List basic information about products that are integrated with One Identity Safeguard for Privileged Sessions (SPS).
URL
GET https://<IP-address-of-SPS>/api/integrated_products
Cookies
| session_id |
Contains the authentication token of the user |
Required |
The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For more information on authentication, see Authenticate to the SPS REST API.
NOTE: This session ID refers to the connection between the REST client and the SPS REST API. It is not related to the sessions that SPS records (and which also have a session ID, but in a different format). |
Operations
Operations with the /integrated_products endpoint include:
| Retrieving information about products integrated with SPS |
GET |
/api/integrated_products |
When SPS is joined to One Identity Starling, but One Identity Starling is not available, you will receive the following warning message: Information about the integrated Starling products cannot be retrieved.
Check the following:
- The Starling cloud service is available.
- Your SPS appliance is connected to the Internet.
When your credentials to access One Identity Starling are invalid, you will receive the following warning message: The credentials used for accessing Starling are invalid. This may happen because SPS was un-joined from Starling and restored to a previous joined state. Re-join the SPS to get valid credentials. |
Sample request
The following command lists products that are integrated with SPS.
curl --cookie cookies https://<IP-address-of-SPS>/api/integrated_products
Response
The following is a sample response received when SPS is joined with One Identity Starling, but not with any other products integrated with the One Identity Starling platform.
For more information on the meta object, see Message format.
{
"items": [
{
"name": "Defender",
"link": null,
"activated": false
},
{
"name": "Connect",
"link": null,
"activated": false
},
{
"name": "Governance",
"link": null,
"activated": false
},
{
"name": "RemoteAccess",
"link": null,
"activated": false
}
]
}
The following is a sample response received when SPS is joined with SPP.
{
"items": [
{
"name": "Safeguard for Privileged Passwords",
"activated": true,
"link": "https://10.10.10.10"
}
]
}
The following is a sample response received when SPS is joined with One Identity Starling, and it is integrated with certain One Identity Starling products.
{
"items": [
{
"name": "Defender",
"link": "https://2fa.cloud.oneidentity.com",
"activated": true
},
{
"name": "Connect",
"link": "https://connect.cloud.oneidentity.com",
"activated": true
},
{
"name": "Governance",
"link": null,
"activated": false
}
]
}
Elements of the response message body include:
| items |
object array |
A list of One Identity Starling products that are integrated SPS. |
When there are no products integrated with SPS, the items field returns empty: {
"items": []
}
|
|
items.name |
string |
The name of the integrated One Identity Starling product. |
|
|
items.link |
format(uri) |
The URL of the integrated One Identity Starling product. |
If the product is not integrated, the value of the link parameter will be null. |
|
items.activated |
boolean |
Indicates whether the product is integrated with SPS or not. |
Possible values:
|
HTTP response codes
For more information and a complete list of standard HTTP response codes, see Application level error codes.
A list of endpoints managing SPS firmware images.
URL
GET https://<IP-address-of-SPS>/api/firmware
Cookies
| session_id |
Contains the authentication token of the user |
Required |
The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For more information on authentication, see Authenticate to the SPS REST API.
NOTE: This session ID refers to the connection between the REST client and the SPS REST API. It is not related to the sessions that SPS records (and which also have a session ID, but in a different format). |
Sample request
The following command lists management configuration endpoints.
curl --cookie cookies https://<IP-address-of-SPS>/api/firmware
Response
The following is a sample response received when firmware-related configuration endpoints are listed.
For more information on the meta object, see Message format.
{
"items": [
{
"key": "fetch",
"meta": {
"href": "/api/firmware/fetch"
}
},
{
"key": "slots",
"meta": {
"href": "/api/firmware/slots"
}
},
{
"key": "test",
"meta": {
"href": "/api/firmware/test"
}
},
{
"key": "upgrade",
"meta": {
"href": "/api/firmware/upgrade"
}
}
],
"meta": {
"href": "/api/firmware",
"parent": "/api",
"fetch": "/api/firmware/fetch",
"slots": "/api/firmware/slots",
"test": "/api/firmware/test",
"upgrade": "/api/firmware/upgrade"
}
}
|
fetch |
Install firmware files by providing a URL. |
| slots |
Retrieve information about SPS firmware images maintained on the device in locations called slots. |
| test |
Trigger an upgrade test without an actual upgrade. |
| upgrade |
Upgrade SPS to new firmware. |
| upload |
Upload new firmware to SPS. |
Retrieve information about SPS firmware images maintained on the device in locations called slots.
Base URL
https://<address-of-SPS>/api
Sample request
HTTP operations with the /slots endpoint include:
|
GET |
/api/firmware/slots
curl -X GET -b "${COOKIE_PATH}" https://<address-of-SPS>/api/firmware/slots | |
Listing all available firmware image slots |
|
|
GET |
/api/firmware/slots/<slot_id>
curl -X GET -b "${COOKIE_PATH}" https://<address-of-SPS>/api/firmware/slots/<slot_id> | |
Listing a specific firmware image slot |
|
|
DELETE |
/api/firmware/slots/<slot_id>
curl -X DELETE -b "${COOKIE_PATH}" https://<address-of-SPS>/api/firmware/slots/<slot_id> | |
Deleting a firmware image slot |
NOTE: Deleting the current firmware, or the one after the reboot, is not allowed. |
Examples
Firmware slots
Elements of the response message body include:
|
after_reboot |
boolean |
This flag shows that the firmware is selected to be the active firmware after upgrade. |
Possible values:
|
|
current |
boolean |
Indicates whether the firmware is active. |
Possible values:
|
|
upgrade_news |
string |
Displays SPS Upgrade Notes that is relevant to the current firmware. |
If there is no such information available, the value will be null. |
|
upgrade_notes |
string |
The content of the SPS Upgrade Notes. |
|
|
version |
number |
The version number of that specific SPS firmware image. |
|
For more information on the meta object, see Message format.
HTTP response codes
For more information and a complete list of standard HTTP response codes, see Application level error codes.
Use the /firmware/test endpoint as a precheck tool to trigger an upgrade test without an actual upgrade. The test reveals whether the current state of SPS is compatible with the new firmware. Possible areas where errors can occur:
-
version compatibility - the new firmware is compatible with the upgrade policy
-
storage space - there is enough free storage space for the upgrade
-
configuration compatibility - the current configuration settings are supported in the new firmware
-
tainted firmware - whether or not there are manually modified files on the firmware
URL
POST https://<IP-address-of-SPS>/api/firmware/test
Cookies
| session_id |
Contains the authentication token of the user |
Required |
The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For more information on authentication, see Authenticate to the SPS REST API.
NOTE: This session ID refers to the connection between the REST client and the SPS REST API. It is not related to the sessions that SPS records (and which also have a session ID, but in a different format). |
Operations
Operations with the /firmware/test endpoint include:
|
Testing new SPS firmware before upgrade |
POST |
/api/firmware/test |
|
Sample request
The following command triggers a firmware upgrade test.
curl --cookie cookies https://<IP-address-of-SPS>/api/firmware/test --data '{"slot_id": <slot_id>}'
NOTE: You require a payload first, from which you choose the firmware you want to test.
Response
There can be three possible outcomes:
-
the upgrade was successful:
{"body": "...", "key": <slot_id>}
-
the upgrade was not successful due to invalid input:
-
the slot_id is missing from the payload
{"error": {"type": "IncompleteRequestBodyError"}}
-
the tested firmware slot is empty
{"error": {"type": "ResourceNotFound"}}
-
the upgrade was not successful due to an error:
{"error": {"type": "FirmwareTestFailed"}}
The following is a sample response received when the upgrade test was successful.
For more information on the meta object, see Message format.
{
"body":
{ "test_summary": "HA check started\nHA check finished" },
"key": "1",
"meta": {
"href": "/api/firmware/test",
"parent": "/api/firmware",
"slot": "/api/firmware/slots/1",
"upgrade": "/api/firmware/upgrade"
}
}
The following is a sample response received when the upgrade test was not successful, because the firmware slot is empty.
{
"error": {
"details": {
"mount_point": "/firmware/test",
"resource": "3"
},
"message": "Resource was not found",
"type": "ResourceNotFound"
},
"meta": {
"href": "/api/firmware/test",
"parent": "/api/firmware"
}
}
Elements of the response message body include:
|
error.details |
object |
|
|
|
error.details.mount_point |
string |
The reference point - in this case a URL path - at which details of the error can be accessed. |
This is a fix value: /firmware/test |
|
error.details.resource |
number |
The identifier of the firmware image slot. |
|
|
error.message |
string |
The content of the error message. |
|
|
error.type |
string |
The type of the error message. |
|
The following is a sample response received when the upgrade test was not successful, because the slot_id is missing from the payload.
{
"error": {
"details": {
"missing_paths": [
"slot_id"
]
},
"message": "Some paths were missing from the request body",
"type": "IncompleteRequestBodyError"
},
"meta": {
"href": "/api/firmware/test",
"parent": "/api/firmware"
}
}
Elements of the response message body include:
|
error.details |
object |
|
|
|
error.details.missing_paths |
array |
A list of missing URL path parameters. |
In this case, there can be only one value here, which is slot_id. |
|
error.details.missing_paths.slot_id |
|
The identifier of the firmware image slot. |
|
|
error.message |
string |
The content of the error message. |
|
|
error.type |
string |
The type of the error message. |
|
The following is a sample response received when the upgrade test was not successful, because an error was found during testing.
{
"error": {
"details": {
"exit_code": 1,
"test_summary": "HA check started\nHA check failed"
},
"message": "The firmware test failed",
"type": "FirmwareTestFailed"
},
"meta": {
"href": "/api/firmware/test",
"parent": "/api/firmware"
}
}
Elements of the response message body include:
|
error.details |
object |
|
|
|
error.details.exit_code |
number |
|
Possible values:
|
|
error.details.test_summary |
string |
The summary of the upgrade test in free text format. |
For example:
HA check started,
HA check failed |
|
error.message |
string |
The content of the error message. |
|
|
error.type |
string |
The type of the error message. |
|
HTTP response codes
For more information and a complete list of standard HTTP response codes, see Application level error codes.
