Get a specific Appliance.

  • Published on Mar 2, 2026
  • 15 minute read
Prev Next
Get
/appliances/{id}

Get a specific Appliance.

Security
HTTP
Type bearer
Path parameters
id
string (uuid) Required

ID of the object.

Example12699e27-b584-464a-81ee-5b4784b6d425
Responses
200

Single Appliance.

Expand All
object
id
string (uuid)

ID of the object.

Example4c07bc67-57ea-42dd-b702-c2d6c45419fc
name
string

Name of the object.

Exampleobject
notes
string

Notes for the object. Used for documentation purposes.

ExampleThis object has been created for test purposes.
created
string (date-time)

Create date.

updated
string (date-time)

Last update date.

tags
Array of string

Array of tags.

Example[ "developer", "api-created" ]
string
activated
boolean

Whether the Appliance is activated or not. If it is not activated, it won't be accessible by the Clients.

pendingCertificateRenewal
boolean

Whether the Appliance is pending certificate renewal or not. Should be true for a very short period on certificate renewal.

Examplefalse
version
integer

Peer version of the Appliance.

Example9
hostname
string

Hostname of the Appliance. It's used by other Appliances to communicate with and identify this Appliances. Set it to "automatic.hostname.assignment" for cloud appliances in order for it to automatically configure the hostname on activation.

Exampleappgate.company.com
site
string (uuid)

Site assigned to the Appliance.

Example4c07bc67-57ea-42dd-b702-c2d6c45419fc
siteName
string

Name of the Site for this Appliance. For convenience only.

ExampleDefault Site
customization
string (uuid)

Customization assigned to this Appliance.

Example4c07bc67-57ea-42dd-b702-c2d6c45419fc
clientInterface
object

The details of the Client connection interface.

proxyProtocol
boolean

To enable/disable Proxy protocol on this Appliance.

Defaultfalse
hostname
string

Hostname to connect by the Clients. It will be used to validate the Appliance Certificate. Set it to "automatic.hostname.assignment" for cloud appliances in order for it to automatically configure the hostname on activation.

Exampleappgate.company.com
localHostname
string

Load hostname that would take effect with Local Site Detection feature.

httpsPort
integer

Port to connect for the Client specific services.

Default443
dtlsPort
integer

Port to connect for the Clients that connects to vpnd on DTLS if enabled.

Default443
stunPort
integer

Port to connect for STUN/TURN services.

Default443
allowSources
Array of object

Source configuration to allow via iptables.

object
address
string

IP address to allow connection.

Example[ "0.0.0.0", "::" ]
netmask
integer

Netmask to use with address for allowing connections.

Example0
nic
string

NIC name to accept connections on.

Exampleeth0
overrideSpaMode
string

Override SPA mode for this appliance.

Valid values[ "TCP", "UDP-TCP" ]
adminInterface
object

The details of the admin connection interface. Required on Controllers and LogServers.

hostname
string

Hostname to connect to the admin interface. This hostname will be used to validate the appliance certificate. Set it to "automatic.hostname.assignment" for cloud appliances in order for it to automatically configure the hostname on activation.

Exampleappgate.company.com
httpsPort
integer

Port to connect for admin services.

Default8443
httpsCiphers
Array of string

The type of TLS ciphers to allow. See: https://www.openssl.org/docs/man1.0.2/apps/ciphers.html for all supported ciphers.

Default[ "TLS13-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-RSA-AES128-GCM-SHA256" ]
string
allowSources
Array of object

Source configuration to allow via iptables.

object
address
string

IP address to allow connection.

Example[ "0.0.0.0", "::" ]
netmask
integer

Netmask to use with address for allowing connections.

Example0
nic
string

NIC name to accept connections on.

Exampleeth0
httpsP12
object (P12)

PKCS12 object with X.509 certificate and private key.

id
string (uuid)

Identifier to track the object on update since all the other fields are write-only. A random one will be assigned if left empty.

subjectName
string

Subject name of the certificate in the file.

networking
object

Networking configuration of the system.

hosts
Array of object

/etc/hosts configuration

object
hostname
string

Hostname to map IP to.

Exampleinternal.service.company.com
address
string

IP for the given hostname for appliance to resolve.

Example10.10.10.10
nics
Array of object

System NIC configuration

object
enabled
boolean

Whether the NIC is active or not.

Exampletrue
name
string

NIC name

Exampleeth0
ipv4
object

IPv4 settings for this NIC.

dhcp
object

IPv4 DHCP configuration for the NIC.

enabled
boolean

Whether DHCP for IPv4 is enabled.

dns
boolean

Whether to use DHCP for setting IPv4 DNS settings on the appliance.

routers
boolean

Whether to use DHCP for setting IPv4 default gateway on the appliance.

ntp
boolean

Whether to use DHCP for setting NTP on the appliance.

mtu
boolean

Whether to use DHCP for setting MTU on the appliance.

static
Array of object

IPv4 static NIC configuration for the NIC.

object
address
string

IPv4 Address of the network interface.

Example10.10.10.1
netmask
integer

Netmask of the network interface.

Example24
snat
boolean

Enable SNAT on this IP.

virtualIp
string

Virtual IP to use for IPv4.

Example10.10.10.24
ipv6
object

IPv6 settings for this NIC.

dhcp
object

IPv6 DHCP configuration for the NIC.

enabled
boolean

Whether DHCP for IPv6 is enabled.

dns
boolean

Whether to use DHCP for setting IPv6 DNS settings on the Appliance.

ntp
boolean

Whether to use DHCP for setting NTP on the appliance.

mtu
boolean

Whether to use DHCP for setting MTU on the appliance.

static
Array of object

IPv6 static NIC configuration for the NIC.

object
address
string

IPv6 Address of the network interface.

Example2001:db8:0:0:0:ff00:42:8329
netmask
integer

Netmask of the network interface.

Example24
snat
boolean

Enable SNAT on this IP.

virtualIp
string

Virtual IP to use for IPv6.

Example2001:db8:0:0:0:ff00:42:8400
mtu
integer

MTU setting for the NIC. If left empty, appliance default will be used.

Example1500
dnsServers
Array of string

DNS Server addresses.

Example[ "172.17.18.19", "192.100.111.31" ]
string
routes
Array of object

System route settings.

object
address
string

Address to route.

Example10.0.0.0
netmask
integer

Netmask for the subnet to route.

Example24
gateway
string

Gateway to use for routing.

Example10.0.0.254
nic
string

NIC name to use for routing.

Exampleeth0
ntp
object

NTP configuration.

servers
Array of object
object

NTP server.

hostname
string

Hostname or IP of the NTP server.

Example0.ubuntu.pool.ntp.org
keyType
string

Type of key to use for secure NTP communication.

Valid values[ "MD5", "SHA", "SHA1", "SHA256", "SHA512", "RMD160" ]
keyNo
integer

Identifier number for the key.

sshServer
object

SSH server configuration.

enabled
boolean

Whether the SSH Server is enabled on this appliance or not.

Defaultfalse
port
integer

SSH port.

Default22
allowSources
Array of object

Source configuration to allow via iptables.

object
address
string

IP address to allow connection.

Example[ "0.0.0.0", "::" ]
netmask
integer

Netmask to use with address for allowing connections.

Example0
nic
string

NIC name to accept connections on.

Exampleeth0
passwordAuthentication
boolean

Whether SSH allows password authentication or not.

Defaulttrue
snmpServer
object

SNMP Server configuration.

enabled
boolean

Whether the SNMP Server os enabled on this appliance or not.

Defaultfalse
tcpPort
integer

TCP port for SNMP Server.

Example161
udpPort
integer

UDP port for SNMP Server.

Example161
snmpd.conf
string

Raw SNMP configuration.

allowSources
Array of object

Source configuration to allow via iptables.

object
address
string

IP address to allow connection.

Example[ "0.0.0.0", "::" ]
netmask
integer

Netmask to use with address for allowing connections.

Example0
nic
string

NIC name to accept connections on.

Exampleeth0
healthcheckServer
object

Healthcheck Server configuration.

enabled
boolean

Whether the Healthcheck Server is enabled on this appliance or not.

Defaultfalse
port
integer

Port to connect for Healthcheck Server.

Default5555
allowSources
Array of object

Source configuration to allow via iptables.

object
address
string

IP address to allow connection.

Example[ "0.0.0.0", "::" ]
netmask
integer

Netmask to use with address for allowing connections.

Example0
nic
string

NIC name to accept connections on.

Exampleeth0
prometheusExporter
object (PrometheusExporter)

Prometheus Exporter configuration.

enabled
boolean

Whether the Prometheus Exporter is enabled on this appliance or not.

Defaultfalse
port
integer

Port to connect for Prometheus Exporter.

Default5556
allowSources
Array of object

Source configuration to allow via iptables.

object
address
string

IP address to allow connection.

Example[ "0.0.0.0", "::" ]
netmask
integer

Netmask to use with address for allowing connections.

Example0
nic
string

NIC name to accept connections on.

Exampleeth0
useHTTPS
boolean

Whether to use HTTP or HTTPS for the exporter.

Defaultfalse
httpsP12
object (P12)

PKCS12 object with X.509 certificate and private key.

id
string (uuid)

Identifier to track the object on update since all the other fields are write-only. A random one will be assigned if left empty.

subjectName
string

Subject name of the certificate in the file.

basicAuth
boolean

Enable basic auth for Prometheus Exporter.

Defaultfalse
allowedUsers
Array of object

Basic auth users.

object
username
string
Exampleprometheus
labelsDisabled
Array of string

List of labels to filter out.

string
Valid values[ "collective_id", "collective_name", "appliance_id", "appliance_name", "appliance_version", "site_id", "site_name" ]
ping
object

Rules for allowing ping.

allowSources
Array of object

Source configuration to allow via iptables.

object
address
string

IP address to allow connection.

Example[ "0.0.0.0", "::" ]
netmask
integer

Netmask to use with address for allowing connections.

Example0
nic
string

NIC name to accept connections on.

Exampleeth0
logServer
object

Log Server settings. Log Server collects audit logs from all the appliances and stores them.

enabled
boolean

Whether the Log Server is enabled on this appliance or not.

Defaultfalse
retentionDays
integer

How many days of audit logs will be kept.

Default30
controller
object

Controller settings.

enabled
boolean

Whether the Controller is enabled on this appliance or not. Cannot be enabled on an inactive Appliance since some checks need to be done first.

Defaultfalse
gateway
object

Gateway settings.

enabled
boolean

Whether the Gateway is enabled on this appliance or not.

Defaultfalse
suspended
boolean

Whether the Gateway is in suspended mode or not. Suspended state will keep the existing Client connections but will reject new ones.

Defaultfalse
vpn
object

VPN configuration.

weight
integer

Load balancing weight.

Default100
localWeight
integer

Load balancing weight that would take effect with Local Site Detection feature.

allowDestinations
Array of object

Destinations to allow tunnels to.

object
address
string

IP address to allow connection.

Example192.168.111.0
netmask
integer

Netmask to use with address for allowing connections.

Example24
nic
string

NIC name to accept connections on.

Exampleeth1
logForwarder
object

LogForwarder settings. LogForwarder collects audit logs from the appliances in the given sites and sends them to the given endpoints.

enabled
boolean

Whether the LogForwarder is enabled on this appliance or not.

Defaultfalse
elasticsearch
object
awsId
string

AWS ID to login. Only required if AWS Access Keys are being used to authenticate.

awsRegion
string

AWS region. Only required if AWS Access Keys are being used to authenticate.

Exampleeu-west-2
useInstanceCredentials
boolean

Whether to use the credentials from the AWS instance or not.

url
string

The URL of the elasticsearch server.

Examplehttps://aws.com/elasticsearch/instance/asdaxllkmda64
retentionDays
integer

Optional field to enable log retention on the configured AWS elasticsearch. Defines how many days the audit logs will be kept.

Example30
compatibilityMode
integer

Which version of Elasticsearch that logs are forwarded to.

Default6
authentication
object

Optional authentication settings used when sending logs to an elasticsearch instance.

type
string

The type of authentication to use.

Valid values[ "Basic", "ServiceAccounts", "TokenService", "ApiKeyService" ]
tcpClients
Array of object (TcpClient)

TCP endpoints to connect and send the audit logs with the given format.

object
name
string

Name of the endpoint.

ExampleCompany SIEM
host
string

Hostname or the IP address of the endpoint.

Examplesiem.company.com
port
integer

Port of the endpoint.

Example8888
format
string

The format to send the audit logs.

Valid values[ "json", "syslog" ]
useTLS
boolean

Whether to use TLS to connect to endpoint or not. If enabled, make sure the LogForwarder appliance trusts the certificate of the endpoint.

filter
string

JMESPath expression to filter audit logs to forward.

Exampleevent_type=='authentication_succeeded'
awsKineses
Array of object (AwsKinesis)

AWS Kinesis endpoints to connect and send the audit logs with the given format.

object
awsId
string

AWS ID to login. Only required if AWS Access Keys are being used to authenticate.

awsRegion
string

AWS region. Only required if AWS Access Keys are being used to authenticate.

Exampleeu-west-2
useInstanceCredentials
boolean

Whether to use the credentials from the AWS instance or not.

type
string

AWS Kinesis type

Valid values[ "Stream", "Firehose" ]
streamName
string

Name of the stream.

ExampleAppgate_SDP_audit
batchSize
integer

Batch size for the stream. Used only for "Stream" type.

Default400
numberOfPartitionKeys
integer

Number of partition keys to use for the stream. Used only for "Stream" type.

Default10
filter
string

JMESPath expression to filter audit logs to forward.

Exampleevent_type=='authentication_succeeded'
sumoLogicClients
Array of object (SumoLogic)

SumoLogic endpoints to connect and send the audit logs to.

object
url
string

URL of the Sumo Logic collector to connect to.

Examplehttps://hostname.com/collector/677a49eb-da20-4143-ab61-cfd8aec64647
splunkClients
Array of object (Splunk)

Splunk endpoints to connect and send the audit logs to.

object
url
string

URL of the Splunk collector to connect to.

Examplehttps://hec.hostname.com:443/services/collector/event
azureMonitors
Array of object (AzureMonitor)

Azure Monitor endpoints to connect and send the audit logs to.

object
appId
string

App ID to use for authentication.

tokenRequestUrl
string

URL for Azure Monitor to request token from.

Examplehttps://hostname.com/token
logDestinationUrl
string

URL of Azure Monitor to forward logs to.

Examplehttps://hostname.com/logs
scope
string

Scope that the log forwarder will use in its tokens requests.

Default"https://monitor.azure.com/.default"
falconLogScales
Array of object (FalconLogScale)

Falcon LogScale endpoints to connect and send the audit logs to.

object
collectorUrl
string

URL of the Falcon LogScale collector.

Examplehttps://api.humio.com
index
string

Optional name of the repository to ingest into.

sourceType
string

Translated to #type inside Humio. If set, this is used to choose which Humio parser to use for extracting fields.

source
string

Translated to the @source field in Humio.

datadogs
Array of object (Datadog)

Datadog endpoints to connect and send the audit logs to.

object
site
string

Datadog site to send logs to.

Examplehttps://http-intake.logs.datadoghq.com
source
string

Source to use for the logs.

Exampleappgate
tags
Array of string

Tags to add to the logs.

Example[ "appgate", "appgate-sdp" ]
string
coralogixs
Array of object (Coralogix)

Coralogix endpoints to connect and send the audit logs to.

object
url
string

URL of the Coralogix collector to connect to.

Examplehttps://api.coralogix.com/api/v1/logs
uuid
string

UUID of the Coralogix collector to connect to.

Example12345678-1234-1234-1234-123456789012
applicationName
string

Application name to use for the logs.

Exampleappgate
subsystemName
string

Subsystem name to use for the logs.

Exampleappgate-sdp
sites
Array of string

The sites to collect logs from and forward.

string (uuid)

UUID of a site. Use '6f6fa9d9-17b2-4157-9f68-e97662acccdf' to collect logs from all the appliances. Use '6263435b-c9f6-4b7f-99f8-37e2e6b006a9' to collect logs from appliances without a site.

metricsAggregator
object

Metrics Aggregator settings. It collects metrics from the appliances in the given sites and provides Prometheus APIs for consumption.

enabled
boolean

Whether the Metrics Aggregator is enabled on this appliance or not.

Defaultfalse
prometheusExporter
object (PrometheusExporter)

Prometheus Exporter configuration.

enabled
boolean

Whether the Prometheus Exporter is enabled on this appliance or not.

Defaultfalse
port
integer

Port to connect for Prometheus Exporter.

Default5556
allowSources
Array of object

Source configuration to allow via iptables.

object
address
string

IP address to allow connection.

Example[ "0.0.0.0", "::" ]
netmask
integer

Netmask to use with address for allowing connections.

Example0
nic
string

NIC name to accept connections on.

Exampleeth0
useHTTPS
boolean

Whether to use HTTP or HTTPS for the exporter.

Defaultfalse
httpsP12
object (P12)

PKCS12 object with X.509 certificate and private key.

id
string (uuid)

Identifier to track the object on update since all the other fields are write-only. A random one will be assigned if left empty.

subjectName
string

Subject name of the certificate in the file.

basicAuth
boolean

Enable basic auth for Prometheus Exporter.

Defaultfalse
allowedUsers
Array of object

Basic auth users.

object
username
string
Exampleprometheus
labelsDisabled
Array of string

List of labels to filter out.

string
Valid values[ "collective_id", "collective_name", "appliance_id", "appliance_name", "appliance_version", "site_id", "site_name" ]
sites
Array of string

The sites to collect metrics from.

string (uuid)

UUID of a site. Use '6f6fa9d9-17b2-4157-9f68-e97662acccdf' to collect logs from all the appliances. Use '6263435b-c9f6-4b7f-99f8-37e2e6b006a9' to collect logs from appliances without a site.

connectionBroker
object

Connection Broker settings.

enabled
boolean

Whether the Connection Broker is enabled on this appliance or not.

Defaultfalse
sites
Array of string

The sites to broker connections for.

string (uuid)

UUID of a site. Use '6f6fa9d9-17b2-4157-9f68-e97662acccdf' to broker connections for all the appliances. Use '6263435b-c9f6-4b7f-99f8-37e2e6b006a9' to broker connections for appliances without a site.

connector
object

Connector settings.

enabled
boolean

Whether the Connector is enabled on this appliance or not.

Defaultfalse
expressClients
Array of object

A list of Clients to run on the appliance with the given configuration. The Clients will get the necessary tokens automatically according to the Site assigned to this Appliance. Currently only one allowed.

object
name
string

Name for the Client. It will be mapped to the user claim 'clientName'.

ExamplePrinters
deviceId
string (uuid)

The device ID to assign to this Client. It will be used to generate device distinguished name.

Example12699e27-b584-464a-81ee-5b4784b6d425
allowResources
Array of object

A list of subnets to allow access.

object
address
string

IP address

Example0.0.0.0
netmask
integer

netmask

Example32
snatToResources
boolean

Use SNAT for outgoing traffic from the Express Connector, endpoints will see traffic as coming from the Connector itself

Defaulttrue
dnatToResource
boolean

Apply destination NAT to traffic from tunnel into a resource

Defaultfalse
advancedClients
Array of object

A list of Clients to run on the appliance with the given configuration. Requires manual Policy configuration.

object
name
string

Name for the Client. It will be mapped to the user claim 'clientName'.

ExamplePrinters
deviceId
string (uuid)

The device ID to assign to this Client. It will be used to generate device distinguished name.

Example12699e27-b584-464a-81ee-5b4784b6d425
allowResources
Array of object

Source configuration to allow via iptables.

object
address
string

IP address to allow connection.

Example[ "0.0.0.0", "::" ]
netmask
integer

Netmask to use with address for allowing connections.

Example0
nic
string

NIC name to accept connections on.

Exampleeth0
snatToTunnel
boolean

Use Source NAT for the Client tunnel.

Defaulttrue
snatToResources
boolean

Use Source NAT for the resources.

Defaulttrue
dnatToResource
boolean

Apply destination NAT to traffic from tunnel into a resource

Defaultfalse
defaultGateway
boolean

Use this connector client as a default gw for local resources

Defaultfalse
dhcpRelay
object

Enable DHCP relay for this Connector.

servers
Array of string

DHCP servers to relay.

string

IPv4 address.

portal
object (Portal)

Portal settings.

enabled
boolean

Whether the Portal is enabled on this appliance or not.

Defaultfalse
httpsP12
object (P12)

PKCS12 object with X.509 certificate and private key.

id
string (uuid)

Identifier to track the object on update since all the other fields are write-only. A random one will be assigned if left empty.

subjectName
string

Subject name of the certificate in the file.

httpRedirect
boolean

Automatic 80->443 redirection for Portal.

Defaulttrue
proxyPorts
Array of integer

Ports that can be proxied via Portal.

Default[ 443 ]
integer
proxyP12s
Array of object (portal12)

P12 files for proxying traffic to HTTPS endpoints.

object
id
string (uuid)

Identifier to track the object on update since all the other fields are write-only. A random one will be assigned if left empty.

subjectName
string

Subject name of the certificate in the file.

verifyUpstream
boolean

Portal will verify upstream certificate of the endpoints.

Defaulttrue
profiles
Array of string

Names of the profiles in this Collective to use in the Portal.

string
ExamplePortal Users
externalProfiles
Array of object (ExternalProfile)

Profiles from other Collectives to use in the Portal.

object
id
string (uuid)

Identifier to track the object on update since all the other fields are write-only. A random one will be assigned if left empty.

hostname
string

Hostname parsed from the given URL.

Exampleappgate.company.com
profileName
string

Profile name parsed from the given URL.

ExampleMain Profile
signInCustomization
object

Visual customizations to make on the Portal sign-in page.

backgroundColor
string

Changes the background color on the sign-in page. In hexadecimal format.

Example#123456
backgroundImage
string (byte)

Changes the background image on the sign-in page. Must be in PNG, JPEG or GIF format.

logo
string (byte)

Changes the logo on the sign-in page. Must be in PNG, JPEG or GIF format.

text
string

Adds a text to the sign-in page.

textColor
string

Changes the text color on the sign-in page. In hexadecimal format.

Example#123456
autoRedirect
boolean

If enabled and the user lands on the Portal sign-in page by entering an endpoint URL on the browser, it will be redirected to the endpoint automatically after successfully signing in instead of the Portal Client overview page.

rsyslogDestinations
Array of object

Rsyslog destination settings to forward appliance logs.

object
selector
string

Rsyslog selector.

Default"*.*"
Example:msg, contains, "[AUDIT]"
template
string

Rsyslog template to forward logs with.

Default"%HOSTNAME% %msg%"
Example%msg:9:$%
destination
string

Rsyslog server destination.

Example@@10.10.10.2
hostnameAliases
Array of string

Hostname aliases. They are added to the Appliance certificate as Subject Alternative Names so it is trusted using different IPs or hostnames. Requires manual certificate renewal to apply changes to the certificate.

Example[ "appgatealias.company.com", "alias2.appgate.company.com" ]
string
401

Token error. Login again.

object

Generic HTTP error.

id
string

Machine readable error code.

message
string

Human readable error details.

403

Insufficient permissions to access this resource.

object

Generic HTTP error.

id
string

Machine readable error code.

message
string

Human readable error details.

404

The requested resource can not be found.

object

Generic HTTP error.

id
string

Machine readable error code.

message
string

Human readable error details.

406

Invalid 'Accept' header.

object

Generic HTTP error.

id
string

Machine readable error code.

message
string

Human readable error details.

500

Unexpected server side error.

object

Generic HTTP error.

id
string

Machine readable error code.

message
string

Human readable error details.

©AppGate 2026. All Rights Reserved.