SGNL Public API v2.0.0
Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.
SGNL Public API
Base URLs:
https://clientName.sgnlapis.cloud
Endpoint for Access service. All access evaluation calls must be made to this endpoint. The URL might change based on whether SGNL is running in an on-prem or SaaS environment.
Product Documentation
Email: API Support
Web: API Support
License: Apache 2.0
Terms of service
Introduction
The SGNL API is based on REST. It accepts JSON-encoded requests, returns JSON-encoded responses and uses standard HTTP verbs, authentication and response codes. The access API endpoint is used by integrations to make access requests and uses Bearer Authentication for access control and authentication. The authentication token is generated during integration configuration. Use -H "Authorization: Bearer <authentication_token>" in your requests. All API requests must be made over HTTPS.
Access Evaluation
AccessEvaluation
Code samples
POST /access/v2/evaluations HTTP/1.1
Content-Type: application/json
Accept: application/json
X-Request-Id: bfe9eb29-ab87-4ca3-be83-a1d5d8305716
Accept-Language: en, en-US;q=0.8, es;q=0.7
Authorization: Bearer {access-token}
Host: clientName.sgnlapis.cloud
Content-Length: 179
{"principal":{"id":"[email protected]","ipAddress":"172.217.22.14","deviceId":"48:65:ee:17:7e:0b"},"queries":[{"action":"delete","assetId":"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d"}]}
curl --request POST \
--url https://clientName.sgnlapis.cloud/access/v2/evaluations \
--header 'Accept: application/json' \
--header 'Accept-Language: en, en-US;q=0.8, es;q=0.7' \
--header 'Authorization: Bearer {access-token}' \
--header 'Content-Type: application/json' \
--header 'X-Request-Id: bfe9eb29-ab87-4ca3-be83-a1d5d8305716' \
--data '{"principal":{"id":"[email protected]","ipAddress":"172.217.22.14","deviceId":"48:65:ee:17:7e:0b"},"queries":[{"action":"delete","assetId":"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d"}]}'
CURL *hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(hnd, CURLOPT_URL, "https://clientName.sgnlapis.cloud/access/v2/evaluations");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "Content-Type: application/json");
headers = curl_slist_append(headers, "Accept: application/json");
headers = curl_slist_append(headers, "X-Request-Id: bfe9eb29-ab87-4ca3-be83-a1d5d8305716");
headers = curl_slist_append(headers, "Accept-Language: en, en-US;q=0.8, es;q=0.7");
headers = curl_slist_append(headers, "Authorization: Bearer {access-token}");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}");
CURLcode ret = curl_easy_perform(hnd);
HttpResponse<String> response = Unirest.post("https://clientName.sgnlapis.cloud/access/v2/evaluations")
.header("Content-Type", "application/json")
.header("Accept", "application/json")
.header("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716")
.header("Accept-Language", "en, en-US;q=0.8, es;q=0.7")
.header("Authorization", "Bearer {access-token}")
.body("{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}")
.asString();
val client = OkHttpClient()
val mediaType = MediaType.parse("application/json")
val body = RequestBody.create(mediaType, "{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}")
val request = Request.Builder()
.url("https://clientName.sgnlapis.cloud/access/v2/evaluations")
.post(body)
.addHeader("Content-Type", "application/json")
.addHeader("Accept", "application/json")
.addHeader("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716")
.addHeader("Accept-Language", "en, en-US;q=0.8, es;q=0.7")
.addHeader("Authorization", "Bearer {access-token}")
.build()
val response = client.newCall(request).execute()
var client = new RestClient("https://clientName.sgnlapis.cloud/access/v2/evaluations");
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Accept", "application/json");
request.AddHeader("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716");
request.AddHeader("Accept-Language", "en, en-US;q=0.8, es;q=0.7");
request.AddHeader("Authorization", "Bearer {access-token}");
request.AddParameter("application/json", "{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://clientName.sgnlapis.cloud/access/v2/evaluations"
payload := strings.NewReader("{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Accept", "application/json")
req.Header.Add("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716")
req.Header.Add("Accept-Language", "en, en-US;q=0.8, es;q=0.7")
req.Header.Add("Authorization", "Bearer {access-token}")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}
const data = JSON.stringify({
"principal": {
"id": "[email protected]",
"ipAddress": "172.217.22.14",
"deviceId": "48:65:ee:17:7e:0b"
},
"queries": [
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d"
}
]
});
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === this.DONE) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://clientName.sgnlapis.cloud/access/v2/evaluations");
xhr.setRequestHeader("Content-Type", "application/json");
xhr.setRequestHeader("Accept", "application/json");
xhr.setRequestHeader("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716");
xhr.setRequestHeader("Accept-Language", "en, en-US;q=0.8, es;q=0.7");
xhr.setRequestHeader("Authorization", "Bearer {access-token}");
xhr.send(data);
const http = require("https");
const options = {
"method": "POST",
"hostname": "clientName.sgnlapis.cloud",
"port": null,
"path": "/access/v2/evaluations",
"headers": {
"Content-Type": "application/json",
"Accept": "application/json",
"X-Request-Id": "bfe9eb29-ab87-4ca3-be83-a1d5d8305716",
"Accept-Language": "en, en-US;q=0.8, es;q=0.7",
"Authorization": "Bearer {access-token}"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.write(JSON.stringify({
principal: {
id: '[email protected]',
ipAddress: '172.217.22.14',
deviceId: '48:65:ee:17:7e:0b'
},
queries: [{action: 'delete', assetId: '3cdd2459-d9d3-4df4-abbd-8cee6fecea2d'}]
}));
req.end();
import http.client
conn = http.client.HTTPSConnection("clientName.sgnlapis.cloud")
payload = "{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}"
headers = {
'Content-Type': "application/json",
'Accept': "application/json",
'X-Request-Id': "bfe9eb29-ab87-4ca3-be83-a1d5d8305716",
'Accept-Language': "en, en-US;q=0.8, es;q=0.7",
'Authorization': "Bearer {access-token}"
}
conn.request("POST", "/access/v2/evaluations", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://clientName.sgnlapis.cloud/access/v2/evaluations")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["Content-Type"] = 'application/json'
request["Accept"] = 'application/json'
request["X-Request-Id"] = 'bfe9eb29-ab87-4ca3-be83-a1d5d8305716'
request["Accept-Language"] = 'en, en-US;q=0.8, es;q=0.7'
request["Authorization"] = 'Bearer {access-token}'
request.body = "{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}"
response = http.request(request)
puts response.read_body
POST /access/v2/evaluations
Evaluate whether a principal can perform actions on assets.
Body parameter
{
"principal": {
"id": "[email protected]",
"ipAddress": "172.217.22.14",
"deviceId": "48:65:ee:17:7e:0b"
},
"queries": [
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d"
}
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| X-Request-Id | header | string | false | Arbitrary string identifier used to correlate requests with responses. The response will contain the X-Request-Id header with the same value. |
| Accept-Language | header | string | false | none |
| transform | query | Boolean | false | Optional parameter to specify if transformations should be applied to the request and the response. |
| transformId | query | UUID | false | Optional parameter to specify the specific transform ID to be applied if the transform query parameter is set to true. |
| body | body | AccessEvaluationRequest | false | none |
| principal | body | Principal | true | Principal trying to access a protected asset |
| id | body | string | true | Identifier for the principal |
| ipAddress | body | string | false | IP address from which the principal is making the request |
| deviceId | body | string | false | The identifier for the device making the request |
| queries | body | [Query] | true | Collection of assets and/or actions |
| action | body | string | false | Action the principal is trying to perform on the asset |
| assetId | body | string | false | Identifer for the asset |
Example responses
200 Response
{
"issuedAt": "2023-01-04T22:06:54.530672786Z",
"evaluationDuration": 2550,
"principalId": "[email protected]",
"ipAddress": "120.55.122.12",
"deviceId": "device1",
"decisions": [
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d",
"decision": "Allow",
"reasons": [
"this is a denial reason"
]
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | AccessEvaluationResponse |
| 400 | Bad Request | Invalid request | ErrorResponse |
| 401 | Unauthorized | Unauthorized | ErrorResponse |
| 403 | Forbidden | Forbidden | ErrorResponse |
| 500 | Internal Server Error | Internal Error | ErrorResponse |
Response Headers
| Status | Header | Type | Format | Description |
|---|---|---|---|---|
| 200 | X-Request-Id | string | none | |
| 400 | X-Request-Id | string | none | |
| 401 | X-Request-Id | string | none | |
| 403 | X-Request-Id | string | none | |
| 500 | X-Request-Id | string | none |
Asset Search
AssetSearch
Code samples
POST /access/v2/search/assets HTTP/1.1
Content-Type: application/json
Accept: application/json
X-Request-Id: bfe9eb29-ab87-4ca3-be83-a1d5d8305716
Authorization: Bearer {access-token}
Host: clientName.sgnlapis.cloud
Content-Length: 130
{"principal":{"id":"[email protected]","ipAddress":"172.217.22.14","deviceId":"48:65:ee:17:7e:0b"},"queries":[{"action":"delete"}]}
curl --request POST \
--url https://clientName.sgnlapis.cloud/access/v2/search/assets \
--header 'Accept: application/json' \
--header 'Authorization: Bearer {access-token}' \
--header 'Content-Type: application/json' \
--header 'X-Request-Id: bfe9eb29-ab87-4ca3-be83-a1d5d8305716' \
--data '{"principal":{"id":"[email protected]","ipAddress":"172.217.22.14","deviceId":"48:65:ee:17:7e:0b"},"queries":[{"action":"delete"}]}'
CURL *hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(hnd, CURLOPT_URL, "https://clientName.sgnlapis.cloud/access/v2/search/assets");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "Content-Type: application/json");
headers = curl_slist_append(headers, "Accept: application/json");
headers = curl_slist_append(headers, "X-Request-Id: bfe9eb29-ab87-4ca3-be83-a1d5d8305716");
headers = curl_slist_append(headers, "Authorization: Bearer {access-token}");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\"}]}");
CURLcode ret = curl_easy_perform(hnd);
HttpResponse<String> response = Unirest.post("https://clientName.sgnlapis.cloud/access/v2/search/assets")
.header("Content-Type", "application/json")
.header("Accept", "application/json")
.header("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716")
.header("Authorization", "Bearer {access-token}")
.body("{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\"}]}")
.asString();
val client = OkHttpClient()
val mediaType = MediaType.parse("application/json")
val body = RequestBody.create(mediaType, "{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\"}]}")
val request = Request.Builder()
.url("https://clientName.sgnlapis.cloud/access/v2/search/assets")
.post(body)
.addHeader("Content-Type", "application/json")
.addHeader("Accept", "application/json")
.addHeader("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716")
.addHeader("Authorization", "Bearer {access-token}")
.build()
val response = client.newCall(request).execute()
var client = new RestClient("https://clientName.sgnlapis.cloud/access/v2/search/assets");
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Accept", "application/json");
request.AddHeader("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716");
request.AddHeader("Authorization", "Bearer {access-token}");
request.AddParameter("application/json", "{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\"}]}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://clientName.sgnlapis.cloud/access/v2/search/assets"
payload := strings.NewReader("{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\"}]}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Accept", "application/json")
req.Header.Add("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716")
req.Header.Add("Authorization", "Bearer {access-token}")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}
const data = JSON.stringify({
"principal": {
"id": "[email protected]",
"ipAddress": "172.217.22.14",
"deviceId": "48:65:ee:17:7e:0b"
},
"queries": [
{
"action": "delete"
}
]
});
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === this.DONE) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://clientName.sgnlapis.cloud/access/v2/search/assets");
xhr.setRequestHeader("Content-Type", "application/json");
xhr.setRequestHeader("Accept", "application/json");
xhr.setRequestHeader("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716");
xhr.setRequestHeader("Authorization", "Bearer {access-token}");
xhr.send(data);
const http = require("https");
const options = {
"method": "POST",
"hostname": "clientName.sgnlapis.cloud",
"port": null,
"path": "/access/v2/search/assets",
"headers": {
"Content-Type": "application/json",
"Accept": "application/json",
"X-Request-Id": "bfe9eb29-ab87-4ca3-be83-a1d5d8305716",
"Authorization": "Bearer {access-token}"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.write(JSON.stringify({
principal: {
id: '[email protected]',
ipAddress: '172.217.22.14',
deviceId: '48:65:ee:17:7e:0b'
},
queries: [{action: 'delete'}]
}));
req.end();
import http.client
conn = http.client.HTTPSConnection("clientName.sgnlapis.cloud")
payload = "{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\"}]}"
headers = {
'Content-Type': "application/json",
'Accept': "application/json",
'X-Request-Id': "bfe9eb29-ab87-4ca3-be83-a1d5d8305716",
'Authorization': "Bearer {access-token}"
}
conn.request("POST", "/access/v2/search/assets", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://clientName.sgnlapis.cloud/access/v2/search/assets")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["Content-Type"] = 'application/json'
request["Accept"] = 'application/json'
request["X-Request-Id"] = 'bfe9eb29-ab87-4ca3-be83-a1d5d8305716'
request["Authorization"] = 'Bearer {access-token}'
request.body = "{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\"}]}"
response = http.request(request)
puts response.read_body
POST /access/v2/search/assets
Returns accessible assets for a principal given integration configuration
Body parameter
{
"principal": {
"id": "[email protected]",
"ipAddress": "172.217.22.14",
"deviceId": "48:65:ee:17:7e:0b"
},
"queries": [
{
"action": "delete"
}
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| X-Request-Id | header | string | false | Arbitrary string identifier used to correlate requests with responses. The response will contain the X-Request-Id header with the same value. |
| pageToken | query | string | false | Token to use to get the next set of assets |
| pageSize | query | integer | false | Maximum number of objects returned per query in a page |
| transform | query | Boolean | false | Optional parameter to specify if transformations should be applied to the request and the response. |
| transformId | query | UUID | false | Optional parameter to specify the specific transform ID to be applied if the transform query parameter is set to true. |
| providerId | query | UUID | false | Optional parameter to specify the Provider Hook that the request is routed to. |
| tenantId | query | UUID | false | Optional parameter to specify the tenant ID. This is required if providerId is specified and used to route a request to a Provider Hook. |
| body | body | SearchAssetsRequest | false | none |
| principal | body | Principal | true | Principal trying to access a protected asset |
| id | body | string | true | Identifier for the principal |
| ipAddress | body | string | false | IP address from which the principal is making the request |
| deviceId | body | string | false | The identifier for the device making the request |
| queries | body | [SearchQuery] | true | Collection of actions |
| action | body | string | false | Action the principal is trying to perform on the asset |
Example responses
200 Response
{
"issuedAt": "2023-01-04T22:06:54.530672786Z",
"evaluationDuration": 2550,
"principalId": "[email protected]",
"ipAddress": "120.55.122.12",
"deviceId": "device1",
"decisions": [
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d",
"decision": "Allow",
"assetAttributes": {}
}
],
"nextPageToken": "NWU0OGFiZTItNjI1My00NTQ5LWEzYTctNWQ1YmE1MmVmM2Q4"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | SearchAssetsResponse |
| 400 | Bad Request | Invalid request | ErrorResponse |
| 401 | Unauthorized | Unauthorized | ErrorResponse |
| 403 | Forbidden | Forbidden | ErrorResponse |
| 500 | Internal Server Error | Internal Error | ErrorResponse |
Response Headers
| Status | Header | Type | Format | Description |
|---|---|---|---|---|
| 200 | X-Request-Id | string | none | |
| 400 | X-Request-Id | string | none | |
| 401 | X-Request-Id | string | none | |
| 403 | X-Request-Id | string | none | |
| 500 | X-Request-Id | string | none |
Principal Search
PrincipalSearch
Code samples
POST /access/v2/search/principals HTTP/1.1
Content-Type: application/json
Accept: application/json
X-Request-Id: bfe9eb29-ab87-4ca3-be83-a1d5d8305716
Authorization: Bearer {access-token}
Host: clientName.sgnlapis.cloud
Content-Length: 82
{"queries":[{"action":"delete","assetId":"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d"}]}
curl --request POST \
--url https://clientName.sgnlapis.cloud/access/v2/search/principals \
--header 'Accept: application/json' \
--header 'Authorization: Bearer {access-token}' \
--header 'Content-Type: application/json' \
--header 'X-Request-Id: bfe9eb29-ab87-4ca3-be83-a1d5d8305716' \
--data '{"queries":[{"action":"delete","assetId":"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d"}]}'
CURL *hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(hnd, CURLOPT_URL, "https://clientName.sgnlapis.cloud/access/v2/search/principals");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "Content-Type: application/json");
headers = curl_slist_append(headers, "Accept: application/json");
headers = curl_slist_append(headers, "X-Request-Id: bfe9eb29-ab87-4ca3-be83-a1d5d8305716");
headers = curl_slist_append(headers, "Authorization: Bearer {access-token}");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}");
CURLcode ret = curl_easy_perform(hnd);
HttpResponse<String> response = Unirest.post("https://clientName.sgnlapis.cloud/access/v2/search/principals")
.header("Content-Type", "application/json")
.header("Accept", "application/json")
.header("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716")
.header("Authorization", "Bearer {access-token}")
.body("{\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}")
.asString();
val client = OkHttpClient()
val mediaType = MediaType.parse("application/json")
val body = RequestBody.create(mediaType, "{\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}")
val request = Request.Builder()
.url("https://clientName.sgnlapis.cloud/access/v2/search/principals")
.post(body)
.addHeader("Content-Type", "application/json")
.addHeader("Accept", "application/json")
.addHeader("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716")
.addHeader("Authorization", "Bearer {access-token}")
.build()
val response = client.newCall(request).execute()
var client = new RestClient("https://clientName.sgnlapis.cloud/access/v2/search/principals");
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Accept", "application/json");
request.AddHeader("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716");
request.AddHeader("Authorization", "Bearer {access-token}");
request.AddParameter("application/json", "{\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://clientName.sgnlapis.cloud/access/v2/search/principals"
payload := strings.NewReader("{\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Accept", "application/json")
req.Header.Add("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716")
req.Header.Add("Authorization", "Bearer {access-token}")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}
const data = JSON.stringify({
"queries": [
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d"
}
]
});
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === this.DONE) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://clientName.sgnlapis.cloud/access/v2/search/principals");
xhr.setRequestHeader("Content-Type", "application/json");
xhr.setRequestHeader("Accept", "application/json");
xhr.setRequestHeader("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716");
xhr.setRequestHeader("Authorization", "Bearer {access-token}");
xhr.send(data);
const http = require("https");
const options = {
"method": "POST",
"hostname": "clientName.sgnlapis.cloud",
"port": null,
"path": "/access/v2/search/principals",
"headers": {
"Content-Type": "application/json",
"Accept": "application/json",
"X-Request-Id": "bfe9eb29-ab87-4ca3-be83-a1d5d8305716",
"Authorization": "Bearer {access-token}"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.write(JSON.stringify({queries: [{action: 'delete', assetId: '3cdd2459-d9d3-4df4-abbd-8cee6fecea2d'}]}));
req.end();
import http.client
conn = http.client.HTTPSConnection("clientName.sgnlapis.cloud")
payload = "{\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}"
headers = {
'Content-Type': "application/json",
'Accept': "application/json",
'X-Request-Id': "bfe9eb29-ab87-4ca3-be83-a1d5d8305716",
'Authorization': "Bearer {access-token}"
}
conn.request("POST", "/access/v2/search/principals", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://clientName.sgnlapis.cloud/access/v2/search/principals")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["Content-Type"] = 'application/json'
request["Accept"] = 'application/json'
request["X-Request-Id"] = 'bfe9eb29-ab87-4ca3-be83-a1d5d8305716'
request["Authorization"] = 'Bearer {access-token}'
request.body = "{\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}"
response = http.request(request)
puts response.read_body
POST /access/v2/search/principals
Returns the principals that can perform the specified actions on the specified assets
Body parameter
{
"queries": [
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d"
}
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| X-Request-Id | header | string | false | Arbitrary string identifier used to correlate requests with responses. The response will contain the X-Request-Id header with the same value. |
| pageToken | query | string | false | Token to use to get the next set of assets |
| pageSize | query | integer | false | Maximum number of objects returned per query in a page |
| transform | query | Boolean | false | Optional parameter to specify if transformations should be applied to the request and the response. |
| transformId | query | UUID | false | Optional parameter to specify the specific transform ID to be applied if the transform query parameter is set to true. |
| body | body | SearchPrincipalsRequest | false | none |
| queries | body | [Query] | true | Collection of assets and/or actions |
| action | body | string | false | Action the principal is trying to perform on the asset |
| assetId | body | string | false | Identifer for the asset |
Example responses
200 Response
{
"issuedAt": "2023-01-04T22:06:54.530672786Z",
"evaluationDuration": 2550,
"decisions": [
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d",
"principalId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d",
"decision": "Allow",
"principalAttributes": {}
}
],
"nextPageToken": "NWU0OGFiZTItNjI1My00NTQ5LWEzYTctNWQ1YmE1MmVmM2Q4"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | SearchPrincipalsResponse |
| 400 | Bad Request | Invalid request | ErrorResponse |
| 401 | Unauthorized | Unauthorized | ErrorResponse |
| 403 | Forbidden | Forbidden | ErrorResponse |
| 500 | Internal Server Error | Internal Error | ErrorResponse |
Response Headers
| Status | Header | Type | Format | Description |
|---|---|---|---|---|
| 200 | X-Request-Id | string | none | |
| 400 | X-Request-Id | string | none | |
| 401 | X-Request-Id | string | none | |
| 403 | X-Request-Id | string | none | |
| 500 | X-Request-Id | string | none |
Directory Query
DirectoryQuery
Code samples
POST /access/v2/directory/query?directoryId=360E7BC5-9C00-4855-93CB-E74C2AA09C92 HTTP/1.1
Content-Type: application/json
Accept: application/json
X-Request-Id: bfe9eb29-ab87-4ca3-be83-a1d5d8305716
Authorization: Bearer {access-token}
Host: clientName.sgnlapis.cloud
Content-Length: 217
{"principal":{"id":"[email protected]","ipAddress":"172.217.22.14","deviceId":"48:65:ee:17:7e:0b"},"query":{"action":"delete","assetId":"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d"},"context":{"param1":"foo","param2":"bar"}}
curl --request POST \
--url 'https://clientName.sgnlapis.cloud/access/v2/directory/query?directoryId=360E7BC5-9C00-4855-93CB-E74C2AA09C92' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer {access-token}' \
--header 'Content-Type: application/json' \
--header 'X-Request-Id: bfe9eb29-ab87-4ca3-be83-a1d5d8305716' \
--data '{"principal":{"id":"[email protected]","ipAddress":"172.217.22.14","deviceId":"48:65:ee:17:7e:0b"},"query":{"action":"delete","assetId":"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d"},"context":{"param1":"foo","param2":"bar"}}'
CURL *hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(hnd, CURLOPT_URL, "https://clientName.sgnlapis.cloud/access/v2/directory/query?directoryId=360E7BC5-9C00-4855-93CB-E74C2AA09C92");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "Content-Type: application/json");
headers = curl_slist_append(headers, "Accept: application/json");
headers = curl_slist_append(headers, "X-Request-Id: bfe9eb29-ab87-4ca3-be83-a1d5d8305716");
headers = curl_slist_append(headers, "Authorization: Bearer {access-token}");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"query\":{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"},\"context\":{\"param1\":\"foo\",\"param2\":\"bar\"}}");
CURLcode ret = curl_easy_perform(hnd);
HttpResponse<String> response = Unirest.post("https://clientName.sgnlapis.cloud/access/v2/directory/query?directoryId=360E7BC5-9C00-4855-93CB-E74C2AA09C92")
.header("Content-Type", "application/json")
.header("Accept", "application/json")
.header("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716")
.header("Authorization", "Bearer {access-token}")
.body("{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"query\":{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"},\"context\":{\"param1\":\"foo\",\"param2\":\"bar\"}}")
.asString();
val client = OkHttpClient()
val mediaType = MediaType.parse("application/json")
val body = RequestBody.create(mediaType, "{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"query\":{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"},\"context\":{\"param1\":\"foo\",\"param2\":\"bar\"}}")
val request = Request.Builder()
.url("https://clientName.sgnlapis.cloud/access/v2/directory/query?directoryId=360E7BC5-9C00-4855-93CB-E74C2AA09C92")
.post(body)
.addHeader("Content-Type", "application/json")
.addHeader("Accept", "application/json")
.addHeader("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716")
.addHeader("Authorization", "Bearer {access-token}")
.build()
val response = client.newCall(request).execute()
var client = new RestClient("https://clientName.sgnlapis.cloud/access/v2/directory/query?directoryId=360E7BC5-9C00-4855-93CB-E74C2AA09C92");
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Accept", "application/json");
request.AddHeader("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716");
request.AddHeader("Authorization", "Bearer {access-token}");
request.AddParameter("application/json", "{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"query\":{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"},\"context\":{\"param1\":\"foo\",\"param2\":\"bar\"}}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://clientName.sgnlapis.cloud/access/v2/directory/query?directoryId=360E7BC5-9C00-4855-93CB-E74C2AA09C92"
payload := strings.NewReader("{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"query\":{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"},\"context\":{\"param1\":\"foo\",\"param2\":\"bar\"}}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Accept", "application/json")
req.Header.Add("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716")
req.Header.Add("Authorization", "Bearer {access-token}")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}
const data = JSON.stringify({
"principal": {
"id": "[email protected]",
"ipAddress": "172.217.22.14",
"deviceId": "48:65:ee:17:7e:0b"
},
"query": {
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d"
},
"context": {
"param1": "foo",
"param2": "bar"
}
});
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === this.DONE) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://clientName.sgnlapis.cloud/access/v2/directory/query?directoryId=360E7BC5-9C00-4855-93CB-E74C2AA09C92");
xhr.setRequestHeader("Content-Type", "application/json");
xhr.setRequestHeader("Accept", "application/json");
xhr.setRequestHeader("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716");
xhr.setRequestHeader("Authorization", "Bearer {access-token}");
xhr.send(data);
const http = require("https");
const options = {
"method": "POST",
"hostname": "clientName.sgnlapis.cloud",
"port": null,
"path": "/access/v2/directory/query?directoryId=360E7BC5-9C00-4855-93CB-E74C2AA09C92",
"headers": {
"Content-Type": "application/json",
"Accept": "application/json",
"X-Request-Id": "bfe9eb29-ab87-4ca3-be83-a1d5d8305716",
"Authorization": "Bearer {access-token}"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.write(JSON.stringify({
principal: {
id: '[email protected]',
ipAddress: '172.217.22.14',
deviceId: '48:65:ee:17:7e:0b'
},
query: {action: 'delete', assetId: '3cdd2459-d9d3-4df4-abbd-8cee6fecea2d'},
context: {param1: 'foo', param2: 'bar'}
}));
req.end();
import http.client
conn = http.client.HTTPSConnection("clientName.sgnlapis.cloud")
payload = "{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"query\":{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"},\"context\":{\"param1\":\"foo\",\"param2\":\"bar\"}}"
headers = {
'Content-Type': "application/json",
'Accept': "application/json",
'X-Request-Id': "bfe9eb29-ab87-4ca3-be83-a1d5d8305716",
'Authorization': "Bearer {access-token}"
}
conn.request("POST", "/access/v2/directory/query?directoryId=360E7BC5-9C00-4855-93CB-E74C2AA09C92", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://clientName.sgnlapis.cloud/access/v2/directory/query?directoryId=360E7BC5-9C00-4855-93CB-E74C2AA09C92")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["Content-Type"] = 'application/json'
request["Accept"] = 'application/json'
request["X-Request-Id"] = 'bfe9eb29-ab87-4ca3-be83-a1d5d8305716'
request["Authorization"] = 'Bearer {access-token}'
request.body = "{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"query\":{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"},\"context\":{\"param1\":\"foo\",\"param2\":\"bar\"}}"
response = http.request(request)
puts response.read_body
POST /access/v2/directory/query
Returns a principal with all discovered related nodes and attributes as specified in the directory config
Body parameter
{
"principal": {
"id": "[email protected]",
"ipAddress": "172.217.22.14",
"deviceId": "48:65:ee:17:7e:0b"
},
"query": {
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d"
},
"context": {
"param1": "foo",
"param2": "bar"
}
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| X-Request-Id | header | string | false | Arbitrary string identifier used to correlate requests with responses. The response will contain the X-Request-Id header with the same value. |
| directoryId | query | UUID | true | Required parameter to specify the Directory ID for the directory query. |
| transform | query | Boolean | false | Optional parameter to specify if transformations should be applied to the request and the response. |
| transformId | query | UUID | false | Optional parameter to specify the specific transform ID to be applied if the transform query parameter is set to true. |
| providerId | query | UUID | false | Optional parameter to specify the Provider Hook that the request is routed to. |
| tenantId | query | UUID | false | Optional parameter to specify the tenant ID. This is required if providerId is specified and used to route a request to a Provider Hook. |
| body | body | DirectoryQueryRequest | false | none |
| principal | body | Principal | true | Principal trying to access a protected asset |
| id | body | string | true | Identifier for the principal |
| ipAddress | body | string | false | IP address from which the principal is making the request |
| deviceId | body | string | false | The identifier for the device making the request |
| query | body | Query | true | Action and asset identifier used as parameters to the policies applied to evaluate access |
| action | body | string | false | Action the principal is trying to perform on the asset |
| assetId | body | string | false | Identifer for the asset |
| context | body | object | false | Directory query context |
Example responses
200 Response
{
"issuedAt": "2023-01-04T22:06:54.530672786Z",
"evaluationDuration": 2550,
"principalId": "[email protected]",
"ipAddress": "120.55.122.12",
"deviceId": "device1",
"decisions": [
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d",
"decision": "Allow",
"reasons": [
"this is a denial reason"
],
"records": [
{
"app_id": 256,
"role_id": 1885,
"role_name": "GlobalAdmin",
"permissions": [
{
"permission_id": 1,
"permission_name": "manage_users"
}
]
}
]
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | DirectoryQueryResponse |
| 400 | Bad Request | Invalid request | ErrorResponse |
| 401 | Unauthorized | Unauthorized | ErrorResponse |
| 403 | Forbidden | Forbidden | ErrorResponse |
| 500 | Internal Server Error | Internal Error | ErrorResponse |
Response Headers
| Status | Header | Type | Format | Description |
|---|---|---|---|---|
| 200 | X-Request-Id | string | none | |
| 400 | X-Request-Id | string | none | |
| 401 | X-Request-Id | string | none | |
| 403 | X-Request-Id | string | none | |
| 500 | X-Request-Id | string | none |
Provider Hooks
ProviderRequest
Code samples
POST /access/v2/providers HTTP/1.1
Content-Type: application/json
Accept: application/json
X-Request-Id: bfe9eb29-ab87-4ca3-be83-a1d5d8305716
Authorization: Bearer {access-token}
Host: clientName.sgnlapis.cloud
Content-Length: 179
{"principal":{"id":"[email protected]","ipAddress":"172.217.22.14","deviceId":"48:65:ee:17:7e:0b"},"queries":[{"action":"delete","assetId":"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d"}]}
curl --request POST \
--url https://clientName.sgnlapis.cloud/access/v2/providers \
--header 'Accept: application/json' \
--header 'Authorization: Bearer {access-token}' \
--header 'Content-Type: application/json' \
--header 'X-Request-Id: bfe9eb29-ab87-4ca3-be83-a1d5d8305716' \
--data '{"principal":{"id":"[email protected]","ipAddress":"172.217.22.14","deviceId":"48:65:ee:17:7e:0b"},"queries":[{"action":"delete","assetId":"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d"}]}'
CURL *hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(hnd, CURLOPT_URL, "https://clientName.sgnlapis.cloud/access/v2/providers");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "Content-Type: application/json");
headers = curl_slist_append(headers, "Accept: application/json");
headers = curl_slist_append(headers, "X-Request-Id: bfe9eb29-ab87-4ca3-be83-a1d5d8305716");
headers = curl_slist_append(headers, "Authorization: Bearer {access-token}");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}");
CURLcode ret = curl_easy_perform(hnd);
HttpResponse<String> response = Unirest.post("https://clientName.sgnlapis.cloud/access/v2/providers")
.header("Content-Type", "application/json")
.header("Accept", "application/json")
.header("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716")
.header("Authorization", "Bearer {access-token}")
.body("{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}")
.asString();
val client = OkHttpClient()
val mediaType = MediaType.parse("application/json")
val body = RequestBody.create(mediaType, "{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}")
val request = Request.Builder()
.url("https://clientName.sgnlapis.cloud/access/v2/providers")
.post(body)
.addHeader("Content-Type", "application/json")
.addHeader("Accept", "application/json")
.addHeader("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716")
.addHeader("Authorization", "Bearer {access-token}")
.build()
val response = client.newCall(request).execute()
var client = new RestClient("https://clientName.sgnlapis.cloud/access/v2/providers");
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Accept", "application/json");
request.AddHeader("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716");
request.AddHeader("Authorization", "Bearer {access-token}");
request.AddParameter("application/json", "{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://clientName.sgnlapis.cloud/access/v2/providers"
payload := strings.NewReader("{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Accept", "application/json")
req.Header.Add("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716")
req.Header.Add("Authorization", "Bearer {access-token}")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}
const data = JSON.stringify({
"principal": {
"id": "[email protected]",
"ipAddress": "172.217.22.14",
"deviceId": "48:65:ee:17:7e:0b"
},
"queries": [
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d"
}
]
});
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === this.DONE) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://clientName.sgnlapis.cloud/access/v2/providers");
xhr.setRequestHeader("Content-Type", "application/json");
xhr.setRequestHeader("Accept", "application/json");
xhr.setRequestHeader("X-Request-Id", "bfe9eb29-ab87-4ca3-be83-a1d5d8305716");
xhr.setRequestHeader("Authorization", "Bearer {access-token}");
xhr.send(data);
const http = require("https");
const options = {
"method": "POST",
"hostname": "clientName.sgnlapis.cloud",
"port": null,
"path": "/access/v2/providers",
"headers": {
"Content-Type": "application/json",
"Accept": "application/json",
"X-Request-Id": "bfe9eb29-ab87-4ca3-be83-a1d5d8305716",
"Authorization": "Bearer {access-token}"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.write(JSON.stringify({
principal: {
id: '[email protected]',
ipAddress: '172.217.22.14',
deviceId: '48:65:ee:17:7e:0b'
},
queries: [{action: 'delete', assetId: '3cdd2459-d9d3-4df4-abbd-8cee6fecea2d'}]
}));
req.end();
import http.client
conn = http.client.HTTPSConnection("clientName.sgnlapis.cloud")
payload = "{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}"
headers = {
'Content-Type': "application/json",
'Accept': "application/json",
'X-Request-Id': "bfe9eb29-ab87-4ca3-be83-a1d5d8305716",
'Authorization': "Bearer {access-token}"
}
conn.request("POST", "/access/v2/providers", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://clientName.sgnlapis.cloud/access/v2/providers")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["Content-Type"] = 'application/json'
request["Accept"] = 'application/json'
request["X-Request-Id"] = 'bfe9eb29-ab87-4ca3-be83-a1d5d8305716'
request["Authorization"] = 'Bearer {access-token}'
request.body = "{\"principal\":{\"id\":\"[email protected]\",\"ipAddress\":\"172.217.22.14\",\"deviceId\":\"48:65:ee:17:7e:0b\"},\"queries\":[{\"action\":\"delete\",\"assetId\":\"3cdd2459-d9d3-4df4-abbd-8cee6fecea2d\"}]}"
response = http.request(request)
puts response.read_body
POST /access/v2/providers
The providers endpoint routes incoming requests to the appropriate integration and Access API endpoint (e.g. /evaluations, /search, etc.) based on the route configuration in a provider integration assignment.
Body parameter
{
"principal": {
"id": "[email protected]",
"ipAddress": "172.217.22.14",
"deviceId": "48:65:ee:17:7e:0b"
},
"queries": [
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d"
}
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| X-Request-Id | header | string | false | Arbitrary string identifier used to correlate requests with responses. The response will contain the X-Request-Id header with the same value. |
| body | body | any | false | none |
Example responses
200 Response
{
"issuedAt": "2023-01-04T22:06:54.530672786Z",
"evaluationDuration": 2550,
"principalId": "[email protected]",
"ipAddress": "120.55.122.12",
"deviceId": "device1",
"decisions": [
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d",
"decision": "Allow",
"reasons": [
"this is a denial reason"
]
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 400 | Bad Request | Invalid request | ErrorResponse |
| 401 | Unauthorized | Unauthorized | ErrorResponse |
| 403 | Forbidden | Forbidden | ErrorResponse |
| 500 | Internal Server Error | Internal Error | ErrorResponse |
Response Schema
Enumerated Values
| Property | Value |
|---|---|
| decision | Allow |
| decision | Deny |
| decision | Allow |
| decision | Deny |
| decision | Allow |
| decision | Deny |
Response Headers
| Status | Header | Type | Format | Description |
|---|---|---|---|---|
| 200 | X-Request-Id | string | none | |
| 400 | X-Request-Id | string | none | |
| 401 | X-Request-Id | string | none | |
| 403 | X-Request-Id | string | none | |
| 500 | X-Request-Id | string | none |
Schemas
ErrorResponse
{
"error": {
"code": 401,
"internalCode": "SGNL-40100",
"message": "The user is not authorized to make the request.",
"status": "UNAUTHORIZED"
}
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| error | object | false | none | none |
| code | integer | false | none | none |
| internalCode | string | false | none | none |
| message | string | false | none | none |
| status | string | false | none | none |
AccessEvaluationRequest
{
"principal": {
"id": "[email protected]",
"ipAddress": "172.217.22.14",
"deviceId": "48:65:ee:17:7e:0b"
},
"queries": [
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d"
}
]
}
Request containing principal, assets and/or actions being sent for evaluation
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| principal | Principal | true | none | Principal that is trying to access a protected asset |
| queries | [Query] | true | none | Collection of assets and/or actions |
SearchAssetsRequest
{
"principal": {
"id": "[email protected]",
"ipAddress": "172.217.22.14",
"deviceId": "48:65:ee:17:7e:0b"
},
"queries": [
{
"action": "delete"
}
]
}
Request containing principal and optional actions being sent for evaluation
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| principal | Principal | true | none | Principal that is trying to access protected assets |
| queries | [SearchQuery] | true | none | Collection of actions |
SearchPrincipalsRequest
{
"queries": [
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d"
}
]
}
Request containing assets and actions being used for evaluation
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| queries | [Query] | true | none | Collection of assets and/or actions |
DirectoryQueryRequest
{
"principal": {
"id": "[email protected]",
"ipAddress": "172.217.22.14",
"deviceId": "48:65:ee:17:7e:0b"
},
"query": {
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d"
},
"context": {
"param1": "foo",
"param2": "bar"
}
}
Request containing principal and optional context being sent for directory query
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| principal | Principal | true | none | Principal that is trying to query the directory |
| query | Query | true | none | Action and asset identifier used as parameters to the policies applied to evaluate access |
| context | object | false | none | Directory query context |
Principal
{
"id": "[email protected]",
"ipAddress": "172.217.22.14",
"deviceId": "48:65:ee:17:7e:0b"
}
Principal trying to access a protected asset
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| id | string | true | none | Identifier for the principal |
| ipAddress | string | false | none | IP address from which the principal is making the request |
| deviceId | string | false | none | The identifier for the device making the request |
SearchQuery
{
"action": "delete"
}
Action used as parameter to the policies applied to evaluate access
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| action | string | false | none | Action the principal is trying to perform on the asset |
Query
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d"
}
Action and/or asset identifier used as parameters to the policies applied to evaluate access
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| action | string | false | none | Action the principal is trying to perform on the asset |
| assetId | string | false | none | Identifer for the asset |
AccessEvaluationResponse
{
"issuedAt": "2023-01-04T22:06:54.530672786Z",
"evaluationDuration": 2550,
"principalId": "[email protected]",
"ipAddress": "120.55.122.12",
"deviceId": "device1",
"decisions": [
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d",
"decision": "Allow",
"reasons": [
"this is a denial reason"
]
}
]
}
Properties
allOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| decision | AbstractAccessResponse | false | none | none |
and
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| decision | object | false | none | none |
| decisions | [AccessEvaluationQueryDecision] | true | none | Access decisions returned by the access API |
AbstractResponse
{
"issuedAt": "2023-01-04T22:06:54.530672786Z",
"evaluationDuration": 2550
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| issuedAt | string(date-time) | true | none | Time at which the decision was issued |
| evaluationDuration | integer | true | none | The time taken to make a decision in milliseconds |
AbstractAccessResponse
{
"issuedAt": "2023-01-04T22:06:54.530672786Z",
"evaluationDuration": 2550,
"principalId": "[email protected]",
"ipAddress": "120.55.122.12",
"deviceId": "device1"
}
Properties
allOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| decision | AbstractResponse | false | none | none |
and
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| decision | object | false | none | none |
| principalId | string | true | none | Principal making the request |
| ipAddress | string | false | none | IP address from which the principal is making the request |
| deviceId | string | false | none | The identifier for the device making the request |
SearchAssetsResponse
{
"issuedAt": "2023-01-04T22:06:54.530672786Z",
"evaluationDuration": 2550,
"principalId": "[email protected]",
"ipAddress": "120.55.122.12",
"deviceId": "device1",
"decisions": [
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d",
"decision": "Allow",
"assetAttributes": {}
}
],
"nextPageToken": "NWU0OGFiZTItNjI1My00NTQ5LWEzYTctNWQ1YmE1MmVmM2Q4"
}
Properties
allOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| decision | AbstractAccessResponse | false | none | none |
and
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| decision | object | false | none | none |
| decisions | [SearchAssetQueryDecision] | true | none | Access decisions and assets |
| nextPageToken | string | false | none | Base64 encoded token used to retreive the next set of results |
SearchPrincipalsResponse
{
"issuedAt": "2023-01-04T22:06:54.530672786Z",
"evaluationDuration": 2550,
"decisions": [
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d",
"principalId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d",
"decision": "Allow",
"principalAttributes": {}
}
],
"nextPageToken": "NWU0OGFiZTItNjI1My00NTQ5LWEzYTctNWQ1YmE1MmVmM2Q4"
}
Properties
allOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| decision | AbstractResponse | false | none | none |
and
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| decision | object | false | none | none |
| decisions | [SearchPrincipalQueryDecision] | true | none | Access decisions and principals |
| nextPageToken | string | false | none | Base64 encoded token used to retreive the next set of results |
DirectoryQueryResponse
{
"issuedAt": "2023-01-04T22:06:54.530672786Z",
"evaluationDuration": 2550,
"principalId": "[email protected]",
"ipAddress": "120.55.122.12",
"deviceId": "device1",
"decisions": [
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d",
"decision": "Allow",
"reasons": [
"this is a denial reason"
],
"records": [
{
"app_id": 256,
"role_id": 1885,
"role_name": "GlobalAdmin",
"permissions": [
{
"permission_id": 1,
"permission_name": "manage_users"
}
]
}
]
}
]
}
Properties
allOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| decision | AbstractAccessResponse | false | none | none |
and
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| decision | object | false | none | none |
| decisions | [DirectoryQueryDecision] | true | none | Directory query decisions and results |
DirectoryQueryDecision
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d",
"decision": "Allow",
"reasons": [
"this is a denial reason"
],
"records": [
{
"app_id": 256,
"role_id": 1885,
"role_name": "GlobalAdmin",
"permissions": [
{
"permission_id": 1,
"permission_name": "manage_users"
}
]
}
]
}
Properties
allOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| decision | AccessEvaluationQueryDecision | false | none | none |
and
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| decision | object | false | none | none |
| records | [object] | false | none | Directory query results (only present for Allow decisions) |
AccessEvaluationQueryDecision
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d",
"decision": "Allow",
"reasons": [
"this is a denial reason"
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| action | string | false | none | The action the principal is trying to perform on the asset |
| assetId | string | false | none | Identifer for the asset |
| decision | AccessDecision | true | none | Access decision returned by access API |
| reasons | [string] | false | none | Reasons associated to this decision |
SearchAssetQueryDecision
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d",
"decision": "Allow",
"assetAttributes": {}
}
An asset on which the principal is allowed to perform an action
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| action | string | false | none | The action the principal is trying to perform on the asset |
| assetId | string | false | none | Identifier for the asset |
| decision | AccessDecision | true | none | Access decision returned by access API |
| assetAttributes | object | true | none | The attributes of the asset |
SearchPrincipalQueryDecision
{
"action": "delete",
"assetId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d",
"principalId": "3cdd2459-d9d3-4df4-abbd-8cee6fecea2d",
"decision": "Allow",
"principalAttributes": {}
}
The principal that can access the asset given input query
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| action | string | false | none | The action the principal is trying to perform on the asset |
| assetId | string | false | none | Identifier for the asset |
| principalId | string | false | none | Identifier for the principal |
| decision | AccessDecision | true | none | Access decision returned by access API |
| principalAttributes | object | true | none | The attributes of the principal |
AccessDecision
"Allow"
Access decision returned by access API
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| decision | string | false | none | Access decision returned by access API |
Enumerated Values
| Property | Value |
|---|---|
| decision | Allow |
| decision | Deny |
Boolean
false
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| decision | boolean | false | none | none |
UUID
"360E7BC5-9C00-4855-93CB-E74C2AA09C92"
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| decision | string | false | none | none |