立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Sessions 7.4 - REST API Reference Guide

Introduction Using the SPS REST API Basic settings User management and access control Managing SPS General connection settings HTTP connections Citrix ICA connections MSSQL connections RDP connections SSH connections Telnet connections VNC connections Search, retrieve, download, and index sessions Reporting Health and maintenance Advanced authentication and authorization Completing the Welcome Wizard using REST Enable and configure analytics using REST REST API examples

Change an object

To modify or update an object, use a PUT request on the object you want to change. In the body of the request, you have to upload the entire object, not only the parameter that you want to change.

To delete an element of a list (for example, a user from a local user database), use a PUT request. The body the request should include the entire object, but remove the element you want to delete from the related list of the object.

Note the following points when you create a request:

  • Note that you cannot simply use the JSON from the response of a similar object. If the object contains references to other resources (for example, a Channel policy references a Time policy), then the JSON object contains an embedded meta object. To get a valid JSON that you can use, you have to replace this embedded object with the ID (key) of the referenced object. For example, the following is a reference to a Time policy:

    "time_policy": {
            "key": "-100",
            "meta": {
                "href": "/api/configuration/policies/time_policies/-100"
            }
        }

    In a POST or PUT request, you have to change it to the following:

    "time_policy": "-100",

    Starting with version 6.1.0, when querying a list of objects, the API response includes the body of the referenced objects as well, not only its reference key, but only if they are immediate child nodes.

  • You have to include empty fields in the object as well, for example:

    "users": [
            { "certificates": [], "passwords": [ "<reference-to-password>" ], "public_keys": [], "username": "myusername" }
            ]
  • The API ignores any unrecognized or nonexistent keys that appear in the body of POST and PUT requests. For example, if you mistype the name of an optional key, it will be silently ignored.

  • The body wrapper that is displayed in the response is not needed when you create or modify an object, for example:

    {
        "name": "my-local-user-database",
        "users": [
            { "certificates": [], "passwords": [ "<reference-to-password>" ], "public_keys": [], "username": "myusername" }
            ]
    }
URL
PUT https:<IP-address-of-SPS>/api/configuration/<path-to-the-parent-resource>/<id-of-the-object-to-modify>
Table 2: Headers
Header name Description Required Values
Content-Type Specifies the type of the data sent. SPS uses the JSON format Required application/json
session_id Contains the authentication token of the user Required The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For details on authentication, see Authenticate to the SPS REST API.
Sample request

The following command updates an RDP Channel policy. The data content of the request is read from the file body.json.

curl -H "Content-Type: application/json" -d @body.json --cookie session_id=07640a0bf14cdd361d8f5ae2b0b482a786c7a604 -X PUT https://10.40.255.17/api/configuration/rdp/channel_policies/<id-of-the-object-to-modify>

For a simple RDP Channel policy that uses the default settings and allows only the Drawing channel, the JSON object is the following.

{
  "name": "drawing-only",
  "rules": [
    {
      "actions": {
        "audit": true,
        "content_policy": null,
        "four_eyes": false,
        "ids": false
      },
      "allowed_for": {
        "clients": [],
        "gateway_groups": [],
        "remote_groups": [],
        "servers": [],
        "time_policy": "-100"
      },
      "channel": "#drawing"
    }
  ]
}
Response

The following is a sample response received.

For more information on the meta object, see Message format.

{
  "meta": {
    "first": "/api/configuration/rdp/channel_policies/-20100",
    "href": "/api/configuration/rdp/channel_policies/<id-of-the-modified-object>",
    "last": "/api/configuration/rdp/channel_policies/<id-of-the-modified-object>",
    "next": null,
    "parent": "/api/configuration/rdp/channel_policies",
    "previous": "/api/configuration/rdp/channel_policies/655555",
    "transaction": "/api/transaction"
  }
}
Status and error codes

The following table lists the typical status and error codes for this request. For a complete list of error codes, see Application level error codes.

Code Description Notes
201 Created The new resource was successfully created..
400 Bad Request The request body format is invalid. The data is not a properly formatted JSON object.
401 Unauthenticated The requested resource cannot be retrieved because the client is not authenticated and the resource requires authorization to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved.
403 Unauthorized The requested resource cannot be retrieved because the client is not authorized to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved.
409 Conflict No open Transaction is available. Open a transaction before using this request. For details, see Open a transaction.
417 Expectation Failed

If you receive the "417 - Expectation Failed" error code when using curl, use curl with the --http1.0 or the -H "Expect:" option.

Generating SPS support bundle using REST

Generate a support bundle using the SPS REST API.

Previously, generating a support bundle for SPS was possible only from the SPS web interface, at Basic Settings > Troubleshooting > Create support bundle. Using the /support-bundle endpoint, administrators can start support bundle generation jobs and download a snapshot of the current state of the specified SPS appliance. To troubleshoot multiple SPS appliances, you must generate the support bundle for each appliance.

NOTE: A support bundle is automatically deleted after 24 hours. If the issue with your SPS appliance persists, you must download a new support bundle.

URL
https://<IP-address-of-SPS>/api/troubleshooting/support-bundle
Cookies
Cookie name Description Required Values
session_id Contains the authentication token of the user Required

The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For more information on authentication, see Authenticate to the SPS REST API.

NOTE: This session ID refers to the connection between the REST client and the SPS REST API. It is not related to the sessions that SPS records (and which also have a session ID, but in a different format).

HTTP operations

HTTP operations with the /support-bundle endpoint include:

HTTP method

URL

Description

Notes

POST

/api/troubleshooting/support-bundle

Start generating a SPS support bundle

POST

Start a SPS support bundle generation job while an another job is in progress

GET

Retrieve the status of all generated SPS support bundles

GET

/api/troubleshooting/support-bundle/<the-key-of-the-generated-support-bundle-job>

Retrieve the status of a single generated SPS support bundle

GET

/api/troubleshooting/support-bundle/<the-key-of-the-generated-support-bundle-job>/download

Download a SPS support bundle

DELETE

/api/troubleshooting/support-bundle/<the-key-of-the-generated-support-bundle-job>

Remove a SPS support bundle

You can cancel a SPS support bundle generation job while it is in progress.

Sample request

The following command starts the generation of a SPS support bundle.

curl -X POST -b "${COOKIE_PATH}" https://<IP-address-of-SPS>/api/troubleshooting/support-bundle
Sample response

The following is a sample response received if the request was successful.

{
                "items": [
                    {
                        "body": {
                            "error": null,
                            "file_name": null,
                            "info": null,
                            "start_time": null,
                            "status": "queued"
                        },
                        "key": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
                        "meta": {
                            "href": "/api/troubleshooting/support-bundle/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
                            "parent": "/api/troubleshooting"
                        }
                    }
                ],
                "meta": {
                    "href": "/api/troubleshooting/support-bundle",
                    "parent": "/api/troubleshooting"
                }
            }
 

Elements of the response message body include:

Element

Type

Description

Notes

error

string | null

Describes the nature of the error during SPS support bundle job generation.

For example, "Timeout expired while waiting for creation of support-bundle."

info

string | null

file_name

string | null

The name of the SPS support bundle file.

start_time

string (date-time)

The starting point of the SPS support bundle generation job.

YYYY-MM-DDThh:mm:ss+hh:mm is used as the date-time format. For example, 2022-03-30T12:00:01+00:00.

status

enum

The status of the SPS support bundle generation jobs.

Possible values:

  • in-progress - The support bundle generation job is in progress.

  • failed - The support bundle generation job was not successful.

  • finished - The support bundle generation job is completed.

  • queued - The support bundle generation job is queued for processing.

key

string

The unique key generated by SPS to identify the support bundle job.

For more information on the meta object, see Message format.

Sample request

The following command retrieves the status of all generated SPS support bundles.

curl -X GET -b "${COOKIE_PATH}" https://<IP-address-of-SPS>/api/troubleshooting/support-bundle
Sample response

The following is a sample response received if the request was successful.

{
              "items": [
                  {
                     "body" : {
                         "error": null,
                         "info" : null,
                         "file_name" : null,
                         "start_time": "2022-03-30T12:00:01+00:00",
                         "status" : "in-progress"
                     },
                     "key": "22222222-2222-2222-2222-222222222222",
                     "meta": {
                         "href": "/api/troubleshooting/support-bundle/22222222-2222-2222-2222-222222222222",
                         "parent": "/api/troubleshooting"
                     }
                  },
                  {
                     "body" : {
                         "error": "Timeout expired while waiting for creation of support-bundle.",
                         "info" : null,
                         "file_name" : null,
                         "start_time": "2022-03-30T12:00:01+00:00",
                         "status": "failed"
                     },
                     "key" : "33333333-3333-3333-3333-333333333333",
                     "meta" : {
                         "href" : "/api/troubleshooting/support-bundle/33333333-3333-3333-3333-333333333333",
                         "parent": "/api/troubleshooting"
                     }
                  },
                  {
                     "body" : {
                         "error": null,
                         "info" : null,
                         "file_name" : "44444444-4444-4444-4444-444444444444-debug_info.zip",
                         "start_time": "2022-03-30T12:00:01+00:00",
                         "status": "finished"
                     },
                     "key" : "44444444-4444-4444-4444-444444444444",
                     "meta" : {
                         "href" : "/api/troubleshooting/support-bundle/44444444-4444-4444-4444-444444444444",
                         "parent": "/api/troubleshooting"
                     }
                  },
                  {
                     "body" : {
                         "error": null,
                         "info" : null,
                         "file_name" : null,
                         "start_time": null,
                         "status": "queued"
                     },
                     "key" : "11111111-1111-1111-1111-111111111111",
                     "meta" : {
                         "href" : "/api/troubleshooting/support-bundle/11111111-1111-1111-1111-111111111111",
                         "parent": "/api/troubleshooting"
                     }
                  }
              ],
              "meta": {
                  "href": "/api/troubleshooting/support-bundle",
                  "parent": "/api/troubleshooting"
              }
          }
 

For parameter descriptions, see Element.

Sample request

The following command attempts to download a SPS support bundle from a failed generation job.

curl -X GET -b "${COOKIE_PATH}" https://<IP-address-of-SPS>/api/troubleshooting/support-bundle/<the-key-of-the-generated-support-bundle-job>/download
Sample response

The following is a sample response received if the request was successful.

{
                "error": {
                    "details": {
                        "mount_point": "/troubleshooting/support-bundle",
                        "resource": "44444444-4444-4444-4444-444444444444/download"
                    },
                    "message": "Resource was not found",
                    "type": "ResourceNotFound"
                },
                "meta": {
                    "href": "/api/troubleshooting/support-bundle/44444444-4444-4444-4444-444444444444/download",
                    "parent": "/api/troubleshooting/support-bundle/44444444-4444-4444-4444-444444444444"
                }
            }
 

Elements of the response message body include:

Element

Type

Description

Notes

details

object

details.mount_point

string

The reference URL of the endpoint at which the error has occurred.

details_resource

The reference URL of the resource which could not be downloaded.

message

string

The content of the error message.

type

string

The type of the error message.

For more information on the meta object, see Message format.

Sample request

The following command removes the information on a finished SPS support bundle generation job.

curl -X DELETE -b "${COOKIE_PATH}" https://<IP-address-of-SPS>/api/troubleshooting/support-bundle/<the-key-of-the-generated-support-bundle-job>

An example of the request message body:

{
                "error": null,
                "info" : null,
                "file_name" : "22222222-2222-2222-2222-222222222222-debug_info.zip"
            }
 
Sample response

The response status of the deletion is a standard HTTP 200 OK.

HTTP response codes

For more information and a list of standard HTTP response codes, see Application level error codes.

Basic settings

Topics:

Retrieve basic firmware and host information

The /api/info endpoint contains generic information about the SPS host. Note that part of this information is available without authentication.

URL
GET https://<IP-address-of-SPS>/api/info
Cookies
Cookie name Description Required Values
session_id Contains the authentication token of the user Required

The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For more information on authentication, see Authenticate to the SPS REST API.

NOTE: This session ID refers to the connection between the REST client and the SPS REST API. It is not related to the sessions that SPS records (and which also have a session ID, but in a different format).

Sample request

The following command displays the information about SPS that is available without authentication.

curl https://10.40.255.171/api/info

The following command displays the information about SPS that is available for authenticated users.

curl --cookie cookies https://<IP-address-of-SPS>/api/info
Response

The following is a sample response received by an anonymous user.

For more information on the meta object, see Message format.

{
    "body": {
	    "domainname": "example",
        "hostname": "scbwriter",
        "nickname": null,
        "plugin_sdk_version": {
            "feature": "1.4",
            "full": "1.4.4"
        },
        "support_link": "mailto:scb-administrator@example.com"
    },
    "key": "about_info",
    "meta": {
        "href": "/api/info",
        "parent": "/api"
    }
}

The following is a sample response received by an authenticated user.

{
    "body": {
        "analytics_enabled": false,
	"build_date": "2018-06-15T20:18:40+00:00",
	"config_hash": "2abde4c81d9b544bf53fae4f4b9657fc",
        "domainname": "example",
        "firmware_version": "5.7.0",
        "hostname": "scbwriter",
        "nickname": null,
        "plugin_sdk_version": {
            "feature": "1.4",
            "full": "1.4.4"
        },
	"roles": [
		"central-management",
		"search-master"
	],
        "support_link": "mailto:scb-administrator@example.com",
        "version": "5 F7"
    },
    "key": "about_info",
    "meta": {
        "href": "/api/info",
        "remaining_seconds": 9889
        "parent": "/api"
    }
}
Element Description

analytics_enabled

Indicates whether or not the One Identity Safeguard for Privileged Analytics module has been enabled.

build_date Build date of the SPS firmware. This element is included in the response only for authenticated users.

config_hash

Contains the hash of the XML database running on the given SPS host.

domainname Name of the domain used on the network. You can configure this parameter on the /api/configuration/network/naming endpoint. For details, see Naming options.
hostname Name of the machine running SPS. You can configure this parameter on the /api/configuration/network/naming endpoint. For details, see Naming options.
nickname The nickname of the SPS host. Use it to distinguish the devices. It is displayed in the core and boot login shells. You can configure this parameter on the /api/configuration/network/naming endpoint. For details, see Naming options.
plugin_sdk_version

The version number of the Plugin SDK.

  • The value of feature represents the feature release version.

  • The value of full represents the minor release version.

support_link The e-mail address of the SPS administrator, as set in the admin_address parameter of the /api/configuration/management/email endpoint. For details, see Mail settings.
firmware_version The version number of the firmware running on SPS, for example, 4.3.2a. This element is included in the response only for authenticated users.
version The name of the major release running on SPS, for example, 4 F3. This element is included in the response only for authenticated users.
Status and error codes

The following table lists the typical status and error codes for this request. For a complete list of error codes, see Application level error codes.

Code Description Notes
401 Unauthenticated The requested resource cannot be retrieved because the client is not authenticated and the resource requires authorization to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved.
403 Unauthorized The requested resource cannot be retrieved because the client is not authorized to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级