One Identity Safeguard for Privileged Sessions 5.7.0

Message format How to configure Safeguard for Privileged Sessions using REST How to configure Safeguard for Privileged Sessions using REST: a sample transaction

Using the Safeguard for Privileged Sessions REST API

Authenticate to the Safeguard for Privileged Sessions REST API Authenticate to the Safeguard for Privileged Sessions REST API using X.509 certificate Retrieve user information Checking the transaction status Open a transaction Commit a transaction Delete a transaction Reviewing the changelog of a transaction Application level error codes Navigating the configuration of Safeguard for Privileged Sessions Headers

Basic settings

Retrieve basic firmware and host information Network settings

Web interface Network configuration options DNS servers Routing between interfaces Naming options Network addresses Routing table Local services of Safeguard for Privileged Sessions Local services: Web login for administrators Local services: Web login for users

Date and time

Date & time NTP servers Timezone

Logs, monitoring and alerts

Management options Syslog server settings Disk fill-up prevention Mail settings Health monitoring SNMP settings SNMP traps Local services: access for SNMP agents Alerting System alerts Traffic alerts

User management and access control

User management and access control Authentication and user database settings Privileges of usergroups Manage users and usergroups locally on Safeguard for Privileged Sessions Manage usergroups locally on Safeguard for Privileged Sessions Manage users locally on Safeguard for Privileged Sessions

Managing Safeguard for Privileged Sessions

Troubleshooting options Internal certificates Headers Headers Headers Local services: enabling SSH access to the Safeguard for Privileged Sessions host RPC API Manage the Safeguard for Privileged Sessions license Change contact information Splunk integration Manage Safeguard for Privileged Sessions clusters

General connection settings

Channel policy Policies Audit policies Real-time content monitoring with Content Policies LDAP servers Signing CA policies Time policy Trusted Certificate Authorities Local user databases User lists

HTTP connections

HTTP connections HTTP connection policies Global HTTP options HTTP settings policies

Citrix ICA connections

ICA connections ICA connection policies Global ICA options ICA settings policies

RDP connections

RDP connections Status and error codes RDP channels Configuring domain membership Global RDP options RDP settings policies

SSH connections

SSH connections Status and error codes SSH channels SSH authentication policies Global SSH options SSH settings policies SSH host keys and certificates

Telnet connections

Telnet connections Telnet connection policies Global Telnet options

VNC connections

VNC connections VNC connection policies Global VNC options

Search, download, and index sessions

Audited sessions Download audit trails Searching in the session database Searching in connection content Session statistics Session histogram Session alerts Session events Local services: configuring the indexer Indexer policies

Reporting

Reporting Reports Built-in subchapters Pre-defined reports Content subchapters Custom subchapters Connection statistics subchapters

Advanced authentication and authorization

Usermapping policy Upload a plugin Authentication and authorization plugins Credential store plugins Credential stores Ticketing policies Ticketing plugins

Completing the Welcome Wizard using REST

Enable and configure analytics using REST

Enable One Identity Safeguard for Privileged Analytics Configure One Identity Safeguard for Privileged Analytics

About us Third-party contributions

Network configuration options

Basic settings > Network settings > Network configuration options

Contains the endpoints for configuring networking on Safeguard for Privileged Sessions.

URL

GET https://<IP-address-of-Safeguard for Privileged Sessions>/api/configuration/network

Headers

Header name	Description	Required	Values
session_id	Contains the authentication token of the user	Required	The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For details on authentication, see Authenticate to the Safeguard for Privileged Sessions REST API. Note that this session ID refers to the connection between the REST client and the Safeguard for Privileged Sessions REST API. It is not related to the sessions that Safeguard for Privileged Sessions records (and which also have a session ID, but in a different format).

Header name

Description

Required

Values

session_id

Contains the authentication token of the user

Required

The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For details on authentication, see Authenticate to the Safeguard for Privileged Sessions REST API.

Note that this session ID refers to the connection between the REST client and the Safeguard for Privileged Sessions REST API. It is not related to the sessions that Safeguard for Privileged Sessions records (and which also have a session ID, but in a different format).

Sample request

The following command lists network configuration options.

curl --cookie cookies https://<IP-address-of-Safeguard for Privileged Sessions>/api/configuration/network

Response

The following is a sample response received when listing network configuration options. For details of the meta object, see Introduction.

{
  "items": [
    {
      "key": "dns",
      "meta": {
        "href": "/api/configuration/network/dns"
      }
    },
    {
      "key": "ip_forwarding_rule_pairs",
      "meta": {
        "href": "/api/configuration/network/ip_forwarding_rule_pairs"
      }
    },
    {
      "key": "naming",
      "meta": {
        "href": "/api/configuration/network/naming"
      }
    },
    {
      "key": "nics",
      "meta": {
        "href": "/api/configuration/network/nics"
      }
    },
    {
      "key": "routing",
      "meta": {
        "href": "/api/configuration/network/routing"
      }
    }
  ],
  "meta": {
    "first": "/api/configuration/aaa",
    "href": "/api/configuration/network",
    "last": "/api/configuration/x509",
    "next": "/api/configuration/passwords",
    "parent": "/api/configuration",
    "previous": "/api/configuration/management",
    "transaction": "/api/transaction"
  }
}

Element	Description
dns	The address of the primary and secondary DNS server.
ip_forwarding_rule_pairs	Rules for routing between the network interfaces.
naming	DNS search domain, hostname, and appliance nickname settings.
nics	References the endpoints of the three physical network interfaces.
routing	Routing table. Defines the address of the gateway server for each configured subnet.

Status and error codes

The following table lists the typical status and error codes for this request. For a complete list of error codes, see Using the Safeguard for Privileged Sessions REST API.

Code	Description	Notes
401	Unauthenticated	The requested resource cannot be retrieved because the client is not authenticated and the resource requires authorization to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved.
401	AuthenticationFailure	Authenticating the user with the given credentials has failed.
404	NotFound	The requested object does not exist.

DNS servers

Basic settings > Network settings > DNS servers

Contains the address of the primary and secondary DNS server.

URL

GET https://<IP-address-of-Safeguard for Privileged Sessions>/api/configuration/network/dns

Headers

Header name	Description	Required	Values
session_id	Contains the authentication token of the user	Required	The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For details on authentication, see Authenticate to the Safeguard for Privileged Sessions REST API. Note that this session ID refers to the connection between the REST client and the Safeguard for Privileged Sessions REST API. It is not related to the sessions that Safeguard for Privileged Sessions records (and which also have a session ID, but in a different format).

Header name

Description

Required

Values

session_id

Contains the authentication token of the user

Required

Sample request

The following command lists the configured DNS servers.

curl --cookie cookies https://<IP-address-of-Safeguard for Privileged Sessions>/api/configuration/network/dns

Response

The following is a sample response received when listing the configured DNS servers. For details of the meta object, see Introduction.

{
  "body": {
    "primary": "192.168.56.1",
    "secondary": null
  },
  "key": "dns",
  "meta": {
    "first": "/api/configuration/network/dns",
    "href": "/api/configuration/network/dns",
    "last": "/api/configuration/network/routing",
    "next": "/api/configuration/network/ip_forwarding_rule_pairs",
    "parent": "/api/configuration/network",
    "previous": null,
    "transaction": "/api/transaction"
  }
}

Element		Type	Description
key		string	Top level element, contains the ID of the endpoints.
body		Top level element (string)	Contains the addresses of the DNS servers.
	primary	string	The IP address of the primary DNS server.
	secondary	string	The address of the secondary DNS server.

Modify the address of the DNS servers

To modify the address of a DNS server, you have to:

Open a transaction.

For details, see Open a transaction.
Modify the JSON object of the endpoint.

PUT the modified JSON object to the https://<IP-address-of-Safeguard for Privileged Sessions>/api/configuration/network/dns endpoint. You can find a detailed description of the available parameters listed in DNS servers.
Commit your changes.

For details, see Commit a transaction.

Status and error codes

The following table lists the typical status and error codes for this request. For a complete list of error codes, see Using the Safeguard for Privileged Sessions REST API.

Code	Description	Notes
201	Created	The new resource was successfully created.
401	Unauthenticated	The requested resource cannot be retrieved because the client is not authenticated and the resource requires authorization to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved.
401	AuthenticationFailure	Authenticating the user with the given credentials has failed.
404	NotFound	The requested object does not exist.

Routing between interfaces

Basic settings > Network settings > Routing between interfaces

Configures routing between network interfaces. To use an interface in single-interface router mode, configure both interface_a and interface_b elements to reference that same interface.

URL

GET https://<IP-address-of-Safeguard for Privileged Sessions>/api/configuration/network/ip_forwarding_rule_pairs

Headers

Header name	Description	Required	Values
session_id	Contains the authentication token of the user	Required	The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For details on authentication, see Authenticate to the Safeguard for Privileged Sessions REST API. Note that this session ID refers to the connection between the REST client and the Safeguard for Privileged Sessions REST API. It is not related to the sessions that Safeguard for Privileged Sessions records (and which also have a session ID, but in a different format).

Header name

Description

Required

Values

session_id

Contains the authentication token of the user

Required

Sample request

The following command lists interface routing rules.

curl --cookie cookies https://<IP-address-of-Safeguard for Privileged Sessions>/api/configuration/network/ip_forwarding_rule_pairs

Response

The following is a sample response received when listing interface routing rules. For details of the meta object, see Introduction.

{
  "body": [
    {
      "interface_a": {
        "key": "nic1.interfaces.ff7574025754b3df1647001",
        "meta": {
          "href": "/api/configuration/network/nics/nic1/interfaces/ff7574025754b3df1647001"
        }
      },
      "interface_b": {
        "key": "nic1.interfaces.ff7574025754b3df1647001",
        "meta": {
          "href": "/api/configuration/network/nics/nic1/interfaces/ff7574025754b3df1647001"
        }
      }
    }
  ],
  "key": "ip_forwarding_rule_pairs",
  "meta": {
    "first": "/api/configuration/network/dns",
    "href": "/api/configuration/network/ip_forwarding_rule_pairs",
    "last": "/api/configuration/network/routing",
    "next": "/api/configuration/network/naming",
    "parent": "/api/configuration/network",
    "previous": "/api/configuration/network/dns",
    "transaction": "/api/transaction"
  }
}

Element		Type	Description
key		string	Top level element, contains the ID of the endpoint.
body		Top level element (list)	Contains the rules for routing between the network interfaces.
	interface_a	string	References the identifier of the network interface. You can configure network interfaces at the /api/configuration/network/nics/ endpoint. To modify or add a network interface, use the value of the returned key as the value of the interface_a element, and remove any child elements (including the key).
	interface_b	string	References the identifier of the network interface. You can configure network interfaces at the /api/configuration/network/nics/ endpoint. To modify or add a network interface, use the value of the returned key as the value of the interface_b element, and remove any child elements (including the key).

Add a rule for routing between the network interfaces

To add a rule, you have to:

Open a transaction.

For details, see Open a transaction.
Create the JSON object for the new list of rules.

POST the JSON object to the https://<IP-address-of-Safeguard for Privileged Sessions>/api/configuration/network/ip_forwarding_rule_pairs endpoint. You can find a detailed description of the available parameters listed in Routing between interfaces.

If the POST request is successful, the response includes the key of the new rule.
Commit your changes.

For details, see Commit a transaction.

Modify a rule for routing between the network interfaces

To modify a rule, you have to:

Open a transaction.

For details, see Open a transaction.
Modify the JSON object of the list of rules.

PUT the modified JSON object to the https://<IP-address-of-Safeguard for Privileged Sessions>/api/configuration/network/ip_forwarding_rule_pairs endpoint. You can find a detailed description of the available parameters listed in Routing between interfaces.
Commit your changes.

For details, see Commit a transaction.

Status and error codes

The following table lists the typical status and error codes for this request. For a complete list of error codes, see Using the Safeguard for Privileged Sessions REST API.

Code	Description	Notes
201	Created	The new resource was successfully created.
401	Unauthenticated	The requested resource cannot be retrieved because the client is not authenticated and the resource requires authorization to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved.
401	AuthenticationFailure	Authenticating the user with the given credentials has failed.
404	NotFound	The requested object does not exist.

Naming options

Basic settings > Network settings > Naming options

Contains the settings for the DNS search domain, hostname, and appliance nickname.

URL

GET https://<IP-address-of-Safeguard for Privileged Sessions>/api/configuration/network/naming

Headers

Header name	Description	Required	Values
session_id	Contains the authentication token of the user	Required	The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For details on authentication, see Authenticate to the Safeguard for Privileged Sessions REST API. Note that this session ID refers to the connection between the REST client and the Safeguard for Privileged Sessions REST API. It is not related to the sessions that Safeguard for Privileged Sessions records (and which also have a session ID, but in a different format).

Header name

Description

Required

Values

session_id

Contains the authentication token of the user

Required

Sample request

The following command lists the naming settings.

curl --cookie cookies https://<IP-address-of-Safeguard for Privileged Sessions>/api/configuration/network/naming

Response

The following is a sample response received when listing naming settings. For details of the meta object, see Introduction.

{
  "body": {
    "domainname": "balabit",
    "hostname": "scb-api-docs",
    "nickname": null
  },
  "key": "naming",
  "meta": {
    "first": "/api/configuration/network/dns",
    "href": "/api/configuration/network/naming",
    "last": "/api/configuration/network/routing",
    "next": "/api/configuration/network/nics",
    "parent": "/api/configuration/network",
    "previous": "/api/configuration/network/ip_forwarding_rule_pairs",
    "transaction": "/api/transaction"
  }
}

Element		Type	Description
key		string	Top level element, contains the ID of the endpoint.
body		Top level element (string)	Contains the naming settings.
	domainname	string	The domain name of the network.
	hostname	string	The hostname of Safeguard for Privileged Sessions.
	nickname	string	The nickname for the appliance. Use this name to distinguish between multiple Safeguard for Privileged Sessions appliances on the network. This name is visible in the boot and core login shells.

Modify a name

To modify a name, you have to:

Open a transaction.

For details, see Open a transaction.
Modify the JSON object of the endpoint.

PUT the modified JSON object to the https://<IP-address-of-Safeguard for Privileged Sessions>/api/configuration/network/naming endpoint. You can find a detailed description of the available parameters listed in Naming options.
Commit your changes.

For details, see Commit a transaction.

Status and error codes

The following table lists the typical status and error codes for this request. For a complete list of error codes, see Using the Safeguard for Privileged Sessions REST API.

Code	Description	Notes
201	Created	The new resource was successfully created.
401	Unauthenticated	The requested resource cannot be retrieved because the client is not authenticated and the resource requires authorization to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved.
401	AuthenticationFailure	Authenticating the user with the given credentials has failed.
404	NotFound	The requested object does not exist.

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem

One Identity Safeguard for Privileged Sessions 5.7.0 - REST API Reference Guide

Network configuration options

URL

Headers

Sample request

Response

Status and error codes

DNS servers

URL

Headers

Sample request

Response

Modify the address of the DNS servers

Open a transaction.

Modify the JSON object of the endpoint.

Commit your changes.

Status and error codes

Routing between interfaces

URL

Headers

Sample request

Response

Add a rule for routing between the network interfaces

Open a transaction.

Create the JSON object for the new list of rules.

Commit your changes.

Modify a rule for routing between the network interfaces

Open a transaction.

Modify the JSON object of the list of rules.

Commit your changes.

Status and error codes

Naming options

URL

Headers

Sample request

Response

Modify a name

Open a transaction.

Modify the JSON object of the endpoint.

Commit your changes.

Status and error codes