Ceptor Agent REST API is available as an OpenAPI specification.API Deployed on Ceptor Internal Gateway.
Ceptor Internal Gateway is a specific gateway instance provided in the example configuration distributed with Ceptor. This instance exposes all the Ceptor REST APIs.
Authentication to it is by default provided using basicauth with the same credentials as theĀ Ceptor Console uses - the ones defined in the config server.
This authentication can be customized by changing the Ceptor Internal Gateway session resolver configuration.
OpenAPI specification for Agent API:
| Open api | ||||||
|---|---|---|---|---|---|---|
| ||||||
{
"openapi": "3.0.0",
"info": {
"version": "1.0.0",
"title": "Ceptor Agent API"
},
"paths": {
"/measureStatistics": {
"get": {
"summary": "Measure statistics",
"operationId": "measureStatistics",
"parameters": [
{
"name": "key",
"in": "query",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "value",
"in": "query",
"required": true,
"schema": {
"type": "number",
"format": "long"
}
}
],
"responses": {
"204": {
"description": "OK"
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"description": "Allows an application to measure statistics, which is then incorporated into Ceptor's statistics and available for use in dashboards.\n\nTake care to not use any variable content in the key, such as IDs, URLs etc. that change between calls.",
"deprecated": false,
"tags": [
"utils"
]
}
},
"/newSession": {
"get": {
"summary": "Create new session",
"operationId": "newSession",
"parameters": [
{
"name": "ip",
"in": "query",
"description": "IP Address of client",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "requestedSessionId",
"in": "query",
"description": "Requested session ID",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "oldSessionId",
"in": "query",
"description": "Old Session ID",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "segmentId",
"in": "query",
"description": "Segment ID",
"required": false,
"schema": {
"type": "integer"
}
},
{
"name": "clusterId",
"in": "query",
"description": "Cluster ID",
"required": false,
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "The newly created session ID",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"session_id"
],
"properties": {
"session_id": {
"type": "string"
}
}
}
}
}
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"description": "Creates a new session - if IP is specified, this will be the source IP of the session.",
"deprecated": false,
"tags": [
"session"
]
}
},
"/sessionInfo": {
"get": {
"description": "Returns the contents of a session, all the information including userid, name etc. that is available within it.",
"summary": "Shows contents of a session",
"operationId": "sessionInfo",
"deprecated": false,
"responses": {
"200": {
"description": "Session Information",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Session"
}
}
}
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"parameters": [
{
"name": "sessionId",
"description": "Session ID",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
}
],
"tags": [
"session"
]
}
},
"/isValid": {
"get": {
"description": "Checks if the session ID is valid or not",
"summary": "Check session ID validity",
"operationId": "isValid",
"deprecated": false,
"responses": {
"200": {
"description": "True if session ID is valid, false if not",
"content": {
"application/json": {
"schema": {
"type": "boolean"
}
}
}
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"parameters": [
{
"name": "sessionId",
"description": "Session ID",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
}
],
"tags": [
"session"
]
}
},
"/changePassword": {
"put": {
"summary": "Changes password",
"operationId": "changePassword",
"parameters": [
{
"name": "sessionId",
"description": "Session ID",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "oldPassword",
"description": "Old Password",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "newPassword",
"description": "New Password",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"204": {
"description": "Confirmation that the password has been updated"
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"description": "Changes the users password, if a user is currently authenticated, and if the authentication plugin supports this operation",
"deprecated": false,
"tags": [
"authentication",
"session"
]
}
},
"/checkPermission": {
"get": {
"summary": "Checks a permission",
"operationId": "checkPermission",
"parameters": [
{
"name": "sessionId",
"description": "Session ID",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "identifier",
"description": "Permission Identifier - can optionally be used to specify a the scope of the permission",
"in": "query",
"required": false,
"allowEmptyValue": true,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "aclName",
"description": "Name of ACL / Permission to check",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "additionalData",
"description": "Additional data used by the permission definition, can contain context dependant attributes or data",
"in": "query",
"required": false,
"allowEmptyValue": true,
"deprecated": false,
"schema": {
"$ref": "#/components/schemas/AnyValue"
}
}
],
"responses": {
"200": {
"description": "True or false, depending if the user has the permission or not",
"content": {
"application/json": {
"schema": {
"type": "boolean"
}
}
}
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"description": "Checks if the session has the requested permission or not",
"deprecated": false,
"tags": [
"authorization",
"session"
]
}
},
"/logoff": {
"put": {
"description": "Logs the user out of a session, asking the authentication plugin which authenticated the user to logoff",
"summary": "Logoff a session",
"deprecated": false,
"responses": {
"204": {
"description": "Logoff completed"
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"parameters": [
{
"name": "sessionId",
"description": "Session ID",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
}
],
"tags": [
"session",
"authentication"
],
"operationId": "logoff"
}
},
"/delayedLogoff": {
"put": {
"description": "The user associated with this session will be logged off after a certain delay (specified on the server)\nIf the session is still active within the delay timeout, the logoff will be cancelled, and the session will continue.\nIt is meant to be used when switching between multiple domains, and in situations where automatic logoff will cause problems, like refreshing pages.",
"summary": "Logoff a session after a delay",
"operationId": "delayedLogoff",
"deprecated": false,
"responses": {
"204": {
"description": "Delayed Logoff initiated"
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"parameters": [
{
"name": "sessionId",
"description": "Session ID",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
}
],
"tags": [
"session",
"authentication"
]
}
},
"/cancelDelayedLogoff": {
"put": {
"description": "Cancels a previously initiated delayed logoff.",
"summary": "Cancel delayed logoff",
"deprecated": false,
"responses": {
"204": {
"description": "Delayed Logoff cancelled"
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"parameters": [
{
"name": "sessionId",
"description": "Session ID",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
}
],
"tags": [
"session",
"authentication"
],
"operationId": "cancelDelayedLogoff"
}
},
"/isDelayedLogoff": {
"get": {
"description": "Checks if a session is currently about to be the victim of a delayed logoff.",
"summary": "Checks delayed logoff state",
"deprecated": false,
"responses": {
"200": {
"description": "OK",
"content": {
"application/json": {
"schema": {
"description": "True if delayed logoff is active",
"type": "boolean"
}
}
}
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"parameters": [
{
"name": "sessionId",
"description": "Session ID",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
}
],
"tags": [
"session"
],
"operationId": "isDelayedLogoff"
}
},
"/newToken": {
"get": {
"description": "Creates a token for a session - the token depends on the authentication plugin - it could be a JWT token, a SAML token or any other kind which is supported by the authentication plugin",
"summary": "Issues a new token for a session",
"operationId": "newToken",
"deprecated": false,
"tags": [
"session",
"authentication"
],
"responses": {
"200": {
"description": "The newly issued token",
"content": {
"application/json": {
"schema": {
"type": "string"
}
}
}
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"parameters": [
{
"name": "sessionId",
"description": "Session ID",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "authType",
"description": "Authentication Plugin Type - ID of authentication plugin to delegate this request to.",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "integer"
}
},
{
"name": "inputToken",
"description": "Optional input token - used as input to the authentication plugin and can decide the type of token being issued",
"in": "query",
"required": false,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
}
]
}
},
"/logon": {
"post": {
"description": "Authenticates a user - the result of the authentication is placed into the session",
"summary": "Authenticates a user into the session",
"operationId": "logon",
"deprecated": false,
"tags": [
"authentication",
"session"
],
"responses": {
"204": {
"description": "Logon completed"
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"parameters": [
{
"name": "sessionId",
"description": "Session ID",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "authType",
"description": "Authentication Plugin ID",
"in": "query",
"required": false,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "integer"
}
},
{
"name": "user",
"description": "User ID",
"in": "query",
"required": false,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "credentials",
"description": "User credentials",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"$ref": "#/components/schemas/AnyValue"
}
},
{
"name": "newPassword",
"description": "Optional new password",
"in": "query",
"required": false,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "timeout",
"description": "Optional timeout in milliseconds",
"in": "query",
"required": false,
"allowEmptyValue": false,
"deprecated": false,
"schema": {"type": "integer"}
}
]
}
},
"/validate": {
"post": {
"description": "Validates / Authenticates a user - Validates a user on with the specified authentication type userid and credentials.\n\nSimilar to /logon - but some authentication plugins might use this for different functionality, such as validating eticket, SAML tickets etc.",
"summary": "Validate/Authenticates credentials",
"operationId": "validate",
"deprecated": false,
"tags": [
"authentication",
"session"
],
"responses": {
"204": {
"description": "Validation completed"
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"parameters": [
{
"name": "sessionId",
"description": "Session ID",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "authType",
"description": "Authentication Plugin ID",
"in": "query",
"required": false,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "integer"
}
},
{
"name": "user",
"description": "User ID",
"in": "query",
"required": false,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "credentials",
"description": "User credentials",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"$ref": "#/components/schemas/AnyValue"
}
}
]
}
},
"/confirm": {
"get": {
"description": "Asks an authentication plugin to confirm - usually this involves checking a digital signature, but the action is up to the plugin - it could also be re-authenticating a user by rechecking an entered password.",
"summary": "Confirms a request (usually verifies digital signature)",
"operationId": "confirm",
"deprecated": false,
"tags": [
"session"
],
"responses": {
"200": {
"description": "True if confirmation succeeded",
"content": {
"application/json": {
"schema": {
"type": "boolean"
}
}
}
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"parameters": [
{
"name": "sessionId",
"description": "Session ID",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "authType",
"description": "Authentication Plugin ID",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "integer"
}
},
{
"name": "signtext",
"description": "Optional signtext",
"in": "query",
"required": false,
"deprecated": false,
"allowEmptyValue": false,
"schema": {
"type": "string"
}
},
{
"name": "credentials",
"description": "Credentials / signature",
"in": "query",
"required": true,
"deprecated": false,
"allowEmptyValue": false,
"schema": {
"$ref": "#/components/schemas/AnyValue"
}
}
]
}
},
"/removeSession": {
"delete": {
"description": "Removes or deletes a session",
"summary": "Removes a session",
"operationId": "removeSession",
"deprecated": false,
"tags": [
"session"
],
"responses": {
"204": {
"description": "Session Removed"
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"parameters": [
{
"name": "sessionId",
"description": "Session ID",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
}
]
}
},
"/isMemberOfGroup": {
"get": {
"description": "Checks if a user is member of a group - note that special groups such as pp_everyone, pp_identifiedusers and pp_anonymous can be used here, and special prefixes like <groupname>.<authlevel>@<environment> as in pp_identifiedusers.20 are supported.\nIt is up to the Validator which formats to support.",
"summary": "Check group membership",
"operationId": "isMemberOfGroup",
"deprecated": false,
"tags": [
"session",
"authorization"
],
"responses": {
"200": {
"description": "True if group membership check succeeded, false if session/user is not member of the group",
"content": {
"application/json": {
"schema": {
"type": "boolean"
}
}
}
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"parameters": [
{
"name": "sessionId",
"description": "Session ID",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "groupName",
"description": "Name of group to check membership of - format is up to the validator - the default is:\n\n<groupname>[.<authlevel>][@<environment>]\n\nso the group name may be suffixed with a required authentication level an/or a required environment name",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
}
]
}
},
"/isURLAllowed": {
"get": {
"description": "Checks if access to a particular URL is allowed for the user/session",
"summary": "Check URL access",
"operationId": "isURLAllowed",
"deprecated": false,
"tags": [
"session",
"authorization"
],
"responses": {
"200": {
"description": "True if URL is allowed, false if not",
"content": {
"application/json": {
"schema": {
"type": "boolean"
}
}
}
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"parameters": [
{
"name": "sessionId",
"description": "Session ID",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "identifier",
"description": "Optional Server Identifier",
"in": "query",
"required": false,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "method",
"description": "Optional Method",
"in": "query",
"required": false,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "url",
"description": "URL to check",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
}
]
}
},
"/encryptSessionCookie": {
"get": {
"description": "Gets an encrypted session cookie, which safely be sent to the target partner server, even in unencrypted form, since it is encrypted with this servers private key, and the target servers public key.",
"summary": "Gets an encrypted session cookie",
"operationId": "getEncryptedSessionCookie",
"deprecated": false,
"tags": [
"authentication",
"session"
],
"responses": {
"200": {
"description": "The encrypted session cookie",
"content": {
"application/json": {
"schema": {
"type": "string"
}
}
}
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"parameters": [
{
"name": "sessionId",
"description": "Session ID",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "url",
"description": "The URL to redirect to at the server, once the cookie has arrived",
"in": "query",
"required": false,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "sourceName",
"description": "The name of the source (this server), the name is used to find the proper private key",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "targetName",
"description": "The name of the target server this request is sent to, the name are used to find the correct public key",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
}
]
}
},
"/decryptEncryptedSessionCookie": {
"get": {
"description": "Gets an encrypted session cookie, which safely be sent to the target partner server, even in unencrypted form, since it is encrypted with this servers private key, and the target servers public key.",
"summary": "Gets an encrypted session cookie",
"operationId": "decryptEncryptedSessionCookie",
"deprecated": false,
"tags": [
"authentication"
],
"responses": {
"200": {
"description": "The decrypted session cookie",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/DataExchangeCookie"
}
}
}
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"parameters": [
{
"name": "cookie",
"description": "The encrypted session cookie to decrypt",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "sourceName",
"description": "The name of the source (this server), the name is used to find the proper private key",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "targetName",
"description": "The name of the target server this request is sent to, the name are used to find the correct public key",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
}
]
}
},
"/logToTransactionLog": {
"post": {
"description": "Actual result depends on the authentication plugin the user is authenticated with - it gets called and it is up to it to log to the transaction log it prefers to use.\nNote that this is only relevant when the user is logged on, and if the authentication plugin on the server supports transaction logs.",
"summary": "Adds an entry to the transaction log",
"operationId": "logToTransactionLog",
"deprecated": false,
"tags": [
"session"
],
"responses": {
"204": {
"description": "OK"
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"parameters": [
{
"name": "sessionId",
"description": "Session ID",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "context",
"description": "The context this is logged in, which is a text identifying the business area that originated this.",
"in": "query",
"required": true,
"allowEmptyValue": true,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "text",
"description": "The text to log",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "signed",
"description": "If true, the request was probably signed, which means that it should also exists in a non-repudiation log.",
"in": "query",
"required": false,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "boolean"
}
}
]
}
},
"/executeAuthpluginCommand": {
"post": {
"description": "",
"summary": "Asks the authentication plugin to execute an arbitrary command.",
"operationId": "executeAuthpluginCommand",
"deprecated": false,
"tags": [
"session"
],
"responses": {
"200": {
"description": "The result of the successfully executed command",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AnyValue"
}
}
}
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"requestBody": {
"required": false,
"description": "Optional input object",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AnyValue"
}
}
}
},
"parameters": [
{
"name": "sessionId",
"description": "Session ID",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "authType",
"description": "Authentication plugin type / ID",
"in": "query",
"required": false,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "integer"
}
},
{
"name": "name",
"description": "Name of command to execute",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
}
]
}
},
"/persistSession": {
"get": {
"description": "Persist the content of a session to a string which can be saved for later, and passed to restorePersistedSession to restore the session contents to memory.",
"summary": "Persists a session",
"operationId": "persistSession",
"deprecated": false,
"tags": [
"session"
],
"responses": {
"200": {
"description": "The persisted session data, can be restored later",
"content": {
"application/json": {
"schema": {
"type": "string"
}
}
}
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"parameters": [
{
"name": "sessionId",
"description": "Session ID of the user requesting the persisting to be done - persisting a session might require special permissions",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "sessionIDToPersist",
"description": "Session ID to persist",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
}
]
}
},
"/restorePersistedSession": {
"get": {
"description": "Restores a previously persisted session to memory, from the persisted data",
"summary": "Restores a previously persisted session.",
"operationId": "restorePersistedSession",
"deprecated": false,
"tags": [
"session"
],
"responses": {
"200": {
"description": "The session ID of the restored session.",
"content": {
"application/json": {
"schema": {
"type": "string"
}
}
}
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"parameters": [
{
"name": "sessionId",
"description": "Session ID of user restoring the session - restoring a session might require special permissions",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "persistedSessionData",
"description": "Previously persisted session data",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
}
]
}
},
"/lookupGeoIP": {
"get": {
"description": "Note that the accuracy of the information depends on the libraries purchased from MaxMind.",
"summary": " Looks up GeoIP information based on an IP address.",
"operationId": "lookupGeoIP",
"deprecated": false,
"tags": [
"utils"
],
"responses": {
"200": {
"description": "GeoIP information",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/LocatorInfo"
}
}
}
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"parameters": [
{
"name": "ip",
"description": "IP Address to lookup",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
}
]
}
},
"/sessionFromTicket": {
"get": {
"description": "Obtain a Session based upon a ticket, the ticket could be a previously issued OAuth ticket, or something entirely different depending on your authentication plugin.",
"summary": "Obtain a Session based upon a ticket.",
"operationId": "getSessionFromTicket",
"deprecated": false,
"tags": [
"session"
],
"responses": {
"200": {
"description": "Session ID of the existing or newly created session",
"content": {
"application/json": {
"schema": {
"type": "string"
}
}
}
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"parameters": [
{
"name": "ticket",
"description": "Ticket to use - any string supported by the authentication plugin",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "authType",
"description": "Authentication Plugin type / ID",
"in": "query",
"required": false,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "integer"
}
},
{
"name": "segmentId",
"description": "Segment ID - used when creating a new session from the ticket",
"in": "query",
"required": false,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "integer"
}
},
{
"name": "clusterId",
"description": "Cluster ID - used to identify the session controller cluster to call",
"in": "query",
"required": false,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "integer"
}
},
{
"name": "clientIP",
"description": "Client IP Address - used as part of the session ID when creating a new session for the ticket",
"in": "query",
"required": false,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "queryAllClusters",
"description": "If true, all clusters are queried for presence of the session before it is being created - useful in multi-cluster environments where you might not know which cluster, if any, already has the session ID available",
"in": "query",
"required": false,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "boolean"
}
}
]
}
},
"/updateTicketInSession": {
"put": {
"description": "Updates the ticket within a session, changing the ticket to the new value.\n\nNote that this ticket must be unique across all sessions",
"summary": "Updates the ticket within a session.",
"operationId": "updateTicketInSession",
"deprecated": false,
"tags": [
"session"
],
"responses": {
"204": {
"description": "Ticket was updated."
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"parameters": [
{
"name": "sessionId",
"description": "Session ID",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "ticket",
"description": "New ticket value",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
}
]
}
},
"/sessionsWhereUserIsAuthenticated": {
"get": {
"description": "Returns a list of session IDs for which the supplied user is authenticated within.\n\nThis can be used to find active sessions for a given user and perform some action upon them.",
"summary": "Gets list of sessions where a user is authenticated",
"operationId": "getSessionsWhereUserIsAuthenticated",
"deprecated": true,
"tags": [
"session"
],
"responses": {
"200": {
"description": "List of session IDs.",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"description": "Session ID",
"type": "string"
}
}
}
}
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"parameters": [
{
"name": "userid",
"description": "User ID of authenticated user",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
}
]
}
},
"/crossDomainSession": {
"get": {
"description": "Note that this can be used by the gateway to essentially share the same session ID / session cookie value across multiple domain names.",
"summary": "Generates a cross domain session object that can be transferred to another domain",
"operationId": "getCrossDomainSession",
"deprecated": false,
"tags": [
"session"
],
"responses": {
"200": {
"description": "The crossdomain session string",
"content": {
"application/json": {
"schema": {
"type": "string"
}
}
}
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"parameters": [
{
"name": "sessionId",
"description": "Session ID",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "fromDomain",
"description": "Name of the domain this is from",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "toDomain",
"description": "Name of domain this will be sent to",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
}
]
}
},
"/protectedURLs": {
"get": {
"summary": " Retrieves the list of URL protection entries",
"operationId": "getProtectedURLs",
"parameters": [
{
"name": "identifier",
"description": "Optional Server Identifier",
"in": "query",
"required": false,
"allowEmptyValue": true,
"deprecated": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "URL Entries",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/URLEntry"
}
}
}
}
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"description": "Checks if the session has the requested permission or not",
"deprecated": false,
"tags": [
"authorization"
]
}
},
"/ACL": {
"get": {
"summary": "Gets the definition of an ACL entry",
"operationId": "getACL",
"parameters": [
{
"name": "aclName",
"description": "Name of ACL / Permission to check",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "identifier",
"description": "Server Identifier - can optionally be used to specify a the scope of the ACL",
"in": "query",
"required": false,
"allowEmptyValue": true,
"deprecated": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "ACL definition",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ACLEntry"
}
}
}
},
"404": {
"description": "Not found"
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"description": "Checks if the session has the requested permission or not",
"deprecated": false,
"tags": [
"authorization"
]
}
},
"/group": {
"get": {
"summary": "Gets the definition of a Group entry",
"operationId": "getGroup",
"parameters": [
{
"name": "groupName",
"description": "Name of Group",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "identifier",
"description": "Optional Server Identifier",
"in": "query",
"required": false,
"allowEmptyValue": true,
"deprecated": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Group definition",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GroupEntry"
}
}
}
},
"404": {
"description": "Not found"
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"description": "Read the full definition of a group entry",
"deprecated": false,
"tags": [
"authorization"
]
}
},
"/ACLs": {
"get": {
"summary": "Gets the definition of all defined ACLs",
"operationId": "getAvailableACLs",
"parameters": [
{
"name": "identifier",
"description": "Optional Server Identifier",
"in": "query",
"required": false,
"allowEmptyValue": true,
"deprecated": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "ACL Entries",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/ACLEntry"
}
}
}
}
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"description": "",
"deprecated": false,
"tags": [
"authorization"
]
}
},
"/availableGroups": {
"get": {
"summary": "Gets the definition of all defined Groups",
"operationId": "getAvailableGroups",
"parameters": [
{
"name": "identifier",
"description": "Optional Server Identifier",
"in": "query",
"required": false,
"allowEmptyValue": true,
"deprecated": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Group Entries",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/GroupEntry"
}
}
}
}
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"description": "",
"deprecated": false,
"tags": [
"authorization"
]
}
},
"/availableUsers": {
"get": {
"summary": "Gets the definition of all defined Users",
"operationId": "getAvailableUsers",
"parameters": [
{
"name": "wildcard",
"description": "The wildcard to match, could be * or part of the username/id",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "groupName",
"description": "If not null, searches for users within the specified group",
"in": "query",
"required": false,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "searchSpec",
"description": "Additional search parameters, can be used for limiting searches if not null",
"in": "query",
"required": false,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "maxReturns",
"description": "Maximum number of user entries to return",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "integer"
}
},
{
"name": "authorizationPluginType",
"description": "Type of authorization plugin, or 0 to use default",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "integer"
}
},
{
"name": "identifier",
"description": "Optional Server Identifier",
"in": "query",
"required": false,
"allowEmptyValue": true,
"deprecated": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "User Entries",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/UserEntry"
}
}
}
}
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"description": "",
"deprecated": false,
"tags": [
"authorization"
]
}
},
"/stateVariable": {
"put": {
"description": "Sets (creates or updates) the value of a state variable within the session.",
"summary": "Sets the value of a state variable",
"operationId": "setStateVariable",
"deprecated": false,
"tags": [
"session"
],
"responses": {
"204": {
"description": "OK"
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"parameters": [
{
"name": "sessionId",
"description": "Session ID",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "key",
"description": "The name of the state variable",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "value",
"description": "The value of the state variable",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "persistent",
"description": "True if the state variable should be considered persistent (saved to user-repository via authentication plugin, if possible).\n\nNote that it depends on the authentication plugin what persistent means, and it could ignore it.",
"in": "query",
"required": false,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "boolean"
}
}
]
},
"delete": {
"summary": "Deletes a state variable",
"operationId": "deleteStateVariable",
"parameters": [
{
"name": "sessionId",
"description": "Session ID",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "key",
"description": "Name of state variable to delete",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"204": {
"description": "Confirmation that the variable has been removed from the session"
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"description": "Deletes a state variable from the session",
"deprecated": false,
"tags": [
"session"
]
}
},
"/stateVariables": {
"put": {
"description": "Sets (creates or updates) the value of multiple state variables within the session.",
"summary": "Sets the values of multiple state variables",
"operationId": "setStateVariables",
"deprecated": false,
"tags": [
"session"
],
"responses": {
"204": {
"description": "OK"
},
"default": {
"description": "unexpected error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
},
"parameters": [
{
"name": "sessionId",
"description": "Session ID",
"in": "query",
"required": true,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "string"
}
},
{
"name": "persistent",
"description": "True if the state variable should be considered persistent (saved to user-repository via authentication plugin, if possible).\n\nNote that it depends on the authentication plugin what persistent means, and it could ignore it.",
"in": "query",
"required": false,
"allowEmptyValue": false,
"deprecated": false,
"schema": {
"type": "boolean"
}
}
],
"requestBody": {
"required": true,
"description": "Map of keys and values (both of type string)",
"content": {
"application/json": {
"schema": {
"type": "object",
"example": {
"shoesize": "42",
"haircolor": "brown",
"eyecolor": "blue"
}
}
}
}
}
}
}
},
"components": {
"schemas": {
"Session": {
"properties": {
"is_delayed_logoff": {
"type": "boolean",
"description": "True, if delayed logoff is initiated for this session"
},
"channel_type": {
"type": "string",
"description": "String channel type behind session id (transaction), 00 = Unknown, 01 = HTTP, 02 = SSL/TLS, 03 = SCL, 04 = UserDefined"
},
"user_id": {
"type": "string",
"description": "User ID"
},
"customer_id": {
"type": "string",
"description": "Customer ID"
},
"agreement_id": {
"type": "string",
"description": "Agreement ID"
},
"logged_on": {
"type": "boolean",
"description": "Indicates if a user is authenticated in this session"
},
"internal": {
"type": "boolean",
"description": "Is this user an internal user or not"
},
"user_name": {
"type": "string",
"description": "Users real name"
},
"ip": {
"type": "string",
"description": "IP address that created the session"
},
"cics_user": {
"type": "string",
"description": "CICS userid"
},
"cics_password": {
"type": "string",
"description": "CICS password"
},
"groups": {
"type": "array",
"description": "Array of users groups",
"items": {
"type": "string",
"description": "Group/Role name"
}
},
"acls": {
"type": "array",
"description": "Array of users ACLs",
"items": {
"type": "string",
"description": "ACL name"
}
},
"authentication_method": {
"type": "integer",
"description": "Authentication method identifier"
},
"authentication_level": {
"type": "integer",
"description": "Authentication level - the highger, the more secure"
},
"state_variables": {
"type": "object",
"description": "State variables"
},
"state_objects": {
"type": "object",
"description": "State objects"
},
"creating_agent": {
"type": "string",
"description": "Name of agent that created this session"
},
"ticket": {
"type": "string",
"description": "Optional ticket for this session - can be JWT token, SAML token, SSL clientcert or anything else used as an alternate key to this session instead of the session ID"
}
}
},
"ACLEntry": {
"description": "ACL definition",
"properties": {
"acl_name": {
"type": "string"
},
"permissions": {
"type": "array",
"items": {
"$ref": "#/components/schemas/PermissionEntry"
}
},
"policies": {
"type": "array",
"items": {
"$ref": "#/components/schemas/DataPolicyEntry"
}
}
}
},
"PermissionEntry": {
"description": "A permission inside an ACL",
"type": "object",
"properties": {
"name": {
"description": "Permission name, e.g. read, write or execute",
"type": "string"
},
"members": {
"description": "Members of this permission",
"type": "array",
"items": {
"description": "Group or user",
"type": "string"
}
}
}
},
"DataPolicyEntry": {
"description": "A data policy in an ACL",
"type": "object",
"properties": {
"policy_name": {
"description": "Name of this data policy",
"type": "string"
},
"program_type": {
"description": "Type of program to execute (Java, C, Script etc.)",
"type": "string"
},
"file_name": {
"description": "Filename (.jar file, .so file, .dll etc.)",
"type": "string"
},
"class_name": {
"description": "Classname (if java, class must implement IDataAuthorization interface)",
"type": "string"
},
"method_name": {
"description": "Method name (if C)",
"type": "string"
},
"script": {
"description": "Script to execut",
"type": "string"
},
"additional_data": {
"description": "Additional data for this policy - could contain initialization parameters etc.",
"type": "string"
}
}
},
"GroupEntry": {
"description": "Group definition",
"properties": {
"group_name": {
"description": "Full group name",
"type": "string"
},
"short_name": {
"description": "Short group name",
"type": "string"
},
"description": {
"description": "Description of group",
"type": "string"
},
"members": {
"description": "Group members, if available",
"type": "array",
"items": {
"type": "string"
}
}
}
},
"UserEntry": {
"description": "User definition",
"properties": {
"userid": {
"type": "string"
},
"description": {
"type": "string"
}
}
},
"URLEntry": {
"description": "Protected URL definition",
"properties": {
"name": {
"description": "Protected URL",
"type": "string"
},
"principals": {
"description": "Groups that have this access",
"type": "array",
"items": {
"description": "Group name",
"type": "string"
}
}
}
},
"LocatorInfo": {
"description": "IP Locator information",
"properties": {
"ip": {
"type": "string"
},
"isp": {
"type": "string"
},
"organisation": {
"type": "string"
},
"country_code": {
"type": "string"
},
"country_name": {
"type": "string"
},
"postal_code": {
"type": "string"
},
"city": {
"type": "string"
},
"region": {
"type": "string"
},
"latitude": {
"type": "number",
"format": "float"
},
"longitude": {
"type": "number",
"format": "float"
}
}
},
"DataExchangeCookie": {
"description": "Data Exchange Cookie - used for federation sessions between domains",
"properties": {
"session_id": {
"type": "string",
"description": "Session ID"
},
"url": {
"type": "string",
"description": "URL to redirect to after retrieving / processing the session exchange cookie"
},
"is_logged_on": {
"type": "boolean",
"description": "True if the session identifies an authenticated user"
},
"userid": {
"type": "string",
"description": "User ID"
},
"username": {
"type": "string",
"description": "User name"
}
}
},
"AnyValue": {
"nullable": true,
"description": "Can be any value, including null."
},
"Error": {
"required": [
"code",
"message"
],
"properties": {
"code": {
"type": "integer",
"format": "int32"
},
"message": {
"type": "string"
}
}
}
}
}
} |
...