Identity-Based Microsegmentation Guide
LAST UPDATED: October 8, 2021

Integration resources

integration/apiproxy

APIProxy

Represents information needed to register and interact with an application’s remote endpoint.

Example

{
  "certificateAuthority": "-----BEGIN CERTIFICATE-----
MIIBbjCCARSgAwIBAgIRANRbvVzTzBZOvMCb8BiKCLowCgYIKoZIzj0EAwIwJjEN
MAsGA1UEChMEQWNtZTEVMBMGA1UEAxMMQWNtZSBSb290IENBMB4XDTE4MDExNTE4
NDgwN1oXDTI3MTEyNDE4NDgwN1owJjENMAsGA1UEChMEQWNtZTEVMBMGA1UEAxMM
QWNtZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJ/80HR51+vau
7XH7zS7b8ABA0e/TdBOg1NznbnXdXil1tDvWloWuH5+/bbaiEg54wksJHFXaukw8
jhTLU7zT56MjMCEwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wCgYI
KoZIzj0EAwIDSAAwRQIhALwAZh2KLFFC1qfb5CqFHExlXS0PUltax9PvQCN9P0vl
AiBl7/st9u/JpERjJgirxJxOgKNlV6pq9ti75EfQtZZcQA==
-----END CERTIFICATE-----",
  "clientCertificate": "-----BEGIN CERTIFICATE-----
MIIBczCCARigAwIBAgIRALD3Vz81Pq10g7n4eAkOsCYwCgYIKoZIzj0EAwIwJjEN
MAsGA1UEChMEQWNtZTEVMBMGA1UEAxMMQWNtZSBSb290IENBMB4XDTE4MDExNzA2
NTM1MloXDTI3MTEyNjA2NTM1MlowGDEWMBQGA1UEAxMNY2xhaXJlLWNsaWVudDBZ
MBMGByqGSM49AgEGCCqGSM49AwEHA0IABOmzPJj+t25T148eQH5gVrZ7nHwckF5O
evJQ3CjSEMesjZ/u7cW8IBfXlxZKHxl91IEbbB3svci4c8pycUNZ2kujNTAzMA4G
A1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
MAoGCCqGSM49BAMCA0kAMEYCIQCjAAmkQpTua0HR4q6jnePaFBp/JMXwTXTxzbV6
peGbBQIhAP+1OR8GFnn2PlacwHqWXHwkvy6CLPVikvgtwEdB6jH8
-----END CERTIFICATE-----",
  "clientCertificateKey": "-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIGOXJI/123456789oamOu4tQAIKFdbyvkIJg9GME0mHzoAoGCCqGSM49
AwEHoUQDQgAE6bM8mP123456789AfmBWtnucfByQXk568lDcKNIQx6yNn+7txbwg
F9eXFkofGX3UgRtsHe123456789xQ1naSw==
-----END EC PRIVATE KEY-----",
  "disabled": false,
  "endpoint": "https://api.remoteserver.com/remoteroute",
  "name": "the name",
  "operation": "GET",
  "protected": false
}

Relations

GET /apiproxies

Retrieves the list of API proxies.

Parameters:

  • q (string): Filtering query. Consequent q parameters will form an or.
POST /apiproxies

Creates a new API proxy.

DELETE /apiproxies/:id

Deletes the API proxy with the given ID.

GET /apiproxies/:id

Retrieves the API proxy with the given ID.

PUT /apiproxies/:id

Updates the API proxy with the given ID.

GET /apiproxies/:id/calls

Allows a system to send a remote request to the API proxy based on the operation attribute.

POST /apiproxies/:id/calls

Allows a system to send a remote request to the API proxy based on the operation attribute.

Attributes

ID [identifier,autogenerated,read_only]

Type: string

Identifier of the object.

annotations

Type: map[string][]string

Stores additional information about an entity.

associatedTags

Type: []string

List of tags attached to an entity.

certificateAuthority

Type: string

Contains the PEM block of the certificate authority used by the remote endpoint.

clientCertificate

Type: string

Contains the client certificate that will be used to connect to the remote endpoint. If provided, the private key associated with this certificate must also be configured.

clientCertificateKey

Type: string

Contains the key associated with the clientCertificate. It must be provided only when clientCertificate has been configured.

createTime [autogenerated,read_only]

Type: time

Creation date of the object.

description [max_length=1024]

Type: string

Description of the object.

disabled

Type: boolean

Defines if the property is disabled.

endpoint [required]

Type: string

Contains the full address of the remote api endpoint.

metadata [creation_only]

Type: []string

Contains tags that can only be set during creation, must all start with the ‘@’ prefix, and should only be used by external systems.

name [required,max_length=256]

Type: string

Name of the entity.

namespace [autogenerated,read_only]

Type: string

Namespace tag attached to an entity.

normalizedTags [autogenerated,read_only]

Type: []string

Contains the list of normalized tags of the entities.

operation

Type: enum(GET | PATCH | POST | PUT | DELETE)

Defines the operation that is currently handled by the service.

Default value:

"GET"
protected

Type: boolean

Defines if the object is protected.

updateTime [autogenerated,read_only]

Type: time

Last update date of the object.

Call

Can be used to send a remote request to an API proxy.

Relations

GET /apiproxies/:id/calls

Allows a system to send a remote request to the API proxy based on the operation attribute.

POST /apiproxies/:id/calls

Allows a system to send a remote request to the API proxy based on the operation attribute.

Attributes

payload

Type: string

Contains the remote POST payload.

integration/app

App

Represents an application that can be installed.

Example

{
  "beta": false,
  "name": "the name"
}

Relations

GET /apps

Retrieves the list of apps.

Parameters:

  • name (string): internal parameter.
  • q (string): Filtering query. Consequent q parameters will form an or.

Attributes

beta [read_only]

Type: boolean

Set to true to indicate that the app is in a beta version.

categoryID [read_only]

Type: string

Category ID of the app.

description [max_length=1024]

Type: string

Description of the object.

icon [read_only]

Type: string

Contains a base64-encoded image for the app.

latestVersion

Type: string

Represents the latest version available of the app.

longDescription

Type: string

Contains a more detailed description of the app.

name [required,max_length=256]

Type: string

Name of the entity.

steps

Type: []uistep

List of steps that contain parameters.

title

Type: string

Represents the title of the app.

Category

Allows you to categorize services.

Example

{
  "name": "the name"
}

Attributes

ID [identifier,autogenerated,read_only]

Type: string

Identifier of the object.

description [max_length=1024]

Type: string

Description of the object.

name [required,max_length=256]

Type: string

Name of the entity.

InstalledApp

Represents an installed application.

Example

{
  "additionalConfiguration": false,
  "checkPublicEndpoint": false,
  "name": "the name",
  "protected": false,
  "status": "Unknown"
}

Relations

GET /installedapps

Retrieves the list of installed apps.

Parameters:

  • tag (string): List of tags to filter on. This parameter is deprecated.
  • q (string): Filtering query. Consequent q parameters will form an or.
POST /installedapps

Installs a new app.

DELETE /installedapps/:id

Deletes the application with the given ID.

Parameters:

  • q (string): Filtering query. Consequent q parameters will form an or.
GET /installedapps/:id

Retrieves the application with the given ID.

PUT /installedapps/:id

Updates the application with the given ID.

GET /installedapps/:id/logs

Returns the logs for an application.

Attributes

ID [identifier,autogenerated,read_only]

Type: string

Identifier of the object.

additionalConfiguration

Type: boolean

Additional configuration of the app is needed by the app itself.

annotations

Type: map[string][]string

Stores additional information about an entity.

associatedTags

Type: []string

List of tags attached to an entity.

categoryID [read_only]

Type: string

The category ID of the application.

checkPublicEndpoint

Type: boolean

If true, will look for the public endpoints and store them as annotations in the installed app.

createTime [autogenerated,read_only]

Type: time

Creation date of the object.

currentVersion

Type: string

Version of the installed application.

externalWindowButton

Type: map[string]string

Adds a button in the UI.

name [required,max_length=256]

Type: string

Name of the entity.

namespace [autogenerated,read_only]

Type: string

Namespace tag attached to an entity.

normalizedTags [autogenerated,read_only]

Type: []string

Contains the list of normalized tags of the entities.

parameters

Type: map[string]interface{}

Contains the computed parameters to start the application.

protected

Type: boolean

Defines if the object is protected.

status [read_only]

Type: enum(Unknown | Deploying | Initializing | Running | Undeploying | Error)

Status of the application.

Default value:

"Unknown"
statusMessage [read_only]

Type: string

Reason for the status of the application.

updateTime [autogenerated,read_only]

Type: time

Last update date of the object.

Log

Retrieves the logs of a deployed application.

Relations

GET /installedapps/:id/logs

Returns the logs for an application.

Attributes

data [autogenerated,read_only]

Type: map[string]string

Contains all log data.

integration/automation

Automation

Allows you to define some JavaScript code and specify the conditions under which it should be executed.

Example

{
  "condition": "function when(m, params) { return { continue: true }}",
  "disabled": false,
  "immediateExecution": false,
  "name": "the name",
  "protected": false,
  "tokenRenew": false,
  "trigger": "Time"
}

Relations

GET /automations

Retrieves the list of automations.

Parameters:

  • q (string): Filtering query. Consequent q parameters will form an or.
POST /automations

Creates a new Automation.

DELETE /automations/:id

Deletes the automation with the given ID.

Parameters:

  • q (string): Filtering query. Consequent q parameters will form an or.
GET /automations/:id

Retrieves the automation with the given ID.

PUT /automations/:id

Updates the automation with the given ID.

GET /automations/:id/triggers

Allows a system to trigger the automation if its trigger property is set to RemoteCall.

POST /automations/:id/triggers

Allows a system to trigger the automation if its trigger property is set to RemoteCall.

Attributes

ID [identifier,autogenerated,read_only]

Type: string

Identifier of the object.

actions

Type: []string

Contains the code that will be executed if the condition is met.

annotations

Type: map[string][]string

Stores additional information about an entity.

associatedTags

Type: []string

List of tags attached to an entity.

condition

Type: string

Condition contains the code that will be executed to decide if any action(s) should be executed. Providing a condition for an automation with a “Webhook” trigger type will have no impact as the condition will not be evaluated. If no condition is defined, then the automation action(s) will be executed; this behaves akin to a condition that always succeeds.

createTime [autogenerated,read_only]

Type: time

Creation date of the object.

description [max_length=1024]

Type: string

Description of the object.

disabled

Type: boolean

Defines if the property is disabled.

entitlements

Type: _automation_entitlements

Declares which operations are allowed on which identities.

errors [autogenerated,read_only]

Type: []string

Contains the error of the last run.

events

Type: _automation_events

Contains the identity and operation an event must have to trigger the automation.

immediateExecution

Type: boolean

If set and the trigger is of type Time, the automation will be run at create or update before being scheduled.

lastExecTime [autogenerated,read_only]

Type: time

The last successful execution tine.

name [required,max_length=256]

Type: string

Name of the entity.

namespace [autogenerated,read_only]

Type: string

Namespace tag attached to an entity.

normalizedTags [autogenerated,read_only]

Type: []string

Contains the list of normalized tags of the entities.

parameters

Type: map[string]interface{}

Contains the computed parameters.

protected

Type: boolean

Defines if the object is protected.

schedule

Type: string

Specifies when to run the automation. Must be in valid CRON format. This only applies if the trigger is set to Time.

signature

Type: string

Signature to validate the authenticity of the object.

stdout [autogenerated,read_only]

Type: string

Contains the standard output of the last run.

token [autogenerated]

Type: string

Holds the unique access token used as a password to trigger the authentication. It will be visible only after creation.

tokenRenew

Type: boolean

If set to true a new token will be issued and the previous one invalidated.

trigger

Type: enum(Event | RemoteCall | Webhook | Time)

Controls when the automation should be triggered.

Default value:

"Time"
updateTime [autogenerated,read_only]

Type: time

Last update date of the object.

AutomationTemplate

Templates that can be used in automations.

Example

{
  "kind": "Condition",
  "name": "the name"
}

Relations

GET /automationtemplates

Retrieves the list of automation templates.

GET /automationtemplates/:id

Retrieves the template with the given ID.

Attributes

description [max_length=1024]

Type: string

Description of the object.

entitlements

Type: _automation_entitlements

Contains the entitlements needed for executing the function.

function

Type: string

Function contains the code.

key

Type: string

Contains the unique identifier key for the template.

kind

Type: enum(Action | Condition)

Represents the kind of template.

Default value:

"Condition"
name [required,max_length=256]

Type: string

Name of the entity.

parameters

Type: map[string]interface{}

Contains the computed parameters.

steps

Type: []uistep

Contains all the steps with parameters.

Trigger

Can be used to remotely trigger an automation.

Relations

GET /automations/:id/triggers

Allows a system to trigger the automation if its trigger property is set to RemoteCall.

POST /automations/:id/triggers

Allows a system to trigger the automation if its trigger property is set to RemoteCall.