Ivanti Connect Secure-Specific Configurations Using REST APIs
Monitoring NTP statusTo monitor NTP status:
Request
GET https://{{IP}}/api/v1/system/status/ntp
Response
{ "content-type": "application/json", "content-length": "1129" }
"{ "ntp-server-status": { "192.48.105.15": { "delay": "0.000", "jitter": "0.000", "offset": "0.000", "pool": "64", "reach": "0", "refid": ".INIT.", "remote NTP Server": "192.48.105.15", "stratum": "16", "type": "u", "when": "-" }, "209.115.181.108\": { "delay": "0.000", "jitter": "0.000", "offset": "0.000", "pool": "64", "reach": "0", "refid": ".INIT.", "remote NTP Server": "209.115.181.108", "stratum": "16", "type": "u", "when": "-" }, "216.197.156.83": { "delay": "0.000", "jitter": "0.000", "offset": "0.000", "pool": "64", "reach": "0", "refid": ".INIT.", "remote NTP Server": "216.197.156.83", "stratum": "16", "type": "u", "when": "-" }, "50.205.244.36": { "delay": "0.000", "jitter": "0.000", "offset": "0.000", "pool": "64", "reach": "0", "refid": ".INIT.", "remote NTP Server": "50.205.244.36", "stratum": "16", "type": "u", "when": "-" } } }" } |
Toggling syslog fault tolerance setting
To toggle syslog fault tolerance settings:
Request
GET /api/v1/configuration/system/log/syslog-settings/syslog-setting/node1
Response
{ "content-type": "application/json", "content-length": "197" }
"{ "node": "node1", "syslog-servers": { "syslog-server": [ { "communication-type": "tcp", "fault-tolerant": "false", "name": "10.96.119.200" } ] } }" }
Request
PUT /api/v1/configuration/system/log/syslog-settings/syslog-setting
"{ "node": "node1", "syslog-servers": { "syslog-server": [ { "communication-type": "tcp", "fault-tolerant": "true", "name": "10.96.119.200" } ] } }"
Response
{ "content-type": "application/json", "content-length": "124" }
"{ "result": { "info": [ { "message": "Operation succeeded without warning or error!" } ] } }" } |
Toggling the telemetry settings
To toggle the telemetry settings:
Request
GET /api/v1/configuration/system/configuration/telemetry
Response
{ "content-type": "application/json", "content-length": "62" }
"{ "crash-analytics": "false", "google-analytics": "true" }" }
Request
PUT /api/v1/configuration/system/configuration/telemetry
"{ "crash-analytics": "true", "google-analytics": "true" }"
Response
{ "content-type": "application/json", "content-length": "124" }
"{ "result": { "info": [ { "message": "Operation succeeded without warning or error!" } ] } }" } |
Automatic version monitoring
To automate version monitoring:
Request
PUT /api/v1/configuration/system/maintenance/options
"{"automatic-version-monitoring": \"false\"}"
Response
{ "content-type": "application/json", "content-length": "124" }
"{ "result": { "info": [ { "message": "Operation succeeded without warning or error!" } ] } }" } |
Enabling read-only mode for the administrator
To enable read-only mode for the adminstrator:
Request
GET /api/v1/configuration/system/configuration/telemetry
Response { content-type: application/json content-length: 61 }
"{ "crash-analytics": "true", "google-analytics": "true" }"
Request
PUT /api/v1/configuration/system/configuration/telemetry
Response
Status: 403 forbidden |
Mapping serial numbers to interfaces
To map serial numbers to interfaces:
From Release 9.1R14 onwards, you must mandatorily add "serial-number" attribute in JSON code for POST operations of certificates.
Request GET /api/v1/configuration/system/configuration/certificates/device-certificates/device-certificate/{serial-number} Host: 10.209.112.106 Authorization: Basic YWRtaW5kYjpkYW5hMTIz Content-Type: application/json Response HTTP/1.1 200 OK Content-Type: application/json { "device-certificate": [ { "href": "/api/v1/configuration/system/configuration/certificates/device-certificates/device-certificate/0A%3A90%3A0D%3AD0%3AE6%3AAF%3AC8%3A7E", "serial-number": "0A:90:0D:D0:E6:AF:C8:7E" } ] }
Request PUT /api/v1/configuration/system/configuration/certificates/device-certificates/device- certificate/24%3AEE%3AC8%3ABB%3A00%3A00%3A00%3A00%3A12%3A73 "{ "internal-ports": { "internal-port": ["<Internal Port>"] }, "serial-number": "24:EE:C8:BB:00:00:00:00:12:73" }"
Response { "content-type": "application/json", "content-length": "128" } "{ "result": { "warnings": [ { "message": "The configuration has been implicitly changed" } ] } }" } |
Upgrading system software
To upgrade system software:
The REST API does not support two stage upgrade.
Request POST /api/v1/system/maintenance/upgrade HTTP/1.1 Host: 10.204.51.219 Authorization: Basic YWRtaW4xOmRhbmExMjM= Content-Type: multipart/form-data { KEY: file, VALUE: file name } Response HTTP/1.1 200 OK Content-Type: application/json |
Rolling back system software
To roll back system software:
Request POST /api/v1/system/maintenance HTTP/1.1 Host: 10.204.51.219 Authorization: Basic YWRtaW4xOmRhbmExMjM= Content-Type: application/json { "operation": "rollback" } Response HTTP/1.1 200 OK Content-Type: application/json { "name" : "{ \"result\": { \"info\": [ { \"message\": \"Successfully triggered rollback\" } ] } }" } |
Enabling console password protection
To enable console password protection:
Request POST /api/v1/system/maintenance/password-protection HTTP/1.1 Host: 10.209.112.106 Authorization: Basic YWRtaW5kYjpkYW5hMTIz Content-Type: application/json { "operation": "enable" } Response HTTP/1.1 200 OK Content-Type: application/json { "name" : "{ \"result\": { \"info\": [ { \"message\": \" Successfully enabled console password protection\" } ] } }" } |
Disabling console password protection
To disable console password protection:
Request POST /api/v1/system/maintenance/password-protection HTTP/1.1 Host: 10.209.112.106 Authorization: Basic YWRtaW5kYjpkYW5hMTIz Content-Type: application/json { "operation": "disable" } Response HTTP/1.1 200 OK Content-Type: application/json { "name" : "{ \"result\": { \"info\": [ { \"message\": \" Successfully disabled console password protection\" } ] } }" } |
Creating a VLAN
To create a VLAN on a cluster node:
Request POST /api/v1/configuration/system/network/vlans/Node88/vlan/ HTTP/1.1 Host: 10.209.113.88 Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json { "arp-cache": { "arp-entry": [] }, "name": "vlan-int-1", "routes": { "route": [] }, "settings": { "default-gateway": "2.0.0.1", "default-vlan-interface": "false", "enable-ipv6": "enabled", "ip-address": "2.2.2.2", "ipv6-address": "fc00:7777:5678:5678::222", "ipv6-default-gateway": "fc00:7777:5678:5678::3", "ipv6-prefix-length": "64", "is-enabled": "enabled", "netmask": "255.0.0.0", "vlan-id": "2", "vlan-parent": "0" }, "virtual-ports": { "virtual-port": [] } } Response HTTP/1.1 201 CREATED Content-Length: 128 Content-Type: application/json { "result": { "warnings": [ { "message": "The configuration has been implicitly changed" } ] } } |
Deleting a VLAN
To delete a VLAN from cluster node:
Request DELETE /api/v1/configuration/system/network/vlans/Node88/vlan/vlan-int-1 HTTP/1.1 Host: 10.209.113.88 Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json Response HTTP/1.1 204 NO CONTENT Content-Length: 0 Content-Type: application/json |
Creating a User Role
To create a user role:
Request POST /api/v1/configuration/users/user-roles/user-role/ HTTP/1.1 Host: 10.209.113.88 Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json { "name": "rest-userrole-4", "web": { "web-bookmarks": { "bookmark": [ { "auto-allow": "disable", "description": "", "name": "web-bm-1", "new-window": "false", "no-address-bar": "false", "no-tool-bar": "false", "parent": "--none--", "standard": { "url": "http://www.msn.com" } } ] }, "web-options": { "browsing-untrusted-sslsites": "true", "flash-content": "false", "hpxproxy-connection-timeout": "1800", "http-connection-timeout": "240", "java-applets": "true", "mask-hostname": "false", "persistent-cookies": "false", "rewrite-file-urls": "false", "rewrite-links-pdf": "false", "unrewritten-page-newwindow": "false", "user-add-bookmarks": "false", "user-enter-url": "false", "users-bypass-warnings": "false", "warn-certificate-issues": "true", "websocket-connection-timeout": "900" } } } Response HTTP/1.1 201 CREATED Content-Length: 122 Content-Type: application/json { "result": { "info": [ { "message": "Operation succeed without warning or error!" } ] } } |
Fetching the User Login Statistics
To fetch the user login statistics:
Request GET /api/v1/system/user-stats HTTP/1.1 Host: 10.209.113.88 Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json Response HTTP/1.1 200 OK Content-Length: 169 Content-Type: application/json { "user-stats": { "allocated-user-count": "25", "current-user-count": "0", "max-active-user-count-24hrs": "1", "min-active-user-count-24hrs": "0" } } |
Updating the User Role Settings
To update the user role settings:
Request PUT /api/v1/configuration/users/user-roles/user-role/rest-userrole-4 HTTP/1.1 Host: 10.209.113.88 Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json { "name": "rest-userrole-4", "web": { "web-bookmarks": { "bookmark": [ { "auto-allow": "disable", "description": "", "name": "web-bm-1", "new-window": "false", "no-address-bar": "false", "no-tool-bar": "false", "parent": "--none--", "standard": { "url": "http://www.yahoo.com" } } ] }, "web-options": { "browsing-untrusted-sslsites": "true", "flash-content": "false", "hpxproxy-connection-timeout": "1800", "http-connection-timeout": "240", "java-applets": "true", "mask-hostname": "false", "persistent-cookies": "false", "rewrite-file-urls": "false", "rewrite-links-pdf": "false", "unrewritten-page-newwindow": "false", "user-add-bookmarks": "false", "user-enter-url": "false", "users-bypass-warnings": "false", "warn-certificate-issues": "true", "websocket-connection-timeout": "900" } } } } } } Response HTTP/1.1 200 OK Content-Length: 122 Content-Type: application/json { "result": { "info": [ { "message": "Operation succeed without warning or error!" } ] } } |
Deleting a User Role
To delete a user role:
Request DELETE /api/v1/configuration/users/user-roles/user-role/rest-userrole-4 HTTP/1.1 Host: 10.209.113.88 Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json Response HTTP/1.1 204 NO CONTENT Content-Length: 0 Content-Type: application/json |
Creating a User Realm
To create a user realm:
Request POST /api/v1/configuration/users/user-realms/realm/ HTTP/1.1 Host: 10.209.113.88 Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json { "accounting-server": "None", "authentication-group": "", "authentication-policy": { "browser": { "customized": "any-user-agent", "user-agent-patterns": { "user-agent-pattern": [] } }, "certificate": { "cert-key-value-pairs": { "cert-key-value-pair": [] }, "customized": "allow-all-users" }, "host-checker": { "enforce-all-policies": "false", "enforce-policy-list": null, "evaluate-all-policies": "false", "evaluate-logic": "all-policies-must-succeed", "evaluate-policy-list": null }, "limits": { "guaranteed-minimum": null, "limit-concurrent-users": "false", "max-sessions-per-user": "1", "maximum": null }, "password": { "primary-password-expiration-warning-days": "14", "primary-password-management": "true", "primary-password-minimum-length": "4", "primary-password-restricted": "allow-passwords-of-minimum-length", "secondary-password-expiration-warning-days": "14", "secondary-password-management": "false", "secondary-password-minimum-length": "4", "secondary-password-restricted": "allow-passwords-of-minimum-length" }, "source-ip": { "customized": "any-ip", "ips": { "ip": [] } } }, "authentication-server": "AD server", "description": "", "device-server": "None", "directory-server": "AD server", "dynamic-policy": { "dynamic-policy-evaluation": "false", "refresh-interval": "60", "refresh-policies": "false", "refresh-roles": "false" }, "editing-description": "false", "inbound-ifmap-attributes": "false", "migration-sharing-type": "enable-session-migration", "name": "rest-user-realm", "role-mapping-rules": { "rule": [ { "name": "rest-admin-rule", "roles": [ "test1" ], "stop-rules-processing": "false", "user-name": { "test": "is", "user-names": [ "user1" ] } } ], "user-selects-role": "false", "user-selects-roleset": "false" }, "secondary-authentication-settings": { "authentication-must-succeed": "true", "name": "-", "password-input": "user", "predefined-password": "", "predefined-user-name": "", "user-name-input": "user" }, "session-migration": "false" } Response HTTP/1.1 201 CREATED Content-Length: 122 Content-Type: application/json { "result": { "info": [ { "message": "Operation succeed without warning or error!" } ] } } |
Deleting a User Realm
To delete a user realm:
Request DELETE /api/v1/configuration/users/user-realms/realm/rest-user-realm HTTP/1.1 Host: 10.209.113.88 Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json Response HTTP/1.1 204 NO CONTENT Content-Length: 0 Content-Type: application/json |
Creating a Resource Profile
To create a web resource profile:
Request POST /api/v1/configuration/users/resource-profiles/web-profiles/web-profile/ HTTP/1.1 Host: 10.209.113.88 Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json { "custom": { "bookmarks": { "bookmark": [ { "apply": "all", "description": "", "name": "web-resourceprofile", "new-window": "false", "no-address-bar": "false", "no-tool-bar": "false", "roles": null, "url": "http://www.google.com" } ] }, "client-authentication": [], "java-acl": [], "rewriting-options": { "ptp": [], "selective-rewriting": "false", "use-jsam": [], "use-wsam": [] }, "sso-basic-ntlm-kerberos": [], "sso-header": [], "sso-post": [], "url": "http://www.google.com", "web-compression": [], "webacl": [ { "rules": { "rule": [ { "action": "allow", "name": "Allow http://www.google.com:80/*", "resource": "http://www.google.com:80/*" } ] } } ], "webcaching": [] }, "description": "", "name": "web-resourceprofile", "roles": [ "rest-userrole-3" ] } Response HTTP/1.1 201 CREATED Content-Length: 128 Content-Type: application/json { "result": { "warnings": [ { "message": "The configuration has been implicitly changed" } ] } } |
Deleting a Resource Profile
To delete a web resource profile:
Request DELETE /api/v1/configuration/users/resource-profiles/web-profiles/web-profile/web-resourceprofile HTTP/1.1 Host: 10.209.113.88 Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json Response HTTP/1.1 204 NO CONTENT Content-Length: 0 Content-Type: application/json |
Creating a Resource Policy
To create a web resource policy:
Request POST /api/v1/configuration/users/resource-policies/web-policies/web-acls/web-acl/ HTTP/1.1 Host: 10.209.113.88 Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json { "action": "allow", "apply": "selected", "description": "", "name": "web-acl-policy", "parent-type": "none", "resources": [ "1.1.1.1:80,443/*" ], "roles": [ "rest-userrole-1" ], "rules": { "rule": [] } } Response HTTP/1.1 201 CREATED Content-Length: 122 Content-Type: application/json { "result": { "info": [ { "message": "Operation succeed without warning or error!" } ] } } |
Fetching a Resource Policy
To fetch a web resource policy:
Request GET /api/v1/configuration/users/resource-policies/web-policies/web-acls/web-acl/name=web-acl-policy,parent-type=none HTTP/1.1 Host: 10.209.113.88 Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json Response HTTP/1.1 200 OK Content-Length: 245 Content-Type: application/json { "action": "allow", "apply": "selected", "description": "", "name": "web-acl-policy", "parent-type": "none", "resources": [ "1.1.1.1:80,443/*" ], "roles": [ "rest-userrole-1" ], "rules": { "rule": [] } } |
Deleting a Resource Policy
To delete a web resource policy:
Request DELETE /api/v1/configuration/users/resource-policies/web-policies/web-acls/web-acl/name=web-acl-policy,parent-type=none HTTP/1.1 Host: 10.209.113.88 Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json Response HTTP/1.1 204 NO CONTENT Content-Length: 0 Content-Type: application/json |
Creating an AD Authentication Server
Request POST /api/v1/configuration/authentication/auth-servers/auth-server HTTP/1.1 Host: 10.209.114.152 Authorization: Basic QmJYZlZ6eER2Tzhodjh4NzhlU28vU1NNZ0tHelJJUHhsbC9pdjcrZlRxcz06 Content-Type: application/json { "ad": { "server-catalog": { "custom-variables": { "custom-variable": [] }, "expressions": { "custom-expression": [] }, "groups": { "ad-group": [] } }, "settings": { "additional-options": { "allow-trusted-domains": "false", "change-machine-password-after-every": "0", "enable-ntlm-protocol": "true", "enable-periodic-password-change-of-machine-account": "false", "kerberos": "true", "max-domain-connections": "5", "ntlm-protocol": "ntlmv2" }, "container-name": "Computers", "domain": "TEST", "kerberos-realm": "TEST.SAQACERTSERV.COM", "nodenames": [ { "computer-name": "0332MWK0NRP111", "machine-hardware-id": "0332MOGWK0NRP111S", "node": "localhost2" } ], "password-cleartext": "'Ivanti1234$", "save-credentials": "true", "username": "Administrator" } }, "logical-name": "", "name": "AD-Server", "user-record-sync": "false" } Response HTTP/1.1 201 CREATED Content-Length: 128 Content-Type: application/json { "result": { "warnings": [ { "message": "The configuration has been implicitly changed" } ] } } |
Deleting an AD Authentication Server
Request DELETE /api/v1/configuration/authentication/auth-servers/auth-server/AD-Server HTTP/1.1 Host: 10.209.114.152 Authorization: Basic QmJYZlZ6eER2Tzhodjh4NzhlU28vU1NNZ0tHelJJUHhsbC9pdjcrZlRxcz06 Content-Type: application/json Response HTTP/1.1 204 NO CONTENT Content-Length: 0 Content-Type: application/json |
Creating an LDAP Authentication Server
Request POST /api/v1/configuration/authentication/auth-servers/auth-server HTTP/1.1 Host: 10.209.114.152 Authorization: Basic QmJYZlZ6eER2Tzhodjh4NzhlU28vU1NNZ0tHelJJUHhsbC9pdjcrZlRxcz06 Content-Type: application/json { "ldap": { "server-catalog": { "attributes": { "user-attribute": [ { "name": "cn" }, { "name": "department" }, { "name": "departmentNumber" }, { "name": "employeeNumber" }, { }, { "name": "o" }, { "name": "ou" }, { "name": "sAMAccountName" }, { "name": "uid" }, { "name": "homeDirectory" }, { "name": "homeDrive" }, { "name": "wWWHomePage" } ] }, "custom-variables": { "custom-variable": [] }, "expressions": { "custom-expression": [] }, "groups": { "user-group": [] } }, "settings": { "admin-dn": "CN=Administrator,CN=Users,DC=test,DC=saqacertserv,DC=com", "admin-password-encrypted": } "3u+UR6n8AgABAAAAQkYh+Te/ebXL7gSn+W6IEPOV2YFsaaikH2SVxkb8lTKzWhS1EPFlsNXBpuQP5sW XfeOYfjmhQSRZ5DP/z9UhQ/l16DDne9/u7Lw67HyE/8Q=", "attribute-to-update-at-server": "", "attribute-type": "type-integer", "attribute-value-to-update-at-server": "<LOGINTIMELDAP>", "authentication-required-to-search-ldap": "true", "backup-port-1": null, "backup-port-2": null, "backup-server-1": "", "backup-server-2": "", "connection-timeout": "15", "connection-type": "plain", "enable-attribute-update-at-server": "false", "group-base-dn": "", "group-filter": "", "ldap-server-type": "active-directory", "meetings": { "email-address": "mail", "full-name": "displayname", "name-attribute-mapping": "", "user-name": "samaccountname" }, "member-attribute": "", "nested-group-level": "0", "port": "389", "query-attribute": "", "reverse-group-search": "false", "search-timeout": "60", "server": "10.209.124.88", "server-catalog": "catalog", "test-user-dn": "", "user-base-dn": "DC=test,DC=saqacertserv,DC=com", "user-filter": "samaccountname=<USER>", "validate-referral-cert": "verifyserverconfigured", "validate-server-cert": "false" } }, "logical-name": "", "name": "LDAP-Server", "user-record-sync": "false" } Response HTTP/1.1 201 CREATED Content-Length: 128 Content-Type: application/json { "result": { "warnings": [ { "message": "The configuration has been implicitly changed" } ] } } |
Creating a Radius Server
Request POST /api/v1/configuration/authentication/auth-servers/auth-server HTTP/1.1 Host: 10.209.114.152 Authorization: Basic QmJYZlZ6eER2Tzhodjh4NzhlU28vU1NNZ0tHelJJUHhsbC9pdjcrZlRxcz06 Content-Type: application/json { "logical-name": "", "name": "Radius-Server", "radius": { "server-catalog": { "attributes": { "user-attribute": [] }, "custom-variables": { "custom-variable": [] }, "expressions": { "custom-expression": [] } }, "settings": { "accounting-port": "1813", "authenticate-with-tokens-onetimepassword": "false", "authentication-port": "1812", "backup-accounting-port": "1813", "backup-authentication-port": "1812", "backup-server": "10.209.126.179", "backup-shared-secret-encrypted": "3u+UR6n8AgABAAAA2Th1sUV9vXDS9gRdMt1yCB4Ol6tacMTwhWsTlIFd7Q4=", "custom-radius-rules": { "custom-radius-rule": [] }, "interim-update-interval": null, "load-balance-auth": "false", "nasid": "", "nasipaddr": "10.209.113.88", "process-radius-disconnect": "false", "retries": "0", "server": "10.209.126.179", "shared-secret-encrypted": "3u+UR6n8AgABAAAA2Th1sUV9vXDS9gRdMt1yCB4Ol6tacMTwhWsTlIFd7Q4=", "timeout": "30", "use-nc-assigned-ip": "false", "use-subsession-interim-update": "false", "user-name": "<USER>(<REALM>)[<ROLE SEP=\",\">]" } }, "user-record-sync": "false" } Response HTTP/1.1 201 CREATED Content-Length: 128 Content-Type: application/json { "result": { "warnings": [ { "message": "The configuration has been implicitly changed" } ] } |
Modifying Radius Server Details
Request PUT /api/v1/configuration/authentication/auth-servers/auth-server/Radius-Server HTTP/1.1 Host: 10.209.114.152 Authorization: Basic QmJYZlZ6eER2Tzhodjh4NzhlU28vU1NNZ0tHelJJUHhsbC9pdjcrZlRxcz06 Content-Type: application/json { "name": "Radius-Server", "radius": { "settings": { "backup-accounting-port": "1814", "backup-authentication-port": "1816", "backup-server": "2.2.2.2" } }
} Response HTTP/1.1 200 OK Content-Length: 128 Content-Type: application/json { "result": { "info": [ { "message": "Operation succeeded without warning or error!" } ] } } |
Creating Sign-In-Policy
Request POST /api/v1/configuration/authentication/signin/urls/access-urls/access-url/ HTTP/1.1 Host: 10.209.113.89 Authorization: Basic MEthMXM0MmJraHpjYms0WFZCZ29Xb3k1Nk5NL3JqaDBwQ05iTmFhUlh5ST06 Content-Type: application/json { "description": "", "enabled": "true", "page": "Default Sign-In Page", "realm-select": "pick-list", "url-pattern": "test/url3/", "user": { "enable-new-ux-pages": "false", "meeting-url": "*/meeting/", "post-authentication-signin-notification-id": "None", "post-authentication-signin-notification-skip": "false", "pre-authentication-signin-notification-id": "None", "realms": [ "Users" ] } } Response HTTP/1.1 201 CREATED Content-Length: 128 Content-Type: application/json { "result": { "info": [ { "message": "Operation succeeded without warning or error!" } ] } } |
Deleting Sign-in-Policy
Request DELETE /api/v1/configuration/authentication/signin/urls/access-urls/access-url/test%5C%2Furl3%5C%2F HTTP/1.1 Host: 10.209.113.89 Authorization: Basic MEthMXM0MmJraHpjYms0WFZCZ29Xb3k1Nk5NL3JqaDBwQ05iTmFhUlh5ST06 Cache-Control: no-cache Response HTTP/1.1 204 NO CONTENT Content-Length: 0 Content-Type: application/json |
Disabling Sign-in-URL
Request PUT /api/v1/configuration/authentication/signin/urls/access-urls/access-url/test%5C%2Furl1%5C%2F/enabled HTTP/1.1 Host: 10.209.113.89 Authorization: Basic MEthMXM0MmJraHpjYms0WFZCZ29Xb3k1Nk5NL3JqaDBwQ05iTmFhUlh5ST06 Content-Type: application/json { "enabled": "false" } Response HTTP/1.1 200 OK Content-Length: 128 Content-Type: application/json { "result": { "info": [ { "message": "Operation succeeded without warning or error!" } ] } } |
Creating a Web Bookmark for a Role
To create a web bookmark for a role:
Request POST /api/v1/configuration/users/user-roles/user-role/rest-userrole-1/web/web-bookmarks/bookmark HTTP/1.1 Host: 10.209.113.88 Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 Content-Type: application/json Cache-Control: no-cache { "auto-allow": "disable", "description": "", "name": "webbm", "new-window": "false", "no-address-bar": "false", "no-tool-bar": "false", "parent": "--none--", "standard": { "url": "http://www.yahoo.com" } } Response HTTP/1.1 201 CREATED Content-Length: 122 Content-Type: application/json { "result": { "info": [ { "message": "Operation succeed without warning or error!" } ] } } |
Reordering
For re-ordering existing ordered elements in the configuration, a PUT API can be used with an 'order' suffix. This API can be used to reorder any ordered element in the configuration including role-mapping-rules, resource policies and ACLs.
Example: Reorder existing role-mapping-rules in a specific realm.
Request PUT /api/v1/configuration/users/user-realms/realm/testRealm/role-mapping-rules/rule/order HTTP/1.1 Host: 10.209.112.106 Authorization: Basic Y1VPZE1XZ1ZubVEvVnIrcWwrd3lJY3F0Y05WTGhDVkx1M0wrdk5YR3hzVT06 Content-Type: application/json { "rule": [ { "href": "/api/v1/configuration/users/user-realms/realm/testRealm/role-mapping-rules/rule/rule3" }, { "href": "/api/v1/configuration/users/user-realms/realm/testRealm/role-mapping-rules/rule/rule1" } ] } Response HTTP/1.1 200 OK content-length: 122 content-type: application/json { "result": { "info": [ { "message": "Operation succeed without warning or error!" } ] } } |
Fetching the Resource with Multiple Identifiers
Example: Retrieve one of SNMP Trap server configured on Ivanti Connect Secure device
Request GET /api/v1/configuration/system/log/snmp/localhost2/trap-servers/trap-server/ip=1.1.1.1,port=162 HTTP/1.1 Host: 10.209.112.106 Authorization: Basic T0o1dzVpK3g4U0dKV0d1TkJCdWlwVzREaUc0SjZvbkExMVljc0RtNU14bz06 Response HTTP/1.1 200 OK content-length: 65 content-type: application/json { "community": "public", "ip": "1.1.1.1", "port": "162" } |
Updating Resource Identified Using Multiple Identifiers
Example: Updating the community string for specific SNMP trap server identified by IP and port
Request PUT /api/v1/configuration/system/log/snmp/localhost2/trap-servers/trap-server/ip=1.1.1.1,port=162/community HTTP/1.1 Host: 10.209.112.106 Authorization: Basic T0o1dzVpK3g4U0dKV0d1TkJCdWlwVzREaUc0SjZvbkExMVljc0RtNU14bz06 Content-Type: application/json { "community": "pulsesecure" } Response HTTP/1.1 200 OK content-length: 122 content-type: application/json { "result": { "info": [ { "message": "Operation succeed without warning or error!" } ] } } |
Fetching Active Number of HTML5 Sessions
Request curl -k -u <api-key>: https://<pcs-ip>/api/v1/stats Example: curl -k -u Tv6YQPETDVOxeO0LCkcOfWeQ5qeET2WStO8GbilIltA=: https://10.96.158.110/api/v1/stats Response content-type: application/json { "active-advanced-html5-sessions": { "active-advanced-html5-sessions-rdp": 0, "active-advanced-html5-sessions-ssh": 0, "active-advanced-html5-sessions-telnet": 0, "active-advanced-html5-sessions-total": -2, "active-advanced-html5-sessions-vnc": 0 }, "active-basic-html5-sessions": { "active-basic-html5-sessions-rdp": 0, "active-basic-html5-sessions-ssh": 0, "active-basic-html5-sessions-telnet": 0, "active-basic-html5-sessions-total": 0 }, "cpu-load": { "average-cpu-load": "0.33", "dsagentd-load": "0.00", "is-cpu-overloaded": "false", "is-dsagentd-overloaded": "false" } } |
Fetching Active Number of Basic HTML5 Sessions
Request curl -k -u <api-key>: https://<pcs-ip>/api/v1/stats/active-basic-html5-sessions Example: curl -k -u Tv6YQPETDVOxeO0LCkcOfWeQ5qeET2WStO8GbilIltA=: https://10.96.158.110/api/v1/stats/ active-basic-html5-sessions Response content-type: application/json { "active-basic-html5-sessions-rdp": 0, "active-basic-html5-sessions-ssh": 0, "active-basic-html5-sessions-telnet": 0, "active-basic-html5-sessions-total": 0 } |
Fetching Active Number of Advanced HTML5 Sessions
Request curl -k -u <api-key>: https://<pcs-ip>/api/v1/stats/active-advanced-html5-sessions Example: curl -k -u Tv6YQPETDVOxeO0LCkcOfWeQ5qeET2WStO8GbilIltA=: https://10.96.158.110/api/v1/stats/ active-advanced-html5-sessions Response content-type: application/json { "active-advanced-html5-sessions-rdp": 0, "active-advanced-html5-sessions-ssh": 0, "active-advanced-html5-sessions-telnet": 0, "active-advanced-html5-sessions-total": -2, "active-advanced-html5-sessions-vnc": 0 } |
Updating Password in Clear Text
Example: Updating password of System Local User.
Request PUT /api/v1/configuration/authentication/auth-servers/auth-server/System%20Local/local/users/user/user0001/password-cleartext HTTP/1.1 Host: 10.209.112.106 Authorization: Basic T0o1dzVpK3g4U0dKV0d1TkJCdWlwVzREaUc0SjZvbkExMVljc0RtNU14bz06 Content-Type: application/json { "password-cleartext": "Psecure" } Response HTTP/1.1 200 OK content-length: 128 content-type: application/json { "result": { "warnings": [ { "message": "The configuration has been implicitly changed" } ] } } |
Applying Authcode and Downloading Licenses from PCLS on VA-SPE|PSA-V
In Ivanti Connect Secure 8.3R4|Ivanti Policy Secure 5.4R4, this REST API can be used to download the license key from PCLS and install on the Virtual Appliance.
Request PUT /api/v1/license/auth-code HTTP/1.1 Host: 10.209.125.7 Authorization: Basic TnBDUk1veFFFQTJKZjM0S2ZxV2JKUlhRaDJaWGFrYnkvWVpTR3hhNTdmbz0= Content-Length: 35 Content-Type: application/json { "auth-code":"<auth-code-to-apply>" } Response HTTP/1.1 200 OK Content-Type: application/json Content-Length: 191 { "result": { "info": [ {"message": "Installed new license key \"landmark utility prestige trip mayor diesel faucet summer prestige income heritage\""} ] } } |
Applying License
Request PUT /api/v1/license/license-key?action=install HTTP/1.1 Host: 10.209.125.7 Authorization: Basic TnBDUk1veFFFQTJKZjM0S2ZxV2JKUlhRaDJaWGFrYnkvWVpTR3hhNTdmbz0= Content-Type: application/json { "keys":[ "key1", "key2", …. ] } Example: { "keys":[ "operation tree crayon holiday kingdom lasso doorway square dish modem gecko", "buffalo safety inch topaz banquet nitrogen garnish step recital wedge trace" ] } Response HTTP/1.1 200 OK Content-Type: application/json { "result": { "info": [ { "message": "Installed licenses" } ] } } |
Deleting License
Request PUT /api/v1/license/license-key?action=delete HTTP/1.1 Host: 10.209.125.7 Authorization: Basic TnBDUk1veFFFQTJKZjM0S2ZxV2JKUlhRaDJaWGFrYnkvWVpTR3hhNTdmbz0= Content-Type: application/json { "keys":[ "key1", "key2", …. ] } Example: { "keys":[ "operation tree crayon holiday kingdom lasso doorway square dish modem gecko", "buffalo safety inch topaz banquet nitrogen garnish step recital wedge trace" ] } Response HTTP/1.1 200 OK Content-Type: application/json { "result": { "info": [ { "message": "Deleted <number> licenses" } ] } } |
Getting License Clients
Request GET /api/v1/license/license-clients HTTP/1.1 Host: 10.209.125.7 Authorization: Basic TnBDUk1veFFFQTJKZjM0S2ZxV2JKUlhRaDJaWGFrYnkvWVpTR3hhNTdmbz0= Content-Type: application/json Response HTTP/1.1 200 OK Content-Type: application/json { "license_clients": [ { "feature_capacities": [ { "feature_name": "add_user_count", "leased_value": 25 }, { "feature_name": "onboard", "leased_value": 0 }, { "feature_name": "embeddedrdpapplet", "leased_value": 0 }, { "feature_name": "vm_cores_leasable", "leased_value": 4 }, { "feature_name": "add_meeting_user_count", "leased_value": 0 }, { "feature_name": "cloudsecure_count", "leased_value": 0 }, { "feature_name": "named_user_count", "leased_value": 0 }, { "feature_name": "ueba", "leased_value": 0 } ], "last_renewal": "Wed, 04 Dec 2019 06:32:26 GMT", "machine_id": "VASPH3944M9D8551S", "name": "va_spe_3_3_125_4" }, { "feature_capacities": [ { "feature_name": "add_user_count", "leased_value": 25 }, { "feature_name": "onboard", "leased_value": 0 }, { "feature_name": "embeddedrdpapplet", "leased_value": 0 }, { "feature_name": "vm_cores_leasable", "leased_value": 4 }, { "feature_name": "add_meeting_user_count", "leased_value": 0 }, { "feature_name": "cloudsecure_count", "leased_value": 0 }, { "feature_name": "named_user_count", "leased_value": 0 }, { "feature_name": "ueba", "leased_value": 0 } ], "last_renewal": "Thu, 05 Dec 2019 13:45:31 GMT", "machine_id": "VASPHXVK2E117PM8S", "name": "va_spe_3_3_125_8" }, ] } |
Getting License Report from License Server
Request GET /api/v1/license/report HTTP/1.1 Host: 10.209.125.7 Authorization: Basic TnBDUk1veFFFQTJKZjM0S2ZxV2JKUlhRaDJaWGFrYnkvWVpTR3hhNTdmbz0= Content-Type: application/json Response HTTP/1.1 200 OK Content-Type: application/json License Usage Report { "LicenseUsageReport": { "MachineID": "VASPMMXXXXXXXX", "build-number": "4762", "cumulative-report": {…}, "granular-report": {…}, "cluster-granular-report": {…}, "time-stamp": "Mon Jan 13 20:04:40 2020", "version": "9.1" } }
Cumulative Report https://<license-server>/api/v1/license/report/cumulative-report { "cumulative-report": { "add-meeting-user-count": { "Year":[ { "Month": [ { "Date": [ { "Leased": "0", "Maximum": "30", "id": "06" } {…}, {…}, {…}, {…} ] "Leased": "0", "Maximum": "30", "id": "Jan", } {…} ] "id": "2020" } {…} ] } } Granular Report https://<license-server>/api/v1/license/report/granular-report { "license-client": [ { "add-user-count": { "Year": [ { "Month": [ { "Date": [ {…}, {…}, {…}, {…} ] "Leased": "0", "Maximum": "0", "id": "Jan" } ], "id": "2020" } ] }, "name": "PSA_V_10_209_125_101", "software-version": "7.4" }, {…} }
Cluster Granular Report https://<license-server>/api/v1/license/report/cluster-granular-report { "add-user-count": { "Year": [ { "Month": [ { "Date": [ { "Leased": "40", "Maximum": "21", "client-node": "node63lc,node66lc", "id": "24" }, { "Leased": "40", "Maximum": "1", "client-node": "node63lc,node66lc", "id": "25" }, { "Leased": "40", "Maximum": "1", "client-node": "node63lc,node66lc", "id": "26" } ], "Leased": "40", "Maximum": "21", "id": "Feb" } ], "id": "2020" } ] }, "cluster-name": "liccluster" }
The following extensions of the API are supported: 1. /api/v1/license/report – entire license report in JSON 2. /api/v1/license/report/cumulative-report – The cumulative report. • Following trace-down options available here i. /api/v1/license/report/cumulative-report/<license-feature-type> ii. /api/v1/license/report/cumulative-report/<license-feature-type>/<year> iii. /api/v1/license/report/cumulative-report/<license-feature-type>/<year>/<month> iv. /api/v1/license/report/cumulative-report/<license-feature-type>/<year>/<month>/<day> 3. /api/v1/license/report/granular-report – License usage report per license client. • Following trace-down options available here /api/v1/license/report/granular-report/<license-client> ii. /api/v1/license/report/granular-report/<license-client>/<add-user-count> iii. /api/v1/license/report/granular-report/<license-client>/<add-user-count>/<year> iv. /api/v1/license/report/granular-report/<license-client>/<add-user-count>/<year>/<month> v. /api/v1/license/report/granular-report/<license-client>/<add-user-count>/<year>/<month>/<day> Example: API - /api/v1/license/report/granular-report/node63lc/add-user-count/2020/Mar/20 { "Leased": 40, "Maximum": 14, "id": "20" } 4. /api/v1/license/report/cluster-granular-report – License usage report per license client cluster. • Following trace-down options available here i. /api/v1/license/report/cluster-granular-report/<license-client> ii. /api/v1/license/report/cluster-granular-report/<license-client>/<add-user-count> iii. /api/v1/license/report/cluster-granular-report/<license-client>/<add-user-count>/<year> iv. /api/v1/license/report/cluster-granular-report/<license-client>/<add-user-count>/<year>/<month> v. /api/v1/license/report/cluster-granular-report/<license-client>/<add-user-count>/<year>/<month>/<day> • Example: API - /api/v1/license/report/cluster-granular-report/liccluster/add-user-count/2020/Mar/22 { "Leased": 40, "Maximum": 16, "cluster-member": [ "node63lc", "node66lc" ], "id": "22" } |
Enabling/Disabling ICE License
Enabling ICE License Content of ice_enable.json file: more ice_enable.json { "mode": "enabled" } Request curl -k -u <api-key>: https://<pcs-ip>/api/v1/license/ice -X PUT -H "Content-Type: application/json" -d @ice_enable.json Example: curl -k -u TVGJ9xV9XvuA1JDB1nPkjC5BilAQAhUMn2dPHLZgP/o=: https://10.209.125.4/api/v1/license/ice -X PUT -H "Content-Type: application/json" -d @ice_enable.json Response HTTP/1.1 200 OK Content-Type: application/json { "result": { "info": [ { "message": "ICE license is enabled" } ] } } Disabling ICE License Content of ice_disable.json file: more ice_disable.json { "mode" : "disabled" } Request curl -k -u TVGJ9xV9XvuA1JDB1nPkjC5BilAQAhUMn2dPHLZgP/o=: https://10.209.125.4/api/v1/license/ice -X PUT -H "Content-Type: application/json" -d @ice_disable.json Response HTTP/1.1 200 OK Content-Type: application/json { "result": { "info": [ { "message": "ICE license is disabled" } ] } } |
Getting the Current Status of ICE License
Request curl -k -u <api-key>: https://<pcs-ip>/api/v1/license/ice Example: curl -k -u TVGJ9xV9XvuA1JDB1nPkjC5BilAQAhUMn2dPHLZgP/o=: https://10.209.125.4/api/v1/license/ice Response ICE License Enabled HTTP/1.1 200 OK Content-Type: application/json { "mode": "enabled" } ICE License Disabled HTTP/1.1 200 OK Content-Type: application/json { "mode": "disabled" } |
Exporting TOTP Users from One Device to Another Device
Request curl -k -u <api-key>: https://pcs-ip>/api/v1/totp/<TOTP-AUTH-SERVER-NAME>/users NOTE: This API can be executed only on TOTP server configured as Local (and not Remote). Example: curl -k -u X1O3oczUMJbhI8ba3Ov0McD54QCwBgwpSHwOGUVu5Ck=: https://10.209.115.20/api/v1/totp/Google%20TOTP%20Auth%20Server/users Response HTTP/1.1 200 OK Content-Length: 191 Content-Type: application/json { "users": "21ubWxSvAwABAAAAlx9igwcQok9s+MV0zg/b+oer3z7Kj0iXbVzJ+qDMiguTtWZaxnGHGTGQEcHD7BTMGjz1QYbO00zBF+6DGp2y/9pj+8Wf4SXTQbYIeDomT4w2Kl4oc1EZhFruWLWnll+58x2b0kxsURCb+P0It8K+msqFXBhOEDY7l0W4+P+A8UZaz6In/gMq8Qd766i7RN1oZ+hzHUMYJUB72tzIQ+CiA8tTv6aweC6TGy9/a9C6vVbLY0+ZUgGTffWzJxcoZbEbdwiCFoZyex5UWTUFIj0Z4XAPoZ4HTWZsxP5YwXcJpsnbOzCqW/dTB6WpYWYp6R+MUn2yu/hZeu7z1qVhXlr8bK5LifH/u6J76SpErL1eELh1bYF17DWPfo6xspG7rffhs2k9vPVB1oq2kud+42hPo6vZaMfcwaz9lKRrftIgAu2o3JBJfdNHrUTOu2+Y6Qmc0in6MfIBNNrVr9D6hdWmIdrNr7PXHa4uJoP+CAuOp3OamTox2sgmvE7YNjC0SlSPgyFfx0kfzCb2K3Mrcq1UuJUJLhK7L3lne4f1QiWKoZ8q8zluaV+eRSJHBez9Pjo+LzBpYwoXStduOC20FVY4+KCHDasufdAOCD/Lga4mFFE5ItAui18ObOfRtxLvoZUIuGS8w019mbRaNDlVa52sUzuZBClqx+4lueBCQYEUNrDrHVG0AzqUBbAeL+WV8VRJrxVW8sIlArqY8n29pD66BozsGKoxBqXSe/fZxEDu9ZqI4xfzSCCsfqTiv0LAM4p+cZekhcjvRwtuImNjX+qj7A==" } |
Importing TOTP Users from One Device to Another Device
Request curl -k -u <api-key>: https://<pcs-ip>/api/v1/totp/<TOTP-AUTH-SERVER-NAME>/users -H "Content-Type: application/json" -d @totp_users.json -X POST NOTE: This API can be executed only on TOTP server configured as Local (and not Remote). Example: curl -k -u K7Z7xA54AKnv1++kcViamCCiUrEBgMSP+sHKar4EcKY=: https://10.209.125.4/api/v1/totp/TOTP_SERVER/users -H "Content-Type: application/json" -d @totp_users.json -X POST { "users": "21ubWxSvAwABAAAAlx9igwcQok9s+MV0zg/b+oer3z7Kj0iXbVzJ+qDMiguTtWZaxnGHGTGQEcHD7BTMGjz1QYbO00zBF+6DGp2y/9pj+8Wf4SXTQbYIeDomT4w2Kl4oc1EZhFruWLWnll+58x2b0kxsURCb+P0It8K+msqFXBhOEDY7l0W4+P+A8UZaz6In/gMq8Qd766i7RN1oZ+hzHUMYJUB72tzIQ+CiA8tTv6aweC6TGy9/a9C6vVbLY0+ZUgGTffWzJxcoZbEbdwiCFoZyex5UWTUFIj0Z4XAPoZ4HTWZsxP5YwXcJpsnbOzCqW/dTB6WpYWYp6R+MUn2yu/hZeu7z1qVhXlr8bK5LifH/u6J76SpErL1eELh1bYF17DWPfo6xspG7rffhs2k9vPVB1oq2kud+42hPo6vZaMfcwaz9lKRrftIgAu2o3JBJfdNHrUTOu2+Y6Qmc0in6MfIBNNrVr9D6hdWmIdrNr7PXHa4uJoP+CAuOp3OamTox2sgmvE7YNjC0SlSPgyFfx0kfzCb2K3Mrcq1UuJUJLhK7L3lne4f1QiWKoZ8q8zluaV+eRSJHBez9Pjo+LzBpYwoXStduOC20FVY4+KCHDasufdAOCD/Lga4mFFE5ItAui18ObOfRtxLvoZUIuGS8w019mbRaNDlVa52sUzuZBClqx+4lueBCQYEUNrDrHVG0AzqUBbAeL+WV8VRJrxVW8sIlArqY8n29pD66BozsGKoxBqXSe/fZxEDu9ZqI4xfzSCCsfqTiv0LAM4p+cZekhcjvRwtuImNjX+qj7A==" } Response HTTP/1.1 200 OK content-length →47 Content-Type: application/json { "message' => 'Successfully imported user data' } |
Resetting TOTP User
Request curl -k -u <api-key>: https://<pcs-ip>/api/v1/totp/<TOTP-AUTH-SERVER-NAME>/users/<totp-user>?operation=reset -X PUT Example: curl -k -u nNuALLLWajGujVF2yT4qyP4nYxy/nwXxBKp0CHu2AZQ=: https://3.3.125.4/api/v1/totp/TOTP_SERVER/users/qauser1001?operation=reset -X PUT Response Scenario: TOTP user reset HTTP/1.1 200 OK Content-Type: application/json { "result": { "info": [ { "message": "TOTP user 'qauser1001' under Authserver 'TOTP_SERVER' has been reset" } ] } }
Scenario: TOTP user does not exist HTTP/1.1 200 OK Content-Type: application/json { "result": { "errors": [ { "message": "TOTP user 'qauser1001' is not present under Authserver 'TOTP_SERVER'" } ] } } |
Unlocking TOTP User
Request curl -k -u <api-key>: https://<pcs-ip>/api/v1/totp/<TOTP-AUTH-SERVER-NAME>/users/<totp-user>?operation=unlock -X PUT Example: curl -k -u nNuALLLWajGujVF2yT4qyP4nYxy/nwXxBKp0CHu2AZQ=: https://3.3.125.4/api/v1/totp/TOTP_SERVER/users/qauser1001?operation=unlock -X PUT Response Scenario: TOTP user unlocked HTTP/1.1 200 OK Content-Type: application/json { "result": { "info": [ { "message": "TOTP user 'qauser1001' under Authserver 'TOTP_SERVER' has been unlocked" } ] } } Scenario: TOTP user cannot be unlocked HTTP/1.1 200 OK Content-Type: application/json { "result": { "errors": [ { "message": "Error: Only locked users can be unlocked" } ] } } |
VPN ACL creation
REQUEST: PUT /api/v1/configuration/users/resource-policies/network-connect-policies/network-connect-acls Host: xx.xxx.xxx.xxx Authorization: Basic SkUyV1BaVjRjcGxleElRMnNiZXpYajE2dEVIUm9Oa05WWDdRWHh3MmpJZz06 Content-Type: text/html; charset=utf-8 { "network-connect-acl": [ { "action": "allow", "apply": "all", "description": "VPNACL", "name": "VPNACL", "resource": [ "*:*" ], "resources-fqdn": null, "resources-v6": null, "roles": null, "rules": { "rule": [] } } ] } RESPONSE: HTTP/1.1 200 OK Content-Length: 124 Content-Type: application/json { "result": { "info": [ { "message": "Operation succeeded without warning or error!" } ] } } |
REQUEST GET /api/v1/configuration/users/resource-policies/network-connect-policies/network-connect-acls Host: xx.xxx.xxx.xxx Authorization: Basic SkUyV1BaVjRjcGxleElRMnNiZXpYajE2dEVIUm9Oa05WWDdRWHh3MmpJZz06 Content-Type: application/json RESPONSE: HTTP/1.1 200 OK Content-Length: 205 Content-Type: application/json { "network-connect-acl": [ { "href": "/api/v1/configuration/users/resource-policies/network-connect-policies/network-connect-acls/network-connect-acl/VPNACL", "name": "VPNACL" } ] } |
Sample Error Responses
400 BAD REQUEST
Request PUT /api/v1/configuration/users/user-realms/realm/testRealm/role-mapping-rules/rule/rule1 HTTP/1.1 Host: 10.209.112.106 Authorization: Basic Y1VPZE1XZ1ZubVEvVnIrcWwrd3lJY3F0Y05WTGhDVkx1M0wrdk5YR3hzVT06 Content-Type: application/json { "name": "rule1", "roles": [ "Users" ], "stop-rules-processing": "false", "user-name": { "test": "is", "user-names": [ "*", ] } } Response HTTP/1.1 400 BAD REQUEST content-length: 92 content-type: application/json { "message": "The browser (or proxy) sent a request that this server could not understand." } |
Solution: Invalid JSON body content in Request. Please check if JSON is valid.
Request PUT /api/v1/configuration/users/user-roles/user-role/rest-userrole-1 HTTP/1.1 Host: 10.209.113.88 Authorization: Basic MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06 { "name": "rest-userrole-1", "web": { "web-bookmarks": { "bookmark": [ { "auto-allow": "disable", "description": "", "name": "web-bm-1", "new-window": "false", "no-address-bar": "false", "no-tool-bar": "false", "parent": "--none--", "standard": { "url": "http://www.yahoo.com" } } ] }, "web-options": { "browsing-untrusted-sslsites": "true", "flash-content": "false", "hpxproxy-connection-timeout": "1800", "http-connection-timeout": "240", "java-applets": "true", "mask-hostname": "false", "persistent-cookies": "false", "rewrite-file-urls": "false", "rewrite-links-pdf": "false", "unrewritten-page-newwindow": "false", "user-add-bookmarks": "false", "user-enter-url": "false", "users-bypass-warnings": "false", "warn-certificate-issues": "true", "websocket-connection-timeout": "900" } } } Response HTTP/1.1 400 BAD REQUEST Content-Length: 99 Content-Type: application/json { "result": { "errors": [ { "message": "Accepts only JSON." } ] } } |
Include the "Content-Type" header in the request with a value "application/json" as used in the examples above.
403 Forbidden
Request GET /api/v1/auth HTTP/1.1 Host: 10.209.112.106 Authorization: Basic YWRtaW5kYjpkYW5hMTIz Content-Type: application/json Response HTTP/1.1 403 Forbidden cache-control: no-store connection: Keep-Alive content-type: text/html; charset=utf-8 expires:-1 keep-alive: timeout=15 strict-transport-security →max-age=31536000 transfer-encoding: chunked |
Solutions:
1.Make sure admin user used for authentication has "Allow access to REST APIs" option enabled frm admin UI
2.Admin Username and Password passed in Authorization header are correct
3.If api_key is available, use api_key value as username and password as empty in authorization header
404 NOT FOUND
Request GET /api/v1/configuration/users/user-realms/realm/testRealm/role-mapping-rules/rule HTTP/1.1 Host: 10.209.112.106 Authorization: Basic Y1VPZE1XZ1ZubVEvVnIrcWwrd3lJY3F0Y05WTGhDVkx1M0wrdk5YR3hzVT06 Response HTTP/1.1 404 NOT FOUND content-length: 213 content-type: application/json { "result": { "errors": [ { "message": "Invalid resource path; use \"users/user-realms/realm/testRealm/role-mapping-rules/rule/<resource-id>\" to access a specific resource" } ] } } |
Solution: Resource-id should be passed in Resource path as shown in example below.
Request GET /api/v1/configuration/users/user-realms/realm/testRealm/role-mapping-rules/rule/rule1 HTTP/1.1 Host: 10.209.112.106 Authorization: Basic Y1VPZE1XZ1ZubVEvVnIrcWwrd3lJY3F0Y05WTGhDVkx1M0wrdk5YR3hzVT06 Response HTTP/1.1 200 OK content-length: 167 content-type: application/json { "name": "rule1", "roles": [ "Users" ], "stop-rules-processing": "false", "user-name": { "test": "is", "user-names": [ "*" ] } } |
Solution: Invalid JSON body content in Request. Please check if JSON is valid.
422 UNPROCESSABLE ENTITY
Request POST /api/v1/configuration/users/user-realms/realm/testRealm/role-mapping-rules/rule/ HTTP/1.1 Host: 10.209.112.106 Authorization: Basic Y1VPZE1XZ1ZubVEvVnIrcWwrd3lJY3F0Y05WTGhDVkx1M0wrdk5YR3hzVT06 Content-Type: application/json { "name": "rule2", "roles": [ "Users", "testRole1" ], "stop-rules-processing": "false", "user-name": { "test": "is", "user-names": [ "user1" ] } } Response HTTP/1.1 422 UNPROCESSABLE ENTITY content-length: 368 content-type: application/json { "result": { "errors": [ { "message": "[/users/user-realms/realm[name=testRealm]/role-mapping-rules/rule[name=rule2]/roles] Invalid reference: no 'User Roles' object found with identifier 'testRole1'." }, { "message": "Failed to resolve path references" }, { "message": "Commit failed" } ] } } |
Solution: Make sure to have all the referenced resources are created first using POST call and then repeat.
Limitations
1.Configuration of large data objects is not qualified- ESAP, Ivanti Secure Access Client package, Custom Sign-in page, applets, and so on.
2.Resource names similar to resource tags e.g. vlans, roles, etc. should be avoided while creating new resources.