consumes: - application/json produces: - application/json schemes: - https swagger: "2.0" info: description: OpenZiti Edge Management API title: Ziti Edge Management contact: name: OpenZiti url: https://openziti.discourse.group email: help@openziti.org license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html version: 0.25.31 host: demo.ziti.dev basePath: /edge/management/v1 paths: /: get: security: [] tags: - Informational summary: Returns version information operationId: listRoot responses: "200": description: Version information for the controller schema: $ref: '#/definitions/listVersionEnvelope' /.well-known/est/cacerts: get: security: [] description: | This endpoint is used during enrollments to bootstrap trust between enrolling clients and the Ziti Edge API. This endpoint returns a base64 encoded PKCS7 store. The content can be base64 decoded and parsed by any library that supports parsing PKCS7 stores. produces: - application/pkcs7-mime tags: - Well Known summary: Get CA Cert Store operationId: listWellKnownCas responses: "200": description: A base64 encoded PKCS7 store schema: type: string example: | MIIMUQYJKoZIhvcNAQcCoIIMQjCCDD4CAQExADALBgkqhkiG9w0BBwGgggwkMIIG BjCCA+6gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZcxCzAJBgNVBAYTAlVTMRcw FQYDVQQIDA5Ob3J0aCBDYXJvbGluYTESMBAGA1UEBwwJQ2hhcmxvdHRlMRMwEQYD VQQKDApOZXRGb3VuZHJ5MSkwJwYDVQQLDCBOZXRGb3VuZHJ5IENlcnRpZmljYXRl IEF1dGhvcml0eTEbMBkGA1UEAwwSTmV0Rm91bmRyeSBSb290IENBMB4XDTE4MDUx ODE2NTcyM1oXDTI4MDUxNTE2NTcyM1owgYsxCzAJBgNVBAYTAlVTMRcwFQYDVQQI DA5Ob3J0aCBDYXJvbGluYTETMBEGA1UECgwKTmV0Rm91bmRyeTEpMCcGA1UECwwg TmV0Rm91bmRyeSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxIzAhBgNVBAMMGk5ldEZv dW5kcnkgSW50ZXJtZWRpYXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC CgKCAgEAsb1EPhMUweS9WpjT7L54xAOmZqugJ6fhSrFfLUwNUy172q+ASvZTpT1z KIPcZpGmPB3TX2bHaAR67BbRkUR11JgWE3U8+FsGrYmPZtaKM6fg8Mh0WZ41oMYQ NJyQixOktrgqfybyJoT5PeT5AA7QQmd8mku2X9nkAu6gWPf2nHNc7SeQdijmyQQa VK3oqyaxOzWzsU/XbfMEz/ObkefUxgt5Z6jlK0xcW0Q+QgtawMKLUiuo6obWRPcl 7Hm9Sze8XJS5pbvS5JkUszxoRZuDVHZylrlHIpA/IL+BnvS+M7SP28UWe9skrv/s 6ACpJtuPJ1EYf5fakugOpY7i+hq7YNi//csbc49Qjn2OtttrR7JcTaHUEU1I/tQb QGAtNkI4pJjRVUdDawQFQlWHZD1COixNLErs2HzAI00DhLrY6SKITI/kjN0Xx010 XdMcdfay0PLWm6RwxiRmMQFL4GNIC895NF1q6xV4W4rWgqUNlcvKpy+i1chWpRbU He16ul0qh10fcESrRvAbXn5YrQJLrwbSr+85ubN8lYdNLE0qg2cIXZlUilarZZzW ghtCe+KkUpjfRuAi/CqfSwNK3QXEfeVEK6S49mHeSekOizFIw7fmDhCz9vXwMOnb ryRSLEJks0gIRcSDVChXheAqC98y4kcQdniNWFnqJXoqA+rrSokCAwEAAaNmMGQw HQYDVR0OBBYEFK8UXC/sq6dGVFAqEXHsQDzqzwuUMB8GA1UdIwQYMBaAFEHz6RRu OuXj2mwAzOeUinfWeivpMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQD AgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBDAAaOE2Nbb49eOjyTNxIeOB+ZKQjJ1hUE gRrootAA8NYbtKW/vyxTWnNi5XOGXd4DFS9OKZ0mL/7NyLc0mbTwPH2ZT8KTPUTS Cpo6yktZ/7TMjyAtWZiOMg2EH+6m/nlNSXk/v5fb8+JQLdZfpxoA017dHh3tc8l7 KOskCZNwQHgF/YMXrPXUNbsGkXRuJLtpjPw5O9GvPys7p+a1aJH1WCTly9zfB6j+ rMF+UGCPDT30sxitVlohik83j6pKLgEAP/gi8nJbILlTP7ce+gJeHR2tfDvmK91X 6QgCF2STUFBU7/9H1/pPRRykOxQpAd8xqSgqGEyp9Ie4tysZjwoUEnG8IVJ5ykrI Fximvnb4B+LABV9WEo08n8m1R8wEryrISi8fBPn3Pr5nuayOfFLa15CLTkZF40FN 8ika1qNZy8bWRDwTZJQUUb7VCheRWcMwdZdNmhl3J+VZLpQ+ruW7b2ajwacHz5Nw BHKNcmxXb/4vHq/BnlcayHnSqT6036+OZQ+owDegcYmWV6LaM7xLErjHz2EE38M2 YSiW5SU1zluDe+iHb6l3Gd3Fj/X1gkMWFgYh0XPMSUSyimLNYzy4THKzmWlcQNFo LLiIDbLrMt+vk+vBkIsNTTPXRJOFPBhmIF6uIUj+2YhzNotX/pQtqMKms3pPlmHq dH6biwygETCCBhYwggP+oAMCAQICCQDquKpymLJ5WzANBgkqhkiG9w0BAQsFADCB lzELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRIwEAYDVQQH DAlDaGFybG90dGUxEzARBgNVBAoMCk5ldEZvdW5kcnkxKTAnBgNVBAsMIE5ldEZv dW5kcnkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRswGQYDVQQDDBJOZXRGb3VuZHJ5 IFJvb3QgQ0EwHhcNMTgwNTE4MTY1NDQ3WhcNMzgwNTEzMTY1NDQ3WjCBlzELMAkG A1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRIwEAYDVQQHDAlDaGFy bG90dGUxEzARBgNVBAoMCk5ldEZvdW5kcnkxKTAnBgNVBAsMIE5ldEZvdW5kcnkg Q2VydGlmaWNhdGUgQXV0aG9yaXR5MRswGQYDVQQDDBJOZXRGb3VuZHJ5IFJvb3Qg Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKq/Xa+749Cr3WJGYD DIEtNKIRnTFc6TeiRSm/O7hG2+1Nrh/dObjZJuDjsopWP8NFA/DwlNyEphYKAeSw HDmu+4nFd6ifoeDE2lYq6bNhLcgN+A3MlN5Phb2rnO32YYZwHXGWov+jtd2gaK0f WsH8CQxn6n2v7qvPMTeYFP8p4jqTZw2bvZWw+LMYTFCy541DFqQLQasMg10mXRAV XO7Oa9y+D1re1zLq4wS6u8ItJoKzfmvZkMvD90C/tQ4u0iJaL7GB2SE9MOPDeGVv pnoSAIkSVmvRDUAj2x9PuukykzoL1OAWzc5Cg+5LxRmLejVE7PvPcHaTtNag2tRD w2vbMeFKN8NvQH1QYcaPWZe4Vl9b6DAuTaH5RN919H/F+ZHyjZybVPwC14lflneI KyNy8JEV/YMIbEADWnuiedzDehk2Opn+0+9Zr2X/xfjCo8iWHFbNaVnQX7wdRaOo 783lEouncqe46FDBLBpyAuDKHQpIT3MK8rkC/1yBNxsH44vMweUZuK0u7PC9KHtm pQfuflYGfxA34kY6WU3jzyQHetoLYjoxTqNEEjuGpwy2o1j7RaCBEFIbYlnlbhpE WFTaQf96z2GQ6m1U3y7JyDflHSu9Fo1JNkG3qXsjDwda/6W7NRJRgdFrhnOwrm7F 6L9X4P1HnzU/VJL66LwPmiHVjQIDAQABo2MwYTAdBgNVHQ4EFgQUQfPpFG465ePa bADM55SKd9Z6K+kwHwYDVR0jBBgwFoAUQfPpFG465ePabADM55SKd9Z6K+kwDwYD VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIB ACfU74aKWROaxnue8tZb5PFkEbnDRcRrKXRhnptA0vrgB4ydnYxX9hEBZD8o6PBy 3rewvl5meSOBE6zyb4JD80lHdzHSVFIwbzsNOeEjCslv/PA/3Y+J7DCt6gPNMDeY uEssdqeSiMoYz2gnven4flSMKgTAJd3/SpVrn35HzXiU9MkmFVpPEMnTctOjw+Jn cCkG5+D9N14dxtgZ/tUfbH+GUfhyGVxRdPrX5KQqAyapMfEaMXXa8KNs7PG+sDiS WI+Sg9jUGtxgkfKdVNtFW+QMXyy7eT3iXPA+1r2hFAhgfIaGtBJUhxPHMhKtjbAg AX+6+2D3GAbaD1+lcQHhKry3hygQ3OX79FJW6zyPS0tiV/LfovHqX/3x9q5PTVBO wEOS2/LCc4R2M7S+HIPf4eSJ+nH4uCIdJ42WCror/mRsuL7geCksi70GHuCynP4y qQFszu/UtbBEsN8loTnLpOInxaGB1Y8UPm14b2Lo1/3HkoMVh0/UaHJ0TmnZ1r7m fGhfRyAZYRdvT1sB+Eb4b5A2zEZqsTc9IwFOhnI4ZilPoZ5s2xejqrVw3GSvovEh dprrQmvxuh+VQ23y/+/4z9b2xWyDu2zVveB4whqPe2rkgxJrEl4GfLk2DW+dN6j8 3Zl4lPoUZYwzkC6raCaHyFlAoaTbqz0H6rvVJYxJPS6UoQAxAA== /api-sessions: get: security: - ztSession: [] - oauth2: - openid description: | Returns a list of active API sessions. The resources can be sorted, filtered, and paginated. This endpoint requires admin access. produces: - application/json; charset=utf-8 tags: - API Session summary: List active API sessions operationId: listAPISessions parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of active API Sessions schema: $ref: '#/definitions/listApiSessionsEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /api-sessions/{id}: get: security: - ztSession: [] description: Retrieves a single API Session by id. Requires admin access. tags: - API Session summary: Retrieves a single API Session operationId: detailAPISessions responses: "200": description: Retrieves a singular API Session by id schema: $ref: '#/definitions/detailApiSessionEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] description: Deletes and API sesion by id. Requires admin access. tags: - API Session summary: Deletes an API Sessions operationId: deleteAPISessions responses: "200": description: The delete request was successful and the resource has been removed schema: $ref: '#/definitions/empty' "403": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /auth-policies: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a list of Auth Policies tags: - Auth Policy summary: List Auth Policies operationId: listAuthPolicies parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of Auth Policies schema: $ref: '#/definitions/listAuthPoliciesEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 post: security: - ztSession: [] description: Creates an Auth Policy. Requires admin access. tags: - Auth Policy summary: Creates an Auth Policy operationId: createAuthPolicy parameters: - description: An Auth Policy to create name: authPolicy in: body required: true schema: $ref: '#/definitions/authPolicyCreate' responses: "201": description: The create request was successful and the resource has been added at the following location schema: $ref: '#/definitions/createEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /auth-policies/{id}: get: security: - ztSession: [] description: Retrieves a single Auth Policy by id. Requires admin access. tags: - Auth Policy summary: Retrieves a single Auth Policy operationId: detailAuthPolicy responses: "200": description: A singular Auth Policy resource schema: $ref: '#/definitions/detailAuthPolicyEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 put: security: - ztSession: [] description: Update all fields on an Auth Policy by id. Requires admin access. tags: - Auth Policy summary: Update all fields on an Auth Policy operationId: updateAuthPolicy parameters: - description: An Auth Policy update object name: authPolicy in: body required: true schema: $ref: '#/definitions/authPolicyUpdate' responses: "200": description: The update request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] description: | Delete an Auth Policy by id. Requires admin access. tags: - Auth Policy summary: Delete an Auth Policy operationId: deleteAuthPolicy responses: "200": description: The delete request was successful and the resource has been removed schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 patch: security: - ztSession: [] description: Update only the supplied fields on an Auth Policy by id. Requires admin access. tags: - Auth Policy summary: Update the supplied fields on an Auth Policy operationId: patchAuthPolicy parameters: - description: An Auth Policy patch object name: authPolicy in: body required: true schema: $ref: '#/definitions/authPolicyPatch' responses: "200": description: The patch request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /authenticate: post: security: [] description: | Allowed authentication methods include "password", "cert", and "ext-jwt" tags: - Authentication summary: Authenticate via a method supplied via a query string parameter operationId: authenticate parameters: - name: auth in: body schema: $ref: '#/definitions/authenticate' responses: "200": description: The API session associated with the session used to issue the request schema: $ref: '#/definitions/currentApiSessionDetailEnvelope' examples: default: data: _links: self: href: ./current-api-session configTypes: [] createdAt: "2020-03-09T19:03:49.1883693Z" expiresAt: "2020-03-09T19:34:21.5600897Z" id: 27343114-b44f-406e-9981-f3c4f2f28d54 identity: _links: self: href: ./identities/66352d7b-a6b2-4ce9-85bb-9f18e318704d id: 66352d7b-a6b2-4ce9-85bb-9f18e318704d name: Default Admin urlName: identities tags: - userField1: 123 - userField2: asdf token: 28bb0ed2-0577-4632-ae70-d17106b92871 updatedAt: "2020-03-09T19:04:21.5600897Z" meta: {} "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The authentication request could not be processed as the credentials are invalid schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: INVALID_AUTH message: The authentication request failed requestId: 5952ed10-3091-474f-a691-47ebab6990dc meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - enum: - password - cert - ext-jwt type: string name: method in: query required: true /authenticate/mfa: post: security: - ztSession: [] - oauth2: - openid description: Completes MFA authentication by submitting a MFA time based one time token or backup code. tags: - Authentication - MFA summary: Complete MFA authentication operationId: authenticateMfa parameters: - description: An MFA validation request name: mfaAuth in: body required: true schema: $ref: '#/definitions/mfaCode' responses: "200": description: Base empty response schema: $ref: '#/definitions/empty' "401": description: Base empty response schema: $ref: '#/definitions/empty' /authenticators: get: security: - ztSession: [] - oauth2: - openid description: | Returns a list of authenticators associated to identities. The resources can be sorted, filtered, and paginated. This endpoint requires admin access. tags: - Authenticator summary: List authenticators operationId: listAuthenticators parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of authenticators schema: $ref: '#/definitions/listAuthenticatorsEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 post: security: - ztSession: [] description: | Creates an authenticator for a specific identity. Requires admin access. tags: - Authenticator summary: Creates an authenticator operationId: createAuthenticator parameters: - description: A Authenticator create object name: authenticator in: body required: true schema: $ref: '#/definitions/authenticatorCreate' responses: "201": description: The create was successful schema: $ref: '#/definitions/authenticatorCreate' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /authenticators/{id}: get: security: - ztSession: [] description: Retrieves a single authenticator by id. Requires admin access. tags: - Authenticator summary: Retrieves a single authenticator operationId: detailAuthenticator responses: "200": description: A singular authenticator resource schema: $ref: '#/definitions/detailAuthenticatorEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 put: security: - ztSession: [] description: Update all fields on an authenticator by id. Requires admin access. tags: - Authenticator summary: Update all fields on an authenticator operationId: updateAuthenticator parameters: - description: An authenticator put object name: authenticator in: body required: true schema: $ref: '#/definitions/authenticatorUpdate' responses: "200": description: The update request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] description: | Delete an authenticator by id. Deleting all authenticators for an identity will make it impossible to log in. Requires admin access. tags: - Authenticator summary: Delete an Authenticator operationId: deleteAuthenticator responses: "200": description: The delete request was successful and the resource has been removed schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 patch: security: - ztSession: [] description: Update the supplied fields on an authenticator by id. Requires admin access. tags: - Authenticator summary: Update the supplied fields on an authenticator operationId: patchAuthenticator parameters: - description: An authenticator patch object name: authenticator in: body required: true schema: $ref: '#/definitions/authenticatorPatch' responses: "200": description: The patch request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /authenticators/{id}/re-enroll: post: security: - ztSession: [] description: "Allows an authenticator to be reverted to an enrollment and allows re-enrollment to occur. On success the \ncreated enrollment record response is provided and the source authenticator record will be deleted. The \nenrollment created depends on the authenticator. UPDB authenticators result in UPDB enrollments, CERT\nauthenticators result in OTT enrollments, CERT + CA authenticators result in OTTCA enrollments.\n" tags: - Authenticator summary: Reverts an authenticator to an enrollment operationId: reEnrollAuthenticator parameters: - description: A reEnrollment request name: reEnroll in: body required: true schema: $ref: '#/definitions/reEnroll' responses: "201": description: The create request was successful and the resource has been added at the following location schema: $ref: '#/definitions/createEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /cas: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a list of CA resources; supports filtering, sorting, and pagination. Requires admin access. tags: - Certificate Authority summary: List CAs operationId: listCas parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of Certificate Authorities (CAs) schema: $ref: '#/definitions/listCasEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 post: security: - ztSession: [] description: Creates a CA in an unverified state. Requires admin access. tags: - Certificate Authority summary: Creates a CA operationId: createCa parameters: - description: A CA to create name: ca in: body required: true schema: $ref: '#/definitions/caCreate' responses: "201": description: The create request was successful and the resource has been added at the following location schema: $ref: '#/definitions/createEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /cas/{id}: get: security: - ztSession: [] description: Retrieves a single CA by id. Requires admin access. tags: - Certificate Authority summary: Retrieves a single CA operationId: detailCa responses: "200": description: A singular Certificate Authority (CA) resource schema: $ref: '#/definitions/detailCaEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 put: security: - ztSession: [] description: Update all fields on a CA by id. Requires admin access. tags: - Certificate Authority summary: Update all fields on a CA operationId: updateCa parameters: - description: A CA update object name: ca in: body required: true schema: $ref: '#/definitions/caUpdate' responses: "200": description: The update request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] description: | Delete a CA by id. Deleting a CA will delete its associated certificate authenticators. This can make it impossible for identities to authenticate if they no longer have any valid authenticators. Requires admin access. tags: - Certificate Authority summary: Delete a CA operationId: deleteCa responses: "200": description: The delete request was successful and the resource has been removed schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 patch: security: - ztSession: [] description: Update only the supplied fields on a CA by id. Requires admin access. tags: - Certificate Authority summary: Update the supplied fields on a CA operationId: patchCa parameters: - description: A CA patch object name: ca in: body required: true schema: $ref: '#/definitions/caPatch' responses: "200": description: The patch request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /cas/{id}/jwt: get: security: - ztSession: [] description: | For CA auto enrollment, the enrollment JWT is static and provided on each CA resource. This endpoint provides the jwt as a text response. produces: - application/jwt tags: - Certificate Authority summary: Retrieve the enrollment JWT for a CA operationId: getCaJwt responses: "200": description: The result is the JWT text to validate the CA schema: type: string examples: application/jwt: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbSI6ImNhIiwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6MTI 4MC8ifQ.Ot6lhNBSOw8ygHytdI5l7WDf9EWadOj44UPvJ0c-8mJ54fClWM3uMZrAHSSfV6KmOSZOeBBJe4VlNyoD-_MOECP0BzYSnSQP3E zJb0VlM-fFmGcKNGW157icyZNISfO43JL_Lw2QPBzTgikqSIj9eZnocC3BeAmZCHsVznnLfHWqDldcmuxnu-5MNOSrWV1x9iVcgLFlLHXK 2PLA4qIiZmlQTrQjpHJmUaoJ07mnj8hMKzxB3wBG8kpazjEo7HDRCO06aBH4eqFgf_l0iT8Dzcb31jquWMGUoSXPhf4lVJh_FiNcR1wVx- UiHLbG5h23Aqf1UJF-F38rc1FElKz0Zg "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /cas/{id}/verify: post: security: - ztSession: [] description: | Allows a CA to become verified by submitting a certificate in PEM format that has been signed by the target CA. The common name on the certificate must match the verificationToken property of the CA. Unverfieid CAs can not be used for enrollment/authentication. Requires admin access. consumes: - text/plain tags: - Certificate Authority summary: Verify a CA operationId: verifyCa parameters: - description: A PEM formatted certificate signed by the target CA with the common name matching the CA's validationToken name: certificate in: body required: true schema: type: string responses: "200": description: Base empty response schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /config-types: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of config-type resources; supports filtering, sorting, and pagination. Requires admin access. tags: - Config summary: List config-types operationId: listConfigTypes parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of config-types schema: $ref: '#/definitions/listConfigTypesEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 post: security: - ztSession: [] tags: - Config summary: Create a config-type. Requires admin access. operationId: createConfigType parameters: - description: A config-type to create name: configType in: body required: true schema: $ref: '#/definitions/configTypeCreate' responses: "201": description: The create request was successful and the resource has been added at the following location schema: $ref: '#/definitions/createEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /config-types/{id}: get: security: - ztSession: [] description: Retrieves a single config-type by id. Requires admin access. tags: - Config summary: Retrieves a single config-type operationId: detailConfigType responses: "200": description: A singular config-type resource schema: $ref: '#/definitions/detailConfigTypeEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 put: security: - ztSession: [] description: Update all fields on a config-type by id. Requires admin access. tags: - Config summary: Update all fields on a config-type operationId: updateConfigType parameters: - description: A config-type update object name: configType in: body required: true schema: $ref: '#/definitions/configTypeUpdate' responses: "200": description: The update request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] description: Delete a config-type by id. Removing a configuration type that are in use will result in a 409 conflict HTTP status code and error. All configurations of a type must be removed first. tags: - Config summary: Delete a config-type operationId: deleteConfigType responses: "200": description: The delete request was successful and the resource has been removed schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "409": description: The resource requested to be removed/altered cannot be as it is referenced by another object. schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 causeMessage: referenced by /some-resource/05f4f710-c155-4a74-86d5-77558eb9cb42 code: CONFLICT_CANNOT_MODIFY_REFERENCED message: The resource cannot be deleted/modified. Remove all referencing resources first. requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 patch: security: - ztSession: [] description: Update the supplied fields on a config-type. Requires admin access. tags: - Config summary: Update the supplied fields on a config-type operationId: patchConfigType parameters: - description: A config-type patch object name: configType in: body required: true schema: $ref: '#/definitions/configTypePatch' responses: "200": description: The patch request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /config-types/{id}/configs: get: security: - ztSession: [] description: Lists the configs associated to a config-type. Requires admin access. tags: - Config summary: Lists the configs of a specific config-type operationId: listConfigsForConfigType responses: "200": description: A list of configs schema: $ref: '#/definitions/listConfigsEnvelope' parameters: - type: string description: The id of the requested resource name: id in: path required: true /configs: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of config resources; supports filtering, sorting, and pagination. Requires admin access. tags: - Config summary: List configs operationId: listConfigs parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of configs schema: $ref: '#/definitions/listConfigsEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 post: security: - ztSession: [] - oauth2: - openid description: Create a config resource. Requires admin access. tags: - Config summary: Create a config resource operationId: createConfig parameters: - description: A config to create name: config in: body required: true schema: $ref: '#/definitions/configCreate' responses: "201": description: The create request was successful and the resource has been added at the following location schema: $ref: '#/definitions/createEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /configs/{id}: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a single config by id. Requires admin access. tags: - Config summary: Retrieves a single config operationId: detailConfig responses: "200": description: A singular config resource schema: $ref: '#/definitions/detailConfigEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 put: security: - ztSession: [] - oauth2: - openid description: Update all fields on a config by id. Requires admin access. tags: - Config summary: Update all fields on a config operationId: updateConfig parameters: - description: A config update object name: config in: body required: true schema: $ref: '#/definitions/configUpdate' responses: "200": description: The update request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] - oauth2: - openid description: Delete a config by id. Requires admin access. tags: - Config summary: Delete a config operationId: deleteConfig responses: "200": description: The delete request was successful and the resource has been removed schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "409": description: The resource requested to be removed/altered cannot be as it is referenced by another object. schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 causeMessage: referenced by /some-resource/05f4f710-c155-4a74-86d5-77558eb9cb42 code: CONFLICT_CANNOT_MODIFY_REFERENCED message: The resource cannot be deleted/modified. Remove all referencing resources first. requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 patch: security: - ztSession: [] - oauth2: - openid description: Update the supplied fields on a config. Requires admin access. tags: - Config summary: Update the supplied fields on a config operationId: patchConfig parameters: - description: A config patch object name: config in: body required: true schema: $ref: '#/definitions/configPatch' responses: "200": description: The patch request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /current-api-session: get: security: - ztSession: [] - oauth2: - openid description: Retrieves the API session that was used to issue the current request tags: - Current API Session summary: Return the current API session operationId: getCurrentAPISession responses: "200": description: The API session associated with the session used to issue the request schema: $ref: '#/definitions/currentApiSessionDetailEnvelope' examples: default: data: _links: self: href: ./current-api-session configTypes: [] createdAt: "2020-03-09T19:03:49.1883693Z" expiresAt: "2020-03-09T19:34:21.5600897Z" id: 27343114-b44f-406e-9981-f3c4f2f28d54 identity: _links: self: href: ./identities/66352d7b-a6b2-4ce9-85bb-9f18e318704d id: 66352d7b-a6b2-4ce9-85bb-9f18e318704d name: Default Admin urlName: identities tags: - userField1: 123 - userField2: asdf token: 28bb0ed2-0577-4632-ae70-d17106b92871 updatedAt: "2020-03-09T19:04:21.5600897Z" meta: {} "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] - oauth2: - openid description: Terminates the current API session tags: - Current API Session summary: Logout responses: "200": description: Base empty response schema: $ref: '#/definitions/empty' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /current-identity: get: security: - ztSession: [] - oauth2: - openid description: Returns the identity associated with the API sessions used to issue the current request tags: - Current Identity summary: Return the current identity operationId: getCurrentIdentity responses: "200": description: The identity associated with the API Session used to issue the request schema: $ref: '#/definitions/currentIdentityDetailEnvelope' examples: default: data: _links: edge-router-policies: href: ./identities/66352d7b-a6b2-4ce9-85bb-9f18e318704d/edge-routers self: href: ./identities/66352d7b-a6b2-4ce9-85bb-9f18e318704d service-policies: href: ./identities/66352d7b-a6b2-4ce9-85bb-9f18e318704d/identities authenticators: updb: username: admin createdAt: "2020-01-13T16:38:13.6854788Z" enrollment: {} id: 66352d7b-a6b2-4ce9-85bb-9f18e318704d isAdmin: true isDefaultAdmin: true name: Default Admin roleAttributes: [] tags: {} type: _links: self: href: ./identity-types/User id: User name: User urlName: identity-types updatedAt: "2020-01-13T16:38:13.6854788Z" meta: {} "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /current-identity/authenticators: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a list of authenticators assigned to the current API session's identity; supports filtering, sorting, and pagination. tags: - Current API Session summary: List authenticators for the current identity operationId: listCurrentIdentityAuthenticators parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of authenticators schema: $ref: '#/definitions/listAuthenticatorsEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /current-identity/authenticators/{id}: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a single authenticator by id. Will only show authenticators assigned to the API session's identity. tags: - Current API Session summary: Retrieve an authenticator for the current identity operationId: detailCurrentIdentityAuthenticator responses: "200": description: A singular authenticator resource schema: $ref: '#/definitions/detailAuthenticatorEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 put: security: - ztSession: [] - oauth2: - openid description: | Update all fields on an authenticator by id. Will only update authenticators assigned to the API session's identity. tags: - Current API Session summary: Update all fields on an authenticator of this identity operationId: updateCurrentIdentityAuthenticator parameters: - description: An authenticator put object name: authenticator in: body required: true schema: $ref: '#/definitions/authenticatorUpdateWithCurrent' responses: "200": description: The update request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 patch: security: - ztSession: [] - oauth2: - openid description: | Update the supplied fields on an authenticator by id. Will only update authenticators assigned to the API session's identity. tags: - Current API Session summary: Update the supplied fields on an authenticator of this identity operationId: patchCurrentIdentityAuthenticator parameters: - description: An authenticator patch object name: authenticator in: body required: true schema: $ref: '#/definitions/authenticatorPatchWithCurrent' responses: "200": description: The patch request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /current-identity/authenticators/{id}/extend: post: security: - ztSession: [] - oauth2: - openid description: |- This endpoint only functions for certificates issued by the controller. 3rd party certificates are not handled. Allows an identity to extend its certificate's expiration date by using its current and valid client certificate to submit a CSR. This CSR may be passed in using a new private key, thus allowing private key rotation. The response from this endpoint is a new client certificate which the client must be verified via the /authenticators/{id}/extend-verify endpoint. After verification is completion any new connections must be made with new certificate. Prior to verification the old client certificate remains active. tags: - Current API Session - Enroll - Extend Enrollment summary: Allows the current identity to recieve a new certificate associated with a certificate based authenticator operationId: extendCurrentIdentityAuthenticator parameters: - name: extend in: body required: true schema: $ref: '#/definitions/identityExtendEnrollmentRequest' responses: "200": description: A response containg the identity's new certificate schema: $ref: '#/definitions/identityExtendEnrollmentEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /current-identity/authenticators/{id}/extend-verify: post: security: - ztSession: [] - oauth2: - openid description: |- After submitting a CSR for a new client certificate the resulting public certificate must be re-submitted to this endpoint to verify receipt. After receipt, the new client certificate must be used for new authentication requests. tags: - Current API Session - Enroll - Extend Enrollment summary: Allows the current identity to validate reciept of a new client certificate operationId: extendVerifyCurrentIdentityAuthenticator parameters: - name: extend in: body required: true schema: $ref: '#/definitions/identityExtendValidateEnrollmentRequest' responses: "200": description: Base empty response schema: $ref: '#/definitions/empty' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /current-identity/mfa: get: security: - ztSession: [] - oauth2: - openid description: | Returns details about the current MFA enrollment. If enrollment has not been completed it will return the current MFA configuration details necessary to complete a `POST /current-identity/mfa/verify`. tags: - Current Identity - MFA summary: Returns the current status of MFA enrollment operationId: detailMfa responses: "200": description: The details of an MFA enrollment schema: $ref: '#/definitions/detailMfaEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 post: security: - ztSession: [] - oauth2: - openid description: | Allows authenticator based MFA enrollment. If enrollment has already been completed, it must be disabled before attempting to re-enroll. Subsequent enrollment request is completed via `POST /current-identity/mfa/verify` tags: - Current Identity - MFA summary: Initiate MFA enrollment operationId: enrollMfa responses: "201": description: The create request was successful and the resource has been added at the following location schema: $ref: '#/definitions/createEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "409": description: The identity is already enrolled in MFA schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: null cause: null causeMessage: "" code: ALREADY_MFA_ENROLLED message: The identity is already enrolled in MFA requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] - oauth2: - openid description: | Disable MFA for the current identity. Requires a current valid time based one time password if MFA enrollment has been completed. If not, code should be an empty string. If one time passwords are not available and admin account can be used to remove MFA from the identity via `DELETE /identities//mfa`. tags: - Current Identity - MFA summary: Disable MFA for the current identity operationId: deleteMfa parameters: - type: string name: mfa-validation-code in: header responses: "200": description: Base empty response schema: $ref: '#/definitions/empty' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /current-identity/mfa/qr-code: get: security: - ztSession: [] - oauth2: - openid description: | Shows an QR code image for unverified MFA enrollments. 404s if the MFA enrollment has been completed or not started. produces: - image/png - application/json tags: - Current Identity - MFA summary: Show a QR code for unverified MFA enrollments operationId: detailMfaQrCode responses: "200": description: OK "404": description: No MFA enrollment or MFA enrollment is completed /current-identity/mfa/recovery-codes: get: security: - ztSession: [] - oauth2: - openid description: | Allows the viewing of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment. tags: - Current Identity - MFA summary: For a completed MFA enrollment view the current recovery codes operationId: detailMfaRecoveryCodes parameters: - description: An MFA validation request name: mfaValidation in: body schema: $ref: '#/definitions/mfaCode' - type: string name: mfa-validation-code in: header responses: "200": description: Base empty response schema: $ref: '#/definitions/empty' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 post: security: - ztSession: [] - oauth2: - openid description: | Allows regeneration of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment. This replaces all existing recovery codes. tags: - Current Identity - MFA summary: For a completed MFA enrollment regenerate the recovery codes operationId: createMfaRecoveryCodes parameters: - description: An MFA validation request name: mfaValidation in: body required: true schema: $ref: '#/definitions/mfaCode' responses: "200": description: The recovery codes of an MFA enrollment schema: $ref: '#/definitions/detailMfaRecoveryCodesEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /current-identity/mfa/verify: post: security: - ztSession: [] - oauth2: - openid description: | Completes MFA enrollment by accepting a time based one time password as verification. Called after MFA enrollment has been initiated via `POST /current-identity/mfa`. tags: - Current Identity - MFA summary: Complete MFA enrollment by verifying a time based one time token operationId: verifyMfa parameters: - description: An MFA validation request name: mfaValidation in: body required: true schema: $ref: '#/definitions/mfaCode' responses: "200": description: Base empty response schema: $ref: '#/definitions/empty' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /database/check-data-integrity: post: security: - ztSession: [] - oauth2: - openid description: Starts a data integrity scan on the datastore. Requires admin access. Only once instance may run at a time, including runs of fixDataIntegrity. tags: - Database summary: Starts a data integrity scan on the datastore operationId: checkDataIntegrity responses: "202": description: Base empty response schema: $ref: '#/definitions/empty' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /database/data-integrity-results: get: security: - ztSession: [] description: Returns any results found from in-progress integrity checks. Requires admin access. tags: - Database summary: Returns any results found from in-progress integrity checks operationId: dataIntegrityResults responses: "200": description: A list of data integrity issues found schema: $ref: '#/definitions/dataIntegrityCheckResultEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /database/fix-data-integrity: post: security: - ztSession: [] description: Runs a data integrity scan on the datastore, attempts to fix any issues it can, and returns any found issues. Requires admin access. Only once instance may run at a time, including runs of checkDataIntegrity. tags: - Database summary: Runs a data integrity scan on the datastore, attempts to fix any issues it can and returns any found issues operationId: fixDataIntegrity responses: "202": description: Base empty response schema: $ref: '#/definitions/empty' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /database/snapshot: post: security: - ztSession: [] - oauth2: - openid description: Create a new database snapshot. Requires admin access. tags: - Database summary: Create a new database snapshot operationId: createDatabaseSnapshot responses: "200": description: Base empty response schema: $ref: '#/definitions/empty' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /edge-router-policies: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of edge router policy resources; supports filtering, sorting, and pagination. Requires admin access. tags: - Edge Router Policy summary: List edge router policies operationId: listEdgeRouterPolicies parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of edge router policies schema: $ref: '#/definitions/listEdgeRouterPoliciesEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 post: security: - ztSession: [] - oauth2: - openid description: Create an edge router policy resource. Requires admin access. tags: - Edge Router Policy summary: Create an edge router policy resource operationId: createEdgeRouterPolicy parameters: - description: An edge router policy to create name: policy in: body required: true schema: $ref: '#/definitions/edgeRouterPolicyCreate' responses: "201": description: The create request was successful and the resource has been added at the following location schema: $ref: '#/definitions/createEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /edge-router-policies/{id}: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a single edge router policy by id. Requires admin access. tags: - Edge Router Policy summary: Retrieves a single edge router policy operationId: detailEdgeRouterPolicy responses: "200": description: A single edge router policy schema: $ref: '#/definitions/detailEdgeRouterPolicyEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 put: security: - ztSession: [] - oauth2: - openid description: Update all fields on an edge router policy by id. Requires admin access. tags: - Edge Router Policy summary: Update all fields on an edge router policy operationId: updateEdgeRouterPolicy parameters: - description: An edge router policy update object name: policy in: body required: true schema: $ref: '#/definitions/edgeRouterPolicyUpdate' responses: "200": description: The update request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] - oauth2: - openid description: Delete an edge router policy by id. Requires admin access. tags: - Edge Router Policy summary: Delete an edge router policy operationId: deleteEdgeRouterPolicy responses: "200": description: The delete request was successful and the resource has been removed schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "409": description: The resource requested to be removed/altered cannot be as it is referenced by another object. schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 causeMessage: referenced by /some-resource/05f4f710-c155-4a74-86d5-77558eb9cb42 code: CONFLICT_CANNOT_MODIFY_REFERENCED message: The resource cannot be deleted/modified. Remove all referencing resources first. requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 patch: security: - ztSession: [] - oauth2: - openid description: Update the supplied fields on an edge router policy. Requires admin access. tags: - Edge Router Policy summary: Update the supplied fields on an edge router policy operationId: patchEdgeRouterPolicy parameters: - description: An edge router policy patch object name: policy in: body required: true schema: $ref: '#/definitions/edgeRouterPolicyPatch' responses: "200": description: The patch request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /edge-router-policies/{id}/edge-routers: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of edge routers an edge router policy resources affects; supports filtering, sorting, and pagination. Requires admin access. tags: - Edge Router Policy summary: List edge routers a policy affects operationId: listEdgeRouterPolicyEdgeRouters responses: "200": description: A list of edge routers schema: $ref: '#/definitions/listEdgeRoutersEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /edge-router-policies/{id}/identities: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of identities an edge router policy resources affects; supports filtering, sorting, and pagination. Requires admin access. tags: - Edge Router Policy summary: List identities an edge router policy affects operationId: listEdgeRouterPolicyIdentities responses: "200": description: A list of identities schema: $ref: '#/definitions/listIdentitiesEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /edge-router-role-attributes: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of role attributes in use by edge routers; supports filtering, sorting, and pagination. Requires admin access. tags: - Role Attributes summary: List role attributes in use by edge routers operationId: listEdgeRouterRoleAttributes parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of role attributes schema: $ref: '#/definitions/listRoleAttributesEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /edge-routers: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of edge router resources; supports filtering, sorting, and pagination. Requires admin access. tags: - Edge Router summary: List edge routers operationId: listEdgeRouters parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query - type: array items: type: string collectionFormat: multi name: roleFilter in: query - type: string name: roleSemantic in: query responses: "200": description: A list of edge routers schema: $ref: '#/definitions/listEdgeRoutersEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 post: security: - ztSession: [] description: Create a edge router resource. Requires admin access. tags: - Edge Router summary: Create an edge router operationId: createEdgeRouter parameters: - description: A edge router to create name: edgeRouter in: body required: true schema: $ref: '#/definitions/edgeRouterCreate' responses: "201": description: The create request was successful and the resource has been added at the following location schema: $ref: '#/definitions/createEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /edge-routers/{id}: get: security: - ztSession: [] description: Retrieves a single edge router by id. Requires admin access. tags: - Edge Router summary: Retrieves a single edge router operationId: detailEdgeRouter responses: "200": description: A singular edge router resource schema: $ref: '#/definitions/detailedEdgeRouterEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 put: security: - ztSession: [] description: Update all fields on an edge router by id. Requires admin access. tags: - Edge Router summary: Update all fields on an edge router operationId: updateEdgeRouter parameters: - description: An edge router update object name: edgeRouter in: body required: true schema: $ref: '#/definitions/edgeRouterUpdate' responses: "200": description: The update request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] description: Delete an edge router by id. Requires admin access. tags: - Edge Router summary: Delete an edge router operationId: deleteEdgeRouter responses: "200": description: The delete request was successful and the resource has been removed schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "409": description: The resource requested to be removed/altered cannot be as it is referenced by another object. schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 causeMessage: referenced by /some-resource/05f4f710-c155-4a74-86d5-77558eb9cb42 code: CONFLICT_CANNOT_MODIFY_REFERENCED message: The resource cannot be deleted/modified. Remove all referencing resources first. requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 patch: security: - ztSession: [] description: Update the supplied fields on an edge router. Requires admin access. tags: - Edge Router summary: Update the supplied fields on an edge router operationId: patchEdgeRouter parameters: - description: An edge router patch object name: edgeRouter in: body required: true schema: $ref: '#/definitions/edgeRouterPatch' responses: "200": description: The patch request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /edge-routers/{id}/edge-router-policies: get: security: - ztSession: [] description: Retrieves a list of edge router policies that apply to the specified edge router. tags: - Edge Router summary: List the edge router policies that affect an edge router operationId: listEdgeRouterEdgeRouterPolicies responses: "200": description: A list of edge router policies schema: $ref: '#/definitions/listEdgeRouterPoliciesEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /edge-routers/{id}/identities: get: security: - ztSession: [] description: | Retrieves a list of identities that may access services via the given edge router. Supports filtering, sorting, and pagination. Requires admin access. tags: - Edge Router summary: List associated identities operationId: listEdgeRouterIdentities responses: "200": description: A list of identities schema: $ref: '#/definitions/listIdentitiesEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /edge-routers/{id}/re-enroll: post: security: - ztSession: [] description: | Removes current certificate based authentication mechanisms and reverts the edge router into a state where enrollment must be performed. The router retains all other properties and associations. If the router is currently connected, it will be disconnected and any attemps to reconnect will fail until the enrollment process is completed with the newly generated JWT. If the edge router has an existing outstanding enrollment JWT it will be replaced. The previous JWT will no longer be usable to complete the enrollment process. tags: - Edge Router summary: Re-enroll an edge router operationId: reEnrollEdgeRouter responses: "200": description: Base empty response schema: $ref: '#/definitions/empty' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /edge-routers/{id}/service-edge-router-policies: get: security: - ztSession: [] description: Retrieves a list of service policies policies that apply to the specified edge router. tags: - Edge Router summary: List the service policies that affect an edge router operationId: listEdgeRouterServiceEdgeRouterPolicies responses: "200": description: A list of service policies schema: $ref: '#/definitions/listServicePoliciesEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /edge-routers/{id}/services: get: security: - ztSession: [] description: | Retrieves a list of services that may be accessed via the given edge router. Supports filtering, sorting, and pagination. Requires admin access. tags: - Edge Router summary: List associated services operationId: listEdgeRouterServices responses: "200": description: A list of services schema: $ref: '#/definitions/listServicesEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /enrollments: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of outstanding enrollments; supports filtering, sorting, and pagination. Requires admin access. tags: - Enrollment summary: List outstanding enrollments operationId: listEnrollments parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of enrollments schema: $ref: '#/definitions/listEnrollmentsEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 post: security: - ztSession: [] - oauth2: - openid description: Creates a new OTT, OTTCA, or UPDB enrollment for a specific identity. If an enrollment of the same type is already outstanding the request will fail with a 409 conflict. If desired, an existing enrollment can be refreshed by `enrollments/:id/refresh` or deleted. tags: - Enrollment summary: Create an outstanding enrollment for an identity operationId: createEnrollment parameters: - description: An enrollment to create name: enrollment in: body required: true schema: $ref: '#/definitions/enrollmentCreate' responses: "201": description: The create request was successful and the resource has been added at the following location schema: $ref: '#/definitions/createEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "409": description: The request could not be completed due to a conflict of configuration or state schema: $ref: '#/definitions/apiErrorEnvelope' /enrollments/{id}: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a single outstanding enrollment by id. Requires admin access. tags: - Enrollment summary: Retrieves an outstanding enrollment operationId: detailEnrollment responses: "200": description: A singular enrollment resource schema: $ref: '#/definitions/detailEnrollmentEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] - oauth2: - openid description: Delete an outstanding enrollment by id. Requires admin access. tags: - Enrollment summary: Delete an outstanding enrollment operationId: deleteEnrollment responses: "200": description: The delete request was successful and the resource has been removed schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /enrollments/{id}/refresh: post: security: - ztSession: [] - oauth2: - openid description: For expired or unexpired enrollments, reset the expiration window. A new JWT will be generated and must be used for the enrollment. tags: - Enrollment summary: Refreshes an enrollment record's expiration window operationId: refreshEnrollment parameters: - description: An enrollment refresh request name: refresh in: body required: true schema: $ref: '#/definitions/enrollmentRefresh' responses: "200": description: The create request was successful and the resource has been added at the following location schema: $ref: '#/definitions/createEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /external-jwt-signers: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a list of external JWT signers for authentication tags: - External JWT Signer summary: List External JWT Signers operationId: listExternalJwtSigners parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of External JWT Signers schema: $ref: '#/definitions/listExternalJwtSignersEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 post: security: - ztSession: [] - oauth2: - openid description: Creates an External JWT Signer. Requires admin access. tags: - External JWT Signer summary: Creates an External JWT Signer operationId: createExternalJwtSigner parameters: - description: An External JWT Signer to create name: externalJwtSigner in: body required: true schema: $ref: '#/definitions/externalJwtSignerCreate' responses: "201": description: The create request was successful and the resource has been added at the following location schema: $ref: '#/definitions/createEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /external-jwt-signers/{id}: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a single External JWT Signer by id. Requires admin access. tags: - External JWT Signer summary: Retrieves a single External JWT Signer operationId: detailExternalJwtSigner responses: "200": description: A singular External JWT Signer resource schema: $ref: '#/definitions/detailExternalJwtSignerEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 put: security: - ztSession: [] - oauth2: - openid description: Update all fields on an External JWT Signer by id. Requires admin access. tags: - External JWT Signer summary: Update all fields on an External JWT Signer operationId: updateExternalJwtSigner parameters: - description: An External JWT Signer update object name: externalJwtSigner in: body required: true schema: $ref: '#/definitions/externalJwtSignerUpdate' responses: "200": description: The update request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] - oauth2: - openid description: | Delete an External JWT Signer by id. Requires admin access. tags: - External JWT Signer summary: Delete an External JWT Signer operationId: deleteExternalJwtSigner responses: "200": description: The delete request was successful and the resource has been removed schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 patch: security: - ztSession: [] - oauth2: - openid description: Update only the supplied fields on an External JWT Signer by id. Requires admin access. tags: - External JWT Signer summary: Update the supplied fields on an External JWT Signer operationId: patchExternalJwtSigner parameters: - description: An External JWT Signer patch object name: externalJwtSigner in: body required: true schema: $ref: '#/definitions/externalJwtSignerPatch' responses: "200": description: The patch request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /identities: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of identity resources; supports filtering, sorting, and pagination. Requires admin access. tags: - Identity summary: List identities operationId: listIdentities parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query - type: array items: type: string collectionFormat: multi name: roleFilter in: query - type: string name: roleSemantic in: query responses: "200": description: A list of identities schema: $ref: '#/definitions/listIdentitiesEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 post: security: - ztSession: [] - oauth2: - openid description: Create an identity resource. Requires admin access. tags: - Identity summary: Create an identity resource operationId: createIdentity parameters: - description: An identity to create name: identity in: body required: true schema: $ref: '#/definitions/identityCreate' responses: "201": description: The create request was successful and the resource has been added at the following location schema: $ref: '#/definitions/createEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /identities/{id}: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a single identity by id. Requires admin access. tags: - Identity summary: Retrieves a single identity operationId: detailIdentity responses: "200": description: A single identity schema: $ref: '#/definitions/detailIdentityEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 put: security: - ztSession: [] - oauth2: - openid description: Update all fields on an identity by id. Requires admin access. tags: - Identity summary: Update all fields on an identity operationId: updateIdentity parameters: - description: An identity update object name: identity in: body required: true schema: $ref: '#/definitions/identityUpdate' responses: "200": description: The update request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] - oauth2: - openid description: Delete an identity by id. Requires admin access. tags: - Identity summary: Delete an identity operationId: deleteIdentity responses: "200": description: The delete request was successful and the resource has been removed schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "409": description: The resource requested to be removed/altered cannot be as it is referenced by another object. schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 causeMessage: referenced by /some-resource/05f4f710-c155-4a74-86d5-77558eb9cb42 code: CONFLICT_CANNOT_MODIFY_REFERENCED message: The resource cannot be deleted/modified. Remove all referencing resources first. requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 patch: security: - ztSession: [] - oauth2: - openid description: Update the supplied fields on an identity. Requires admin access. tags: - Identity summary: Update the supplied fields on an identity operationId: patchIdentity parameters: - description: An identity patch object name: identity in: body required: true schema: $ref: '#/definitions/identityPatch' responses: "200": description: The patch request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /identities/{id}/authenticators: get: security: - ztSession: [] description: | Returns a list of authenticators associated to the identity specified tags: - Identity summary: Retrieve the current authenticators of a specific identity operationId: getIdentityAuthenticators responses: "200": description: A list of authenticators schema: $ref: '#/definitions/listAuthenticatorsEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /identities/{id}/disable: post: security: - ztSession: [] description: | Allows an admin disable an identity for a set amount of time or indefinitely. tags: - Identity summary: Set an identity as disabled operationId: disableIdentity parameters: - description: Disable parameters name: disable in: body required: true schema: $ref: '#/definitions/disableParams' responses: "200": description: Base empty response schema: $ref: '#/definitions/empty' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /identities/{id}/edge-router-policies: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a list of edge router policies that apply to the specified identity. tags: - Identity summary: List the edge router policies that affect an identity operationId: listIdentitysEdgeRouterPolicies responses: "200": description: A list of edge router policies schema: $ref: '#/definitions/listEdgeRouterPoliciesEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /identities/{id}/edge-routers: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of edge-routers that the given identity may use to access services. Supports filtering, sorting, and pagination. Requires admin access. tags: - Identity summary: List accessible edge-routers operationId: listIdentityEdgeRouters responses: "200": description: A list of edge routers schema: $ref: '#/definitions/listEdgeRoutersEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /identities/{id}/enable: post: security: - ztSession: [] description: | Allows an admin to remove disabled statuses from an identity. tags: - Identity summary: Clears all disabled state from an identity operationId: enableIdentity responses: "200": description: Base empty response schema: $ref: '#/definitions/empty' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /identities/{id}/enrollments: get: security: - ztSession: [] description: | Returns a list of enrollments associated to the identity specified tags: - Identity summary: Retrieve the current enrollments of a specific identity operationId: getIdentityEnrollments responses: "200": description: A list of enrollments schema: $ref: '#/definitions/listEnrollmentsEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /identities/{id}/failed-service-requests: get: security: - ztSession: [] description: | Returns a list of service session requests that failed due to posture checks. The entries will contain every policy that was verified against and every failed check in each policy. Each check will include the historical posture data and posture check configuration. tags: - Identity summary: Retrieve a list of the most recent service failure requests due to posture checks operationId: getIdentityFailedServiceRequests responses: "200": description: Returns a list of service request failures schema: $ref: '#/definitions/failedServiceRequestEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /identities/{id}/mfa: delete: security: - ztSession: [] description: | Allows an admin to remove MFA enrollment from a specific identity. Requires admin. tags: - Identity - MFA summary: Remove MFA from an identitity operationId: removeIdentityMfa responses: "200": description: Base empty response schema: $ref: '#/definitions/empty' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /identities/{id}/policy-advice/{serviceId}: get: security: - ztSession: [] - oauth2: - openid description: | Analyzes policies to see if the given identity should be able to dial or bind the given service. | Will check services policies to see if the identity can access the service. Will check edge router policies | to check if the identity and service have access to common edge routers so that a connnection can be made. | Will also check if at least one edge router is on-line. Requires admin access. tags: - Identity summary: Analyze policies relating the given identity and service operationId: getIdentityPolicyAdvice responses: "200": description: Returns the document that represents the policy advice schema: $ref: '#/definitions/getIdentityPolicyAdviceEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true - type: string description: The id of a service name: serviceId in: path required: true /identities/{id}/posture-data: get: security: - ztSession: [] - oauth2: - openid description: | Returns a nested map data represeting the posture data of the identity. This data should be considered volatile. tags: - Identity summary: Retrieve the curent posture data for a specific identity. operationId: getIdentityPostureData responses: "200": description: Returns the document that represents posture data schema: $ref: '#/definitions/postureDataEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /identities/{id}/service-configs: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a list of service configs associated to a specific identity tags: - Identity summary: List the service configs associated a specific identity operationId: listIdentitysServiceConfigs responses: "200": description: A list of service configs schema: $ref: '#/definitions/listServiceConfigsEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 post: security: - ztSession: [] - oauth2: - openid description: Associate service configs to a specific identity tags: - Identity summary: Associate service configs for a specific identity operationId: associateIdentitysServiceConfigs parameters: - description: A service config patch object name: serviceConfigs in: body required: true schema: $ref: '#/definitions/serviceConfigsAssignList' responses: "200": description: Base empty response schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] - oauth2: - openid description: Remove service configs from a specific identity tags: - Identity summary: Remove associated service configs from a specific identity operationId: disassociateIdentitysServiceConfigs parameters: - description: An array of service and config id pairs to remove name: serviceConfigIdPairs in: body schema: $ref: '#/definitions/serviceConfigsAssignList' responses: "200": description: Base empty response schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /identities/{id}/service-policies: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a list of service policies that apply to the specified identity. tags: - Identity summary: List the service policies that affect an identity operationId: listIdentityServicePolicies responses: "200": description: A list of service policies schema: $ref: '#/definitions/listServicePoliciesEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /identities/{id}/services: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of services that the given identity has access to. Supports filtering, sorting, and pagination. Requires admin access. tags: - Identity summary: List accessible services operationId: listIdentityServices responses: "200": description: A list of edge routers schema: $ref: '#/definitions/listEdgeRoutersEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /identities/{id}/trace: put: security: - ztSession: [] description: | Allows an admin to enable/disable data flow tracing for an identity tags: - Identity - Tracing summary: Enable/disable data flow tracing for an identity operationId: updateIdentityTracing parameters: - description: A traceSpec object name: traceSpec in: body required: true schema: $ref: '#/definitions/traceSpec' responses: "200": description: Returns the document that represents the trace state schema: $ref: '#/definitions/traceDetailEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /identity-role-attributes: get: security: - ztSession: [] description: | Retrieves a list of role attributes in use by identities; supports filtering, sorting, and pagination. Requires admin access. tags: - Role Attributes summary: List role attributes in use by identities operationId: listIdentityRoleAttributes parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of role attributes schema: $ref: '#/definitions/listRoleAttributesEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /identity-types: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of identity types; supports filtering, sorting, and pagination. Requires admin access. tags: - Identity summary: List available identity types operationId: listIdentityTypes parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of identity types schema: $ref: '#/definitions/listIdentityTypesEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /identity-types/{id}: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a single identity type by id. Requires admin access. tags: - Identity summary: Retrieves a identity type operationId: detailIdentityType responses: "200": description: A single identity type schema: $ref: '#/definitions/detailIdentityTypeEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /posture-check-types: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of posture check types produces: - application/json; charset=utf-8 tags: - Posture Checks summary: List a subset of posture check types operationId: listPostureCheckTypes parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of posture check types schema: $ref: '#/definitions/listPostureCheckTypesEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /posture-check-types/{id}: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a single posture check type by id tags: - Posture Checks summary: Retrieves a single posture check type operationId: detailPostureCheckType responses: "200": description: Retrieves a singular posture check type by id schema: $ref: '#/definitions/detailPostureCheckTypeEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /posture-checks: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of posture checks produces: - application/json; charset=utf-8 tags: - Posture Checks summary: List a subset of posture checks operationId: listPostureChecks parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query - type: array items: type: string collectionFormat: multi name: roleFilter in: query - type: string name: roleSemantic in: query responses: "200": description: A list of posture checks schema: $ref: '#/definitions/listPostureCheckEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 post: security: - ztSession: [] - oauth2: - openid description: Creates a Posture Checks tags: - Posture Checks summary: Creates a Posture Checks operationId: createPostureCheck parameters: - description: A Posture Check to create name: postureCheck in: body required: true schema: $ref: '#/definitions/postureCheckCreate' responses: "201": description: The create request was successful and the resource has been added at the following location schema: $ref: '#/definitions/createEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /posture-checks/{id}: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a single Posture Checks by id tags: - Posture Checks summary: Retrieves a single Posture Checks operationId: detailPostureCheck responses: "200": description: Retrieves a singular posture check by id schema: $ref: '#/definitions/detailPostureCheckEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 put: security: - ztSession: [] - oauth2: - openid description: Update all fields on a Posture Checks by id tags: - Posture Checks summary: Update all fields on a Posture Checks operationId: updatePostureCheck parameters: - description: A Posture Check update object name: postureCheck in: body required: true schema: $ref: '#/definitions/postureCheckUpdate' responses: "200": description: The update request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] - oauth2: - openid description: Deletes and Posture Checks by id tags: - Posture Checks summary: Deletes an Posture Checks operationId: deletePostureCheck responses: "200": description: The delete request was successful and the resource has been removed schema: $ref: '#/definitions/empty' "403": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 patch: security: - ztSession: [] - oauth2: - openid description: Update only the supplied fields on a Posture Checks by id tags: - Posture Checks summary: Update the supplied fields on a Posture Checks operationId: patchPostureCheck parameters: - description: A Posture Check patch object name: postureCheck in: body required: true schema: $ref: '#/definitions/postureCheckPatch' responses: "200": description: The patch request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /routers: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of router resources; supports filtering, sorting, and pagination. Requires admin access. tags: - Router summary: List routers operationId: listRouters parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of specifications schema: $ref: '#/definitions/listRoutersEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 post: security: - ztSession: [] - oauth2: - openid description: Create a router resource. Requires admin access. tags: - Router summary: Create a router resource operationId: createRouter parameters: - description: A router to create name: router in: body required: true schema: $ref: '#/definitions/routerCreate' responses: "201": description: The create request was successful and the resource has been added at the following location schema: $ref: '#/definitions/createEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /routers/{id}: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a single router by id. Requires admin access. tags: - Router summary: Retrieves a single router operationId: detailRouter responses: "200": description: A single router schema: $ref: '#/definitions/detailRouterEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 put: security: - ztSession: [] - oauth2: - openid description: Update all fields on a router by id. Requires admin access. tags: - Router summary: Update all fields on a router operationId: updateRouter parameters: - description: A router update object name: router in: body required: true schema: $ref: '#/definitions/routerUpdate' responses: "200": description: The update request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] - oauth2: - openid description: Delete a router by id. Requires admin access. tags: - Router summary: Delete a router operationId: deleteRouter responses: "200": description: The delete request was successful and the resource has been removed schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "409": description: The resource requested to be removed/altered cannot be as it is referenced by another object. schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 causeMessage: referenced by /some-resource/05f4f710-c155-4a74-86d5-77558eb9cb42 code: CONFLICT_CANNOT_MODIFY_REFERENCED message: The resource cannot be deleted/modified. Remove all referencing resources first. requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 patch: security: - ztSession: [] - oauth2: - openid description: Update the supplied fields on a router. Requires admin access. tags: - Router summary: Update the supplied fields on a router operationId: patchRouter parameters: - description: A router patch object name: router in: body required: true schema: $ref: '#/definitions/routerPatch' responses: "200": description: The patch request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /service-edge-router-policies: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of service edge router policy resources; supports filtering, sorting, and pagination. Requires admin access. tags: - Service Edge Router Policy summary: List service edge router policies operationId: listServiceEdgeRouterPolicies parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of service edge router policies schema: $ref: '#/definitions/listServiceEdgeRouterPoliciesEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 post: security: - ztSession: [] - oauth2: - openid description: Create a service edge router policy resource. Requires admin access. tags: - Service Edge Router Policy summary: Create a service edge router policy resource operationId: createServiceEdgeRouterPolicy parameters: - description: A service edge router policy to create name: policy in: body required: true schema: $ref: '#/definitions/serviceEdgeRouterPolicyCreate' responses: "201": description: The create request was successful and the resource has been added at the following location schema: $ref: '#/definitions/createEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /service-edge-router-policies/{id}: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a single service edge policy by id. Requires admin access. tags: - Service Edge Router Policy summary: Retrieves a single service edge policy operationId: detailServiceEdgeRouterPolicy responses: "200": description: A single service edge router policy schema: $ref: '#/definitions/detailServiceEdgePolicyEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 put: security: - ztSession: [] - oauth2: - openid description: Update all fields on a service edge policy by id. Requires admin access. tags: - Service Edge Router Policy summary: Update all fields on a service edge policy operationId: updateServiceEdgeRouterPolicy parameters: - description: A service edge router policy update object name: policy in: body required: true schema: $ref: '#/definitions/serviceEdgeRouterPolicyUpdate' responses: "200": description: The update request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] - oauth2: - openid description: Delete a service edge policy by id. Requires admin access. tags: - Service Edge Router Policy summary: Delete a service edge policy operationId: deleteServiceEdgeRouterPolicy responses: "200": description: The delete request was successful and the resource has been removed schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "409": description: The resource requested to be removed/altered cannot be as it is referenced by another object. schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 causeMessage: referenced by /some-resource/05f4f710-c155-4a74-86d5-77558eb9cb42 code: CONFLICT_CANNOT_MODIFY_REFERENCED message: The resource cannot be deleted/modified. Remove all referencing resources first. requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 patch: security: - ztSession: [] - oauth2: - openid description: Update the supplied fields on a service edge policy. Requires admin access. tags: - Service Edge Router Policy summary: Update the supplied fields on a service edge policy operationId: patchServiceEdgeRouterPolicy parameters: - description: A service edge router policy patch object name: policy in: body required: true schema: $ref: '#/definitions/serviceEdgeRouterPolicyPatch' responses: "200": description: The patch request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /service-edge-router-policies/{id}/edge-routers: get: security: - ztSession: [] - oauth2: - openid description: List the edge routers that a service edge router policy applies to tags: - Service Edge Router Policy summary: List the edge routers that a service edge router policy applies to operationId: listServiceEdgeRouterPolicyEdgeRouters responses: "200": description: A list of edge routers schema: $ref: '#/definitions/listEdgeRoutersEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /service-edge-router-policies/{id}/services: get: security: - ztSession: [] - oauth2: - openid description: List the services that a service edge router policy applies to tags: - Service Edge Router Policy summary: List the services that a service edge router policy applies to operationId: listServiceEdgeRouterPolicyServices responses: "200": description: A list of services schema: $ref: '#/definitions/listServicesEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /service-policies: get: security: - ztSession: [] description: | Retrieves a list of service policy resources; supports filtering, sorting, and pagination. Requires admin access. tags: - Service Policy summary: List service policies operationId: listServicePolicies parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of service policies schema: $ref: '#/definitions/listServicePoliciesEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 post: security: - ztSession: [] description: Create a service policy resource. Requires admin access. tags: - Service Policy summary: Create a service policy resource operationId: createServicePolicy parameters: - description: A service policy to create name: policy in: body required: true schema: $ref: '#/definitions/servicePolicyCreate' responses: "201": description: The create request was successful and the resource has been added at the following location schema: $ref: '#/definitions/createEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /service-policies/{id}: get: security: - ztSession: [] description: Retrieves a single service policy by id. Requires admin access. tags: - Service Policy summary: Retrieves a single service policy operationId: detailServicePolicy responses: "200": description: A single service policy schema: $ref: '#/definitions/detailServicePolicyEnvelop' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 put: security: - ztSession: [] description: Update all fields on a service policy by id. Requires admin access. tags: - Service Policy summary: Update all fields on a service policy operationId: updateServicePolicy parameters: - description: A service policy update object name: policy in: body required: true schema: $ref: '#/definitions/servicePolicyUpdate' responses: "200": description: The update request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] description: Delete a service policy by id. Requires admin access. tags: - Service Policy summary: Delete a service policy operationId: deleteServicePolicy responses: "200": description: The delete request was successful and the resource has been removed schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "409": description: The resource requested to be removed/altered cannot be as it is referenced by another object. schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 causeMessage: referenced by /some-resource/05f4f710-c155-4a74-86d5-77558eb9cb42 code: CONFLICT_CANNOT_MODIFY_REFERENCED message: The resource cannot be deleted/modified. Remove all referencing resources first. requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 patch: security: - ztSession: [] description: Update the supplied fields on a service policy. Requires admin access. tags: - Service Policy summary: Update the supplied fields on a service policy operationId: patchServicePolicy parameters: - description: A service policy patch object name: policy in: body required: true schema: $ref: '#/definitions/servicePolicyPatch' responses: "200": description: The patch request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /service-policies/{id}/identities: get: security: - ztSession: [] description: | Retrieves a list of identity resources that are affected by a service policy; supports filtering, sorting, and pagination. Requires admin access. tags: - Service Policy summary: List identities a service policy affects operationId: listServicePolicyIdentities parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of identities schema: $ref: '#/definitions/listIdentitiesEnvelope' "400": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /service-policies/{id}/posture-checks: get: security: - ztSession: [] description: | Retrieves a list of posture check resources that are affected by a service policy; supports filtering, sorting, and pagination. Requires admin access. tags: - Service Policy summary: List posture check a service policy includes operationId: listServicePolicyPostureChecks parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of posture checks schema: $ref: '#/definitions/listPostureCheckEnvelope' "400": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /service-policies/{id}/services: get: security: - ztSession: [] description: | Retrieves a list of service resources that are affected by a service policy; supports filtering, sorting, and pagination. Requires admin access. tags: - Service Policy summary: List services a service policy affects operationId: listServicePolicyServices parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of services schema: $ref: '#/definitions/listServicesEnvelope' "400": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /service-role-attributes: get: security: - ztSession: [] description: | Retrieves a list of role attributes in use by services; supports filtering, sorting, and pagination. Requires admin access. tags: - Role Attributes summary: List role attributes in use by services operationId: listServiceRoleAttributes parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of role attributes schema: $ref: '#/definitions/listRoleAttributesEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /services: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of config resources; supports filtering, sorting, and pagination. Requires admin access. tags: - Service summary: List services operationId: listServices parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query - type: array items: type: string collectionFormat: multi name: roleFilter in: query - type: string name: roleSemantic in: query responses: "200": description: A list of services schema: $ref: '#/definitions/listServicesEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 post: security: - ztSession: [] - oauth2: - openid description: Create a services resource. Requires admin access. tags: - Service summary: Create a services resource operationId: createService parameters: - description: A service to create name: service in: body required: true schema: $ref: '#/definitions/serviceCreate' responses: "201": description: The create request was successful and the resource has been added at the following location schema: $ref: '#/definitions/createEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /services/{id}: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a single service by id. Requires admin access. tags: - Service summary: Retrieves a single service operationId: detailService responses: "200": description: A single service schema: $ref: '#/definitions/detailServiceEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 put: security: - ztSession: [] - oauth2: - openid description: Update all fields on a service by id. Requires admin access. tags: - Service summary: Update all fields on a service operationId: updateService parameters: - description: A service update object name: service in: body required: true schema: $ref: '#/definitions/serviceUpdate' responses: "200": description: The update request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] - oauth2: - openid description: Delete a service by id. Requires admin access. tags: - Service summary: Delete a service operationId: deleteService responses: "200": description: The delete request was successful and the resource has been removed schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "409": description: The resource requested to be removed/altered cannot be as it is referenced by another object. schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 causeMessage: referenced by /some-resource/05f4f710-c155-4a74-86d5-77558eb9cb42 code: CONFLICT_CANNOT_MODIFY_REFERENCED message: The resource cannot be deleted/modified. Remove all referencing resources first. requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 patch: security: - ztSession: [] - oauth2: - openid description: Update the supplied fields on a service. Requires admin access. tags: - Service summary: Update the supplied fields on a service operationId: patchService parameters: - description: A service patch object name: service in: body required: true schema: $ref: '#/definitions/servicePatch' responses: "200": description: The patch request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /services/{id}/configs: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of config resources associated to a specific service; supports filtering, sorting, and pagination. Requires admin access. tags: - Service summary: List configs associated to a specific service operationId: listServiceConfig parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of configs schema: $ref: '#/definitions/listConfigsEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /services/{id}/edge-routers: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of edge-routers that may be used to access the given service. Supports filtering, sorting, and pagination. Requires admin access. tags: - Service summary: List accessible edge-routers operationId: listServiceEdgeRouters parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of edge routers schema: $ref: '#/definitions/listEdgeRoutersEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /services/{id}/identities: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of identities that have access to this service. Supports filtering, sorting, and pagination. Requires admin access. tags: - Service summary: List identities with access operationId: listServiceIdentities parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of identities schema: $ref: '#/definitions/listIdentitiesEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /services/{id}/service-edge-router-policies: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of service edge router policy resources that affect a specific service; supports filtering, sorting, and pagination. Requires admin access. tags: - Service summary: List service edge router policies that affect a specific service operationId: listServiceServiceEdgeRouterPolicies parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of service edge router policies schema: $ref: '#/definitions/listServiceEdgeRouterPoliciesEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /services/{id}/service-policies: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of service policy resources that affect specific service; supports filtering, sorting, and pagination. Requires admin access. tags: - Service summary: List service policies that affect a specific service operationId: listServiceServicePolicies parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of service policies schema: $ref: '#/definitions/listServicePoliciesEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /services/{id}/terminators: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of terminator resources that are assigned specific service; supports filtering, sorting, and pagination. tags: - Service summary: List of terminators assigned to a service operationId: listServiceTerminators parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of terminators schema: $ref: '#/definitions/listTerminatorsEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /sessions: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of active sessions resources; supports filtering, sorting, and pagination. Requires admin access. Sessions are tied to an API session and are moved when an API session times out or logs out. Active sessions (i.e. Ziti SDK connected to an edge router) will keep the session and API session marked as active. tags: - Session summary: List sessions operationId: listSessions parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of sessions schema: $ref: '#/definitions/listSessionsManagementEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /sessions/{id}: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a single session by id. Requires admin access. tags: - Session summary: Retrieves a single session operationId: detailSession responses: "200": description: A single session schema: $ref: '#/definitions/detailSessionManagementEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] - oauth2: - openid description: Delete a session by id. Requires admin access. tags: - Session summary: Delete a session operationId: deleteSession responses: "200": description: The delete request was successful and the resource has been removed schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "409": description: The resource requested to be removed/altered cannot be as it is referenced by another object. schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 causeMessage: referenced by /some-resource/05f4f710-c155-4a74-86d5-77558eb9cb42 code: CONFLICT_CANNOT_MODIFY_REFERENCED message: The resource cannot be deleted/modified. Remove all referencing resources first. requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /sessions/{id}/route-path: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a single session's route path by id. Requires admin access. tags: - Session summary: Retrieves a single session's router path operationId: detailSessionRoutePath responses: "200": description: A single session's route path schema: $ref: '#/definitions/detailSessionRoutePathEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /specs: get: security: [] description: Returns a list of spec files embedded within the controller for consumption/documentation/code geneartion tags: - Informational summary: Returns a list of API specs operationId: listSpecs responses: "200": description: A list of specifications schema: $ref: '#/definitions/listSpecsEnvelope' /specs/{id}: get: security: [] description: Returns single spec resource embedded within the controller for consumption/documentation/code geneartion tags: - Informational summary: Return a single spec resource operationId: detailSpec responses: "200": description: A single specification schema: $ref: '#/definitions/detailSpecEnvelope' parameters: - type: string description: The id of the requested resource name: id in: path required: true /specs/{id}/spec: get: security: [] description: Return the body of the specification (i.e. Swagger, OpenAPI 2.0, 3.0, etc). produces: - text/yaml - application/json tags: - Informational summary: Returns the spec's file operationId: detailSpecBody responses: "200": description: Returns the document that represents the specification schema: $ref: '#/definitions/detailSpecBodyEnvelope' parameters: - type: string description: The id of the requested resource name: id in: path required: true /summary: get: security: - ztSession: [] description: This endpoint is usefull for UIs that wish to display UI elements with counts. tags: - Informational summary: Returns a list of accessible resource counts operationId: listSummary responses: "200": description: Entity counts scopped to the current identitie's access schema: $ref: '#/definitions/listSummaryCountsEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /terminators: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of terminator resources; supports filtering, sorting, and pagination. Requires admin access. tags: - Terminator summary: List terminators operationId: listTerminators parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of terminators schema: $ref: '#/definitions/listTerminatorsEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 post: security: - ztSession: [] - oauth2: - openid description: Create a terminator resource. Requires admin access. tags: - Terminator summary: Create a terminator resource operationId: createTerminator parameters: - description: A terminator to create name: terminator in: body required: true schema: $ref: '#/definitions/terminatorCreate' responses: "201": description: The create request was successful and the resource has been added at the following location schema: $ref: '#/definitions/createEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /terminators/{id}: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a single terminator by id. Requires admin access. tags: - Terminator summary: Retrieves a single terminator operationId: detailTerminator responses: "200": description: A single terminator schema: $ref: '#/definitions/detailTerminatorEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 put: security: - ztSession: [] description: Update all fields on a terminator by id. Requires admin access. tags: - Terminator summary: Update all fields on a terminator operationId: updateTerminator parameters: - description: A terminator update object name: terminator in: body required: true schema: $ref: '#/definitions/terminatorUpdate' responses: "200": description: The update request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] description: Delete a terminator by id. Requires admin access. tags: - Terminator summary: Delete a terminator operationId: deleteTerminator responses: "200": description: The delete request was successful and the resource has been removed schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "409": description: The resource requested to be removed/altered cannot be as it is referenced by another object. schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 causeMessage: referenced by /some-resource/05f4f710-c155-4a74-86d5-77558eb9cb42 code: CONFLICT_CANNOT_MODIFY_REFERENCED message: The resource cannot be deleted/modified. Remove all referencing resources first. requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 patch: security: - ztSession: [] description: Update the supplied fields on a terminator. Requires admin access. tags: - Terminator summary: Update the supplied fields on a terminator operationId: patchTerminator parameters: - description: A terminator patch object name: terminator in: body required: true schema: $ref: '#/definitions/terminatorPatch' responses: "200": description: The patch request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /transit-routers: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of router resources; supports filtering, sorting, and pagination. Requires admin access. tags: - Router summary: List routers operationId: listTransitRouters parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of specifications schema: $ref: '#/definitions/listRoutersEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 post: security: - ztSession: [] - oauth2: - openid description: Create a router resource. Requires admin access. tags: - Router summary: Create a router resource operationId: createTransitRouter parameters: - description: A router to create name: router in: body required: true schema: $ref: '#/definitions/routerCreate' responses: "201": description: The create request was successful and the resource has been added at the following location schema: $ref: '#/definitions/createEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /transit-routers/{id}: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a single router by id. Requires admin access. tags: - Router summary: Retrieves a single router operationId: detailTransitRouter responses: "200": description: A single router schema: $ref: '#/definitions/detailRouterEnvelope' "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 put: security: - ztSession: [] - oauth2: - openid description: Update all fields on a router by id. Requires admin access. tags: - Router summary: Update all fields on a router operationId: updateTransitRouter parameters: - description: A router update object name: router in: body required: true schema: $ref: '#/definitions/routerUpdate' responses: "200": description: The update request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] - oauth2: - openid description: Delete a router by id. Requires admin access. tags: - Router summary: Delete a router operationId: deleteTransitRouter responses: "200": description: The delete request was successful and the resource has been removed schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "409": description: The resource requested to be removed/altered cannot be as it is referenced by another object. schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 causeMessage: referenced by /some-resource/05f4f710-c155-4a74-86d5-77558eb9cb42 code: CONFLICT_CANNOT_MODIFY_REFERENCED message: The resource cannot be deleted/modified. Remove all referencing resources first. requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 patch: security: - ztSession: [] - oauth2: - openid description: Update the supplied fields on a router. Requires admin access. tags: - Router summary: Update the supplied fields on a router operationId: patchTransitRouter parameters: - description: A router patch object name: router in: body required: true schema: $ref: '#/definitions/routerPatch' responses: "200": description: The patch request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The currently supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /version: get: security: [] tags: - Informational summary: Returns version information operationId: listVersion responses: "200": description: Version information for the controller schema: $ref: '#/definitions/listVersionEnvelope' definitions: apiError: type: object properties: args: $ref: '#/definitions/apiErrorArgs' cause: $ref: '#/definitions/apiErrorCause' causeMessage: type: string code: type: string data: type: object additionalProperties: true message: type: string requestId: type: string apiErrorArgs: type: object properties: urlVars: type: object additionalProperties: type: string apiErrorCause: allOf: - $ref: '#/definitions/apiFieldError' - $ref: '#/definitions/apiError' apiErrorEnvelope: type: object required: - meta - error properties: error: $ref: '#/definitions/apiError' meta: $ref: '#/definitions/meta' apiFieldError: type: object properties: field: type: string reason: type: string value: description: can be any value - string, number, boolean, array or object apiSessionDetail: description: An API Session object type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - token - identity - identityId - configTypes - ipAddress - authQueries - cachedUpdatedAt - isMfaRequired - isMfaComplete - authenticatorId properties: authQueries: $ref: '#/definitions/authQueryList' authenticatorId: type: string cachedLastActivityAt: type: string format: date-time configTypes: type: array items: type: string identity: $ref: '#/definitions/entityRef' identityId: type: string ipAddress: type: string isMfaComplete: type: boolean isMfaRequired: type: boolean lastActivityAt: type: string format: date-time token: type: string apiSessionList: type: array items: $ref: '#/definitions/apiSessionDetail' apiSessionPostureData: type: object required: - mfa properties: endpointState: $ref: '#/definitions/postureDataEndpointState' mfa: $ref: '#/definitions/postureDataMfa' sdkInfo: $ref: '#/definitions/sdkInfo' apiVersion: type: object required: - path properties: apiBaseUrls: type: array items: type: string path: type: string version: type: string attributes: description: A set of strings used to loosly couple this resource to policies type: array items: type: string x-nullable: true x-omitempty: true authPolicyCreate: description: A Auth Policy resource type: object required: - name - primary - secondary properties: name: type: string primary: $ref: '#/definitions/authPolicyPrimary' secondary: $ref: '#/definitions/authPolicySecondary' tags: $ref: '#/definitions/tags' authPolicyDetail: description: A Auth Policy resource type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - name - primary - secondary properties: name: type: string primary: $ref: '#/definitions/authPolicyPrimary' secondary: $ref: '#/definitions/authPolicySecondary' authPolicyList: description: An array of Auth Policies resources type: array items: $ref: '#/definitions/authPolicyDetail' authPolicyPatch: description: A Auth Policy resource type: object properties: name: type: string x-nullable: true primary: $ref: '#/definitions/authPolicyPrimaryPatch' secondary: $ref: '#/definitions/authPolicySecondaryPatch' tags: $ref: '#/definitions/tags' authPolicyPrimary: type: object required: - updb - cert - extJwt properties: cert: $ref: '#/definitions/authPolicyPrimaryCert' extJwt: $ref: '#/definitions/authPolicyPrimaryExtJwt' updb: $ref: '#/definitions/authPolicyPrimaryUpdb' authPolicyPrimaryCert: type: object required: - allowed - allowExpiredCerts properties: allowExpiredCerts: type: boolean allowed: type: boolean authPolicyPrimaryCertPatch: type: object properties: allowExpiredCerts: type: boolean x-nullable: true allowed: type: boolean x-nullable: true x-nullable: true authPolicyPrimaryExtJwt: type: object properties: allowed: type: boolean x-nullable: true allowedSigners: type: array items: type: string x-nullable: true x-nullable: true authPolicyPrimaryExtJwtPatch: type: object properties: allowed: type: boolean x-nullable: true allowedSigners: type: array items: type: string x-nullable: true x-nullable: true authPolicyPrimaryPatch: type: object properties: cert: $ref: '#/definitions/authPolicyPrimaryCertPatch' extJwt: $ref: '#/definitions/authPolicyPrimaryExtJwtPatch' updb: $ref: '#/definitions/authPolicyPrimaryUpdbPatch' authPolicyPrimaryUpdb: type: object required: - allowed - minPasswordLength - requireSpecialChar - requireNumberChar - requireMixedCase - maxAttempts - lockoutDurationMinutes properties: allowed: type: boolean lockoutDurationMinutes: type: integer maxAttempts: type: integer minPasswordLength: type: integer requireMixedCase: type: boolean requireNumberChar: type: boolean requireSpecialChar: type: boolean authPolicyPrimaryUpdbPatch: type: object properties: allowed: type: boolean x-nullable: true lockoutDurationMinutes: type: integer x-nullable: true maxAttempts: type: integer x-nullable: true minPasswordLength: type: integer x-nullable: true requireMixedCase: type: boolean x-nullable: true requireNumberChar: type: boolean x-nullable: true requireSpecialChar: type: boolean x-nullable: true x-nullable: true authPolicySecondary: type: object required: - requireTotp properties: requireExtJwtSigner: type: string x-nullable: true x-omit-empty: false requireTotp: type: boolean authPolicySecondaryPatch: type: object properties: requireExtJwtSigner: type: string x-nullable: true requireTotp: type: boolean x-nullable: true x-nullable: true authPolicyUpdate: $ref: '#/definitions/authPolicyCreate' authQueryDetail: type: object required: - provider properties: format: $ref: '#/definitions/mfaFormats' httpMethod: type: string httpUrl: type: string maxLength: type: integer minLength: type: integer provider: $ref: '#/definitions/mfaProviders' typeId: type: string authQueryList: type: array items: $ref: '#/definitions/authQueryDetail' authenticate: description: A generic authenticate object meant for use with the /authenticate path. Required fields depend on authentication method. type: object properties: configTypes: $ref: '#/definitions/configTypes' envInfo: $ref: '#/definitions/envInfo' password: $ref: '#/definitions/password' sdkInfo: $ref: '#/definitions/sdkInfo' username: $ref: '#/definitions/username' authenticatorCreate: description: Creates an authenticator for a specific identity which can be used for API authentication type: object required: - method - identityId properties: certPem: description: The client certificate the identity will login with. Used only for method='cert' type: string identityId: description: The id of an existing identity that will be assigned this authenticator type: string method: description: The type of authenticator to create; which will dictate which properties on this object are required. type: string password: description: The password the identity will login with. Used only for method='updb' type: string tags: $ref: '#/definitions/tags' username: description: The username that the identity will login with. Used only for method='updb' type: string authenticatorDetail: description: A singular authenticator resource type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - method - identityId - identity properties: certPem: type: string fingerprint: type: string identity: $ref: '#/definitions/entityRef' identityId: type: string method: type: string username: type: string authenticatorList: description: An array of authenticator resources type: array items: $ref: '#/definitions/authenticatorDetail' authenticatorPatch: description: All of the fields on an authenticator that may be updated type: object properties: password: $ref: '#/definitions/passwordNullable' tags: $ref: '#/definitions/tags' username: $ref: '#/definitions/usernameNullable' authenticatorPatchWithCurrent: description: All of the fields on an authenticator that may be updated type: object allOf: - $ref: '#/definitions/authenticatorPatch' - type: object required: - currentPassword properties: currentPassword: $ref: '#/definitions/password' authenticatorUpdate: description: All of the fields on an authenticator that will be updated type: object required: - username - password properties: password: $ref: '#/definitions/password' tags: $ref: '#/definitions/tags' username: $ref: '#/definitions/username' authenticatorUpdateWithCurrent: description: All of the fields on an authenticator that will be updated type: object allOf: - $ref: '#/definitions/authenticatorUpdate' - type: object required: - currentPassword properties: currentPassword: $ref: '#/definitions/password' baseEntity: description: Fields shared by all Edge API entities type: object required: - id - createdAt - updatedAt - _links properties: _links: $ref: '#/definitions/links' createdAt: type: string format: date-time id: type: string tags: $ref: '#/definitions/tags' updatedAt: type: string format: date-time caCreate: description: A create Certificate Authority (CA) object type: object required: - name - certPem - isAutoCaEnrollmentEnabled - isOttCaEnrollmentEnabled - isAuthEnabled - identityRoles properties: certPem: type: string example: | -----BEGIN CERTIFICATE----- MIICUjCCAdmgAwIBAgIJANooo7NB+dZZMAoGCCqGSM49BAMCMF4xCzAJBgNVBAYT AlVTMQswCQYDVQQIDAJOQzETMBEGA1UECgwKTmV0Rm91bmRyeTEtMCsGA1UEAwwk TmV0Rm91bmRyeSBaaXRpIEV4dGVybmFsIEFQSSBSb290IENBMB4XDTE4MTExNTEy NTcwOVoXDTM4MTExMDEyNTcwOVowXjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5D MRMwEQYDVQQKDApOZXRGb3VuZHJ5MS0wKwYDVQQDDCROZXRGb3VuZHJ5IFppdGkg RXh0ZXJuYWwgQVBJIFJvb3QgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARwq61Z Iaqbaw0PDt3frJZaHjkxfZhwYrykI1GlbRNd/jix03lVG9qvpN5Og9fQfFFcFmD/ 3vCE9S6O0npm0mADQxcBcxbMRAH5dtBuCuiJW6qAAbPgiM32vqSxBiFt0KejYzBh MB0GA1UdDgQWBBRx1OVGuc/jdltDc8YBtkw8Tbr4fjAfBgNVHSMEGDAWgBRx1OVG uc/jdltDc8YBtkw8Tbr4fjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB hjAKBggqhkjOPQQDAgNnADBkAjBDRxNZUaIVpkQKnAgJukl3ysd3/i7Z6hDyIEms kllz/+ZvmdBp9iedV5o5BvJUggACMCv+UBFlJH7pmsOCo/F45Kk178YsCC7gaMxE 1ZG1zveyMvsYsH04C9FndE6w2MLvlA== -----END CERTIFICATE----- externalIdClaim: $ref: '#/definitions/externalIdClaim' identityNameFormat: type: string identityRoles: $ref: '#/definitions/roles' isAuthEnabled: type: boolean example: true isAutoCaEnrollmentEnabled: type: boolean example: true isOttCaEnrollmentEnabled: type: boolean example: true name: type: string example: Test 3rd Party External CA tags: $ref: '#/definitions/tags' caDetail: description: A Certificate Authority (CA) resource type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - name - fingerprint - certPem - isVerified - isAutoCaEnrollmentEnabled - isOttCaEnrollmentEnabled - isAuthEnabled - identityRoles - identityNameFormat properties: certPem: type: string externalIdClaim: $ref: '#/definitions/externalIdClaim' fingerprint: type: string identityNameFormat: type: string identityRoles: $ref: '#/definitions/roles' isAuthEnabled: type: boolean example: true isAutoCaEnrollmentEnabled: type: boolean example: true isOttCaEnrollmentEnabled: type: boolean example: true isVerified: type: boolean example: false name: type: string verificationToken: type: string format: uuid caList: description: An array of Certificate Authority (CA) resources type: array items: $ref: '#/definitions/caDetail' caPatch: type: object properties: externalIdClaim: $ref: '#/definitions/externalIdClaimPatch' identityNameFormat: type: string x-nullable: true identityRoles: $ref: '#/definitions/roles' isAuthEnabled: type: boolean x-nullable: true example: true isAutoCaEnrollmentEnabled: type: boolean x-nullable: true example: true isOttCaEnrollmentEnabled: type: boolean x-nullable: true example: true name: type: string x-nullable: true example: My CA tags: $ref: '#/definitions/tags' caUpdate: type: object required: - name - isAutoCaEnrollmentEnabled - isOttCaEnrollmentEnabled - isAuthEnabled - identityRoles - identityNameFormat properties: externalIdClaim: $ref: '#/definitions/externalIdClaim' identityNameFormat: type: string identityRoles: $ref: '#/definitions/roles' isAuthEnabled: type: boolean example: true isAutoCaEnrollmentEnabled: type: boolean example: true isOttCaEnrollmentEnabled: type: boolean example: true name: type: string example: My CA tags: $ref: '#/definitions/tags' commonEdgeRouterProperties: type: object required: - hostname - name - supportedProtocols - syncStatus - isOnline - cost - noTraversal - disabled properties: appData: $ref: '#/definitions/tags' cost: type: integer maximum: 65535 minimum: 0 x-nullable: true disabled: type: boolean hostname: type: string isOnline: type: boolean name: type: string noTraversal: type: boolean x-nullable: true supportedProtocols: type: object additionalProperties: type: string syncStatus: type: string configCreate: description: A config create object type: object required: - name - configTypeId - data properties: configTypeId: description: The id of a config-type that the data section will match type: string data: description: Data payload is defined by the schema of the config-type defined in the type parameter type: object additionalProperties: true x-nullable: false name: type: string example: default.ziti-tunneler-server.v1 tags: $ref: '#/definitions/tags' example: configTypeId: cea49285-6c07-42cf-9f52-09a9b115c783 data: hostname: example.com port: 80 name: test-config configDetail: description: A config resource type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - name - configTypeId - configType - data properties: configType: $ref: '#/definitions/entityRef' configTypeId: type: string data: description: The data section of a config is based on the schema of its type type: object name: type: string configList: description: An array of config resources type: array items: $ref: '#/definitions/configDetail' configPatch: description: A config patch object type: object properties: data: description: Data payload is defined by the schema of the config-type defined in the type parameter type: object additionalProperties: true name: type: string example: default.ziti-tunneler-server.v1 tags: $ref: '#/definitions/tags' example: data: hostname: example.com port: 80 name: example-config-name configTypeCreate: description: A config-type create object type: object required: - name properties: name: type: string example: ziti-tunneler-server.v1 schema: description: A JSON schema to enforce configuration against type: object additionalProperties: true tags: $ref: '#/definitions/tags' configTypeDetail: description: A config-type resource type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - name - schema properties: name: type: string example: ziti-tunneler-server.v1 schema: description: A JSON schema to enforce configuration against type: object additionalProperties: true configTypeList: description: An array of config-type resources type: array items: $ref: '#/definitions/configTypeDetail' configTypePatch: description: A config-type patch object type: object properties: name: type: string example: ziti-tunneler-server.v1 schema: description: A JSON schema to enforce configuration against type: object additionalProperties: true tags: $ref: '#/definitions/tags' configTypeUpdate: description: A config-type update object type: object required: - name properties: name: type: string example: ziti-tunneler-server.v1 schema: description: A JSON schema to enforce configuration against type: object additionalProperties: true tags: $ref: '#/definitions/tags' configTypes: description: Specific configuration types that should be returned type: array items: type: string configUpdate: description: A config update object type: object required: - name - data properties: data: description: Data payload is defined by the schema of the config-type defined in the type parameter type: object additionalProperties: true x-nullable: false name: type: string example: default.ziti-tunneler-server.v1 tags: $ref: '#/definitions/tags' example: data: hostname: example.com port: 80 name: example-config-name createEnvelope: type: object properties: data: $ref: '#/definitions/createLocation' meta: $ref: '#/definitions/meta' createLocation: type: object properties: _links: $ref: '#/definitions/links' id: type: string currentApiSessionDetail: description: An API Session object for the current API session type: object allOf: - $ref: '#/definitions/apiSessionDetail' - type: object required: - expiresAt - expirationSeconds properties: expirationSeconds: type: integer expiresAt: type: string format: date-time currentApiSessionDetailEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/currentApiSessionDetail' meta: $ref: '#/definitions/meta' currentIdentityDetailEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/identityDetail' meta: $ref: '#/definitions/meta' dataIntegrityCheckDetail: type: object required: - description - fixed properties: description: type: string fixed: type: boolean dataIntegrityCheckDetailList: type: array items: $ref: '#/definitions/dataIntegrityCheckDetail' dataIntegrityCheckDetails: type: object required: - inProgress - fixingErrors - tooManyErrors - startTime - endTime - error - results properties: endTime: type: string format: date-time error: type: string fixingErrors: type: boolean inProgress: type: boolean results: $ref: '#/definitions/dataIntegrityCheckDetailList' startTime: type: string format: date-time tooManyErrors: type: boolean dataIntegrityCheckResultEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/dataIntegrityCheckDetails' meta: $ref: '#/definitions/meta' detailApiSessionEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/apiSessionDetail' meta: $ref: '#/definitions/meta' detailAuthPolicyEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/authPolicyDetail' meta: $ref: '#/definitions/meta' detailAuthenticatorEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/authenticatorDetail' meta: $ref: '#/definitions/meta' detailCaEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/caDetail' meta: $ref: '#/definitions/meta' detailConfigEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/configDetail' meta: $ref: '#/definitions/meta' detailConfigTypeEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/configTypeDetail' meta: $ref: '#/definitions/meta' detailEdgeRouterPolicyEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/edgeRouterPolicyDetail' meta: $ref: '#/definitions/meta' detailEnrollmentEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/enrollmentDetail' meta: $ref: '#/definitions/meta' detailExternalJwtSignerEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/externalJwtSignerDetail' meta: $ref: '#/definitions/meta' detailIdentityEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/identityDetail' meta: $ref: '#/definitions/meta' detailIdentityTypeEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/identityTypeDetail' meta: $ref: '#/definitions/meta' detailMfa: type: object allOf: - $ref: '#/definitions/baseEntity' - required: - isVerified properties: isVerified: type: boolean provisioningUrl: description: Not provided if MFA verification has been completed type: string recoveryCodes: description: Not provided if MFA verification has been completed type: array items: type: string detailMfaEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/detailMfa' meta: $ref: '#/definitions/meta' detailMfaRecoveryCodes: type: object allOf: - $ref: '#/definitions/baseEntity' - required: - recoveryCodes properties: recoveryCodes: type: array items: type: string detailMfaRecoveryCodesEnvelope: type: object required: - meta - error properties: error: $ref: '#/definitions/detailMfaRecoveryCodes' meta: $ref: '#/definitions/meta' detailPostureCheckEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/postureCheckDetail' meta: $ref: '#/definitions/meta' detailPostureCheckTypeEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/postureCheckTypeDetail' meta: $ref: '#/definitions/meta' detailRouterEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/routerDetail' meta: $ref: '#/definitions/meta' detailServiceEdgePolicyEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/serviceEdgeRouterPolicyDetail' meta: $ref: '#/definitions/meta' detailServiceEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/serviceDetail' meta: $ref: '#/definitions/meta' detailServicePolicyEnvelop: type: object required: - meta - data properties: data: $ref: '#/definitions/servicePolicyDetail' meta: $ref: '#/definitions/meta' detailSessionManagementEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/sessionManagementDetail' meta: $ref: '#/definitions/meta' detailSessionRoutePathEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/sessionRoutePathDetail' meta: $ref: '#/definitions/meta' detailSpecBodyEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/specBodyDetail' meta: $ref: '#/definitions/meta' detailSpecEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/specDetail' meta: $ref: '#/definitions/meta' detailTerminatorEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/terminatorDetail' meta: $ref: '#/definitions/meta' detailedEdgeRouterEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/edgeRouterDetail' meta: $ref: '#/definitions/meta' dialBind: type: string enum: - Dial - Bind dialBindArray: type: array items: $ref: '#/definitions/dialBind' disableParams: type: object required: - durationMinutes properties: durationMinutes: type: integer edgeRouterCreate: description: An edge router create object type: object required: - name properties: appData: $ref: '#/definitions/tags' cost: type: integer maximum: 65535 minimum: 0 x-nullable: true disabled: type: boolean x-nullable: true isTunnelerEnabled: type: boolean name: type: string noTraversal: type: boolean x-nullable: true roleAttributes: $ref: '#/definitions/attributes' tags: $ref: '#/definitions/tags' edgeRouterDetail: description: A detail edge router resource type: object allOf: - $ref: '#/definitions/baseEntity' - $ref: '#/definitions/commonEdgeRouterProperties' - type: object required: - isVerified - roleAttributes - os - version - arch - buildDate - revision - isTunnelerEnabled properties: certPem: type: string x-nullable: true x-omitempty: false enrollmentCreatedAt: type: string format: date-time x-nullable: true enrollmentExpiresAt: type: string format: date-time x-nullable: true enrollmentJwt: type: string x-nullable: true enrollmentToken: type: string x-nullable: true fingerprint: type: string isTunnelerEnabled: type: boolean isVerified: type: boolean roleAttributes: $ref: '#/definitions/attributes' unverifiedCertPem: type: string x-nullable: true x-omitempty: false unverifiedFingerprint: type: string x-nullable: true x-omitempty: false versionInfo: $ref: '#/definitions/versionInfo' example: _links: edge-router-policies: href: ./edge-routers/b0766b8d-bd1a-4d28-8415-639b29d3c83d/edge-routers self: href: ./edge-routers/b0766b8d-bd1a-4d28-8415-639b29d3c83d cost: 0 createdAt: "2020-03-16T17:13:31.5807454Z" enrollmentCreatedAt: "2020-03-16T17:13:31.5777637Z" enrollmentExpiresAt: "2020-03-16T17:18:31.5777637Z" enrollmentJwt: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbSI6ImVyb3R0IiwiZXhwIjoxNTg0Mzc5MTExLCJpc3MiOiJodHRwczovL 2xvY2FsaG9zdDoxMjgwIiwianRpIjoiMzBhMWYwZWEtZDM5Yi00YWFlLWI4NTItMzA0Y2YxYzMwZDFmIiwic3ViIjoiYjA3NjZiOGQtYmQxYS00ZDI 4LTg0MTUtNjM5YjI5ZDNjODNkIn0.UsyQhCPORQ5tQnYWY7S88LNvV9iFS5Hy-P4aJaClZzEICobKgnQoyQblJcdMvk3cGKwyFqAnQtt0tDZkb8tHz Vqyv6bilHcAFuMRrdwXRqdXquabSN5geu2qBUnyzL7Mf2X85if8sbMida6snB4oLZsVRF3CRn4ODBJdeiVJ_Z4rgD-zW2IwtXPApT7ALyiiw2cN4EH 8pqQ7tpZKqztE0PGEbBQFPGKUFnm7oXyvSUo17EsFJUv5gUlBzfKKGolh5io4ptp22HZrqsqSnqDSOnYEZHonr5Yljuwiktrlh-JKiK6GGns5OAJMP dO9lgM4yHSpF2ILbqhWMV93Y3zMOg enrollmentToken: 30a1f0ea-d39b-4aae-b852-304cf1c30d1f fingerprint: null hostname: "" id: b0766b8d-bd1a-4d28-8415-639b29d3c83d isOnline: false isTunnelerEnabled: false isVerified: false name: TestRouter-e33c837f-3222-4b40-bcd6-b3458fd5156e noTraversal: false roleAttributes: - eastCoast - sales - test supportedProtocols: {} tags: {} updatedAt: "2020-03-16T17:13:31.5807454Z" edgeRouterList: description: A list of edge router resources type: array items: $ref: '#/definitions/edgeRouterDetail' edgeRouterPatch: description: An edge router patch object type: object properties: appData: $ref: '#/definitions/tags' cost: type: integer maximum: 65535 minimum: 0 x-nullable: true disabled: type: boolean x-nullable: true isTunnelerEnabled: type: boolean name: type: string x-nullable: true noTraversal: type: boolean x-nullable: true roleAttributes: $ref: '#/definitions/attributes' tags: $ref: '#/definitions/tags' edgeRouterPolicyCreate: required: - name - semantic properties: edgeRouterRoles: $ref: '#/definitions/roles' identityRoles: $ref: '#/definitions/roles' name: type: string semantic: $ref: '#/definitions/semantic' tags: $ref: '#/definitions/tags' edgeRouterPolicyDetail: type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - name - semantic - edgeRouterRoles - edgeRouterRolesDisplay - identityRoles - identityRolesDisplay - isSystem properties: edgeRouterRoles: $ref: '#/definitions/roles' edgeRouterRolesDisplay: $ref: '#/definitions/namedRoles' identityRoles: $ref: '#/definitions/roles' identityRolesDisplay: $ref: '#/definitions/namedRoles' isSystem: type: boolean name: type: string semantic: $ref: '#/definitions/semantic' edgeRouterPolicyList: type: array items: $ref: '#/definitions/edgeRouterPolicyDetail' edgeRouterPolicyPatch: properties: edgeRouterRoles: $ref: '#/definitions/roles' identityRoles: $ref: '#/definitions/roles' name: type: string semantic: $ref: '#/definitions/semantic' tags: $ref: '#/definitions/tags' edgeRouterPolicyUpdate: required: - name - semantic properties: edgeRouterRoles: $ref: '#/definitions/roles' identityRoles: $ref: '#/definitions/roles' name: type: string semantic: $ref: '#/definitions/semantic' tags: $ref: '#/definitions/tags' edgeRouterUpdate: description: An edge router update object type: object required: - name properties: appData: $ref: '#/definitions/tags' cost: type: integer maximum: 65535 minimum: 0 x-nullable: true disabled: type: boolean x-nullable: true isTunnelerEnabled: type: boolean name: type: string noTraversal: type: boolean x-nullable: true roleAttributes: $ref: '#/definitions/attributes' tags: $ref: '#/definitions/tags' empty: type: object required: - meta - data properties: data: type: object example: {} meta: $ref: '#/definitions/meta' enrollmentCreate: type: object required: - method - expiresAt - identityId properties: caId: type: string x-nullable: true expiresAt: type: string format: date-time identityId: type: string method: type: string enum: - ott - ottca - updb username: type: string x-nullable: true enrollmentDetail: description: | An enrollment object. Enrollments are tied to identities and potentially a CA. Depending on the method, different fields are utilized. For example ottca enrollments use the `ca` field and updb enrollments use the username field, but not vice versa. type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - token - method - expiresAt - details properties: caId: type: string x-nullable: true edgeRouter: $ref: '#/definitions/entityRef' edgeRouterId: type: string expiresAt: type: string format: date-time identity: $ref: '#/definitions/entityRef' identityId: type: string jwt: type: string method: type: string token: type: string transitRouter: $ref: '#/definitions/entityRef' transitRouterId: type: string username: type: string example: _links: self: href: ./enrollments/624fa53f-7629-4a7a-9e38-c1f4ce322c1d ca: null createdAt: "0001-01-01T00:00:00Z" expiresAt: "2020-03-11T20:20:24.0055543Z" id: 624fa53f-7629-4a7a-9e38-c1f4ce322c1d identity: _links: self: href: ./identities/f047ac96-dc3a-408a-a6f2-0ba487c08ef9 id: f047ac96-dc3a-408a-a6f2-0ba487c08ef9 name: updb--0f245140-7f2e-4326-badf-6aba55e52475 urlName: identities method: updb tags: null token: 1e727c8f-07e4-4a1d-a8b0-da0c7a01c6e1 updatedAt: "0001-01-01T00:00:00Z" username: example-username enrollmentList: description: An array of enrollment resources type: array items: $ref: '#/definitions/enrollmentDetail' enrollmentRefresh: type: object required: - expiresAt properties: expiresAt: type: string format: date-time entityRef: description: A reference to another resource and links to interact with it type: object properties: _links: $ref: '#/definitions/links' entity: type: string id: type: string name: type: string envInfo: description: Environment information an authenticating client may provide type: object properties: arch: type: string os: type: string osRelease: type: string osVersion: type: string externalIdClaim: type: object required: - location - matcher - matcherCriteria - parser - parserCriteria - index properties: index: type: integer x-nullable: true location: type: string enum: - COMMON_NAME - SAN_URI - SAN_EMAIL x-nullable: true matcher: type: string enum: - ALL - PREFIX - SUFFIX - SCHEME x-nullable: true matcherCriteria: type: string x-nullable: true parser: type: string enum: - NONE - SPLIT x-nullable: true parserCriteria: type: string x-nullable: true externalIdClaimPatch: type: object properties: index: type: integer x-nullable: true location: type: string enum: - COMMON_NAME - SAN_URI - SAN_EMAIL x-nullable: true matcher: type: string enum: - ALL - PREFIX - SUFFIX - SCHEME x-nullable: true matcherCriteria: type: string x-nullable: true parser: type: string enum: - NONE - SPLIT x-nullable: true parserCriteria: type: string x-nullable: true externalJwtSignerCreate: description: A create Certificate Authority (CA) object type: object required: - name - enabled - issuer - audience properties: audience: type: string x-nullable: true certPem: type: string x-nullable: true claimsProperty: type: string x-nullable: true enabled: type: boolean externalAuthUrl: type: string format: url x-nullable: true issuer: type: string jwksEndpoint: type: string format: uri x-nullable: true kid: type: string x-nullable: true name: type: string example: MyApps Signer tags: $ref: '#/definitions/tags' useExternalId: type: boolean x-nullable: true externalJwtSignerDetail: description: A External JWT Signer resource type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - name - certPem - jwksEndpoint - enabled - fingerprint - commonName - notAfter - notBefore - externalAuthUrl - claimsProperty - useExternalId - kid - issuer - audience properties: audience: type: string certPem: type: string x-nullable: true claimsProperty: type: string commonName: type: string enabled: type: boolean externalAuthUrl: type: string format: url fingerprint: type: string issuer: type: string jwksEndpoint: type: string format: uri x-nullable: true kid: type: string name: type: string example: MyApps Signer notAfter: type: string format: date-time notBefore: type: string format: date-time useExternalId: type: boolean externalJwtSignerList: description: An array of External JWT Signers resources type: array items: $ref: '#/definitions/externalJwtSignerDetail' externalJwtSignerPatch: type: object properties: audience: type: string x-nullable: true certPem: type: string x-nullable: true claimsProperty: type: string x-nullable: true enabled: type: boolean x-nullable: true externalAuthUrl: type: string format: url x-nullable: true issuer: type: string x-nullable: true jwksEndpoint: type: string format: uri x-nullable: true kid: type: string x-nullable: true name: type: string x-nullable: true example: MyApps Signer tags: $ref: '#/definitions/tags' useExternalId: type: boolean x-nullable: true externalJwtSignerUpdate: type: object required: - name - enabled - issuer - audience properties: audience: type: string x-nullable: true certPem: type: string x-nullable: true claimsProperty: type: string x-nullable: true enabled: type: boolean externalAuthUrl: type: string format: url x-nullable: true issuer: type: string jwksEndpoint: type: string format: uri x-nullable: true kid: type: string x-nullable: true name: type: string example: MyApps Signer tags: $ref: '#/definitions/tags' useExternalId: type: boolean x-nullable: true failedServiceRequest: type: object properties: apiSessionId: type: string policyFailures: type: array items: $ref: '#/definitions/policyFailure' serviceId: type: string serviceName: type: string sessionType: $ref: '#/definitions/dialBind' when: type: string format: date-time failedServiceRequestEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/failedServiceRequestList' meta: $ref: '#/definitions/meta' failedServiceRequestList: type: array items: $ref: '#/definitions/failedServiceRequest' getIdentityPolicyAdviceEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/policyAdvice' meta: $ref: '#/definitions/meta' identityAuthenticators: type: object properties: cert: type: object properties: fingerprint: type: string id: type: string updb: type: object properties: id: type: string username: type: string identityCreate: description: An identity to create type: object required: - name - type - isAdmin properties: appData: $ref: '#/definitions/tags' authPolicyId: type: string x-nullable: true defaultHostingCost: $ref: '#/definitions/terminatorCost' defaultHostingPrecedence: $ref: '#/definitions/terminatorPrecedence' enrollment: type: object properties: ott: type: boolean ottca: type: string updb: type: string externalId: type: string x-nullable: true isAdmin: type: boolean name: type: string roleAttributes: $ref: '#/definitions/attributes' serviceHostingCosts: $ref: '#/definitions/terminatorCostMap' serviceHostingPrecedences: $ref: '#/definitions/terminatorPrecedenceMap' tags: $ref: '#/definitions/tags' type: $ref: '#/definitions/identityType' identityDetail: description: Detail of a specific identity type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - name - type - typeId - isDefaultAdmin - isAdmin - authenticators - enrollment - envInfo - sdkInfo - roleAttributes - hasEdgeRouterConnection - hasApiSession - isMfaEnabled - serviceHostingPrecedences - serviceHostingCosts - defaultHostingCost - authPolicyId - authPolicy - externalId - disabled properties: appData: $ref: '#/definitions/tags' authPolicy: $ref: '#/definitions/entityRef' authPolicyId: type: string authenticators: $ref: '#/definitions/identityAuthenticators' defaultHostingCost: $ref: '#/definitions/terminatorCost' defaultHostingPrecedence: $ref: '#/definitions/terminatorPrecedence' disabled: type: boolean disabledAt: type: string format: date-time x-nullable: true disabledUntil: type: string format: date-time x-nullable: true enrollment: $ref: '#/definitions/identityEnrollments' envInfo: $ref: '#/definitions/envInfo' externalId: type: string x-nullable: true hasApiSession: type: boolean hasEdgeRouterConnection: type: boolean isAdmin: type: boolean isDefaultAdmin: type: boolean isMfaEnabled: type: boolean name: type: string roleAttributes: $ref: '#/definitions/attributes' sdkInfo: $ref: '#/definitions/sdkInfo' serviceHostingCosts: $ref: '#/definitions/terminatorCostMap' serviceHostingPrecedences: $ref: '#/definitions/terminatorPrecedenceMap' type: $ref: '#/definitions/entityRef' typeId: type: string identityEnrollments: type: object properties: ott: type: object properties: expiresAt: type: string format: date-time id: type: string jwt: type: string token: type: string ottca: type: object properties: ca: $ref: '#/definitions/entityRef' caId: type: string expiresAt: type: string format: date-time id: type: string jwt: type: string token: type: string updb: type: object properties: expiresAt: type: string format: date-time id: type: string jwt: type: string token: type: string identityExtendCerts: type: object properties: ca: description: A PEM encoded set of CA certificates type: string clientCert: description: A PEM encoded client certificate type: string identityExtendEnrollmentEnvelope: type: object properties: data: $ref: '#/definitions/identityExtendCerts' meta: $ref: '#/definitions/meta' identityExtendEnrollmentRequest: type: object required: - clientCertCsr properties: clientCertCsr: type: string identityExtendValidateEnrollmentRequest: type: object required: - clientCert properties: clientCert: description: A PEM encoded client certificate previously returned after an extension request type: string identityList: description: A list of identities type: array items: $ref: '#/definitions/identityDetail' identityPatch: type: object properties: appData: $ref: '#/definitions/tags' authPolicyId: type: string x-nullable: true defaultHostingCost: $ref: '#/definitions/terminatorCost' defaultHostingPrecedence: $ref: '#/definitions/terminatorPrecedence' externalId: type: string x-nullable: true isAdmin: type: boolean x-nullable: true name: type: string x-nullable: true roleAttributes: $ref: '#/definitions/attributes' serviceHostingCosts: $ref: '#/definitions/terminatorCostMap' serviceHostingPrecedences: $ref: '#/definitions/terminatorPrecedenceMap' tags: $ref: '#/definitions/tags' type: $ref: '#/definitions/identityType' identityType: type: string enum: - User - Device - Service - Router identityTypeDetail: type: object allOf: - $ref: '#/definitions/baseEntity' - type: object properties: name: type: string identityTypeList: type: array items: $ref: '#/definitions/identityTypeDetail' identityUpdate: type: object required: - type - name - isAdmin properties: appData: $ref: '#/definitions/tags' authPolicyId: type: string x-nullable: true defaultHostingCost: $ref: '#/definitions/terminatorCost' defaultHostingPrecedence: $ref: '#/definitions/terminatorPrecedence' externalId: type: string x-nullable: true isAdmin: type: boolean name: type: string roleAttributes: $ref: '#/definitions/attributes' serviceHostingCosts: $ref: '#/definitions/terminatorCostMap' serviceHostingPrecedences: $ref: '#/definitions/terminatorPrecedenceMap' tags: $ref: '#/definitions/tags' type: $ref: '#/definitions/identityType' link: description: A link to another resource type: object required: - href properties: comment: type: string href: type: string format: uri method: type: string links: description: A map of named links type: object additionalProperties: $ref: '#/definitions/link' x-omitempty: false listApiSessionsEnvelope: required: - meta - data properties: data: $ref: '#/definitions/apiSessionList' meta: $ref: '#/definitions/meta' listAuthPoliciesEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/authPolicyList' meta: $ref: '#/definitions/meta' listAuthenticatorsEnvelope: type: object properties: data: $ref: '#/definitions/authenticatorList' meta: $ref: '#/definitions/meta' listCasEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/caList' meta: $ref: '#/definitions/meta' listConfigTypesEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/configTypeList' meta: $ref: '#/definitions/meta' listConfigsEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/configList' meta: $ref: '#/definitions/meta' listEdgeRouterPoliciesEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/edgeRouterPolicyList' meta: $ref: '#/definitions/meta' listEdgeRoutersEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/edgeRouterList' meta: $ref: '#/definitions/meta' listEnrollmentsEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/enrollmentList' meta: $ref: '#/definitions/meta' listExternalJwtSignersEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/externalJwtSignerList' meta: $ref: '#/definitions/meta' listIdentitiesEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/identityList' meta: $ref: '#/definitions/meta' listIdentityTypesEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/identityTypeList' meta: $ref: '#/definitions/meta' listPostureCheckEnvelope: type: object required: - meta - data properties: data: type: array items: $ref: '#/definitions/postureCheckDetail' meta: $ref: '#/definitions/meta' listPostureCheckTypesEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/postureCheckTypeList' meta: $ref: '#/definitions/meta' listRoleAttributesEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/roleAttributesList' meta: $ref: '#/definitions/meta' listRoutersEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/routerList' meta: $ref: '#/definitions/meta' listServiceConfigsEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/serviceConfigList' meta: $ref: '#/definitions/meta' listServiceEdgeRouterPoliciesEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/serviceEdgeRouterPolicyList' meta: $ref: '#/definitions/meta' listServicePoliciesEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/servicePolicyList' meta: $ref: '#/definitions/meta' listServicesEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/serviceList' meta: $ref: '#/definitions/meta' listSessionsManagementEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/sessionManagementList' meta: $ref: '#/definitions/meta' listSpecsEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/specList' meta: $ref: '#/definitions/meta' listSummaryCounts: type: object additionalProperties: type: integer listSummaryCountsEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/listSummaryCounts' meta: $ref: '#/definitions/meta' listTerminatorsEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/terminatorList' meta: $ref: '#/definitions/meta' listVersionEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/version' meta: $ref: '#/definitions/meta' meta: type: object properties: apiEnrollmentVersion: type: string apiVersion: type: string filterableFields: type: array items: type: string x-omitempty: true pagination: $ref: '#/definitions/pagination' mfaCode: type: object required: - code properties: code: type: string mfaFormats: type: string enum: - numeric - alpha - alphaNumeric mfaProviders: type: string enum: - ziti - url namedRole: type: object properties: name: type: string role: type: string namedRoles: type: array items: $ref: '#/definitions/namedRole' x-omitempty: false operatingSystem: type: object required: - type - versions properties: type: $ref: '#/definitions/osType' versions: type: array items: type: string osType: type: string enum: - Windows - WindowsServer - Android - iOS - Linux - macOS pagination: type: object required: - limit - offset - totalCount properties: limit: type: number format: int64 offset: type: number format: int64 totalCount: type: number format: int64 password: type: string maxLength: 100 minLength: 5 passwordNullable: type: string maxLength: 100 minLength: 5 x-nullable: true policyAdvice: type: object properties: commonRouters: type: array items: $ref: '#/definitions/routerEntityRef' identity: $ref: '#/definitions/entityRef' identityId: type: string identityRouterCount: type: number format: int32 isBindAllowed: type: boolean isDialAllowed: type: boolean service: $ref: '#/definitions/entityRef' serviceId: type: string serviceRouterCount: type: number format: int32 policyFailure: type: object properties: checks: type: array items: $ref: '#/definitions/postureCheckFailure' policyId: type: string policyName: type: string postureCheckCreate: type: object required: - name - typeId properties: name: type: string roleAttributes: $ref: '#/definitions/attributes' tags: $ref: '#/definitions/tags' typeId: $ref: '#/definitions/postureCheckType' discriminator: typeId postureCheckDetail: type: object required: - name - typeId - version - roleAttributes - id - createdAt - updatedAt - _links - tags properties: _links: $ref: '#/definitions/links' createdAt: type: string format: date-time id: type: string name: type: string roleAttributes: $ref: '#/definitions/attributes' tags: $ref: '#/definitions/tags' typeId: type: string updatedAt: type: string format: date-time version: type: integer discriminator: typeId postureCheckDomainCreate: allOf: - $ref: '#/definitions/postureCheckCreate' - type: object required: - domains properties: domains: type: array minItems: 1 items: type: string x-class: DOMAIN postureCheckDomainDetail: allOf: - $ref: '#/definitions/postureCheckDetail' - type: object required: - domains properties: domains: type: array minItems: 1 items: type: string x-class: DOMAIN postureCheckDomainPatch: allOf: - $ref: '#/definitions/postureCheckPatch' - type: object properties: domains: type: array minItems: 1 items: type: string x-class: DOMAIN postureCheckDomainUpdate: allOf: - $ref: '#/definitions/postureCheckUpdate' - type: object required: - domains properties: domains: type: array minItems: 1 items: type: string x-class: DOMAIN postureCheckFailure: type: object required: - postureCheckId - postureCheckName - postureCheckType properties: postureCheckId: type: string postureCheckName: type: string postureCheckType: type: string discriminator: postureCheckType postureCheckFailureDomain: allOf: - $ref: '#/definitions/postureCheckFailure' - type: object required: - actualValue - expectedValue properties: actualValue: type: string expectedValue: type: array items: type: string x-class: DOMAIN postureCheckFailureMacAddress: allOf: - $ref: '#/definitions/postureCheckFailure' - type: object required: - actualValue - expectedValue properties: actualValue: type: array items: type: string expectedValue: type: array items: type: string x-class: MAC postureCheckFailureMfa: allOf: - $ref: '#/definitions/postureCheckFailure' - type: object required: - actualValue - expectedValue - criteria properties: actualValue: $ref: '#/definitions/postureChecksFailureMfaValues' criteria: $ref: '#/definitions/postureChecksFailureMfaCriteria' expectedValue: $ref: '#/definitions/postureChecksFailureMfaValues' x-class: MFA postureCheckFailureOperatingSystem: allOf: - $ref: '#/definitions/postureCheckFailure' - type: object required: - actualValue - expectedValue properties: actualValue: $ref: '#/definitions/postureCheckFailureOperatingSystemActual' expectedValue: type: array minItems: 1 items: $ref: '#/definitions/operatingSystem' x-class: OS postureCheckFailureOperatingSystemActual: type: object required: - type - version properties: type: type: string version: type: string postureCheckFailureProcess: allOf: - $ref: '#/definitions/postureCheckFailure' - type: object required: - actualValue - expectedValue properties: actualValue: $ref: '#/definitions/postureCheckFailureProcessActual' expectedValue: $ref: '#/definitions/process' x-class: PROCESS postureCheckFailureProcessActual: type: object required: - isRunning - hash - signerFingerprints properties: hash: type: string isRunning: type: boolean osType: $ref: '#/definitions/osType' path: type: string signerFingerprints: type: array items: type: string postureCheckFailureProcessMulti: allOf: - $ref: '#/definitions/postureCheckFailure' - type: object required: - actualValue - expectedValue - semantic properties: actualValue: type: array items: $ref: '#/definitions/postureCheckFailureProcessActual' expectedValue: type: array items: $ref: '#/definitions/processMulti' semantic: $ref: '#/definitions/semantic' x-class: PROCESS_MULTI postureCheckMacAddressCreate: allOf: - $ref: '#/definitions/postureCheckCreate' - type: object required: - macAddresses properties: macAddresses: type: array minItems: 1 items: type: string x-class: MAC postureCheckMacAddressDetail: allOf: - $ref: '#/definitions/postureCheckDetail' - type: object required: - macAddresses properties: macAddresses: type: array minItems: 1 items: type: string x-class: MAC postureCheckMacAddressPatch: allOf: - $ref: '#/definitions/postureCheckPatch' - type: object properties: macAddresses: type: array minItems: 1 items: type: string x-class: MAC postureCheckMacAddressUpdate: allOf: - $ref: '#/definitions/postureCheckUpdate' - type: object required: - macAddresses properties: macAddresses: type: array minItems: 1 items: type: string x-class: MAC postureCheckMfaCreate: allOf: - $ref: '#/definitions/postureCheckCreate' - $ref: '#/definitions/postureCheckMfaProperties' x-class: MFA postureCheckMfaDetail: allOf: - $ref: '#/definitions/postureCheckDetail' - $ref: '#/definitions/postureCheckMfaProperties' x-class: MFA postureCheckMfaPatch: allOf: - $ref: '#/definitions/postureCheckPatch' - $ref: '#/definitions/postureCheckMfaPropertiesPatch' x-class: MFA postureCheckMfaProperties: type: object properties: ignoreLegacyEndpoints: type: boolean promptOnUnlock: type: boolean promptOnWake: type: boolean timeoutSeconds: type: integer postureCheckMfaPropertiesPatch: type: object properties: ignoreLegacyEndpoints: type: boolean x-nullable: true promptOnUnlock: type: boolean x-nullable: true promptOnWake: type: boolean x-nullable: true timeoutSeconds: type: integer x-nullable: true postureCheckMfaUpdate: allOf: - $ref: '#/definitions/postureCheckUpdate' - $ref: '#/definitions/postureCheckMfaProperties' x-class: MFA postureCheckOperatingSystemCreate: allOf: - $ref: '#/definitions/postureCheckCreate' - type: object required: - operatingSystems properties: operatingSystems: type: array minItems: 1 items: $ref: '#/definitions/operatingSystem' x-class: OS postureCheckOperatingSystemDetail: allOf: - $ref: '#/definitions/postureCheckDetail' - type: object required: - operatingSystems properties: operatingSystems: type: array items: $ref: '#/definitions/operatingSystem' x-class: OS postureCheckOperatingSystemPatch: allOf: - $ref: '#/definitions/postureCheckPatch' - type: object properties: operatingSystems: type: array minItems: 1 items: $ref: '#/definitions/operatingSystem' x-class: OS postureCheckOperatingSystemUpdate: allOf: - $ref: '#/definitions/postureCheckUpdate' - type: object required: - operatingSystems properties: operatingSystems: type: array minItems: 1 items: $ref: '#/definitions/operatingSystem' x-class: OS postureCheckPatch: type: object required: - typeId properties: name: type: string roleAttributes: $ref: '#/definitions/attributes' tags: $ref: '#/definitions/tags' typeId: $ref: '#/definitions/postureCheckType' discriminator: typeId postureCheckProcessCreate: allOf: - $ref: '#/definitions/postureCheckCreate' - type: object required: - process properties: process: $ref: '#/definitions/process' x-class: PROCESS postureCheckProcessDetail: allOf: - $ref: '#/definitions/postureCheckDetail' - type: object required: - process properties: process: $ref: '#/definitions/process' x-class: PROCESS postureCheckProcessMultiCreate: allOf: - $ref: '#/definitions/postureCheckCreate' - type: object required: - semantic - processes properties: processes: type: array minItems: 1 items: $ref: '#/definitions/processMulti' semantic: $ref: '#/definitions/semantic' x-class: PROCESS_MULTI postureCheckProcessMultiDetail: allOf: - $ref: '#/definitions/postureCheckDetail' - type: object required: - semantic - processes properties: processes: type: array minItems: 1 items: $ref: '#/definitions/processMulti' semantic: $ref: '#/definitions/semantic' x-class: PROCESS_MULTI postureCheckProcessMultiPatch: allOf: - $ref: '#/definitions/postureCheckPatch' - type: object properties: processes: type: array minItems: 1 items: $ref: '#/definitions/processMulti' semantic: $ref: '#/definitions/semantic' x-class: PROCESS_MULTI postureCheckProcessMultiUpdate: allOf: - $ref: '#/definitions/postureCheckUpdate' - type: object required: - semantic - processes properties: processes: type: array minItems: 1 items: $ref: '#/definitions/processMulti' semantic: $ref: '#/definitions/semantic' x-class: PROCESS_MULTI postureCheckProcessPatch: allOf: - $ref: '#/definitions/postureCheckPatch' - type: object properties: process: $ref: '#/definitions/process' x-class: PROCESS postureCheckProcessUpdate: allOf: - $ref: '#/definitions/postureCheckUpdate' - type: object required: - process properties: process: $ref: '#/definitions/process' x-class: PROCESS postureCheckType: type: string enum: - OS - PROCESS - DOMAIN - MAC - MFA - PROCESS_MULTI postureCheckTypeDetail: allOf: - $ref: '#/definitions/baseEntity' - type: object required: - name - operatingSystems - version properties: name: type: string operatingSystems: type: array items: $ref: '#/definitions/operatingSystem' version: type: string postureCheckTypeList: type: array items: $ref: '#/definitions/postureCheckTypeDetail' postureCheckUpdate: type: object required: - name properties: name: type: string roleAttributes: $ref: '#/definitions/attributes' tags: $ref: '#/definitions/tags' typeId: $ref: '#/definitions/postureCheckType' discriminator: typeId postureChecksFailureMfaCriteria: type: object required: - passedMfaAt - wokenAt - unlockedAt - timeoutSeconds - timeoutRemainingSeconds properties: passedMfaAt: type: string format: date-time timeoutRemainingSeconds: type: integer timeoutSeconds: type: integer unlockedAt: type: string format: date-time wokenAt: type: string format: date-time postureChecksFailureMfaValues: type: object properties: passedMfa: type: boolean x-omitempty: false passedOnUnlock: type: boolean x-omitempty: false passedOnWake: type: boolean x-omitempty: false timedOut: type: boolean x-omitempty: false postureData: type: object required: - mac - domain - os - processes - apiSessionPostureData properties: apiSessionPostureData: type: object additionalProperties: $ref: '#/definitions/apiSessionPostureData' domain: $ref: '#/definitions/postureDataDomain' mac: $ref: '#/definitions/postureDataMac' os: $ref: '#/definitions/postureDataOs' processes: type: array items: $ref: '#/definitions/postureDataProcess' postureDataBase: type: object required: - postureCheckId - timedOut - lastUpdatedAt properties: lastUpdatedAt: type: string format: date-time postureCheckId: type: string timedOut: type: boolean postureDataDomain: type: object allOf: - $ref: '#/definitions/postureDataBase' - type: object required: - domain properties: domain: type: string postureDataEndpointState: type: object required: - wokenAt - unlockedAt properties: unlockedAt: type: string format: date-time wokenAt: type: string format: date-time postureDataEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/postureData' meta: $ref: '#/definitions/meta' postureDataMac: type: object allOf: - $ref: '#/definitions/postureDataBase' - type: object required: - addresses properties: addresses: type: array items: type: string postureDataMfa: type: object required: - apiSessionId - passedMfa - passedOnWake - passedOnUnlock - passedAt properties: apiSessionId: type: string passedAt: type: string format: date-time x-omitempty: false passedMfa: type: boolean x-omitempty: false passedOnUnlock: type: boolean x-omitempty: false passedOnWake: type: boolean x-omitempty: false postureDataOs: type: object allOf: - $ref: '#/definitions/postureDataBase' - type: object required: - type - version - build properties: build: type: string type: type: string version: type: string postureDataProcess: type: object allOf: - $ref: '#/definitions/postureDataBase' - type: object properties: binaryHash: type: string isRunning: type: boolean signerFingerprints: type: array items: type: string postureQueries: type: object required: - policyId - isPassing - postureQueries properties: isPassing: type: boolean policyId: type: string policyType: $ref: '#/definitions/dialBind' postureQueries: type: array items: $ref: '#/definitions/postureQuery' postureQuery: type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - queryType - isPassing - timeout - timeoutRemaining properties: isPassing: type: boolean process: $ref: '#/definitions/postureQueryProcess' processes: type: array items: $ref: '#/definitions/postureQueryProcess' queryType: $ref: '#/definitions/postureCheckType' timeout: type: integer timeoutRemaining: type: integer postureQueryProcess: type: object properties: osType: $ref: '#/definitions/osType' path: type: string process: type: object required: - osType - path properties: hashes: type: array items: type: string osType: $ref: '#/definitions/osType' path: type: string signerFingerprint: type: string processMulti: type: object required: - osType - path properties: hashes: type: array items: type: string osType: $ref: '#/definitions/osType' path: type: string signerFingerprints: type: array items: type: string reEnroll: type: object required: - expiresAt properties: expiresAt: type: string format: date-time roleAttributesList: description: An array of role attributes type: array items: type: string roles: type: array items: type: string x-omitempty: false routerCreate: type: object required: - name properties: cost: type: integer maximum: 65535 minimum: 0 x-nullable: true disabled: type: boolean x-nullable: true name: type: string noTraversal: type: boolean x-nullable: true tags: $ref: '#/definitions/tags' routerDetail: type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - name - isVerified - isOnline - fingerprint - cost - noTraversal - disabled properties: cost: type: integer maximum: 65535 minimum: 0 disabled: type: boolean enrollmentCreatedAt: type: string format: date-time x-nullable: true enrollmentExpiresAt: type: string format: date-time x-nullable: true enrollmentJwt: type: string x-nullable: true enrollmentToken: type: string x-nullable: true fingerprint: type: string isOnline: type: boolean isVerified: type: boolean name: type: string noTraversal: type: boolean unverifiedCertPem: type: string x-nullable: true x-omitempty: false unverifiedFingerprint: type: string x-nullable: true x-omitempty: false routerEntityRef: type: object allOf: - $ref: '#/definitions/entityRef' - type: object required: - isOnline properties: isOnline: type: boolean routerList: type: array items: $ref: '#/definitions/routerDetail' routerPatch: type: object properties: cost: type: integer maximum: 65535 minimum: 0 x-nullable: true disabled: type: boolean x-nullable: true name: type: string noTraversal: type: boolean x-nullable: true tags: $ref: '#/definitions/tags' routerUpdate: type: object required: - name properties: cost: type: integer maximum: 65535 minimum: 0 x-nullable: true disabled: type: boolean x-nullable: true name: type: string noTraversal: type: boolean x-nullable: true tags: $ref: '#/definitions/tags' sdkInfo: description: SDK information an authenticating client may provide type: object properties: appId: type: string appVersion: type: string branch: type: string revision: type: string type: type: string version: type: string semantic: type: string enum: - AllOf - AnyOf serviceConfigAssign: type: object required: - serviceId - configId properties: configId: type: string serviceId: type: string serviceConfigDetail: type: object required: - serviceId - service - configId - config properties: config: $ref: '#/definitions/entityRef' configId: type: string service: $ref: '#/definitions/entityRef' serviceId: type: string example: config: _links: self: href: ./identities/13347602-ba34-4ff7-8082-e533ba945744 id: 13347602-ba34-4ff7-8082-e533ba945744 name: test-config-02fade09-fcc3-426c-854e-18539726bdc6 urlName: configs service: _links: self: href: ./services/913a8c63-17a6-44d7-82b3-9f6eb997cf8e id: 913a8c63-17a6-44d7-82b3-9f6eb997cf8e name: netcat4545-egress-r2 urlName: services serviceConfigList: type: array items: $ref: '#/definitions/serviceConfigDetail' serviceConfigsAssignList: type: array items: $ref: '#/definitions/serviceConfigAssign' serviceCreate: type: object required: - name - encryptionRequired properties: configs: type: array items: type: string encryptionRequired: description: Describes whether connections must support end-to-end encryption on both sides of the connection. type: boolean name: type: string roleAttributes: type: array items: type: string tags: $ref: '#/definitions/tags' terminatorStrategy: type: string serviceDetail: type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - name - terminatorStrategy - roleAttributes - permissions - configs - config - encryptionRequired - postureQueries properties: config: description: map of config data for this service keyed by the config type name. Only configs of the types requested will be returned. type: object additionalProperties: type: object additionalProperties: type: object configs: type: array items: type: string encryptionRequired: description: Describes whether connections must support end-to-end encryption on both sides of the connection. Read-only property, set at create. type: boolean name: type: string permissions: $ref: '#/definitions/dialBindArray' postureQueries: type: array items: $ref: '#/definitions/postureQueries' roleAttributes: $ref: '#/definitions/attributes' terminatorStrategy: type: string serviceEdgeRouterPolicyCreate: type: object required: - name - semantic properties: edgeRouterRoles: $ref: '#/definitions/roles' name: type: string semantic: $ref: '#/definitions/semantic' serviceRoles: $ref: '#/definitions/roles' tags: $ref: '#/definitions/tags' serviceEdgeRouterPolicyDetail: type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - name - semantic - edgeRouterRoles - edgeRouterRolesDisplay - serviceRoles - serviceRolesDisplay properties: edgeRouterRoles: $ref: '#/definitions/roles' edgeRouterRolesDisplay: $ref: '#/definitions/namedRoles' name: type: string semantic: $ref: '#/definitions/semantic' serviceRoles: $ref: '#/definitions/roles' serviceRolesDisplay: $ref: '#/definitions/namedRoles' serviceEdgeRouterPolicyList: type: array items: $ref: '#/definitions/serviceEdgeRouterPolicyDetail' serviceEdgeRouterPolicyPatch: type: object properties: edgeRouterRoles: $ref: '#/definitions/roles' name: type: string semantic: $ref: '#/definitions/semantic' serviceRoles: $ref: '#/definitions/roles' tags: $ref: '#/definitions/tags' serviceEdgeRouterPolicyUpdate: type: object required: - name - semantic properties: edgeRouterRoles: $ref: '#/definitions/roles' name: type: string semantic: $ref: '#/definitions/semantic' serviceRoles: $ref: '#/definitions/roles' tags: $ref: '#/definitions/tags' serviceList: type: array items: $ref: '#/definitions/serviceDetail' servicePatch: type: object properties: configs: type: array items: type: string encryptionRequired: description: Describes whether connections must support end-to-end encryption on both sides of the connection. Read-only property, set at create. type: boolean name: type: string roleAttributes: type: array items: type: string tags: $ref: '#/definitions/tags' terminatorStrategy: type: string servicePolicyCreate: type: object required: - name - type - semantic properties: identityRoles: $ref: '#/definitions/roles' name: type: string postureCheckRoles: $ref: '#/definitions/roles' semantic: $ref: '#/definitions/semantic' serviceRoles: $ref: '#/definitions/roles' tags: $ref: '#/definitions/tags' type: $ref: '#/definitions/dialBind' servicePolicyDetail: type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - name - type - semantic - serviceRoles - serviceRolesDisplay - identityRoles - identityRolesDisplay - postureCheckRoles - postureCheckRolesDisplay properties: identityRoles: $ref: '#/definitions/roles' identityRolesDisplay: $ref: '#/definitions/namedRoles' name: type: string postureCheckRoles: $ref: '#/definitions/roles' postureCheckRolesDisplay: $ref: '#/definitions/namedRoles' semantic: $ref: '#/definitions/semantic' serviceRoles: $ref: '#/definitions/roles' serviceRolesDisplay: $ref: '#/definitions/namedRoles' type: $ref: '#/definitions/dialBind' servicePolicyList: type: array items: $ref: '#/definitions/servicePolicyDetail' servicePolicyPatch: type: object properties: identityRoles: $ref: '#/definitions/roles' name: type: string postureCheckRoles: $ref: '#/definitions/roles' semantic: $ref: '#/definitions/semantic' serviceRoles: $ref: '#/definitions/roles' tags: $ref: '#/definitions/tags' type: $ref: '#/definitions/dialBind' servicePolicyUpdate: type: object required: - name - type - semantic properties: identityRoles: $ref: '#/definitions/roles' name: type: string postureCheckRoles: $ref: '#/definitions/roles' semantic: $ref: '#/definitions/semantic' serviceRoles: $ref: '#/definitions/roles' tags: $ref: '#/definitions/tags' type: $ref: '#/definitions/dialBind' serviceUpdate: type: object required: - name properties: configs: type: array items: type: string encryptionRequired: description: Describes whether connections must support end-to-end encryption on both sides of the connection. Read-only property, set at create. type: boolean name: type: string roleAttributes: type: array items: type: string tags: $ref: '#/definitions/tags' terminatorStrategy: type: string sessionDetail: type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - type - apiSessionId - apiSession - serviceId - service - token - edgeRouters - identityId properties: apiSession: $ref: '#/definitions/entityRef' apiSessionId: type: string edgeRouters: type: array items: $ref: '#/definitions/sessionEdgeRouter' identityId: type: string service: $ref: '#/definitions/entityRef' serviceId: type: string token: type: string type: $ref: '#/definitions/dialBind' sessionEdgeRouter: allOf: - $ref: '#/definitions/commonEdgeRouterProperties' - type: object required: - urls properties: urls: type: object additionalProperties: type: string sessionManagementDetail: allOf: - $ref: '#/definitions/sessionDetail' - type: object properties: servicePolicies: type: array items: $ref: '#/definitions/entityRef' sessionManagementList: type: array items: $ref: '#/definitions/sessionManagementDetail' sessionRoutePathDetail: type: object properties: routePath: type: array items: type: string specBodyDetail: type: string specDetail: type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - name properties: name: type: string specList: type: array items: $ref: '#/definitions/specDetail' subTags: type: object additionalProperties: type: object tags: description: 'A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean' allOf: - $ref: '#/definitions/subTags' x-nullable: true terminatorCost: type: integer maximum: 65535 minimum: 0 terminatorCostMap: type: object additionalProperties: $ref: '#/definitions/terminatorCost' terminatorCreate: type: object required: - service - router - address - binding properties: address: type: string binding: type: string cost: $ref: '#/definitions/terminatorCost' identity: type: string identitySecret: type: string format: byte precedence: $ref: '#/definitions/terminatorPrecedence' router: type: string service: type: string tags: $ref: '#/definitions/tags' terminatorDetail: type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - serviceId - service - routerId - router - binding - address - identity - cost - precedence - dynamicCost properties: address: type: string binding: type: string cost: $ref: '#/definitions/terminatorCost' dynamicCost: $ref: '#/definitions/terminatorCost' identity: type: string precedence: $ref: '#/definitions/terminatorPrecedence' router: $ref: '#/definitions/entityRef' routerId: type: string service: $ref: '#/definitions/entityRef' serviceId: type: string terminatorList: type: array items: $ref: '#/definitions/terminatorDetail' terminatorPatch: type: object properties: address: type: string binding: type: string cost: $ref: '#/definitions/terminatorCost' precedence: $ref: '#/definitions/terminatorPrecedence' router: type: string service: type: string tags: $ref: '#/definitions/tags' terminatorPrecedence: type: string enum: - default - required - failed terminatorPrecedenceMap: type: object additionalProperties: $ref: '#/definitions/terminatorPrecedence' terminatorUpdate: type: object required: - service - router - address - binding properties: address: type: string binding: type: string cost: $ref: '#/definitions/terminatorCost' precedence: $ref: '#/definitions/terminatorPrecedence' router: type: string service: type: string tags: $ref: '#/definitions/tags' traceDetail: type: object properties: enabled: type: boolean traceId: type: string until: type: string format: date-time traceDetailEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/traceDetail' meta: $ref: '#/definitions/meta' traceSpec: type: object properties: channels: type: array items: type: string duration: type: string enabled: type: boolean traceId: type: string username: type: string maxLength: 100 minLength: 4 usernameNullable: type: string maxLength: 100 minLength: 4 x-nullable: true version: type: object properties: apiVersions: type: object additionalProperties: type: object additionalProperties: $ref: '#/definitions/apiVersion' buildDate: type: string example: "2020-02-11 16:09:08" revision: type: string example: ea556fc18740 runtimeVersion: type: string example: go1.13.5 version: type: string example: v0.9.0 versionInfo: type: object required: - os - version - arch - buildDate - revision properties: arch: type: string buildDate: type: string os: type: string revision: type: string version: type: string securityDefinitions: oauth2: type: oauth2 flow: accessCode authorizationUrl: /oidc/authorize tokenUrl: /oidc/token scopes: openid: openid ztSession: description: An API Key that is provided post authentication type: apiKey name: zt-session in: header