Get a specific Site.

Published on Oct 27, 2025

7 minute read

Prev Next

Get

/sites/{id}

Get a specific Site.

Security

HTTP

Type bearer

Path parameters

string (uuid) Required

ID of the object.

Example12699e27-b584-464a-81ee-5b4784b6d425

Responses

200

Single Site.

Expand All

object

string (uuid)

ID of the object.

Example4c07bc67-57ea-42dd-b702-c2d6c45419fc

name

string

Name of the object.

Exampleobject

notes

string

Notes for the object. Used for documentation purposes.

ExampleThis object has been created for test purposes.

created

string (date-time)

Create date.

updated

string (date-time)

Last update date.

tags

Array of string

Array of tags.

Example[ "developer", "api-created" ]

string

shortName

string Deprecated

A short 4 letter name for the Site to be displayed on the Client. Deprecated as of 6.4 since 6.4 Client does not display this anymore.

ExampleAZU1

description

string

Description of the Site to be displayed on the Client.

ExampleGives access to Azure endpoints.

geolocation

object

Geolocation of the Site.

latitude

number

longitude

number

networkSubnets

Array of string

Network subnets in CIDR format to define the Site's boundaries. They are added as routes by the Client. Comments are supported with "#" delimiter.

string

Example10.0.0.0/16#comment

fallbackSite

string (uuid)

When the Client fails to connect to the Site for a certain period of time, configured Entitlements (see Policy) will be moved to this "Fallback" Site.

Example4c07bc67-57ea-42dd-b702-c2d6c45419fc

localSiteDetection

object

Local Site Detection feature settings.

enabled

boolean

Enables the Local Site Detection feature.

Defaultfalse

publicIps

Array of string

The public IPs or the CIDRs of the clients that will be considered local to this Site. Those clients will connect to Gateways with the configured local hostname and local weights in Appliance configuration.

string

Example200.200.200.200

useForNearestSiteSelection

boolean

If enabled, this Site will be included in the nearest Site override selection in Policies.

ipPoolMappings

Array of object

List of IP Pool mappings for this specific Site. When IPs are allocated this Site, they will be mapped to a new one using this setting.

object

from

string (uuid)

IP Pool ID to map from. If a user is authorizing with this IP Pool via Identity Provider assignment and has access to this Site, mapping will occur for that user.

Example4c07bc67-57ea-42dd-b702-c2d6c45419fc

string (uuid)

IP Pool ID to map to.

Example8c07bc67-5711-42dd-b702-c2d6c45419f8

type

string

Mapping type.

Valid values[ "Translation", "Allocation" ]

Default"Translation"

defaultGateway

object

Default Gateway configuration.

enabledV4

boolean

When enabled, the Client uses this Site as the Default Default for all IPV4 traffic.

Defaultfalse

enabledV6

boolean

When enabled, the Client uses this Site as the Default Default for all IPv6 traffic.

Defaultfalse

excludedSubnets

Array of string

Network subnets to exclude when Default Gateway is enabled. The traffic for these subnets will not go through the Gateway in this Site. Comments are supported with "#" delimiter.

string

Example10.0.10.0/24#comment

entitlementBasedRouting

boolean

When enabled, the routes are sent to the Client by the Gateways according to the user's Entitlements "networkSubnets" should be left be empty if it's enabled.

Defaultfalse

vpn

object

VPN configuration for this Site.

snat

boolean

Source NAT.

Defaultfalse

tls

object

VPN over TLS protocol configuration.

enabled

boolean

Defaulttrue

version

string

TLS version.

Valid values[ "TLSv1.2", "TLSv1.3", "TLSv23" ]

Default"TLSv23"

dtls

object

VPN over DTLS protocol configuration.

enabled

boolean

Defaultfalse

routeVia

object

Override routing for tunnel traffic.

ipv4

string

IPv4 address for routing tunnel traffic.

Example10.0.0.2

ipv6

string

IPv6 address for routing tunnel traffic.

Example2001:db8:0:0:0:ff00:42:8329

urlAccessEnabled

boolean

Whether to enable URL Access feature or not.

urlAccessP12s

Array of object

P12 files for proxying traffic for URL Access feature.

object

string (uuid)

Identifier to track the object on update since all the other fields are write-only. A random one will be assigned if left empty.

subjectName

string

Subject name of the certificate in the file.

verifyUpstream

boolean

Gateway will verify upstream certificate of the endpoints.

Defaulttrue

ipAccessLogIntervalSeconds

number

Frequency configuration for generating IP Access audit logs for a connection.

Default120.0

logNatIpAndNatPort

boolean

Whether to log NAT traffic or not.

Defaultfalse

nameResolution

object

Settings for asset name resolution.

useHostsFile

boolean

Name resolution to use Appliance's /etc/hosts file.

Defaultfalse

dnsResolvers

Array of object

Resolver to resolve hostnames using DNS servers. If there are no DNS Resolvers with empty match domains, one will be added automatically.

object

name

string

Identifier name. Has no functional effect.

ExampleDNS Resolver 1

updateInterval

integer

How often will the resolver poll the server. In seconds.

Default60

queryAAAA

boolean

Perform AAAA lookups.

Defaultfalse

zonesTransfers

boolean

Perform zones transfer.

Defaultfalse

defaultTtlSeconds

integer Deprecated

Deprecated as of 6.4. This will apply whenever Gateway gets a DNS response which has no TTL set.

Default300

servers

Array of string

DNS Server addresses that will be used to resolve hostnames within the Site. Leave it empty to use the Gateways' own DNS configuration.

string

Example10.0.0.2

matchDomains

Array of string

The DNS resolver will only attempt to resolve names matching the match domains. If match domains are not specified the DNS resolver will attempt to resolve all hostnames.

string

Examplecompany.com

autoClientDns

boolean

This will configure Client machines' DNS according to this resolver if the Client connects to this Site.

awsResolvers

Array of object

Resolvers to resolve Amazon machines by querying Amazon Web Services.

object

name

string

Identifier name. Has no functional effect.

ExampleAWS Resolver 1

updateInterval

integer

How often will the resolver poll the server. In seconds.

Default60

vpcs

Array of string

VPC IDs to resolve names.

string

vpcAutoDiscovery

boolean

Use VPC auto discovery.

regions

Array of string

Amazon regions.

string

Exampleeu-west-2

useIAMRole

boolean

Uses the built-in IAM role in AWS instances to authenticate against the API.

accessKeyId

string

ID of the access key.

httpsProxy

string

Proxy address to use while communicating with AWS. format: https://username:password@ip/hostname:port

resolveWithMasterCredentials

boolean

Use master credentials to resolve names in addition to any assumed roles.

partition

string

What AWS partition to use such as 'aws-cn' or 'aws-us-gov'

Default"aws"

ec2

boolean

Resolve EC2 instances.

Defaulttrue

eks

boolean

Resolve EKS instances.

Defaultfalse

rds

boolean

Resolve RDS instances.

Defaultfalse

assumedRoles

Array of object

Roles to be assumed to perform AWS name resolution.

object

accountId

string

AWS account ID.

roleName

string

AWS role name

externalId

string

AWS role external id.

regions

Array of string

AWS regions.

string

azureResolvers

Array of object

Resolvers to resolve Azure machines by querying Azure App Service.

object

name

string

Identifier name. Has no functional effect.

updateInterval

integer

How often will the resolver poll the server. In seconds.

Default60

useManagedIdentities

boolean

Uses the built-in Managed Identities in Azure instances to authenticate against the API.

Defaultfalse

tenantId

string

Azure tenant id, visible with the azure cli command azure account show.

clientId

string

Azure client id, also called app id. Visible for a given application using the azure cli command azure ad app show.

subscriptionIds

Array of string

Subscription IDs to resolve names for.

string

subscriptionIdAutoDiscovery

boolean

Use subscription auto discovery.

esxResolvers

Array of object

Resolvers to resolve VMware vSphere machines by querying the vCenter.

object

name

string

Identifier name. Has no functional effect.

updateInterval

integer

How often will the resolver poll the server. In seconds.

Default60

hostname

string

Hostname of the vCenter.

username

string

Username with admin access to the vCenter.

gcpResolvers

Array of object

Resolvers to resolve GCP machine by querying Google web services.

object

name

string

Identifier name. Has no functional effect.

updateInterval

integer

How often will the resolver poll the server. In seconds.

Default60

projectFilter

string

GCP project filter.

instanceFilter

string

GCP instance filter.

forwardingRulesFilter

string

GCP forwarding rules filter.

illumioResolvers

Array of object

Resolvers to resolve names by querying Appgate Illumio Resolver.

object

name

string

Identifier name. Has no functional effect.

updateInterval

integer

How often will the resolver poll the server. In seconds.

Default60

orgId

string

Organization ID of the Illumio Resolver.

hostname

string

Hostname of the Illumio Resolver.

port

integer

Port number of the Illumio Resolver.

username

string

Username with access to the Illumio Resolver.

dnsForwarding

object

DNS Forwarding feature. Always enabled and will be filled if there is no object is passed.

siteIpv4

string

DNS Forwarder Site IPv4 address.

Example100.110.0.0

siteIpv6

string

DNS Forwarder Site IPv6 address.

Example2001:db8:0:0:0:ff00:42:8329

dnsServers

Array of string

DNS Servers to use for resolving endpoints. Leave it empty to use the Gateways' own DNS configuration.

Example[ "172.17.18.19", "192.100.111.31" ]

string

allowDestinations

Array of object

A list of subnets to allow access.

object

address

string

IP address

Example0.0.0.0

netmask

integer

netmask

Example32

defaultTtlSeconds

integer Deprecated

Deprecated as of 6.4. This will apply whenever Gateway gets a DNS response which has no TTL set.

Default300

matchDomains

Array of string

The match domains to use for automatic Client DNS configuration.

string

Examplecompany.com

autoClientDns

boolean

This will configure Client machines' DNS according to this forwarder if the Client connects to this Site.

401

Token error. Login again.

object

Generic HTTP error.

string

Machine readable error code.

message

string

Human readable error details.

403

Insufficient permissions to access this resource.

object

Generic HTTP error.

string

Machine readable error code.

message

string

Human readable error details.

404

The requested resource can not be found.

object

Generic HTTP error.

string

Machine readable error code.

message

string

Human readable error details.

406

Invalid 'Accept' header.

object

Generic HTTP error.

string

Machine readable error code.

message

string

Human readable error details.

500

Unexpected server side error.

object

Generic HTTP error.

string

Machine readable error code.

message

string

Human readable error details.

Was this article helpful?