Skip to main content

REST APIs for 24.2.20 and 24.2.10

REST API Users

This Public Stable API allows you to log your User into the PCE so you can get a session token to access other Illumio Core REST API calls. This API is your starting point for interacting with the PCE using the REST API.

Users API Methods

Functionality

HTTP

URI

Authenticate to the Illumio Login Service and obtain

a single-use authentication token.

POST

[api_version]/login_users/authenticate

Create a new user.

POST

[api_version][users]

Log in a user and obtain a session token.

GET

[api_version]/users/login

Log out a user and destroy the session token.

PUT

[api_version][user_href]/logout

Get a userʼs information.

GET

[api_version][user_href]

Update userʼs information.

PUT

[api_version][user_href]

Change a user's password (a local, non-SSO user).

PUT

[api_version]/login_users/[user_href]/password

Log Into the PCE

URI to Log In User

GET [api_version]/users/login

For step-by-step instructions about authenticating to the PCE and using GET /users/login in conjunction with other methods, see Authentication and API User Permissions.

Log Out and Destroy Credentials

This API logs users out of the PCE and destroys the temporary session credentials used to log them in.

Note

This PUT /logout call is not used with persistent API credentials.

URI to Log Out a User

PUT [user_href]/logout

Request Body

The request body is an empty JSON object.

{}

Log Out a User

curl -i -X PUT https://pce.my-company.com:8443/api/v2/authentication_services/password_policy -H "Content-Type: application/json" -u $KEY:$TOKEN -d '{"require_type_symbol": true, "expire_time_days": 90}

Get User Information

This API retrieves specific information about a user, such as when the user logs into the Illumio PCE, the IP address from which the user logs in, the user's name, and the password.

URI to Get User Information

GET [user_href]
Create a New User

This API creates a new local user.

URI to Create a New User

POST [api_version][users]
Change the User Password

This API method allows currently authenticated users to change their login password.

  • The call must be made by the user currently authenticated in the session; even an administrator cannot change another user's password.

  • An API key is not used with this API.

  • The user's login name (typically the user's e-mail address) and login password are used for authentication.

  • The user's five most recent passwords cannot be used.

Possible Responses

When you execute the command to change a password, you can receive one of these three messages:

  • 204 success: The password was changed successfully.

  • 406: Validation error such as invalid.

  • 501: The password was changed, but the e-mail notification failed.

See also: