Chat now with support
Chat with Support

One Identity Safeguard for Privileged Sessions 7.2.1 - REST API Reference Guide

Introduction Using the SPS REST API Basic settings User management and access control Managing SPS General connection settings HTTP connections Citrix ICA connections MSSQL connections RDP connections SSH connections Telnet connections VNC connections Search, retrieve, download, and index sessions Reporting Health and maintenance Advanced authentication and authorization Completing the Welcome Wizard using REST Enable and configure analytics using REST REST API examples

Listing integrated products with SPS

List basic information about products that are integrated with One Identity Safeguard for Privileged Sessions (SPS).

URL
GET https://<IP-address-of-SPS>/api/integrated_products
Cookies
Cookie name Description Required Values
session_id Contains the authentication token of the user Required

The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For more information on authentication, see Authenticate to the SPS REST API.

NOTE: This session ID refers to the connection between the REST client and the SPS REST API. It is not related to the sessions that SPS records (and which also have a session ID, but in a different format).

Operations

Operations with the /integrated_products endpoint include:

Operation HTTP method URL

Notes

Retrieving information about products integrated with SPS GET /api/integrated_products

When SPS is joined to One Identity Starling, but One Identity Starling is not available, you will receive the following warning message:

Information about the integrated Starling products cannot be retrieved.
Check the following:
- The Starling cloud service is available.
- Your SPS appliance is connected to the Internet.
						

When your credentials to access One Identity Starling are invalid, you will receive the following warning message:

The credentials used for accessing Starling are invalid. This may happen because SPS was un-joined from Starling and restored to a previous joined state. Re-join the SPS to get valid credentials.
Sample request

The following command lists products that are integrated with SPS.

curl --cookie cookies https://<IP-address-of-SPS>/api/integrated_products
Response

The following is a sample response received when SPS is joined with One Identity Starling, but not with any other products integrated with the One Identity Starling platform.

For more information on the meta object, see Message format.

{
     "items": [
     {
       "name": "Defender",
       "link": null,
       "activated": false
     },
     {
       "name": "Connect",
       "link": null,
       "activated": false
     },
     {
       "name": "Governance",
       "link": null,
       "activated": false
     },
     {
       "name": "RemoteAccess",
       "link": null,
       "activated": false
     }
    ]
   }
		

The following is a sample response received when SPS is joined with SPP.

{
   "items": [
     {
       "name": "Safeguard for Privileged Passwords",
       "activated": true,
       "link": "https://10.10.10.10"
     }
   ]
}

The following is a sample response received when SPS is joined with One Identity Starling, and it is integrated with certain One Identity Starling products.

{
     "items": [
     {
       "name": "Defender",
       "link": "https://2fa.cloud.oneidentity.com",
       "activated": true
     },
     {
       "name": "Connect",
       "link": "https://connect.cloud.oneidentity.com",
       "activated": true
     },
     {
       "name": "Governance",
       "link": null,
       "activated": false
     }
    ]
   }
		

Elements of the response message body include:

Element

Type

Description

Notes

items

object array

A list of One Identity Starling products that are integrated SPS.

When there are no products integrated with SPS, the items field returns empty:

{
     "items": []
    }
						

items.name

string

The name of the integrated One Identity Starling product.

items.link

format(uri)

The URL of the integrated One Identity Starling product.

If the product is not integrated, the value of the link parameter will be null.

items.activated

boolean

Indicates whether the product is integrated with SPS or not.

Possible values:

  • true - the product is integrated with SPS

  • false - the product is not integrated with SPS

HTTP response codes

For more information and a complete list of standard HTTP response codes, see Application level error codes.

Firmware management

A list of endpoints managing SPS firmware images.

URL
GET https://<IP-address-of-SPS>/api/firmware
Cookies
Cookie name Description Required Values
session_id Contains the authentication token of the user Required

The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For more information on authentication, see Authenticate to the SPS REST API.

NOTE: This session ID refers to the connection between the REST client and the SPS REST API. It is not related to the sessions that SPS records (and which also have a session ID, but in a different format).

Sample request

The following command lists management configuration endpoints.

curl --cookie cookies https://<IP-address-of-SPS>/api/firmware
Response

The following is a sample response received when firmware-related configuration endpoints are listed.

For more information on the meta object, see Message format.

{
  "items": [
    {
      "key": "fetch",
      "meta": {
        "href": "/api/firmware/fetch"
      }
    },
	{
      "key": "slots",
      "meta": {
        "href": "/api/firmware/slots"
      }
    },
    {
      "key": "test",
      "meta": {
        "href": "/api/firmware/test"
      }
    },
    {
      "key": "upgrade",
      "meta": {
        "href": "/api/firmware/upgrade"
      }
    }
  ],
  "meta": {
    "href": "/api/firmware",
    "parent": "/api",
    "fetch": "/api/firmware/fetch",
    "slots": "/api/firmware/slots",
    "test": "/api/firmware/test",
    "upgrade": "/api/firmware/upgrade"
  }
}
Endpoints Description

fetch

Install firmware files by providing a URL.

slots Retrieve information about SPS firmware images maintained on the device in locations called slots.
test Trigger an upgrade test without an actual upgrade.
upgrade Upgrade SPS to new firmware.
upload Upload new firmware to SPS.
HTTP response codes

For more information and a complete list of standard HTTP response codes, see Application level error codes.

Retrieving information about SPS firmware image slots

Retrieve information about SPS firmware images maintained on the device in locations called slots.

Base URL
https://<address-of-SPS>/api
Cookies

For more information about the authentication token of the user, see Application level error codes.

Sample request

HTTP operations with the /slots endpoint include:

HTTP method

URL

Description

Notes

GET

/api/firmware/slots

curl -X GET -b "${COOKIE_PATH}" https://<address-of-SPS>/api/firmware/slots

Listing all available firmware image slots

 

GET

/api/firmware/slots/<slot_id>

curl -X GET -b "${COOKIE_PATH}" https://<address-of-SPS>/api/firmware/slots/<slot_id>

Listing a specific firmware image slot

 

DELETE

/api/firmware/slots/<slot_id>

curl -X DELETE -b "${COOKIE_PATH}" https://<address-of-SPS>/api/firmware/slots/<slot_id>

Deleting a firmware image slot

NOTE: Deleting the current firmware, or the one after the reboot, is not allowed.

Examples

Firmware slots

Elements of the response message body include:

Element

Type

Description

Notes

after_reboot

boolean

This flag shows that the firmware is selected to be the active firmware after upgrade.

Possible values:

  • true - the firmware is the active firmware after upgrade

  • false - the firmware is not the active firmware after upgrade

current

boolean

Indicates whether the firmware is active.

Possible values:

  • true - the current firmware is the latest version

  • false - the current firmware is not the latest version

upgrade_news

string

Displays SPS Upgrade Notes that is relevant to the current firmware.

If there is no such information available, the value will be null.

upgrade_notes

string

The content of the SPS Upgrade Notes.

 

version

number

The version number of that specific SPS firmware image.

 

For more information on the meta object, see Message format.

HTTP response codes

For more information and a complete list of standard HTTP response codes, see Application level error codes.

Testing new SPS firmware before upgrade

Use the /firmware/test endpoint as a precheck tool to trigger an upgrade test without an actual upgrade. The test reveals whether the current state of SPS is compatible with the new firmware. Possible areas where errors can occur:

  • version compatibility - the new firmware is compatible with the upgrade policy

  • storage space - there is enough free storage space for the upgrade

  • configuration compatibility - the current configuration settings are supported in the new firmware

  • tainted firmware - whether or not there are manually modified files on the firmware

URL
POST https://<IP-address-of-SPS>/api/firmware/test
Cookies
Cookie name Description Required Values
session_id Contains the authentication token of the user Required

The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For more information on authentication, see Authenticate to the SPS REST API.

NOTE: This session ID refers to the connection between the REST client and the SPS REST API. It is not related to the sessions that SPS records (and which also have a session ID, but in a different format).

Operations

Operations with the /firmware/test endpoint include:

Operation

HTTP method

URL

Notes

Testing new SPS firmware before upgrade

POST

/api/firmware/test

 

Sample request

The following command triggers a firmware upgrade test.

curl --cookie cookies https://<IP-address-of-SPS>/api/firmware/test --data '{"slot_id": <slot_id>}'

NOTE: You require a payload first, from which you choose the firmware you want to test.

Response

There can be three possible outcomes:

  • the upgrade was successful:

    {"body": "...", "key": <slot_id>}
  • the upgrade was not successful due to invalid input:

    • the slot_id is missing from the payload

      {"error": {"type": "IncompleteRequestBodyError"}}
    • the tested firmware slot is empty

      {"error": {"type": "ResourceNotFound"}}
  • the upgrade was not successful due to an error:

    {"error": {"type": "FirmwareTestFailed"}}

The following is a sample response received when the upgrade test was successful.

For more information on the meta object, see Message format.

{
     "body":
       { "test_summary": "HA check started\nHA check finished" },
     "key": "1",
     "meta": {
       "href": "/api/firmware/test",
       "parent": "/api/firmware",
       "slot": "/api/firmware/slots/1",
       "upgrade": "/api/firmware/upgrade"
     }
   }
		

The following is a sample response received when the upgrade test was not successful, because the firmware slot is empty.

{
     "error": {
       "details": {
         "mount_point": "/firmware/test",
         "resource": "3"
       },
       "message": "Resource was not found",
       "type": "ResourceNotFound"
     },
     "meta": {
       "href": "/api/firmware/test",
       "parent": "/api/firmware"
     }
   }
		

Elements of the response message body include:

Element

Type

Description

Notes

error.details

object

error.details.mount_point

string

The reference point - in this case a URL path - at which details of the error can be accessed.

This is a fix value:

/firmware/test

error.details.resource

number

The identifier of the firmware image slot.

 

error.message

string

The content of the error message.

 

error.type

string

The type of the error message.

 

The following is a sample response received when the upgrade test was not successful, because the slot_id is missing from the payload.

{
     "error": {
       "details": {
         "missing_paths": [
           "slot_id"
         ]
       },
       "message": "Some paths were missing from the request body",
       "type": "IncompleteRequestBodyError"
     },
     "meta": {
       "href": "/api/firmware/test",
       "parent": "/api/firmware"
     }
   }
		

Elements of the response message body include:

Element

Type

Description

Notes

error.details

object

error.details.missing_paths

array

A list of missing URL path parameters.

In this case, there can be only one value here, which is slot_id.

error.details.missing_paths.slot_id

 

The identifier of the firmware image slot.

 

error.message

string

The content of the error message.

 

error.type

string

The type of the error message.

 

The following is a sample response received when the upgrade test was not successful, because an error was found during testing.

{
     "error": {
       "details": {
         "exit_code": 1,
         "test_summary": "HA check started\nHA check failed"
       },
       "message": "The firmware test failed",
       "type": "FirmwareTestFailed"
     },
     "meta": {
       "href": "/api/firmware/test",
       "parent": "/api/firmware"
     }
   }
		

Elements of the response message body include:

Element

Type

Description

Notes

error.details

object

error.details.exit_code

number

Possible values:

  • 0 - the firmware test passed successfully

  • 1 - the firmware test failed

error.details.test_summary

string

The summary of the upgrade test in free text format.

For example:

HA check started,

HA check failed

error.message

string

The content of the error message.

 

error.type

string

The type of the error message.

 

HTTP response codes

For more information and a complete list of standard HTTP response codes, see Application level error codes.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating