Skip to main content
API docs by Redocly

Lacework Edge API (1.0)

Download OpenAPI specification:Download

API Support: support@edgeguard.io URL: https://www.edgeguardian.io/support License: Apache 2.0 Terms of Service

This is the Lacework Edge API spec.

Query access objects

Query access objects that match specified conditions

query Parameters
appid
required
string

get the access rules that apply to this app id

userid
required
string

get the access rules that apply to this user id

Responses

Response samples

Content type
application/json
{
  • "accesses": [
    ],
  • "apps": [
    ],
  • "groups": [
    ],
  • "users": [
    ]
}

Update a access.

Update a access

path Parameters
uuid
required
string

The access uuid

Request Body schema: application/json
required

The access update request with only new values of the access filled in

object

Only fields to be updated are filled in.

account_name
string
attributes_to_delete
Array of strings
uuid
string

Responses

Request samples

Content type
application/json
{
  • "access": {
    },
  • "account_name": "string",
  • "attributes_to_delete": [
    ],
  • "uuid": "string"
}

Response samples

Content type
application/json
{
  • "access_type": 0,
  • "account_name": "string",
  • "allow_guest_access": true,
  • "app_list": [
    ],
  • "create_time": 0,
  • "creator_uuid": "string",
  • "data_source": 0,
  • "description": "string",
  • "end_time": 0,
  • "integration_id": "string",
  • "revoked_user_list": [
    ],
  • "status": 0,
  • "update_time": 0,
  • "user_list": [
    ],
  • "uuid": "string"
}

Create a Access

Create a Access

Request Body schema: application/json
required

The access to be created

access_type
integer
Enum: 0 1 2 3

Type of access allowed.

account_name
string

The name of the account.

allow_guest_access
boolean
app_list
Array of strings
data_source
integer (proto.DataSource)
Enum: 0 1 2 3 11 12 13 101 102 103 104 201 202 301 401 402 403 9001 9002 9003 9004 10001 10002 10003 10004 10005 10006 10007 10008 10009
description
string
integration_id
string
status
integer (proto.EnumStatus)
Enum: 0 1 2 3 4
user_list
Array of strings

Filters select users and apps. Any user selected has access to any app selected.

Responses

Request samples

Content type
application/json
{
  • "access_type": 0,
  • "account_name": "string",
  • "allow_guest_access": true,
  • "app_list": [
    ],
  • "data_source": 0,
  • "description": "string",
  • "integration_id": "string",
  • "status": 0,
  • "user_list": [
    ]
}

Response samples

Content type
application/json
{
  • "access_type": 0,
  • "account_name": "string",
  • "allow_guest_access": true,
  • "app_list": [
    ],
  • "create_time": 0,
  • "creator_uuid": "string",
  • "data_source": 0,
  • "description": "string",
  • "end_time": 0,
  • "integration_id": "string",
  • "revoked_user_list": [
    ],
  • "status": 0,
  • "update_time": 0,
  • "user_list": [
    ],
  • "uuid": "string"
}

Delete the access details.

Delete the access details

path Parameters
uuid
required
string

The access uuid

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Get the access details.

Get the access details

path Parameters
uuid
required
string

The access uuid

Responses

Response samples

Content type
application/json
{
  • "access_type": 0,
  • "account_name": "string",
  • "allow_guest_access": true,
  • "app_list": [
    ],
  • "create_time": 0,
  • "creator_uuid": "string",
  • "data_source": 0,
  • "description": "string",
  • "end_time": 0,
  • "integration_id": "string",
  • "revoked_user_list": [
    ],
  • "status": 0,
  • "update_time": 0,
  • "user_list": [
    ],
  • "uuid": "string"
}

Revoke application access for an entity

Revoke application access for an entity

path Parameters
uuid
required
string

access uuid

tag
required
string

entity tag

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Get the account details.

Get the account details

path Parameters
name
required
string

The account name

Responses

Response samples

Content type
application/json
{
  • "allowed_email_domains": [
    ],
  • "backend_shard": "string",
  • "client_ca_uuids": [
    ],
  • "create_time": 0,
  • "datasource_to_idp_metadata": {
    },
  • "display_name": "string",
  • "dns_allowed_sources": [
    ],
  • "domain": "string",
  • "endpoint_ca_uuid": "string",
  • "extend_session_workflow_uuid": "string",
  • "external_token_app_id": "string",
  • "feature_flags": {
    },
  • "has_logo": true,
  • "idp_metadata": "string",
  • "key_id": "string",
  • "location": "string",
  • "mfa_preferred_order": "string",
  • "mfa_provider": 0,
  • "mitm_ca_uuid": "string",
  • "name": "string",
  • "onboarding": {
    },
  • "org": "string",
  • "preferred_gateways_regex": "string",
  • "session_ttl_sec": 0,
  • "shard": "string",
  • "status": 0,
  • "update_time": 0,
  • "uuid": "string",
  • "view_pii_tags": [
    ]
}

Update an account.

Update a single account with the provided name.

path Parameters
name
required
string

name of account to update

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Delete the account logo.

Delete the account logo.

path Parameters
name
required
string

The account name

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Get the account logo.

Get the account logo.

path Parameters
name
required
string

The account name

Responses

Update the account logo.

Update the account logo.

path Parameters
name
required
string

The account name

Responses

Response samples

Content type
application/json
{
  • "content_type": "string",
  • "logo": "string",
  • "update_time": 0
}

Query AlertConfigs

Query AlertConfigs

query Parameters
status
string

comma separated status to match: INIT | ACTIVE | SUSPENDED

Responses

Response samples

Content type
application/json
{
  • "configs": [
    ]
}

Create a new alert config.

Create a new alert config.

Request Body schema: application/json
required

details of alertConfig to create

account_name
string
object

The card data to use as a query for alert generation.

cloned_from_uuid
string
object

Conditions that pass the filter will generate this alert.

description
string
event_description_template
string
name
string
recipients
Array of strings

user:, group:, channel:, email:

resolve_display_names
boolean
skip_alerts
integer
status
integer (proto.EnumStatus)
Enum: 0 1 2 3 4
tags
Array of strings

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "card_data": {
    },
  • "cloned_from_uuid": "string",
  • "condition_filter": {
    },
  • "description": "string",
  • "event_description_template": "string",
  • "name": "string",
  • "recipients": [
    ],
  • "resolve_display_names": true,
  • "skip_alerts": 0,
  • "status": 0,
  • "tags": [
    ]
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "card_data": {
    },
  • "cloned_from_uuid": "string",
  • "condition_filter": {
    },
  • "condition_filter_display_names": {
    },
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "description": "string",
  • "event_description_template": "string",
  • "name": "string",
  • "recipient_display_names": {
    },
  • "recipients": [
    ],
  • "severity_to_assign": 0,
  • "skip_alerts": 0,
  • "status": 0,
  • "tags": [
    ],
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string"
}

Delete an alert config.

Delete a single alert config with the provided uuid.

path Parameters
uuid
required
string

uuid of alert config to delete

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Get the alertConfig details.

Get the alertConfig details

path Parameters
uuid
required
string

The alert config uuid

query Parameters
resolveDisplayNames
required
string

whether or not to resolve display names

Responses

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "card_data": {
    },
  • "cloned_from_uuid": "string",
  • "condition_filter": {
    },
  • "condition_filter_display_names": {
    },
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "description": "string",
  • "event_description_template": "string",
  • "name": "string",
  • "recipient_display_names": {
    },
  • "recipients": [
    ],
  • "severity_to_assign": 0,
  • "skip_alerts": 0,
  • "status": 0,
  • "tags": [
    ],
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string"
}

Update a alertConfig.

Update a single alert config with the provided uuid.

path Parameters
uuid
required
string

uuid of alert config to update

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Query open alerts for the account

Query open alerts for the account

query Parameters
start_time
required
string

Start time in milli-seconds

end_time
required
string

End time in milli-seconds

status_filter
required
string

List of AlertStatus; if included will filter to these

Responses

Response samples

Content type
application/json
{
  • "alerts": [
    ]
}

Promotes an event to an alert (adds investigation state)

Request Body schema: application/json
required

details of the request

account_name
string
bypass_notifications
boolean

The default behavior is to send a notification if the alert was created for the first time, not updated. Use bypass_notifications to skip notifications (even on the first creation) or force_notifications to always send notifications (even on an update).

end_time
integer
event_id
string
force_notifications
boolean
start_time
integer

The event's start and end time. These are used to query Snowflake data for more event details, as the event ID alone is not enough to make this query.

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "bypass_notifications": true,
  • "end_time": 0,
  • "event_id": "string",
  • "force_notifications": true,
  • "start_time": 0
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "assignment_time": 0,
  • "closed_time": 0,
  • "create_time": 0,
  • "description": "string",
  • "event_type": "string",
  • "incident_status": 0,
  • "owner_display_name": "string",
  • "owner_uuid": "string",
  • "policy_action_taken": 0,
  • "related_entities": {
    },
  • "severity": 0,
  • "status": 0,
  • "update_time": 0,
  • "uuid": "string"
}

Get a single alert by its ID

Get a single alert by its ID

path Parameters
uuid
required
string

The alert uuid, which matches the event uuid

Responses

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "assignment_time": 0,
  • "closed_time": 0,
  • "create_time": 0,
  • "description": "string",
  • "event_type": "string",
  • "incident_status": 0,
  • "owner_display_name": "string",
  • "owner_uuid": "string",
  • "policy_action_taken": 0,
  • "related_entities": {
    },
  • "severity": 0,
  • "status": 0,
  • "update_time": 0,
  • "uuid": "string"
}

Get the history of investigation actions taken for an alert

Get the history of investigation actions taken for an alert

path Parameters
uuid
required
string

The alert uuid, which matches the event uuid

Responses

Response samples

Content type
application/json
{
  • "investigation_actions": [
    ]
}

Perform an investigation action on the specified alert

Performs an action, which both updates the persisted alert and also records the action in the investigation history log)

path Parameters
uuid
required
string

The alert uuid, which matches the event uuid

Request Body schema: application/json
required

details of the action

account_name
string
object (proto.InvestigationAction)
actor_uuid
string
alert_update_time
integer
alert_uuid
string

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "action": {
    },
  • "actor_uuid": "string",
  • "alert_update_time": 0,
  • "alert_uuid": "string"
}

Response samples

Content type
application/json
{
  • "alert_update_time": 0,
  • "alert_uuid": "string",
  • "history_item": {
    }
}

Perform multiple investigation actions on the specified alerts

Performs multiple actions, which both updates the persisted alerts and also records the action in the investigation history log

Request Body schema: application/json
required

details of the actions to perform

account_name
string
Array of objects (proto.PerformInvestigationActionRequest)

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "investigation_actions": [
    ]
}

Response samples

Content type
application/json
{
  • "responses": [
    ]
}

Query App Control Policies for an account

Query App Control Policies for an account

query Parameters
status
string

comma separated status to match: INIT | ACTIVE | SUSPENDED

Responses

Response samples

Content type
application/json
{
  • "app_control_policies": [
    ]
}

Delete an app control policy.

Delete an app control policy with the provided uuid.

path Parameters
uuid
required
string

uuid of app control policy to delete

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Get details about an app control policy.

Get details about an app control policy.

path Parameters
uuid
required
string

app control policy uuid

Responses

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "app_filter": {
    },
  • "child_policy_uuids": [
    ],
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "description": "string",
  • "filter_selector_display_names": {
    },
  • "name": "string",
  • "policy_event_actions": [
    ],
  • "session_filter": {
    },
  • "status": 0,
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string"
}

Update app control policy.

Update app control policy

path Parameters
uuid
required
string

app control policy uuid

Request Body schema: application/json
required

details of app control policy to update

account_name
string
object

which apps does it apply to

description
string
name
string
Array of objects (proto.AppControlPolicyEventAction)
object

which sessions/users is the app control policy applicable to

status
integer (proto.EnumStatus)
Enum: 0 1 2 3 4
uuid
string

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "app_filter": {
    },
  • "description": "string",
  • "name": "string",
  • "policy_event_actions": [
    ],
  • "session_filter": {
    },
  • "status": 0,
  • "uuid": "string"
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "app_filter": {
    },
  • "child_policy_uuids": [
    ],
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "description": "string",
  • "filter_selector_display_names": {
    },
  • "name": "string",
  • "policy_event_actions": [
    ],
  • "session_filter": {
    },
  • "status": 0,
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string"
}

Query permitted app control operations

Query permitted app control operations (e.g. COPY, PASTE etc)

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Query suggested app control apps

Query suggested app control apps (e.g. Salesforce, Salesforce etc)

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Add App Control Policy

Add App Control Policy to manage COPY/PASTE/UPLOAD/DOWNLOAD/PRINT events for an app

Request Body schema: application/json
required

details of app control policy to create

account_name
string
object

which apps does it apply to

description
string
name
string
Array of objects (proto.AppControlPolicyEventAction)
object

which sessions/users is the app control policy applicable to

status
integer
Enum: 0 1 2 3 4

possible values during creation time -- INIT/ACTIVE

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "app_filter": {
    },
  • "description": "string",
  • "name": "string",
  • "policy_event_actions": [
    ],
  • "session_filter": {
    },
  • "status": 0
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "app_filter": {
    },
  • "child_policy_uuids": [
    ],
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "description": "string",
  • "filter_selector_display_names": {
    },
  • "name": "string",
  • "policy_event_actions": [
    ],
  • "session_filter": {
    },
  • "status": 0,
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string"
}

Query Apps

Query Apps

query Parameters
tag
string

tag to search for

status
string

comma separated status to match: INIT | ACTIVE | SUSPENDED

datasource
string

comma separated data source to match

Responses

Response samples

Content type
application/json
{
  • "apps": [
    ]
}

Create an app.

Create a new app.

Request Body schema: application/json
required

details of app to create

account_name
string

The name of the account.

object (proto.App)

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "app": {
    }
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "connector_unique_name": "string",
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "data_source": 0,
  • "description": "string",
  • "host": "string",
  • "host_match_type": 0,
  • "integration_id": "string",
  • "internal_host_pattern": "string",
  • "internal_port": 0,
  • "internal_protocol": "string",
  • "name": "string",
  • "path": "string",
  • "port": 0,
  • "protocol": "string",
  • "protocols": [
    ],
  • "ref_display_names": {
    },
  • "ref_matches": [
    ],
  • "refs": [
    ],
  • "request_host_header": "string",
  • "reverse_proxy_name": "string",
  • "status": 0,
  • "tags": [
    ],
  • "tcp_port_ranges": [
    ],
  • "tcp_ports": [
    ],
  • "udp_port_ranges": [
    ],
  • "udp_ports": [
    ],
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string",
  • "verify_server_cert": 0
}

Delete an app.

Delete a single app with the provided uuid.

path Parameters
uuid
required
string

uuid of app to delete

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Get the app details.

Get the app details

path Parameters
uuid
required
string

The app uuid

Responses

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "connector_unique_name": "string",
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "data_source": 0,
  • "description": "string",
  • "host": "string",
  • "host_match_type": 0,
  • "integration_id": "string",
  • "internal_host_pattern": "string",
  • "internal_port": 0,
  • "internal_protocol": "string",
  • "name": "string",
  • "path": "string",
  • "port": 0,
  • "protocol": "string",
  • "protocols": [
    ],
  • "ref_display_names": {
    },
  • "ref_matches": [
    ],
  • "refs": [
    ],
  • "request_host_header": "string",
  • "reverse_proxy_name": "string",
  • "status": 0,
  • "tags": [
    ],
  • "tcp_port_ranges": [
    ],
  • "tcp_ports": [
    ],
  • "udp_port_ranges": [
    ],
  • "udp_ports": [
    ],
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string",
  • "verify_server_cert": 0
}

Update an app.

Update a single app with the provided uuid.

path Parameters
uuid
required
string

uuid of app to update

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Remove tags from an app.

Remove tags from an app

path Parameters
uuid
required
string

The app uuid

tag
required
string

The tag to delete

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Add tags to an app.

Add tags an app

path Parameters
uuid
required
string

The app uuid

Request Body schema: application/json
required

The tags to add

account_name
string
tags
Array of strings
uuid
string

Single app UUID to which tags will be added.

uuids
Array of strings

Additional list of app UUIDs to which tags will be added.

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "tags": [
    ],
  • "uuid": "string",
  • "uuids": [
    ]
}

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Delete tags to an app.

Delete tags an app

path Parameters
uuid
required
string

The app uuid

tag
required
string

The tag to delete

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Deploy an app.

Deploy a new app.

Request Body schema: application/json
required

details of app to deploy

account_name
string

The name of the account.

object (proto.App)

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "app": {
    }
}

Response samples

Content type
application/json
{
  • "app": {
    },
  • "new_policies": [
    ]
}

Query Audit Events

Query Audit Events

query Parameters
start_time
required
string

start time of audit events

end_time
string

end time of audit events

Responses

Response samples

Content type
application/json
{
  • "audit_events": [
    ]
}

Get the audit event details.

Get the audit event details

path Parameters
uuid
required
string

The audit event uuid

Responses

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "auth_account_name": "string",
  • "auth_role": 0,
  • "auth_type": "string",
  • "auth_uuid": "string",
  • "client_ip": "string",
  • "create_time": 0,
  • "expire_time_sec": 0,
  • "matched_path": "string",
  • "method": "string",
  • "op": "string",
  • "path": "string",
  • "proto_version": "string",
  • "protocol": "string",
  • "request_body": "string",
  • "response_status": 0,
  • "response_status_text": "string",
  • "trace": "string",
  • "user_display_name": "string",
  • "user_login": "string",
  • "uuid": "string"
}

Query blobs by prefix.

Get all blobs with a given key prefix.

query Parameters
prefix
required
string

key prefix of blobs to query

Responses

Response samples

Content type
application/json
{
  • "blobs": [
    ]
}

Create a blob.

Create a new blob.

Request Body schema: application/json
required

details of blob to create

account_name
string

Name of account to own the created blob.

data
string

The blob data.

expire_time_sec
integer

Time at which this blob expires, optional.

key
string

Key of the blob: likely a combination of some grouping/namespace prefix and the ID of the blob itself.

name
string

Metadata string to be used however client sees fit.

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "data": "string",
  • "expire_time_sec": 0,
  • "key": "string",
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "create_time": 0,
  • "data": "string",
  • "expire_time_sec": 0,
  • "key": "string",
  • "name": "string",
  • "update_time": 0,
  • "user_uuid": "string"
}

Delete a blob.

Delete a single blob with the provided key.

path Parameters
key
required
string

key of blob to delete

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Get a blob.

Get a single blob with the provided key.

path Parameters
key
required
string

key of blob to get

Responses

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "create_time": 0,
  • "data": "string",
  • "expire_time_sec": 0,
  • "key": "string",
  • "name": "string",
  • "update_time": 0,
  • "user_uuid": "string"
}

Update a blob.

Update a single blob with the provided key.

path Parameters
key
required
string

key of blob to update

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Query CA certificates for an account

Query CA certificates for an account

Responses

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "certificates": [
    ]
}

Add CA certificate

Add CA certificate

Request Body schema: application/json
required

details of CA certificate

account_name
string
chain
Array of strings
description
string
public_key_pem
string
purpose
integer (proto.CaCertificate_Purpose)
Enum: 0 1 2 3
status
integer (proto.CaCertificate_Status)
Enum: 0 1 2

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "chain": [
    ],
  • "description": "string",
  • "public_key_pem": "string",
  • "purpose": 0,
  • "status": 0
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "chain": [
    ],
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "description": "string",
  • "have_private_key": true,
  • "public_key_pem": "string",
  • "purpose": 0,
  • "status": 0,
  • "subject": "string",
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string"
}

Delete specified CA certificate

Delete specified CA certificate

path Parameters
uuid
required
string

uuid of ca certificate to delete

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Get CA certificate for an account based on uuid

Get CA certificate for an account based on uuid

Responses

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "chain": [
    ],
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "description": "string",
  • "have_private_key": true,
  • "public_key_pem": "string",
  • "purpose": 0,
  • "status": 0,
  • "subject": "string",
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string"
}

Update CA Certificate

Update CA Certificate

path Parameters
uuid
required
string

ca certificate uuid

Request Body schema: application/json
required

details of CA certificate to update

account_name
string
attributes_to_delete
Array of strings
chain
Array of strings
description
string
status
integer (proto.CaCertificate_Status)
Enum: 0 1 2
uuid
string

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "attributes_to_delete": [
    ],
  • "chain": [
    ],
  • "description": "string",
  • "status": 0,
  • "uuid": "string"
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "browser_performance_inspection": 0,
  • "browser_performance_inspection_domains": [
    ],
  • "browser_request_inspection": 0,
  • "client_ca_uuid": "string",
  • "client_use_eg_upstream_dns": 0,
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "description": "string",
  • "disconnect_allowed": 0,
  • "disconnect_interval_minutes": [
    ],
  • "disconnect_justification_required": 0,
  • "dns_search_domains": [
    ],
  • "enable_always_on_vpn": 0,
  • "enable_auto_updates": 0,
  • "enable_browser_proxy": 0,
  • "enable_guest_user_mode": 0,
  • "enable_manual_updates": 0,
  • "enable_sensor_data": 0,
  • "enable_transparent_proxy": 0,
  • "enable_transparent_sso": 0,
  • "filter_selector_display_names": {
    },
  • "guest_user_api_token": "string",
  • "installer_cert_thumbprint": "string",
  • "log_level": 0,
  • "mac_install_root_ca": 0,
  • "name": "string",
  • "policy_location": "string",
  • "post_login_redirect_url": "string",
  • "priority": 0,
  • "proxy_exclusion_domains": [
    ],
  • "session_filter": {
    },
  • "session_refresh_interval_hours": 0,
  • "should_fail_open": 0,
  • "show_cellular_confirmation": 0,
  • "show_popover_automatically": 0,
  • "status": 0,
  • "update_channels": [
    ],
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string",
  • "wifi_only_if_location_permission": 0,
  • "windows_install_per_device_root_ca": 0
}

Query Cards

Query Cards

query Parameters
dataset
string

dataset to search for

Responses

Response samples

Content type
application/json
{
  • "cards": [
    ]
}

Create a card.

Create a new Card.

Request Body schema: application/json
required

details of card to create

account_name
string
object (proto.Card)

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "card": {
    }
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "chart_type": 0,
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "data": "string",
  • "dataset": "string",
  • "description": "string",
  • "display_config": "string",
  • "layout": "string",
  • "name": "string",
  • "status": 0,
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string"
}

Delete a Card.

Delete a single Card with the provided uuid.

path Parameters
uuid
required
string

uuid of Card to delete

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Get the Card details.

Get the Card details

path Parameters
uuid
required
string

The Card uuid

Responses

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "chart_type": 0,
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "data": "string",
  • "dataset": "string",
  • "description": "string",
  • "display_config": "string",
  • "layout": "string",
  • "name": "string",
  • "status": 0,
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string"
}

Update a Card.

Update a single Card with the provided uuid.

path Parameters
uuid
required
string

uuid of Card to update

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Query NotificationChannels

Query NotificationChannels

query Parameters
status
string

comma separated status to match: INIT | ACTIVE | SUSPENDED

resolveDisplayNames
required
string

whether or not to resolve display names

Responses

Response samples

Content type
application/json
{
  • "channels": [
    ]
}

Create a new notification channel.

Create a new notification channel.

Request Body schema: application/json
required

details of channel to create

account_name
string
description
string
name
string
oauth_code
string

OAuth authorization code and redirect URI to be used to exchange for an access token.

recipients
Array of strings

Actual values of the recipients are determined by the type. USER_PREFERRED - user:, group: EMAIL - email addresses SLACK - slack incoming webhook URLs SMS - phone numbers SLACK_OAUTH - slack incoming webhook URL (will only be a single value) MICROSOFT_TEAMS - webhook URL for sending information to Microsoft Teams

redirect_uri
string
resolve_display_names
boolean
status
integer (proto.EnumStatus)
Enum: 0 1 2 3 4
type
integer (proto.ChannelType)
Enum: 0 1 2 3 4 5 6

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "description": "string",
  • "name": "string",
  • "oauth_code": "string",
  • "recipients": [
    ],
  • "redirect_uri": "string",
  • "resolve_display_names": true,
  • "status": 0,
  • "type": 0
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "description": "string",
  • "encrypted_credentials": "string",
  • "name": "string",
  • "recipient_display_names": {
    },
  • "recipients": [
    ],
  • "slack_channel": "string",
  • "slack_team": "string",
  • "status": 0,
  • "type": 0,
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string"
}

Delete an notification channel.

Delete a single notification channel with the provided uuid.

path Parameters
uuid
required
string

uuid of notification channel to delete

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Get the channel details.

Get the channel details

path Parameters
uuid
required
string

The notification channel uuid

query Parameters
resolveDisplayNames
required
string

whether or not to resolve display names

Responses

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "description": "string",
  • "encrypted_credentials": "string",
  • "name": "string",
  • "recipient_display_names": {
    },
  • "recipients": [
    ],
  • "slack_channel": "string",
  • "slack_team": "string",
  • "status": 0,
  • "type": 0,
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string"
}

Update a channel.

Update a single notification channel with the provided uuid.

path Parameters
uuid
required
string

uuid of notification channel to update

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Download client config for an account based on uuid

Download client config for an account based on uuid

Responses

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "browser_performance_inspection": 0,
  • "browser_performance_inspection_domains": [
    ],
  • "browser_request_inspection": 0,
  • "client_ca_uuid": "string",
  • "client_use_eg_upstream_dns": 0,
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "description": "string",
  • "disconnect_allowed": 0,
  • "disconnect_interval_minutes": [
    ],
  • "disconnect_justification_required": 0,
  • "dns_search_domains": [
    ],
  • "enable_always_on_vpn": 0,
  • "enable_auto_updates": 0,
  • "enable_browser_proxy": 0,
  • "enable_guest_user_mode": 0,
  • "enable_manual_updates": 0,
  • "enable_sensor_data": 0,
  • "enable_transparent_proxy": 0,
  • "enable_transparent_sso": 0,
  • "filter_selector_display_names": {
    },
  • "guest_user_api_token": "string",
  • "installer_cert_thumbprint": "string",
  • "log_level": 0,
  • "mac_install_root_ca": 0,
  • "name": "string",
  • "policy_location": "string",
  • "post_login_redirect_url": "string",
  • "priority": 0,
  • "proxy_exclusion_domains": [
    ],
  • "session_filter": {
    },
  • "session_refresh_interval_hours": 0,
  • "should_fail_open": 0,
  • "show_cellular_confirmation": 0,
  • "show_popover_automatically": 0,
  • "status": 0,
  • "update_channels": [
    ],
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string",
  • "wifi_only_if_location_permission": 0,
  • "windows_install_per_device_root_ca": 0
}

Add client configuration

Add client configuration

Request Body schema: application/json
required

details of client configuration

account_name
string
browser_performance_inspection
integer
Enum: 0 1 2

If true, collect performance data from websites listed below. Default is false.

browser_performance_inspection_domains
Array of strings

A list of domains where we collect performance data.

browser_request_inspection
integer
Enum: 0 1 2

If true, inspect requests to attach additional context (such as tab information) to browser-ext exports. Default is true.

client_ca_uuid
string

If set, the client will look for identities in the key store (OS specific) issued by this CA.

client_use_eg_upstream_dns
integer
Enum: 0 1 2

Use EG’s upstream resolver to resolve domains at the client. Only meant for use on macOS, and is ignored on Windows. Default is false.

description
string
disconnect_allowed
integer (pbcommon.Bool)
Enum: 0 1 2
disconnect_interval_minutes
Array of strings

A comma separated list of numbers that represent the disconnect duration options.

disconnect_justification_required
integer
Enum: 0 1 2

Require at least a 5 character long justification on disconnect. Default is false.

dns_search_domains
Array of strings

A comma separated list of domains that need to be treated as search domains. Defaults to network specific values.

enable_always_on_vpn
integer
Enum: 0 1 2

Enable always on mode: Some menu items, such as disconnect, quit, are removed. Default is false.

enable_auto_updates
integer
Enum: 0 1 2

Allow client to automatically download the updates in the background and update on next app start. Default is false if not set.

enable_browser_proxy
integer
Enum: 0 1 2

Enables setting the system’s browser proxy settings. If set to false, then the client functions as a L4+L3 VPN. Default is true.

enable_guest_user_mode
integer
Enum: 0 1 2

If true, enable guest user mode

enable_manual_updates
integer
Enum: 0 1 2

Allow users to manually check for updates. Default is true if not set.

enable_sensor_data
integer
Enum: 0 1 2

If false, do not export idle activity data from the client that measures time between user interactions on the device. Default is true.

enable_transparent_proxy
integer
Enum: 0 1 2

Enables the L4 transparent proxy that redirects TCP flows to the rust datapath. If set to false, the client functions as a L3 VPN. Default is true.

enable_transparent_sso
integer
Enum: 0 1 2

Enable transparent SSO. Clients installed on AzureAD domain joined machines to automatically log into Lacework Edge.

generate_guest_user_api_token
boolean
guest_user_api_token
string

If guest user mode is enabled, either guest_user_api_token must be provided or generate_guest_user_api_token must be set to true to indicate that a new guest api token needs to be generated.

installer_cert_thumbprint
string

The cert thumbprint with which the automatically downloaded exe/msi installer must be signed with for automatic updates. Required if enable_auto_updates is set on Windows.

log_level
integer
Enum: 0 1 2 3 4

Log level on the client (system tray for now)

mac_install_root_ca
integer
Enum: 0 1 2

If true, create MITM cert if one does not exist.

name
string
policy_location
string

Show a specific message on the popover.

post_login_redirect_url
string

A valid URL to which users can be redirected 30s after successful login.

priority
integer
proxy_exclusion_domains
Array of strings

A comma separated list of domains or networks that need to be excluded from system proxy. Defaults to platform specific values.

object (proto.Filter)
session_refresh_interval_hours
integer

Windows only: How often should AzureAD session be queried/refreshed from the client. Default is 6 hours.

should_fail_open
integer
Enum: 0 1 2

If Lacework Edge gateway is unavailable, fail open internet connections. Default is true.

show_cellular_confirmation
integer
Enum: 0 1 2

iOS only: When submitting diagnostics, ask user whether they want to upload via cellular network. Default is false (?).

show_popover_automatically
integer
Enum: 0 1 2

If false, do not pop over the system tray when there is an in-app notification. Default is true.

status
integer (proto.EnumStatus)
Enum: 0 1 2 3 4
update_channels
Array of strings

Update channel(s).

wifi_only_if_location_permission
integer
Enum: 0 1 2

Collect local WiFi data only when user consents to location permissions. Default is false.

windows_install_per_device_root_ca
integer
Enum: 0 1 2

If true, install a per-device MITM cert automatically. Default is false.

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "browser_performance_inspection": 0,
  • "browser_performance_inspection_domains": [
    ],
  • "browser_request_inspection": 0,
  • "client_ca_uuid": "string",
  • "client_use_eg_upstream_dns": 0,
  • "description": "string",
  • "disconnect_allowed": 0,
  • "disconnect_interval_minutes": [
    ],
  • "disconnect_justification_required": 0,
  • "dns_search_domains": [
    ],
  • "enable_always_on_vpn": 0,
  • "enable_auto_updates": 0,
  • "enable_browser_proxy": 0,
  • "enable_guest_user_mode": 0,
  • "enable_manual_updates": 0,
  • "enable_sensor_data": 0,
  • "enable_transparent_proxy": 0,
  • "enable_transparent_sso": 0,
  • "generate_guest_user_api_token": true,
  • "guest_user_api_token": "string",
  • "installer_cert_thumbprint": "string",
  • "log_level": 0,
  • "mac_install_root_ca": 0,
  • "name": "string",
  • "policy_location": "string",
  • "post_login_redirect_url": "string",
  • "priority": 0,
  • "proxy_exclusion_domains": [
    ],
  • "session_filter": {
    },
  • "session_refresh_interval_hours": 0,
  • "should_fail_open": 0,
  • "show_cellular_confirmation": 0,
  • "show_popover_automatically": 0,
  • "status": 0,
  • "update_channels": [
    ],
  • "wifi_only_if_location_permission": 0,
  • "windows_install_per_device_root_ca": 0
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "browser_performance_inspection": 0,
  • "browser_performance_inspection_domains": [
    ],
  • "browser_request_inspection": 0,
  • "client_ca_uuid": "string",
  • "client_use_eg_upstream_dns": 0,
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "description": "string",
  • "disconnect_allowed": 0,
  • "disconnect_interval_minutes": [
    ],
  • "disconnect_justification_required": 0,
  • "dns_search_domains": [
    ],
  • "enable_always_on_vpn": 0,
  • "enable_auto_updates": 0,
  • "enable_browser_proxy": 0,
  • "enable_guest_user_mode": 0,
  • "enable_manual_updates": 0,
  • "enable_sensor_data": 0,
  • "enable_transparent_proxy": 0,
  • "enable_transparent_sso": 0,
  • "filter_selector_display_names": {
    },
  • "guest_user_api_token": "string",
  • "installer_cert_thumbprint": "string",
  • "log_level": 0,
  • "mac_install_root_ca": 0,
  • "name": "string",
  • "policy_location": "string",
  • "post_login_redirect_url": "string",
  • "priority": 0,
  • "proxy_exclusion_domains": [
    ],
  • "session_filter": {
    },
  • "session_refresh_interval_hours": 0,
  • "should_fail_open": 0,
  • "show_cellular_confirmation": 0,
  • "show_popover_automatically": 0,
  • "status": 0,
  • "update_channels": [
    ],
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string",
  • "wifi_only_if_location_permission": 0,
  • "windows_install_per_device_root_ca": 0
}

Delete specified client configuration

Delete specified client configuration

path Parameters
uuid
required
string

uuid of client configuration to delete

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Get client config for an account based on uuid

Get client config for an account based on uuid

Responses

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "browser_performance_inspection": 0,
  • "browser_performance_inspection_domains": [
    ],
  • "browser_request_inspection": 0,
  • "client_ca_uuid": "string",
  • "client_use_eg_upstream_dns": 0,
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "description": "string",
  • "disconnect_allowed": 0,
  • "disconnect_interval_minutes": [
    ],
  • "disconnect_justification_required": 0,
  • "dns_search_domains": [
    ],
  • "enable_always_on_vpn": 0,
  • "enable_auto_updates": 0,
  • "enable_browser_proxy": 0,
  • "enable_guest_user_mode": 0,
  • "enable_manual_updates": 0,
  • "enable_sensor_data": 0,
  • "enable_transparent_proxy": 0,
  • "enable_transparent_sso": 0,
  • "filter_selector_display_names": {
    },
  • "guest_user_api_token": "string",
  • "installer_cert_thumbprint": "string",
  • "log_level": 0,
  • "mac_install_root_ca": 0,
  • "name": "string",
  • "policy_location": "string",
  • "post_login_redirect_url": "string",
  • "priority": 0,
  • "proxy_exclusion_domains": [
    ],
  • "session_filter": {
    },
  • "session_refresh_interval_hours": 0,
  • "should_fail_open": 0,
  • "show_cellular_confirmation": 0,
  • "show_popover_automatically": 0,
  • "status": 0,
  • "update_channels": [
    ],
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string",
  • "wifi_only_if_location_permission": 0,
  • "windows_install_per_device_root_ca": 0
}

Update client config

Update client config

path Parameters
uuid
required
string

client config uuid

Request Body schema: application/json
required

details of client config to update

account_name
string
attributes_to_delete
Array of strings

Attributes to be deleted.

browser_performance_inspection
integer
Enum: 0 1 2

If true, collect performance data from websites listed below. Default is false.

browser_performance_inspection_domains
Array of strings

A list of domains where we collect performance data.

browser_request_inspection
integer
Enum: 0 1 2

If true, inspect requests to attach additional context (such as tab information) to browser-ext exports. Default is true.

client_ca_uuid
string

If set, the client will look for identities in the key store (OS specific) issued by this CA.

client_use_eg_upstream_dns
integer
Enum: 0 1 2

Use EG’s upstream resolver to resolve domains at the client. Only meant for use on macOS, and is ignored on Windows. Default is false.

description
string
disconnect_allowed
integer (pbcommon.Bool)
Enum: 0 1 2
disconnect_interval_minutes
Array of strings

A comma separated list of numbers that represent the disconnect duration options.

disconnect_justification_required
integer
Enum: 0 1 2

Require at least a 5 character long justification on disconnect. Default is false.

dns_search_domains
Array of strings

A comma separated list of domains that need to be treated as search domains. Defaults to network specific values.

enable_always_on_vpn
integer
Enum: 0 1 2

Enable always on mode: Some menu items, such as disconnect, quit, are removed. Default is false.

enable_auto_updates
integer
Enum: 0 1 2

Allow client to automatically download the updates in the background and update on next app start. Default is false if not set.

enable_browser_proxy
integer
Enum: 0 1 2

Enables setting the system’s browser proxy settings. If set to false, then the client functions as a L4+L3 VPN. Default is true.

enable_guest_user_mode
integer
Enum: 0 1 2

If true, enable guest user mode

enable_manual_updates
integer
Enum: 0 1 2

Allow users to manually check for updates. Default is true if not set.

enable_sensor_data
integer
Enum: 0 1 2

If false, do not export idle activity data from the client that measures time between user interactions on the device. Default is true.

enable_transparent_proxy
integer
Enum: 0 1 2

Enables the L4 transparent proxy that redirects TCP flows to the rust datapath. If set to false, the client functions as a L3 VPN. Default is true.

enable_transparent_sso
integer
Enum: 0 1 2

Enable transparent SSO. Clients installed on AzureAD domain joined machines to automatically login to Lacework Edge.

generate_guest_user_api_token
boolean
guest_user_api_token
string

If guest user mode is enabled, either guest_user_api_token must be provided or generate_guest_user_api_token must be set to true to indicate that a new guest api token needs to be generated.

installer_cert_thumbprint
string

The cert thumbprint with which the automatically downloaded exe/msi installer must be signed with for automatic updates. Required if enable_auto_updates is set on Windows.

log_level
integer
Enum: 0 1 2 3 4

Log level on the client (system tray for now)

mac_install_root_ca
integer
Enum: 0 1 2

If true, create MITM cert if one does not exist.

name
string
policy_location
string

Show a specific message on the popover.

post_login_redirect_url
string

A valid URL to which users can be redirected 30s after successful login.

priority
integer
proxy_exclusion_domains
Array of strings

A comma separated list of domains or networks that need to be excluded from system proxy. Defaults to platform specific values.

object (proto.Filter)
session_refresh_interval_hours
integer

Windows only: How often should AzureAD session be queried/refreshed from the client. Default is 6 hours.

should_fail_open
integer
Enum: 0 1 2

If Lacework Edge gateway is unavailable, fail open internet connections. Default is true.

show_cellular_confirmation
integer
Enum: 0 1 2

iOS only: When submitting diagnostics, ask user whether they want to upload via cellular network. Default is false (?).

show_popover_automatically
integer
Enum: 0 1 2

If false, do not pop over the system tray when there is an in-app notification. Default is true.

status
integer (proto.EnumStatus)
Enum: 0 1 2 3 4
update_channels
Array of strings

Update channel(s).

uuid
string
wifi_only_if_location_permission
integer
Enum: 0 1 2

Collect local WiFi data only when user consents to location permissions. Default is false.

windows_install_per_device_root_ca
integer
Enum: 0 1 2

If true, install a per-device MITM cert automatically. Default is false.

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "attributes_to_delete": [
    ],
  • "browser_performance_inspection": 0,
  • "browser_performance_inspection_domains": [
    ],
  • "browser_request_inspection": 0,
  • "client_ca_uuid": "string",
  • "client_use_eg_upstream_dns": 0,
  • "description": "string",
  • "disconnect_allowed": 0,
  • "disconnect_interval_minutes": [
    ],
  • "disconnect_justification_required": 0,
  • "dns_search_domains": [
    ],
  • "enable_always_on_vpn": 0,
  • "enable_auto_updates": 0,
  • "enable_browser_proxy": 0,
  • "enable_guest_user_mode": 0,
  • "enable_manual_updates": 0,
  • "enable_sensor_data": 0,
  • "enable_transparent_proxy": 0,
  • "enable_transparent_sso": 0,
  • "generate_guest_user_api_token": true,
  • "guest_user_api_token": "string",
  • "installer_cert_thumbprint": "string",
  • "log_level": 0,
  • "mac_install_root_ca": 0,
  • "name": "string",
  • "policy_location": "string",
  • "post_login_redirect_url": "string",
  • "priority": 0,
  • "proxy_exclusion_domains": [
    ],
  • "session_filter": {
    },
  • "session_refresh_interval_hours": 0,
  • "should_fail_open": 0,
  • "show_cellular_confirmation": 0,
  • "show_popover_automatically": 0,
  • "status": 0,
  • "update_channels": [
    ],
  • "uuid": "string",
  • "wifi_only_if_location_permission": 0,
  • "windows_install_per_device_root_ca": 0
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "browser_performance_inspection": 0,
  • "browser_performance_inspection_domains": [
    ],
  • "browser_request_inspection": 0,
  • "client_ca_uuid": "string",
  • "client_use_eg_upstream_dns": 0,
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "description": "string",
  • "disconnect_allowed": 0,
  • "disconnect_interval_minutes": [
    ],
  • "disconnect_justification_required": 0,
  • "dns_search_domains": [
    ],
  • "enable_always_on_vpn": 0,
  • "enable_auto_updates": 0,
  • "enable_browser_proxy": 0,
  • "enable_guest_user_mode": 0,
  • "enable_manual_updates": 0,
  • "enable_sensor_data": 0,
  • "enable_transparent_proxy": 0,
  • "enable_transparent_sso": 0,
  • "filter_selector_display_names": {
    },
  • "guest_user_api_token": "string",
  • "installer_cert_thumbprint": "string",
  • "log_level": 0,
  • "mac_install_root_ca": 0,
  • "name": "string",
  • "policy_location": "string",
  • "post_login_redirect_url": "string",
  • "priority": 0,
  • "proxy_exclusion_domains": [
    ],
  • "session_filter": {
    },
  • "session_refresh_interval_hours": 0,
  • "should_fail_open": 0,
  • "show_cellular_confirmation": 0,
  • "show_popover_automatically": 0,
  • "status": 0,
  • "update_channels": [
    ],
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string",
  • "wifi_only_if_location_permission": 0,
  • "windows_install_per_device_root_ca": 0
}

Query Connectors

Query connectors

Responses

Response samples

Content type
application/json
{
  • "connectors": [
    ]
}

Create Connector

Create a connector

Request Body schema: application/json
required

Provide the unique name and the optional attributes of the connector to create it

account_name
string

The name of the account.

object

Sets the configuration for the connector. Check each field for their usage.

object

Deprecated. Use individual fields below.

description
string
external_addr
Array of strings

inbound network access endpoints - fqdns or ips

name
string

Display name.

status
integer
Enum: 0 1 2 3 4

INIT = 1; ACTIVE = 2; SUSPENDED = 3; DELETED = 4;

tags
Array of strings
tcp_on_layer_three_vpn
integer
Enum: 0 1 2

If true we'll route TCP through this connector via layer 3 VPN.

unique_name
string

unique name for the connector within the scope of the account.

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "config": {
    },
  • "connector": {
    },
  • "description": "string",
  • "external_addr": [
    ],
  • "name": "string",
  • "status": 0,
  • "tags": [
    ],
  • "tcp_on_layer_three_vpn": 0,
  • "unique_name": "string"
}

Response samples

Content type
application/json
{
  • "access_token": "string",
  • "account_name": "string",
  • "certificate_pem": "string",
  • "config": {
    },
  • "coordinates": {
    },
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "current_server_time": 0,
  • "description": "string",
  • "desired_releases": [
    ],
  • "expire_time_sec": 0,
  • "external_addr": [
    ],
  • "instances": [
    ],
  • "name": "string",
  • "ref_display_names": {
    },
  • "refs": [
    ],
  • "routes": {
    },
  • "secret_hash": "string",
  • "status": 0,
  • "tags": [
    ],
  • "tcp_on_layer_three_vpn": 0,
  • "unique_name": "string",
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string"
}

Delete a connector

Delete a connector

path Parameters
name
required
string

The connector name

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Get Connector

Get a connector's details

path Parameters
name
required
string

The connector's unique name

Responses

Response samples

Content type
application/json
{
  • "access_token": "string",
  • "account_name": "string",
  • "certificate_pem": "string",
  • "config": {
    },
  • "coordinates": {
    },
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "current_server_time": 0,
  • "description": "string",
  • "desired_releases": [
    ],
  • "expire_time_sec": 0,
  • "external_addr": [
    ],
  • "instances": [
    ],
  • "name": "string",
  • "ref_display_names": {
    },
  • "refs": [
    ],
  • "routes": {
    },
  • "secret_hash": "string",
  • "status": 0,
  • "tags": [
    ],
  • "tcp_on_layer_three_vpn": 0,
  • "unique_name": "string",
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string"
}

Update the connector details.

Update the connector details

path Parameters
name
required
string

The connector name

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Add tags to a connector.

Add tags a connector

path Parameters
name
required
string

The connector name

Request Body schema: application/json
required

The tags to add

account_name
string
tags
Array of strings
unique_name
string

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "tags": [
    ],
  • "unique_name": "string"
}

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Delete tags from a connector.

Delete tags from a connector

path Parameters
name
required
string

The connector name

tag
required
string

The tag to delete

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Query Countries

Query Countries

Responses

Response samples

Content type
application/json
{
  • "countries": [
    ]
}

Query Dashboards

Query Dashboards

query Parameters
tag
string

tag to search for

status
string

comma separated status to match: INIT | ACTIVE | SUSPENDED | DELETED

datasource
string

comma separated data source to match

Responses

Response samples

Content type
application/json
{
  • "dashboards": [
    ]
}

Create a dashboard.

Create a new dashboard.

Request Body schema: application/json
required

details of dashboard to create

account_name
string
object (proto.Dashboard)

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "dashboard": {
    }
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "data": "string",
  • "description": "string",
  • "icon": "string",
  • "name": "string",
  • "status": 0,
  • "tags": [
    ],
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string"
}

Delete a dashboard.

Delete a single dashboard with the provided uuid.

path Parameters
uuid
required
string

uuid of dashboard to delete

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Get the dashboard details.

Get the dashboard details

path Parameters
uuid
required
string

The dashboard uuid

Responses

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "data": "string",
  • "description": "string",
  • "icon": "string",
  • "name": "string",
  • "status": 0,
  • "tags": [
    ],
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string"
}

Update a dashboard.

Update a single dashboard with the provided uuid.

path Parameters
uuid
required
string

uuid of dashboard to update

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Add tags to an dashboard.

Add tags an dashboard

path Parameters
uuid
required
string

The dashboard uuid

Request Body schema: application/json
required

The tags to add

account_name
string
tags
Array of strings
uuid
string

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "tags": [
    ],
  • "uuid": "string"
}

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Delete tags to an dashboard.

Delete tags an dashboard

path Parameters
uuid
required
string

The dashboard uuid

tag
required
string

The tag to delete

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Query data export configs for an account

Query data export configs for an account

Responses

Response samples

Content type
application/json
{
  • "data_export_configs": [
    ]
}

Add log export configuration

Add log export configuration to export data to S3

Request Body schema: application/json
required

details of log export configuration

account_name
string
data_export_types
Array of integers (proto.DataExportType)
Items Enum: 0 1 2 3 4 51 52 53
s3_bucket_account_id
string
s3_bucket_name
string

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "data_export_types": [
    ],
  • "s3_bucket_account_id": "string",
  • "s3_bucket_name": "string"
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "account_uuid": "string",
  • "create_time": 0,
  • "data_export_types": [
    ],
  • "last_export_time": 0,
  • "last_successful_export": {
    },
  • "s3_bucket_account_id": "string",
  • "s3_bucket_name": "string",
  • "s3_bucket_shard_id": 0,
  • "update_time": 0,
  • "uuid": "string"
}

Delete specified data export configuration

Delete specified data export configuration

path Parameters
uuid
required
string

uuid of data export configuration to delete

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Update data export config

Update data export config

path Parameters
uuid
required
string

data export config uuid

Request Body schema: application/json
required

details of data export config to update

account_name
string
data_export_types
Array of integers (proto.DataExportType)
Items Enum: 0 1 2 3 4 51 52 53

Only thing allowed to be updated by external user is the types of data to be exported.

uuid
string

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "data_export_types": [
    ],
  • "uuid": "string"
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "account_uuid": "string",
  • "create_time": 0,
  • "data_export_types": [
    ],
  • "last_export_time": 0,
  • "last_successful_export": {
    },
  • "s3_bucket_account_id": "string",
  • "s3_bucket_name": "string",
  • "s3_bucket_shard_id": 0,
  • "update_time": 0,
  • "uuid": "string"
}

Returns S3 bucket policy

Returns S3 bucket policy

Request Body schema: application/json
required

bucket policy request

account_name
string
s3_bucket_name
string

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "s3_bucket_name": "string"
}

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Validate data export configuration

Writes an empty json file to verify if it shows in destination S3 bucket

Request Body schema: application/json
required

data export validation request

account_name
string
uuid
string

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "uuid": "string"
}

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Query customer datasets/lists

Query customer datasets/lists

Responses

Response samples

Content type
application/json
{
  • "customer_datasets": [
    ]
}

Creates a new customer dataset (e.g. list).

Creates a new dataset/list by name and returns UUID. Does not add items.

Responses

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "config": {
    },
  • "content_type": 0,
  • "content_types": [
    ],
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "current_version": 0,
  • "dataset_name": "string",
  • "dataset_type": 0,
  • "description": "string",
  • "entity_type": 0,
  • "icon": 0,
  • "num_items": 0,
  • "parent_uuid": "string",
  • "properties": {
    },
  • "scenario": 0,
  • "status": 0,
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string"
}

Delete a customer dataset/list

Query items from a customer dataset/list

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Update configuration of a customer dataset/list

Update configuration of a customer dataset/list

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Query items from a customer dataset/list

Query items from a customer dataset/list

Responses

Response samples

Content type
application/json
{
  • "continuation_token": "string",
  • "customer_dataset_items": [
    ],
  • "dataset": {
    }
}

Update items from a customer dataset/list

Add or remove a maximum of 99 items

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Initiate deployment of a connector

Initiate deployment of a connector to one of the options returned by GetDeploymentConnectorOptions

Responses

Response samples

Content type
application/json
{
  • "accesses": [
    ],
  • "apps": [
    ],
  • "completed": true,
  • "connector": {
    },
  • "messages": [
    ],
  • "policies": [
    ],
  • "resource_urls": [
    ],
  • "success": true
}

Check where a connector should be deployed to get access to a given app.

Check where a connector should be deployed to get access to a given app.

Responses

Response samples

Content type
application/json
{
  • "options": [
    ]
}

Delete Devices

Deletes devices

Request Body schema: application/json
required

The devices to delete

account_name
string
Array of objects (proto.DeviceToDelete)

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "devices": [
    ]
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "browser": "string",
  • "browser_version": "string",
  • "certificate": [
    ],
  • "create_time": 0,
  • "data_source": 0,
  • "display_name": "string",
  • "eg_version": "string",
  • "is_managed": true,
  • "is_managed_verification_done": true,
  • "normalized_id": "string",
  • "os": "string",
  • "os_version": "string",
  • "platform_uuid": "string",
  • "posture": {
    },
  • "private_key_encrypted": "string",
  • "properties": {
    },
  • "public_key": "string",
  • "serial_number": "string",
  • "status": 0,
  • "tags": [
    ],
  • "time_id": {
    },
  • "update_time": 0,
  • "user_display_name": "string",
  • "user_uuid": "string",
  • "uuid": "string"
}

Register Device

Register a device

Request Body schema: application/json
required

Provide the device info and device posture

account_name
string
ca_cert
string
object (proto.Device)
device_uuid
string
encrypted_ca_key
string
object (proto.CertificateVerify)
object

Either time_id or device_uuid should be present. When using device_uuid, the request is authenticated via session_id_jwt_token.

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "ca_cert": "string",
  • "device": {
    },
  • "device_uuid": "string",
  • "encrypted_ca_key": "string",
  • "signature": {
    },
  • "time_id": {
    }
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "browser": "string",
  • "browser_version": "string",
  • "certificate": [
    ],
  • "create_time": 0,
  • "data_source": 0,
  • "display_name": "string",
  • "eg_version": "string",
  • "is_managed": true,
  • "is_managed_verification_done": true,
  • "normalized_id": "string",
  • "os": "string",
  • "os_version": "string",
  • "platform_uuid": "string",
  • "posture": {
    },
  • "private_key_encrypted": "string",
  • "properties": {
    },
  • "public_key": "string",
  • "serial_number": "string",
  • "status": 0,
  • "tags": [
    ],
  • "time_id": {
    },
  • "update_time": 0,
  • "user_display_name": "string",
  • "user_uuid": "string",
  • "uuid": "string"
}

Get the user's device

Get the user's device

path Parameters
uuid
required
string

The device uuid

Request Body schema: application/json
required

Provide the device uuid and user uuid

user_uuid
string
uuid
string

Responses

Request samples

Content type
application/json
{
  • "user_uuid": "string",
  • "uuid": "string"
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "browser": "string",
  • "browser_version": "string",
  • "certificate": [
    ],
  • "create_time": 0,
  • "data_source": 0,
  • "display_name": "string",
  • "eg_version": "string",
  • "is_managed": true,
  • "is_managed_verification_done": true,
  • "normalized_id": "string",
  • "os": "string",
  • "os_version": "string",
  • "platform_uuid": "string",
  • "posture": {
    },
  • "private_key_encrypted": "string",
  • "properties": {
    },
  • "public_key": "string",
  • "serial_number": "string",
  • "status": 0,
  • "tags": [
    ],
  • "time_id": {
    },
  • "update_time": 0,
  • "user_display_name": "string",
  • "user_uuid": "string",
  • "uuid": "string"
}

Get metadata for a file/folder

Get metadata for a file/folder

path Parameters
uuid
required
string

normalized doc uuid

Responses

Response samples

Content type
application/json
{
  • "ancestor_ids": [
    ],
  • "created_time": 0,
  • "datasource": "string",
  • "drive_id": "string",
  • "external_access": [
    ],
  • "file_extension": "string",
  • "file_size": 0,
  • "has_augmented_permissions": true,
  • "identity": {
    },
  • "is_sensitive": true,
  • "is_shared": true,
  • "is_shared_externally": true,
  • "owner": {
    },
  • "parent": {
    },
  • "type": 0,
  • "updated_time": 0,
  • "web_view_url": {
    }
}

Revoke Document Access for a file/folder

Revoke Document Access for a file/folder

path Parameters
uuid
required
string

normalized document uuid

Request Body schema: application/json
required

details of access to revoke

access_id
string
account_name
string
drive_id
string
normalized_document_uuid
string
owner_uuid
string

Responses

Request samples

Content type
application/json
{
  • "access_id": "string",
  • "account_name": "string",
  • "drive_id": "string",
  • "normalized_document_uuid": "string",
  • "owner_uuid": "string"
}

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Revoke all sharing for a file/folder (or just external sharing)

Revoke all sharing for a file/folder (or just external sharing)

path Parameters
uuid
required
string

normalized document uuid

Request Body schema: application/json
required

details of access to revoke

account_name
string
external_only
boolean

if true, only revoke external sharing

normalized_document_uuid
string
object_id
string
object_id_encrypted
string
owner_uuid
string
site_id
string

site_id and object_id are requried for O365

user_uuid
string

Required for getting document metadata from source

viewer_uuid
string

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "external_only": true,
  • "normalized_document_uuid": "string",
  • "object_id": "string",
  • "object_id_encrypted": "string",
  • "owner_uuid": "string",
  • "site_id": "string",
  • "user_uuid": "string",
  • "viewer_uuid": "string"
}

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Query Gateways

Query Gateways

Responses

Response samples

Content type
application/json
{
  • "gateways": [
    ]
}

Query Groups

Query Groups

query Parameters
status
string

comma separated status to match: INIT | ACTIVE | SUSPENDED

datasource
string

comma separated data source to match

Responses

Response samples

Content type
application/json
{
  • "groups": [
    ]
}

Get the group details.

Get the group details

path Parameters
uuid
required
string

The group uuid

Responses

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "create_time": 0,
  • "data_source": 0,
  • "description": "string",
  • "integration_id": "string",
  • "membership_update_time": 0,
  • "name": "string",
  • "profile_update_time": 0,
  • "status": 0,
  • "sub_group_count": 0,
  • "tags": [
    ],
  • "update_time": 0,
  • "user_count": 0,
  • "uuid": "string"
}

Update a group.

Update a group

path Parameters
uuid
required
string

The group uuid

Request Body schema: application/json
required

The Group objects with only new values filled in

account_name
string
create_time
integer
data_source
integer (proto.DataSource)
Enum: 0 1 2 3 11 12 13 101 102 103 104 201 202 301 401 402 403 9001 9002 9003 9004 10001 10002 10003 10004 10005 10006 10007 10008 10009
description
string
integration_id
string
membership_update_time
integer
name
string

User could potentially create a group, and then later we sync down an Okta group with the same name, therefore name is not guaranteed to be unique. It's possible to change the name of the group and maintain the user-group relationship.

profile_update_time
integer
status
integer (proto.EnumStatus)
Enum: 0 1 2 3 4
sub_group_count
integer
tags
Array of strings
update_time
integer
user_count
integer
uuid
string

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "create_time": 0,
  • "data_source": 0,
  • "description": "string",
  • "integration_id": "string",
  • "membership_update_time": 0,
  • "name": "string",
  • "profile_update_time": 0,
  • "status": 0,
  • "sub_group_count": 0,
  • "tags": [
    ],
  • "update_time": 0,
  • "user_count": 0,
  • "uuid": "string"
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "attributes_to_delete": [
    ],
  • "group": {
    },
  • "uuid": "string"
}

Add 3rd Party Integration

Add 3rd Party Integration like Okta, GSUITE etc for an account

Request Body schema: application/json
required

details of integration to create

account_name
string

optional

app_id
string

Used by GitHub integration

base_url
string

deprecated

object

optional

object (proto.IngestionCredentials)
data_source
integer
Enum: 0 1 2 3 11 12 13 101 102 103 104 201 202 301 401 402 403 9001 9002 9003 9004 10001 10002 10003 10004 10005 10006 10007 10008 10009

required

display_name
string

required

environment_id
string

environment_id is also used by some integrations like onelogin to generate endpoint URLs.

filter_domains
Array of strings

List of domains to use for filtering during ingestion. Only data associated with one of these domains will be ingested. If this list is empty no filtering will be performed. The details of the filtering logic is connector specific. Currently this is only used by AzureAD and MS365 connectors.

install_id
string

Used by GitHub integration

integration_org_name
string

For many 3rd party integrations, endpoint to fetch logs, resources and other metadata is fixed, e.g. for box, we fetch events from https://api.box.com.

However, for certain integration, we need customers' subdomains to ingest logs and other metadata, e.g. for Okta, subdomain looks like https://edgeguard.okta.com.

integration_org_name contains edgeguard in the above example.

interval_mins
integer

optional

ms365_cloud
integer
Enum: 0 1 2 3

If data_source is AZURE or OFFICE365, this defines the MS365 cloud variant.

shard_id
integer

optional -- customers/UI

validate_credentials
boolean

For unit-tests we won't be using real credentials, therefore we need this to skip credential verification

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "app_id": "string",
  • "base_url": "string",
  • "config": {
    },
  • "credentials": {
    },
  • "data_source": 0,
  • "display_name": "string",
  • "environment_id": "string",
  • "filter_domains": [
    ],
  • "install_id": "string",
  • "integration_org_name": "string",
  • "interval_mins": 0,
  • "ms365_cloud": 0,
  • "shard_id": 0,
  • "validate_credentials": true
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "added_by": "string",
  • "app_id": "string",
  • "base_url": "string",
  • "create_time": 0,
  • "credentials": {
    },
  • "data_source": 0,
  • "display_name": "string",
  • "encrypted_credentials": "string",
  • "environment_id": "string",
  • "filter_domains": [
    ],
  • "ingestion_stream_ids": [
    ],
  • "install_id": "string",
  • "integration_org_name": "string",
  • "last_modified_by": "string",
  • "ms365_cloud": 0,
  • "shard_id": 0,
  • "update_time": 0,
  • "uuid": "string"
}

Query Integrations added for an account

Query Integrations added for an account

query Parameters
data_source
integer
Enum: 0 1 2 3 11 12 13 101 102 103 104 201 202 301 401 402 403 9001 9002 9003 9004 10001 10002 10003 10004 10005 10006 10007 10008 10009

data source to match

Responses

Response samples

Content type
application/json
{
  • "integrations": [
    ]
}

Delete specified integration

Delete specified integration

path Parameters
uuid
required
string

uuid of integration to delete

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Update integration.

Update integration

path Parameters
uuid
required
string

integration uuid

Request Body schema: application/json
required

details of integration to update

account_name
string

optional

object (proto.IngestionCredentials)
filter_domains
Array of strings

List of domains to use for filtering during ingestion. Only data associated with one of these domains will be ingested. If this list is empty no filtering will be performed. The details of the filtering logic is connector specific. Currently this is only used by AzureAD and MS365 connectors.

uuid
string

required

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "credentials": {
    },
  • "filter_domains": [
    ],
  • "uuid": "string"
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "added_by": "string",
  • "app_id": "string",
  • "base_url": "string",
  • "create_time": 0,
  • "credentials": {
    },
  • "data_source": 0,
  • "display_name": "string",
  • "encrypted_credentials": "string",
  • "environment_id": "string",
  • "filter_domains": [
    ],
  • "ingestion_stream_ids": [
    ],
  • "install_id": "string",
  • "integration_org_name": "string",
  • "last_modified_by": "string",
  • "ms365_cloud": 0,
  • "shard_id": 0,
  • "update_time": 0,
  • "uuid": "string"
}

Query Integrations Supported by Lacework Edge

Query Integrations supported by Lacework Edge (e.g. Okta, Salesforce etc)

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Validate integration credentials

Check if integration credentials can be used to access logs and files/folder/permissions

Request Body schema: application/json
required

integration validation request

account_name
string
uuid
string

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "uuid": "string"
}

Response samples

Content type
application/json
{
  • "error_message": "string",
  • "status": "string"
}

Login

Triggers SAML login and gets the JWT token

query Parameters
account
required
string

Account Name

redirect
string

Redirect URL

Responses

Response samples

Content type
application/json
{
  • "account_location": "string",
  • "account_name": "string",
  • "account_shard": "string",
  • "account_uuid": "string",
  • "backend_shard": "string",
  • "client_ip": "string",
  • "create_time": 0,
  • "device_uuid": "string",
  • "end_time": 0,
  • "expire_start_time": 0,
  • "expire_time_sec": 0,
  • "generation_id": 0,
  • "geo_location": "string",
  • "login_type": 0,
  • "status": 0,
  • "tags": [
    ],
  • "time_id_token": "string",
  • "token": "string",
  • "ttl_sec": 0,
  • "update_time": 0,
  • "user_role": 0,
  • "user_uuid": "string",
  • "uuid": "string",
  • "view_pii_log_only": true
}

Logout

Log out the user and invalidates the session

query Parameters
redirect
string

Redirect URL

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Get account onboarding info.

Get account onboarding info

Responses

Response samples

Content type
application/json
{
  • "completed_steps": [
    ],
  • "eula_signed": true,
  • "eula_signing_ip": "string",
  • "eula_signing_time": 0,
  • "eula_signing_user": "string",
  • "eula_signing_user_display_name": "string",
  • "eula_version": "string"
}

Update account onboarding info.

Update account onboarding info

Request Body schema: application/json
required

The onboarding update request with only new values filled in

account_name
string
object (proto.AccountOnboarding)

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "onboarding": {
    }
}

Response samples

Content type
application/json
{
  • "completed_steps": [
    ],
  • "eula_signed": true,
  • "eula_signing_ip": "string",
  • "eula_signing_time": 0,
  • "eula_signing_user": "string",
  • "eula_signing_user_display_name": "string",
  • "eula_version": "string"
}

Query policies

Query policies that match specified conditions

query Parameters
appid
required
string

get the policies that apply to this app id

userid
required
string

get the policies that apply to this user id

resolveDisplayNames
required
string

whether or not to resolve display names

Responses

Response samples

Content type
application/json
{
  • "policies": [
    ]
}

Create a Policy

Create a Policy

Request Body schema: application/json
required

The policy to be created

account_name
string

The name of the account.

action
integer
Enum: 0 1 2 3 4 101 102 103 201 202 300 301 310 399 400 500

If a situation match all the conditions, trigger the action. e.g. [high_value_user, incompliant_device] -> block

allow_guest_access
boolean
object (proto.Filter)
object
data_source
integer
Enum: 0 1 2 3 11 12 13 101 102 103 104 201 202 301 401 402 403 9001 9002 9003 9004 10001 10002 10003 10004 10005 10006 10007 10008 10009

If unspecified, data_source = LOCAL

description
string
integration_id
string

integration_id is empty for LOCAL policies

metadata
string

Optional (internal use only): Metadata that can be interpreted by a policy.

object (proto.PolicyMitmSettings)
name
string

The name of the policy. This is for display only.

priority
integer

Only relevant for routing policies, used to break ties. Smaller number indicates higher priority.

object

Filters select sessions and resources. The policy applies only if both filters match.

status
integer (proto.EnumStatus)
Enum: 0 1 2 3 4
type
integer (proto.PolicyType)
Enum: 0 1 2 3 4
workflow_name
string

The name of workflow. Only needed if action is RUN_WORKFLOW and workflow_uuid isn't provided. We will lookup the workflow by name, and only create the policy if there is one workflow with the matching name.

workflow_uuid
string

The workflow to be executed when the policy is triggered. Only needed if action is RUN_WORKFLOW or RUN_APP_SPECIFIC_WORKFLOW.

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "action": 0,
  • "allow_guest_access": true,
  • "app_filter": {
    },
  • "constraints": {
    },
  • "data_source": 0,
  • "description": "string",
  • "integration_id": "string",
  • "metadata": "string",
  • "mitm_settings": {
    },
  • "name": "string",
  • "priority": 0,
  • "session_filter": {
    },
  • "status": 0,
  • "type": 0,
  • "workflow_name": "string",
  • "workflow_uuid": "string"
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "action": 0,
  • "allow_guest_access": true,
  • "app_filter": {
    },
  • "constraints": {
    },
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "data_source": 0,
  • "description": "string",
  • "filter_selector_display_names": {
    },
  • "integration_id": "string",
  • "metadata": "string",
  • "mitm_settings": {
    },
  • "name": "string",
  • "parent_app_control_policy_uuid": "string",
  • "policy_event_type": 0,
  • "priority": 0,
  • "session_filter": {
    },
  • "status": 0,
  • "type": 0,
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string",
  • "workflow_uuid": "string"
}

Delete the policy details.

Delete the policy details

path Parameters
uuid
required
string

The policy uuid

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Get the policy details.

Get the policy details

path Parameters
uuid
required
string

The policy uuid

Responses

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "action": 0,
  • "allow_guest_access": true,
  • "app_filter": {
    },
  • "constraints": {
    },
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "data_source": 0,
  • "description": "string",
  • "filter_selector_display_names": {
    },
  • "integration_id": "string",
  • "metadata": "string",
  • "mitm_settings": {
    },
  • "name": "string",
  • "parent_app_control_policy_uuid": "string",
  • "policy_event_type": 0,
  • "priority": 0,
  • "session_filter": {
    },
  • "status": 0,
  • "type": 0,
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string",
  • "workflow_uuid": "string"
}

Update a policy.

Update a policy

path Parameters
uuid
required
string

The policy uuid

Request Body schema: application/json
required

The policy update request with only new values of the policy filled in

account_name
string
attributes_to_delete
Array of strings

Attributes to be deleted.

expected_update_time
integer
object

Only fields to be updated are filled in.

uuid
string

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "attributes_to_delete": [
    ],
  • "expected_update_time": 0,
  • "policy": {
    },
  • "uuid": "string"
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "action": 0,
  • "allow_guest_access": true,
  • "app_filter": {
    },
  • "constraints": {
    },
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "data_source": 0,
  • "description": "string",
  • "filter_selector_display_names": {
    },
  • "integration_id": "string",
  • "metadata": "string",
  • "mitm_settings": {
    },
  • "name": "string",
  • "parent_app_control_policy_uuid": "string",
  • "policy_event_type": 0,
  • "priority": 0,
  • "session_filter": {
    },
  • "status": 0,
  • "type": 0,
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string",
  • "workflow_uuid": "string"
}

Query posture attributes for an account

Query posture attributes for an account

Responses

Response samples

Content type
application/json
{
  • "posture_attributes": [
    ]
}

Add posture attribute

Add posture attribute

Request Body schema: application/json
required

details of posture attribute

account_name
string
attribute_type
integer (proto.PostureAttributeType)
Enum: 0 1 2 3 4 5
description
string
name
string
Array of objects (proto.PostureProcess)
supported_platforms
Array of integers (proto.PosturePlatform)
Items Enum: 0 1 2 3

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "attribute_type": 0,
  • "description": "string",
  • "name": "string",
  • "required_processes": [
    ],
  • "supported_platforms": [
    ]
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "attribute_type": 0,
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "description": "string",
  • "name": "string",
  • "required_processes": [
    ],
  • "supported_platforms": [
    ],
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string"
}

Delete specified posture attribute

Delete specified posture attribute

path Parameters
uuid
required
string

uuid of posture attribute to delete

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Get posture attribute for an account based on uuid

Get posture attribute for an account based on uuid

Responses

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "attribute_type": 0,
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "description": "string",
  • "name": "string",
  • "required_processes": [
    ],
  • "supported_platforms": [
    ],
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string"
}

Update posture attribute

Update posture attribute

path Parameters
uuid
required
string

posture attribute uuid

Request Body schema: application/json
required

details of posture attribute to update

account_name
string
attributes_to_delete
Array of strings
description
string
name
string
Array of objects (proto.PostureProcess)
supported_platforms
Array of integers (proto.PosturePlatform)
Items Enum: 0 1 2 3
uuid
string

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "attributes_to_delete": [
    ],
  • "description": "string",
  • "name": "string",
  • "required_processes": [
    ],
  • "supported_platforms": [
    ],
  • "uuid": "string"
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "attribute_type": 0,
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "description": "string",
  • "name": "string",
  • "required_processes": [
    ],
  • "supported_platforms": [
    ],
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string"
}

Query posture profiles for an account

Query posture profiles for an account

Responses

Response samples

Content type
application/json
{
  • "posture_profiles": [
    ]
}

Add posture profile

Add posture profile

Request Body schema: application/json
required

details of posture profile

account_name
string
attribute_uuids
Array of strings
description
string
name
string
platform
integer (proto.PosturePlatform)
Enum: 0 1 2 3
posture_tag_value
string

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "attribute_uuids": [
    ],
  • "description": "string",
  • "name": "string",
  • "platform": 0,
  • "posture_tag_value": "string"
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "attribute_uuids": [
    ],
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "description": "string",
  • "name": "string",
  • "platform": 0,
  • "posture_tag_value": "string",
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string"
}

Delete specified posture profile

Delete specified posture profile

path Parameters
uuid
required
string

uuid of posture profile to delete

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Get posture profile for an account based on uuid

Get posture profile for an account based on uuid

Responses

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "attribute_uuids": [
    ],
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "description": "string",
  • "name": "string",
  • "platform": 0,
  • "posture_tag_value": "string",
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string"
}

Update posture profile

Update posture profile

path Parameters
uuid
required
string

posture profile uuid

Request Body schema: application/json
required

details of posture profile to update

account_name
string
attribute_uuids
Array of strings
attributes_to_delete
Array of strings
description
string
name
string
posture_tag_value
string
uuid
string

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "attribute_uuids": [
    ],
  • "attributes_to_delete": [
    ],
  • "description": "string",
  • "name": "string",
  • "posture_tag_value": "string",
  • "uuid": "string"
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "attribute_uuids": [
    ],
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "description": "string",
  • "name": "string",
  • "platform": 0,
  • "posture_tag_value": "string",
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string"
}

Query a QS View

Query a QS View

path Parameters
view
required
string

QueryService view name

query Parameters
start_time
required
string

Start time in milli-seconds

end_time
required
string

End time in milli-seconds

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Describe a QS view (respond in a transformed format)

Query a QS View

path Parameters
view
required
string

QueryService view name

query Parameters
format
required
string

Response format

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Query Support Tickets

Query Support Tickets

Responses

Response samples

Content type
application/json
{
  • "users": [
    ]
}

Create Temporary Access Token

Create a temporary access token for viewing a user's log.

Request Body schema: application/json
required

Provide the account name and user_uuid to create the access token for.

account_name
string
ttl_sec
integer

Time to live in seconds.

user_uuid
string

The user whose pii is to be viewed.

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "ttl_sec": 0,
  • "user_uuid": "string"
}

Response samples

Content type
application/json
{
  • "account_location": "string",
  • "account_name": "string",
  • "account_shard": "string",
  • "account_uuid": "string",
  • "algo": "string",
  • "backend_shard": "string",
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_role": 0,
  • "creator_uuid": "string",
  • "description": "string",
  • "expire_time_sec": 0,
  • "login_url": "string",
  • "name": "string",
  • "secret": "string",
  • "status": 0,
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string",
  • "view_pii_log_only": true
}

Create TimeId

Create a TimeId

Responses

Response samples

Content type
application/json
{
  • "create_time": 0,
  • "end_time": 0,
  • "salt": "string",
  • "signature": [
    ],
  • "version": "string"
}

TokenLogin

Triggers login using a provided API token and gets the JWT token

query Parameters
account
required
string

Account Name

redirect
string

Redirect URL

Responses

Response samples

Content type
application/json
{
  • "account_location": "string",
  • "account_name": "string",
  • "account_shard": "string",
  • "account_uuid": "string",
  • "backend_shard": "string",
  • "client_ip": "string",
  • "create_time": 0,
  • "device_uuid": "string",
  • "end_time": 0,
  • "expire_start_time": 0,
  • "expire_time_sec": 0,
  • "generation_id": 0,
  • "geo_location": "string",
  • "login_type": 0,
  • "status": 0,
  • "tags": [
    ],
  • "time_id_token": "string",
  • "token": "string",
  • "ttl_sec": 0,
  • "update_time": 0,
  • "user_role": 0,
  • "user_uuid": "string",
  • "uuid": "string",
  • "view_pii_log_only": true
}

Query Tokens

Query all tokens for the given account

query Parameters
get_all
boolean

return all tokens (active and suspended) or just active

Responses

Response samples

Content type
application/json
{
  • "tokens": [
    ]
}

Create Token

Create an API access token

Request Body schema: application/json
required

Provide the account name to create the access token for.

account_name
string

Tokens can only be created in the same account as the creator. Account_name must be either "", or else match the session's account

description
string
name
string
role
integer
Enum: 0 10 1 12 2 3 14 15 16 4 5

optional, if not provided the token will have the creator's role.

status
integer
Enum: 0 1 2 3 4

optional, defaults to ACTIVE

ttl_sec
integer

If ttl_sec > 0, then it is assumed to be a temp token and it can only be used once.

user_uuid
string

optional, use the current user if not provided.

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "description": "string",
  • "name": "string",
  • "role": 0,
  • "status": 0,
  • "ttl_sec": 0,
  • "user_uuid": "string"
}

Response samples

Content type
application/json
{
  • "account_location": "string",
  • "account_name": "string",
  • "account_shard": "string",
  • "account_uuid": "string",
  • "algo": "string",
  • "backend_shard": "string",
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_role": 0,
  • "creator_uuid": "string",
  • "description": "string",
  • "expire_time_sec": 0,
  • "login_url": "string",
  • "name": "string",
  • "secret": "string",
  • "status": 0,
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string",
  • "view_pii_log_only": true
}

Delete a token.

Delete a token.

path Parameters
uuid
required
string

uuid of token to delete

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Update a token.

Update a token.

path Parameters
uuid
required
string

The access uuid

Request Body schema: application/json
required

The token update request with only new values filled in

account_name
string
attributes_to_delete
Array of strings

Attributes to delete, or set to their default value

description
string

optional - new description for the token.

name
string

optional - new name for the token.

role
integer
Enum: 0 10 1 12 2 3 14 15 16 4 5

optional, new role for the token, but can't exceed the caller's role.

status
integer
Enum: 0 1 2 3 4

optional, new status for the token.

uuid
string

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "attributes_to_delete": [
    ],
  • "description": "string",
  • "name": "string",
  • "role": 0,
  • "status": 0,
  • "uuid": "string"
}

Response samples

Content type
application/json
{
  • "account_location": "string",
  • "account_name": "string",
  • "account_shard": "string",
  • "account_uuid": "string",
  • "algo": "string",
  • "backend_shard": "string",
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_role": 0,
  • "creator_uuid": "string",
  • "description": "string",
  • "expire_time_sec": 0,
  • "login_url": "string",
  • "name": "string",
  • "secret": "string",
  • "status": 0,
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string",
  • "view_pii_log_only": true
}

Query Users

Query Users

query Parameters
tag
string

comma separated tags to search for

status
string

comma separated status to match: INIT | ACTIVE | SUSPENDED

datasource
string

comma separated data source to match

Responses

Response samples

Content type
application/json
{
  • "users": [
    ]
}

Create a user.

Create a new user.

Request Body schema: application/json
required

details of user to create

account_name
string
send_invitation
boolean
object (proto.User)
object (proto.UserPii)

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "send_invitation": true,
  • "user": {
    },
  • "user_pii": {
    }
}

Response samples

Content type
application/json
{
  • "user": {
    },
  • "user_pii": {
    }
}

Get the user details.

Get the user details

path Parameters
uuid
required
string

The user uuid

Responses

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "create_time": 0,
  • "data_source": 0,
  • "display_name": "string",
  • "idp_mfa_status": 0,
  • "integration_id": "string",
  • "integration_to_source_user_id": {
    },
  • "location": "string",
  • "mfa_encrypted_secret": "string",
  • "mfa_status": 0,
  • "record_update_time": 0,
  • "role": 0,
  • "source_user_id": "string",
  • "status": 0,
  • "tags": [
    ],
  • "update_time": 0,
  • "uuid": "string"
}

Update a user.

Update a user

path Parameters
uuid
required
string

The user uuid

Request Body schema: application/json
required

The user update request with only new values of the user filled in

account_name
string
attributes_to_delete
Array of strings
record_update_time
integer

deprecated, don't use

object

Provides the new values for attributes to be updated.

uuid
string

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "attributes_to_delete": [
    ],
  • "record_update_time": 0,
  • "user": {
    },
  • "uuid": "string"
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "create_time": 0,
  • "data_source": 0,
  • "display_name": "string",
  • "idp_mfa_status": 0,
  • "integration_id": "string",
  • "integration_to_source_user_id": {
    },
  • "location": "string",
  • "mfa_encrypted_secret": "string",
  • "mfa_status": 0,
  • "record_update_time": 0,
  • "role": 0,
  • "source_user_id": "string",
  • "status": 0,
  • "tags": [
    ],
  • "update_time": 0,
  • "uuid": "string"
}

Get the user's devices

Get the user's devices

path Parameters
uuid
required
string

The user uuid

Responses

Response samples

Content type
application/json
{
  • "continuation_token": "string",
  • "devices": [
    ]
}

Delete mfa provider for a user

Delete mfa provider for a user

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Provision mfa provider for a user

Provision mfa provider for a user

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Get the user PII info.

Get the user PII details.

path Parameters
uuid
required
string

The user uuid

Responses

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "email": "string",
  • "login": "string",
  • "phone": "string",
  • "uuid": "string"
}

Add tags to a user.

Add tags a user

path Parameters
uuid
required
string

The user uuid

Request Body schema: application/json
required

The tags to add

account_name
string
tags
Array of strings
ttl_sec
integer
update_existing
boolean

Update timestamps of any tags that already exist.

uuid
string

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "tags": [
    ],
  • "ttl_sec": 0,
  • "update_existing": true,
  • "uuid": "string"
}

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Delete tags to a user.

Delete tags a user

path Parameters
uuid
required
string

The user uuid

tag
required
string

The tag to delete

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Query WorkflowRuns

Query WorkflowRuns

query Parameters
status
string
Enum: "CREATED" "PENDING" "SUCCESS" "FAILURE" "UNSURE"

status to filter by

workflow_uuid
string

workflow uuid to filter by

user_uuid
string

user uuid to filter by

app_protocol
string

filter for workflow runs for this app protocol

app_host
string

filter for workflow runs for this app host

app_port
string

filter for workflow runs for this app port

app_uuid
string

filter for workflow runs for this app uuid

Responses

Response samples

Content type
application/json
{
  • "workflow_runs": [
    ]
}

Create workflow run

Create a workflow run, which needs to be approved for the user to gain access to resources.

Request Body schema: application/json
required

WorkflowRun to create

account_name
string
execute_now
boolean
parent_workflow_run_uuid
string

Optional, passed in only if this run is triggered by another workflow.

object

Details about what triggered this run is passed in here. Only the fields relevant to the specific workflow run instance are needed. Uuid, timestamps, status are generated.

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "execute_now": true,
  • "parent_workflow_run_uuid": "string",
  • "workflow_run": {
    }
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "actions": [
    ],
  • "answer_index": "string",
  • "answers": [
    ],
  • "app_host": "string",
  • "app_port": 0,
  • "app_protocol": "string",
  • "app_url": "string",
  • "app_uuid": "string",
  • "approval_ttl_sec": 0,
  • "approver_display_name": "string",
  • "approver_justification": "string",
  • "approver_text": "string",
  • "approver_uuid": "string",
  • "can_user_approve": true,
  • "client_geoip_location": {
    },
  • "client_ip": "string",
  • "create_time": 0,
  • "details": {
    },
  • "device_details": [
    ],
  • "device_uuid": "string",
  • "execution_ttl_sec": 0,
  • "expire_time_sec": 0,
  • "geoip_details": [
    ],
  • "justification": "string",
  • "justification_required": true,
  • "mfa_details": {
    },
  • "parent_uuid": "string",
  • "policy_uuid": "string",
  • "recipients": [
    ],
  • "requestor_justification": "string",
  • "requestor_justification_required": true,
  • "requestor_text": "string",
  • "session_uuid": "string",
  • "status": 0,
  • "tags": [
    ],
  • "text": "string",
  • "token": 0,
  • "token_required": true,
  • "top_uuid": "string",
  • "update_time": 0,
  • "user_display_name": "string",
  • "user_uuid": "string",
  • "uuid": "string",
  • "webapp": "string",
  • "workflow_name": "string",
  • "workflow_uuid": "string"
}

Delete a workflow run.

Delete a workflow run

path Parameters
uuid
required
string

The workflow run uuid

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Get the workflow run details.

Get the workflow run details

path Parameters
uuid
required
string

The workflow run uuid

Responses

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "actions": [
    ],
  • "answer_index": "string",
  • "answers": [
    ],
  • "app_host": "string",
  • "app_port": 0,
  • "app_protocol": "string",
  • "app_url": "string",
  • "app_uuid": "string",
  • "approval_ttl_sec": 0,
  • "approver_display_name": "string",
  • "approver_justification": "string",
  • "approver_text": "string",
  • "approver_uuid": "string",
  • "can_user_approve": true,
  • "client_geoip_location": {
    },
  • "client_ip": "string",
  • "create_time": 0,
  • "details": {
    },
  • "device_details": [
    ],
  • "device_uuid": "string",
  • "execution_ttl_sec": 0,
  • "expire_time_sec": 0,
  • "geoip_details": [
    ],
  • "justification": "string",
  • "justification_required": true,
  • "mfa_details": {
    },
  • "parent_uuid": "string",
  • "policy_uuid": "string",
  • "recipients": [
    ],
  • "requestor_justification": "string",
  • "requestor_justification_required": true,
  • "requestor_text": "string",
  • "session_uuid": "string",
  • "status": 0,
  • "tags": [
    ],
  • "text": "string",
  • "token": 0,
  • "token_required": true,
  • "top_uuid": "string",
  • "update_time": 0,
  • "user_display_name": "string",
  • "user_uuid": "string",
  • "uuid": "string",
  • "webapp": "string",
  • "workflow_name": "string",
  • "workflow_uuid": "string"
}

Answer the Workflow Run

Provide an answer and trigger the matching actions.

path Parameters
uuid
required
string

The workflow run uuid

Request Body schema: application/json
required

Answer and justification for the workflow run

account_name
string
answer_index
string
justification
string
mfa_passcode
string
token
integer
uuid
string

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "answer_index": "string",
  • "justification": "string",
  • "mfa_passcode": "string",
  • "token": 0,
  • "uuid": "string"
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "actions": [
    ],
  • "answer_index": "string",
  • "answers": [
    ],
  • "app_host": "string",
  • "app_port": 0,
  • "app_protocol": "string",
  • "app_url": "string",
  • "app_uuid": "string",
  • "approval_ttl_sec": 0,
  • "approver_display_name": "string",
  • "approver_justification": "string",
  • "approver_text": "string",
  • "approver_uuid": "string",
  • "can_user_approve": true,
  • "client_geoip_location": {
    },
  • "client_ip": "string",
  • "create_time": 0,
  • "details": {
    },
  • "device_details": [
    ],
  • "device_uuid": "string",
  • "execution_ttl_sec": 0,
  • "expire_time_sec": 0,
  • "geoip_details": [
    ],
  • "justification": "string",
  • "justification_required": true,
  • "mfa_details": {
    },
  • "parent_uuid": "string",
  • "policy_uuid": "string",
  • "recipients": [
    ],
  • "requestor_justification": "string",
  • "requestor_justification_required": true,
  • "requestor_text": "string",
  • "session_uuid": "string",
  • "status": 0,
  • "tags": [
    ],
  • "text": "string",
  • "token": 0,
  • "token_required": true,
  • "top_uuid": "string",
  • "update_time": 0,
  • "user_display_name": "string",
  • "user_uuid": "string",
  • "uuid": "string",
  • "webapp": "string",
  • "workflow_name": "string",
  • "workflow_uuid": "string"
}

Execute the Workflow Run

Start the execution of a workflow run. Returns the workflow run details.

path Parameters
uuid
required
string

The workflow run uuid

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Issue MFA for the workflow run

Issue MFA for the workflow run.

path Parameters
uuid
required
string

The workflow run uuid

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Query Workflows

Query workflows

Responses

Response samples

Content type
application/json
{
  • "workflows": [
    ]
}

Create a Workflow

Create a Workflow

Request Body schema: application/json
required

The workflow to be created

account_name
string
Array of objects (proto.WorkflowAction)

The action of the workflow. Default is Notify.

Array of objects (proto.AnswerActions)

Map of the answer text to the workflow outcome. Default is: Approve: SUCCESS Deny: FAILURE Unsure: UNSURE The Answer text will be rendered in a context aware way. For instance, in an email, or on EG UI, each answer is rendered as a button. On slack, it will be prompted as a option for user response.

approval_ttl_sec
integer

Seconds for which the approval for the workflow is valid. -1 if no limit. If 0 is passed in, we use a default of 1 day.

approver_text_template
string
default_answer_index
string

The default answer when a user responds with a token but no answer.

description
string
execution_ttl_sec
integer

Seconds within which the workflow must be completed. -1 if no limit. If 0 is passed in, we use a default of 10 min.

justification_required
boolean
name
string

Display name of the workflow.

recipients
Array of strings

Anyone on the list can approve the workflow. Each entry is a tag of user/group/role type.

requestor_justification_required
boolean
requestor_text_template
string
text_template
string

When we render the workflow, we would have a pre-defined way of rendering the 5W, as well as using the following text template to render a paragraph. The template is mustache format, with html allowed. The following will be replaced with real value. The general rule is that the variables are replaced with value from the WorkflowRun, with the exception of xxx_name is replaced with the name of the entity. Time or ttl fields are rendered into a string with the right format, e.g. 2 days, 3 hours, etc. {{{user_uuid}}} - replaced with workflowRun.user_uuid {{{user_name}}} - replaced with user name for the above. {{{app_name}}} - replaced with app name for the app_uuid. Each entry in workflowRun.details is available as {{{key}}}, where key is the key in the details map, and it is replaced with the value. ... Deprecated to distinguish between requestor and approver text templates

Deprecated: Do not use.

title
string

Workflow title that will be shown to the user

token_required
boolean
uuid
string

optional - do not provide unless you know what you are doing

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "actions": [
    ],
  • "answers": [
    ],
  • "approval_ttl_sec": 0,
  • "approver_text_template": "string",
  • "default_answer_index": "string",
  • "description": "string",
  • "execution_ttl_sec": 0,
  • "justification_required": true,
  • "name": "string",
  • "recipients": [
    ],
  • "requestor_justification_required": true,
  • "requestor_text_template": "string",
  • "text_template": "string",
  • "title": "string",
  • "token_required": true,
  • "uuid": "string"
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "actions": [
    ],
  • "answers": [
    ],
  • "approval_ttl_sec": 0,
  • "approver_text_template": "string",
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "default_answer_index": "string",
  • "description": "string",
  • "execution_ttl_sec": 0,
  • "justification_required": true,
  • "name": "string",
  • "recipient_display_names": {
    },
  • "recipients": [
    ],
  • "requestor_justification_required": true,
  • "requestor_text_template": "string",
  • "status": 0,
  • "text_template": "string",
  • "title": "string",
  • "token_required": true,
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string"
}

Delete a workflow.

Delete a workflow

path Parameters
uuid
required
string

The workflow uuid

Responses

Response samples

Content type
application/json
{
  • "message": "detailed error message"
}

Get the workflow details.

Get the workflow details

path Parameters
uuid
required
string

The workflow uuid

Responses

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "actions": [
    ],
  • "answers": [
    ],
  • "approval_ttl_sec": 0,
  • "approver_text_template": "string",
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "default_answer_index": "string",
  • "description": "string",
  • "execution_ttl_sec": 0,
  • "justification_required": true,
  • "name": "string",
  • "recipient_display_names": {
    },
  • "recipients": [
    ],
  • "requestor_justification_required": true,
  • "requestor_text_template": "string",
  • "status": 0,
  • "text_template": "string",
  • "title": "string",
  • "token_required": true,
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string"
}

Update a workflow.

Update a workflow

path Parameters
uuid
required
string

The workflow uuid

Request Body schema: application/json
required

The workflow update request with only new values filled in

account_name
string
Array of objects (proto.WorkflowAction)

The action of the workflow. Default is Notify.

Array of objects (proto.AnswerActions)

Map of the answer text to the workflow outcome. Default is: Approve: SUCCESS Deny: FAILURE Unsure: UNSURE The Answer text will be rendered in a context aware way. For instance, in an email, or on EG UI, each answer is rendered as a button. On slack, it will be prompted as a option for user response.

approval_ttl_sec
integer

Seconds for which the approval for the workflow is valid. -1 if no limit. If 0 is passed in, we use a default of 1 day.

approver_text_template
string
attributes_to_delete
Array of strings

Name of workflow attributes to delete

default_answer_index
string

The default answer when a user responds with a token but no answer.

description
string
execution_ttl_sec
integer

Seconds within which the workflow must be completed. -1 if no limit. If 0 is passed in, we use a default of 10 min.

justification_required
boolean
name
string

Display name of the workflow.

recipients
Array of strings
requestor_justification_required
boolean
requestor_text_template
string
status
integer (proto.EnumStatus)
Enum: 0 1 2 3 4
text_template
string

When we render the workflow, we would have a pre-defined way of rendering the 5W, as well as using the following text template to render a paragraph. The template is mustache format, with html allowed. The following will be replaced with real value. The general rule is that the variables are replaced with value from the WorkflowRun, with the exception of xxx_name is replaced with the name of the entity. Time or ttl fields are rendered into a string with the right format, e.g. 2 days, 3 hours, etc. {{{user_uuid}}} - replaced with workflowRun.user_uuid {{{user_name}}} - replaced with user name for the above. {{{app_name}}} - replaced with app name for the app_uuid. Each entry in workflowRun.details is available as {{{key}}}, where key is the key in the details map, and it is replaced with the value. ... Deprecated to distinguish between requestor and approver text templates

Deprecated: Do not use.

title
string

Workflow title that will be shown to the user

token_required
boolean
uuid
string

Responses

Request samples

Content type
application/json
{
  • "account_name": "string",
  • "actions": [
    ],
  • "answers": [
    ],
  • "approval_ttl_sec": 0,
  • "approver_text_template": "string",
  • "attributes_to_delete": [
    ],
  • "default_answer_index": "string",
  • "description": "string",
  • "execution_ttl_sec": 0,
  • "justification_required": true,
  • "name": "string",
  • "recipients": [
    ],
  • "requestor_justification_required": true,
  • "requestor_text_template": "string",
  • "status": 0,
  • "text_template": "string",
  • "title": "string",
  • "token_required": true,
  • "uuid": "string"
}

Response samples

Content type
application/json
{
  • "account_name": "string",
  • "actions": [
    ],
  • "answers": [
    ],
  • "approval_ttl_sec": 0,
  • "approver_text_template": "string",
  • "create_time": 0,
  • "creator_display_name": "string",
  • "creator_uuid": "string",
  • "default_answer_index": "string",
  • "description": "string",
  • "execution_ttl_sec": 0,
  • "justification_required": true,
  • "name": "string",
  • "recipient_display_names": {
    },
  • "recipients": [
    ],
  • "requestor_justification_required": true,
  • "requestor_text_template": "string",
  • "status": 0,
  • "text_template": "string",
  • "title": "string",
  • "token_required": true,
  • "update_time": 0,
  • "updater_display_name": "string",
  • "updater_uuid": "string",
  • "uuid": "string"
}