Skip to main content

REST APIs for 24.5

Machine Authentication Reference

This topic covers parameters, properties, and examples for machine authentication.

Request Parameters

Parameter

Description

distinguished_name

The X.509 Subject distinguished name, used if you want this unmanaged workload to use machine authentication when communicating with other hosts.

Request Body

{ 
   "distinguished_name": "CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES" 
}

Curl Command Enable Machine Authentication

curl -i -X PUT https://pce.my-company.com/api/v2/orgs/7/workloads/XXXXXXX-9611-44aa-ae06-fXXX8903db65 -H "Content-Type:application/json" -u $KEY:$TOKEN -d '{"distinguished_name": "CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES"}'
Configure machine authentication on an existing rule

Parameter

Description

machine_auth

An optional boolean flag is used to enable machine authentication for the rule. When set to true, machine authentication is enabled for the rule.

sec_connect

An optional boolean flag enables SecureConnect (host-to-host traffic encryption) for the rule.

Request Body

This example shows the JSON payload for updating a rule to enable machine authentication but with SecureConnect disabled.

{
    "providers": [{"label": {"href": "/orgs/1/labels/1"}}],
    "sec_connect": false,
    "consumers": [{
        "actors": "ams"
    }],
    "consuming_security_principals": [],
    "unscoped_consumers": false,
    "description": "",      
    "ingress_services": [{"proto": 6}],       
    "resolve_labels_as": {
      "providers": ["workloads"],
      "consumers": ["workloads"]
    },
    "enabled": true,
    "machine_auth": true
}

Configure Machine Authentication for Rule

curl -i -X PUT https://pce.my-company.com/api/v2/orgs/1/sec_policy/draft/rule_sets/152/sec_rules/124 -H "Content-Type:application/json" -u $KEY:$TOKEN -d '{"providers":["{"label": {"href":"/orgs/1/labels/1"}}], "sec_connect":false, "consumers":[{"actors":"ams"}],"consuming_security_principals":[], "ingress_services": [{"proto": 6}], unscoped_consumers":false, "description":","resolve_labels_as":{"providers":["workloads"],"consumers":["workloads"]},"enabled":true,"machine_auth":true"}'"consumers":[{"actors":"ams"}],"consuming_security_principals":[], "ingress_services": [{"proto": 6}], unscoped_consumers":false, "description":","resolve_labels_as":{"providers":["workloads"],"consumers":["workloads"]},"enabled":true,"machine_auth":true"}'