Tchater maintenant avec le support
Tchattez avec un ingénieur du support

One Identity Safeguard for Privileged Sessions 6.14 - REST API Reference Guide

Introduction Using the SPS REST API Basic settings User management and access control Managing SPS General connection settings HTTP connections Citrix ICA connections MSSQL connections RDP connections SSH connections Telnet connections VNC connections Search, download, and index sessions Reporting Health and maintenance Advanced authentication and authorization Completing the Welcome Wizard using REST Enable and configure analytics using REST

Retrieve basic firmware and host information

The /api/info endpoint contains generic information about the SPS host. Note that part of this information is available without authentication.

URL
GET https://<IP-address-of-SPS>/api/info
Cookies
Cookie name Description Required Values
session_id Contains the authentication token of the user Required

The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For details on authentication, see Authenticate to the SPS REST API.

NOTE: This session ID refers to the connection between the REST client and the SPS REST API. It is not related to the sessions that SPS records (and which also have a session ID, but in a different format)..

Sample request

The following command displays the information about SPS that is available without authentication.

curl https://10.40.255.171/api/info

The following command displays the information about SPS that is available for authenticated users.

curl --cookie cookies https://<IP-address-of-SPS>/api/info
Response

The following is a sample response received by an anonymous user.

For details of the meta object, see Message format.

{
    "body": {
	    "domainname": "example",
        "hostname": "scbwriter",
        "nickname": null,
        "plugin_sdk_version": {
            "feature": "1.4",
            "full": "1.4.4"
        },
        "support_link": "mailto:scb-administrator@example.com"
    },
    "key": "about_info",
    "meta": {
        "href": "/api/info",
        "parent": "/api"
    }
}

The following is a sample response received by an authenticated user.

{
    "body": {
        "analytics_enabled": false,
	"build_date": "2018-06-15T20:18:40+00:00",
	"config_hash": "2abde4c81d9b544bf53fae4f4b9657fc",
        "domainname": "example",
        "firmware_version": "5.7.0",
        "hostname": "scbwriter",
        "nickname": null,
        "plugin_sdk_version": {
            "feature": "1.4",
            "full": "1.4.4"
        },
	"roles": [
		"central-management",
		"search-master"
	],
        "support_link": "mailto:scb-administrator@example.com",
        "version": "5 F7"
    },
    "key": "about_info",
    "meta": {
        "href": "/api/info",
        "remaining_seconds": 9889
        "parent": "/api"
    }
}
Element Description

analytics_enabled

Indicates whether or not the One Identity Safeguard for Privileged Analytics module has been enabled.

build_date Build date of the SPS firmware. This element is included in the response only for authenticated users.

config_hash

Contains the hash of the XML database running on the given SPS host.

domainname Name of the domain used on the network. You can configure this parameter on the /api/configuration/network/naming endpoint. For details, see Naming options.
hostname Name of the machine running SPS. You can configure this parameter on the /api/configuration/network/naming endpoint. For details, see Naming options.
nickname The nickname of the SPS host. Use it to distinguish the devices. It is displayed in the core and boot login shells. You can configure this parameter on the /api/configuration/network/naming endpoint. For details, see Naming options.
plugin_sdk_version

The version number of the Plugin SDK.

  • The value of feature represents the feature release version.

  • The value of full represents the minor release version.

support_link The e-mail address of the SPS administrator, as set in the admin_address parameter of the /api/configuration/management/email endpoint. For details, see Mail settings.
firmware_version The version number of the firmware running on SPS, for example, 4.3.2a. This element is included in the response only for authenticated users.
version The name of the major release running on SPS, for example, 4 F3. This element is included in the response only for authenticated users.
Status and error codes

The following table lists the typical status and error codes for this request. For a complete list of error codes, see Application level error codes.

Code Description Notes
401 Unauthenticated The requested resource cannot be retrieved because the client is not authenticated and the resource requires authorization to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved.
403 Unauthorized The requested resource cannot be retrieved because the client is not authorized to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved.

Listing integrated products with SPS

List basic information about products that are integrated with One Identity Safeguard for Privileged Sessions (SPS).

URL
GET https://<IP-address-of-SPS>/api/integrated_products
Cookies
Cookie name Description Required Values
session_id Contains the authentication token of the user Required

The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For details on authentication, see Authenticate to the SPS REST API.

NOTE: This session ID refers to the connection between the REST client and the SPS REST API. It is not related to the sessions that SPS records (and which also have a session ID, but in a different format)..

Operations

Operations with the /integrated_products endpoint include:

Operation HTTP method URL

Notes

Retrieving information about products integrated with SPS GET /api/integrated_products

When SPS is joined to One Identity Starling, but One Identity Starling is not available, you will receive the following warning message:

Information about the integrated Starling products cannot be retrieved.
Check the following:
- The Starling cloud service is available.
- Your SPS appliance is connected to the Internet.
						

When your credentials to access One Identity Starling are invalid, you will receive the following warning message:

The credentials used for accessing Starling are invalid. This may happen because SPS was un-joined from Starling and restored to a previous joined state. Re-join the SPS to get valid credentials.
Sample request

The following command lists products that are integrated with SPS.

curl --cookie cookies https://<IP-address-of-SPS>/api/integrated_products
Response

The following is a sample response received when SPS is joined with One Identity Starling, but not with any other products integrated with the One Identity Starling platform.

For details of the meta object, see Message format.

{
     "items": [
     {
       "name": "Defender",
       "link": null,
       "activated": false
     },
     {
       "name": "Connect",
       "link": null,
       "activated": false
     },
     {
       "name": "Governance",
       "link": null,
       "activated": false
     },
     {
       "name": "RemoteAccess",
       "link": null,
       "activated": false
     }
    ]
   }
		

The following is a sample response received when SPS is joined with SPP.

{
   "items": [
     {
       "name": "Safeguard for Privileged Passwords",
       "activated": true,
       "link": "https://10.10.10.10"
     }
   ]
}

The following is a sample response received when SPS is joined with One Identity Starling, and it is integrated with certain One Identity Starling products.

{
     "items": [
     {
       "name": "Defender",
       "link": "https://2fa.cloud.oneidentity.com",
       "activated": true
     },
     {
       "name": "Connect",
       "link": "https://connect.cloud.oneidentity.com",
       "activated": true
     },
     {
       "name": "Governance",
       "link": null,
       "activated": false
     }
    ]
   }
		

Elements of the response message body include:

Element

Type

Description

Notes

items

object array

A list of One Identity Starling products that are integrated SPS.

When there are no products integrated with SPS, the items field returns empty:

{
     "items": []
    }
						

items.name

string

The name of the integrated One Identity Starling product.

items.link

format(uri)

The URL of the integrated One Identity Starling product.

If the product is not integrated, the value of the link parameter will be null.

items.activated

boolean

Indicates whether the product is integrated with SPS or not.

Possible values:

  • true - the product is integrated with SPS

  • false - the product is not integrated with SPS

HTTP response codes

For more information and a complete list of standard HTTP response codes, see Application level error codes.

Firmware management

A list of endpoints managing SPS firmware images.

URL
GET https://<IP-address-of-SPS>/api/firmware
Cookies
Cookie name Description Required Values
session_id Contains the authentication token of the user Required

The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For details on authentication, see Authenticate to the SPS REST API.

NOTE: This session ID refers to the connection between the REST client and the SPS REST API. It is not related to the sessions that SPS records (and which also have a session ID, but in a different format)..

Sample request

The following command lists management configuration endpoints.

curl --cookie cookies https://<IP-address-of-SPS>/api/firmware
Response

The following is a sample response received when firmware-related configuration endpoints are listed.

For details of the meta object, see Message format.

{
  "items": [
    {
      "key": "slots",
      "meta": {
        "href": "/api/firmware/slots"
      }
    },
    {
      "key": "test",
      "meta": {
        "href": "/api/firmware/test"
      }
    },
    {
      "key": "upgrade",
      "meta": {
        "href": "/api/firmware/upgrade"
      }
    }
  ],
  "meta": {
    "href": "/api/firmware",
    "parent": "/api",
    "slots": "/api/firmware/slots",
    "test": "/api/firmware/test",
    "upgrade": "/api/firmware/upgrade"
  }
}
Endpoints Description
slots Retrieve information about SPS firmware images maintained on the device in locations called slots.
test Use the /firmware/test endpoint as a precheck tool to trigger an upgrade test without an actual upgrade.
upgrade Use the /firmware/upgrade endpoint to upgrade SPS to a new firmware.
upload Use the /upload/firmware endpoint to upload new firmware to SPS.
HTTP response codes

For more information and a complete list of standard HTTP response codes, see Application level error codes.

Retrieving information about SPS firmware image slots

Retrieve information about SPS firmware images maintained on the device in locations called slots.

URL
GET https://<IP-address-of-SPS>/api/firmware/slots
Cookies
Cookie name Description Required Values
session_id Contains the authentication token of the user Required

The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For details on authentication, see Authenticate to the SPS REST API.

NOTE: This session ID refers to the connection between the REST client and the SPS REST API. It is not related to the sessions that SPS records (and which also have a session ID, but in a different format)..

Operations

Operations with the /firmware/slots endpoint include:

Operation HTTP method URL

Notes

Retrieving information from firmware image slots GET /api/firmware/slots

 

Retrieving information from a specific firmware image slot GET /api/firmware/slots/<slot_id>

Example:

/api/firmware/slots/1

Deleting a firmware image slot DELETE /api/firmware/slots/<slot_id>

NOTE: Deleting the current of after reboot firmware is not allowed.

Sample request

The following command lists all available firmware image slots.

curl --cookie cookies https://<IP-address-of-SPS>/api/firmware/slots
Response

The following is a sample response received when available firmware image slots are listed. .

For details of the meta object, see Message format.

{
     "items": [
        {
          "body": {
            "after_reboot": false,
            "current": true,
            "upgrade_news": null,
            "upgrade_notes": "some notes",
            "version": "6.5.0"
          },
          "key": "1",
          "meta": {
            "href": "/api/firmware/slots/1"
          }
        },
        {
          "body": {
            "after_reboot": true,
            "current": false,
            "upgrade_news": null,
            "upgrade_notes": "some notes",
            "version": "6.6.0"
          },
          "key": "2",
          "meta": {
            "href": "/api/firmware/slots/2"
          }
        },
        {
          "body": {},
          "key": "3",
          "meta": {
            "href": "/api/firmware/slots/3"
          }
        },
        {
          "body": {
            "after_reboot": false,
            "current": false,
            "upgrade_news": null,
            "upgrade_notes": "some notes",
            "version": "6.7.0"
          },
          "key": "4",
          "meta": {
            "href": "/api/firmware/slots/4"
           }
        },
        {
          "body": {},
          "key": "5",
          "meta": {
            "href": "/api/firmware/slots/5"
          }
        }
     ],
     "meta": {
       "current_slot": "/api/firmware/slots/1",
       "href": "/api/firmware/slots",
       "number_of_empty_slots": 2,
       "parent": "/api/firmware",
       "slot_after_reboot": "/api/firmware/slots/2"
     }
   }
		

The following is a sample response received when a specific firmware image slot is listed.

{
     "body": {
       "after_reboot": false,
       "current": true,
       "upgrade_news": null,
       "upgrade_notes": "some notes",
       "version": "6.5.0"
     },
     "key": "1",
     "meta": {
       "href": "/api/firmware/slots/1",
       "parent": "/api/firmware/slots"
     }
   }
		

Elements of the response message body include:

Element

Type

Description

Notes

after_reboot

boolean

This flag shows that the firmware is selected to be the active firmware after upgrade.

Possible values:

  • true - the firmware is the active firmware after upgrade

  • false - the firmware is not the active firmware after upgrade

current

boolean

Indicates whether the firmware is active.

Possible values:

  • true - the current firmware is the latest version

  • false - the current firmware is not the latest version

upgrade_news

string

Displays SPS Upgrade Notes that is relevant to the current firmware.

If there is no such information available, the value will be null.

upgrade_notes

string

The content of the SPS Upgrade Notes.

 

version

number

The version number of that specific SPS firmware image.

 

HTTP response codes

For more information and a complete list of standard HTTP response codes, see Application level error codes.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation