Using Controller API
The following sections provide usage examples for the various APIs defined in the Controller API:
For usage examples of the Config API, see Configuring Controller API.
Tenant API Usage Examples
The following are usage examples for the Tenant API:
Usage Example 1 - Creating a Tenant
POST: /api/v2/controller/tenants Content-Type: application/json' Accept: application/json' Body: { "tenant": { "name": "COKE", "lsysName": "root-logical-system", "vrfName": "coke" } }
Usage Example 2 - Retrieving a Tenant
GET: /api/v2/controller/tenants/"6802b803-a20a-42a1-aab2-69b21c5c9f21" Accept: application/json output: { "tenant": { "updateTs": 0, "name": "COKE", "uri": "/api/v2/controller/tenants/6802b803-a20a-42a1-aab2-69b21c5c9f21", "vrfName": "coke", "lsysName": "root-logical-system", "id": "6802b803-a20a-42a1-aab2-69b21c5c9f21" } }
Usage Example 3 - Updating a Tenant
PUT: /api/v2/controller/tenants/"6802b803-a20a-42a1-aab2-69b21c5c9f21" Accept: application/json Content-Type: application/json Body: { "tenant": { "updateTs": 0, "name": "COKE", "uri": "/api/v2/controller/tenants/6802b803-a20a-42a1-aab2-69b21c5c9f21", "vrfName": "coke-soda", "lsysName": "root-logical-system", "id": "6802b803-a20a-42a1-aab2-69b21c5c9f21" } } Output: { "tenant": { "vrfName": "coke-soda", "name": "COKE", "uri": "/api/v2/controller/tenants/6802b803-a20a-42a1-aab2-69b21c5c9f21", "updateTs": 0, "lsysName": "root-logical-system", "id": "6802b803-a20a-42a1-aab2-69b21c5c9f21" } }
Usage Example 4 - Deleting a Tenant
DELETE: /api/v2/controller/tenants/6802b803-a20a-42a1-aab2-69b21c5c9f21
Site API Usage Examples
The following are usage examples for the Site API:
APIs must include the authorization header based on the RestFul API user created through the Configuring Controller API.
Usage Example 1 - Creating a site
POST <context>/api/v2/controller/sites Content-Type: application/json STATUS: 200 { "site": { "name": "stie_179", "domain": "Global", "description": "", "tenantId":"6802b803-a20a-42a1-aab2-69b21c5c9f21" "feedSourceId": "", "members": [ { "deviceInfo": { "perimeterDevice": true, }, "id": "29", "type": "DEVICE" }, { "deviceInfo": { "perimeterDevice": true, }, "id": "27", "type": "DEVICE" } ] } }
where:
feedSourceId
is the Juniper ATP Cloud realm and its value isNULL
during the POST operation. When a site is associated to realms, you can update the site withfeedSourceId
.
Usage Example 2 - Retrieving a site
GET <context>/api/v2/controller/sites/{siteId} Content-Type: application/json STATUS: 200 { "site": { "description": "", "domain": "SD domain name", "tenantId":"6802b803-a20a-42a1-aab2-69b21c5c9f21" "feedSourceId": "277540f6-e640-4306-b5fc-8be6c978ecc0", "id": "535aad4d-2525-4fb8-9551-bb3d56cff48e", "members": [ { "deviceInfo": { "cluster": false, "description": null, "emsSdId": "262181", "enrollStatus": null, "feedSourceConfigStatus": "SET_SUCCESS", "initStatus": "SUCCESS", "ip": "10.92.83.217", "model": "srx550m", "name": "un-srx550m-02", "perimeterDevice": true, "serialNumber": "DA3917AK0018" }, "id": "29", "type": "DEVICE" }, { "deviceInfo": { "cluster": false, "description": null, "emsSdId": "262175", "enrollStatus": null, "feedSourceConfigStatus": "SET_SUCCESS", "initStatus": "SUCCESS", "ip": "10.92.82.179", "model": "VSRX", "name": "vsrx-srini-179-D100", "perimeterDevice": true, "serialNumber": "A9D70E39FF31" }, "id": "27", "type": "DEVICE" } ], "name": "stie_179", "updateTs": 1539189977, "uri": "/api/v2/controller/sites/535aad4d-2525-4fb8-9551-bb3d56cff48e" } }
Usage Example 3 - Updating a site based on siteId
PUT <context>/api/v2/controller/sites/{siteId} Content-Type: application/json STATUS: 200 { "site": { "name": "stie_179", "description": "", "domain": "Global", "tenantId":"6802b803-a20a-42a1-aab2-69b21c5c9f21" "feedSourceId": "277540f6-e640-4306-b5fc-8be6c978ecc0", "id": "535aad4d-2525-4fb8-9551-bb3d56cff48e", "members": [ { "deviceInfo": { "perimeterDevice": true, }, "id": "29", "type": "DEVICE" }, { "deviceInfo": { "perimeterDevice": true, }, "id": "27", "type": "DEVICE" } ] } }
Usage Example 4 - Deleting a site
DELETE <context>/api/v2/controller/sites/{siteId} STATUS: 204
Policy Enforcement Group API Usage Examples
The following are usage examples for the Policy Enforcement Group API:
APIs must include the authorization header based on the RestFul API user created through the Configuring Controller API.
Usage Example 1 - Creating a new Policy Enforcement Group
POST <context>/api/v2/controller/policyGroups Content-Type: application/json STATUS: 200 "policyGroup": { "name": "sunnyvale", "domain": "SD domain name", "feedSourceId", "uuid-realm-1234" "description": "sunnyvale user endpoints", "groupType": "IP", "sites": [{"siteId": "uuid-111", "name": "bldg-A", "uri", "/api/v2/controller/Sites/uuid-111"}, {"siteId": "uuid-222", "name": "bldg-B", "uri", "/api/v2/controller/Sites/uuid-222"}, {"siteId": "uuid-333", "name": "bldg-6", "uri", "/api/v2/controller/Sites/uuid-333"} ], "addressGroups": ["192.0.2.0/24", "198.51.100.0-198.51.100.255", "203.0.113.0"] }
where:
sites
andaddressGroups
are mutually exclusive.The value of
addressGroups
can be a single IP, an IP range, or an IP subnet.If the value of
groupType
isIP
,addressGroups
are populated; if the value isLOCATION
, sites are populated.
Usage Example 2 - Retrieving a specific policy enforcement
group based on policyGroupId
GET <context>/api/v2/controller/policyGroups/{policyGroupId} Content-Type: application/json STATUS: 200 Location-based: { "policyGroup": { "addresses": [], "createTs": 1539190061, "description": "", "domain": "", "groupType": "LOCATION", "id": "6b2f9d7e-2079-42b1-8806-40d5315e64bc", "name": "peg_site", "sites": [ { "id": "535aad4d-2525-4fb8-9551-bb3d56cff48e", "name": "stie_179" } ], "updateTs": 0 } } IP-based (if IP subnet is a part of connector): { "policyGroup": { "addresses": [ { "connectorInfo": { "endpointAddressSpace": { "name": "", "type": "Global" }, "name": "forescout", "type": "forescout" }, "subnet": "192.168.199.254/24", "subnetDescription": "fs_199", "subnetId": "f5ab56ab-5ed3-4f80-a1b2-5b511dbf0019", "type": "SUBNET" } ], "createTs": 1539189913, "description": "", "domain": "", "groupType": "IP", "id": "c8de4f43-6fe7-4ee4-bdee-344b7cbb1b6c", "name": "peg", "sites": [], "updateTs": 0 } }
Usage Example 3 - Updating a specific policy enforcement group
based on policyGroupId
PUT <context>/api/v2/controller/policyGroups/{policyGroupId} Content-Type: application/json STATUS: 200 "policyGroup": { "name": "sunnyvale", "domain": "SD domain name", "feedSourceId", "uuid-realm-1234" "description": "sunnyvale user endpoints", "sites": [], "addressGroups": ["192.0.2.0/24", "198.51.100.0-198.51.100.255", "203.0.113.0"] }
Usage Example 4 - Retrieving the updated policy enforcement
group to check if the updates are present
GET <context>/api/v2/controller/policyGroups Content-Type: application/json STATUS: 200 "policyGroups": { "uri":"https://<host>/<context>/api/v2/controller/policyGroups", "total": 2, "policyGroup": [ {"id": "uuid-1234", "uri":"https://<host>/<context>/api/v2/controller/policyGroups/uuid-1234", "name": "sunnyvale", "domain": "SD domain name", "description": "sunnyvale user endpoints", "feedSourceId", "uuid-realm-1234" "sites": [], "addressGroups": ["192.0.2.0/24", "198.51.100.0-198.51.100.255", "203.0.113.0"]}, {"id": "uuid-1234", "uri":"https://<host>/<context>/api/v2/controller/policyGroups/uuid-1234", "name": "sunnyvale", "domain": "SD domain name", "description": "sunnyvale user endpoints", "feedSourceId", "uuid-realm-1235" "sites": [{"siteId": "uuid-111", "name": "bldg-A", "uri", "/api/v2/controller/Sites/uuid-111"}, {"siteId": "uuid-222", "name": "bldg-B", "uri", "/api/v2/controller/Sites/uuid-222"}, {"siteId": "uuid-333", "name": "bldg-6", "uri", "/api/v2/controller/Sites/uuid-333"} ], "addressGroups": []}, ] }
Usage Example 5 - Deleting a policy enforcement group
DELETE <context>/api/v2/controller/policyGroups/{policyGroupId} STATUS: 204
Threat Policy API Usage Examples
The following are usage examples for the Threat Policy API:
APIs must include the authorization header based on the RestFul API user created through the Configuring Controller API.
Usage Example 1 - Creating a new Threat Policy
POST <context>/api/v2/controller/threatPolicys Content-Type: application/json STATUS: 200 "threatPolicy": { "name": "simplePolicy", "domain": "SD domain name", "description": "with all profiles", "profiles": [{ "feedType": "CnC", "actions": [{"threatLevelStart": "0", "threatLevelEnd": "4", "action": "PERMIT"}, {"threatLevelStart": "5", "threatLevelEnd": "7", "action": "LOG"}, {"threatLevelStart": "8", "threatLevelEnd": "9", "action": "BLOCK_CLOSE", "redirectUrl": "", "customMessage": ""}] }, { "feedType": "INFECTED_HOST", "actions": [ { "threatLevelStart": "", "threatLevelEnd": "", "action": "BLOCK_QUARANTINE", "quarantineVlanName": "v999" } ] }, { "feedType": "MALWARE", "malwareProfileName": "scanAll", "https": true, "actions": [{"threatLevelStart": "0", "threatLevelEnd": "6", "action": "PERMIT"}, {"threatLevelStart": "7", "threatLevelEnd": "9", "action": "BLOCK_CLOSE", "redirectUrl": "", "customMessage": "call IT support"}] }, { "feedType": "SMTP", "attachmentProfileName": "scanAll", "actions": [{"threatLevelStart": "0", "threatLevelEnd": "6", "action": "PERMIT"}, {"threatLevelStart": "7", "threatLevelEnd": "9", “action": "BLOCK_DROP"}] } ], "secondaryActions": ["LOG"], "policyGroups": [{"policyGroupId": "uu-123", "name": "peg1"}, {"policyGroupId": "uu-456", "name": "peg2"}], "deployStatus": "DRAFT" }
where:
The value of
action
can bePERMIT
,LOG
,BLOCK_DROP
,BLOCK_CLOSE
,BLOCK_QUARANTINE
,MONITOR
.The value of
secondaryAction
cab beLOG_ALL
,LOG_BLOCKED
, orNONE
.If you specify
MALWARE
as thefeedType
, SRX takes a single threat level threshold value, that is, it allows two actions — permit and block.If you specify
GEO_IP
as the feedType, then the SRX Series device has no threshold and allows permit or block.For
deployStatus
, you do not have to specify the valuesDRAFT
,ANALYSIS_PROGRESS
,READY_TO_DEPLOY
, andDEPLOYED
for POST and PUT operations.
Usage Example 2 - Updating a threat policy
PUT <context>/api/v2/controller/threatPolicys/uuid-1234/emsData Content-Type: application/json STATUS: 200 STATUS: 500 (It can have following errors) "no PerimeterFirewall found based on PEG, skipping analysis" "ATP analysis policy: <xyz> has aamw/infected-host profile, no argon capable device, skipping analysis" "threatPolicy": { "name": "simplePolicy", "domain": "SD domain name", "description": "with all profiles", "profiles": [], "secondaryActions": ["LOG"], "policyGroups": [{"policyGroupId": "uu-123", "name": "peg1"}, {"policyGroupId": "uu-456", "name": "peg2"}], "deployStatus": "DRAFT", "emsAnalysisId": "uuid-policy-analysis", "emsPublishUpdateId": "publish-update-job-id" }
Usage Example 3 - Retrieving a specific threat policy based
on threatPolicyId
GET <context>/api/v2/controller/threatPolicys/uuid-1234 Content-Type: application/json STATUS: 200 "threatPolicy": { "id": "uuid-1234", "uri":"https://<host>/<context>/api/v2/controller/threatPolicys/uuid-1234", "name": "simplePolicy", "domain": "SD domain name", "description": "with all profiles", "profiles": [{ "feedType": "CnC", "actions": [{"threatLevelStart": "0", "threatLevelEnd": "4", "action": "PERMIT"}, {"threatLevelStart": "5", "threatLevelEnd": "7", "action": "LOG"}, {"threatLevelStart": "8", "threatLevelEnd": "9", "action": "BLOCK_CLOSE", "redirectUrl": "", "customMessage": ""}] }, { "feedType": "INFECTED_HOST", "actions": [{"threatLevelStart": "0", "threatLevelEnd": "4", "action": "PERMIT"}, {"threatLevelStart": "8", "threatLevelEnd": "9", "action": "BLOCK_QUARANTINE", "quarantineVlanName": "911"}] }, { "feedType": "MALWARE", "malwareProfileName": "scanAll", "https": true, "actions": [{"threatLevelStart": "0", "threatLevelEnd": "6", "action": "PERMIT"}, {"threatLevelStart": "7", "threatLevelEnd": "9", "action": "BLOCK_CLOSE", "redirectUrl": "", "customMessage": "call IT support"}] }, { "feedType": "SMTP", "attachmentProfileName": "scanAll", "actions": [{"threatLevelStart": "0", "threatLevelEnd": "6", "action": "PERMIT"}, {"threatLevelStart": "7", "threatLevelEnd": "9", “action": "BLOCK_DROP"}] } ], "secondaryActions": ["LOG"], "policyGroups": [{"policyGroupId": "uu-123", "name": "peg1"}, {"policyGroupId": "uu-456", "name": "peg2"}], "deployStatus": "DRAFT", "deployDevices": [{"name": "device1", "deviceId": "uuid1234"}], "skipDevices": [{"name": "device2", "deviceId": "uuid5678"}] }
Usage Example 4 - Deleting a threat policy
DELETE <context>/api/v2/controller/threatPolicys/uuid-1234", STATUS: 204
Custom Feed API Usage Examples
The following are usage examples for the Custom Feed API:
APIs must include the authorization header based on the RestFul API user created through the Configuring Controller API.
Usage Example 1 - Creating a new CustomFeed with Local Files
POST <context>/api/v2/controller/customFeeds Content-Type: application/json Accept: application/json STATUS: 200 Body - Version 1: { "customFeed": { "feedType":"Dynamic-Address", <= Can be 'Dynamic-Address/Allowlist/Blocklist' "domain":"Global", "name":"testda", "fileType":"Local", <= Can be 'Local/Remote' "inputType":"ip", <= Can be 'ip for Dynamic-Address and ip/url/domain for Allowlist and Blocklist' "description":"", "content": [ { "siteIds": [ "bc065f26-b081-43a8-bd37-e3f349cdbdab" <= List of site ids based on the creation of site in Secure Fabric page. See below to get site information. ], "data": [ "1.1.1.1", "2.2.2.2" <= IP/URL/Domain list. ] } ] } }
where:
The value of
feedType
can beBlocklist
,Allowlist
, orDynamic-Address
.The value of
content
can be a list of IP addresses, an IP range, or a subnet for aBlocklist
,Allowlist
and,Dynamic-Address
.The value of
inputType
can be an IP, URL or a domain for aBlocklist
,Allowlist
and,Dynamic-Address
.
Usage Example 2- Creating a new CustomFeed with Infected-Host
feedtype
POST <context>/api/v2/controller/customFeeds Content-Type: application/json Accept: application/json STATUS: 200 Body - Version 2: { "customFeed": { "feedType":"Infected-Hosts", <= Can be 'DDoS/Infected-Hosts' "domain":"Global", "name":"testih", "fileType":"Local", <= Can be 'Local/Remote' "inputType":"ip", <= Can only be 'ip for Infected-Hosts and DDoS' "description":"", "content": [ { "siteIds": [ "bc065f26-b081-43a8-bd37-e3f349cdbdab" <= List of site ids based on the creation of site in Secure Fabric page. See below to get site information. ], "data": { "add": ["192.0.2.0","198.51.100.0"] <= Will add new data. } } ] } }
where:
The value of
feedType
isInfected-Hosts
.The value of
content
can be a list of IP addresses.The value of
inputType
can be and an IP address.
Usage Example 3- Creating a new Custom Feed with CC as feed
type
POST /api/v2/controller/customFeeds/CCCF1 Body: { "customFeed":{ "domain": "Global", "feedType": "CC", "name": "CCCF1", "fileType": "Local", "content": [ { "siteIds": [ "0feaf878-c8e6-45bb-aba3-8bf7c9ac83ae" ], "data": [ {"value": "2.2.2.2", "threat_level": 2}, {"value": "3.3.3.3", "threat_level": 10}, {"value": "4.4.4.4", "threat_level": 10}, {"value": "1.1.1.1", "threat_level": 3} ], } ], "inputType": "ip", "description": "" } } If file upload UI should accept file with “,” -> IP/URL,threat_level File contents: 2.2.2.2,3 4.4.4.4,5
Usage Example 4- Retrieving a specific custom feed based on
CustomFeed Id
GET <context>/api/v2/controller/customFeeds/<name> Content-Type: application/json STATUS: 200 Response: { "customFeed": { "username":null, "domain":"Global", "feedType":"Dynamic-Address", "name":"testda", "url":null, "fileType":"Local", "caCerts":null, "content": [ { "siteIds": [ "bc065f26-b081-43a8-bd37-e3f349cdbdab" ], "data": [ "1.1.1.1" ], "feedId": 1 <= This is the feedId that should be used during PUT operation. } ], "fail_count": 0, "updateTs":1523460907, "updateInterval":null, "password":null, "inputType":"ip", "urlType":null, "description":"" } }
Usage Example 5- Retrieving a specific infected-host custom
feed based on CustomFeed Id
GET <context>/api/v2/controller/customFeeds/<name> Content-Type: application/json STATUS: 200 Response: "customFeed": { "id": "uuid-1234", "emsVersion":0, "createTs":1479328662, "emsAddressId":null, "updateTs":null "uri":"/api/v2/controller/customFeeds/uuid-1234", "name": "customIPs", "domain": "SD domain name", "description": "infected IPs", "feedType": "Infected-Hosts", "inputType": "ip", "content": {"add": ["192.0.2.0","198.51.100.0"], {"delete": ["198.51.100.255"]} }
Usage Example 6- Retrieving the list of custom feeds
GET <context>/api/v2/controller/customFeeds/ Content-Type: application/json STATUS: 200 Response: { "customFeeds": { "total":1, "customFeed": [ { "updateTs": 1523460907, "name": "testda", "fileType": "Local", "content": [ { "siteIds": [ "bc065f26-b081-43a8-bd37-e3f349cdbdab" ] } ], "fail_count": 0, "createdByUser": 1, "feedType": "Dynamic-Address", "description": "" } ] } }
Usage Example 7- Updating a custom feed
PUT <context>/api/v2/controller/customFeeds/<name> Content-Type: application/json STATUS: 200 Body - Version 1: { "customFeed": { "feedType":"Dynamic-Address", "domain":"Global", "name":"testda", "fileType":"Local", "inputType":"ip", "description":"", "content": [ { "siteIds": [ "bc065f26-b081-43a8-bd37-e3f349cdbdab" ], "data": [ "3.3.3.3", "1.1.1.1", "2.2.2.2" ], "feedId": 1 <= feedId should be retrieved from GET call. See below GET API for details. } ] } }
Body - Version 2: { "customFeed": { "feedType":"Infected-Hosts", "domain":"Global", "name":"testih", "fileType":"Local", "inputType":"ip", "description":"", "content": [ { "siteIds": [ "bc065f26-b081-43a8-bd37-e3f349cdbdab" ], "data": { "add": ["192.0.2.1"], <= Will add new data to existing list. "delete": ["192.0.2.0"] <= Will remove data from existing list. }, "feedId": 2 <= feedId should be retrieved from GET call. See below GET API for details. } ] } }
Usage Example 8- Deleting a custom feed
DELETE <context>/api/v2/controller/customFeeds/<name> STATUS: 204
Usage Example 9- Creating Custom Feeds with Remote File Server
POST <context>/api/v2/controller/customFeeds Body: { "customFeed": { "feedType":"Dynamic-Address", <= Can be 'Dynamic-Address/Allowlist/Blocklist/Infected-Hosts/DDoS' "domain":"Global", "name":"testsda", "fileType":"Remote", "inputType":"ip", <== Can be 'ip for Dynamic-Address/Infected-Hosts/DDoS and ip/url/domain for Allowlist and Blocklist' "description":"", "content": [ { "siteIds": [ "bc065f26-b081-43a8-bd37-e3f349cdbdab" ], "data":{} } ], "username":"super", "password":"123juniper", "updateInterval":"hourly", <= Can be hourly/monthly/yearly "url":"http://1.1.1.1/ip.list", "urlType":"http" <= Can be http/https "caCerts":"un-esxi-01-1-vm29englabjunipernet.crt" <= If https "caCertsContent":"-----BEGIN CERTIFICATE-----\r\nMIIEJzCCAw+gAwIBAgIJALHgXBKvQq9qMA0GCSqGSIb3DQEBCwUAMIGpMQswCQYD\r\nVQQGEwJVUzELMAkGA1UECAwCQ0ExEjAQBgNVBAcMCVN1bm55dmFsZTEZMBcGA1UE\r\nCgwQSnVuaXBlciBOZXR3b3JrczEMMAoGA1UECwwDSkRJMS0wKwYDVQQDDCR1bi1l\r\nc3hpLTAxLTEtdm0yOS5lbmdsYWIuanVuaXBlci5uZXQxITAfBgkqhkiG9w0BCQEW\r\nEnNyaW5pdkBqdW5pcGVyLm5ldDAeFw0xODAyMTIyMDM2NDRaFw0xOTAyMTIyMDM2\r\nNDRaMIGpMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExEjAQBgNVBAcMCVN1bm55\r\ndmFsZTEZMBcGA1UECgwQSnVuaXBlciBOZXR3b3JrczEMMAoGA1UECwwDSkRJMS0w\r\nKwYDVQQDDCR1bi1lc3hpLTAxLTEtdm0yOS5lbmdsYWIuanVuaXBlci5uZXQxITAf\r\nBgkqhkiG9w0BCQEWEnNyaW5pdkBqdW5pcGVyLm5ldDCCASIwDQYJKoZIhvcNAQEB\r\nBQADggEPADCCAQoCggEBAMZwGflF0NJwj16vuiCkTn3cbP0Q476KwTf7x+Ds2yH3\r\nQBJadt5246seQH5lGfVbN5dJ173w/EGb1vrK5jlCd74WEgAK/49DArPEnw7tz6tJ\r\n952v6eom2FRArywc7X46Zr4UbXPF2wE2AsvjIcH6zIqP4rHxMWtdeZY+U/XuObPJ\r\nUhCeauvKygByhGvxNO8s2Yru5kyi6RwD8qC3jxhVxntE/FVoMJTSX9QIc67PwEGm\r\nxMbvdST1GsGFMhOCw5sDCqVkVPT7vivfknd4Y/LnzsZdU0kBZKO0jzmEunbX13/u\r\nychhJMOTLiQ8E7RncWalVmqpdY1VVs8VLRcyiC2zRA0CAwEAAaNQME4wHQYDVR0O\r\nBBYEFOc14oi4no+NOtjt5lCvgD/BG7D/MB8GA1UdIwQYMBaAFOc14oi4no+NOtjt\r\n5lCvgD/BG7D/MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFaxOE3c\r\nKPb+AF+QXk9KUXPinHCSrIP74my8Zo/2IjIlwQLJ96OWrvH8eDVYK5kKWf+vO+82\r\nA1PNVf2i6dmsHVusm5qHM6v00GtPQpa+eebmsCVNjboHiQIV9Ba6ly2R6W/wJ6v3\r\niOH5QR2y3JVr9rRH0B6diS8TQ2kpbhCQ022qR2jmzaEb/cg01sv7DA6kdCrXR6yh\r\nmeLNzMns6/I9DyG9wTgpUoTf+dHhxqNXgjXDgaiIu5TcVD5rItTbIz2WGY/GA89J\r\nne+DhAD1llKLqLw7Za7QM4h/Z14nvL4ceMKARRJjaJ69pEjM6mQrU1Bo32wExOM/\r\npwwIfBi1RBD6X+8=\r\n-----END CERTIFICATE-----\r\n" } }
Geo IP API Usage Examples
The following are usage examples for Geo IP API:
APIs must include the authorization header based on the RestFul API user created through the Configuring Controller API.
Usage Example 1 - Creating a new Geo IP
POST <context>/api/v2/controller/geoIps Content-Type: application/json STATUS: 200 "geoIp": { "name": "asia", "domain": "SD domain name", "description": "all asia countries", "countrys": [CN, IN], "action": "BLOCK_INBOUND", "secondaryAction": "LOG" }
where:
The value of
action
can beBLOCK_INBOUND
,BLOCK_OUTBOUND
, orBLOCK_BOTH
.The value of
secondaryAction
can beLOG
orNONE
.
The values for action
and secondaryAction
are only needed for SDSN.
Usage Example 2 - Retrieving a specific Geo IP based on geoIpId
GET <context>/api/v2/controller/geoIps/{geoIpId} Content-Type: application/json STATUS: 200 "geoIp": { "id": "uuid-1234", "uri":"https://<host>/<context>/api/v2/controller/geoIps/uuid-1234", "name": "asia", "domain": "SD domain name", "description": "all asia countries", "countrys": [CN, IN], "action": "INBOUND", "secondaryAction": "LOG" }
Usage Example 3 - Retrieving the list of Geo IPs
GET <context>/api/v2/controller/geoIps Content-Type: application/json STATUS: 200 "geoIps": { "uri":"https://<host>/<context>/api/v2/controller/geoips", "total": 2, "geoip": [ {"id": "uuid-1234", "name": "asia", "domain": "SD domain name", "description": "all asia countries", "countrys": [CN, IN], "action": "INBOUND", "secondaryAction": "LOG"}, {"id": "uuid-1235", "name": "north korea", "domain": "SD domain name", "description": "some countries", "countrys": [KP], "action": "INBOUND", "secondaryAction": "LOG"} ] }
Usage Example 4 - Deleting Geo IP
DELETE <context>/api/v2/controller/geoIps/{geoIpId} STATUS: 204
Log API Usage Examples
The following is a usage example for Log API:
APIs must include the authorization header based on the RestFul API user created through the Configuring Controller API.
Usage Example - Retrieving all log files in zip format
GET <context>/api/v1/controller/logs STATUS: 200