Chat now with support
Chat with Support

One Identity Safeguard for Privileged Sessions 7.3.1 - REST API Reference Guide

Introduction Using the SPS REST API Basic settings User management and access control Managing SPS General connection settings HTTP connections Citrix ICA connections MSSQL connections RDP connections SSH connections Telnet connections VNC connections Search, retrieve, download, and index sessions Reporting Health and maintenance Advanced authentication and authorization Completing the Welcome Wizard using REST Enable and configure analytics using REST REST API examples

Local services SSH settings

Querying ssh configuration

Querying ssh configuration request

curl --cookie cookies --request GET https://<IP-address-of-SPS>/api/configuration/local_services/ssh

Querying ssh configuration response

{
    "body": {
        "access_restriction": {
            "allowed_from": [
                "10.40.0.48/24"
            ],
            "enabled": true
        },
        "allow_password_auth": true,
        "bruteforce_protection": true,
        "enabled": true,
        "listen": [
            {
                "address": {
                    "key": "nic1.interfaces.ff7574025754b3df1647001.addresses.1",
                    "meta": {
                        "href": "/api/configuration/network/nics/nic1#interfaces/ff7574025754b3df1647001/addresses/1"
                    }
                },
                "port": 23
            }
        ],
        "public_keys": [
            "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTnisLCjZ3vONMXqFBIdvpZ0BY73+GdHpgoaL8YsydxJBsYg9dYTDzVVtYFVvdCVzBdcwCjyOuPwtZoYU3pLEFQ7OVoDUDPmVnl6idS/6tB2m89I5zdc02xUeCWTBpTGoOhNtc+YDmxPGZ1FQIpXCw0MT91jviWm3JydDd5YKINwvdTh8zsRT/702ZD9uZslwkQA/b2B9/hidCAkQkvs5H1B3o4laTd0JE9k90N+qbaQjVvoInr+jdXaWvrScwFVxZhb7Q1LvUL6oxW889bOWFMSa+/mnENarw6rpwfk9Ayi5uQQ2imY/tSnfgbS2RvIa1sKwUsJasDqN2lo/DuhON key-comment anothercomment"
        ]
    },
    "key": "ssh",
    "meta": {
        "first": "/api/configuration/local_services/admin_web",
        "href": "/api/configuration/local_services/ssh",
        "last": "/api/configuration/local_services/user_web",
        "next": "/api/configuration/local_services/user_web",
        "parent": "/api/configuration/local_services",
        "previous": "/api/configuration/local_services/snmp_agent",
        "transaction": "/api/transaction"
    }
}

Local user database

Querying local user database

Querying local user database request

curl --cookie cookies --request GET https://<IP-address-of-SPS>/api/configuration/policies/user_databases/8235074425707e306abf39

Querying local user database response

{
    "body": {
        "name": "user_db",
        "users": [
            {
                "passwords": [
                    {
                        "key": "d5a16874-b2e1-4d21-885d-25ac7bdd5cad",
                        "meta": {
                            "href": "/api/configuration/passwords#d5a16874-b2e1-4d21-885d-25ac7bdd5cad"
                        }
                    }
                ],
                "public_keys": [
                    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEph9DE2+PjMSbmXybOOevNJGiYj4Mi+YimPdPrOvGQ9x01jSQigh8Y4EyBL3FkGfBAz30qRERSDbVmyS+Ddl9B/reszsx3lk4wVvzx41ED6ti8th2taFvzvIr7Lsa8sy0izAS5t/7L3WEnPUiEO2EGNbKKRsI5042P0PYRXouR7k7erBgbdlmw90PiRA2RYS6UitfBmwsJW3tyJ6dcAd1IB1M8idKKZCJA0DuFkkbS1I4HwesekDH+sa5o2i/Mj22U8WOWPbfviCKQUXrkG3uQj7o2hxjkVsE2gn6ZegOgLuHwbvGAAE84NSWc7ILNd7h0L537lcHCHzJpywOiP4v"
                ],
                "username": "user1"
            }
        ]
    },
    "key": "8235074425707e306abf39",
    "meta": {
        "first": "/api/configuration/policies/user_databases/8235074425707e306abf39",
        "href": "/api/configuration/policies/user_databases/8235074425707e306abf39",
        "last": "/api/configuration/policies/user_databases/8235074425707e306abf39",
        "next": null,
        "parent": "/api/configuration/policies/user_databases",
        "previous": null,
        "transaction": "/api/transaction"
    }
}

Management email

Querying email configuration

Querying email configuration request

curl --cookie cookies --request GET https://<IP-address-of-SPS>/api/configuration/management/email

Querying email configuration response

{
    "key": "email",
    "body": {
        "admin_address": "administrator@test-network",
        "sender_address": "box@test-network",
        "server": {
            "selection": "fqdn",
            "value": "smtp.test-network"
        },
        "alerting_address": "alert-investigator@test-network",
        "reporting_address": "report-collector@test-network",
        "user_authentication": null,
        "encryption": {
           "selection": "disabled"
        }
    },
    "meta": {
        "first": "/api/configuration/management/accounting",
        "href": "/api/configuration/management/email",
        "last": "/api/configuration/management/web_gateway_authentication",
        "next": "/api/configuration/management/exported_configuration_encryption",
        "parent": "/api/configuration/management",
        "previous": "/api/configuration/management/disk_fillup_prevention",
        "transaction": "/api/transaction"
   }
}
Querying encrypted email configuration

Querying encrypted email configuration request

curl --cookie cookies --request GET https://<IP-address-of-SPS>/api/configuration/management/email

Querying encrypted email configuration response

    {
        "key": "email",
        "body": {
            "admin_address": "administrator@test-network",
            "sender_address": "box@test-network",
            "server": {
                "selection": "fqdn",
                "value": "smtp.test-network"
            },
            "alerting_address": "alert-investigator@test-network",
            "reporting_address": "report-collector@test-network",
            "user_authentication": {
               "username": "testuser",
               "password": {
                   "key": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
                   "meta": {"href": "/api/configuration/passwords#XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"}
               }
            },
            "encryption": {
               "selection": "starttls",
               "server_certificate_check": {
                   "fingerprint": {
                       "digest": "a5:56:d1:12:f5:14:ae:2a:2b:3e:33:d4:74:13:64:f6:d2:c0:f6:60:b0:5a:2c:e6:0c:60:d7:34:14:16:d2:b1",
                       "hash_algorithm": "sha256"
                   },
                   "issuer": "/C=RO/ST=TheRootState/L=TheRootLocality/O=TheRootOrganization/OU=TheRootOrganizationalUnit/CN=the.root.common.name.io/emailAddress=the@root.email.address.io",
                   "not_after": "2024-08-11T13:04:43+00:00",
                   "not_before": "2014-08-14T13:04:43+00:00",
                   "subject": "/C=CA/ST=TheCaState/L=TheCaLocality/O=TheCaOrganization/OU=TheCaOrganizationalUnit/CN=the.ca.common.name.io/emailAddress=the@ca.email.address.io",
                   "pem": "-----BEGIN CERTIFICATE-----\nMIIEWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQ0FADCBzDELMAkGA1UEBhMCUk8x\nFTATBgNVBAgMDFRoZVJvb3RTdGF0ZTEYMBYGA1UEBwwPVGhlUm9vdExvY2FsaXR5\nMRwwGgYDVQQKDBNUaGVSb290T3JnYW5pemF0aW9uMSIwIAYDVQQLDBlUaGVSb290\nT3JnYW5pemF0aW9uYWxVbml0MSAwHgYDVQQDDBd0aGUucm9vdC5jb21tb24ubmFt\nZS5pbzEoMCYGCSqGSIb3DQEJARYZdGhlQHJvb3QuZW1haWwuYWRkcmVzcy5pbzAe\nFw0xNDA4MTQxMzA0NDNaFw0yNDA4MTExMzA0NDNaMIHAMQswCQYDVQQGEwJDQTET\nMBEGA1UECAwKVGhlQ2FTdGF0ZTEWMBQGA1UEBwwNVGhlQ2FMb2NhbGl0eTEaMBgG\nA1UECgwRVGhlQ2FPcmdhbml6YXRpb24xIDAeBgNVBAsMF1RoZUNhT3JnYW5pemF0\naW9uYWxVbml0MR4wHAYDVQQDDBV0aGUuY2EuY29tbW9uLm5hbWUuaW8xJjAkBgkq\nhkiG9w0BCQEWF3RoZUBjYS5lbWFpbC5hZGRyZXNzLmlvMIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEAnDH+7TXsG4KIuEgH/Q6zcV2+RKbcIGIM+Qy7AXPK\nMaC2zz+rFLdwrkE60S6q5kbj4Qviw0EB9xrFqyYzDu+9QeWgLYUVVSCAZiRkfrcz\nw4+LC5CcyxpLx7AwaJTGSZOjCAzQI0M+5VNxlUg96OMiQmLI1LyGcWiCU/b1DH+o\nkI9f7+E8I5TwJEepb6pUiAnGVJoq19v39SlKDDDZ2oS47ElQPQM6QhyT6C9R10GI\n1ILYkgVQCR6dKCqRiar+DrgULY6I/YpZjzsoQT9cuK3kPZqn5P/O/EUWfuVY6BWZ\nn/OW6/JEZvpxyP1IrNq2Mc1dfSFWxqaUd+Lu+xvIMGkpJwIDAQABo1AwTjAdBgNV\nHQ4EFgQUP0o72Giv/Nc5rbYbmARjo4WggCcwHwYDVR0jBBgwFoAUHCS1guZGRNHN\nSvIRRCht25WOJOEwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAQEAsXiL\ntf6rYuY5Lr8WrUAM344il4fT+NQQ9ikbAIO9bLUaZG+cXbWLNeQSP/iDuBwWi2JF\noFhSAekr1UZvWu+eL62BeLl2CxB5SCayey9fIVTG8C+QHuOmsjLvTyQsUPByt2rE\nPB35hhxkSscUA4JyGN5dx08aaLBaULjaUwrib9gM7Iqg41pV+8MGPyHidUFeHPCS\nmuhmxoGlwjnzOuG3kE06EY9NjZ0oRnNnFtAat33/WgUDMMXK7H4t0IKojGgajvga\nqf42osfXzBTA7hD2qaTv/p/jGtt+UGJefsS2BkLn7aNGpOPhmC+So0bOhRCwmasV\nWywaLFBDEYDnAEbK5Q==\n-----END CERTIFICATE-----\n"
               },
               "client_authentication": {
                    "key": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
                    "meta": {
                       "href": "/api/configuration/x509/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
                    }
               }
            }
        },
        "meta": {
           "first": "/api/configuration/management/accounting",
           "href": "/api/configuration/management/email",
           "last": "/api/configuration/management/web_gateway_authentication",
           "next": "/api/configuration/management/exported_configuration_encryption",
           "parent": "/api/configuration/management",
           "previous": "/api/configuration/management/disk_fillup_prevention",
           "transaction": "/api/transaction"
       }
    }
Configure authentication to the SMTP server

Configure authentication to the SMTP server request

curl --cookie cookies --request PUT --data '@-' https://<IP-address-of-SPS>/api/configuration/management/email <<'REQUEST'
{
   "admin_address": "administrator@test-network",
   "sender_address": "box@test-network",
   "server": {
       "selection": "fqdn",
       "value": "smtp.test-network"
   },
   "alerting_address": "alert-investigator@test-network",
   "reporting_address": "report-collector@test-network",
   "user_authentication": null,
   "user_authentication": {
      "username": "testuser",
      "password": {
          "plain": "testuser-password"
      }
   },
   "encryption": {
      "selection": "disabled"
   }
}
REQUEST

Configure authentication to the SMTP server response

{
   "meta": {
       "first": "/api/configuration/management/accounting",
       "href": "/api/configuration/management/email",
       "last": "/api/configuration/management/web_gateway_authentication",
       "next": "/api/configuration/management/exported_configuration_encryption",
       "parent": "/api/configuration/management",
       "previous": "/api/configuration/management/disk_fillup_prevention",
       "transaction": "/api/transaction"
   }
}
Configure STARTTLS encryption without certificate checks

Configure STARTTLS encryption without certificate checks request

curl --cookie cookies --request PUT --data '@-' https://<IP-address-of-SPS>/api/configuration/management/email <<'REQUEST'
{
   "admin_address": "administrator@test-network",
   "sender_address": "box@test-network",
   "server": {
       "selection": "fqdn",
       "value": "smtp.test-network"
   },
   "alerting_address": "alert-investigator@test-network",
   "reporting_address": "report-collector@test-network",
   "user_authentication": null,
   "user_authentication": {
      "username": "testuser",
      "password": {
          "plain": "testuser-password"
      }
   },
   "encryption": {
       "selection": "starttls",
       "server_certificate_check": null,
       "client_authentication": null
   }
}
REQUEST

Configure STARTTLS encryption without certificate checks response

{
   "meta": {
       "first": "/api/configuration/management/accounting",
       "href": "/api/configuration/management/email",
       "last": "/api/configuration/management/web_gateway_authentication",
       "next": "/api/configuration/management/exported_configuration_encryption",
       "parent": "/api/configuration/management",
       "previous": "/api/configuration/management/disk_fillup_prevention",
       "transaction": "/api/transaction"
   }
}
Configure STARTTLS encryption with server certificate check, and authenticate as client with an X.509 certificate

Configure STARTTLS encryption with server certificate check, and authenticate as client with an X.509 certificate request

curl --cookie cookies --request PUT --data '@-' https://<IP-address-of-SPS>/api/configuration/management/email <<'REQUEST'
{
   "admin_address": "administrator@test-network",
   "sender_address": "box@test-network",
   "server": {
       "selection": "fqdn",
       "value": "smtp.test-network"
   },
   "alerting_address": "alert-investigator@test-network",
   "reporting_address": "report-collector@test-network",
   "user_authentication": null,
   "user_authentication": {
      "username": "testuser",
      "password": {
          "plain": "testuser-password"
      }
   },
   "encryption": {
       "selection": "starttls",
       "server_certificate_check": {
           "pem": "-----BEGIN CERTIFICATE-----\nMIIEWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQ0FADCBzDELMAkGA1UEBhMCUk8x\nFTATBgNVBAgMDFRoZVJvb3RTdGF0ZTEYMBYGA1UEBwwPVGhlUm9vdExvY2FsaXR5\nMRwwGgYDVQQKDBNUaGVSb290T3JnYW5pemF0aW9uMSIwIAYDVQQLDBlUaGVSb290\nT3JnYW5pemF0aW9uYWxVbml0MSAwHgYDVQQDDBd0aGUucm9vdC5jb21tb24ubmFt\nZS5pbzEoMCYGCSqGSIb3DQEJARYZdGhlQHJvb3QuZW1haWwuYWRkcmVzcy5pbzAe\nFw0xNDA4MTQxMzA0NDNaFw0yNDA4MTExMzA0NDNaMIHAMQswCQYDVQQGEwJDQTET\nMBEGA1UECAwKVGhlQ2FTdGF0ZTEWMBQGA1UEBwwNVGhlQ2FMb2NhbGl0eTEaMBgG\nA1UECgwRVGhlQ2FPcmdhbml6YXRpb24xIDAeBgNVBAsMF1RoZUNhT3JnYW5pemF0\naW9uYWxVbml0MR4wHAYDVQQDDBV0aGUuY2EuY29tbW9uLm5hbWUuaW8xJjAkBgkq\nhkiG9w0BCQEWF3RoZUBjYS5lbWFpbC5hZGRyZXNzLmlvMIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEAnDH+7TXsG4KIuEgH/Q6zcV2+RKbcIGIM+Qy7AXPK\nMaC2zz+rFLdwrkE60S6q5kbj4Qviw0EB9xrFqyYzDu+9QeWgLYUVVSCAZiRkfrcz\nw4+LC5CcyxpLx7AwaJTGSZOjCAzQI0M+5VNxlUg96OMiQmLI1LyGcWiCU/b1DH+o\nkI9f7+E8I5TwJEepb6pUiAnGVJoq19v39SlKDDDZ2oS47ElQPQM6QhyT6C9R10GI\n1ILYkgVQCR6dKCqRiar+DrgULY6I/YpZjzsoQT9cuK3kPZqn5P/O/EUWfuVY6BWZ\nn/OW6/JEZvpxyP1IrNq2Mc1dfSFWxqaUd+Lu+xvIMGkpJwIDAQABo1AwTjAdBgNV\nHQ4EFgQUP0o72Giv/Nc5rbYbmARjo4WggCcwHwYDVR0jBBgwFoAUHCS1guZGRNHN\nSvIRRCht25WOJOEwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAQEAsXiL\ntf6rYuY5Lr8WrUAM344il4fT+NQQ9ikbAIO9bLUaZG+cXbWLNeQSP/iDuBwWi2JF\noFhSAekr1UZvWu+eL62BeLl2CxB5SCayey9fIVTG8C+QHuOmsjLvTyQsUPByt2rE\nPB35hhxkSscUA4JyGN5dx08aaLBaULjaUwrib9gM7Iqg41pV+8MGPyHidUFeHPCS\nmuhmxoGlwjnzOuG3kE06EY9NjZ0oRnNnFtAat33/WgUDMMXK7H4t0IKojGgajvga\nqf42osfXzBTA7hD2qaTv/p/jGtt+UGJefsS2BkLn7aNGpOPhmC+So0bOhRCwmasV\nWywaLFBDEYDnAEbK5Q==\n-----END CERTIFICATE-----\n"
       },
       "client_authentication": "x509-identity-0"
   }
}
REQUEST

Configure STARTTLS encryption with server certificate check, and authenticate as client with an X.509 certificate response

{
   "meta": {
       "first": "/api/configuration/management/accounting",
       "href": "/api/configuration/management/email",
       "last": "/api/configuration/management/web_gateway_authentication",
       "next": "/api/configuration/management/exported_configuration_encryption",
       "parent": "/api/configuration/management",
       "previous": "/api/configuration/management/disk_fillup_prevention",
       "transaction": "/api/transaction"
   }
}

Private keys

Querying a private key

Querying a private key request

curl --cookie cookies --request GET https://<IP-address-of-SPS>/api/configuration/private_keys/identity-0

Querying a private key response

{
    "key": "identity-0",
    "body": {
      "public_key_fingerprint": {
          "digest": "2048 SHA256:JSFdfkT6wU9c00ddqX53hovDo7KbIB8OREfumUWDh8g no comment (RSA)",
          "hash_algorithm": "sha256"
      },
      "type": "rsa"
    }
}
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating