About

This specification documents the REST API calls for the AppGate SDP Controller.

Please refer to the REST API chapter in the manual or contact AppGate support with any questions about this functionality.

Download the OpenAPI specification:

Getting Started

Requirements for API scripting:

• Access to the Admin/API TLS Connection (default port 8443) of a Controller appliance. (https://support.appgate.com/docs/adminapi-tls-connection-v6-6)
• An API user with relevant permissions. (https://support.appgate.com/docs/configure-admin-roles-v6-6)
• In order to use the simple login API, Admin MFA must be disabled or the API user must be excluded. (https://support.appgate.com/docs/mfa-for-admins-v6-6)

Base path

HTTPS requests must be sent to the Admin Interface hostname and port, with /admin path.

For example: https://appgate.company.com:8443/admin

All requests must have the Accept header as:

application/vnd.appgate.peer-v23+json

An exception is made for the /admin/version endpoint which instead expects an application/json Accept header.

API Conventions

API conventions are important to understand and follow strictly.

• While updating objects (via PUT), entire object must be sent with all fields.

  • For example, in order to add a remedy method to the condition below:

    {
      "id": "12699e27-b584-464a-81ee-5b4784b6d425",
      "name": "Test",
      "notes": "Making a point",
      "tags": ["test", "tag"],
      "expression": "return true;",
      "remedyMethods": []
    }
    

  • send the entire object with updated and non-updated fields:

    {
      "id": "12699e27-b584-464a-81ee-5b4784b6d425",
      "name": "Test",
      "notes": "Making a point",
      "tags": ["test", "tag"],
      "expression": "return true;",
      "remedyMethods": [{"type": "DisplayMessage", "message": "test message"}]
    }
    

• In case Controller returns an error (non-2xx HTTP status code), response body is JSON. The "message" field contains information about the error. HTTP 422 "Unprocessable Entity" has extra errors field to list all the issues with specific fields.

• Empty string () is considered a different value than "null" or field being omitted from JSON. Omitting the field is recommended if no value is intended. Empty string () will be almost always rejected as invalid value.

• There are common pattern between many objects:

  • Configuration Objects: There are many objects with common fields, namely "id", "name", "notes", "created" and "updated". These entities are listed, queried, created, updated and deleted in a similar fashion.
  • Distinguished Name: Users and Devices are identified with what is called Distinguished Names, as used in LDAP. The distinguished format that identifies a device and a user combination is "CN=<Device ID>,CN=<username>,OU=<Identity Provider Name>". Some objects have the "userDistinguishedName" field, which does not include the CN for Device ID. This identifies a user on every device.