지금 지원 담당자와 채팅
지원 담당자와 채팅

One Identity Safeguard for Privileged Sessions 7.1.1 - REST API Reference Guide

Introduction Using the SPS REST API Basic settings User management and access control Managing SPS General connection settings HTTP connections Citrix ICA connections MSSQL connections RDP connections SSH connections Telnet connections VNC connections Search, retrieve, download, and index sessions Reporting Health and maintenance Advanced authentication and authorization Completing the Welcome Wizard using REST Enable and configure analytics using REST

Upgrading SPS to a new firmware

Use the /firmware/upgrade endpoint to upgrade SPS to a new firmware.

URL
POST https://<IP-address-of-SPS>/api/firmware/upgrade
Cookies
Cookie name Description Required Values
session_id Contains the authentication token of the user Required

The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For more information on authentication, see Authenticate to the SPS REST API.

NOTE: This session ID refers to the connection between the REST client and the SPS REST API. It is not related to the sessions that SPS records (and which also have a session ID, but in a different format).

Operations

Operations with the /firmware/upgrade endpoint include:

Operation HTTP method URL

Notes

Upgrading SPS to a new firmware POST /api/firmware/upgrade

 

Sample request

The following command upgrades SPS to a new firmware.

curl --cookie cookies https://<IP-address-of-SPS>/api/firmware/upgrade --data '{"slot_id": <slot_id>, "message": "..." | null}'

NOTE: The value of message can be null, if require_commit_log is disabled. If require_commit_log is enabled, then message is filled.

Response

There can be three possible outcomes:

  • the upgrade was successful:

    {"body": "...", "key": <slot_id>}
  • the upgrade was not successful due to invalid input:

    • the slot_id is missing from the payload

      {"error": {"type": "IncompleteRequestBodyError"}}
    • the tested firmware slot is empty

      {"error": {"type": "ResourceNotFound"}}
  • the upgrade was not successful due to an error:

    {"error": {"type": "FirmwareTestFailed"}}

The following is a sample response received when a SPS is upgraded to a new firmware.

For more information on the meta object, see Message format.

{
     "body":
       { "test_summary": "HA check started\nHA check finished" },
     "key": "1",
     "meta": {
       "href": "/api/firmware/upgrade",
       "parent": "/api/firmware",
       "slot": "/api/firmware/slots/1"
     }
   }
		

The following is a sample response received when a firmware upgrade is attempted on an empty slot.

{
     "error": {
       "details": {
         "mount_point": "/firmware/upgrade",
         "resource": "3"
       },
       "message": "Resource was not found",
       "type": "ResourceNotFound"
     },
     "meta": {
       "href": "/api/firmware/upgrade",
       "parent": "/api/firmware"
     }
   }
		

Elements of the response message body include:

Element

Type

Description

Notes

error.details

object

error.details.mount_point

string

The reference point - in this case a URL path - at which details of the error can be accessed.

This is a fix value:

/firmware/upgrade

error.details.resource

number

The identifier of the firmware image slot.

 

error.message

string

The content of the error message.

 

error.type

string

The type of the error message.

 

The following is a sample response received when message is missing from the request body during upgrade.

{
     "error": {
       "details": {
         "missing_paths": [
           "message"
         ]
       },
       "message": "Some paths were missing from the request body",
       "type": "IncompleteRequestBodyError"
     },
     "meta": {
       "href": "/api/firmware/upgrade",
       "parent": "/api/firmware"
     }
   }
		

Elements of the response message body include:

Element

Type

Description

Notes

error.details

object

error.details.missing_paths

array

A list of missing URL path parameters.

In this case, there can be only one value here, which is message.

error.message

string

The content of the error message.

 

error.type

string

The type of the error message.

 

The following is a sample response received when the firmware test fails during upgrade.

{
     "error": {
       "details": {
         "exit_code": 1,
         "test_summary": "HA check started\nHA check failed"
       },
       "message": "The firmware test failed",
       "type": "FirmwareTestFailed"
     },
     "meta": {
       "href": "/api/firmware/upgrade",
       "parent": "/api/firmware"
     }
   }
		

Elements of the response message body include:

Element

Type

Description

Notes

error.details

object

error.details.exit_code

number

Possible values:

  • 0 -the firmware test passed successfully

  • 1 - the firmware test failed

error.details.test_summary

string

The summary of the upgrade test in free text format.

For example:

  • HA check started

  • HA check failed

error.message

string

The content of the error message.

 

error.type

string

The type of the error message.

 

HTTP response codes

HTTP response codes comprise of standard or endpoint-specific HTTP status and error codes. The following table lists the endpoint-specific HTTP response codes for this request.

HTTP response code Status/Error Description
400 UpgradeMessageMissing The upgrade request did not contain a message. Adding a message is required.

For more information and a complete list of standard HTTP response codes, see Application level error codes.

Uploading new firmware to SPS

Use the /upload/firmware endpoint to upload new firmware to SPS.

URL
POST https://<IP-address-of-SPS>/api/upload/firmware
Cookies
Cookie name Description Required Values
session_id Contains the authentication token of the user Required

The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For more information on authentication, see Authenticate to the SPS REST API.

NOTE: This session ID refers to the connection between the REST client and the SPS REST API. It is not related to the sessions that SPS records (and which also have a session ID, but in a different format).

Operations

Operations with the /upload/firmware endpoint include:

Operation HTTP method URL

Notes

Uploading SPS firmware images POST /api/upload/firmware

The enctype attribute of the POST request must be multipart/form-data.

Sample request

The following command uploads a new firmware to SPS.

curl --cookie cookies https://<IP-address-of-SPS>/api/upload/firmware --form firmware=@<sps.iso>

Where <sps.iso> is the path of the new firmware.

Response

The following is a sample response received when a new firmware image is uploaded.

For more information on the meta object, see Message format.

{
     "body": {
       "after_reboot": true,
       "current": false,
       "upgrade_news": null,
       "upgrade_notes": "some notes",
      "version": "6.6.0"
     },
     "key": "2",
     "meta": {
       "href": "/api/upload/firmware",
       "slot": "/api/firmware/slots/2",
       "test": "/api/firmware/test",
       "upgrade": "/api/firmware/upgrade",
       "number_of_empty_slots": 2
     }
   }
		

Elements of the response message body include:

Element

Type

Description

Notes

after_reboot

boolean

This flag shows that the firmware is selected to be the active firmware after upgrade.

In this particular case, the value of after_reboot will always be false, as the firmware has not yet been chosen for upgrade.

current

boolean

Indicates whether the firmware is active.

Possible values:

  • true - the current firmware is the latest version

  • false - the current firmware is not the latest version

upgrade_news

string

Displays SPS Upgrade Notes that is relevant to the current firmware.

If there is no such information available, the value will be null.

upgrade_notes

string

The content of the SPS Upgrade Notes for that firmware image.

 

version

number

The version number of that specific SPS firmware image.

 

HTTP response codes

For more information and a complete list of standard HTTP response codes, see Application level error codes.

Downloading and installing SPS firmware through HTTP

With the /firmware/fetch endpoint you can avoid having to manually upload large SPS firmware ISO files before upgrading. Instead, you can install SPS firmware files by providing a URL through the SPS REST API. This also makes it easier to download and install a new firmware image on multiple SPS instances simultaneously. Download requests are processed asynchronously, as indicated by the 202 Accepted HTTP response.

URL
POST https://<IP-address-of-SPS>/api/firmware/fetch
Cookies
Cookie name Description Required Values
session_id Contains the authentication token of the user Required

The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For more information on authentication, see Authenticate to the SPS REST API.

NOTE: This session ID refers to the connection between the REST client and the SPS REST API. It is not related to the sessions that SPS records (and which also have a session ID, but in a different format).

Operations

Operations with the /firmware/fetch endpoint include:

Operation HTTP method URL

Notes

Start downloading a SPS firmware POST /api/firmware/fetch

 

Retrieve the status of SPS firmware downloads

GET

/api/firmware/fetch

 

Retrieve the status of a single SPS firmware download

GET

/api/firmware/fetch/<key-of-the-SPS-firmware-download>

 

Cancel a SPS firmware download

DELETE

/api/firmware/fetch/<key-of-the-SPS-firmware-download>

You can safely cancel running a SPS firmware file download while the status of the download is queued or in-progress.

If you cancel running a firmware download while its status is in-progress, any partially downloaded files will be removed from SPS. However, the status information remains in the queue, and can be removed by sending a second DELETE request to the same URL.

NOTE: After the firmware download and verification steps are completed, it is not possible to cancel the installation of the firmware.

Remove status information of finished, failed, and cancelled downloads

DELETE

/api/firmware/fetch/<key-of-the-SPS-firmware-download>

There is no automated procedure to remove outdated firmware downloads. You must remove them manually.

Sample request
Example: Start downloading SPS firmware files

The following command starts downloading SPS firmware files.

curl -X POST -b "${COOKIE_PATH}" --data "@-" https://<IP-address-of-SPS>/api/firmware/fetch
{
            "url": "https://example.com/sps.iso",
            "checksum": {
                "sha256": "e6837af0b5dcb5397c6bc8b52c0fb95aa49a3fea4303e274c7501f0857cb9b80"
            }
        }
 

Elements of the request message body include:

Element

Type

Description

Notes

url

string

 

 

checksum

object

When SPS downloads from a HTTPS URL, the server certificate is not validated during the SSL handshake. As a result, a checksum is required so that SPS can verify that the data was not tampered with in transit. The SPS download page for the respective version of the product provides the SHA-256 checksum of all official SPS images.

checksum is a required parameter and can only accept a sha256 hash as a value. This parameter must be used when you are running SPS in a production environment.

checksum.sha256

string

The SHA-256 hash of the SPS ISO image.

 

Response

The following is a sample response received if the request was successful.

For more information on the meta object, see Message format.

{
                "key": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
                "meta": {
                    "href": "/api/firmware/fetch/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
                    "parent": "/api/firmware",
                    "slots": "/api/firmware/slots",
                    "test": "/api/firmware/test",
                    "upgrade": "/api/firmware/upgrade"
                }
            }
 

Elements of the response message body include:

Element

Type

Description

Notes

key

string

The identifier of the SPS firmware file that is being downloaded.

 

Example: Retrieving the status of SPS firmware downloads

The following command is used to retrieve the download status of SPS firmwares.

curl -X GET -b "${COOKIE_PATH}" https://<IP-address-of-SPS>/api/firmware/fetch
Response

The following is a sample response received if the request was successful.

For more information on the meta object, see Message format.

{
              "items" : [
                  {
                      "body" : {
                          "bytes_downloaded" : 1234,
                          "bytes_total" : 1521614848,
                          "error": null,
                          "info" : "Downloading",
                          "slot_id" : null,
                          "start_time": "2022-03-30T12:00:01+00:00",
                          "status" : "in-progress",
                          "url" : "https://example.com/sps.iso"
                      },
                      "key" : "42dee328-9a26-4337-a1fd-3ee6cea3e815",
                      "meta" : {
                          "href" : "/api/firmware/fetch/42dee328-9a26-4337-a1fd-3ee6cea3e815"
                      }
                  },
                  {
                      "body" : {
                          "bytes_downloaded" : 0,
                          "bytes_total" : 0,
                          "error": "<class 'requests.exceptions.ConnectionError'>: HTTPConnectionPool(host='unreachable.com', port=80): Max retries exceeded with url: /sps.iso (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fc45e0e1ac0>: Failed to establish a new connection: [Errno -2] Name or service not known'))",
                          "info" : "Firmware fetching failed",
                          "slot_id" : null,
                          "start_time": "2022-03-30T12:00:01+00:00",
                          "status" : "failed",
                          "url" : "https://unreachable.com/sps.iso"
                      },
                      "key" : "023bc2b4-0efb-4eaa-a301-b29f8c395f8c",
                      "meta" : {
                          "href" : "/api/firmware/fetch/023bc2b4-0efb-4eaa-a301-b29f8c395f8c"
                      }
                  },
                  {
                      "body" : {
                          "bytes_downloaded" : 1594798080,
                          "bytes_total" : 1594798080,
                          "error": null,
                          "info" : null,
                          "slot_id" : 2,
                          "status" : "finished",
                          "start_time": "2022-03-30T12:00:01+00:00",
                          "url" : "https://example.com/sps_old.iso"
                      },
                      "key" : "8f6f7b0f-bba1-4d86-babb-54868106d2e9",
                      "meta" : {
                          "href" : "/api/firmware/fetch/8f6f7b0f-bba1-4d86-babb-54868106d2e9",
                          "slot": "/api/firmware/slots/2"
                      }
                  },
                  {
                      "body" : {
                          "bytes_downloaded" : 0,
                          "bytes_total" : 0,
                          "error": null,
                          "info" : null,
                          "slot_id" : null,
                          "status" : "queued",
                          "start_time": null,
                          "url" : "https://example.com/sps.iso"
                      },
                      "key" : "6bf3113c-ad66-4cb3-9827-77fcbe1b6853",
                      "meta" : {
                          "href" : "/api/firmware/fetch/6bf3113c-ad66-4cb3-9827-77fcbe1b6853"
                      }
                  }
              ],
              "meta": {
                  "href": "/api/firmware/fetch",
                  "parent": "/api/firmware",
                  "slots": "/api/firmware/slots",
                  "test": "/api/firmware/test",
                  "upgrade": "/api/firmware/upgrade"
              }
          }
 
Example: Retrieving the status of a single SPS firmware download

The following command is used to retrieve the download status of a single SPS firmware.

curl -X GET -b "${COOKIE_PATH}" https://<IP-address-of-SPS>/api/firmware/fetch/<key-of-the-SPS-firmware-download>
Response

The following is a sample response received if the request was successful.

For more information on the meta object, see Message format.

{
              "body" : {
                  "bytes_downloaded" : 1594798080,
                  "bytes_total" : 1594798080,
                  "error": null,
                  "info" : null,
                  "slot_id" : 2,
                  "start_time": "2022-03-30T12:00:01+00:00",
                  "status" : "finished",
                  "url" : "https://example.com/sps.iso"
              },
              "key" : "8f6f7b0f-bba1-4d86-babb-54868106d2e9",
              "meta": {
                  "href": "/api/firmware/fetch/8f6f7b0f-bba1-4d86-babb-54868106d2e9",
                  "parent": "/api/firmware/fetch",
                  "slot": "/api/firmware/slots/2"
              }
          }

Elements of the response message body include:

Element

Type

Description

Notes

key

string

The identifier of the SPS firmware download job that is running in the background.

 

bytes_downloaded

number

The number of bytes already downloaded.

 

bytes_total

number

The total number of bytes to be downloaded from the Content-Length header received from the server.

 

error

string

The error message, containing details of the error.

If no error has happened, then the value is null.

info

string

Indicates download-specific information, for example, the SPS firmware file is currently downloading, or that SPS is unable to download the firmware file.

Possible values:

  • null
  • Downloading
  • Verifying checksum
  • Firmware fetching failed
  • Installing

The value of the info field can be null in two scenarios:

  • The firmware download has not started yet.

  • The firmware download and installation has been successful.

slot_id

number

The identifier of theSPS firmware image slot.

Before the firmware download is finished, the value of the slot_id is null.

When the status of the firmware download is finished, the slot_id indicates the location where the downloaded firmware was installed. Note that if an administrator later runs other operations on that particular firmware slot, like deleting it or uploading another firmware, then these will not be reflected in the status of the firmware download.

start_time

string (ISO 8601)

The time at which the SPS firmware download job has started.

 

status

string

The status of the SPS firmware fetching job.

Possible values are:

  • queued - the SPS firmware download is queued.

  • in-progress - the SPS firmware download is being processed.

  • finished - the SPS firmware download has been completed.

  • failed - the SPS firmware could not be downloaded.

  • canceled - the SPS firmware download was canceled.

url

string(URI)

The resource URL of the SPS firmware.

Example:

https://example.com/sps.iso
HTTP response codes

For more information and a complete list of standard HTTP response codes, see Application level error codes.

Network settings

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택