] } }" } |
Rebooting Cluster node
To Reboot cluster node:
Request POST /api/v1/system/maintenance HTTP/1.1 Host: <IP Address> Authorization: Basic YWRtaW4xOmRhbmExMjM= Content-Type: application/json { "operation": "reboot-node" } Response HTTP/1.1 200 OK Content-Type: application/json { "name" : "{ \"result\": { \"info\": [ { \"message\": \"Successfully triggered reboot of cluster node\" } ] } }" } |
Rebooting Entire Cluster
To Reboot entire cluster:
Request POST /api/v1/system/maintenance HTTP/1.1 Host: <IP Address> Authorization: Basic YWRtaW4xOmRhbmExMjM= Content-Type: application/json { "operation": "reboot-cluster" } Response HTTP/1.1 200 OK Content-Type: application/json { "name" : "{ \"result\": { \"info\": [ { \"message\": \"Successfully triggered reboot of entire cluster\" } ] } }" } |
Rolling Back System Software
To roll back system software:
Request POST /api/v1/system/maintenance HTTP/1.1 Host: <IP Address>9 Authorization: Basic YWRtaW4xOmRhbmExMjM= Content-Type: application/json { "operation": "rollback" } Response HTTP/1.1 200 OK Content-Type: application/json { "name" : "{ \"result\": { \"info\": [ { \"message\": \"Successfully triggered rollback\" } ] } }" } |
Enabling Console Password Protection
To enable console password protection:
Request POST /api/v1/system/maintenance/password-protection HTTP/1.1 Host: <IP Address> Authorization: Basic YWRtaW5kYjpkYW5hMTIz Content-Type: application/json { "operation": "enable" } Response HTTP/1.1 200 OK Content-Type: application/json { "name" : "{ \"result\": { \"info\": [ { \"message\": \" Successfully enabled console password protection\" } ] } }" } |
Disabling Console Password Protection
To disable console password protection:
Request POST /api/v1/system/maintenance/password-protection HTTP/1.1 Host: <IP Address> Authorization: Basic YWRtaW5kYjpkYW5hMTIz Content-Type: application/json { "operation": "disable" } Response HTTP/1.1 200 OK Content-Type: application/json { "name" : "{ \"result\": { \"info\": [ { \"message\": \" Successfully disabled console password protection\" } ] } }" } |
Creating a VLAN
To create a VLAN on a cluster node:
Request POST /api/v1/configuration/system/network/vlans/Node88/vlan/ HTTP/1.1 Host: <IP Address> Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json { "arp-cache": { "arp-entry": [] }, "name": "vlan-int-1", "routes": { "route": [] }, "settings": { "default-gateway": "<IP Address>", "default-vlan-interface": "false", "enable-ipv6": "enabled", "ip-address": "<IP Address>", "ipv6-address": "<IPv6 Address>", "ipv6-default-gateway": "<IPv6 Address>", "ipv6-prefix-length": "64", "is-enabled": "enabled", "netmask": "<IP Address>", "vlan-id": "2", "vlan-parent": "0" }, "virtual-ports": { "virtual-port": [] } } Response HTTP/1.1 201 CREATED Content-Length: 128 Content-Type: application/json { "result": { "warnings": [ { "message": "The configuration has been implicitly changed" } ] } } |
Deleting a VLAN
To delete a VLAN from cluster node:
Request DELETE /api/v1/configuration/system/network/vlans/Node88/vlan/vlan-int-1 HTTP/1.1 Host: <IP Address> Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json Response HTTP/1.1 204 NO CONTENT Content-Length: 0 Content-Type: application/json |
Creating a User Role
To create a user role:
Request POST /api/v1/configuration/users/user-roles/user-role/ HTTP/1.1 Host: <IP Address> Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json { "name": "rest-userrole-4", "web": { "web-bookmarks": { "bookmark": [ { "auto-allow": "disable", "description": "", "name": "web-bm-1", "new-window": "false", "no-address-bar": "false", "no-tool-bar": "false", "parent": "--none--", "standard": { "url": "http://www.msn.com" } } ] }, "web-options": { "browsing-untrusted-sslsites": "true", "flash-content": "false", "hpxproxy-connection-timeout": "1800", "http-connection-timeout": "240", "java-applets": "true", "mask-hostname": "false", "persistent-cookies": "false", "rewrite-file-urls": "false", "rewrite-links-pdf": "false", "unrewritten-page-newwindow": "false", "user-add-bookmarks": "false", "user-enter-url": "false", "users-bypass-warnings": "false", "warn-certificate-issues": "true", "websocket-connection-timeout": "900" } } } Response HTTP/1.1 201 CREATED Content-Length: 122 Content-Type: application/json { "result": { "info": [ { "message": "Operation succeed without warning or error!" } ] } } |
Fetching the User Login Statistics
To fetch the user login statistics:
Request GET /api/v1/system/user-stats HTTP/1.1 Host: <IP Address> Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json Response HTTP/1.1 200 OK Content-Length: 169 Content-Type: application/json { "user-stats": { "allocated-user-count": "25", "current-user-count": "0", "max-active-user-count-24hrs": "1", "min-active-user-count-24hrs": "0" } } |
Updating the User Role Settings
To update the user role settings:
Request PUT /api/v1/configuration/users/user-roles/user-role/rest-userrole-4 HTTP/1.1 Host: <IP Address> Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json { "name": "rest-userrole-4", "web": { "web-bookmarks": { "bookmark": [ { "auto-allow": "disable", "description": "", "name": "web-bm-1", "new-window": "false", "no-address-bar": "false", "no-tool-bar": "false", "parent": "--none--", "standard": { "url": "http://www.yahoo.com" } } ] }, "web-options": { "browsing-untrusted-sslsites": "true", "flash-content": "false", "hpxproxy-connection-timeout": "1800", "http-connection-timeout": "240", "java-applets": "true", "mask-hostname": "false", "persistent-cookies": "false", "rewrite-file-urls": "false", "rewrite-links-pdf": "false", "unrewritten-page-newwindow": "false", "user-add-bookmarks": "false", "user-enter-url": "false", "users-bypass-warnings": "false", "warn-certificate-issues": "true", "websocket-connection-timeout": "900" } } } } } } Response HTTP/1.1 200 OK Content-Length: 122 Content-Type: application/json { "result": { "info": [ { "message": "Operation succeed without warning or error!" } ] } } |
Deleting a User Role
To delete a user role:
Request DELETE /api/v1/configuration/users/user-roles/user-role/rest-userrole-4 HTTP/1.1 Host: <IP Address> Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json Response HTTP/1.1 204 NO CONTENT Content-Length: 0 Content-Type: application/json |
Creating a User Realm
To create a user realm:
Request POST /api/v1/configuration/users/user-realms/realm/ HTTP/1.1 Host: <IP Address> Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json { "accounting-server": "None", "authentication-group": "", "authentication-policy": { "browser": { "customized": "any-user-agent", "user-agent-patterns": { "user-agent-pattern": [] } }, "certificate": { "cert-key-value-pairs": { "cert-key-value-pair": [] }, "customized": "allow-all-users" }, "host-checker": { "enforce-all-policies": "false", "enforce-policy-list": null, "evaluate-all-policies": "false", "evaluate-logic": "all-policies-must-succeed", "evaluate-policy-list": null }, "limits": { "guaranteed-minimum": null, "limit-concurrent-users": "false", "max-sessions-per-user": "1", "maximum": null }, "password": { "primary-password-expiration-warning-days": "14", "primary-password-management": "true", "primary-password-minimum-length": "4", "primary-password-restricted": "allow-passwords-of-minimum-length", "secondary-password-expiration-warning-days": "14", "secondary-password-management": "false", "secondary-password-minimum-length": "4", "secondary-password-restricted": "allow-passwords-of-minimum-length" }, "source-ip": { "customized": "any-ip", "ips": { "ip": [] } } }, "authentication-server": "AD server", "description": "", "device-server": "None", "directory-server": "AD server", "dynamic-policy": { "dynamic-policy-evaluation": "false", "refresh-interval": "60", "refresh-policies": "false", "refresh-roles": "false" }, "editing-description": "false", "inbound-ifmap-attributes": "false", "migration-sharing-type": "enable-session-migration", "name": "rest-user-realm", "role-mapping-rules": { "rule": [ { "name": "rest-admin-rule", "roles": [ "test1" ], "stop-rules-processing": "false", "user-name": { "test": "is", "user-names": [ "user1" ] } } ], "user-selects-role": "false", "user-selects-roleset": "false" }, "secondary-authentication-settings": { "authentication-must-succeed": "true", "name": "-", "password-input": "user", "predefined-password": "", "predefined-user-name": "", "user-name-input": "user" }, "session-migration": "false" } Response HTTP/1.1 201 CREATED Content-Length: 122 Content-Type: application/json { "result": { "info": [ { "message": "Operation succeed without warning or error!" } ] } } |
Deleting a User Realm
To delete a user realm:
Request DELETE /api/v1/configuration/users/user-realms/realm/rest-user-realm HTTP/1.1 Host: <IP Address> Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json Response HTTP/1.1 204 NO CONTENT Content-Length: 0 Content-Type: application/json |
Creating a Resource Profile
To create a web resource profile:
Request POST /api/v1/configuration/users/resource-profiles/web-profiles/web-profile/ HTTP/1.1 Host: <IP Address> Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json { "custom": { "bookmarks": { "bookmark": [ { "apply": "all", "description": "", "name": "web-resourceprofile", "new-window": "false", "no-address-bar": "false", "no-tool-bar": "false", "roles": null, "url": "http://www.google.com" } ] }, "client-authentication": [], "java-acl": [], "rewriting-options": { "ptp": [], "selective-rewriting": "false", "use-jsam": [], "use-wsam": [] }, "sso-basic-ntlm-kerberos": [], "sso-header": [], "sso-post": [], "url": "http://www.google.com", "web-compression": [], "webacl": [ { "rules": { "rule": [ { "action": "allow", "name": "Allow http://www.google.com:80/*", "resource": "http://www.google.com:80/*" } ] } } ], "webcaching": [] }, "description": "", "name": "web-resourceprofile", "roles": [ "rest-userrole-3" ] } Response HTTP/1.1 201 CREATED Content-Length: 128 Content-Type: application/json { "result": { "warnings": [ { "message": "The configuration has been implicitly changed" } ] } } |
Deleting a Resource Profile
To delete a web resource profile:
Request DELETE /api/v1/configuration/users/resource-profiles/web-profiles/web-profile/web-resourceprofile HTTP/1.1 Host: <IP Address> Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json Response HTTP/1.1 204 NO CONTENT Content-Length: 0 Content-Type: application/json |
Creating a Resource Policy
To create a web resource policy:
Request POST /api/v1/configuration/users/resource-policies/web-policies/web-acls/web-acl/ HTTP/1.1 Host: <IP Address> Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json { "action": "allow", "apply": "selected", "description": "", "name": "web-acl-policy", "parent-type": "none", "resources": [ "<IP Address>:80,443/*" ], "roles": [ "rest-userrole-1" ], "rules": { "rule": [] } } Response HTTP/1.1 201 CREATED Content-Length: 122 Content-Type: application/json { "result": { "info": [ { "message": "Operation succeed without warning or error!" } ] } } |
Fetching a Resource Policy
To fetch a web resource policy:
Request GET /api/v1/configuration/users/resource-policies/web-policies/web-acls/web-acl/name=web-acl-policy,parent-type=none HTTP/1.1 Host: <IP Address> Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json Response HTTP/1.1 200 OK Content-Length: 245 Content-Type: application/json { "action": "allow", "apply": "selected", "description": "", "name": "web-acl-policy", "parent-type": "none", "resources": [ "<IP Address>:80,443/*" ], "roles": [ "rest-userrole-1" ], "rules": { "rule": [] } } |
Deleting a Resource Policy
To delete a web resource policy:
Request DELETE /api/v1/configuration/users/resource-policies/web-policies/web-acls/web-acl/name=web-acl-policy,parent-type=none HTTP/1.1 Host: <IP Address> Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json Response HTTP/1.1 204 NO CONTENT Content-Length: 0 Content-Type: application/json |
Creating an AD Authentication Server
Request POST /api/v1/configuration/authentication/auth-servers/auth-server HTTP/1.1 Host: <IP Address> Authorization: Basic QmJYZlZ6eER2Tzhodjh4NzhlU28vU1NNZ0tHelJJUHhsbC9pdjcrZlRxcz06 Content-Type: application/json { "ad": { "server-catalog": { "custom-variables": { "custom-variable": [] }, "expressions": { "custom-expression": [] }, "groups": { "ad-group": [] } }, "settings": { "additional-options": { "allow-trusted-domains": "false", "change-machine-password-after-every": "0", "enable-ntlm-protocol": "true", "enable-periodic-password-change-of-machine-account": "false", "kerberos": "true", "max-domain-connections": "5", "ntlm-protocol": "ntlmv2" }, "container-name": "Computers", "domain": "TEST", "kerberos-realm": "TEST.SAQACERTSERV.COM", "nodenames": [ { "computer-name": "0332MWK0NRP111", "machine-hardware-id": "0332MOGWK0NRP111S", "node": "localhost2" } ], "password-encrypted": "3u+UR6n8AgABAAAAyCaUPKhCg3J/y46bhB4wz6mnupQH0oTHOTfTexJxP2k=", "save-credentials": "true", "username": "Administrator" } }, "logical-name": "", "name": "AD-Server", "user-record-sync": "false" } Response HTTP/1.1 201 CREATED Content-Length: 128 Content-Type: application/json { "result": { "warnings": [ { "message": "The configuration has been implicitly changed" } ] } } |
Deleting an AD Authentication Server
Request DELETE /api/v1/configuration/authentication/auth-servers/auth-server/AD-Server HTTP/1.1 Host: <IP Address> Authorization: Basic QmJYZlZ6eER2Tzhodjh4NzhlU28vU1NNZ0tHelJJUHhsbC9pdjcrZlRxcz06 Content-Type: application/json Response HTTP/1.1 204 NO CONTENT Content-Length: 0 Content-Type: application/json |
Creating an LDAP Authentication Server
Request POST /api/v1/configuration/authentication/auth-servers/auth-server HTTP/1.1 Host: <IP Address> Authorization: Basic QmJYZlZ6eER2Tzhodjh4NzhlU28vU1NNZ0tHelJJUHhsbC9pdjcrZlRxcz06 Content-Type: application/json { "ldap": { "server-catalog": { "attributes": { "user-attribute": [ { "name": "cn" }, { "name": "department" }, { "name": "departmentNumber" }, { "name": "employeeNumber" }, { }, { "name": "o" }, { "name": "ou" }, { "name": "sAMAccountName" }, { "name": "uid" }, { "name": "homeDirectory" }, { "name": "homeDrive" }, { "name": "wWWHomePage" } ] }, "custom-variables": { "custom-variable": [] }, "expressions": { "custom-expression": [] }, "groups": { "user-group": [] } }, "settings": { "admin-dn": "CN=Administrator,CN=Users,DC=test,DC=saqacertserv,DC=com", "admin-password-encrypted": } "3u+UR6n8AgABAAAAQkYh+Te/ebXL7gSn+W6IEPOV2YFsaaikH2SVxkb8lTKzWhS1EPFlsNXBpuQP5sW XfeOYfjmhQSRZ5DP/z9UhQ/l16DDne9/u7Lw67HyE/8Q=", "attribute-to-update-at-server": "", "attribute-type": "type-integer", "attribute-value-to-update-at-server": "<LOGINTIMELDAP>", "authentication-required-to-search-ldap": "true", "backup-port-1": null, "backup-port-2": null, "backup-server-1": "", "backup-server-2": "", "connection-timeout": "15", "connection-type": "plain", "enable-attribute-update-at-server": "false", "group-base-dn": "", "group-filter": "", "ldap-server-type": "active-directory", "meetings": { "email-address": "mail", "full-name": "displayname", "name-attribute-mapping": "", "user-name": "samaccountname" }, "member-attribute": "", "nested-group-level": "0", "port": "389", "query-attribute": "", "reverse-group-search": "false", "search-timeout": "60", "server": "10.209.124.88", "server-catalog": "catalog", "test-user-dn": "", "user-base-dn": "DC=test,DC=saqacertserv,DC=com", "user-filter": "samaccountname=<USER>", "validate-referral-cert": "verifyserverconfigured", "validate-server-cert": "false" } }, "logical-name": "", "name": "LDAP-Server", "user-record-sync": "false" } Response HTTP/1.1 201 CREATED Content-Length: 128 Content-Type: application/json { "result": { "warnings": [ { "message": "The configuration has been implicitly changed" } ] } } |
Creating a Radius Server
Request POST /api/v1/configuration/authentication/auth-servers/auth-server HTTP/1.1 Host: <IP Address> Authorization: Basic QmJYZlZ6eER2Tzhodjh4NzhlU28vU1NNZ0tHelJJUHhsbC9pdjcrZlRxcz06 Content-Type: application/json { "logical-name": "", "name": "Radius-Server", "radius": { "server-catalog": { "attributes": { "user-attribute": [] }, "custom-variables": { "custom-variable": [] }, "expressions": { "custom-expression": [] } }, "settings": { "accounting-port": "1813", "authenticate-with-tokens-onetimepassword": "false", "authentication-port": "1812", "backup-accounting-port": "1813", "backup-authentication-port": "1812", "backup-server": "<IP Address>", "backup-shared-secret-encrypted": "3u+UR6n8AgABAAAA2Th1sUV9vXDS9gRdMt1yCB4Ol6tacMTwhWsTlIFd7Q4=", "custom-radius-rules": { "custom-radius-rule": [] }, "interim-update-interval": null, "load-balance-auth": "false", "nasid": "", "nasipaddr": "<IP Address>", "process-radius-disconnect": "false", "retries": "0", "server": "<IP Address>", "shared-secret-encrypted": "3u+UR6n8AgABAAAA2Th1sUV9vXDS9gRdMt1yCB4Ol6tacMTwhWsTlIFd7Q4=", "timeout": "30", "use-nc-assigned-ip": "false", "use-subsession-interim-update": "false", "user-name": "<USER>(<REALM>)[<ROLE SEP=\",\">]" } }, "user-record-sync": "false" } Response HTTP/1.1 201 CREATED Content-Length: 128 Content-Type: application/json { "result": { "warnings": [ { "message": "The configuration has been implicitly changed" } ] } |
Modifying Radius Server Details
Request PUT /api/v1/configuration/authentication/auth-servers/auth-server/Radius-Server HTTP/1.1 Host: <IP Address> Authorization: Basic QmJYZlZ6eER2Tzhodjh4NzhlU28vU1NNZ0tHelJJUHhsbC9pdjcrZlRxcz06 Content-Type: application/json { "name": "Radius-Server", "radius": { "settings": { "backup-accounting-port": "1814", "backup-authentication-port": "1816", "backup-server": "<IP Address>" } }
} Response HTTP/1.1 200 OK Content-Length: 128 Content-Type: application/json { "result": { "info": [ { "message": "Operation succeeded without warning or error!" } ] } } |
Creating Sign-In-Policy
Request POST /api/v1/configuration/authentication/signin/urls/access-urls/access-url/ HTTP/1.1 Host: <IP Address> Authorization: Basic MEthMXM0MmJraHpjYms0WFZCZ29Xb3k1Nk5NL3JqaDBwQ05iTmFhUlh5ST06 Content-Type: application/json { "description": "", "enabled": "true", "page": "Default Sign-In Page", "realm-select": "pick-list", "url-pattern": "test/url3/", "user": { "enable-new-ux-pages": "false", "meeting-url": "*/meeting/", "post-authentication-signin-notification-id": "None", "post-authentication-signin-notification-skip": "false", "pre-authentication-signin-notification-id": "None", "realms": [ "Users" ] } } Response HTTP/1.1 201 CREATED Content-Length: 128 Content-Type: application/json { "result": { "info": [ { "message": "Operation succeeded without warning or error!" } ] } } |
Deleting Sign-in-Policy
Request DELETE /api/v1/configuration/authentication/signin/urls/access-urls/access-url/test%5C%2Furl3%5C%2F HTTP/1.1 Host: <IP Address> Authorization: Basic MEthMXM0MmJraHpjYms0WFZCZ29Xb3k1Nk5NL3JqaDBwQ05iTmFhUlh5ST06 Cache-Control: no-cache Response HTTP/1.1 204 NO CONTENT Content-Length: 0 Content-Type: application/json |
Disabling Sign-in-URL
Request PUT /api/v1/configuration/authentication/signin/urls/access-urls/access-url/test%5C%2Furl1%5C%2F/enabled HTTP/1.1 Host: <IP Address> Authorization: Basic MEthMXM0MmJraHpjYms0WFZCZ29Xb3k1Nk5NL3JqaDBwQ05iTmFhUlh5ST06 Content-Type: application/json { "enabled": "false" } Response HTTP/1.1 200 OK Content-Length: 128 Content-Type: application/json { "result": { "info": [ { "message": "Operation succeeded without warning or error!" } ] } } |
Creating a Web Bookmark for a Role
To create a web bookmark for a role:
Request POST /api/v1/configuration/users/user-roles/user-role/rest-userrole-1/web/web-bookmarks/bookmark HTTP/1.1 Host: <IP Address> Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json Cache-Control: no-cache { "auto-allow": "disable", "description": "", "name": "webbm", "new-window": "false", "no-address-bar": "false", "no-tool-bar": "false", "parent": "--none--", "standard": { "url": "http://www.yahoo.com" } } Response HTTP/1.1 201 CREATED Content-Length: 122 Content-Type: application/json { "result": { "info": [ { "message": "Operation succeed without warning or error!" } ] } } |
Reordering
For re-ordering existing ordered elements in the configuration, a PUT API can be used with an 'order' suffix. This API can be used to reorder any ordered element in the configuration including role-mapping-rules, resource policies and ACLs.
Example: Reorder existing role-mapping-rules in a specific realm.
Request PUT /api/v1/configuration/users/user-realms/realm/testRealm/role-mapping-rules/rule/order HTTP/1.1 Host: <IP Address> Authorization: Basic Y1VPZE1XZ1ZubVEvVnIrcWwrd3lJY3F0Y05WTGhDVkx1M0wrdk5YR3hzVT06 Content-Type: application/json { "rule": [ { "href": "/api/v1/configuration/users/user-realms/realm/testRealm/role-mapping-rules/rule/rule3" }, { "href": "/api/v1/configuration/users/user-realms/realm/testRealm/role-mapping-rules/rule/rule1" } ] } Response HTTP/1.1 200 OK content-length: 122 content-type: application/json { "result": { "info": [ { "message": "Operation succeed without warning or error!" } ] } } |
Fetching the Resource with Multiple Identifiers
Example: Retrieve one of SNMP Trap server configured on ICS device
Request GET /api/v1/configuration/system/log/snmp/localhost2/trap-servers/trap-server/ip=1.1.1.1,port=162 HTTP/1.1 Host: <IP Address> Authorization: Basic T0o1dzVpK3g4U0dKV0d1TkJCdWlwVzREaUc0SjZvbkExMVljc0RtNU14bz06 Response HTTP/1.1 200 OK content-length: 65 content-type: application/json { "community": "public", "ip": "<IP Address>", "port": "162" } |
Updating Resource Identified Using Multiple Identifiers
Example: Updating the community string for specific SNMP trap server identified by IP and port
Request PUT /api/v1/configuration/system/log/snmp/localhost2/trap-servers/trap-server/ip=1.1.1.1,port=162/community HTTP/1.1 Host: <IP Address> Authorization: Basic T0o1dzVpK3g4U0dKV0d1TkJCdWlwVzREaUc0SjZvbkExMVljc0RtNU14bz06 Content-Type: application/json { "community": "pulsesecure" } Response HTTP/1.1 200 OK content-length: 122 content-type: application/json { "result": { "info": [ { "message": "Operation succeed without warning or error!" } ] } } |
Fetching Active Number of HTML5 Sessions
Request curl -k -u <api-key>: https://<ics-ip>/api/v1/stats Example: curl -k -u Tv6YQPETDVOxeO0LCkcOfWeQ5qeET2WStO8GbilIltA=: https://<IP Address>/api/v1/stats Response content-type: application/json { "active-advanced-html5-sessions": { "active-advanced-html5-sessions-rdp": 0, "active-advanced-html5-sessions-ssh": 0, "active-advanced-html5-sessions-telnet": 0, "active-advanced-html5-sessions-total": -2, "active-advanced-html5-sessions-vnc": 0 }, "active-basic-html5-sessions": { "active-basic-html5-sessions-rdp": 0, "active-basic-html5-sessions-ssh": 0, "active-basic-html5-sessions-telnet": 0, "active-basic-html5-sessions-total": 0 }, "cpu-load": { "average-cpu-load": "0.33", "dsagentd-load": "0.00", "is-cpu-overloaded": "false", "is-dsagentd-overloaded": "false" } } |
Fetching Active Number of Basic HTML5 Sessions
Request curl -k -u <api-key>: https://<ics-ip>/api/v1/stats/active-basic-html5-sessions Example: curl -k -u Tv6YQPETDVOxeO0LCkcOfWeQ5qeET2WStO8GbilIltA=: https://<IP Address>/api/v1/stats/ active-basic-html5-sessions Response content-type: application/json { "active-basic-html5-sessions-rdp": 0, "active-basic-html5-sessions-ssh": 0, "active-basic-html5-sessions-telnet": 0, "active-basic-html5-sessions-total": 0 } |
Fetching Active Number of Advanced HTML5 Sessions
Request curl -k -u <api-key>: https://<ics-ip>/api/v1/stats/active-advanced-html5-sessions Example: curl -k -u Tv6YQPETDVOxeO0LCkcOfWeQ5qeET2WStO8GbilIltA=: https://<IP Address>/api/v1/stats/ active-advanced-html5-sessions Response content-type: application/json { "active-advanced-html5-sessions-rdp": 0, "active-advanced-html5-sessions-ssh": 0, "active-advanced-html5-sessions-telnet": 0, "active-advanced-html5-sessions-total": -2, "active-advanced-html5-sessions-vnc": 0 } |
Updating Password in Clear Text
Example: Updating password of System Local User.
Request PUT /api/v1/configuration/authentication/auth-servers/auth-server/System%20Local/local/users/user/user0001/password-cleartext HTTP/1.1 Host: <IP Address> Authorization: Basic T0o1dzVpK3g4U0dKV0d1TkJCdWlwVzREaUc0SjZvbkExMVljc0RtNU14bz06 Content-Type: application/json { "password-cleartext": "Psecure" } Response HTTP/1.1 200 OK content-length: 128 content-type: application/json { "result": { "warnings": [ { "message": "The configuration has been implicitly changed" } ] } } |
Applying Authcode and Downloading Licenses from PCLS on VA-SPE|PSA-V
This REST API can be used to download the license key from PCLS and install on the Virtual Appliance.
Request PUT /api/v1/license/auth-code HTTP/1.1 Host: <IP Address> Authorization: Basic TnBDUk1veFFFQTJKZjM0S2ZxV2JKUlhRaDJaWGFrYnkvWVpTR3hhNTdmbz0= Content-Length: 35 Content-Type: application/json { "auth-code":"<auth-code-to-apply>" } Response HTTP/1.1 200 OK Content-Type: application/json Content-Length: 191 { "result": { "info": [ {"message": "Installed new license key \"landmark utility prestige trip mayor diesel faucet summer prestige income heritage\""} ] } } |
Applying License
Request PUT /api/v1/license/license-key?action=install HTTP/1.1 Host: <IP Address> Authorization: Basic TnBDUk1veFFFQTJKZjM0S2ZxV2JKUlhRaDJaWGFrYnkvWVpTR3hhNTdmbz0= Content-Type: application/json { "keys":[ "key1", "key2", …. ] } Example: { "keys":[ "operation tree crayon holiday kingdom lasso doorway square dish modem gecko", "buffalo safety inch topaz banquet nitrogen garnish step recital wedge trace" ] } Response HTTP/1.1 200 OK Content-Type: application/json { "result": { "info": [ { "message": "Installed licenses" } ] } } |
Deleting License
Request PUT /api/v1/license/license-key?action=delete HTTP/1.1 Host: <IP Address> Authorization: Basic TnBDUk1veFFFQTJKZjM0S2ZxV2JKUlhRaDJaWGFrYnkvWVpTR3hhNTdmbz0= Content-Type: application/json { "keys":[ "key1", "key2", …. ] } Example: { "keys":[ "operation tree crayon holiday kingdom lasso doorway square dish modem gecko", "buffalo safety inch topaz banquet nitrogen garnish step recital wedge trace" ] } Response HTTP/1.1 200 OK Content-Type: application/json { "result": { "info": [ { "message": "Deleted <number> licenses" } ] } } |
Getting License Clients
Request GET /api/v1/license/license-clients HTTP/1.1 Host: <IP Address> Authorization: Basic TnBDUk1veFFFQTJKZjM0S2ZxV2JKUlhRaDJaWGFrYnkvWVpTR3hhNTdmbz0= Content-Type: application/json Response HTTP/1.1 200 OK Content-Type: application/json { "license_clients": [ { "feature_capacities": [ { "feature_name": "add_user_count", "leased_value": 25 }, { "feature_name": "onboard", "leased_value": 0 }, { "feature_name": "embeddedrdpapplet", "leased_value": 0 }, { "feature_name": "vm_cores_leasable", "leased_value": 4 }, { "feature_name": "add_meeting_user_count", "leased_value": 0 }, { "feature_name": "cloudsecure_count", "leased_value": 0 }, { "feature_name": "named_user_count", "leased_value": 0 }, { "feature_name": "ueba", "leased_value": 0 } ], "last_renewal": "Wed, 04 Dec 2019 06:32:26 GMT", "machine_id": "VASPH3944M9D8551S", "name": "va_spe_3_3_125_4" }, { "feature_capacities": [ { "feature_name": "add_user_count", "leased_value": 25 }, { "feature_name": "onboard", "leased_value": 0 }, { "feature_name": "embeddedrdpapplet", "leased_value": 0 }, { "feature_name": "vm_cores_leasable", "leased_value": 4 }, { "feature_name": "add_meeting_user_count", "leased_value": 0 }, { "feature_name": "cloudsecure_count", "leased_value": 0 }, { "feature_name": "named_user_count", "leased_value": 0 }, { "feature_name": "ueba", "leased_value": 0 } ], "last_renewal": "Thu, 05 Dec 2019 13:45:31 GMT", "machine_id": "VASPHXVK2E117PM8S", "name": "va_spe_3_3_125_8" }, ] } |
Getting License Report from License Server
Request GET /api/v1/license/report HTTP/1.1 Host: <IP Address> Authorization: Basic TnBDUk1veFFFQTJKZjM0S2ZxV2JKUlhRaDJaWGFrYnkvWVpTR3hhNTdmbz0= Content-Type: application/json Response HTTP/1.1 200 OK Content-Type: application/json License Usage Report { "LicenseUsageReport": { "MachineID": "VASPMMXXXXXXXX", "build-number": "4762", "cumulative-report": {…}, "granular-report": {…}, "cluster-granular-report": {…}, "time-stamp": "Mon Jan 13 20:04:40 2020", "version": "9.1" } }
Cumulative Report https://<license-server>/api/v1/license/report/cumulative-report { "cumulative-report": { "add-meeting-user-count": { "Year":[ { "Month": [ { "Date": [ { "Leased": "0", "Maximum": "30", "id": "06" } {…}, {…}, {…}, {…} ] "Leased": "0", "Maximum": "30", "id": "Jan", } {…} ] "id": "2020" } {…} ] } } Granular Report https://<license-server>/api/v1/license/report/granular-report { "license-client": [ { "add-user-count": { "Year": [ { "Month": [ { "Date": [ {…}, {…}, {…}, {…} ] "Leased": "0", "Maximum": "0", "id": "Jan" } ], "id": "2020" } ] }, "name": "ISA_V_10_209_125_101", "software-version": "7.4" }, {…} }
Cluster Granular Report https://<license-server>/api/v1/license/report/cluster-granular-report { "add-user-count": { "Year": [ { "Month": [ { "Date": [ { "Leased": "40", "Maximum": "21", "client-node": "node63lc,node66lc", "id": "24" }, { "Leased": "40", "Maximum": "1", "client-node": "node63lc,node66lc", "id": "25" }, { "Leased": "40", "Maximum": "1", "client-node": "node63lc,node66lc", "id": "26" } ], "Leased": "40", "Maximum": "21", "id": "Feb" } ], "id": "2020" } ] }, "cluster-name": "liccluster" }
The following extensions of the API are supported: 1. /api/v1/license/report – entire license report in JSON 2. /api/v1/license/report/cumulative-report – The cumulative report. • Following trace-down options available here i. /api/v1/license/report/cumulative-report/<license-feature-type> ii. /api/v1/license/report/cumulative-report/<license-feature-type>/<year> iii. /api/v1/license/report/cumulative-report/<license-feature-type>/<year>/<month> iv. /api/v1/license/report/cumulative-report/<license-feature-type>/<year>/<month>/<day> 3. /api/v1/license/report/granular-report – License usage report per license client. • Following trace-down options available here /api/v1/license/report/granular-report/<license-client> ii. /api/v1/license/report/granular-report/<license-client>/<add-user-count> iii. /api/v1/license/report/granular-report/<license-client>/<add-user-count>/<year> iv. /api/v1/license/report/granular-report/<license-client>/<add-user-count>/<year>/<month> v. /api/v1/license/report/granular-report/<license-client>/<add-user-count>/<year>/<month>/<day> Example: API - /api/v1/license/report/granular-report/node63lc/add-user-count/2020/Mar/20 { "Leased": 40, "Maximum": 14, "id": "20" } 4. /api/v1/license/report/cluster-granular-report – License usage report per license client cluster. • Following trace-down options available here i. /api/v1/license/report/cluster-granular-report/<license-client> ii. /api/v1/license/report/cluster-granular-report/<license-client>/<add-user-count> iii. /api/v1/license/report/cluster-granular-report/<license-client>/<add-user-count>/<year> iv. /api/v1/license/report/cluster-granular-report/<license-client>/<add-user-count>/<year>/<month> v. /api/v1/license/report/cluster-granular-report/<license-client>/<add-user-count>/<year>/<month>/<day> • Example: API - /api/v1/license/report/cluster-granular-report/liccluster/add-user-count/2020/Mar/22 { "Leased": 40, "Maximum": 16, "cluster-member": [ "node63lc", "node66lc" ], "id": "22" } |
Enabling/Disabling ICE License
Enabling ICE License Content of ice_enable.json file: more ice_enable.json { "mode": "enabled" } Request curl -k -u <api-key>: https://<ics-ip>/api/v1/license/ice -X PUT -H "Content-Type: application/json" -d @ice_enable.json Example: curl -k -u TVGJ9xV9XvuA1JDB1nPkjC5BilAQAhUMn2dPHLZgP/o=: https://10.209.125.4/api/v1/license/ice -X PUT -H "Content-Type: application/json" -d @ice_enable.json Response HTTP/1.1 200 OK Content-Type: application/json { "result": { "info": [ { "message": "ICE license is enabled" } ] } } Disabling ICE License Content of ice_disable.json file: more ice_disable.json { "mode" : "disabled" } Request curl -k -u TVGJ9xV9XvuA1JDB1nPkjC5BilAQAhUMn2dPHLZgP/o=: https://<IP Address>/api/v1/license/ice -X PUT -H "Content-Type: application/json" -d @ice_disable.json Response HTTP/1.1 200 OK Content-Type: application/json { "result": { "info": [ { "message": "ICE license is disabled" } ] } } |
Getting the Current Status of ICE License
Request curl -k -u <api-key>: https://<ics-ip>/api/v1/license/ice Example: curl -k -u TVGJ9xV9XvuA1JDB1nPkjC5BilAQAhUMn2dPHLZgP/o=: https://<IP Address>/api/v1/license/ice Response ICE License Enabled HTTP/1.1 200 OK Content-Type: application/json { "mode": "enabled" } ICE License Disabled HTTP/1.1 200 OK Content-Type: application/json { "mode": "disabled" } |
Exporting TOTP Users from One Device to Another Device
Request curl -k -u <api-key>: https://ics-ip>/api/v1/totp/<TOTP-AUTH-SERVER-NAME>/users NOTE: This API can be executed only on TOTP server configured as Local (and not Remote). Example: curl -k -u X1O3oczUMJbhI8ba3Ov0McD54QCwBgwpSHwOGUVu5Ck=: https://<IP Address>/api/v1/totp/Google%20TOTP%20Auth%20Server/users Response HTTP/1.1 200 OK Content-Length: 191 Content-Type: application/json { "users": "21ubWxSvAwABAAAAlx9igwcQok9s+MV0zg/b+oer3z7Kj0iXbVzJ+qDMiguTtWZaxnGHGTGQEcHD7BTMGjz1QYbO00zBF+6DGp2y/9pj+8Wf4SXTQbYIeDomT4w2Kl4oc1EZhFruWLWnll+58x2b0kxsURCb+P0It8K+msqFXBhOEDY7l0W4+P+A8UZaz6In/gMq8Qd766i7RN1oZ+hzHUMYJUB72tzIQ+CiA8tTv6aweC6TGy9/a9C6vVbLY0+ZUgGTffWzJxcoZbEbdwiCFoZyex5UWTUFIj0Z4XAPoZ4HTWZsxP5YwXcJpsnbOzCqW/dTB6WpYWYp6R+MUn2yu/hZeu7z1qVhXlr8bK5LifH/u6J76SpErL1eELh1bYF17DWPfo6xspG7rffhs2k9vPVB1oq2kud+42hPo6vZaMfcwaz9lKRrftIgAu2o3JBJfdNHrUTOu2+Y6Qmc0in6MfIBNNrVr9D6hdWmIdrNr7PXHa4uJoP+CAuOp3OamTox2sgmvE7YNjC0SlSPgyFfx0kfzCb2K3Mrcq1UuJUJLhK7L3lne4f1QiWKoZ8q8zluaV+eRSJHBez9Pjo+LzBpYwoXStduOC20FVY4+KCHDasufdAOCD/Lga4mFFE5ItAui18ObOfRtxLvoZUIuGS8w019mbRaNDlVa52sUzuZBClqx+4lueBCQYEUNrDrHVG0AzqUBbAeL+WV8VRJrxVW8sIlArqY8n29pD66BozsGKoxBqXSe/fZxEDu9ZqI4xfzSCCsfqTiv0LAM4p+cZekhcjvRwtuImNjX+qj7A==" } |
Importing TOTP Users from One Device to Another Device
Request curl -k -u <api-key>: https://<ics-ip>/api/v1/totp/<TOTP-AUTH-SERVER-NAME>/users -H "Content-Type: application/json" -d @totp_users.json -X POST NOTE: This API can be executed only on TOTP server configured as Local (and not Remote). Example: curl -k -u K7Z7xA54AKnv1++kcViamCCiUrEBgMSP+sHKar4EcKY=: https://<IP Address>/api/v1/totp/TOTP_SERVER/users -H "Content-Type: application/json" -d @totp_users.json -X POST { "users": "21ubWxSvAwABAAAAlx9igwcQok9s+MV0zg/b+oer3z7Kj0iXbVzJ+qDMiguTtWZaxnGHGTGQEcHD7BTMGjz1QYbO00zBF+6DGp2y/9pj+8Wf4SXTQbYIeDomT4w2Kl4oc1EZhFruWLWnll+58x2b0kxsURCb+P0It8K+msqFXBhOEDY7l0W4+P+A8UZaz6In/gMq8Qd766i7RN1oZ+hzHUMYJUB72tzIQ+CiA8tTv6aweC6TGy9/a9C6vVbLY0+ZUgGTffWzJxcoZbEbdwiCFoZyex5UWTUFIj0Z4XAPoZ4HTWZsxP5YwXcJpsnbOzCqW/dTB6WpYWYp6R+MUn2yu/hZeu7z1qVhXlr8bK5LifH/u6J76SpErL1eELh1bYF17DWPfo6xspG7rffhs2k9vPVB1oq2kud+42hPo6vZaMfcwaz9lKRrftIgAu2o3JBJfdNHrUTOu2+Y6Qmc0in6MfIBNNrVr9D6hdWmIdrNr7PXHa4uJoP+CAuOp3OamTox2sgmvE7YNjC0SlSPgyFfx0kfzCb2K3Mrcq1UuJUJLhK7L3lne4f1QiWKoZ8q8zluaV+eRSJHBez9Pjo+LzBpYwoXStduOC20FVY4+KCHDasufdAOCD/Lga4mFFE5ItAui18ObOfRtxLvoZUIuGS8w019mbRaNDlVa52sUzuZBClqx+4lueBCQYEUNrDrHVG0AzqUBbAeL+WV8VRJrxVW8sIlArqY8n29pD66BozsGKoxBqXSe/fZxEDu9ZqI4xfzSCCsfqTiv0LAM4p+cZekhcjvRwtuImNjX+qj7A==" } Response HTTP/1.1 200 OK content-length →47 Content-Type: application/json { 'message' => 'Successfully imported user data' } |
Resetting TOTP User
Request curl -k -u <api-key>: https://<ics-ip>/api/v1/totp/<TOTP-AUTH-SERVER-NAME>/users/<totp-user>?operation=reset -X PUT Example: curl -k -u nNuALLLWajGujVF2yT4qyP4nYxy/nwXxBKp0CHu2AZQ=: https://<IP Address>/api/v1/totp/TOTP_SERVER/users/qauser1001?operation=reset -X PUT Response Scenario: TOTP user reset HTTP/1.1 200 OK Content-Type: application/json { "result": { "info": [ { "message": "TOTP user 'qauser1001' under Authserver 'TOTP_SERVER' has been reset" } ] } }
Scenario: TOTP user does not exist HTTP/1.1 200 OK Content-Type: application/json { "result": { "errors": [ { "message": "TOTP user 'qauser1001' is not present under Authserver 'TOTP_SERVER'" } ] } } |
Unlocking TOTP User
Request curl -k -u <api-key>: https://<ics-ip>/api/v1/totp/<TOTP-AUTH-SERVER-NAME>/users/<totp-user>?operation=unlock -X PUT Example: curl -k -u nNuALLLWajGujVF2yT4qyP4nYxy/nwXxBKp0CHu2AZQ=: https://<IP Address>/api/v1/totp/TOTP_SERVER/users/qauser1001?operation=unlock -X PUT Response Scenario: TOTP user unlocked HTTP/1.1 200 OK Content-Type: application/json { "result": { "info": [ { "message": "TOTP user 'qauser1001' under Authserver 'TOTP_SERVER' has been unlocked" } ] } } Scenario: TOTP user cannot be unlocked HTTP/1.1 200 OK Content-Type: application/json { "result": { "errors": [ { "message": "Error: Only locked users can be unlocked" } ] } } |
VPN ACL creation
REQUEST: PUT /api/v1/configuration/users/resource-policies/network-connect-policies/network-connect-acls Host: <IP Address> Authorization: Basic SkUyV1BaVjRjcGxleElRMnNiZXpYajE2dEVIUm9Oa05WWDdRWHh3MmpJZz06 Content-Type: text/html; charset=utf-8 { "network-connect-acl": [ { "action": "allow", "apply": "all", "description": "VPNACL", "name": "VPNACL", "resource": [ "*:*" ], "resources-fqdn": null, "resources-v6": null, "roles": null, "rules": { "rule": [] } } ] } RESPONSE: HTTP/1.1 200 OK Content-Length: 124 Content-Type: application/json { "result": { "info": [ { "message": "Operation succeeded without warning or error!" } ] } } |
REQUEST GET /api/v1/configuration/users/resource-policies/network-connect-policies/network-connect-acls Host: <IP Address> Authorization: Basic SkUyV1BaVjRjcGxleElRMnNiZXpYajE2dEVIUm9Oa05WWDdRWHh3MmpJZz06 Content-Type: application/json RESPONSE: HTTP/1.1 200 OK Content-Length: 205 Content-Type: application/json { "network-connect-acl": [ { "href": "/api/v1/configuration/users/resource-policies/network-connect-policies/network-connect-acls/network-connect-acl/VPNACL", "name": "VPNACL" } ] } |
Logs
Fetch Logs
Request curl --location 'https://<IP Address>/api/v1/logs/events' \ --header 'Content-Type: application/json' \ --header 'Authorization: Basic WUJyZ0wvTFBNNEdETUI3NnZLNGd6aTRzWmR5ejNVOUtieWZsVk5JZDZlST06' \ --data '{ "action": "fetch", "lines": 3, "query": "id != ('\''SYS10306'\'' or '\''NWC13978'\'' or '\''NWC13979'\'')", "filter": "Standard", "begin-date": "2023-07-08", "end-date": "2023-07-09" }' Response { "result": { "logs": [ { "id": "SYS32083", "message": "2023-07-09 23:11:23 - ive - [127.0.0.1] System()[][] - LMDB shards usage stats shard: 0:1% 1:1% 2:1% 3:1% 4:1% 5:1% 6:1% 7:1% 8:1% 9:1% a:1% b:1% c:1% d:1% e:1% f:1% ", "severity": "info" }, { "id": "STS30667", "message": "2023-07-09 23:00:01 - ive - [127.0.0.1] System()[][] - Number of NCP connections: 0", "severity": "info" }, { "id": "STS20642", "message": "2023-07-09 23:00:01 - ive - [127.0.0.1] System()[][] - Number of concurrent mail users logged in to the email proxy: 0", "severity": "info" } ] } } |
API cannot save files to local machine, it returns the raw file contents, which the user can redirect to a file they want to save.
Save Logs
Request ( Parameters: query, filter, begin-date, end-date, filter) curl --location 'https://<IP Address>/api/v1/logs/events' \ --header 'Content-Type: application/json' \ --header 'Authorization: Basic WUJyZ0wvTFBNNEdETUI3NnZLNGd6aTRzWmR5ejNVOUtieWZsVk5JZDZlST06' \ --data '{ "action": "save", "query": "id != ('\''SYS10306'\'' or '\''NWC13978'\'' or '\''NWC13979'\'')", "filter": "Standard", "begin-date": "2023-07-08", "end-date": "2023-07-09" }' Response Saved single log 2023-04-09 21:26:37 - ive - [127.0.0.1] System()[][] - Starting services: session server 2023-04-09 21:26:37 - ive - [127.0.0.1] System()[][] - Starting services: postgresd 2023-04-09 21:26:37 - ive - [127.0.0.1] System()[][] - Starting services: Name User Coordinator daemon |
Save All Logs
Request curl --location 'https://<IP Address>/api/v1/logs/all' \ --header 'Content-Type: application/json' \ --header 'Authorization: Basic WUJyZ0wvTFBNNEdETUI3NnZLNGd6aTRzWmR5ejNVOUtieWZsVk5JZDZlST06' \ --data '{ "action": "save" }' Response raw file contents in tar.gz format. |
Clear Logs
Request curl --location --request PUT 'https://<IP Address>/api/v1/logs/events' \ --header 'Content-Type: application/json' \ --header 'Authorization: Basic WUJyZ0wvTFBNNEdETUI3NnZLNGd6aTRzWmR5ejNVOUtieWZsVk5JZDZlST06' \ --data '{ "action": "clear" }' Response "{ "result": { "info": [ { "message": "Successfully cleared logs for events" } ] } } |
Sample Error Responses
400 BAD REQUEST
Request PUT /api/v1/configuration/users/user-realms/realm/testRealm/role-mapping-rules/rule/rule1 HTTP/1.1 Host: <IP Address> Authorization: Basic Y1VPZE1XZ1ZubVEvVnIrcWwrd3lJY3F0Y05WTGhDVkx1M0wrdk5YR3hzVT06 Content-Type: application/json { "name": "rule1", "roles": [ "Users" ], "stop-rules-processing": "false", "user-name": { "test": "is", "user-names": [ "*", ] } } Response HTTP/1.1 400 BAD REQUEST content-length: 92 content-type: application/json { "message": "The browser (or proxy) sent a request that this server could not understand." } |
Solution: Invalid JSON body content in Request. Please check if JSON is valid.
Request PUT /api/v1/configuration/users/user-roles/user-role/rest-userrole-1 HTTP/1.1 Host: <IP Address> Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 { "name": "rest-userrole-1", "web": { "web-bookmarks": { "bookmark": [ { "auto-allow": "disable", "description": "", "name": "web-bm-1", "new-window": "false", "no-address-bar": "false", "no-tool-bar": "false", "parent": "--none--", "standard": { "url": "http://www.yahoo.com" } } ] }, "web-options": { "browsing-untrusted-sslsites": "true", "flash-content": "false", "hpxproxy-connection-timeout": "1800", "http-connection-timeout": "240", "java-applets": "true", "mask-hostname": "false", "persistent-cookies": "false", "rewrite-file-urls": "false", "rewrite-links-pdf": "false", "unrewritten-page-newwindow": "false", "user-add-bookmarks": "false", "user-enter-url": "false", "users-bypass-warnings": "false", "warn-certificate-issues": "true", "websocket-connection-timeout": "900" } } } Response HTTP/1.1 400 BAD REQUEST Content-Length: 99 Content-Type: application/json { "result": { "errors": [ { "message": "Accepts only JSON." } ] } } |
Include the “Content-Type” header in the request with a value “application/json” as used in the examples above.
403 Forbidden
Request GET /api/v1/auth HTTP/1.1 Host: <IP Address> Authorization: Basic YWRtaW5kYjpkYW5hMTIz Content-Type: application/json Response HTTP/1.1 403 Forbidden cache-control: no-store connection: Keep-Alive content-type: text/html; charset=utf-8 expires:-1 keep-alive: timeout=15 strict-transport-security →max-age=31536000 transfer-encoding: chunked |
Solutions:
1.Make sure admin user used for authentication has "Allow access to REST APIs" option enabled frm admin UI
2.Admin Username and Password passed in Authorization header are correct
3.If api_key is available, use api_key value as username and password as empty in authorization header
404 NOT FOUND
Request GET /api/v1/configuration/users/user-realms/realm/testRealm/role-mapping-rules/rule HTTP/1.1 Host: <IP Address> Authorization: Basic Y1VPZE1XZ1ZubVEvVnIrcWwrd3lJY3F0Y05WTGhDVkx1M0wrdk5YR3hzVT06 Response HTTP/1.1 404 NOT FOUND content-length: 213 content-type: application/json { "result": { "errors": [ { "message": "Invalid resource path; use \"users/user-realms/realm/testRealm/role-mapping-rules/rule/<resource-id>\" to access a specific resource" } ] } } |
Solution: Resource-id should be passed in Resource path as shown in example below.
Request GET /api/v1/configuration/users/user-realms/realm/testRealm/role-mapping-rules/rule/rule1 HTTP/1.1 Host: <IP Address> Authorization: Basic Y1VPZE1XZ1ZubVEvVnIrcWwrd3lJY3F0Y05WTGhDVkx1M0wrdk5YR3hzVT06 Response HTTP/1.1 200 OK content-length: 167 content-type: application/json { "name": "rule1", "roles": [ "Users" ], "stop-rules-processing": "false", "user-name": { "test": "is", "user-names": [ "*" ] } } |
Solution: Invalid JSON body content in Request. Please check if JSON is valid.
422 UNPROCESSABLE ENTITY
Request POST /api/v1/configuration/users/user-realms/realm/testRealm/role-mapping-rules/rule/ HTTP/1.1 Host: <IP Address> Authorization: Basic Y1VPZE1XZ1ZubVEvVnIrcWwrd3lJY3F0Y05WTGhDVkx1M0wrdk5YR3hzVT06 Content-Type: application/json { "name": "rule2", "roles": [ "Users", "testRole1" ], "stop-rules-processing": "false", "user-name": { "test": "is", "user-names": [ "user1" ] } } Response HTTP/1.1 422 UNPROCESSABLE ENTITY content-length: 368 content-type: application/json { "result": { "errors": [ { "message": "[/users/user-realms/realm[name=testRealm]/role-mapping-rules/rule[name=rule2]/roles] Invalid reference: no 'User Roles' object found with identifier 'testRole1'." }, { "message": "Failed to resolve path references" }, { "message": "Commit failed" } ] } } |
Solution: Make sure to have all the referenced resources are created first using POST call and then repeat.
Limitations
1.Configuration of large data objects is not qualified- ESAP, Client package, Custom Sign-in page, applets, and so on.
2.Resource names similar to resource tags e.g. vlans, roles, etc. should be avoided while creating new resources.