지금 지원 담당자와 채팅
지원 담당자와 채팅

One Identity Safeguard for Privileged Sessions 7.0.1.1 LTS - REST API Reference Guide

Introduction Using the SPS REST API Basic settings User management and access control Managing SPS General connection settings HTTP connections Citrix ICA connections MSSQL connections RDP connections SSH connections Telnet connections VNC connections Search, download, and index sessions Reporting Health and maintenance Advanced authentication and authorization Completing the Welcome Wizard using REST Enable and configure analytics using REST

Downloading and installing SPS firmware through HTTP

With the /firmware/fetch endpoint you can avoid having to manually upload large SPS firmware ISO files before upgrading. Instead, you can install SPS firmware files by providing a URL through the SPS REST API. This also makes it easier to download and install a new firmware image on multiple SPS instances simultaneously. Download requests are processed asynchronously, as indicated by the 202 Accepted HTTP response.

URL
POST https://<IP-address-of-SPS>/api/firmware/fetch
Cookies
Cookie name Description Required Values
session_id Contains the authentication token of the user Required

The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For more information on authentication, see Authenticate to the SPS REST API.

NOTE: This session ID refers to the connection between the REST client and the SPS REST API. It is not related to the sessions that SPS records (and which also have a session ID, but in a different format).

Operations

Operations with the /firmware/fetch endpoint include:

Operation HTTP method URL

Notes

Start downloading a SPS firmware POST /api/firmware/fetch

 

Retrieve the status of SPS firmware downloads

GET

/api/firmware/fetch

 

Retrieve the status of a single SPS firmware download

GET

/api/firmware/fetch/<key-of-the-SPS-firmware-download>

 

Cancel a SPS firmware download

DELETE

/api/firmware/fetch/<key-of-the-SPS-firmware-download>

You can safely cancel running a SPS firmware file download while the status of the download is queued or in-progress.

If you cancel running a firmware download while its status is in-progress, any partially downloaded files will be removed from SPS. However, the status information remains in the queue, and can be removed by sending a second DELETE request to the same URL.

NOTE: After the firmware download and verification steps are completed, it is not possible to cancel the installation of the firmware.

Remove status information of finished, failed, and cancelled downloads

DELETE

/api/firmware/fetch/<key-of-the-SPS-firmware-download>

There is no automated procedure to remove outdated firmware downloads. You must remove them manually.

Sample request
Example: Start downloading SPS firmware files

The following command starts downloading SPS firmware files.

curl -X POST -b "${COOKIE_PATH}" --data "@-" https://<IP-address-of-SPS>/api/firmware/fetch
{
            "url": "https://example.com/sps.iso",
            "checksum": {
                "sha256": "e6837af0b5dcb5397c6bc8b52c0fb95aa49a3fea4303e274c7501f0857cb9b80"
            }
        }
 

Elements of the request message body include:

Element

Type

Description

Notes

url

string

 

 

checksum

object

When SPS downloads from a HTTPS URL, the server certificate is not validated during the SSL handshake. As a result, a checksum is required so that SPS can verify that the data was not tampered with in transit. The SPS download page for the respective version of the product provides the SHA-256 checksum of all official SPS images.

checksum is a required parameter and can only accept a sha256 hash as a value. This parameter must be used when you are running SPS in a production environment.

checksum.sha256

string

The SHA-256 hash of the SPS ISO image.

 

Response

The following is a sample response received if the request was successful.

For more information on the meta object, see Message format.

{
                "key": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
                "meta": {
                    "href": "/api/firmware/fetch/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
                    "parent": "/api/firmware",
                    "slots": "/api/firmware/slots",
                    "test": "/api/firmware/test",
                    "upgrade": "/api/firmware/upgrade"
                }
            }
 

Elements of the response message body include:

Element

Type

Description

Notes

key

string

The identifier of the SPS firmware file that is being downloaded.

 

Example: Retrieving the status of SPS firmware downloads

The following command is used to retrieve the download status of SPS firmwares.

curl -X GET -b "${COOKIE_PATH}" https://<IP-address-of-SPS>/api/firmware/fetch
Response

The following is a sample response received if the request was successful.

For more information on the meta object, see Message format.

{
              "items" : [
                  {
                      "body" : {
                          "bytes_downloaded" : 1234,
                          "bytes_total" : 1521614848,
                          "error": null,
                          "info" : "Downloading",
                          "slot_id" : null,
                          "start_time": "2022-03-30T12:00:01+00:00",
                          "status" : "in-progress",
                          "url" : "https://example.com/sps.iso"
                      },
                      "key" : "42dee328-9a26-4337-a1fd-3ee6cea3e815",
                      "meta" : {
                          "href" : "/api/firmware/fetch/42dee328-9a26-4337-a1fd-3ee6cea3e815"
                      }
                  },
                  {
                      "body" : {
                          "bytes_downloaded" : 0,
                          "bytes_total" : 0,
                          "error": "<class 'requests.exceptions.ConnectionError'>: HTTPConnectionPool(host='unreachable.com', port=80): Max retries exceeded with url: /sps.iso (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fc45e0e1ac0>: Failed to establish a new connection: [Errno -2] Name or service not known'))",
                          "info" : "Firmware fetching failed",
                          "slot_id" : null,
                          "start_time": "2022-03-30T12:00:01+00:00",
                          "status" : "failed",
                          "url" : "https://unreachable.com/sps.iso"
                      },
                      "key" : "023bc2b4-0efb-4eaa-a301-b29f8c395f8c",
                      "meta" : {
                          "href" : "/api/firmware/fetch/023bc2b4-0efb-4eaa-a301-b29f8c395f8c"
                      }
                  },
                  {
                      "body" : {
                          "bytes_downloaded" : 1594798080,
                          "bytes_total" : 1594798080,
                          "error": null,
                          "info" : null,
                          "slot_id" : 2,
                          "status" : "finished",
                          "start_time": "2022-03-30T12:00:01+00:00",
                          "url" : "https://example.com/sps_old.iso"
                      },
                      "key" : "8f6f7b0f-bba1-4d86-babb-54868106d2e9",
                      "meta" : {
                          "href" : "/api/firmware/fetch/8f6f7b0f-bba1-4d86-babb-54868106d2e9",
                          "slot": "/api/firmware/slots/2"
                      }
                  },
                  {
                      "body" : {
                          "bytes_downloaded" : 0,
                          "bytes_total" : 0,
                          "error": null,
                          "info" : null,
                          "slot_id" : null,
                          "status" : "queued",
                          "start_time": null,
                          "url" : "https://example.com/sps.iso"
                      },
                      "key" : "6bf3113c-ad66-4cb3-9827-77fcbe1b6853",
                      "meta" : {
                          "href" : "/api/firmware/fetch/6bf3113c-ad66-4cb3-9827-77fcbe1b6853"
                      }
                  }
              ],
              "meta": {
                  "href": "/api/firmware/fetch",
                  "parent": "/api/firmware",
                  "slots": "/api/firmware/slots",
                  "test": "/api/firmware/test",
                  "upgrade": "/api/firmware/upgrade"
              }
          }
 
Example: Retrieving the status of a single SPS firmware download

The following command is used to retrieve the download status of a single SPS firmware.

curl -X GET -b "${COOKIE_PATH}" https://<IP-address-of-SPS>/api/firmware/fetch/<key-of-the-SPS-firmware-download>
Response

The following is a sample response received if the request was successful.

For more information on the meta object, see Message format.

{
              "body" : {
                  "bytes_downloaded" : 1594798080,
                  "bytes_total" : 1594798080,
                  "error": null,
                  "info" : null,
                  "slot_id" : 2,
                  "start_time": "2022-03-30T12:00:01+00:00",
                  "status" : "finished",
                  "url" : "https://example.com/sps.iso"
              },
              "key" : "8f6f7b0f-bba1-4d86-babb-54868106d2e9",
              "meta": {
                  "href": "/api/firmware/fetch/8f6f7b0f-bba1-4d86-babb-54868106d2e9",
                  "parent": "/api/firmware/fetch",
                  "slot": "/api/firmware/slots/2"
              }
          }

Elements of the response message body include:

Element

Type

Description

Notes

key

string

The identifier of the SPS firmware download job that is running in the background.

 

bytes_downloaded

number

The number of bytes already downloaded.

 

bytes_total

number

The total number of bytes to be downloaded from the Content-Length header received from the server.

 

error

string

The error message, containing details of the error.

If no error has happened, then the value is null.

info

string

Indicates download-specific information, for example, the SPS firmware file is currently downloading, or that SPS is unable to download the firmware file.

Possible values:

  • null
  • Downloading
  • Verifying checksum
  • Firmware fetching failed
  • Installing

The value of the info field can be null in two scenarios:

  • The firmware download has not started yet.

  • The firmware download and installation has been successful.

slot_id

number

The identifier of theSPS firmware image slot.

Before the firmware download is finished, the value of the slot_id is null.

When the status of the firmware download is finished, the slot_id indicates the location where the downloaded firmware was installed. Note that if an administrator later runs other operations on that particular firmware slot, like deleting it or uploading another firmware, then these will not be reflected in the status of the firmware download.

start_time

string (ISO 8601)

The time at which the SPS firmware download job has started.

 

status

string

The status of the SPS firmware fetching job.

Possible values are:

  • queued - the SPS firmware download is queued.

  • in-progress - the SPS firmware download is being processed.

  • finished - the SPS firmware download has been completed.

  • failed - the SPS firmware could not be downloaded.

  • canceled - the SPS firmware download was canceled.

url

string(URI)

The resource URL of the SPS firmware.

Example:

https://example.com/sps.iso
HTTP response codes

For more information and a complete list of standard HTTP response codes, see Application level error codes.

Network settings

Network configuration options

Contains the endpoints for configuring networking on SPS.

URL
GET https://<IP-address-of-SPS>/api/configuration/network
Cookies
Cookie name Description Required Values
session_id Contains the authentication token of the user Required

The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For more information on authentication, see Authenticate to the SPS REST API.

NOTE: This session ID refers to the connection between the REST client and the SPS REST API. It is not related to the sessions that SPS records (and which also have a session ID, but in a different format).

Sample request

The following command lists network configuration options.

curl --cookie cookies https://<IP-address-of-SPS>/api/configuration/network
Response

The following is a sample response received when listing network configuration options.

For more information on the meta object, see Message format.

{
  "items": [
    {
      "key": "dns",
      "meta": {
        "href": "/api/configuration/network/dns"
      }
    },
    {
      "key": "ip_forwarding_rule_pairs",
      "meta": {
        "href": "/api/configuration/network/ip_forwarding_rule_pairs"
      }
    },
    {
      "key": "naming",
      "meta": {
        "href": "/api/configuration/network/naming"
      }
    },
    {
      "key": "nics",
      "meta": {
        "href": "/api/configuration/network/nics"
      }
    },
    {
      "key": "routing",
      "meta": {
        "href": "/api/configuration/network/routing"
      }
    }
  ],
  "meta": {
    "first": "/api/configuration/aaa",
    "href": "/api/configuration/network",
    "last": "/api/configuration/x509",
    "next": "/api/configuration/passwords",
    "parent": "/api/configuration",
    "previous": "/api/configuration/management",
    "transaction": "/api/transaction"
  }
}
Element Description
dns The address of the primary and secondary DNS server.
ip_forwarding_rule_pairs Rules for routing between the network interfaces.
naming DNS search domain, hostname, and appliance nickname settings.
nics References the endpoints of the three physical network interfaces.
routing Routing table. Defines the address of the gateway server for each configured subnet.
Status and error codes

The following table lists the typical status and error codes for this request. For a complete list of error codes, see Application level error codes.

Code Description Notes
401 Unauthenticated The requested resource cannot be retrieved because the client is not authenticated and the resource requires authorization to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved.
403 Unauthorized The requested resource cannot be retrieved because the client is not authorized to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved.
404 NotFound The requested object does not exist.

DNS servers

Contains the address of the primary and secondary DNS server.

URL
GET https://<IP-address-of-SPS>/api/configuration/network/dns
Cookies
Cookie name Description Required Values
session_id Contains the authentication token of the user Required

The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For more information on authentication, see Authenticate to the SPS REST API.

NOTE: This session ID refers to the connection between the REST client and the SPS REST API. It is not related to the sessions that SPS records (and which also have a session ID, but in a different format).

Sample request

The following command lists the configured DNS servers.

curl --cookie cookies https://<IP-address-of-SPS>/api/configuration/network/dns
Response

The following is a sample response received when listing the configured DNS servers.

For more information on the meta object, see Message format.

{
  "body": {
    "primary": "192.168.56.1",
    "secondary": null
  },
  "key": "dns",
  "meta": {
    "first": "/api/configuration/network/dns",
    "href": "/api/configuration/network/dns",
    "last": "/api/configuration/network/routing",
    "next": "/api/configuration/network/ip_forwarding_rule_pairs",
    "parent": "/api/configuration/network",
    "previous": null,
    "transaction": "/api/transaction"
  }
}
Element Type Description
key string Top level element, contains the ID of the endpoints.
body Top level element (string) Contains the addresses of the DNS servers.
primary string The IP address of the primary DNS server.
secondary string The address of the secondary DNS server.
Modify the address of the DNS servers

To modify the address of a DNS server, you have to:

  1. Open a transaction.

    For more information, see Open a transaction.

  2. Modify the JSON object of the endpoint.

    PUT the modified JSON object to the https://<IP-address-of-SPS>/api/configuration/network/dns endpoint. You can find a detailed description of the available parameters listed in Element .

  3. Commit your changes.

    For more information, see Commit a transaction.

Status and error codes

The following table lists the typical status and error codes for this request. For a complete list of error codes, see Application level error codes.

Code Description Notes
201 Created The new resource was successfully created.
401 Unauthenticated The requested resource cannot be retrieved because the client is not authenticated and the resource requires authorization to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved.
403 Unauthorized The requested resource cannot be retrieved because the client is not authorized to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved.
404 NotFound The requested object does not exist.
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택