Skip to main content

REST APIs for 24.5

Access Restrictions Reference

This topic covers examples of access restriction.

Examples

Create Access Restrictions

curl -i -X POST https://pce.my-company.com:8443/api/v2/orgs/1/access_restrictions/

Response

{
	"name": "sample Access Restriction payload",
	"description": "example",
	"ips": [ "192.168.33.1/16" ],
	"enforcement_exclusions": [ "user_sessions" ]
}

Read an Access Restriction

curl -i -X GET https://pce.my-company.com:8443/api/v2/orgs/1/access_restrictions/

Update an Access Restriction

curl -i -X PUT https://pce.my-company.com:8443/api/v2/orgs/1/access_restrictions/1
{
	"name": "modified Access Restriction payload",
	"description": "example",
	"ips": [ "192.168.33.1/16" ],
	"enforcement_exclusions": [ "user_sessions" ]
}

Delete the Access Restriction

curl -i -X DELETE https://pce.my-company.com:8443/api/v2/orgs/1/access_restrictions/1

Curl Command to associate an Access Restriction with an Org Auth Sec Principal (PUT)

curl -i -X -PUT https://pce.my-company.com:8443/api/v2/orgs/1/auth_security_principals/76a0607b-6961-4c74-a98a-8b10775c8a9b
{
	"name": "[email protected]",
	"display_name": "test",
	"type": "user",
	"access_restriction": {
	"href": "/orgs/1/access_restrictions/1"
}
}

Read a Trusted Proxy IP

curl -i -X GET https://pce.my-company.com:8443/api/v2/orgs/1/access_restrictions/

Update a Trusted Proxy IP

curl -i -X PUT https://pce.my-company.com:8443/api/v2/orgs/1/settings/trusted_proxy_ips/
{
	"trusted_proxy_ips": [
		{
			"pce_fqdn": null,
			"ip": "66.151.147.0/24"
		},
		{
			"pce_fqdn": null,
			"ip": "192.168.34.0/24"
		}
	]
}
Organization Access

Changes to the organization access introduced a new common schema:

common ipv4_ipv6_subnet

{
	"$schema": "http://json-schema.org/draft-04/schema#",
	"type": "string",
	"oneOf": [
		{ "format": "ipv4" },
		{ "format": "ipv6" }
	]
}

This common schema is replacing the one that is now deleted: common ipv4_subnet

{
	"$schema": "http://json-schema.org/draft-04/schema#",
	"type": "string",
	"pattern": "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.)
			{3}(25[0-5]|2[0-4][0-9]|[01]?[0-9]
                       [0-9]?)(\\/(3[0-2]|[0-2]?[0-9]))?$"
}

Three organization access APIs have been changed to substitute

common/ipv4_subnet.schema with

common/ipv4_ipv6_subnet.schema:

  • orgs_access_restrictions_post

  • orgs_access_restrictions_put

{
	"properties": {
	    "ips": {
		"items": {
		    "$ref": {
			"__old": "../common/ipv4_subnet.schema.json",
                        "__new": "../common/ipv4_ipv6_subnet.schema.json"
		    }
		}
	     }
	}
}

settings_trusted_proxy_ips_put

{
	"properties": {
	    "trusted_proxy_ips": {
		"items": {
		    "properties": {
			"ip": {
			"$ref": {
			"__old": "../common/ipv4_subnet.schema.json",
                        "__new": "../common/ipv4_ipv6_subnet.schema.json"
		    }
		}
	    }
	}
    }