Using Controller API
The following sections provide usage examples for the various APIs defined in the Controller API:
For usage examples of the Config API, see Configuring Controller API.
Tenant API Usage Examples
The following are usage examples for the Tenant API:
Usage Example 1 - Creating a Tenant
POST: /api/v2/controller/tenants
Content-Type: application/json'
Accept: application/json'
Body:
{
"tenant": {
"name": "COKE",
"lsysName": "root-logical-system",
"vrfName": "coke"
}
}
Usage Example 2 - Retrieving a Tenant
GET: /api/v2/controller/tenants/"6802b803-a20a-42a1-aab2-69b21c5c9f21"
Accept: application/json
output:
{
"tenant": {
"updateTs": 0,
"name": "COKE",
"uri": "/api/v2/controller/tenants/6802b803-a20a-42a1-aab2-69b21c5c9f21",
"vrfName": "coke",
"lsysName": "root-logical-system",
"id": "6802b803-a20a-42a1-aab2-69b21c5c9f21"
}
}
Usage Example 3 - Updating a Tenant
PUT: /api/v2/controller/tenants/"6802b803-a20a-42a1-aab2-69b21c5c9f21"
Accept: application/json
Content-Type: application/json
Body:
{
"tenant": {
"updateTs": 0,
"name": "COKE",
"uri": "/api/v2/controller/tenants/6802b803-a20a-42a1-aab2-69b21c5c9f21",
"vrfName": "coke-soda",
"lsysName": "root-logical-system",
"id": "6802b803-a20a-42a1-aab2-69b21c5c9f21"
}
}
Output:
{
"tenant": {
"vrfName": "coke-soda",
"name": "COKE",
"uri": "/api/v2/controller/tenants/6802b803-a20a-42a1-aab2-69b21c5c9f21",
"updateTs": 0,
"lsysName": "root-logical-system",
"id": "6802b803-a20a-42a1-aab2-69b21c5c9f21"
}
}
Usage Example 4 - Deleting a Tenant
DELETE: /api/v2/controller/tenants/6802b803-a20a-42a1-aab2-69b21c5c9f21
Site API Usage Examples
The following are usage examples for the Site API:
APIs must include the authorization header based on the RestFul API user created through the Configuring Controller API.
Usage Example 1 - Creating a site
POST <context>/api/v2/controller/sites
Content-Type: application/json
STATUS: 200
{
"site": {
"name": "stie_179",
"domain": "Global",
"description": "",
"tenantId":"6802b803-a20a-42a1-aab2-69b21c5c9f21"
"feedSourceId": "",
"members": [
{
"deviceInfo": {
"perimeterDevice": true,
},
"id": "29",
"type": "DEVICE"
},
{
"deviceInfo": {
"perimeterDevice": true,
},
"id": "27",
"type": "DEVICE"
}
]
}
}
where:
feedSourceIdis the Juniper ATP Cloud realm and its value isNULLduring the POST operation. When a site is associated to realms, you can update the site withfeedSourceId.
Usage Example 2 - Retrieving a site
GET <context>/api/v2/controller/sites/{siteId}
Content-Type: application/json
STATUS: 200
{
"site": {
"description": "",
"domain": "SD domain name",
"tenantId":"6802b803-a20a-42a1-aab2-69b21c5c9f21"
"feedSourceId": "277540f6-e640-4306-b5fc-8be6c978ecc0",
"id": "535aad4d-2525-4fb8-9551-bb3d56cff48e",
"members": [
{
"deviceInfo": {
"cluster": false,
"description": null,
"emsSdId": "262181",
"enrollStatus": null,
"feedSourceConfigStatus": "SET_SUCCESS",
"initStatus": "SUCCESS",
"ip": "10.92.83.217",
"model": "srx550m",
"name": "un-srx550m-02",
"perimeterDevice": true,
"serialNumber": "DA3917AK0018"
},
"id": "29",
"type": "DEVICE"
},
{
"deviceInfo": {
"cluster": false,
"description": null,
"emsSdId": "262175",
"enrollStatus": null,
"feedSourceConfigStatus": "SET_SUCCESS",
"initStatus": "SUCCESS",
"ip": "10.92.82.179",
"model": "VSRX",
"name": "vsrx-srini-179-D100",
"perimeterDevice": true,
"serialNumber": "A9D70E39FF31"
},
"id": "27",
"type": "DEVICE"
}
],
"name": "stie_179",
"updateTs": 1539189977,
"uri": "/api/v2/controller/sites/535aad4d-2525-4fb8-9551-bb3d56cff48e"
}
}
Usage Example 3 - Updating a site based on siteId
PUT <context>/api/v2/controller/sites/{siteId}
Content-Type: application/json
STATUS: 200
{
"site": {
"name": "stie_179",
"description": "",
"domain": "Global",
"tenantId":"6802b803-a20a-42a1-aab2-69b21c5c9f21"
"feedSourceId": "277540f6-e640-4306-b5fc-8be6c978ecc0",
"id": "535aad4d-2525-4fb8-9551-bb3d56cff48e",
"members": [
{
"deviceInfo": {
"perimeterDevice": true,
},
"id": "29",
"type": "DEVICE"
},
{
"deviceInfo": {
"perimeterDevice": true,
},
"id": "27",
"type": "DEVICE"
}
]
}
}
Usage Example 4 - Deleting a site
DELETE <context>/api/v2/controller/sites/{siteId}
STATUS: 204
Policy Enforcement Group API Usage Examples
The following are usage examples for the Policy Enforcement Group API:
APIs must include the authorization header based on the RestFul API user created through the Configuring Controller API.
Usage Example 1 - Creating a new Policy Enforcement Group
POST <context>/api/v2/controller/policyGroups
Content-Type: application/json
STATUS: 200
"policyGroup": {
"name": "sunnyvale",
"domain": "SD domain name",
"feedSourceId", "uuid-realm-1234"
"description": "sunnyvale user endpoints",
"groupType": "IP",
"sites": [{"siteId": "uuid-111", "name": "bldg-A",
"uri", "/api/v2/controller/Sites/uuid-111"},
{"siteId": "uuid-222", "name": "bldg-B",
"uri", "/api/v2/controller/Sites/uuid-222"},
{"siteId": "uuid-333", "name": "bldg-6",
"uri", "/api/v2/controller/Sites/uuid-333"}
],
"addressGroups": ["192.0.2.0/24", "198.51.100.0-198.51.100.255",
"203.0.113.0"]
}
where:
sitesandaddressGroupsare mutually exclusive.The value of
addressGroupscan be a single IP, an IP range, or an IP subnet.If the value of
groupTypeisIP,addressGroupsare populated; if the value isLOCATION, sites are populated.
Usage Example 2 - Retrieving a specific policy enforcement group based on policyGroupId
GET <context>/api/v2/controller/policyGroups/{policyGroupId}
Content-Type: application/json
STATUS: 200
Location-based:
{
"policyGroup": {
"addresses": [],
"createTs": 1539190061,
"description": "",
"domain": "",
"groupType": "LOCATION",
"id": "6b2f9d7e-2079-42b1-8806-40d5315e64bc",
"name": "peg_site",
"sites": [
{
"id": "535aad4d-2525-4fb8-9551-bb3d56cff48e",
"name": "stie_179"
}
],
"updateTs": 0
}
}
IP-based (if IP subnet is a part of connector):
{
"policyGroup": {
"addresses": [
{
"connectorInfo": {
"endpointAddressSpace": {
"name": "",
"type": "Global"
},
"name": "forescout",
"type": "forescout"
},
"subnet": "192.168.199.254/24",
"subnetDescription": "fs_199",
"subnetId": "f5ab56ab-5ed3-4f80-a1b2-5b511dbf0019",
"type": "SUBNET"
}
],
"createTs": 1539189913,
"description": "",
"domain": "",
"groupType": "IP",
"id": "c8de4f43-6fe7-4ee4-bdee-344b7cbb1b6c",
"name": "peg",
"sites": [],
"updateTs": 0
}
}
Usage Example 3 - Updating a specific policy enforcement group based on policyGroupId
PUT <context>/api/v2/controller/policyGroups/{policyGroupId}
Content-Type: application/json
STATUS: 200
"policyGroup": {
"name": "sunnyvale",
"domain": "SD domain name",
"feedSourceId", "uuid-realm-1234"
"description": "sunnyvale user endpoints",
"sites": [],
"addressGroups": ["192.0.2.0/24", "198.51.100.0-198.51.100.255",
"203.0.113.0"]
}
Usage Example 4 - Retrieving the updated policy enforcement group to check if the updates are present
GET <context>/api/v2/controller/policyGroups
Content-Type: application/json
STATUS: 200
"policyGroups": {
"uri":"https://<host>/<context>/api/v2/controller/policyGroups",
"total": 2,
"policyGroup": [
{"id": "uuid-1234",
"uri":"https://<host>/<context>/api/v2/controller/policyGroups/uuid-1234",
"name": "sunnyvale", "domain": "SD domain name",
"description": "sunnyvale user endpoints", "feedSourceId",
"uuid-realm-1234"
"sites": [],
"addressGroups":
["192.0.2.0/24", "198.51.100.0-198.51.100.255", "203.0.113.0"]},
{"id": "uuid-1234",
"uri":"https://<host>/<context>/api/v2/controller/policyGroups/uuid-1234",
"name": "sunnyvale", "domain": "SD domain name",
"description": "sunnyvale user endpoints", "feedSourceId",
"uuid-realm-1235"
"sites": [{"siteId": "uuid-111", "name": "bldg-A", "uri",
"/api/v2/controller/Sites/uuid-111"},
{"siteId": "uuid-222", "name": "bldg-B", "uri",
"/api/v2/controller/Sites/uuid-222"},
{"siteId": "uuid-333", "name": "bldg-6", "uri",
"/api/v2/controller/Sites/uuid-333"}
],
"addressGroups": []},
]
}
Usage Example 5 - Deleting a policy enforcement group
DELETE <context>/api/v2/controller/policyGroups/{policyGroupId}
STATUS: 204
Threat Policy API Usage Examples
The following are usage examples for the Threat Policy API:
APIs must include the authorization header based on the RestFul API user created through the Configuring Controller API.
Usage Example 1 - Creating a new Threat Policy
POST <context>/api/v2/controller/threatPolicys
Content-Type: application/json
STATUS: 200
"threatPolicy": {
"name": "simplePolicy",
"domain": "SD domain name",
"description": "with all profiles",
"profiles": [{
"feedType": "CnC",
"actions": [{"threatLevelStart": "0", "threatLevelEnd": "4",
"action": "PERMIT"},
{"threatLevelStart": "5", "threatLevelEnd": "7",
"action": "LOG"},
{"threatLevelStart": "8", "threatLevelEnd": "9",
"action": "BLOCK_CLOSE", "redirectUrl": "",
"customMessage": ""}]
}, {
"feedType": "INFECTED_HOST",
"actions": [
{
"threatLevelStart": "",
"threatLevelEnd": "",
"action": "BLOCK_QUARANTINE",
"quarantineVlanName": "v999"
}
]
}, {
"feedType": "MALWARE", "malwareProfileName": "scanAll",
"https": true, "actions": [{"threatLevelStart": "0",
"threatLevelEnd": "6", "action": "PERMIT"},
{"threatLevelStart": "7", "threatLevelEnd": "9",
"action": "BLOCK_CLOSE", "redirectUrl": "",
"customMessage": "call IT support"}]
}, {
"feedType": "SMTP", "attachmentProfileName": "scanAll",
"actions": [{"threatLevelStart": "0", "threatLevelEnd": "6",
"action": "PERMIT"},
{"threatLevelStart": "7", "threatLevelEnd": "9",
“action": "BLOCK_DROP"}]
}
],
"secondaryActions": ["LOG"],
"policyGroups": [{"policyGroupId": "uu-123", "name": "peg1"},
{"policyGroupId": "uu-456", "name": "peg2"}],
"deployStatus": "DRAFT"
}
where:
The value of
actioncan bePERMIT,LOG,BLOCK_DROP,BLOCK_CLOSE,BLOCK_QUARANTINE,MONITOR.The value of
secondaryActioncab beLOG_ALL,LOG_BLOCKED, orNONE.If you specify
MALWAREas thefeedType, SRX takes a single threat level threshold value, that is, it allows two actions — permit and block.If you specify
GEO_IPas the feedType, then the SRX Series device has no threshold and allows permit or block.For
deployStatus, you do not have to specify the valuesDRAFT,ANALYSIS_PROGRESS,READY_TO_DEPLOY, andDEPLOYEDfor POST and PUT operations.
Usage Example 2 - Updating a threat policy
PUT <context>/api/v2/controller/threatPolicys/uuid-1234/emsData
Content-Type: application/json
STATUS: 200
STATUS: 500 (It can have following errors)
"no PerimeterFirewall found based on PEG, skipping analysis"
"ATP analysis policy: <xyz> has aamw/infected-host profile, no argon capable device, skipping analysis"
"threatPolicy": {
"name": "simplePolicy",
"domain": "SD domain name",
"description": "with all profiles",
"profiles": [],
"secondaryActions": ["LOG"],
"policyGroups": [{"policyGroupId": "uu-123", "name": "peg1"}, {"policyGroupId": "uu-456", "name": "peg2"}],
"deployStatus": "DRAFT",
"emsAnalysisId": "uuid-policy-analysis",
"emsPublishUpdateId": "publish-update-job-id"
}
Usage Example 3 - Retrieving a specific threat policy based on threatPolicyId
GET <context>/api/v2/controller/threatPolicys/uuid-1234
Content-Type: application/json
STATUS: 200
"threatPolicy": {
"id": "uuid-1234",
"uri":"https://<host>/<context>/api/v2/controller/threatPolicys/uuid-1234",
"name": "simplePolicy",
"domain": "SD domain name",
"description": "with all profiles",
"profiles": [{
"feedType": "CnC",
"actions": [{"threatLevelStart": "0", "threatLevelEnd": "4",
"action": "PERMIT"},
{"threatLevelStart": "5", "threatLevelEnd": "7",
"action": "LOG"},
{"threatLevelStart": "8", "threatLevelEnd": "9",
"action": "BLOCK_CLOSE",
"redirectUrl": "", "customMessage": ""}]
}, {
"feedType": "INFECTED_HOST",
"actions": [{"threatLevelStart": "0", "threatLevelEnd": "4",
"action": "PERMIT"},
{"threatLevelStart": "8", "threatLevelEnd": "9",
"action": "BLOCK_QUARANTINE",
"quarantineVlanName": "911"}]
}, {
"feedType": "MALWARE", "malwareProfileName": "scanAll",
"https": true, "actions": [{"threatLevelStart": "0",
"threatLevelEnd": "6", "action": "PERMIT"},
{"threatLevelStart": "7", "threatLevelEnd": "9",
"action": "BLOCK_CLOSE",
"redirectUrl": "", "customMessage": "call IT support"}]
}, {
"feedType": "SMTP", "attachmentProfileName": "scanAll",
"actions": [{"threatLevelStart": "0", "threatLevelEnd": "6",
"action": "PERMIT"},
{"threatLevelStart": "7", "threatLevelEnd": "9",
“action": "BLOCK_DROP"}]
}
],
"secondaryActions": ["LOG"],
"policyGroups": [{"policyGroupId": "uu-123", "name": "peg1"},
{"policyGroupId": "uu-456", "name": "peg2"}],
"deployStatus": "DRAFT",
"deployDevices": [{"name": "device1", "deviceId": "uuid1234"}],
"skipDevices": [{"name": "device2", "deviceId": "uuid5678"}]
}Usage Example 4 - Deleting a threat policy
DELETE <context>/api/v2/controller/threatPolicys/uuid-1234", STATUS: 204
Custom Feed API Usage Examples
The following are usage examples for the Custom Feed API:
APIs must include the authorization header based on the RestFul API user created through the Configuring Controller API.
Usage Example 1 - Creating a new CustomFeed with Local Files
POST <context>/api/v2/controller/customFeeds
Content-Type: application/json
Accept: application/json
STATUS: 200
Body - Version 1:
{
"customFeed":
{
"feedType":"Dynamic-Address", <= Can be 'Dynamic-Address/Allowlist/Blocklist'
"domain":"Global",
"name":"testda",
"fileType":"Local", <= Can be 'Local/Remote'
"inputType":"ip", <= Can be 'ip for Dynamic-Address and ip/url/domain for Allowlist and Blocklist'
"description":"",
"content":
[
{
"siteIds":
[
"bc065f26-b081-43a8-bd37-e3f349cdbdab" <= List of site ids based on the creation of site in Secure Fabric page. See below to get site information.
],
"data":
[
"1.1.1.1",
"2.2.2.2" <= IP/URL/Domain list.
]
}
]
}
}where:
The value of
feedTypecan beBlocklist,Allowlist, orDynamic-Address.The value of
contentcan be a list of IP addresses, an IP range, or a subnet for aBlocklist,Allowlistand,Dynamic-Address.The value of
inputTypecan be an IP, URL or a domain for aBlocklist,Allowlistand,Dynamic-Address.
Usage Example 2- Creating a new CustomFeed with Infected-Host feedtype
POST <context>/api/v2/controller/customFeeds
Content-Type: application/json
Accept: application/json
STATUS: 200
Body - Version 2:
{
"customFeed":
{
"feedType":"Infected-Hosts", <= Can be 'DDoS/Infected-Hosts'
"domain":"Global",
"name":"testih",
"fileType":"Local", <= Can be 'Local/Remote'
"inputType":"ip", <= Can only be 'ip for Infected-Hosts and DDoS'
"description":"",
"content":
[
{
"siteIds":
[
"bc065f26-b081-43a8-bd37-e3f349cdbdab" <= List of site ids based on the creation of site in Secure Fabric page. See below to get site information.
],
"data":
{
"add": ["192.0.2.0","198.51.100.0"] <= Will add new data.
}
}
]
}
}where:
The value of
feedTypeisInfected-Hosts.The value of
contentcan be a list of IP addresses.The value of
inputTypecan be and an IP address.
Usage Example 3- Creating a new Custom Feed with CC as feed type
POST
/api/v2/controller/customFeeds/CCCF1
Body:
{
"customFeed":{
"domain": "Global",
"feedType": "CC",
"name": "CCCF1",
"fileType": "Local",
"content": [
{
"siteIds": [
"0feaf878-c8e6-45bb-aba3-8bf7c9ac83ae"
],
"data": [
{"value": "2.2.2.2", "threat_level": 2},
{"value": "3.3.3.3", "threat_level": 10},
{"value": "4.4.4.4", "threat_level": 10},
{"value": "1.1.1.1", "threat_level": 3}
],
}
],
"inputType": "ip",
"description": ""
}
}
If file upload UI should accept file with “,” -> IP/URL,threat_level
File contents:
2.2.2.2,3
4.4.4.4,5
Usage Example 4- Retrieving a specific custom feed based on CustomFeed Id
GET <context>/api/v2/controller/customFeeds/<name>
Content-Type: application/json
STATUS: 200
Response:
{
"customFeed":
{
"username":null,
"domain":"Global",
"feedType":"Dynamic-Address",
"name":"testda",
"url":null,
"fileType":"Local",
"caCerts":null,
"content":
[
{
"siteIds":
[
"bc065f26-b081-43a8-bd37-e3f349cdbdab"
],
"data":
[
"1.1.1.1"
],
"feedId": 1 <= This is the feedId that should be used during PUT operation.
}
],
"fail_count": 0,
"updateTs":1523460907,
"updateInterval":null,
"password":null,
"inputType":"ip",
"urlType":null,
"description":""
}
}Usage Example 5- Retrieving a specific infected-host custom feed based on CustomFeed Id
GET <context>/api/v2/controller/customFeeds/<name>
Content-Type: application/json
STATUS: 200
Response:
"customFeed": {
"id": "uuid-1234",
"emsVersion":0,
"createTs":1479328662,
"emsAddressId":null,
"updateTs":null
"uri":"/api/v2/controller/customFeeds/uuid-1234",
"name": "customIPs",
"domain": "SD domain name",
"description": "infected IPs",
"feedType": "Infected-Hosts",
"inputType": "ip",
"content": {"add": ["192.0.2.0","198.51.100.0"],
{"delete": ["198.51.100.255"]}
}Usage Example 6- Retrieving the list of custom feeds
GET <context>/api/v2/controller/customFeeds/
Content-Type: application/json
STATUS: 200
Response:
{
"customFeeds":
{
"total":1,
"customFeed":
[
{
"updateTs": 1523460907,
"name": "testda",
"fileType": "Local",
"content": [
{
"siteIds": [
"bc065f26-b081-43a8-bd37-e3f349cdbdab"
]
}
],
"fail_count": 0,
"createdByUser": 1,
"feedType": "Dynamic-Address",
"description": ""
}
]
}
}Usage Example 7- Updating a custom feed
PUT <context>/api/v2/controller/customFeeds/<name>
Content-Type: application/json
STATUS: 200
Body - Version 1:
{
"customFeed":
{
"feedType":"Dynamic-Address",
"domain":"Global",
"name":"testda",
"fileType":"Local",
"inputType":"ip",
"description":"",
"content":
[
{
"siteIds":
[
"bc065f26-b081-43a8-bd37-e3f349cdbdab"
],
"data":
[
"3.3.3.3",
"1.1.1.1",
"2.2.2.2"
],
"feedId": 1 <= feedId should be retrieved from GET call. See below GET API for details.
}
]
}
}
Body - Version 2:
{
"customFeed":
{
"feedType":"Infected-Hosts",
"domain":"Global",
"name":"testih",
"fileType":"Local",
"inputType":"ip",
"description":"",
"content":
[
{
"siteIds":
[
"bc065f26-b081-43a8-bd37-e3f349cdbdab"
],
"data":
{
"add": ["192.0.2.1"], <= Will add new data to existing list.
"delete": ["192.0.2.0"] <= Will remove data from existing list.
},
"feedId": 2 <= feedId should be retrieved from GET call. See below GET API for details.
}
]
}
}Usage Example 8- Deleting a custom feed
DELETE <context>/api/v2/controller/customFeeds/<name> STATUS: 204
Usage Example 9- Creating Custom Feeds with Remote File Server
POST <context>/api/v2/controller/customFeeds
Body:
{
"customFeed":
{
"feedType":"Dynamic-Address", <= Can be 'Dynamic-Address/Allowlist/Blocklist/Infected-Hosts/DDoS'
"domain":"Global",
"name":"testsda",
"fileType":"Remote",
"inputType":"ip", <== Can be 'ip for Dynamic-Address/Infected-Hosts/DDoS and ip/url/domain for Allowlist and Blocklist'
"description":"",
"content":
[
{
"siteIds":
[
"bc065f26-b081-43a8-bd37-e3f349cdbdab"
],
"data":{}
}
],
"username":"super",
"password":"123juniper",
"updateInterval":"hourly", <= Can be hourly/monthly/yearly
"url":"http://1.1.1.1/ip.list",
"urlType":"http" <= Can be http/https
"caCerts":"un-esxi-01-1-vm29englabjunipernet.crt" <= If https
"caCertsContent":"-----BEGIN CERTIFICATE-----\r\nMIIEJzCCAw+gAwIBAgIJALHgXBKvQq9qMA0GCSqGSIb3DQEBCwUAMIGpMQswCQYD\r\nVQQGEwJVUzELMAkGA1UECAwCQ0ExEjAQBgNVBAcMCVN1bm55dmFsZTEZMBcGA1UE\r\nCgwQSnVuaXBlciBOZXR3b3JrczEMMAoGA1UECwwDSkRJMS0wKwYDVQQDDCR1bi1l\r\nc3hpLTAxLTEtdm0yOS5lbmdsYWIuanVuaXBlci5uZXQxITAfBgkqhkiG9w0BCQEW\r\nEnNyaW5pdkBqdW5pcGVyLm5ldDAeFw0xODAyMTIyMDM2NDRaFw0xOTAyMTIyMDM2\r\nNDRaMIGpMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExEjAQBgNVBAcMCVN1bm55\r\ndmFsZTEZMBcGA1UECgwQSnVuaXBlciBOZXR3b3JrczEMMAoGA1UECwwDSkRJMS0w\r\nKwYDVQQDDCR1bi1lc3hpLTAxLTEtdm0yOS5lbmdsYWIuanVuaXBlci5uZXQxITAf\r\nBgkqhkiG9w0BCQEWEnNyaW5pdkBqdW5pcGVyLm5ldDCCASIwDQYJKoZIhvcNAQEB\r\nBQADggEPADCCAQoCggEBAMZwGflF0NJwj16vuiCkTn3cbP0Q476KwTf7x+Ds2yH3\r\nQBJadt5246seQH5lGfVbN5dJ173w/EGb1vrK5jlCd74WEgAK/49DArPEnw7tz6tJ\r\n952v6eom2FRArywc7X46Zr4UbXPF2wE2AsvjIcH6zIqP4rHxMWtdeZY+U/XuObPJ\r\nUhCeauvKygByhGvxNO8s2Yru5kyi6RwD8qC3jxhVxntE/FVoMJTSX9QIc67PwEGm\r\nxMbvdST1GsGFMhOCw5sDCqVkVPT7vivfknd4Y/LnzsZdU0kBZKO0jzmEunbX13/u\r\nychhJMOTLiQ8E7RncWalVmqpdY1VVs8VLRcyiC2zRA0CAwEAAaNQME4wHQYDVR0O\r\nBBYEFOc14oi4no+NOtjt5lCvgD/BG7D/MB8GA1UdIwQYMBaAFOc14oi4no+NOtjt\r\n5lCvgD/BG7D/MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFaxOE3c\r\nKPb+AF+QXk9KUXPinHCSrIP74my8Zo/2IjIlwQLJ96OWrvH8eDVYK5kKWf+vO+82\r\nA1PNVf2i6dmsHVusm5qHM6v00GtPQpa+eebmsCVNjboHiQIV9Ba6ly2R6W/wJ6v3\r\niOH5QR2y3JVr9rRH0B6diS8TQ2kpbhCQ022qR2jmzaEb/cg01sv7DA6kdCrXR6yh\r\nmeLNzMns6/I9DyG9wTgpUoTf+dHhxqNXgjXDgaiIu5TcVD5rItTbIz2WGY/GA89J\r\nne+DhAD1llKLqLw7Za7QM4h/Z14nvL4ceMKARRJjaJ69pEjM6mQrU1Bo32wExOM/\r\npwwIfBi1RBD6X+8=\r\n-----END CERTIFICATE-----\r\n"
}
}Geo IP API Usage Examples
The following are usage examples for Geo IP API:
APIs must include the authorization header based on the RestFul API user created through the Configuring Controller API.
Usage Example 1 - Creating a new Geo IP
POST <context>/api/v2/controller/geoIps
Content-Type: application/json
STATUS: 200
"geoIp": {
"name": "asia",
"domain": "SD domain name",
"description": "all asia countries",
"countrys": [CN, IN],
"action": "BLOCK_INBOUND",
"secondaryAction": "LOG"
}where:
The value of
actioncan beBLOCK_INBOUND,BLOCK_OUTBOUND, orBLOCK_BOTH.The value of
secondaryActioncan beLOGorNONE.
The values for action and secondaryAction are only needed for SDSN.
Usage Example 2 - Retrieving a specific Geo IP based on geoIpId
GET <context>/api/v2/controller/geoIps/{geoIpId}
Content-Type: application/json
STATUS: 200
"geoIp": {
"id": "uuid-1234",
"uri":"https://<host>/<context>/api/v2/controller/geoIps/uuid-1234",
"name": "asia",
"domain": "SD domain name",
"description": "all asia countries",
"countrys": [CN, IN],
"action": "INBOUND",
"secondaryAction": "LOG"
}Usage Example 3 - Retrieving the list of Geo IPs
GET <context>/api/v2/controller/geoIps
Content-Type: application/json
STATUS: 200
"geoIps": {
"uri":"https://<host>/<context>/api/v2/controller/geoips",
"total": 2,
"geoip": [
{"id": "uuid-1234", "name": "asia", "domain": "SD domain name",
"description": "all asia countries", "countrys": [CN, IN],
"action": "INBOUND", "secondaryAction": "LOG"},
{"id": "uuid-1235", "name": "north korea", "domain": "SD domain name",
"description": "some countries", "countrys": [KP],
"action": "INBOUND", "secondaryAction": "LOG"}
]
}Usage Example 4 - Deleting Geo IP
DELETE <context>/api/v2/controller/geoIps/{geoIpId}
STATUS: 204Log API Usage Examples
The following is a usage example for Log API:
APIs must include the authorization header based on the RestFul API user created through the Configuring Controller API.
Usage Example - Retrieving all log files in zip format
GET <context>/api/v1/controller/logs STATUS: 200