Introduction

The Airlock Gateway REST API supports manipulation of virtual hosts, mappings, back-end groups and certificates. Before using the Airlock Gateway REST API for the first time, an API key must be generated in the Configuration Center or using the airlock-user-manager-tool. API keys for a read-only user must be generated with the tool.

Typical Call Sequence

The call sequence of a typical REST API interaction is as follows:

  1. Creating an Airlock REST Session

    The first call must create a REST session. In this call, the generated API key must be sent as an Authorization: Bearer header. The session is identified by the JSESSIONID cookie provided in the response. This cookie must be appended to all subsequent calls of the same session.

  2. Loading a Configuration

    Handling of configurations is similar to the Configuration Center UI. A configuration must first be loaded, then edited and finally activated or saved. After activation/saving, a new configuration entry is available. Before activating/saving the edited configuration is only available in the current session context and not persisted. Note that the currently active configuration is not automatically loaded. In order to do so call Load the Active Configuration. For an overview of the available configuration actions, have a look at section Configurations.

  3. Manipulating Objects

    Once a configuration is loaded, the actual manipulation of objects may start. Arbitrary calls on virtual hosts, mappings, back-end groups or certificate resources may be sent. Each call updates the state of the configuration and subsequent calls operate on the most current state of the configuration.

    To access specific resources directly, e.g. to load a mapping by its name, use the filter parameter. Supported parameters vary depending on the accessed objects. Please refer to the corresponding call for accessing all objects, e.g. Access all Mappings, for details on the supported filter parameters.

  4. Validating Changes

    When configuration manipulation is finished, validation messages can be retrieved. Messages with severity ERROR prevent activation of the configuration.

  5. Activating or Saving the Configuration

    Finally, the modified configuration can be saved or activated.

  6. Terminating the REST Session

    After the session is finished, the session must be terminated.

Best Practices for Configuration Staging

When a service configuration is staged from development through testing into production, several processes are involved. Regarding the Airlock Gateway configuration, an approach based on common configuration templates is most suitable:

Configuration Templating

While the REST API supports export and import of entire mappings (e.g. Import Mappings (New or Replace)), the JSON objects received from GET calls (e.g. virtual hosts or back-end groups) may serve as templates as well and be used in UPDATE/PATCH calls. Integration aspects of a service should be covered by these environment-agnostic template objects. For instance, the choices of adequate security levels for deny rules and possible exceptions should be made during initial (and continuous) service integration. This integration process is best supported by features of the graphical user interface, such as the policy learning dashboard.

Service Deployment

When a service is deployed, configuration templates must be enriched with environment-specific attributes (e.g., IP addresses, hostnames, certificates, paths, etc.). This process is typically fully automated and supported by the Airlock Gateway REST API. Parameterization of template objects could be done by replacing placeholders in template JSON objects before calling the corresponding UPDATE or PATCH action. For mappings, which contain by far the most configuration attributes, we have added sophisticated staging features to the REST API: Source mappings and locked attributes. That is, a common source mapping may serve as the integration template for all environments and be synchronized using import/export calls. The environment-specfic parameters may be mixed in by deriving from the template mapping and overriding specific attributes. Note that Airlock system templates (e.g., the Exchange mapping templates) may also be used as source mappings.

Have a look at these calls for more information:

Reference Handling

Airlock Gateway’s configuration objects hold many references to each other, e.g., mappings are linked to virtual hosts and back-end groups and certificates are linked to virtual hosts. These references are managed by separate relationship REST endpoints (see e.g. Add Virtual Host Connections).

JSON:API Format

Where applicable, the Airlock Gateway REST API follows the JSON:API specification. In a nutshell, it specifies a schema for the request and response JSON objects. Top-level JSON:API documents contains at least one resource object, a collection of resource objects or a certain amount of error objects. In addition, a metadata object may be provided. Every resource object has a symbolic type and an id. Attributes are located in an attribute object.

HTTP Verbs

Verb Usage

GET

Used to retrieve a resource.

POST

Used to create a new resource.

PATCH

Used to update an existing resource, including partial updates.

DELETE

Used to delete an existing resource.

Using PATCH

When using PATCH to update an existing resource, the following attributes must be provided:

  • data[].type

  • data[].id

  • At least one element in the data[].attributes object

The data[].id attribute and the resource identifier path segment MUST be equal.

For lists and arrays within the data[].attributes object, the complete list/array must be provided.

For instance, this is how to PATCH the maintenance page flag on mapping 42:

PATCH https://${AIRLOCK}/airlock/rest/configuration/mappings/42 HTTP/1.1
Content-Type: application/json
Cookie: JSESSIONID=1810C58523C084F6ED5C237C09B70CB7
Accept: application/json
Host: $AIRLOCK

{
	"data": {
		"type": "mapping",
		"id": 42,
		"attributes": {
			"enableMaintenancePage": true
		}
	}
}

Note: The placeholder "${AIRLOCK}" in the example above must be replaced with the hostname of the targeted Airlock Gateway.

HTTP Status Codes

Status code Usage

200 OK

The request completed successfully. This status code is returned e.g. by a successful GET request.

201 Created

A new resource has been successfully created with a POST request.

204 No Content

The request completed successfully. This status code is returned e.g. by a successful DELETE or PATCH request.

400 Bad Request

The request was malformed.

401 Unauthorized

Invalid or missing authentication.

403 Forbidden

Insufficient credentials or call is not allowed.

404 Not Found

The requested resource or entity did not exist.

415 Unsupported Media Type

The REST endpoint doesn’t support the payload format.

500 Internal Server Error

The service call did not succeed.

Note: The JSON:API specification describes the possible HTTP status codes for the various HTTP verbs. Generally HTTP status codes 2xx (like 200, 204, …​) indicate that the requested operation was successful.

Date Format

Timestamps retrieved via REST API conform to the format (ISO-8601):

yyyy-MM-dd'T'HH:mm:ss.SSSXXX

An example of such a timestamp is:

2011-12-03T10:15:30.000+01:00

Search and Filtering

Some endpoints allow to apply a filter. The query parameter that facilitates a search filter is called filter. A single filter has the structure:

property operator value

where

  • property is the field in the JSON structure to which the filter refers to

  • operator defines what kind of search is performed. It can either be an exact search == or a substring search =@

  • value the value that is being searched for (case sensitive!)

All of the following examples do not use URL encoding for better readability.

Note: The placeholder "${AIRLOCK}" in the following examples must be replaced with the hostname of the targeted Airlock Gateway.

An example for an exact search on a back-end group’s name is:

GET https://${AIRLOCK}/airlock/rest/configuration/back-end-groups?filter=name==mySearchTerm

An example for a substring search is:

GET https://${AIRLOCK}/airlock/rest/configuration/back-end-groups?filter=name=@mySearchTerm

Filters can be combined using AND logic by providing multiple filter parameters. For example, to search for all validator messages of type WARNING for all back-end groups, the query is:

GET https://${AIRLOCK}/airlock/rest/configuration/validator-messages?filter=severity=warning&filter=type==back-end-group

Filters can also be combined using OR logic by using commas inside a filter expression. For example, to search for all virtual hosts with either name equal to 'mySearchTerm' or HTTP port equal to 88, the query is:

GET https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts?filter=name==mySearchTerm,networkInterface.http.port==88

Response Format

Responses in the Airlock Gateway REST API follow the JSON:API specification as defined in JSON:API specification. JSON:API distinguishes between regular and error responses, where errors have a HTTP status code in the range 4XX or 5XX. Error responses are generic and decribed below.

Error Response

Error responses are sent to the client, if either the user provides wrong input, or if server-side errors occur. They have HTTP status codes in the range 4XX (client errors) or 5XX (server errors).

Example
{
    "meta": {
        "type": "jsonapi.metadata.document",
        "timestamp": "2018-04-23T10:36:12.193+02:00"
    },
    "errors": [
        {
            "code": "ENTITY_NOT_FOUND"
        }
    ]
}
404 (NOT FOUND) response

A call will be answered with a 404 - NOT FOUND response if the requested resource cannot be found. This might be the case if

  • the requested URL contains a typo

  • the requested URL contains an identifier but no entity with this identifier exists in the context of the current request. In cases where the entity that could not be found, the error code ENTITY_NOT_FOUND is set in the response.

415 (UNSUPPORTED MEDIA TYPE) response

The HTTP status code 415 - UNSUPPORTED MEDIA TYPE indicates that the server refuses to accept the request because the payload format is in an unsupported format. The format problem might be due to the request’s indicated Content-Type or Content-Encoding, or as a result of inspecting the data directly. Where applicable the endpoint declares the accepted Content-Type which is typically application/json.

Error Codes

Error objects can contain an optional code that gives more detail about the error situation. Currently, the following generic error codes can occur:

  • CONFIGURATION_LOAD_REQUIRED: the operation requires to load a configuration.

  • ENTITY_NOT_FOUND: the specified resource could not be found.

  • INVALID_REQUEST_FORMAT: the request format is syntactically invalid (parse error).

  • INVALID_VALUE: the request contains invalid values. For more information see logs.

Examples

The following examples illustrate the typical call sequence for enabling the maintenance page on a given mapping. One example uses Python, one bash.

Python Example

#!/usr/bin/env python3

import requests
import urllib3
from urllib.parse import urlencode
from json import dumps

TOKEN = 'Bearer ...'
AIRLOCK_HOSTNAME = '...'
BASE_URL = f"https://{AIRLOCK_HOSTNAME}/airlock/rest"
HEADERS = {
    'Authorization': TOKEN,
    'Accept': 'application/json',
    'Content-Type': 'application/json'
}
urllib3.disable_warnings()
session = requests.session()
session.verify = False
session.headers.update(HEADERS)


def build_url(*res, **params):
    u = BASE_URL
    for r in res:
        u = '{}/{}'.format(u, r)
    if params:
        u = '{}?{}'.format(u, urlencode(params))
    return u


try:
    url = build_url('session/create')
    response = session.post(url)
    response.raise_for_status()

    url = build_url('configuration/configurations/load-active')
    response = session.post(url)
    response.raise_for_status()

    url = build_url('configuration/mappings', filter='name==auth')
    response = session.get(url)
    response.raise_for_status()
    mapping_id = response.json()['data'][0]['id']

    data = {
        'data': {
            'type': 'mapping',
            'id': mapping_id,
            'attributes': {
                'enableMaintenancePage': True,
            }
        }
    }
    url = build_url('configuration/mappings', mapping_id)
    response = session.patch(url, data=dumps(data))
    response.raise_for_status()

    url = build_url('configuration/validator-messages', filter='meta.severity==error')
    response = session.get(url)
    response.raise_for_status()
    error_count = len(response.json()['data'])
    if error_count != 0:
        raise RuntimeError('Configuration is invalid')

    data = {'comment': 'Enable maintenance page for mapping auth'}
    url = build_url('configuration/configurations/activate')
    response = session.post(url, data=dumps(data))
    response.raise_for_status()
    print('Maintenance page set successfully')
finally:
    url = build_url('session/terminate')
    response = session.post(url)
    response.raise_for_status()

Bash Example

#!/bin/bash
#
TOKEN="Bearer ..."
AIRLOCK_HOSTNAME="..."
BASE_URL="https://${AIRLOCK_HOSTNAME}/airlock/rest"
COOKIE=$(mktemp)
CURL="curl --insecure --silent --header 'Accept: application/json' --cookie-jar ${COOKIE} --cookie ${COOKIE}"
MAPPING_NAME='auth'

function assertHttpStatusCode2xx() {
	httpStatusCode=$1
	if [[ ! ${httpStatusCode} =~ 20[014] ]];then
		echo >&2 "Expected HTTP status codes: 200/201/204. Actual status code: ${httpStatusCode}"
		exit 1
	fi
}

trap 'rm -f -- "${COOKIE}"' INT TERM HUP EXIT

# create session
HTTP_STATUS_CODE=$(${CURL} ${BASE_URL}/session/create \
	--request POST \
	--header "Authorization: ${TOKEN}" \
	--write-out "%{http_code}")
assertHttpStatusCode2xx ${HTTP_STATUS_CODE}

# load the active configuration
HTTP_STATUS_CODE=$(${CURL} ${BASE_URL}/configuration/configurations/load-active \
	--request POST \
	--write-out "%{http_code}" \
    --output /dev/null)
assertHttpStatusCode2xx ${HTTP_STATUS_CODE}

# search mapping with name 'auth'
MAPPING_AUTH_COUNT=$(${CURL} ${BASE_URL}/configuration/mappings?filter=name%3D%3D${MAPPING_NAME} | jq ".data | length")
if [[ ${MAPPING_AUTH_COUNT} -ne 1 ]]; then
  echo >&2 "Could not find mapping '${MAPPING_NAME}'"
  exit 1
fi
MAPPING_ID=$(${CURL} ${BASE_URL}/configuration/mappings?filter=name%3D%3D${MAPPING_NAME} | jq -r '.data[].id')

# enable maintenance page
HTTP_STATUS_CODE=$(${CURL} ${BASE_URL}/configuration/mappings/${MAPPING_ID} \
	--request PATCH \
	--write-out "%{http_code}" \
    --output /dev/null \
	--header 'Content-Type: application/json' \
	--data '{ "data" : { "type" : "mapping", "attributes" : { "enableMaintenancePage" : true }}}')
assertHttpStatusCode2xx ${HTTP_STATUS_CODE}

# verify configuration
ERROR_COUNT=$(${CURL} ${BASE_URL}/configuration/validator-messages?filter=meta.severity%3D%3Derror | jq ".data | length")
if [[ ${ERROR_COUNT} -ne 0 ]]; then
  echo >&2 "Configuration is invalid"
  exit 1
fi

# activate configuration
HTTP_STATUS_CODE=$(${CURL} ${BASE_URL}/configuration/configurations/activate \
	--request POST \
	--write-out "%{http_code}" \
	--header 'Content-Type: application/json' \
	--data '{ "comment" : "Enable maintenance page for mapping auth" }')
assertHttpStatusCode2xx ${HTTP_STATUS_CODE}

# terminate session
HTTP_STATUS_CODE=$(${CURL} ${BASE_URL}/session/terminate \
	--request POST \
	--write-out "%{http_code}" \
    --output /dev/null)
assertHttpStatusCode2xx ${HTTP_STATUS_CODE}

echo "Maintenance page set successfully"

Authentication

Overview

The first REST call to create a session must be authenticated with an "Authorization: Bearer" header and a valid JWT token. The issued tokens have a validity period of 2 years. Existing tokens can be revoked or deleted at any time. If a token is invalid or expired the REST call will return the HTTP status code '403'.

Create a Token

In the Airlock Configuration Center - 'System Admin, any user with the role 'airlock-administrator' can generate or renew the token. Regeneration of a token renders any older token invalid.

Usage

Once the token is issued it can be used in scripts to authenticate the REST call. To authenticate and create a session the resource /session/create must be called. All future calls must then use the issued JSESSIONID cookie.

Create a Session

POST /session/create

The call to /session/create does not implicitly load a configuration. Please refer to Load the Active Configuration or Load a Configuration for more information.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/session/create" -i -X POST \
    -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIwIiwibmFtZSI6IkpvaG4gRG9lIn0.Zg5Pnu-F_JPWNf2QrQb6BACHw6IUPptKuMlPaTwOhHo' \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK

Terminate a Session

POST /session/terminate

This terminates the session, any unsaved or unactivated configuration changes will be lost.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/session/terminate" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK

Configurations

Access all Configurations

GET /configuration/configurations

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "configuration" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.comment

String

Comment describing the changes made.

data[].attributes.configType

String

Configuration file type.

Allowed values:
- CURRENTLY_ACTIVE
- ACTIVATED
- SAVED
- INITIAL

data[].attributes.createdAt

String

Time when the configuration was created.

data[].attributes.createdBy

String

Name of the user who created the configuration.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/configurations" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 607

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:21.504Z"
  },
  "data" : [ {
    "type" : "configuration",
    "id" : "87",
    "attributes" : {
      "createdBy" : "admin",
      "createdAt" : "2024-08-04T17:55:21.498Z",
      "comment" : "Added a new mapping",
      "configType" : "CURRENTLY_ACTIVE"
    }
  }, {
    "type" : "configuration",
    "id" : "39",
    "attributes" : {
      "createdBy" : "admin",
      "createdAt" : "2024-08-04T17:48:21.503Z",
      "comment" : "Saving config with new back-end group",
      "configType" : "SAVED"
    }
  } ]
}

Load a Configuration

POST /configuration/configurations/{id}/load

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/configurations/1/load" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Load an Empty Configuration

POST /configuration/configurations/load-empty-config

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/configurations/load-empty-config" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Load the Active Configuration

POST /configuration/configurations/load-active

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/configurations/load-active" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Save a Configuration

POST /configuration/configurations/save

Content-Type application/json

Accept application/json

Allows to save a configuration.

Status Code Description

200

The configuration was successfully saved.

400

No configuration was loaded before.

Request Structure

Path Type Required Description

comment

String

no

Optional comment describing the change.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "configuration" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.comment

String

Comment describing the changes made.

data.attributes.configType

String

Configuration file type.

Allowed values:
- CURRENTLY_ACTIVE
- ACTIVATED
- SAVED
- INITIAL

data.attributes.createdAt

String

Time when the configuration was created.

data.attributes.createdBy

String

Name of the user who created the configuration.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/configurations/save" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "comment" : "describing the changes made"
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 353

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:21.607Z"
  },
  "data" : {
    "type" : "configuration",
    "id" : "1",
    "attributes" : {
      "createdBy" : "admin",
      "createdAt" : "2024-08-04T18:25:21.606Z",
      "comment" : "describing the changes made",
      "configType" : "SAVED"
    }
  }
}

Delete a Configuration

DELETE /configuration/configurations/{id}

Allows to delete a configuration. Note that deletion is not allowed for the currently active and the initial configuration and will be answered with a 403 status code.

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/configurations/1" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Activate a Configuration

POST /configuration/configurations/activate

Content-Type application/json

Performing an activation. Depending on the outcome of the activation, the server responds with different HTTP status codes:

Status Code Description

200

The activation was successful.

400

The configuration has validation errors and thus cannot be activated or no configuration was loaded.

409

The activation could not be completed due to a conflict with the current state of the configuration. Possible reasons are:

  • concurrent activation from different sessions (see options.ignoreOutdatedConfiguration)

  • merge conflicts (see options.autoMerge)

  • activation of an imported configuration without specifying "options.ignoreOutdatedConfiguration": true

500

The activation fails for some reason.

Request Structure

Path Type Required Description

comment

String

no

Optional comment describing the change.

options.autoMerge

Boolean

no

Whether the activation should try to merge concurrent activation attempts.

If set to true, concurrent activations will fail if there is an unresolvable merge conflict.
If set to false, concurrent activations will always fail.

Default value: true

options.failoverActivation

Boolean

no

Whether the activation should perform the changes also on the other host in a failover setup.

Default value: true

options.ignoreOutdatedConfiguration

Boolean

no

Whether the activation should ignore when another user changed the active configuration during your session.
This flag is required for activation of imported configurations. If set to true the autoMerge flag will be ignored and any changes performed by the other user will be overwritten

Default value: false

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/configurations/activate" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "comment" : "Describing my changes for this activation",
  "options" : {
    "ignoreOutdatedConfiguration" : false,
    "autoMerge" : true,
    "failoverActivation" : true
  }
}'

Example Response

HTTP/1.1 200 OK

Export the Current Configuration

GET /configuration/configurations/export

Accept application/zip

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/configurations/export" -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/zip' \
    -o '/tmp/download.zip'

Example Response

HTTP/1.1 200 OK
Content-Type: application/zip
Content-Length: 1

Export a Configuration

GET /configuration/configurations/{id}/export

Accept application/zip

Request a Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/configurations/1/export" -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/zip' \
    -o '/tmp/download.zip'

Example Response

HTTP/1.1 200 OK
Content-Type: application/zip
Content-Length: 1

Import Configuration

PUT /configuration/configurations/import

Content-Type application/zip

Note that prior to the import, a configuration must first be loaded.
After the configuration import the option "options.ignoreOutdatedConfiguration" has to be set to true in the activation call.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/configurations/import" -i -X PUT \
    -H 'Content-Type: application/zip' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    --data-binary '@/tmp/upload.zip'

Example Response

HTTP/1.1 200 OK

Virtual Host

Access all Virtual Hosts

GET /configuration/virtual-hosts

Accept application/json

Request Structure

Parameter Description Required

filter

Optionally allows to filter by: 'name', 'hostName', 'networkInterface.http.port', 'networkInterface.https.port', 'networkInterface.http.enabled' and 'networkInterface.https.enabled'. Click here for more details about the syntax.

no

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "virtual-host" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.aliasNames[]

Array

Additional server aliases for this virtual host.

data[].attributes.defaultRedirect

String

The URL to which clients accessing the root directory of the entry server (without a more qualified path) will be redirected.

data[].attributes.downloadPdfsAsAttachmentsEnforced

Boolean

Whether PDF documents (detected by their content-type application/pdf) are always downloaded as attachments (instead of being displayed within the browser).

data[].attributes.encodedSlashesAllowed

Boolean

Whether encoded slashes (%2F) are allowed in the URL path.

data[].attributes.expertSettings.apache

Object

Expert settings for the Apache web listener.

data[].attributes.expertSettings.apache.enabled

Boolean

Whether the Apache expert settings are enabled.

data[].attributes.expertSettings.apache.settings

String

Expert settings for the Apache web listener.

data[].attributes.expertSettings.securityGate

Object

Expert settings for the Security Gate.

data[].attributes.expertSettings.securityGate.enabled

Boolean

Whether the Security Gate expert settings are enabled.

data[].attributes.expertSettings.securityGate.settings

String

Expert settings for the Security Gate.

data[].attributes.hostName

String

Hostname of the virtual host.

data[].attributes.keepAliveTimeout

Number

HTTP keep-alive timeout in seconds for this virtual host. A value of 0 (zero) disables the HTTP keep-alive function.

data[].attributes.name

String

The logical name of the virtual host.

data[].attributes.networkInterface.externalLogicalInterfaceName

String

The external network interface for this virtual host to receive requests.

data[].attributes.networkInterface.http.enabled

Boolean

Whether HTTP connections are enabled for this host.

data[].attributes.networkInterface.http.httpsRedirectEnforced

Boolean

Whether to redirect all HTTP traffic to HTTPS on this virtual host.

data[].attributes.networkInterface.http.port

Number

Port on which this host listens for HTTP connections.

data[].attributes.networkInterface.https.enabled

Boolean

Whether HTTPS (SSL/TLS) connections are enabled for this host.

data[].attributes.networkInterface.https.http2Allowed

Boolean

Whether HTTP/2 connections are enabled for this host. HTTP/2 can only be enabled for hosts with enabled HTTPS.

data[].attributes.networkInterface.https.port

Number

Port on which this host listens for HTTPS (SSL/TLS) connections.

data[].attributes.networkInterface.ipV4Address

String

The IPv4 address in CIDR format.

data[].attributes.networkInterface.ipV6Address

String

The IPv6 address in CIDR format.

data[].attributes.pathRedirects[]

Array

Dynamic URL redirects of the virtual host.

data[].attributes.pathRedirects[].from

Object

Pattern for paths which shall be redirected. If a matching redirect path is detected, the client will be redirected to the redirect destination.

data[].attributes.pathRedirects[].from.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.pathRedirects[].from.pattern

String

The actual pattern.

data[].attributes.pathRedirects[].redirectStatusCode

String

Status code to use in the redirect response.

Allowed values:
- MOVED_PERMANENTLY
- FOUND
- SEE_OTHER
- TEMPORARY_REDIRECT
- PERMANENT_REDIRECT

data[].attributes.pathRedirects[].to

String

Destination to which the client shall be redirected.

data[].attributes.serverAdmin

String

Email address of the server administrator. It is used as contact information for Let’s Encrypt functionality.

data[].attributes.session.cookieDomain

String

Domain for Airlock’s session cookie if the cookie is created inside this virtual host.

data[].attributes.session.cookiePath

String

Cookie path for Airlock’s session cookie if the cookie is created inside this virtual host.

data[].attributes.showMaintenancePage

Boolean

Whether Airlock Gateway should display a maintenance page instead of performing the request to the back-end server.

data[].attributes.strictlyMatchFullyQualifiedDomainName

Boolean

Whether a virtual host should reply only to requests that match its hostname or any of its server alias names.

data[].attributes.tenant

String

Tenant of the virtual host.

data[].attributes.tls.caCertificatesForChainAndOcspValidation[]

Array

The CA certificates (PEM format) which are used as "trust anchor" during chain and OCSP validation.

data[].attributes.tls.caCertificatesForClientCertificateSelection[]

Array

The Certificate Authorities which are sent to the client during SSL handshake (CA-certificates in PEM format).
These CA names are used by the browser to show a pop-up window to the user with the appropriate client certificate out of the available client certificates.

data[].attributes.tls.chainVerificationDepth

Number

The maximum number of intermediate certificate issuers, i.e. the number of CA certificates which are allowed at maximum to be followed while verifying the client certificate.

data[].attributes.tls.cipherSuite

String

Colon separated list of ciphers that the client is permitted to negotiate. See the mod_ssl documentation for a complete list.

data[].attributes.tls.cipherSuiteMode

String

Allowed values:
- DEFAULT: The default ciphers will be used. (recommended)
- CUSTOM: The customized list of ciphers from "cipherSuite" will be used.

data[].attributes.tls.clientCertificateAuthentication

String

Allowed values:
- NOT_REQUIRED: No client certificate is required for accessing this virtual host.
- OPTIONAL: The client may send a certificate if available, but access is still allowed without. The optional setting is normally used in combination with an authentication service that presents an alternative login page if no certificate is sent.
- REQUIRED: The client must send a valid certificate. If no client certificate is sent, the SSL handshake is cancelled and the browser typically presents the user with a technical error message.

data[].attributes.tls.letsEncryptEnabled

Boolean

Whether Let’s Encrypt support is enabled on this virtual host.

data[].attributes.tls.ocspStaplingEnabled

Boolean

Whether OCSP stapling, as defined by the "Certificate Status Request" TLS extension specified in RFC 6066, is enabled.

data[].attributes.tls.ocspValidationEnforced

Boolean

Whether OCSP validation of the client certificate chain is enabled.

data[].attributes.tls.protocol

String

Allowed and restricted protocols. See the mod_ssl documentation for more information.

data[].attributes.tls.protocolMode

String

Allowed values:
- DEFAULT: The default SSL/TLS protocols will be used. (recommended)
- CUSTOM: The custom protocol configuration from "protocol" will be used.

data[].relationships.mappings.data[]

Array

The mapping references.

data[].relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data[].relationships.mappings.data[].id

String

The ID of the mapping resource.

data[].relationships.ssl-certificate.data

Object

The ssl-certificate references.

data[].relationships.ssl-certificate.data.type

String

The data type of the referenced resource. Must be "ssl-certificate" for this call.

data[].relationships.ssl-certificate.data.id

String

The ID of the ssl-certificate resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts?filter=name%3D%3DmyVirtualHost" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2635

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:27:07.615Z"
  },
  "data" : [ {
    "type" : "virtual-host",
    "id" : "1",
    "attributes" : {
      "name" : "myVirtualHost",
      "tenant" : "",
      "hostName" : "myvirtualhost.example.com",
      "aliasNames" : [ "Alias1DemoHost", "Alias2DemoHost" ],
      "showMaintenancePage" : false,
      "strictlyMatchFullyQualifiedDomainName" : true,
      "keepAliveTimeout" : 100,
      "encodedSlashesAllowed" : true,
      "downloadPdfsAsAttachmentsEnforced" : true,
      "serverAdmin" : "admin@example.com",
      "defaultRedirect" : "/",
      "pathRedirects" : [ {
        "from" : {
          "pattern" : "/sale",
          "caseIgnored" : false
        },
        "to" : "/eshop/products.asp?id=3342",
        "redirectStatusCode" : "MOVED_PERMANENTLY"
      } ],
      "networkInterface" : {
        "externalLogicalInterfaceName" : "EXTERNAL",
        "ipV4Address" : "87.239.214.12/24",
        "ipV6Address" : "2001:500:2::c/64",
        "http" : {
          "enabled" : true,
          "port" : 80,
          "httpsRedirectEnforced" : false
        },
        "https" : {
          "enabled" : false,
          "port" : 443,
          "http2Allowed" : true
        }
      },
      "tls" : {
        "protocol" : "all -TLSv1 -TLSv1.1",
        "protocolMode" : "DEFAULT",
        "cipherSuite" : "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256",
        "cipherSuiteMode" : "DEFAULT",
        "ocspStaplingEnabled" : false,
        "letsEncryptEnabled" : false,
        "clientCertificateAuthentication" : "NOT_REQUIRED",
        "chainVerificationDepth" : 1,
        "ocspValidationEnforced" : false,
        "caCertificatesForClientCertificateSelection" : [ ],
        "caCertificatesForChainAndOcspValidation" : [ ]
      },
      "session" : {
        "cookiePath" : "/",
        "cookieDomain" : "example.com"
      },
      "expertSettings" : {
        "securityGate" : {
          "enabled" : false,
          "settings" : ""
        },
        "apache" : {
          "enabled" : false,
          "settings" : ""
        }
      }
    },
    "relationships" : {
      "mappings" : {
        "data" : [ {
          "type" : "mapping",
          "id" : "50"
        } ]
      },
      "ssl-certificate" : {
        "data" : {
          "type" : "ssl-certificate",
          "id" : "-1000"
        }
      }
    }
  } ]
}

Access a Virtual Host

GET /configuration/virtual-hosts/{id}

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "virtual-host" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.aliasNames[]

Array

Additional server aliases for this virtual host.

data.attributes.defaultRedirect

String

The URL to which clients accessing the root directory of the entry server (without a more qualified path) will be redirected.

data.attributes.downloadPdfsAsAttachmentsEnforced

Boolean

Whether PDF documents (detected by their content-type application/pdf) are always downloaded as attachments (instead of being displayed within the browser).

data.attributes.encodedSlashesAllowed

Boolean

Whether encoded slashes (%2F) are allowed in the URL path.

data.attributes.expertSettings.apache

Object

Expert settings for the Apache web listener.

data.attributes.expertSettings.apache.enabled

Boolean

Whether the Apache expert settings are enabled.

data.attributes.expertSettings.apache.settings

String

Expert settings for the Apache web listener.

data.attributes.expertSettings.securityGate

Object

Expert settings for the Security Gate.

data.attributes.expertSettings.securityGate.enabled

Boolean

Whether the Security Gate expert settings are enabled.

data.attributes.expertSettings.securityGate.settings

String

Expert settings for the Security Gate.

data.attributes.hostName

String

Hostname of the virtual host.

data.attributes.keepAliveTimeout

Number

HTTP keep-alive timeout in seconds for this virtual host. A value of 0 (zero) disables the HTTP keep-alive function.

data.attributes.name

String

The logical name of the virtual host.

data.attributes.networkInterface.externalLogicalInterfaceName

String

The external network interface for this virtual host to receive requests.

data.attributes.networkInterface.http.enabled

Boolean

Whether HTTP connections are enabled for this host.

data.attributes.networkInterface.http.httpsRedirectEnforced

Boolean

Whether to redirect all HTTP traffic to HTTPS on this virtual host.

data.attributes.networkInterface.http.port

Number

Port on which this host listens for HTTP connections.

data.attributes.networkInterface.https.enabled

Boolean

Whether HTTPS (SSL/TLS) connections are enabled for this host.

data.attributes.networkInterface.https.http2Allowed

Boolean

Whether HTTP/2 connections are enabled for this host. HTTP/2 can only be enabled for hosts with enabled HTTPS.

data.attributes.networkInterface.https.port

Number

Port on which this host listens for HTTPS (SSL/TLS) connections.

data.attributes.networkInterface.ipV4Address

String

The IPv4 address in CIDR format.

data.attributes.networkInterface.ipV6Address

String

The IPv6 address in CIDR format.

data.attributes.pathRedirects[]

Array

Dynamic URL redirects of the virtual host.

data.attributes.pathRedirects[].from

Object

Pattern for paths which shall be redirected. If a matching redirect path is detected, the client will be redirected to the redirect destination.

data.attributes.pathRedirects[].from.caseIgnored

Boolean

Whether to ignore case.

data.attributes.pathRedirects[].from.pattern

String

The actual pattern.

data.attributes.pathRedirects[].redirectStatusCode

String

Status code to use in the redirect response.

Allowed values:
- MOVED_PERMANENTLY
- FOUND
- SEE_OTHER
- TEMPORARY_REDIRECT
- PERMANENT_REDIRECT

data.attributes.pathRedirects[].to

String

Destination to which the client shall be redirected.

data.attributes.serverAdmin

String

Email address of the server administrator. It is used as contact information for Let’s Encrypt functionality.

data.attributes.session.cookieDomain

String

Domain for Airlock’s session cookie if the cookie is created inside this virtual host.

data.attributes.session.cookiePath

String

Cookie path for Airlock’s session cookie if the cookie is created inside this virtual host.

data.attributes.showMaintenancePage

Boolean

Whether Airlock Gateway should display a maintenance page instead of performing the request to the back-end server.

data.attributes.strictlyMatchFullyQualifiedDomainName

Boolean

Whether a virtual host should reply only to requests that match its hostname or any of its server alias names.

data.attributes.tenant

String

Tenant of the virtual host.

data.attributes.tls.caCertificatesForChainAndOcspValidation[]

Array

The CA certificates (PEM format) which are used as "trust anchor" during chain and OCSP validation.

data.attributes.tls.caCertificatesForClientCertificateSelection[]

Array

The Certificate Authorities which are sent to the client during SSL handshake (CA-certificates in PEM format).
These CA names are used by the browser to show a pop-up window to the user with the appropriate client certificate out of the available client certificates.

data.attributes.tls.chainVerificationDepth

Number

The maximum number of intermediate certificate issuers, i.e. the number of CA certificates which are allowed at maximum to be followed while verifying the client certificate.

data.attributes.tls.cipherSuite

String

Colon separated list of ciphers that the client is permitted to negotiate. See the mod_ssl documentation for a complete list.

data.attributes.tls.cipherSuiteMode

String

Allowed values:
- DEFAULT: The default ciphers will be used. (recommended)
- CUSTOM: The customized list of ciphers from "cipherSuite" will be used.

data.attributes.tls.clientCertificateAuthentication

String

Allowed values:
- NOT_REQUIRED: No client certificate is required for accessing this virtual host.
- OPTIONAL: The client may send a certificate if available, but access is still allowed without. The optional setting is normally used in combination with an authentication service that presents an alternative login page if no certificate is sent.
- REQUIRED: The client must send a valid certificate. If no client certificate is sent, the SSL handshake is cancelled and the browser typically presents the user with a technical error message.

data.attributes.tls.letsEncryptEnabled

Boolean

Whether Let’s Encrypt support is enabled on this virtual host.

data.attributes.tls.ocspStaplingEnabled

Boolean

Whether OCSP stapling, as defined by the "Certificate Status Request" TLS extension specified in RFC 6066, is enabled.

data.attributes.tls.ocspValidationEnforced

Boolean

Whether OCSP validation of the client certificate chain is enabled.

data.attributes.tls.protocol

String

Allowed and restricted protocols. See the mod_ssl documentation for more information.

data.attributes.tls.protocolMode

String

Allowed values:
- DEFAULT: The default SSL/TLS protocols will be used. (recommended)
- CUSTOM: The custom protocol configuration from "protocol" will be used.

data.relationships.mappings.data[]

Array

The mapping references.

data.relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.mappings.data[].id

String

The ID of the mapping resource.

data.relationships.ssl-certificate.data

Object

The ssl-certificate references.

data.relationships.ssl-certificate.data.type

String

The data type of the referenced resource. Must be "ssl-certificate" for this call.

data.relationships.ssl-certificate.data.id

String

The ID of the ssl-certificate resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts/2" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2631

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:27:07.203Z"
  },
  "data" : {
    "type" : "virtual-host",
    "id" : "2",
    "attributes" : {
      "name" : "myVirtualHost",
      "tenant" : "",
      "hostName" : "myvirtualhost.example.com",
      "aliasNames" : [ "Alias1DemoHost", "Alias2DemoHost" ],
      "showMaintenancePage" : false,
      "strictlyMatchFullyQualifiedDomainName" : true,
      "keepAliveTimeout" : 100,
      "encodedSlashesAllowed" : true,
      "downloadPdfsAsAttachmentsEnforced" : true,
      "serverAdmin" : "admin@example.com",
      "defaultRedirect" : "/",
      "pathRedirects" : [ {
        "from" : {
          "pattern" : "/sale",
          "caseIgnored" : false
        },
        "to" : "/eshop/products.asp?id=3342",
        "redirectStatusCode" : "MOVED_PERMANENTLY"
      } ],
      "networkInterface" : {
        "externalLogicalInterfaceName" : "EXTERNAL",
        "ipV4Address" : "87.239.214.12/24",
        "ipV6Address" : "2001:500:2::c/64",
        "http" : {
          "enabled" : true,
          "port" : 80,
          "httpsRedirectEnforced" : false
        },
        "https" : {
          "enabled" : false,
          "port" : 443,
          "http2Allowed" : true
        }
      },
      "tls" : {
        "protocol" : "all -TLSv1 -TLSv1.1",
        "protocolMode" : "DEFAULT",
        "cipherSuite" : "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256",
        "cipherSuiteMode" : "DEFAULT",
        "ocspStaplingEnabled" : false,
        "letsEncryptEnabled" : false,
        "clientCertificateAuthentication" : "NOT_REQUIRED",
        "chainVerificationDepth" : 1,
        "ocspValidationEnforced" : false,
        "caCertificatesForClientCertificateSelection" : [ ],
        "caCertificatesForChainAndOcspValidation" : [ ]
      },
      "session" : {
        "cookiePath" : "/",
        "cookieDomain" : "example.com"
      },
      "expertSettings" : {
        "securityGate" : {
          "enabled" : false,
          "settings" : ""
        },
        "apache" : {
          "enabled" : false,
          "settings" : ""
        }
      }
    },
    "relationships" : {
      "mappings" : {
        "data" : [ {
          "type" : "mapping",
          "id" : "50"
        } ]
      },
      "ssl-certificate" : {
        "data" : {
          "type" : "ssl-certificate",
          "id" : "-1000"
        }
      }
    }
  }
}

Create a Virtual Host

POST /configuration/virtual-hosts

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "virtual-host" for this call.

data.attributes.aliasNames[]

Array

yes

Additional server aliases for this virtual host.

data.attributes.defaultRedirect

String

yes

The URL to which clients accessing the root directory of the entry server (without a more qualified path) will be redirected.

data.attributes.downloadPdfsAsAttachmentsEnforced

Boolean

yes

Whether PDF documents (detected by their content-type application/pdf) are always downloaded as attachments (instead of being displayed within the browser).

data.attributes.encodedSlashesAllowed

Boolean

yes

Whether encoded slashes (%2F) are allowed in the URL path.

data.attributes.expertSettings.apache

Object

yes

Expert settings for the Apache web listener.

data.attributes.expertSettings.apache.enabled

Boolean

yes

Whether the Apache expert settings are enabled.

data.attributes.expertSettings.apache.settings

String

yes

Expert settings for the Apache web listener.

data.attributes.expertSettings.securityGate

Object

yes

Expert settings for the Security Gate.

data.attributes.expertSettings.securityGate.enabled

Boolean

yes

Whether the Security Gate expert settings are enabled.

data.attributes.expertSettings.securityGate.settings

String

yes

Expert settings for the Security Gate.

data.attributes.hostName

String

yes

Hostname of the virtual host.

data.attributes.keepAliveTimeout

Number

yes

HTTP keep-alive timeout in seconds for this virtual host. A value of 0 (zero) disables the HTTP keep-alive function.

data.attributes.name

String

yes

The logical name of the virtual host.

data.attributes.networkInterface.externalLogicalInterfaceName

String

yes

The external network interface for this virtual host to receive requests.

data.attributes.networkInterface.http.enabled

Boolean

yes

Whether HTTP connections are enabled for this host.

data.attributes.networkInterface.http.httpsRedirectEnforced

Boolean

yes

Whether to redirect all HTTP traffic to HTTPS on this virtual host.

data.attributes.networkInterface.http.port

Number

yes

Port on which this host listens for HTTP connections.

data.attributes.networkInterface.https.enabled

Boolean

yes

Whether HTTPS (SSL/TLS) connections are enabled for this host.

data.attributes.networkInterface.https.http2Allowed

Boolean

yes

Whether HTTP/2 connections are enabled for this host. HTTP/2 can only be enabled for hosts with enabled HTTPS.

data.attributes.networkInterface.https.port

Number

yes

Port on which this host listens for HTTPS (SSL/TLS) connections.

data.attributes.networkInterface.ipV4Address

String

yes

The IPv4 address in CIDR format.

data.attributes.networkInterface.ipV6Address

String

yes

The IPv6 address in CIDR format.

data.attributes.pathRedirects[]

Array

yes

Dynamic URL redirects of the virtual host.

data.attributes.pathRedirects[].from

Object

yes

Pattern for paths which shall be redirected. If a matching redirect path is detected, the client will be redirected to the redirect destination.

data.attributes.pathRedirects[].from.caseIgnored

Boolean

yes

Whether to ignore case.

data.attributes.pathRedirects[].from.pattern

String

yes

The actual pattern.

data.attributes.pathRedirects[].redirectStatusCode

String

yes

Status code to use in the redirect response.

Allowed values:
- MOVED_PERMANENTLY
- FOUND
- SEE_OTHER
- TEMPORARY_REDIRECT
- PERMANENT_REDIRECT

data.attributes.pathRedirects[].to

String

yes

Destination to which the client shall be redirected.

data.attributes.serverAdmin

String

yes

Email address of the server administrator. It is used as contact information for Let’s Encrypt functionality.

data.attributes.session.cookieDomain

String

yes

Domain for Airlock’s session cookie if the cookie is created inside this virtual host.

data.attributes.session.cookiePath

String

yes

Cookie path for Airlock’s session cookie if the cookie is created inside this virtual host.

data.attributes.showMaintenancePage

Boolean

yes

Whether Airlock Gateway should display a maintenance page instead of performing the request to the back-end server.

data.attributes.strictlyMatchFullyQualifiedDomainName

Boolean

yes

Whether a virtual host should reply only to requests that match its hostname or any of its server alias names.

data.attributes.tenant

String

yes

Tenant of the virtual host.

data.attributes.tls.caCertificatesForChainAndOcspValidation[]

Array

yes

The CA certificates (PEM format) which are used as "trust anchor" during chain and OCSP validation.

data.attributes.tls.caCertificatesForClientCertificateSelection[]

Array

yes

The Certificate Authorities which are sent to the client during SSL handshake (CA-certificates in PEM format).
These CA names are used by the browser to show a pop-up window to the user with the appropriate client certificate out of the available client certificates.

data.attributes.tls.chainVerificationDepth

Number

yes

The maximum number of intermediate certificate issuers, i.e. the number of CA certificates which are allowed at maximum to be followed while verifying the client certificate.

data.attributes.tls.cipherSuite

String

yes

Colon separated list of ciphers that the client is permitted to negotiate. See the mod_ssl documentation for a complete list.

data.attributes.tls.cipherSuiteMode

String

yes

Allowed values:
- DEFAULT: The default ciphers will be used. (recommended)
- CUSTOM: The customized list of ciphers from "cipherSuite" will be used.

data.attributes.tls.clientCertificateAuthentication

String

yes

Allowed values:
- NOT_REQUIRED: No client certificate is required for accessing this virtual host.
- OPTIONAL: The client may send a certificate if available, but access is still allowed without. The optional setting is normally used in combination with an authentication service that presents an alternative login page if no certificate is sent.
- REQUIRED: The client must send a valid certificate. If no client certificate is sent, the SSL handshake is cancelled and the browser typically presents the user with a technical error message.

data.attributes.tls.letsEncryptEnabled

Boolean

yes

Whether Let’s Encrypt support is enabled on this virtual host.

data.attributes.tls.ocspStaplingEnabled

Boolean

yes

Whether OCSP stapling, as defined by the "Certificate Status Request" TLS extension specified in RFC 6066, is enabled.

data.attributes.tls.ocspValidationEnforced

Boolean

yes

Whether OCSP validation of the client certificate chain is enabled.

data.attributes.tls.protocol

String

yes

Allowed and restricted protocols. See the mod_ssl documentation for more information.

data.attributes.tls.protocolMode

String

yes

Allowed values:
- DEFAULT: The default SSL/TLS protocols will be used. (recommended)
- CUSTOM: The custom protocol configuration from "protocol" will be used.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "virtual-host" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.aliasNames[]

Array

Additional server aliases for this virtual host.

data.attributes.defaultRedirect

String

The URL to which clients accessing the root directory of the entry server (without a more qualified path) will be redirected.

data.attributes.downloadPdfsAsAttachmentsEnforced

Boolean

Whether PDF documents (detected by their content-type application/pdf) are always downloaded as attachments (instead of being displayed within the browser).

data.attributes.encodedSlashesAllowed

Boolean

Whether encoded slashes (%2F) are allowed in the URL path.

data.attributes.expertSettings.apache

Object

Expert settings for the Apache web listener.

data.attributes.expertSettings.apache.enabled

Boolean

Whether the Apache expert settings are enabled.

data.attributes.expertSettings.apache.settings

String

Expert settings for the Apache web listener.

data.attributes.expertSettings.securityGate

Object

Expert settings for the Security Gate.

data.attributes.expertSettings.securityGate.enabled

Boolean

Whether the Security Gate expert settings are enabled.

data.attributes.expertSettings.securityGate.settings

String

Expert settings for the Security Gate.

data.attributes.hostName

String

Hostname of the virtual host.

data.attributes.keepAliveTimeout

Number

HTTP keep-alive timeout in seconds for this virtual host. A value of 0 (zero) disables the HTTP keep-alive function.

data.attributes.name

String

The logical name of the virtual host.

data.attributes.networkInterface.externalLogicalInterfaceName

String

The external network interface for this virtual host to receive requests.

data.attributes.networkInterface.http.enabled

Boolean

Whether HTTP connections are enabled for this host.

data.attributes.networkInterface.http.httpsRedirectEnforced

Boolean

Whether to redirect all HTTP traffic to HTTPS on this virtual host.

data.attributes.networkInterface.http.port

Number

Port on which this host listens for HTTP connections.

data.attributes.networkInterface.https.enabled

Boolean

Whether HTTPS (SSL/TLS) connections are enabled for this host.

data.attributes.networkInterface.https.http2Allowed

Boolean

Whether HTTP/2 connections are enabled for this host. HTTP/2 can only be enabled for hosts with enabled HTTPS.

data.attributes.networkInterface.https.port

Number

Port on which this host listens for HTTPS (SSL/TLS) connections.

data.attributes.networkInterface.ipV4Address

String

The IPv4 address in CIDR format.

data.attributes.networkInterface.ipV6Address

String

The IPv6 address in CIDR format.

data.attributes.pathRedirects[]

Array

Dynamic URL redirects of the virtual host.

data.attributes.pathRedirects[].from

Object

Pattern for paths which shall be redirected. If a matching redirect path is detected, the client will be redirected to the redirect destination.

data.attributes.pathRedirects[].from.caseIgnored

Boolean

Whether to ignore case.

data.attributes.pathRedirects[].from.pattern

String

The actual pattern.

data.attributes.pathRedirects[].redirectStatusCode

String

Status code to use in the redirect response.

Allowed values:
- MOVED_PERMANENTLY
- FOUND
- SEE_OTHER
- TEMPORARY_REDIRECT
- PERMANENT_REDIRECT

data.attributes.pathRedirects[].to

String

Destination to which the client shall be redirected.

data.attributes.serverAdmin

String

Email address of the server administrator. It is used as contact information for Let’s Encrypt functionality.

data.attributes.session.cookieDomain

String

Domain for Airlock’s session cookie if the cookie is created inside this virtual host.

data.attributes.session.cookiePath

String

Cookie path for Airlock’s session cookie if the cookie is created inside this virtual host.

data.attributes.showMaintenancePage

Boolean

Whether Airlock Gateway should display a maintenance page instead of performing the request to the back-end server.

data.attributes.strictlyMatchFullyQualifiedDomainName

Boolean

Whether a virtual host should reply only to requests that match its hostname or any of its server alias names.

data.attributes.tenant

String

Tenant of the virtual host.

data.attributes.tls.caCertificatesForChainAndOcspValidation[]

Array

The CA certificates (PEM format) which are used as "trust anchor" during chain and OCSP validation.

data.attributes.tls.caCertificatesForClientCertificateSelection[]

Array

The Certificate Authorities which are sent to the client during SSL handshake (CA-certificates in PEM format).
These CA names are used by the browser to show a pop-up window to the user with the appropriate client certificate out of the available client certificates.

data.attributes.tls.chainVerificationDepth

Number

The maximum number of intermediate certificate issuers, i.e. the number of CA certificates which are allowed at maximum to be followed while verifying the client certificate.

data.attributes.tls.cipherSuite

String

Colon separated list of ciphers that the client is permitted to negotiate. See the mod_ssl documentation for a complete list.

data.attributes.tls.cipherSuiteMode

String

Allowed values:
- DEFAULT: The default ciphers will be used. (recommended)
- CUSTOM: The customized list of ciphers from "cipherSuite" will be used.

data.attributes.tls.clientCertificateAuthentication

String

Allowed values:
- NOT_REQUIRED: No client certificate is required for accessing this virtual host.
- OPTIONAL: The client may send a certificate if available, but access is still allowed without. The optional setting is normally used in combination with an authentication service that presents an alternative login page if no certificate is sent.
- REQUIRED: The client must send a valid certificate. If no client certificate is sent, the SSL handshake is cancelled and the browser typically presents the user with a technical error message.

data.attributes.tls.letsEncryptEnabled

Boolean

Whether Let’s Encrypt support is enabled on this virtual host.

data.attributes.tls.ocspStaplingEnabled

Boolean

Whether OCSP stapling, as defined by the "Certificate Status Request" TLS extension specified in RFC 6066, is enabled.

data.attributes.tls.ocspValidationEnforced

Boolean

Whether OCSP validation of the client certificate chain is enabled.

data.attributes.tls.protocol

String

Allowed and restricted protocols. See the mod_ssl documentation for more information.

data.attributes.tls.protocolMode

String

Allowed values:
- DEFAULT: The default SSL/TLS protocols will be used. (recommended)
- CUSTOM: The custom protocol configuration from "protocol" will be used.

data.relationships.mappings.data[]

Array

The mapping references.

data.relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.mappings.data[].id

String

The ID of the mapping resource.

data.relationships.ssl-certificate.data

Object

The ssl-certificate references.

data.relationships.ssl-certificate.data.type

String

The data type of the referenced resource. Must be "ssl-certificate" for this call.

data.relationships.ssl-certificate.data.id

String

The ID of the ssl-certificate resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "virtual-host",
    "attributes" : {
      "name" : "myVirtualHost",
      "tenant" : "AirlockBankingCo",
      "hostName" : "myvirtualhost.example.com",
      "aliasNames" : [ ],
      "showMaintenancePage" : true,
      "strictlyMatchFullyQualifiedDomainName" : false,
      "keepAliveTimeout" : 3600,
      "encodedSlashesAllowed" : true,
      "downloadPdfsAsAttachmentsEnforced" : true,
      "serverAdmin" : "admin@example.com",
      "defaultRedirect" : "/",
      "pathRedirects" : [ {
        "from" : {
          "pattern" : "/",
          "caseIgnored" : true
        },
        "to" : "/redirect/path",
        "redirectStatusCode" : "MOVED_PERMANENTLY"
      } ],
      "networkInterface" : {
        "externalLogicalInterfaceName" : "EXT0",
        "ipV4Address" : "87.239.214.12/24",
        "ipV6Address" : "2001:500:2::c/64",
        "http" : {
          "enabled" : true,
          "port" : 80,
          "httpsRedirectEnforced" : false
        },
        "https" : {
          "enabled" : false,
          "port" : 443,
          "http2Allowed" : false
        }
      },
      "tls" : {
        "protocol" : "SSL42",
        "protocolMode" : "CUSTOM",
        "cipherSuite" : "AES42",
        "cipherSuiteMode" : "CUSTOM",
        "ocspStaplingEnabled" : true,
        "letsEncryptEnabled" : false,
        "clientCertificateAuthentication" : "NOT_REQUIRED",
        "chainVerificationDepth" : 1,
        "ocspValidationEnforced" : true,
        "caCertificatesForClientCertificateSelection" : [ ],
        "caCertificatesForChainAndOcspValidation" : [ ]
      },
      "session" : {
        "cookiePath" : "/",
        "cookieDomain" : ""
      },
      "expertSettings" : {
        "securityGate" : {
          "enabled" : false,
          "settings" : ""
        },
        "apache" : {
          "enabled" : false,
          "settings" : ""
        }
      }
    }
  }
}'

Example Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 2043

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:27:07.569Z"
  },
  "data" : {
    "type" : "virtual-host",
    "id" : "4",
    "attributes" : {
      "name" : "myVirtualHost",
      "tenant" : "AirlockBankingCo",
      "hostName" : "myvirtualhost.example.com",
      "aliasNames" : [ ],
      "showMaintenancePage" : true,
      "strictlyMatchFullyQualifiedDomainName" : false,
      "keepAliveTimeout" : 3600,
      "encodedSlashesAllowed" : true,
      "downloadPdfsAsAttachmentsEnforced" : true,
      "serverAdmin" : "admin@example.com",
      "defaultRedirect" : "/",
      "pathRedirects" : [ {
        "from" : {
          "pattern" : "/",
          "caseIgnored" : true
        },
        "to" : "/redirect/path",
        "redirectStatusCode" : "MOVED_PERMANENTLY"
      } ],
      "networkInterface" : {
        "externalLogicalInterfaceName" : "EXT0",
        "ipV4Address" : "87.239.214.12/24",
        "ipV6Address" : "2001:500:2::c/64",
        "http" : {
          "enabled" : true,
          "port" : 80,
          "httpsRedirectEnforced" : false
        },
        "https" : {
          "enabled" : false,
          "port" : 443,
          "http2Allowed" : false
        }
      },
      "tls" : {
        "protocol" : "SSL42",
        "protocolMode" : "CUSTOM",
        "cipherSuite" : "AES42",
        "cipherSuiteMode" : "CUSTOM",
        "ocspStaplingEnabled" : true,
        "letsEncryptEnabled" : false,
        "clientCertificateAuthentication" : "NOT_REQUIRED",
        "chainVerificationDepth" : 1,
        "ocspValidationEnforced" : true,
        "caCertificatesForClientCertificateSelection" : [ ],
        "caCertificatesForChainAndOcspValidation" : [ ]
      },
      "session" : {
        "cookiePath" : "/",
        "cookieDomain" : ""
      },
      "expertSettings" : {
        "securityGate" : {
          "enabled" : false,
          "settings" : ""
        },
        "apache" : {
          "enabled" : false,
          "settings" : ""
        }
      }
    }
  }
}

Update a Virtual Host

PATCH /configuration/virtual-hosts/{id}

Content-Type application/json

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "virtual-host" for this call.

data.id

String

yes

The ID of the resource to be addressed.

data.attributes.aliasNames[]

Array

no

Additional server aliases for this virtual host.

data.attributes.defaultRedirect

String

no

The URL to which clients accessing the root directory of the entry server (without a more qualified path) will be redirected.

data.attributes.downloadPdfsAsAttachmentsEnforced

Boolean

no

Whether PDF documents (detected by their content-type application/pdf) are always downloaded as attachments (instead of being displayed within the browser).

data.attributes.encodedSlashesAllowed

Boolean

no

Whether encoded slashes (%2F) are allowed in the URL path.

data.attributes.expertSettings.apache

Object

no

Expert settings for the Apache web listener.

data.attributes.expertSettings.apache.enabled

Boolean

no

Whether the Apache expert settings are enabled.

data.attributes.expertSettings.apache.settings

String

no

Expert settings for the Apache web listener.

data.attributes.expertSettings.securityGate

Object

no

Expert settings for the Security Gate.

data.attributes.expertSettings.securityGate.enabled

Boolean

no

Whether the Security Gate expert settings are enabled.

data.attributes.expertSettings.securityGate.settings

String

no

Expert settings for the Security Gate.

data.attributes.hostName

String

no

Hostname of the virtual host.

data.attributes.keepAliveTimeout

Number

no

HTTP keep-alive timeout in seconds for this virtual host. A value of 0 (zero) disables the HTTP keep-alive function.

data.attributes.name

String

no

The logical name of the virtual host.

data.attributes.networkInterface.externalLogicalInterfaceName

String

no

The external network interface for this virtual host to receive requests.

data.attributes.networkInterface.http.enabled

Boolean

no

Whether HTTP connections are enabled for this host.

data.attributes.networkInterface.http.httpsRedirectEnforced

Boolean

no

Whether to redirect all HTTP traffic to HTTPS on this virtual host.

data.attributes.networkInterface.http.port

Number

no

Port on which this host listens for HTTP connections.

data.attributes.networkInterface.https.enabled

Boolean

no

Whether HTTPS (SSL/TLS) connections are enabled for this host.

data.attributes.networkInterface.https.http2Allowed

Boolean

no

Whether HTTP/2 connections are enabled for this host. HTTP/2 can only be enabled for hosts with enabled HTTPS.

data.attributes.networkInterface.https.port

Number

no

Port on which this host listens for HTTPS (SSL/TLS) connections.

data.attributes.networkInterface.ipV4Address

String

no

The IPv4 address in CIDR format.

data.attributes.networkInterface.ipV6Address

String

no

The IPv6 address in CIDR format.

data.attributes.pathRedirects[]

Array

no

Dynamic URL redirects of the virtual host.

data.attributes.pathRedirects[].from

Object

no

Pattern for paths which shall be redirected. If a matching redirect path is detected, the client will be redirected to the redirect destination.

data.attributes.pathRedirects[].from.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.pathRedirects[].from.pattern

String

no

The actual pattern.

data.attributes.pathRedirects[].redirectStatusCode

String

no

Status code to use in the redirect response.

Allowed values:
- MOVED_PERMANENTLY
- FOUND
- SEE_OTHER
- TEMPORARY_REDIRECT
- PERMANENT_REDIRECT

data.attributes.pathRedirects[].to

String

no

Destination to which the client shall be redirected.

data.attributes.serverAdmin

String

no

Email address of the server administrator. It is used as contact information for Let’s Encrypt functionality.

data.attributes.session.cookieDomain

String

no

Domain for Airlock’s session cookie if the cookie is created inside this virtual host.

data.attributes.session.cookiePath

String

no

Cookie path for Airlock’s session cookie if the cookie is created inside this virtual host.

data.attributes.showMaintenancePage

Boolean

no

Whether Airlock Gateway should display a maintenance page instead of performing the request to the back-end server.

data.attributes.strictlyMatchFullyQualifiedDomainName

Boolean

no

Whether a virtual host should reply only to requests that match its hostname or any of its server alias names.

data.attributes.tenant

String

no

Tenant of the virtual host.

data.attributes.tls.caCertificatesForChainAndOcspValidation[]

Array

no

The CA certificates (PEM format) which are used as "trust anchor" during chain and OCSP validation.

data.attributes.tls.caCertificatesForClientCertificateSelection[]

Array

no

The Certificate Authorities which are sent to the client during SSL handshake (CA-certificates in PEM format).
These CA names are used by the browser to show a pop-up window to the user with the appropriate client certificate out of the available client certificates.

data.attributes.tls.chainVerificationDepth

Number

no

The maximum number of intermediate certificate issuers, i.e. the number of CA certificates which are allowed at maximum to be followed while verifying the client certificate.

data.attributes.tls.cipherSuite

String

no

Colon separated list of ciphers that the client is permitted to negotiate. See the mod_ssl documentation for a complete list.

data.attributes.tls.cipherSuiteMode

String

no

Allowed values:
- DEFAULT: The default ciphers will be used. (recommended)
- CUSTOM: The customized list of ciphers from "cipherSuite" will be used.

data.attributes.tls.clientCertificateAuthentication

String

no

Allowed values:
- NOT_REQUIRED: No client certificate is required for accessing this virtual host.
- OPTIONAL: The client may send a certificate if available, but access is still allowed without. The optional setting is normally used in combination with an authentication service that presents an alternative login page if no certificate is sent.
- REQUIRED: The client must send a valid certificate. If no client certificate is sent, the SSL handshake is cancelled and the browser typically presents the user with a technical error message.

data.attributes.tls.letsEncryptEnabled

Boolean

no

Whether Let’s Encrypt support is enabled on this virtual host.

data.attributes.tls.ocspStaplingEnabled

Boolean

no

Whether OCSP stapling, as defined by the "Certificate Status Request" TLS extension specified in RFC 6066, is enabled.

data.attributes.tls.ocspValidationEnforced

Boolean

no

Whether OCSP validation of the client certificate chain is enabled.

data.attributes.tls.protocol

String

no

Allowed and restricted protocols. See the mod_ssl documentation for more information.

data.attributes.tls.protocolMode

String

no

Allowed values:
- DEFAULT: The default SSL/TLS protocols will be used. (recommended)
- CUSTOM: The custom protocol configuration from "protocol" will be used.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "virtual-host" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.aliasNames[]

Array

Additional server aliases for this virtual host.

data.attributes.defaultRedirect

String

The URL to which clients accessing the root directory of the entry server (without a more qualified path) will be redirected.

data.attributes.downloadPdfsAsAttachmentsEnforced

Boolean

Whether PDF documents (detected by their content-type application/pdf) are always downloaded as attachments (instead of being displayed within the browser).

data.attributes.encodedSlashesAllowed

Boolean

Whether encoded slashes (%2F) are allowed in the URL path.

data.attributes.expertSettings.apache

Object

Expert settings for the Apache web listener.

data.attributes.expertSettings.apache.enabled

Boolean

Whether the Apache expert settings are enabled.

data.attributes.expertSettings.apache.settings

String

Expert settings for the Apache web listener.

data.attributes.expertSettings.securityGate

Object

Expert settings for the Security Gate.

data.attributes.expertSettings.securityGate.enabled

Boolean

Whether the Security Gate expert settings are enabled.

data.attributes.expertSettings.securityGate.settings

String

Expert settings for the Security Gate.

data.attributes.hostName

String

Hostname of the virtual host.

data.attributes.keepAliveTimeout

Number

HTTP keep-alive timeout in seconds for this virtual host. A value of 0 (zero) disables the HTTP keep-alive function.

data.attributes.name

String

The logical name of the virtual host.

data.attributes.networkInterface.externalLogicalInterfaceName

String

The external network interface for this virtual host to receive requests.

data.attributes.networkInterface.http.enabled

Boolean

Whether HTTP connections are enabled for this host.

data.attributes.networkInterface.http.httpsRedirectEnforced

Boolean

Whether to redirect all HTTP traffic to HTTPS on this virtual host.

data.attributes.networkInterface.http.port

Number

Port on which this host listens for HTTP connections.

data.attributes.networkInterface.https.enabled

Boolean

Whether HTTPS (SSL/TLS) connections are enabled for this host.

data.attributes.networkInterface.https.http2Allowed

Boolean

Whether HTTP/2 connections are enabled for this host. HTTP/2 can only be enabled for hosts with enabled HTTPS.

data.attributes.networkInterface.https.port

Number

Port on which this host listens for HTTPS (SSL/TLS) connections.

data.attributes.networkInterface.ipV4Address

String

The IPv4 address in CIDR format.

data.attributes.networkInterface.ipV6Address

String

The IPv6 address in CIDR format.

data.attributes.pathRedirects[]

Array

Dynamic URL redirects of the virtual host.

data.attributes.pathRedirects[].from

Object

Pattern for paths which shall be redirected. If a matching redirect path is detected, the client will be redirected to the redirect destination.

data.attributes.pathRedirects[].from.caseIgnored

Boolean

Whether to ignore case.

data.attributes.pathRedirects[].from.pattern

String

The actual pattern.

data.attributes.pathRedirects[].redirectStatusCode

String

Status code to use in the redirect response.

Allowed values:
- MOVED_PERMANENTLY
- FOUND
- SEE_OTHER
- TEMPORARY_REDIRECT
- PERMANENT_REDIRECT

data.attributes.pathRedirects[].to

String

Destination to which the client shall be redirected.

data.attributes.serverAdmin

String

Email address of the server administrator. It is used as contact information for Let’s Encrypt functionality.

data.attributes.session.cookieDomain

String

Domain for Airlock’s session cookie if the cookie is created inside this virtual host.

data.attributes.session.cookiePath

String

Cookie path for Airlock’s session cookie if the cookie is created inside this virtual host.

data.attributes.showMaintenancePage

Boolean

Whether Airlock Gateway should display a maintenance page instead of performing the request to the back-end server.

data.attributes.strictlyMatchFullyQualifiedDomainName

Boolean

Whether a virtual host should reply only to requests that match its hostname or any of its server alias names.

data.attributes.tenant

String

Tenant of the virtual host.

data.attributes.tls.caCertificatesForChainAndOcspValidation[]

Array

The CA certificates (PEM format) which are used as "trust anchor" during chain and OCSP validation.

data.attributes.tls.caCertificatesForClientCertificateSelection[]

Array

The Certificate Authorities which are sent to the client during SSL handshake (CA-certificates in PEM format).
These CA names are used by the browser to show a pop-up window to the user with the appropriate client certificate out of the available client certificates.

data.attributes.tls.chainVerificationDepth

Number

The maximum number of intermediate certificate issuers, i.e. the number of CA certificates which are allowed at maximum to be followed while verifying the client certificate.

data.attributes.tls.cipherSuite

String

Colon separated list of ciphers that the client is permitted to negotiate. See the mod_ssl documentation for a complete list.

data.attributes.tls.cipherSuiteMode

String

Allowed values:
- DEFAULT: The default ciphers will be used. (recommended)
- CUSTOM: The customized list of ciphers from "cipherSuite" will be used.

data.attributes.tls.clientCertificateAuthentication

String

Allowed values:
- NOT_REQUIRED: No client certificate is required for accessing this virtual host.
- OPTIONAL: The client may send a certificate if available, but access is still allowed without. The optional setting is normally used in combination with an authentication service that presents an alternative login page if no certificate is sent.
- REQUIRED: The client must send a valid certificate. If no client certificate is sent, the SSL handshake is cancelled and the browser typically presents the user with a technical error message.

data.attributes.tls.letsEncryptEnabled

Boolean

Whether Let’s Encrypt support is enabled on this virtual host.

data.attributes.tls.ocspStaplingEnabled

Boolean

Whether OCSP stapling, as defined by the "Certificate Status Request" TLS extension specified in RFC 6066, is enabled.

data.attributes.tls.ocspValidationEnforced

Boolean

Whether OCSP validation of the client certificate chain is enabled.

data.attributes.tls.protocol

String

Allowed and restricted protocols. See the mod_ssl documentation for more information.

data.attributes.tls.protocolMode

String

Allowed values:
- DEFAULT: The default SSL/TLS protocols will be used. (recommended)
- CUSTOM: The custom protocol configuration from "protocol" will be used.

data.relationships.mappings.data[]

Array

The mapping references.

data.relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.mappings.data[].id

String

The ID of the mapping resource.

data.relationships.ssl-certificate.data

Object

The ssl-certificate references.

data.relationships.ssl-certificate.data.type

String

The data type of the referenced resource. Must be "ssl-certificate" for this call.

data.relationships.ssl-certificate.data.id

String

The ID of the ssl-certificate resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts/1" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "virtual-host",
    "id" : "1",
    "attributes" : {
      "name" : "myVirtualHost",
      "tenant" : "AirlockBankingCo",
      "hostName" : "myvirtualhost.example.com",
      "aliasNames" : [ ],
      "showMaintenancePage" : true,
      "strictlyMatchFullyQualifiedDomainName" : false,
      "keepAliveTimeout" : 3600,
      "encodedSlashesAllowed" : true,
      "downloadPdfsAsAttachmentsEnforced" : true,
      "serverAdmin" : "admin@example.com",
      "defaultRedirect" : "/",
      "pathRedirects" : [ {
        "from" : {
          "pattern" : "/",
          "caseIgnored" : true
        },
        "to" : "/redirect/path",
        "redirectStatusCode" : "MOVED_PERMANENTLY"
      } ],
      "networkInterface" : {
        "externalLogicalInterfaceName" : "EXT0",
        "ipV4Address" : "87.239.214.12/24",
        "ipV6Address" : "2001:500:2::c/64",
        "http" : {
          "enabled" : true,
          "port" : 80,
          "httpsRedirectEnforced" : false
        },
        "https" : {
          "enabled" : false,
          "port" : 443,
          "http2Allowed" : false
        }
      },
      "tls" : {
        "protocol" : "SSL42",
        "protocolMode" : "CUSTOM",
        "cipherSuite" : "AES42",
        "cipherSuiteMode" : "CUSTOM",
        "ocspStaplingEnabled" : true,
        "letsEncryptEnabled" : false,
        "clientCertificateAuthentication" : "NOT_REQUIRED",
        "chainVerificationDepth" : 1,
        "ocspValidationEnforced" : true,
        "caCertificatesForClientCertificateSelection" : [ ],
        "caCertificatesForChainAndOcspValidation" : [ ]
      },
      "session" : {
        "cookiePath" : "/",
        "cookieDomain" : ""
      },
      "expertSettings" : {
        "securityGate" : {
          "enabled" : false,
          "settings" : ""
        },
        "apache" : {
          "enabled" : false,
          "settings" : ""
        }
      }
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2317

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:27:07.735Z"
  },
  "data" : {
    "type" : "virtual-host",
    "id" : "1",
    "attributes" : {
      "name" : "myVirtualHost",
      "tenant" : "AirlockBankingCo",
      "hostName" : "myvirtualhost.example.com",
      "aliasNames" : [ ],
      "showMaintenancePage" : true,
      "strictlyMatchFullyQualifiedDomainName" : false,
      "keepAliveTimeout" : 3600,
      "encodedSlashesAllowed" : true,
      "downloadPdfsAsAttachmentsEnforced" : true,
      "serverAdmin" : "admin@example.com",
      "defaultRedirect" : "/",
      "pathRedirects" : [ {
        "from" : {
          "pattern" : "/",
          "caseIgnored" : true
        },
        "to" : "/redirect/path",
        "redirectStatusCode" : "MOVED_PERMANENTLY"
      } ],
      "networkInterface" : {
        "externalLogicalInterfaceName" : "EXT0",
        "ipV4Address" : "87.239.214.12/24",
        "ipV6Address" : "2001:500:2::c/64",
        "http" : {
          "enabled" : true,
          "port" : 80,
          "httpsRedirectEnforced" : false
        },
        "https" : {
          "enabled" : false,
          "port" : 443,
          "http2Allowed" : false
        }
      },
      "tls" : {
        "protocol" : "SSL42",
        "protocolMode" : "CUSTOM",
        "cipherSuite" : "AES42",
        "cipherSuiteMode" : "CUSTOM",
        "ocspStaplingEnabled" : true,
        "letsEncryptEnabled" : false,
        "clientCertificateAuthentication" : "NOT_REQUIRED",
        "chainVerificationDepth" : 1,
        "ocspValidationEnforced" : true,
        "caCertificatesForClientCertificateSelection" : [ ],
        "caCertificatesForChainAndOcspValidation" : [ ]
      },
      "session" : {
        "cookiePath" : "/",
        "cookieDomain" : ""
      },
      "expertSettings" : {
        "securityGate" : {
          "enabled" : false,
          "settings" : ""
        },
        "apache" : {
          "enabled" : false,
          "settings" : ""
        }
      }
    },
    "relationships" : {
      "mappings" : {
        "data" : [ {
          "type" : "mapping",
          "id" : "50"
        } ]
      },
      "ssl-certificate" : {
        "data" : {
          "type" : "ssl-certificate",
          "id" : "-1000"
        }
      }
    }
  }
}

Delete a Virtual Host

DELETE /configuration/virtual-hosts/{id}

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts/1" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Enable 'Show Maintenance Page' Option of a Virtual Host

POST /configuration/virtual-hosts/{id}/maintenance

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts/1/maintenance" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Disable 'Show Maintenance Page' Option of a Virtual Host

DELETE /configuration/virtual-hosts/{id}/maintenance

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts/1/maintenance" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Add Mapping Connections

PATCH /configuration/virtual-hosts/{id}/relationships/mappings

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "mapping" for this call.

data[].id

String

yes

The ID of the referenced "mapping" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts/1/relationships/mappings" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "mapping",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove Mapping Connections

DELETE /configuration/virtual-hosts/{id}/relationships/mappings

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "mapping" for this call.

data[].id

String

yes

The ID of the referenced "mapping" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts/1/relationships/mappings" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "mapping",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Add SSL Certificate Connection

PATCH /configuration/virtual-hosts/{id}/relationships/ssl-certificate

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "ssl-certificate" for this call.

data.id

String

yes

The ID of the referenced "ssl-certificate" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts/1/relationships/ssl-certificate" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "ssl-certificate",
    "id" : "2"
  }
}'

Example Response

HTTP/1.1 204 No Content

Remove SSL Certificate Connection

DELETE /configuration/virtual-hosts/{id}/relationships/ssl-certificate

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "ssl-certificate" for this call.

data.id

String

yes

The ID of the referenced "ssl-certificate" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts/1/relationships/ssl-certificate" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "ssl-certificate",
    "id" : "2"
  }
}'

Example Response

HTTP/1.1 204 No Content

Certificate Revocation List

Airlock Gateway provides the possibility to upload, download and delete the PEM representation of certificate revocation lists.

Upload a Certificate Revocation List for a Virtual Host

Please note that the virtual host, for which the certificate revocation list is intended, must already exist.

PUT /configuration/virtual-hosts/{id}/crl

Content-Type application/pkix-crl

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts/1/crl" -i -X PUT \
    -H 'Content-Type: application/pkix-crl' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '-----BEGIN X509 CRL-----
MIIBoDCCAQkwDQYJKoZIhvcNAQEFBQAwga8xCzAJBgNVBAYTAkNIMQ8wDQYDVQQI
EwZadXJpY2gxDzANBgNVBAcTBlp1cmljaDEmMCQGA1UEChMddGVzdHN1aXRlIFN1
YkNBMSAoYnkgc2x0LmNvbSkxJzAlBgNVBAMTHnRlc3RzdWl0ZVN1YkNBMS5zZWNs
dXRpb25zLmNvbTEtMCsGCSqGSIb3DQEJARYedGVzdHN1aXRlU3ViQ0ExQHNlY2x1
dGlvbnMuY29tFw0xMDAzMTgxNDQ4MDNaFw0zNzA4MDMxNDQ4MDNaMCgwEgIBAhcN
MTAwMzE4MTQ0MjEwWjASAgEDFw0xMDAzMTgxNDQ3MTRaMA0GCSqGSIb3DQEBBQUA
A4GBAC/gVFl1g/gBDxzeV8v0auMc1+W5vDG6KSHS6LcI81m0ijS2Jgzre8Tpxmi6
hBFnv8MJA4Safn06EysGK4oVb35tVOWlmG+Oyrr3BbKwcvoYosNnEeI7WjDlEwwc
6NTFOfx4o/KQnmNFyp2CHn4K5GwWsoo/AqxNqltjmlJeZ8x2
-----END X509 CRL-----
-----BEGIN X509 CRL-----
MIIBlDCB/jANBgkqhkiG9w0BAQUFADCBuDELMAkGA1UEBhMCQ0gxDzANBgNVBAgT
Blp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSkwJwYDVQQKEyB0ZXN0c3VpdGUgU3Vi
U3ViQ0ExIChieSBzbHQuY29tKTEqMCgGA1UEAxMhdGVzdHN1aXRlU3ViU3ViQ0Ex
LnNlY2x1dGlvbnMuY29tMTAwLgYJKoZIhvcNAQkBFiF0ZXN0c3VpdGVTdWJTdWJD
QTFAc2VjbHV0aW9ucy5jb20XDTEwMDMxODE0MzM0OFoXDTM3MDgwMzE0MzM0OFow
FDASAgECFw0xMDAzMTgxNDI2MjZaMA0GCSqGSIb3DQEBBQUAA4GBALdkvRMoIf0f
ZZv8XQkYwsqJKhljBqU/xBmerqVfs0sy+TGbuD8WKqtNnhehMgWWAFn7bDi68xb8
I2Hv9wbGF1z7ngWWCMaJLb0LGdkSC0b0Et/+ngnhOa3Y42NRQESN1UX3n9slo9R4
j0FkDCHLU5UeZE3VWDn1qJVmQlPWc0ve
-----END X509 CRL-----'

Example Response

HTTP/1.1 204 No Content

Example Request with invalid CRL

$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts/1/crl" -i -X PUT \
    -H 'Content-Type: application/pkix-crl' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '-----BEGIN CERTIFICATE-----
MIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx
DzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0
c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs
dXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u
cy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE
BhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK
Exl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD
QS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj
bHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL
spQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf
1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb
wT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU
UD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa
6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx
DzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu
Y29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq
hkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF
MAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI
59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+
HkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN
kD1kLHTbrs4=
-----END CERTIFICATE-----
'

Example Response with invalid CRL

HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 179

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:27:07.407Z",
    "rid" : "n/a"
  },
  "errors" : [ {
    "code" : "INVALID_VALUE"
  } ]
}

Download a Certificate Revocation List of a Virtual Host

GET /configuration/virtual-hosts/{id}/crl

Accept application/pkix-crl

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts/2/crl" -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/pkix-crl'

Example Response

HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Content-Length: 1217

-----BEGIN X509 CRL-----
MIIBoDCCAQkwDQYJKoZIhvcNAQEFBQAwga8xCzAJBgNVBAYTAkNIMQ8wDQYDVQQI
EwZadXJpY2gxDzANBgNVBAcTBlp1cmljaDEmMCQGA1UEChMddGVzdHN1aXRlIFN1
YkNBMSAoYnkgc2x0LmNvbSkxJzAlBgNVBAMTHnRlc3RzdWl0ZVN1YkNBMS5zZWNs
dXRpb25zLmNvbTEtMCsGCSqGSIb3DQEJARYedGVzdHN1aXRlU3ViQ0ExQHNlY2x1
dGlvbnMuY29tFw0xMDAzMTgxNDQ4MDNaFw0zNzA4MDMxNDQ4MDNaMCgwEgIBAhcN
MTAwMzE4MTQ0MjEwWjASAgEDFw0xMDAzMTgxNDQ3MTRaMA0GCSqGSIb3DQEBBQUA
A4GBAC/gVFl1g/gBDxzeV8v0auMc1+W5vDG6KSHS6LcI81m0ijS2Jgzre8Tpxmi6
hBFnv8MJA4Safn06EysGK4oVb35tVOWlmG+Oyrr3BbKwcvoYosNnEeI7WjDlEwwc
6NTFOfx4o/KQnmNFyp2CHn4K5GwWsoo/AqxNqltjmlJeZ8x2
-----END X509 CRL-----
-----BEGIN X509 CRL-----
MIIBlDCB/jANBgkqhkiG9w0BAQUFADCBuDELMAkGA1UEBhMCQ0gxDzANBgNVBAgT
Blp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSkwJwYDVQQKEyB0ZXN0c3VpdGUgU3Vi
U3ViQ0ExIChieSBzbHQuY29tKTEqMCgGA1UEAxMhdGVzdHN1aXRlU3ViU3ViQ0Ex
LnNlY2x1dGlvbnMuY29tMTAwLgYJKoZIhvcNAQkBFiF0ZXN0c3VpdGVTdWJTdWJD
QTFAc2VjbHV0aW9ucy5jb20XDTEwMDMxODE0MzM0OFoXDTM3MDgwMzE0MzM0OFow
FDASAgECFw0xMDAzMTgxNDI2MjZaMA0GCSqGSIb3DQEBBQUAA4GBALdkvRMoIf0f
ZZv8XQkYwsqJKhljBqU/xBmerqVfs0sy+TGbuD8WKqtNnhehMgWWAFn7bDi68xb8
I2Hv9wbGF1z7ngWWCMaJLb0LGdkSC0b0Et/+ngnhOa3Y42NRQESN1UX3n9slo9R4
j0FkDCHLU5UeZE3VWDn1qJVmQlPWc0ve
-----END X509 CRL-----

Delete the Certificate Revocation List of a Virtual Host

DELETE /configuration/virtual-hosts/{id}/crl

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts/1/crl" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Mapping

Access all Mappings

GET /configuration/mappings

Accept application/json

Request Structure

Parameter Description Required

filter

Optionally allows to filter by: 'name', 'label', 'entryPath' and 'backendPath'. Click here for more details about the syntax.

no

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "mapping" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.access.authenticationFlow

String

Allowed values:
- REDIRECT: If the required role for the mapping is missing on the current session, Airlock Gateway will send a redirect (HTTP 303) to either the global or the custom denied access URL.
This mode is typically used in conjunction with user operated clients.
- DENY_ACCESS: Airlock Gateway will directly send an access denied (HTTP 403) response to the client if the required role is missing.
This is typically used for technical clients.
- ONE_SHOT: When this option is selected and Airlock Gateway receives an incoming request for this mapping that needs to be authenticated, Airlock Gateway implicitly (without redirect) forwards the request to the configured denied access URL for this mapping. The request headers are forwarded but no request body. After the forwarded request, Airlock Gateway checks again if the session is now authenticated.
If so, the original request is passed to the back-end server (successful one-shot authentication).
If the session does not have the required credentials even after the one-shot request, Airlock Gateway will send an access denied (HTTP 403) response to the client.
- ONE_SHOT_WITH_BODY: This is the same as with the "one-shot" option with two notable differences: The whole body of the request is also sent to the denied access URL for this mapping and the request method is always POST instead of GET.
- FRONT_SIDE_NTLM: Choose the front-side NTLM authentication flow to support authentication using NTLM. The front-side NTLM authentication flow is similar to the "one-shot" authentication flow, but also forwards all requests containing an "Authorization" header with value "NTLM .*" to the denied access URL.
For successful authentication, NTLM must be supported by the authentication service.

data[].attributes.access.backendLogoutUrl

String

Whenever an Airlock Gateway session terminates (either due to an explicit logout by the user or due to a session timeout), Airlock Gateway will call the given, unmodified path on the currently used back-end host with all information concerning this back-end application such as cookies, headers, etc. to allow clean session termination on the backend host.

data[].attributes.access.clientCertificateAuthentication

String

Specifies whether accessing this mapping requires the client to authenticate with a valid SSL client certificate.

Allowed values:
- NOT_REQUIRED: The mapping uses the client certificate settings of the virtual host.
- OPTIONAL: The client may send a certificate if available, but access is still allowed without. The optional setting is normally used in combination with an authentication service that presents an alternative login page if no certificate is sent.
- REQUIRED: The client must send a valid certificate. If no client certificate is sent, the SSL handshake is cancelled and the browser typically presents the user with a technical error message.

data[].attributes.access.credentialsPropagation.mandatory

Boolean

If true and the selected SSO credentials are missing, access to the mapping is denied and Airlock Gateway will redirect to either the global or the custom denied access URL.

data[].attributes.access.credentialsPropagation.type

String

Defines if SSO credentials set by the control API will be forwarded to the back-end application or not. These credentials are typically set by the authentication service upon successful authentication.

Allowed values:
- NONE: Even if Basic-Auth or NTLM credentials set by the control API are present, Airlock Gateway will not forward them to the back-end application. Access to the mapping is granted without any SSO credentials.
- BASIC_AUTH: If Basic-Auth credentials set by the control API are present, Airlock Gateway will forward them to the back-end application.
- KERBEROS: If a Kerberos user is set by the control API, Airlock Gateway will acquire and send a service ticket to the back-end application.
- NTLM: If NTLM credentials set by the control API are present, Airlock Gateway will forward them to the back-end application.

data[].attributes.access.deniedUrl.mode

String

Allowed values:
- GLOBAL: Use the global denied access url as configured under the menu Application Firewall - Session - Access Control.
- CUSTOM: Use the mapping specific denied access url.

data[].attributes.access.deniedUrl.value

String

Location (URL) of the authentication service. In case the required role for the mapping is missing on the current session, Airlock Gateway will redirect the client to this location.

data[].attributes.access.ntlmPassthroughEnabled

Boolean

Airlock Gateway is enabled to handle HTTP connections with transparent client to back-end NTLM authentication. Since the authorization of NTLM authenticated connections is bound to the underlying TCP connection, the client and back-end connections are correlated as soon as a NTLM handshake is detected. These one-to-one bindings of client and back-end connections exist until client connections are closed. It is guaranteed that no back-end connection authenticated using NTLM is ever reused by another client connection.

NTLM has well-known security flaws. We strongly recommend adding additional security measures when exposing NTLM authentication to the Internet. If possible, Kerberos should be preferred over NTLM, as suggested by Microsoft.

data[].attributes.access.restrictions[].authorizedPlans[]

Array

List of mandatory plans. Only sessions which have at least one of these plans will be able to access the service.

data[].attributes.access.restrictions[].authorizedRoles[]

Array

List of mandatory roles. Only sessions which have at least one of these roles will be able to access the service.

data[].attributes.access.restrictions[].enabled

Boolean

Whether access restriction is enabled.

data[].attributes.access.restrictions[].entryPathPattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.access.restrictions[].entryPathPattern.inverted

Boolean

Whether to invert the match.

data[].attributes.access.restrictions[].entryPathPattern.pattern

String

The actual pattern.

data[].attributes.access.restrictions[].httpMethodPattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.access.restrictions[].httpMethodPattern.inverted

Boolean

Whether to invert the match.

data[].attributes.access.restrictions[].httpMethodPattern.pattern

String

The actual pattern.

data[].attributes.access.tokenTransport.cookieExtraction.enabled

Boolean

If enabled, Airlock Gateway will extract the token from the specified cookie.

data[].attributes.access.tokenTransport.cookieExtraction.name

String

Name of the cookie.

data[].attributes.access.tokenTransport.headerExtraction.enabled

Boolean

If enabled, Airlock Gateway will extract the token from the specified header.

data[].attributes.access.tokenTransport.headerExtraction.extractionPattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.access.tokenTransport.headerExtraction.extractionPattern.pattern

String

The actual pattern.

data[].attributes.access.tokenTransport.headerExtraction.replaceWith

String

The rewrite expression for the header extraction.

data[].attributes.access.tokenTransport.parameterExtraction.enabled

Boolean

If enabled, Airlock Gateway will extract the token from the specified query parameter.

data[].attributes.access.tokenTransport.parameterExtraction.name

String

Name of the query parameter.

data[].attributes.access.tokenTransport.presenceMandatoryEnforced

Boolean

If not enforced, requests without a token are accepted. However, if a token is present, it is extracted and validated and the configured restrictions and role extractions are applied.

data[].attributes.access.tokenVerification.claimRestrictions[].enabled

Boolean

Whether this claim extraction rule is enabled.

data[].attributes.access.tokenVerification.claimRestrictions[].name

String

Name of the claim you want to restrict.

data[].attributes.access.tokenVerification.claimRestrictions[].restrictionPattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.access.tokenVerification.claimRestrictions[].restrictionPattern.inverted

Boolean

Whether to invert the match.

data[].attributes.access.tokenVerification.claimRestrictions[].restrictionPattern.pattern

String

The actual pattern.

data[].attributes.access.tokenVerification.expiryCheckEnabled

Boolean

If enabled, the JWT standard claims expiry (exp) and not before (nbf) will be checked and must be valid.

data[].attributes.access.tokenVerification.expiryCheckSkew

Number

Allowed skew when checking expiry / not before in seconds. This can be used if verification fails because of time synchronization issues with the token issuer and your Airlock.

data[].attributes.access.tokenVerification.extractTechnicalClientIdEnabled

Boolean

If enabled, a technical client ID is extracted from the JWT.

data[].attributes.access.tokenVerification.extractTechnicalClientIdName

String

Name of the claim to extract as technical client ID.

data[].attributes.access.tokenVerification.roleExtractions[].enabled

Boolean

Whether this claim extraction rule is enabled.

data[].attributes.access.tokenVerification.roleExtractions[].extractionPattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.access.tokenVerification.roleExtractions[].extractionPattern.pattern

String

The actual pattern.

data[].attributes.access.tokenVerification.roleExtractions[].name

String

Name of the claim you want to extract a role from.

data[].attributes.access.tokenVerification.roleExtractions[].replaceWith

String

The rewrite expression of the role.

data[].attributes.access.tokenVerification.roleExtractions[].tokenLifetimeAsRoleLifetimeEnforced

Boolean

If enforced, the expiry claim (exp) of the JWT will be used as the role lifetime.

data[].attributes.access.tokenVerification.setAuditTokenFromSubjectEnabled

Boolean

If enabled, the 'sub' claim is extracted from the JWT and its value is used as audit token of the current Airlock session.

data[].attributes.access.tokenVerification.signatureCheckEnforced

Boolean

If enforced, the JWT’s signature must be present and valid.

data[].attributes.access.tokensEnabled

Boolean

Whether access tokens should be processed.

data[].attributes.apiSecurity.apiPolicyKeyExtractionCookie.cookieName

String

Name of the cookie.

data[].attributes.apiSecurity.apiPolicyKeyExtractionCookie.enabled

Boolean

If enabled, Airlock Gateway will extract the API key from the specified cookie.

data[].attributes.apiSecurity.apiPolicyKeyExtractionHeader.enabled

Boolean

If enabled, Airlock Gateway will extract the API key from the specified header.

data[].attributes.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern.inverted

Boolean

Whether to invert the match.

data[].attributes.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern.pattern

String

The actual pattern.

data[].attributes.apiSecurity.apiPolicyKeyExtractionHeader.replaceWith

String

Rewrite expression for the header extraction.

data[].attributes.apiSecurity.apiPolicyKeyExtractionQueryParameter.enabled

Boolean

If enabled, Airlock Gateway will extract the API key from the specified query parameter.

data[].attributes.apiSecurity.apiPolicyKeyExtractionQueryParameter.parameterName

String

Name of the query parameter.

data[].attributes.apiSecurity.apiPolicyServiceEnabled

Boolean

Whether to enable the API policy service.

data[].attributes.apiSecurity.jsonParser.contentTypePattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.apiSecurity.jsonParser.contentTypePattern.inverted

Boolean

Whether to invert the match.

data[].attributes.apiSecurity.jsonParser.contentTypePattern.pattern

String

The actual pattern.

data[].attributes.apiSecurity.jsonParser.enabled

Boolean

If set to true, Airlock Gateway parses JSON objects in requests and filters JSON attributes with allow rules and deny rules. JSON objects are parsed only if their content-type matches the specified pattern.

data[].attributes.apiSecurity.logOnly

Boolean

If enabled, potential attack requests are only logged but not blocked.

data[].attributes.apiSecurity.openApiCheckResponsesEnabled

Boolean

If enabled, responses are also checked against the API specification.

data[].attributes.apiSecurity.openApiEnforced

Boolean

Whether traffic to/from this service shall be checked against an API specification provided in the OpenAPI format.If enforced, traffic not conforming to the API specification will be blocked.

data[].attributes.apiSecurity.openApiPathMatching

String

Run OpenAPI path matching against client or server view of request/response.

Allowed values:
- ClientView
- BackendView

data[].attributes.apiSecurity.openApiPublishSpecificationEnabled

Boolean

If enabled, allow clients to download the API specification.

data[].attributes.apiSecurity.openApiPublishSpecificationPath

String

External path to the API specification. Note that the entry path will be added in front of it.

data[].attributes.apiSecurity.treatPathSegmentsAsParamValues

Boolean

If enabled, each path segment is interpreted as a separate parameter value and the deny rules for parameter values are applied to it.

data[].attributes.application.controlApiAllowed

Boolean

Whether this service is allowed to use Airlock Gateway’s back-end API via the control cookie mechanism. Normally, only the authentication application should be allowed to use the back-end control API of Airlock Gateway.

data[].attributes.application.encryptedCookies.enabled

Boolean

Enables encryption of cookies which are sent to the client.

data[].attributes.application.encryptedCookies.prefix

String

Regular expression for cookies that should be cryptographically encrypted before being sent to the client.
All cookies that have names which match the regular expression are encrypted and digitally signed with a secret key derived from a pass phrase when sent to the client. They are decrypted and verified when sent to the back-end service.
Because the pass-phrase-based key is used, such cookies are valid over several sessions and can also be persistent on the client’s machine. Such cookies protect the application from manipulated cookie contents and hide the content from the user.

data[].attributes.application.environmentCookiesEnabled

Boolean

Whether this service should receive the Airlock Gateway environment cookies that contain useful information about the connection to the client.

data[].attributes.application.loadBalancingCookieEnabled

Boolean

If enabled, load balancing information is sent to the client in a load balancing cookie. Disable if no load balancing is needed and no cookie should be generated for this purpose.

data[].attributes.application.passthroughCookies.enabled

Boolean

Whether 'Passthrough Cookies' are enabled. Passthrough Cookies are cookies which are sent in plain format to the client.

data[].attributes.application.passthroughCookies.prefix

String

Regular expression to select cookies that should be treated as 'Passthrough Cookies'.
Passthrough cookies are not recommended because they are often a carrier for cookie poisoning based web application attacks that can result in buffer overflows etc.

data[].attributes.application.redirectForErrorPageEnabled

Boolean

If enabled, Airlock Gateway will deliver error pages by sending a HTTP redirect pointing to the error page to its clients. Otherwise the error page will be directly returned.

data[].attributes.application.request.charset

String

Parameter values that are sent in HTTP requests from the client are interpreted by Airlock Gateway as if they were encoded using the given charset. If Airlock Gateway detects that the charset does not match, it tries to use the fallback charset.

Allowed values:
- UTF_8_FALLBACK_WINDOWS_1252
- UTF_8
- ISO_8859_15
- WINDOWS_1251
- WINDOWS_1252

data[].attributes.application.request.header.allowlist.additional

Object

Additional headers to allow.

data[].attributes.application.request.header.allowlist.additional.pattern

String

The actual pattern.

data[].attributes.application.request.header.allowlist.defaultEnabled

Boolean

If enabled, default header allow list will be applied.

data[].attributes.application.request.header.denylist.additional

Object

Additional headers to deny.

data[].attributes.application.request.header.denylist.additional.pattern

String

The actual pattern.

data[].attributes.application.request.header.denylist.defaultEnabled

Boolean

If enabled, default header deny list will be applied.

data[].attributes.application.request.header.enforceUtf8

Boolean

If enabled, requests which contain invalid UTF-8 sequences in the headers will be blocked.

data[].attributes.application.request.parameter.enforceUtf8

Boolean

If enabled, requests which contain invalid UTF-8 sequences in the parameters will be blocked.

data[].attributes.application.request.path.enforceUtf8

Boolean

If enabled, requests which contain invalid UTF-8 sequences in the path will be blocked.

data[].attributes.application.response.body.rewrites[].contentPattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.application.response.body.rewrites[].contentPattern.pattern

String

The actual pattern.

data[].attributes.application.response.body.rewrites[].contentType

String

A response from the back-end server is rewritten only if the response headerContent-Type matches this regular expression.

data[].attributes.application.response.body.rewrites[].enabled

Boolean

Whether rewrites are enabled.

data[].attributes.application.response.body.rewrites[].replaceWith

String

Target string which will replace the string matched by Content Pattern.

data[].attributes.application.response.compressionAllowed

Boolean

Specifies whether Airlock Gateway should compress the output on-the-fly for the client browser (if supported and requested by the browser).
Warning: Allowing compression for data served through SSL/TLS virtual hosts may affect the secrecy of the data.

data[].attributes.application.response.errorPage.rewrites[].enabled

Boolean

Whether rewrites are enabled.

data[].attributes.application.response.errorPage.rewrites[].replaceWith

String

Target string which will replace the string matched by HTTP status content pattern.

data[].attributes.application.response.errorPage.rewrites[].statusContentPattern

String

The HTTP status code pattern.

data[].attributes.application.response.header.allowlist.additional

Object

Additional headers to allow.

data[].attributes.application.response.header.allowlist.additional.pattern

String

The actual pattern.

data[].attributes.application.response.header.allowlist.defaultEnabled

Boolean

If enabled, default header allow list will be applied.

data[].attributes.application.response.header.denylist.additional

Object

Additional headers to deny.

data[].attributes.application.response.header.denylist.additional.pattern

String

The actual pattern.

data[].attributes.application.response.header.denylist.defaultEnabled

Boolean

If enabled, default header deny list will be applied.

data[].attributes.application.response.header.location.rewrites[].enabled

Boolean

Whether rewrites are enabled.

data[].attributes.application.response.header.location.rewrites[].replaceWith

String

Target string which will replace the string matched by URL pattern.

data[].attributes.application.response.header.location.rewrites[].urlPattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.application.response.header.location.rewrites[].urlPattern.pattern

String

The actual pattern.

data[].attributes.application.response.html.rewrites[].embedded

Boolean

Whether to apply the rule to <script> and <style> blocks embedded in the HTML page

data[].attributes.application.response.html.rewrites[].enabled

Boolean

Whether rewrites are enabled.

data[].attributes.application.response.html.rewrites[].events

Boolean

Whether to apply the rule to JavaScript event strings such as onsubmit, onload, etc.

data[].attributes.application.response.html.rewrites[].replaceWith

String

Target string which will replace the string matched by URL Pattern.

data[].attributes.application.response.html.rewrites[].uris

Boolean

Whether to apply the rule to linked HTML elements like href, src, etc.

data[].attributes.application.response.html.rewrites[].urlPattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.application.response.html.rewrites[].urlPattern.pattern

String

The actual pattern.

data[].attributes.application.response.json.rewrites[].contentPattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.application.response.json.rewrites[].contentPattern.pattern

String

The actual pattern.

data[].attributes.application.response.json.rewrites[].enabled

Boolean

Whether rewrites are enabled.

data[].attributes.application.response.json.rewrites[].path

String

A response from the back-end server is rewritten only if the JSON path matches this regular expression.

data[].attributes.application.response.json.rewrites[].replaceWith

String

Target string which will replace the string matched by Content Pattern.

data[].attributes.application.response.stripCommentsEnabled

Boolean

If enabled, Airlock Gateway removes HTML comments.

data[].attributes.application.sessionHandling

String

Allowed values:
- ENFORCE_SESSION: Sessions are enforced. If no session is available, a new session is created.
- OPTIONAL_SESSION: Sessions are optional. Existing sessions are used. If no session is available, no session is used.
- OPTIONAL_SESSION_NO_REFRESH: Same as "OPTIONAL_SESSION" but without refreshing session access timestamps. That is, requests use existing sessions if available but do not reset session idle times.
- IGNORE_SESSION: Session handling is disabled. No sessions are created and existing sessions are ignored. This mode improves performance for delivery of anonymous stateless content, such as image directories or static web repositories.

data[].attributes.application.webSocketsAllowed

Boolean

Whether support for the WebSockets protocol as defined in RFC 6455 is enabled.

data[].attributes.backendPath

String

The back-end path specifies the internal back-end path, i.e. the path of the request sent to the application server.

data[].attributes.botManagement.clientCookieSupportEnforced

Boolean

If enabled, only clients implementing a Cookie-Store will be able to access the application through this mapping. In contrast to regular browsers, most bots do not implement a Cookie-Store and will therefore be blocked if this setting is enabled.

data[].attributes.botManagement.customBots.allowed

Boolean

If enabled, custom bots are not blocked.
Custom bots are identified by providing a "User-Agent" and "Domain" pattern.

data[].attributes.botManagement.customBots.domainPattern.inverted

Boolean

Whether to invert the match.

data[].attributes.botManagement.customBots.domainPattern.pattern

String

The actual pattern.

data[].attributes.botManagement.customBots.sourceDomainEnforced

Boolean

Do not block bots whose source-domain matches the "domain pattern".

data[].attributes.botManagement.customBots.userAgentPattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.botManagement.customBots.userAgentPattern.inverted

Boolean

Whether to invert the match.

data[].attributes.botManagement.customBots.userAgentPattern.pattern

String

The actual pattern.

data[].attributes.botManagement.logOnly

Boolean

If true, requests from bots are only logged but not blocked.

data[].attributes.botManagement.wellKnownBots.allowed

Boolean

Check the User-Agent to determine if a bot is well-known and do not block such bots.
Clients indicating one of the following User-Agent headers are treated as well-known bots: Googlebot, bingbot, MSNBot, Baiduspider, YandexBot, archive.org_bot, DuckDuckBot.

data[].attributes.botManagement.wellKnownBots.sourceDomainEnforced

Boolean

If enabled, a reverse IP lookup for well-known bots is performed to verify that the client’s IP address belongs to the operator of a well-known bot.
This prevents bots from pretending to be a well-known bot by sending a fake "User-Agent" header.
The following domains are considered as domains of operators operating well-known bots: google.com, googlebot.com,search.msn.com, yahoo.net, baidu.com, baidu.jp, yandex.ru, yandex.net, yandex.com, archive.org, amazonaws.com (107.20.237.51, 23.21.226.191, 107.21.1.8, 54.208.102.37)

data[].attributes.csrfProtection.enabled

Boolean

Whether CSRF protection is enabled.

data[].attributes.csrfProtection.invalidTokenRedirectLocation

String

If a missing or invalid CSRF token is detected, the client is redirected to the configured location.

data[].attributes.csrfProtection.pathExceptions[].caseIgnored

Boolean

Whether to ignore case.

data[].attributes.csrfProtection.pathExceptions[].pattern

String

The actual pattern.

data[].attributes.dosAttackPrevention.enabled

Boolean

Whether the DoS attack prevention filter is enabled.

data[].attributes.dosAttackPrevention.interval

Number

Interval for measurement of allowed requests per IP address (seconds).

data[].attributes.dosAttackPrevention.maxRequestsPerInterval

Number

Maximum requests allowed per IP address.

data[].attributes.enableMaintenancePage

Boolean

Whether the maintenance page is enabled.

data[].attributes.entryPath.enforceTrailingSlashes

Boolean

Whether a trailing slash is mandatory at the end of the entry path or not.

data[].attributes.entryPath.ignoreCase

Boolean

Whether the entry path should be case sensitive.

data[].attributes.entryPath.priority

Number

The priority guarantees a deterministic selection of the mapping for a given request path.
The value can be between -999 (highest priority) and 999 (lowest priority). It must be unique among all regular expression mappings.

data[].attributes.entryPath.regexFormatEnforced

Boolean

Whether the entry path (the external URL path of the mapping) should be interpreted as regular expression or not.

data[].attributes.entryPath.value

String

The entry path specifies the external URL path the mapping should be available under. For each incoming request, Airlock Gateway compares the URL with the entry path to find the right mapping.

data[].attributes.expertSettings.apache

Object

Expert settings for the Apache.

data[].attributes.expertSettings.apache.enabled

Boolean

Whether the Apache expert settings are enabled.

data[].attributes.expertSettings.apache.settings

String

Expert settings for the Apache web listener.

data[].attributes.expertSettings.securityGate

Object

Expert settings for the Security Gate.

data[].attributes.expertSettings.securityGate.enabled

Boolean

Whether the Security Gate expert settings are enabled.

data[].attributes.expertSettings.securityGate.settings

String

Expert settings for the Security Gate.

data[].attributes.httpParameterPollutionDetection.mixedTypes

Object

Allows the detection of HTTP Parameter Pollution (HPP) attacks involving both HTTP GET and HTTP POST parameters (thus involving parameters of different/mixed types).

data[].attributes.httpParameterPollutionDetection.mixedTypes.enabled

Boolean

If enabled, requests containing HTTP GET and HTTP POST parameters of the same name are blocked to prevent HPP attacks.

data[].attributes.httpParameterPollutionDetection.mixedTypes.logOnly

Boolean

If true, potential HPP attack requests are only logged but not blocked.

data[].attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern

Object

Parameters named with a name matching this regular expression pattern will be ignored by the HPP detection.

data[].attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern.inverted

Boolean

Whether to invert the match.

data[].attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern.pattern

String

The actual pattern.

data[].attributes.httpParameterPollutionDetection.sameType

Object

Allows the detection of HTTP Parameter Pollution (HPP) attacks involving only HTTP GET or only HTTP POST parameters (thus involving only parameters of the same type).

data[].attributes.httpParameterPollutionDetection.sameType.enabled

Boolean

If enabled, parameters named with the same name and type (HTTP GET or POST) are joined together into one parameter before filtering to prevent HPP attacks.
Note: For the filtering itself, a deny rule like the default deny rule '(default) HTTP Parameter Pollution' has to be configured.

data[].attributes.ipRules.dynamicIpAddressBlacklist.countMode

String

Counting mode of dynamic IP address blacklist blocks.

Allowed values:
- OFF: Blocks on this mapping are not counted for the dynamic IP address blacklist.
- ALL: All blocks on this mapping are counted for the dynamic IP address blacklist.
- DENY_RULES_ONLY: Only deny rule blocks on this mapping are counted for the dynamic IP address blacklist.

data[].attributes.ipRules.dynamicIpAddressBlacklist.enabled

Boolean

If enabled, IPs on the dynamic IP address blacklist are blocked.

data[].attributes.ipRules.ipAddressBlacklists.logOnly

Boolean

If true, requests whose source IP address is contained in one of the configured IP Blacklists are only logged but not blocked.

data[].attributes.ipRules.ipAddressBlacklists.webrootThreatCategories

String

List of threat categories which should be blocked (;-separated string).

Categories:
SPAM_SOURCES: The Spam Sources category includes IP addresses involved in tunneling spam messages through proxy, anomalous SMTP activities, and forum spam activities.
WINDOWS_EXPLOITS: The Windows Exploits category includes IP addresses participating in the distribution of malware, shell code, rootkits, worms or viruses for Windows platforms.
WEB_ATTACKS: The Web Attacks category includes IP addresses using cross site scripting, iFrame injection, SQL injection, cross domain injection, or domain password brute force attacks to target vulnerabilities on a web server.
BOT_NETS: The Botnets category includes IP addresses acting as Botnet Command and Control (C&C) centers, and infected zombie machines controlled by the C&C servers.
SCANNERS: The Scanners category includes IP addresses involved in unauthorized reconnaissance activities such as probing, host scanning, port scanning and brute force login attempts.
DENIAL_OF_SERVICE: The Denial of Services category includes IPs addresses involved in DOS or DDOS attacks, anomalous sync flood, or anomalous traffic.
PHISHING: The Phishing category includes IP addresses hosting phishing sites and sites related to other kinds of fraudulent activities.
PROXY: The Proxy category includes IP addresses providing proxy services, including both VPN and open web proxy services.
MOBILE_THREATS: The Mobile Threats category includes IP addresses associated with malicious and unwanted mobile applications.
TOR_PROXY: The Tor Proxy category includes IP addresses acting as exit nodes for the Tor Network. Exit nodes are the last point along the proxy chain and make a direct connection to the originator’s intended destination.

data[].attributes.ipRules.ipAddressWhitelists.logOnly

Boolean

If true, requests whose source IP address is not contained in one of the configured IP Whitelists are only logged but not blocked.

data[].attributes.labels[]

Array

List of assigned Labels (freely defined textual tags). Labels allow grouping of mappings with a common aspect, e.g. all mappings belonging to the same application.

data[].attributes.limits.general.maxPathLength

Number

Defines the maximum path length for requests to the current mapping.

data[].attributes.limits.general.maxRequestBodySize

Number

Defines the maximum size of the request body. It specifies the number of bytes from 0 (meaning unlimited) to 2147483647 (2GB) that are allowed in a request body. To restrict the size of file uploads, set this limit to the maximum combined size of all files uploaded at once.

data[].attributes.limits.http.maxParameterNameLength

Number

Defines the maximum length for a parameter name.

data[].attributes.limits.http.maxParameterValueLength

Number

Defines the maximum length for a parameter value.

data[].attributes.limits.http.maxParameters

Number

Defines the maximum number of parameters inside the request.

data[].attributes.limits.json.enabled

Boolean

Whether JSON limits are enabled.

data[].attributes.limits.json.maxArrayItems

Number

Defines the maximum number of items for a single JSON array (non-recursive).

data[].attributes.limits.json.maxKeyLength

Number

Defines the maximum length for a JSON key, also known as "JSON property" or "JSON object member".

data[].attributes.limits.json.maxKeys

Number

Defines the maximum number of keys of a single JSON object (non-recursive).

data[].attributes.limits.json.maxNestingDepth

Number

Defines the maximum depth of nesting for JSON objects and JSON arrays.

data[].attributes.limits.json.maxTotalEntries

Number

Defines the maximum number of keys and array items in the whole JSON document (recursive).

data[].attributes.limits.json.maxValueLength

Number

Defines the maximum json value length for requests to the current mapping.

data[].attributes.locking.access.authenticationFlow

Boolean

Lock for the corresponding member.

data[].attributes.locking.access.backendLogoutUrl

Boolean

Lock for the corresponding member.

data[].attributes.locking.access.clientCertificateAuthentication

Boolean

Lock for the corresponding member.

data[].attributes.locking.access.credentialsPropagation.mandatory

Boolean

Lock for the corresponding member.

data[].attributes.locking.access.credentialsPropagation.type

Boolean

Lock for the corresponding member.

data[].attributes.locking.access.deniedUrl.mode

Boolean

Lock for the corresponding member.

data[].attributes.locking.access.deniedUrl.value

Boolean

Lock for the corresponding member.

data[].attributes.locking.access.ntlmPassthroughEnabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.access.restrictions

Boolean

Lock for the corresponding member.

data[].attributes.locking.access.tokenTransport.cookieExtraction.enabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.access.tokenTransport.cookieExtraction.name

Boolean

Lock for the corresponding member.

data[].attributes.locking.access.tokenTransport.headerExtraction.enabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.access.tokenTransport.headerExtraction.extractionPattern

Boolean

Lock for the corresponding member.

data[].attributes.locking.access.tokenTransport.headerExtraction.replaceWith

Boolean

Lock for the corresponding member.

data[].attributes.locking.access.tokenTransport.parameterExtraction.enabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.access.tokenTransport.parameterExtraction.name

Boolean

Lock for the corresponding member.

data[].attributes.locking.access.tokenTransport.presenceMandatoryEnforced

Boolean

Lock for the corresponding member.

data[].attributes.locking.access.tokenVerification.claimRestrictions

Boolean

Lock for the corresponding member.

data[].attributes.locking.access.tokenVerification.expiryCheckEnabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.access.tokenVerification.expiryCheckSkew

Boolean

Lock for the corresponding member.

data[].attributes.locking.access.tokenVerification.extractTechnicalClientIdEnabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.access.tokenVerification.extractTechnicalClientIdName

Boolean

Lock for the corresponding member.

data[].attributes.locking.access.tokenVerification.localJwksProviders

Boolean

Lock for the corresponding member.

data[].attributes.locking.access.tokenVerification.remoteJwksProviders

Boolean

Lock for the corresponding member.

data[].attributes.locking.access.tokenVerification.roleExtractions

Boolean

Lock for the corresponding member.

data[].attributes.locking.access.tokenVerification.setAuditTokenFromSubjectEnabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.access.tokensEnabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.apiSecurity.apiPolicyKeyExtractionCookie.cookieName

Boolean

Lock for the corresponding member.

data[].attributes.locking.apiSecurity.apiPolicyKeyExtractionCookie.enabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.apiSecurity.apiPolicyKeyExtractionHeader.enabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern

Boolean

Lock for the corresponding member.

data[].attributes.locking.apiSecurity.apiPolicyKeyExtractionHeader.replaceWith

Boolean

Lock for the corresponding member.

data[].attributes.locking.apiSecurity.apiPolicyKeyExtractionQueryParameter.enabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.apiSecurity.apiPolicyKeyExtractionQueryParameter.parameterName

Boolean

Lock for the corresponding member.

data[].attributes.locking.apiSecurity.apiPolicyServiceEnabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.apiSecurity.apiPolicyServiceId

Boolean

Lock for the corresponding member.

data[].attributes.locking.apiSecurity.jsonParser.contentTypePattern

Boolean

Lock for the corresponding member.

data[].attributes.locking.apiSecurity.jsonParser.enabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.apiSecurity.logOnly

Boolean

Lock for the corresponding member.

data[].attributes.locking.apiSecurity.openApiCheckResponsesEnabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.apiSecurity.openApiDocumentId

Boolean

Lock for the corresponding member.

data[].attributes.locking.apiSecurity.openApiEnforced

Boolean

Lock for the corresponding member.

data[].attributes.locking.apiSecurity.openApiPathMatching

Boolean

Lock for the corresponding member.

data[].attributes.locking.apiSecurity.openApiPublishSpecificationEnabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.apiSecurity.openApiPublishSpecificationPath

Boolean

Lock for the corresponding member.

data[].attributes.locking.apiSecurity.treatPathSegmentsAsParamValues

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.controlApiAllowed

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.encryptedCookies.enabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.encryptedCookies.prefix

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.environmentCookiesEnabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.loadBalancingCookieEnabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.passthroughCookies.enabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.passthroughCookies.prefix

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.redirectForErrorPageEnabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.request.charset

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.request.header.allowlist.additional

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.request.header.allowlist.defaultEnabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.request.header.denylist.additional

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.request.header.denylist.defaultEnabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.request.header.enforceUtf8

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.request.parameter.enforceUtf8

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.request.path.enforceUtf8

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.response.body.rewrites

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.response.compressionAllowed

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.response.errorPage.rewrites

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.response.header.allowlist.additional

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.response.header.allowlist.defaultEnabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.response.header.denylist.additional

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.response.header.denylist.defaultEnabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.response.header.location.rewrites

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.response.html.rewrites

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.response.json.rewrites

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.response.stripCommentsEnabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.sessionHandling

Boolean

Lock for the corresponding member.

data[].attributes.locking.application.webSocketsAllowed

Boolean

Lock for the corresponding member.

data[].attributes.locking.backendPath

Boolean

Lock for the corresponding member.

data[].attributes.locking.botManagement.clientCookieSupportEnforced

Boolean

Lock for the corresponding member.

data[].attributes.locking.botManagement.customBots.allowed

Boolean

Lock for the corresponding member.

data[].attributes.locking.botManagement.customBots.domainPattern

Boolean

Lock for the corresponding member.

data[].attributes.locking.botManagement.customBots.sourceDomainEnforced

Boolean

Lock for the corresponding member.

data[].attributes.locking.botManagement.customBots.userAgentPattern

Boolean

Lock for the corresponding member.

data[].attributes.locking.botManagement.logOnly

Boolean

Lock for the corresponding member.

data[].attributes.locking.botManagement.wellKnownBots.allowed

Boolean

Lock for the corresponding member.

data[].attributes.locking.botManagement.wellKnownBots.sourceDomainEnforced

Boolean

Lock for the corresponding member.

data[].attributes.locking.csrfProtection.enabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.csrfProtection.invalidTokenRedirectLocation

Boolean

Lock for the corresponding member.

data[].attributes.locking.csrfProtection.pathExceptions

Boolean

Lock for the corresponding member.

data[].attributes.locking.dosAttackPrevention.enabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.dosAttackPrevention.interval

Boolean

Lock for the corresponding member.

data[].attributes.locking.dosAttackPrevention.maxRequestsPerInterval

Boolean

Lock for the corresponding member.

data[].attributes.locking.enableMaintenancePage

Boolean

Lock for the corresponding member.

data[].attributes.locking.enabled

Boolean

If true, the state of the attribute locks is displayed in Airlock Gateway’s Configuration Center for this mapping.

data[].attributes.locking.entryPath.enforceTrailingSlashes

Boolean

Lock for the corresponding member.

data[].attributes.locking.entryPath.priority

Boolean

Lock for the corresponding member.

data[].attributes.locking.entryPath.regexFormatEnforced

Boolean

Lock for the corresponding member.

data[].attributes.locking.entryPath.settings

Boolean

Lock for the corresponding member. Note that this lock affects both the EntryPath’s 'value' and 'ignoreCase'.

data[].attributes.locking.httpParameterPollutionDetection.mixedTypes.enabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.httpParameterPollutionDetection.mixedTypes.logOnly

Boolean

Lock for the corresponding member.

data[].attributes.locking.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern

Boolean

Lock for the corresponding member.

data[].attributes.locking.httpParameterPollutionDetection.sameType.enabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.icap.request.backendViews

Boolean

Lock for the corresponding member.

data[].attributes.locking.icap.request.clientViews

Boolean

Lock for the corresponding member.

data[].attributes.locking.icap.response.backendViews

Boolean

Lock for the corresponding member.

data[].attributes.locking.icap.response.clientViews

Boolean

Lock for the corresponding member.

data[].attributes.locking.ipRules.dynamicIpAddressBlacklist.countMode

Boolean

Lock for the corresponding member.

data[].attributes.locking.ipRules.dynamicIpAddressBlacklist.enabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.ipRules.ipAddressBlacklists.logOnly

Boolean

Lock for the corresponding member.

data[].attributes.locking.ipRules.ipAddressWhitelists.logOnly

Boolean

Lock for the corresponding member.

data[].attributes.locking.labels

Boolean

Lock for the corresponding member.

data[].attributes.locking.limits.general.maxPathLength

Boolean

Lock for the corresponding member.

data[].attributes.locking.limits.general.maxRequestBodySize

Boolean

Lock for the corresponding member.

data[].attributes.locking.limits.http.maxParameterNameLength

Boolean

Lock for the corresponding member.

data[].attributes.locking.limits.http.maxParameterValueLength

Boolean

Lock for the corresponding member.

data[].attributes.locking.limits.http.maxParameters

Boolean

Lock for the corresponding member.

data[].attributes.locking.limits.json.enabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.limits.json.maxArrayItems

Boolean

Lock for the corresponding member.

data[].attributes.locking.limits.json.maxKeyLength

Boolean

Lock for the corresponding member.

data[].attributes.locking.limits.json.maxKeys

Boolean

Lock for the corresponding member.

data[].attributes.locking.limits.json.maxNestingDepth

Boolean

Lock for the corresponding member.

data[].attributes.locking.limits.json.maxTotalEntries

Boolean

Lock for the corresponding member.

data[].attributes.locking.limits.json.maxValueLength

Boolean

Lock for the corresponding member.

data[].attributes.locking.operationalMode

Boolean

Lock for the corresponding member.

data[].attributes.locking.requestBodyStreaming.contentTypePattern

Boolean

Lock for the corresponding member.

data[].attributes.locking.requestBodyStreaming.enabled

Boolean

Lock for the corresponding member.

data[].attributes.locking.requestBodyStreaming.httpMethodPattern

Boolean

Lock for the corresponding member.

data[].attributes.locking.requestBodyStreaming.pathPattern

Boolean

Lock for the corresponding member.

data[].attributes.locking.threatHandling

Boolean

Lock for the corresponding member.

data[].attributes.locking.timeouts.backend

Boolean

Lock for the corresponding member.

data[].attributes.locking.timeouts.sessionIdle

Boolean

Lock for the corresponding member.

data[].attributes.name

String

The unique name of the mapping.

data[].attributes.operationalMode

String

The mode in which the mapping runs.

Allowed values:
- PRODUCTION: Standard mode of operation.
- INTEGRATION: More information is logged about all requests and responses (may decrease performance).

data[].attributes.requestBodyStreaming.contentTypePattern

Object

Only requests whose content type header matches this regular expression pattern will be streamed.

data[].attributes.requestBodyStreaming.contentTypePattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.requestBodyStreaming.contentTypePattern.inverted

Boolean

Whether to invert the match.

data[].attributes.requestBodyStreaming.contentTypePattern.pattern

String

The actual pattern.

data[].attributes.requestBodyStreaming.enabled

Boolean

Whether request body streaming is enabled. If enabled, only requests matching all three regular expression patterns will be streamed.
Empty fields have the same effect as the pattern ^.*$

data[].attributes.requestBodyStreaming.httpMethodPattern

Object

Only requests whose HTTP method matches this regular expression pattern will be streamed.

data[].attributes.requestBodyStreaming.httpMethodPattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.requestBodyStreaming.httpMethodPattern.inverted

Boolean

Whether to invert the match.

data[].attributes.requestBodyStreaming.httpMethodPattern.pattern

String

The actual pattern.

data[].attributes.requestBodyStreaming.pathPattern

Object

Only requests whose path matches this regular expression pattern will be streamed.

data[].attributes.requestBodyStreaming.pathPattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.requestBodyStreaming.pathPattern.inverted

Boolean

Whether to invert the match.

data[].attributes.requestBodyStreaming.pathPattern.pattern

String

The actual pattern.

data[].attributes.tenant

String

Tenant of the mapping.

data[].attributes.threatHandling

String

Defines how policy violations, e.g., missing allow rules, matching deny rules, URL encryption and form protection violations, are handled.

Allowed values:
- BLOCK: Requests violating policies are blocked. The session (if available) remains valid.
- TERMINATE_SESSION: Requests violating policies are blocked. The session (if available) is terminated.
- NOTIFY: Requests violating policies are not blocked. The violation is logged and notified.

data[].attributes.timeouts.backend

Number

Defines the time (seconds) Airlock Gateway will wait for the back-end response.
In case the request runs into the timeout, Airlock Gateway will send a redirect to the HTTP 503 Service unavailable error page with the corresponding HTTP 503 status code. If In-band Health Checks are configured, then such a request will be counted as a failed request, potentially leading to the back-end server being marked as bad.

data[].attributes.timeouts.sessionIdle

Number

Defines the minimum session idle time (seconds) of Airlock Gateway for this mapping.
The value will be ignored if minimum session idle timeout is smaller or equal to the global session idle timeout setting.

data[].relationships.virtual-hosts.data[]

Array

The virtual-host references.

data[].relationships.virtual-hosts.data[].type

String

The data type of the referenced resource. Must be "virtual-host" for this call.

data[].relationships.virtual-hosts.data[].id

String

The ID of the virtual-host resource.

data[].relationships.back-end-groups.data[]

Array

The back-end-group references.

data[].relationships.back-end-groups.data[].type

String

The data type of the referenced resource. Must be "back-end-group" for this call.

data[].relationships.back-end-groups.data[].id

String

The ID of the back-end-group resource.

data[].relationships.local-json-web-key-sets.data[]

Array

The local-json-web-key-set references.

data[].relationships.local-json-web-key-sets.data[].type

String

The data type of the referenced resource. Must be "local-json-web-key-set" for this call.

data[].relationships.local-json-web-key-sets.data[].id

String

The ID of the local-json-web-key-set resource.

data[].relationships.remote-json-web-key-sets.data[]

Array

The remote-json-web-key-set references.

data[].relationships.remote-json-web-key-sets.data[].type

String

The data type of the referenced resource. Must be "remote-json-web-key-set" for this call.

data[].relationships.remote-json-web-key-sets.data[].id

String

The ID of the remote-json-web-key-set resource.

data[].relationships.openapi-document.data

Object

The openapi-document references.

data[].relationships.openapi-document.data.type

String

The data type of the referenced resource. Must be "openapi-document" for this call.

data[].relationships.openapi-document.data.id

String

The ID of the openapi-document resource.

data[].relationships.api-policy-service.data

Object

The api-policy-service references.

data[].relationships.api-policy-service.data.type

String

The data type of the referenced resource. Must be "api-policy-service" for this call.

data[].relationships.api-policy-service.data.id

String

The ID of the api-policy-service resource.

data[].relationships.ip-address-whitelists.data[]

Array

The ip-address-list references.

data[].relationships.ip-address-whitelists.data[].type

String

The data type of the referenced resource. Must be "ip-address-list" for this call.

data[].relationships.ip-address-whitelists.data[].id

String

The ID of the ip-address-list resource.

data[].relationships.ip-address-blacklists.data[]

Array

The ip-address-list references.

data[].relationships.ip-address-blacklists.data[].type

String

The data type of the referenced resource. Must be "ip-address-list" for this call.

data[].relationships.ip-address-blacklists.data[].id

String

The ID of the ip-address-list resource.

data[].relationships.ip-address-blacklist-exceptions.data[]

Array

The ip-address-list references.

data[].relationships.ip-address-blacklist-exceptions.data[].type

String

The data type of the referenced resource. Must be "ip-address-list" for this call.

data[].relationships.ip-address-blacklist-exceptions.data[].id

String

The ID of the ip-address-list resource.

data[].relationships.request-frequency-filter-ip-address-whitelist.data[]

Array

The ip-address-list references.

data[].relationships.request-frequency-filter-ip-address-whitelist.data[].type

String

The data type of the referenced resource. Must be "ip-address-list" for this call.

data[].relationships.request-frequency-filter-ip-address-whitelist.data[].id

String

The ID of the ip-address-list resource.

data[].relationships.bot-management-source-ip-address-whitelist.data

Object

The ip-address-list references.

data[].relationships.bot-management-source-ip-address-whitelist.data.type

String

The data type of the referenced resource. Must be "ip-address-list" for this call.

data[].relationships.bot-management-source-ip-address-whitelist.data.id

String

The ID of the ip-address-list resource.

data[].relationships.icap-request-client-views.data[]

Array

The icap-environment references.

data[].relationships.icap-request-client-views.data[].type

String

The data type of the referenced resource. Must be "icap-environment" for this call.

data[].relationships.icap-request-client-views.data[].id

String

The ID of the icap-environment resource.

data[].relationships.icap-request-client-views.data[].meta.type

String

The JSON API meta type, which is: "jsonapi.meta"

data[].relationships.icap-request-client-views.data[].meta.usage.enabled

Boolean

Whether this ICAP handler is enabled.

data[].relationships.icap-request-client-views.data[].meta.usage.httpMethodPattern.caseIgnored

String

Whether to ignore case.

data[].relationships.icap-request-client-views.data[].meta.usage.httpMethodPattern.inverted

String

Whether to invert the match.

data[].relationships.icap-request-client-views.data[].meta.usage.httpMethodPattern.pattern

String

The actual pattern.

data[].relationships.icap-request-client-views.data[].meta.usage.pathPattern.caseIgnored

String

Whether to ignore case.

data[].relationships.icap-request-client-views.data[].meta.usage.pathPattern.inverted

String

Whether to invert the match.

data[].relationships.icap-request-client-views.data[].meta.usage.pathPattern.pattern

String

The actual pattern.

data[].relationships.icap-request-client-views.data[].meta.usage.requestHeaderNamePattern.caseIgnored

String

Whether to ignore case.

data[].relationships.icap-request-client-views.data[].meta.usage.requestHeaderNamePattern.inverted

String

Whether to invert the match.

data[].relationships.icap-request-client-views.data[].meta.usage.requestHeaderNamePattern.pattern

String

The actual pattern.

data[].relationships.icap-request-client-views.data[].meta.usage.requestHeaderValuePattern.caseIgnored

String

Whether to ignore case.

data[].relationships.icap-request-client-views.data[].meta.usage.requestHeaderValuePattern.inverted

String

Whether to invert the match.

data[].relationships.icap-request-client-views.data[].meta.usage.requestHeaderValuePattern.pattern

String

The actual pattern.

data[].relationships.icap-request-backend-views.data[]

Array

The icap-environment references.

data[].relationships.icap-request-backend-views.data[].type

String

The data type of the referenced resource. Must be "icap-environment" for this call.

data[].relationships.icap-request-backend-views.data[].id

String

The ID of the icap-environment resource.

data[].relationships.icap-request-backend-views.data[].meta.type

String

The JSON API meta type, which is: "jsonapi.meta"

data[].relationships.icap-request-backend-views.data[].meta.usage.enabled

Boolean

Whether this ICAP handler is enabled.

data[].relationships.icap-request-backend-views.data[].meta.usage.httpMethodPattern.caseIgnored

String

Whether to ignore case.

data[].relationships.icap-request-backend-views.data[].meta.usage.httpMethodPattern.inverted

String

Whether to invert the match.

data[].relationships.icap-request-backend-views.data[].meta.usage.httpMethodPattern.pattern

String

The actual pattern.

data[].relationships.icap-request-backend-views.data[].meta.usage.pathPattern.caseIgnored

String

Whether to ignore case.

data[].relationships.icap-request-backend-views.data[].meta.usage.pathPattern.inverted

String

Whether to invert the match.

data[].relationships.icap-request-backend-views.data[].meta.usage.pathPattern.pattern

String

The actual pattern.

data[].relationships.icap-request-backend-views.data[].meta.usage.requestHeaderNamePattern.caseIgnored

String

Whether to ignore case.

data[].relationships.icap-request-backend-views.data[].meta.usage.requestHeaderNamePattern.inverted

String

Whether to invert the match.

data[].relationships.icap-request-backend-views.data[].meta.usage.requestHeaderNamePattern.pattern

String

The actual pattern.

data[].relationships.icap-request-backend-views.data[].meta.usage.requestHeaderValuePattern.caseIgnored

String

Whether to ignore case.

data[].relationships.icap-request-backend-views.data[].meta.usage.requestHeaderValuePattern.inverted

String

Whether to invert the match.

data[].relationships.icap-request-backend-views.data[].meta.usage.requestHeaderValuePattern.pattern

String

The actual pattern.

data[].relationships.icap-response-backend-views.data[]

Array

The icap-environment references.

data[].relationships.icap-response-backend-views.data[].type

String

The data type of the referenced resource. Must be "icap-environment" for this call.

data[].relationships.icap-response-backend-views.data[].id

String

The ID of the icap-environment resource.

data[].relationships.icap-response-backend-views.data[].meta.type

String

The JSON API meta type, which is: "jsonapi.meta"

data[].relationships.icap-response-backend-views.data[].meta.usage.enabled

Boolean

Whether this ICAP handler is enabled.

data[].relationships.icap-response-backend-views.data[].meta.usage.httpMethodPattern.caseIgnored

String

Whether to ignore case.

data[].relationships.icap-response-backend-views.data[].meta.usage.httpMethodPattern.inverted

String

Whether to invert the match.

data[].relationships.icap-response-backend-views.data[].meta.usage.httpMethodPattern.pattern

String

The actual pattern.

data[].relationships.icap-response-backend-views.data[].meta.usage.pathPattern.caseIgnored

String

Whether to ignore case.

data[].relationships.icap-response-backend-views.data[].meta.usage.pathPattern.inverted

String

Whether to invert the match.

data[].relationships.icap-response-backend-views.data[].meta.usage.pathPattern.pattern

String

The actual pattern.

data[].relationships.icap-response-backend-views.data[].meta.usage.requestHeaderNamePattern.caseIgnored

String

Whether to ignore case.

data[].relationships.icap-response-backend-views.data[].meta.usage.requestHeaderNamePattern.inverted

String

Whether to invert the match.

data[].relationships.icap-response-backend-views.data[].meta.usage.requestHeaderNamePattern.pattern

String

The actual pattern.

data[].relationships.icap-response-backend-views.data[].meta.usage.requestHeaderValuePattern.caseIgnored

String

Whether to ignore case.

data[].relationships.icap-response-backend-views.data[].meta.usage.requestHeaderValuePattern.inverted

String

Whether to invert the match.

data[].relationships.icap-response-backend-views.data[].meta.usage.requestHeaderValuePattern.pattern

String

The actual pattern.

data[].relationships.icap-response-backend-views.data[].meta.usage.responseHeaderNamePattern.caseIgnored

String

Whether to ignore case.

data[].relationships.icap-response-backend-views.data[].meta.usage.responseHeaderNamePattern.inverted

String

Whether to invert the match.

data[].relationships.icap-response-backend-views.data[].meta.usage.responseHeaderNamePattern.pattern

String

The actual pattern.

data[].relationships.icap-response-backend-views.data[].meta.usage.responseHeaderValuePattern.caseIgnored

String

Whether to ignore case.

data[].relationships.icap-response-backend-views.data[].meta.usage.responseHeaderValuePattern.inverted

String

Whether to invert the match.

data[].relationships.icap-response-backend-views.data[].meta.usage.responseHeaderValuePattern.pattern

String

The actual pattern.

data[].relationships.icap-response-client-views.data[]

Array

The icap-environment references.

data[].relationships.icap-response-client-views.data[].type

String

The data type of the referenced resource. Must be "icap-environment" for this call.

data[].relationships.icap-response-client-views.data[].id

String

The ID of the icap-environment resource.

data[].relationships.icap-response-client-views.data[].meta.type

String

The JSON API meta type, which is: "jsonapi.meta"

data[].relationships.icap-response-client-views.data[].meta.usage.enabled

Boolean

Whether this ICAP handler is enabled.

data[].relationships.icap-response-client-views.data[].meta.usage.httpMethodPattern.caseIgnored

String

Whether to ignore case.

data[].relationships.icap-response-client-views.data[].meta.usage.httpMethodPattern.inverted

String

Whether to invert the match.

data[].relationships.icap-response-client-views.data[].meta.usage.httpMethodPattern.pattern

String

The actual pattern.

data[].relationships.icap-response-client-views.data[].meta.usage.pathPattern.caseIgnored

String

Whether to ignore case.

data[].relationships.icap-response-client-views.data[].meta.usage.pathPattern.inverted

String

Whether to invert the match.

data[].relationships.icap-response-client-views.data[].meta.usage.pathPattern.pattern

String

The actual pattern.

data[].relationships.icap-response-client-views.data[].meta.usage.requestHeaderNamePattern.caseIgnored

String

Whether to ignore case.

data[].relationships.icap-response-client-views.data[].meta.usage.requestHeaderNamePattern.inverted

String

Whether to invert the match.

data[].relationships.icap-response-client-views.data[].meta.usage.requestHeaderNamePattern.pattern

String

The actual pattern.

data[].relationships.icap-response-client-views.data[].meta.usage.requestHeaderValuePattern.caseIgnored

String

Whether to ignore case.

data[].relationships.icap-response-client-views.data[].meta.usage.requestHeaderValuePattern.inverted

String

Whether to invert the match.

data[].relationships.icap-response-client-views.data[].meta.usage.requestHeaderValuePattern.pattern

String

The actual pattern.

data[].relationships.icap-response-client-views.data[].meta.usage.responseHeaderNamePattern.caseIgnored

String

Whether to ignore case.

data[].relationships.icap-response-client-views.data[].meta.usage.responseHeaderNamePattern.inverted

String

Whether to invert the match.

data[].relationships.icap-response-client-views.data[].meta.usage.responseHeaderNamePattern.pattern

String

The actual pattern.

data[].relationships.icap-response-client-views.data[].meta.usage.responseHeaderValuePattern.caseIgnored

String

Whether to ignore case.

data[].relationships.icap-response-client-views.data[].meta.usage.responseHeaderValuePattern.inverted

String

Whether to invert the match.

data[].relationships.icap-response-client-views.data[].meta.usage.responseHeaderValuePattern.pattern

String

The actual pattern.

data[].relationships.anomaly-shield-application.data

Object

The anomaly-shield-application references.

data[].relationships.anomaly-shield-application.data.type

String

The data type of the referenced resource. Must be "anomaly-shield-application" for this call.

data[].relationships.anomaly-shield-application.data.id

String

The ID of the anomaly-shield-application resource.

data[].relationships.template.data

Object

The mapping-template references.

data[].relationships.template.data.type

String

The data type of the referenced resource. Must be "mapping-template" for this call.

data[].relationships.template.data.id

String

The ID of the mapping-template resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings?filter=label%3D%3DmyMappingLabel&filter=entryPath%3D%3D/mymapping/" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 23032

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:09.651Z"
  },
  "data" : [ {
    "type" : "mapping",
    "id" : "1",
    "attributes" : {
      "name" : "mymapping",
      "labels" : [ "myMappingLabel" ],
      "tenant" : "",
      "entryPath" : {
        "value" : "/mymapping/",
        "enforceTrailingSlashes" : true,
        "regexFormatEnforced" : false,
        "ignoreCase" : false,
        "priority" : 0
      },
      "backendPath" : "/",
      "threatHandling" : "BLOCK",
      "operationalMode" : "PRODUCTION",
      "enableMaintenancePage" : true,
      "access" : {
        "deniedUrl" : {
          "value" : "/",
          "mode" : "GLOBAL"
        },
        "restrictions" : [ {
          "enabled" : true,
          "httpMethodPattern" : {
            "pattern" : "GET",
            "caseIgnored" : true,
            "inverted" : true
          },
          "entryPathPattern" : {
            "pattern" : "/admin/",
            "caseIgnored" : true,
            "inverted" : true
          },
          "authorizedRoles" : [ "admin" ],
          "authorizedPlans" : [ "android", "ios", "browser" ]
        } ],
        "clientCertificateAuthentication" : "NOT_REQUIRED",
        "authenticationFlow" : "REDIRECT",
        "backendLogoutUrl" : "",
        "ntlmPassthroughEnabled" : false,
        "credentialsPropagation" : {
          "mandatory" : false,
          "type" : "NONE"
        },
        "tokensEnabled" : false,
        "tokenTransport" : {
          "presenceMandatoryEnforced" : false,
          "headerExtraction" : {
            "enabled" : false,
            "extractionPattern" : {
              "pattern" : "^Authorization: Bearer (.*)$",
              "caseIgnored" : true
            },
            "replaceWith" : "$1"
          },
          "parameterExtraction" : {
            "enabled" : false,
            "name" : ""
          },
          "cookieExtraction" : {
            "enabled" : false,
            "name" : ""
          }
        },
        "tokenVerification" : {
          "signatureCheckEnforced" : false,
          "expiryCheckEnabled" : false,
          "expiryCheckSkew" : 10,
          "extractTechnicalClientIdEnabled" : false,
          "extractTechnicalClientIdName" : "",
          "setAuditTokenFromSubjectEnabled" : false,
          "claimRestrictions" : [ {
            "enabled" : true,
            "name" : "myClaim",
            "restrictionPattern" : {
              "pattern" : "",
              "caseIgnored" : false,
              "inverted" : false
            }
          } ],
          "roleExtractions" : [ {
            "enabled" : true,
            "name" : "myClaim",
            "extractionPattern" : {
              "pattern" : "",
              "caseIgnored" : false
            },
            "replaceWith" : "$1",
            "tokenLifetimeAsRoleLifetimeEnforced" : true
          } ]
        }
      },
      "ipRules" : {
        "ipAddressWhitelists" : {
          "logOnly" : false
        },
        "ipAddressBlacklists" : {
          "logOnly" : false,
          "webrootThreatCategories" : "WEB_ATTACKS"
        },
        "dynamicIpAddressBlacklist" : {
          "enabled" : false,
          "countMode" : "OFF"
        }
      },
      "botManagement" : {
        "logOnly" : false,
        "clientCookieSupportEnforced" : false,
        "wellKnownBots" : {
          "allowed" : false,
          "sourceDomainEnforced" : false
        },
        "customBots" : {
          "allowed" : false,
          "sourceDomainEnforced" : false,
          "userAgentPattern" : {
            "pattern" : "",
            "caseIgnored" : false,
            "inverted" : false
          },
          "domainPattern" : {
            "pattern" : "",
            "inverted" : false
          }
        }
      },
      "timeouts" : {
        "backend" : 120,
        "sessionIdle" : 0
      },
      "limits" : {
        "general" : {
          "maxRequestBodySize" : 1073741824,
          "maxPathLength" : 1024
        },
        "http" : {
          "maxParameters" : 128,
          "maxParameterNameLength" : 128,
          "maxParameterValueLength" : 1024
        },
        "json" : {
          "enabled" : true,
          "maxKeyLength" : 256,
          "maxValueLength" : 8192,
          "maxNestingDepth" : 100,
          "maxArrayItems" : 500,
          "maxKeys" : 250,
          "maxTotalEntries" : 150000
        }
      },
      "csrfProtection" : {
        "enabled" : false,
        "invalidTokenRedirectLocation" : "/%ENTRYPATH%",
        "pathExceptions" : [ {
          "pattern" : "^/exception$",
          "caseIgnored" : true
        } ]
      },
      "application" : {
        "sessionHandling" : "ENFORCE_SESSION",
        "controlApiAllowed" : false,
        "environmentCookiesEnabled" : false,
        "encryptedCookies" : {
          "enabled" : false,
          "prefix" : ""
        },
        "passthroughCookies" : {
          "enabled" : false,
          "prefix" : ""
        },
        "loadBalancingCookieEnabled" : true,
        "webSocketsAllowed" : false,
        "redirectForErrorPageEnabled" : false,
        "request" : {
          "charset" : "UTF_8_FALLBACK_WINDOWS_1252",
          "path" : {
            "enforceUtf8" : false
          },
          "header" : {
            "enforceUtf8" : false,
            "allowlist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$"
              }
            },
            "denylist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$"
              }
            }
          },
          "parameter" : {
            "enforceUtf8" : false
          }
        },
        "response" : {
          "compressionAllowed" : false,
          "stripCommentsEnabled" : true,
          "header" : {
            "allowlist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$"
              }
            },
            "denylist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$"
              }
            },
            "location" : {
              "rewrites" : [ {
                "enabled" : true,
                "urlPattern" : {
                  "pattern" : "/",
                  "caseIgnored" : true
                },
                "replaceWith" : "$1"
              } ]
            }
          },
          "json" : {
            "rewrites" : [ {
              "enabled" : true,
              "path" : "json#path",
              "contentPattern" : {
                "pattern" : "a",
                "caseIgnored" : true
              },
              "replaceWith" : "b"
            } ]
          },
          "body" : {
            "rewrites" : [ {
              "enabled" : true,
              "contentType" : "application/json",
              "contentPattern" : {
                "pattern" : "a",
                "caseIgnored" : true
              },
              "replaceWith" : "b"
            } ]
          },
          "html" : {
            "rewrites" : [ {
              "enabled" : true,
              "urlPattern" : {
                "pattern" : "a",
                "caseIgnored" : true
              },
              "uris" : true,
              "events" : true,
              "embedded" : true,
              "replaceWith" : "b"
            } ]
          },
          "errorPage" : {
            "rewrites" : [ {
              "enabled" : true,
              "statusContentPattern" : "^5(?!02|03)..$",
              "replaceWith" : "500.html"
            } ]
          }
        }
      },
      "apiSecurity" : {
        "treatPathSegmentsAsParamValues" : true,
        "jsonParser" : {
          "enabled" : false,
          "contentTypePattern" : {
            "pattern" : "",
            "caseIgnored" : true,
            "inverted" : false
          }
        },
        "openApiEnforced" : true,
        "openApiCheckResponsesEnabled" : false,
        "logOnly" : false,
        "openApiPathMatching" : "ClientView",
        "openApiPublishSpecificationEnabled" : true,
        "openApiPublishSpecificationPath" : "path/to/apiSpecification.json",
        "apiPolicyServiceEnabled" : true,
        "apiPolicyKeyExtractionHeader" : {
          "enabled" : true,
          "extractionPattern" : {
            "pattern" : "^Api-Key: (.*)$",
            "caseIgnored" : false,
            "inverted" : false
          },
          "replaceWith" : "$1"
        },
        "apiPolicyKeyExtractionQueryParameter" : {
          "enabled" : false,
          "parameterName" : "api_key"
        },
        "apiPolicyKeyExtractionCookie" : {
          "enabled" : false,
          "cookieName" : "ApiKey"
        }
      },
      "dosAttackPrevention" : {
        "enabled" : false,
        "maxRequestsPerInterval" : 500,
        "interval" : 60
      },
      "requestBodyStreaming" : {
        "enabled" : false,
        "httpMethodPattern" : {
          "pattern" : "",
          "caseIgnored" : false,
          "inverted" : false
        },
        "pathPattern" : {
          "pattern" : "",
          "caseIgnored" : false,
          "inverted" : false
        },
        "contentTypePattern" : {
          "pattern" : "",
          "caseIgnored" : true,
          "inverted" : false
        }
      },
      "httpParameterPollutionDetection" : {
        "mixedTypes" : {
          "enabled" : true,
          "logOnly" : false,
          "parameterNameExceptionPattern" : {
            "pattern" : "",
            "caseIgnored" : false,
            "inverted" : false
          }
        },
        "sameType" : {
          "enabled" : true
        }
      },
      "expertSettings" : {
        "securityGate" : {
          "enabled" : false,
          "settings" : ""
        },
        "apache" : {
          "enabled" : false,
          "settings" : ""
        }
      },
      "locking" : {
        "enabled" : false,
        "labels" : false,
        "access" : {
          "deniedUrl" : {
            "value" : false,
            "mode" : false
          },
          "restrictions" : false,
          "clientCertificateAuthentication" : false,
          "authenticationFlow" : false,
          "backendLogoutUrl" : false,
          "ntlmPassthroughEnabled" : false,
          "credentialsPropagation" : {
            "mandatory" : false,
            "type" : false
          },
          "tokensEnabled" : false,
          "tokenVerification" : {
            "localJwksProviders" : true,
            "remoteJwksProviders" : true,
            "expiryCheckEnabled" : false,
            "expiryCheckSkew" : false,
            "claimRestrictions" : false,
            "roleExtractions" : false,
            "extractTechnicalClientIdEnabled" : false,
            "extractTechnicalClientIdName" : false,
            "setAuditTokenFromSubjectEnabled" : false
          },
          "tokenTransport" : {
            "presenceMandatoryEnforced" : false,
            "headerExtraction" : {
              "enabled" : false,
              "extractionPattern" : false,
              "replaceWith" : false
            },
            "parameterExtraction" : {
              "enabled" : false,
              "name" : false
            },
            "cookieExtraction" : {
              "enabled" : false,
              "name" : false
            }
          }
        },
        "entryPath" : {
          "settings" : true,
          "enforceTrailingSlashes" : true,
          "regexFormatEnforced" : true,
          "priority" : false
        },
        "backendPath" : true,
        "threatHandling" : false,
        "operationalMode" : false,
        "enableMaintenancePage" : false,
        "ipRules" : {
          "ipAddressWhitelists" : {
            "logOnly" : false
          },
          "ipAddressBlacklists" : {
            "logOnly" : false
          },
          "dynamicIpAddressBlacklist" : {
            "enabled" : false,
            "countMode" : false
          }
        },
        "botManagement" : {
          "logOnly" : false,
          "clientCookieSupportEnforced" : false,
          "wellKnownBots" : {
            "allowed" : false,
            "sourceDomainEnforced" : false
          },
          "customBots" : {
            "allowed" : false,
            "sourceDomainEnforced" : false,
            "userAgentPattern" : false,
            "domainPattern" : false
          }
        },
        "timeouts" : {
          "backend" : false,
          "sessionIdle" : false
        },
        "limits" : {
          "general" : {
            "maxRequestBodySize" : true,
            "maxPathLength" : true
          },
          "http" : {
            "maxParameters" : false,
            "maxParameterNameLength" : false,
            "maxParameterValueLength" : false
          },
          "json" : {
            "enabled" : false,
            "maxKeyLength" : false,
            "maxValueLength" : false,
            "maxNestingDepth" : false,
            "maxArrayItems" : false,
            "maxKeys" : false,
            "maxTotalEntries" : false
          }
        },
        "csrfProtection" : {
          "enabled" : false,
          "invalidTokenRedirectLocation" : false,
          "pathExceptions" : false
        },
        "application" : {
          "sessionHandling" : false,
          "controlApiAllowed" : false,
          "environmentCookiesEnabled" : false,
          "encryptedCookies" : {
            "enabled" : false,
            "prefix" : false
          },
          "passthroughCookies" : {
            "enabled" : false,
            "prefix" : false
          },
          "loadBalancingCookieEnabled" : false,
          "webSocketsAllowed" : false,
          "redirectForErrorPageEnabled" : false,
          "request" : {
            "charset" : false,
            "path" : {
              "enforceUtf8" : false
            },
            "header" : {
              "enforceUtf8" : false,
              "allowlist" : {
                "defaultEnabled" : true,
                "additional" : false
              },
              "denylist" : {
                "defaultEnabled" : false,
                "additional" : false
              }
            },
            "parameter" : {
              "enforceUtf8" : false
            }
          },
          "response" : {
            "compressionAllowed" : false,
            "stripCommentsEnabled" : false,
            "header" : {
              "allowlist" : {
                "defaultEnabled" : false,
                "additional" : false
              },
              "denylist" : {
                "defaultEnabled" : false,
                "additional" : false
              },
              "location" : {
                "rewrites" : false
              }
            },
            "json" : {
              "rewrites" : false
            },
            "body" : {
              "rewrites" : false
            },
            "html" : {
              "rewrites" : false
            },
            "errorPage" : {
              "rewrites" : false
            }
          }
        },
        "apiSecurity" : {
          "treatPathSegmentsAsParamValues" : false,
          "jsonParser" : {
            "enabled" : false,
            "contentTypePattern" : false
          },
          "openApiEnforced" : false,
          "openApiCheckResponsesEnabled" : false,
          "openApiDocumentId" : false,
          "logOnly" : false,
          "openApiPathMatching" : false,
          "openApiPublishSpecificationEnabled" : false,
          "openApiPublishSpecificationPath" : false,
          "apiPolicyServiceEnabled" : false,
          "apiPolicyServiceId" : false,
          "apiPolicyKeyExtractionHeader" : {
            "enabled" : false,
            "extractionPattern" : false,
            "replaceWith" : false
          },
          "apiPolicyKeyExtractionQueryParameter" : {
            "enabled" : false,
            "parameterName" : false
          },
          "apiPolicyKeyExtractionCookie" : {
            "enabled" : false,
            "cookieName" : false
          }
        },
        "dosAttackPrevention" : {
          "enabled" : false,
          "maxRequestsPerInterval" : false,
          "interval" : false
        },
        "requestBodyStreaming" : {
          "enabled" : false,
          "httpMethodPattern" : false,
          "pathPattern" : false,
          "contentTypePattern" : false
        },
        "httpParameterPollutionDetection" : {
          "mixedTypes" : {
            "enabled" : false,
            "logOnly" : false,
            "parameterNameExceptionPattern" : false
          },
          "sameType" : {
            "enabled" : false
          }
        },
        "icap" : {
          "request" : {
            "clientViews" : false,
            "backendViews" : false
          },
          "response" : {
            "backendViews" : false,
            "clientViews" : false
          }
        }
      }
    },
    "relationships" : {
      "back-end-groups" : {
        "data" : [ {
          "type" : "back-end-group",
          "id" : "30"
        } ]
      },
      "virtual-hosts" : {
        "data" : [ {
          "type" : "virtual-host",
          "id" : "40"
        } ]
      },
      "local-json-web-key-sets" : {
        "data" : [ {
          "type" : "local-json-web-key-set",
          "id" : "46"
        } ]
      },
      "remote-json-web-key-sets" : {
        "data" : [ {
          "type" : "remote-json-web-key-set",
          "id" : "47"
        } ]
      },
      "openapi-document" : {
        "data" : {
          "type" : "openapi-document",
          "id" : "50"
        }
      },
      "api-policy-service" : {
        "data" : {
          "type" : "api-policy-service",
          "id" : "60"
        }
      },
      "icap-request-client-views" : {
        "data" : [ {
          "type" : "icap-environment",
          "id" : "42",
          "meta" : {
            "type" : "jsonapi.meta",
            "usage" : {
              "httpMethodPattern" : {
                "caseIgnored" : "true",
                "pattern" : "GET",
                "inverted" : "true"
              },
              "pathPattern" : {
                "caseIgnored" : "true",
                "pattern" : "/entity-path",
                "inverted" : "true"
              },
              "requestHeaderNamePattern" : {
                "caseIgnored" : "true",
                "pattern" : "^X-Entity",
                "inverted" : "true"
              },
              "requestHeaderValuePattern" : {
                "caseIgnored" : "true",
                "pattern" : "EntityValue",
                "inverted" : "true"
              },
              "enabled" : true
            }
          }
        } ]
      },
      "icap-request-backend-views" : {
        "data" : [ {
          "type" : "icap-environment",
          "id" : "43",
          "meta" : {
            "type" : "jsonapi.meta",
            "usage" : {
              "httpMethodPattern" : {
                "caseIgnored" : "true",
                "pattern" : "GET",
                "inverted" : "true"
              },
              "pathPattern" : {
                "caseIgnored" : "true",
                "pattern" : "/entity-path",
                "inverted" : "true"
              },
              "requestHeaderNamePattern" : {
                "caseIgnored" : "true",
                "pattern" : "^X-Entity",
                "inverted" : "true"
              },
              "requestHeaderValuePattern" : {
                "caseIgnored" : "true",
                "pattern" : "EntityValue",
                "inverted" : "true"
              },
              "enabled" : true
            }
          }
        } ]
      },
      "icap-response-backend-views" : {
        "data" : [ {
          "type" : "icap-environment",
          "id" : "44",
          "meta" : {
            "type" : "jsonapi.meta",
            "usage" : {
              "httpMethodPattern" : {
                "caseIgnored" : "true",
                "pattern" : "GET",
                "inverted" : "true"
              },
              "pathPattern" : {
                "caseIgnored" : "true",
                "pattern" : "/entity-path",
                "inverted" : "true"
              },
              "requestHeaderNamePattern" : {
                "caseIgnored" : "true",
                "pattern" : "^X-Entity",
                "inverted" : "true"
              },
              "requestHeaderValuePattern" : {
                "caseIgnored" : "true",
                "pattern" : "EntityValue",
                "inverted" : "true"
              },
              "responseHeaderNamePattern" : {
                "caseIgnored" : "true",
                "pattern" : "X-Response",
                "inverted" : "true"
              },
              "responseHeaderValuePattern" : {
                "caseIgnored" : "true",
                "pattern" : "responsevalue",
                "inverted" : "true"
              },
              "enabled" : true
            }
          }
        } ]
      },
      "icap-response-client-views" : {
        "data" : [ {
          "type" : "icap-environment",
          "id" : "45",
          "meta" : {
            "type" : "jsonapi.meta",
            "usage" : {
              "httpMethodPattern" : {
                "caseIgnored" : "true",
                "pattern" : "GET",
                "inverted" : "true"
              },
              "pathPattern" : {
                "caseIgnored" : "true",
                "pattern" : "/entity-path",
                "inverted" : "true"
              },
              "requestHeaderNamePattern" : {
                "caseIgnored" : "true",
                "pattern" : "^X-Entity",
                "inverted" : "true"
              },
              "requestHeaderValuePattern" : {
                "caseIgnored" : "true",
                "pattern" : "EntityValue",
                "inverted" : "true"
              },
              "responseHeaderNamePattern" : {
                "caseIgnored" : "true",
                "pattern" : "X-Response",
                "inverted" : "true"
              },
              "responseHeaderValuePattern" : {
                "caseIgnored" : "true",
                "pattern" : "responsevalue",
                "inverted" : "true"
              },
              "enabled" : true
            }
          }
        } ]
      },
      "anomaly-shield-application" : {
        "data" : {
          "type" : "anomaly-shield-application",
          "id" : "70"
        }
      }
    }
  } ]
}

Access a Mapping

GET /configuration/mappings/{id}

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "mapping" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.access.authenticationFlow

String

Allowed values:
- REDIRECT: If the required role for the mapping is missing on the current session, Airlock Gateway will send a redirect (HTTP 303) to either the global or the custom denied access URL.
This mode is typically used in conjunction with user operated clients.
- DENY_ACCESS: Airlock Gateway will directly send an access denied (HTTP 403) response to the client if the required role is missing.
This is typically used for technical clients.
- ONE_SHOT: When this option is selected and Airlock Gateway receives an incoming request for this mapping that needs to be authenticated, Airlock Gateway implicitly (without redirect) forwards the request to the configured denied access URL for this mapping. The request headers are forwarded but no request body. After the forwarded request, Airlock Gateway checks again if the session is now authenticated.
If so, the original request is passed to the back-end server (successful one-shot authentication).
If the session does not have the required credentials even after the one-shot request, Airlock Gateway will send an access denied (HTTP 403) response to the client.
- ONE_SHOT_WITH_BODY: This is the same as with the "one-shot" option with two notable differences: The whole body of the request is also sent to the denied access URL for this mapping and the request method is always POST instead of GET.
- FRONT_SIDE_NTLM: Choose the front-side NTLM authentication flow to support authentication using NTLM. The front-side NTLM authentication flow is similar to the "one-shot" authentication flow, but also forwards all requests containing an "Authorization" header with value "NTLM .*" to the denied access URL.
For successful authentication, NTLM must be supported by the authentication service.

data.attributes.access.backendLogoutUrl

String

Whenever an Airlock Gateway session terminates (either due to an explicit logout by the user or due to a session timeout), Airlock Gateway will call the given, unmodified path on the currently used back-end host with all information concerning this back-end application such as cookies, headers, etc. to allow clean session termination on the backend host.

data.attributes.access.clientCertificateAuthentication

String

Specifies whether accessing this mapping requires the client to authenticate with a valid SSL client certificate.

Allowed values:
- NOT_REQUIRED: The mapping uses the client certificate settings of the virtual host.
- OPTIONAL: The client may send a certificate if available, but access is still allowed without. The optional setting is normally used in combination with an authentication service that presents an alternative login page if no certificate is sent.
- REQUIRED: The client must send a valid certificate. If no client certificate is sent, the SSL handshake is cancelled and the browser typically presents the user with a technical error message.

data.attributes.access.credentialsPropagation.mandatory

Boolean

If true and the selected SSO credentials are missing, access to the mapping is denied and Airlock Gateway will redirect to either the global or the custom denied access URL.

data.attributes.access.credentialsPropagation.type

String

Defines if SSO credentials set by the control API will be forwarded to the back-end application or not. These credentials are typically set by the authentication service upon successful authentication.

Allowed values:
- NONE: Even if Basic-Auth or NTLM credentials set by the control API are present, Airlock Gateway will not forward them to the back-end application. Access to the mapping is granted without any SSO credentials.
- BASIC_AUTH: If Basic-Auth credentials set by the control API are present, Airlock Gateway will forward them to the back-end application.
- KERBEROS: If a Kerberos user is set by the control API, Airlock Gateway will acquire and send a service ticket to the back-end application.
- NTLM: If NTLM credentials set by the control API are present, Airlock Gateway will forward them to the back-end application.

data.attributes.access.deniedUrl.mode

String

Allowed values:
- GLOBAL: Use the global denied access url as configured under the menu Application Firewall - Session - Access Control.
- CUSTOM: Use the mapping specific denied access url.

data.attributes.access.deniedUrl.value

String

Location (URL) of the authentication service. In case the required role for the mapping is missing on the current session, Airlock Gateway will redirect the client to this location.

data.attributes.access.ntlmPassthroughEnabled

Boolean

Airlock Gateway is enabled to handle HTTP connections with transparent client to back-end NTLM authentication. Since the authorization of NTLM authenticated connections is bound to the underlying TCP connection, the client and back-end connections are correlated as soon as a NTLM handshake is detected. These one-to-one bindings of client and back-end connections exist until client connections are closed. It is guaranteed that no back-end connection authenticated using NTLM is ever reused by another client connection.

NTLM has well-known security flaws. We strongly recommend adding additional security measures when exposing NTLM authentication to the Internet. If possible, Kerberos should be preferred over NTLM, as suggested by Microsoft.

data.attributes.access.restrictions[].authorizedPlans[]

Array

List of mandatory plans. Only sessions which have at least one of these plans will be able to access the service.

data.attributes.access.restrictions[].authorizedRoles[]

Array

List of mandatory roles. Only sessions which have at least one of these roles will be able to access the service.

data.attributes.access.restrictions[].enabled

Boolean

Whether access restriction is enabled.

data.attributes.access.restrictions[].entryPathPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.access.restrictions[].entryPathPattern.inverted

Boolean

Whether to invert the match.

data.attributes.access.restrictions[].entryPathPattern.pattern

String

The actual pattern.

data.attributes.access.restrictions[].httpMethodPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.access.restrictions[].httpMethodPattern.inverted

Boolean

Whether to invert the match.

data.attributes.access.restrictions[].httpMethodPattern.pattern

String

The actual pattern.

data.attributes.access.tokenTransport.cookieExtraction.enabled

Boolean

If enabled, Airlock Gateway will extract the token from the specified cookie.

data.attributes.access.tokenTransport.cookieExtraction.name

String

Name of the cookie.

data.attributes.access.tokenTransport.headerExtraction.enabled

Boolean

If enabled, Airlock Gateway will extract the token from the specified header.

data.attributes.access.tokenTransport.headerExtraction.extractionPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.access.tokenTransport.headerExtraction.extractionPattern.pattern

String

The actual pattern.

data.attributes.access.tokenTransport.headerExtraction.replaceWith

String

The rewrite expression for the header extraction.

data.attributes.access.tokenTransport.parameterExtraction.enabled

Boolean

If enabled, Airlock Gateway will extract the token from the specified query parameter.

data.attributes.access.tokenTransport.parameterExtraction.name

String

Name of the query parameter.

data.attributes.access.tokenTransport.presenceMandatoryEnforced

Boolean

If not enforced, requests without a token are accepted. However, if a token is present, it is extracted and validated and the configured restrictions and role extractions are applied.

data.attributes.access.tokenVerification.claimRestrictions[].enabled

Boolean

Whether this claim extraction rule is enabled.

data.attributes.access.tokenVerification.claimRestrictions[].name

String

Name of the claim you want to restrict.

data.attributes.access.tokenVerification.claimRestrictions[].restrictionPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.access.tokenVerification.claimRestrictions[].restrictionPattern.inverted

Boolean

Whether to invert the match.

data.attributes.access.tokenVerification.claimRestrictions[].restrictionPattern.pattern

String

The actual pattern.

data.attributes.access.tokenVerification.expiryCheckEnabled

Boolean

If enabled, the JWT standard claims expiry (exp) and not before (nbf) will be checked and must be valid.

data.attributes.access.tokenVerification.expiryCheckSkew

Number

Allowed skew when checking expiry / not before in seconds. This can be used if verification fails because of time synchronization issues with the token issuer and your Airlock.

data.attributes.access.tokenVerification.extractTechnicalClientIdEnabled

Boolean

If enabled, a technical client ID is extracted from the JWT.

data.attributes.access.tokenVerification.extractTechnicalClientIdName

String

Name of the claim to extract as technical client ID.

data.attributes.access.tokenVerification.roleExtractions[].enabled

Boolean

Whether this claim extraction rule is enabled.

data.attributes.access.tokenVerification.roleExtractions[].extractionPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.access.tokenVerification.roleExtractions[].extractionPattern.pattern

String

The actual pattern.

data.attributes.access.tokenVerification.roleExtractions[].name

String

Name of the claim you want to extract a role from.

data.attributes.access.tokenVerification.roleExtractions[].replaceWith

String

The rewrite expression of the role.

data.attributes.access.tokenVerification.roleExtractions[].tokenLifetimeAsRoleLifetimeEnforced

Boolean

If enforced, the expiry claim (exp) of the JWT will be used as the role lifetime.

data.attributes.access.tokenVerification.setAuditTokenFromSubjectEnabled

Boolean

If enabled, the 'sub' claim is extracted from the JWT and its value is used as audit token of the current Airlock session.

data.attributes.access.tokenVerification.signatureCheckEnforced

Boolean

If enforced, the JWT’s signature must be present and valid.

data.attributes.access.tokensEnabled

Boolean

Whether access tokens should be processed.

data.attributes.apiSecurity.apiPolicyKeyExtractionCookie.cookieName

String

Name of the cookie.

data.attributes.apiSecurity.apiPolicyKeyExtractionCookie.enabled

Boolean

If enabled, Airlock Gateway will extract the API key from the specified cookie.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.enabled

Boolean

If enabled, Airlock Gateway will extract the API key from the specified header.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern.inverted

Boolean

Whether to invert the match.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern.pattern

String

The actual pattern.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.replaceWith

String

Rewrite expression for the header extraction.

data.attributes.apiSecurity.apiPolicyKeyExtractionQueryParameter.enabled

Boolean

If enabled, Airlock Gateway will extract the API key from the specified query parameter.

data.attributes.apiSecurity.apiPolicyKeyExtractionQueryParameter.parameterName

String

Name of the query parameter.

data.attributes.apiSecurity.apiPolicyServiceEnabled

Boolean

Whether to enable the API policy service.

data.attributes.apiSecurity.jsonParser.contentTypePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.apiSecurity.jsonParser.contentTypePattern.inverted

Boolean

Whether to invert the match.

data.attributes.apiSecurity.jsonParser.contentTypePattern.pattern

String

The actual pattern.

data.attributes.apiSecurity.jsonParser.enabled

Boolean

If set to true, Airlock Gateway parses JSON objects in requests and filters JSON attributes with allow rules and deny rules. JSON objects are parsed only if their content-type matches the specified pattern.

data.attributes.apiSecurity.logOnly

Boolean

If enabled, potential attack requests are only logged but not blocked.

data.attributes.apiSecurity.openApiCheckResponsesEnabled

Boolean

If enabled, responses are also checked against the API specification.

data.attributes.apiSecurity.openApiEnforced

Boolean

Whether traffic to/from this service shall be checked against an API specification provided in the OpenAPI format.If enforced, traffic not conforming to the API specification will be blocked.

data.attributes.apiSecurity.openApiPathMatching

String

Run OpenAPI path matching against client or server view of request/response.

Allowed values:
- ClientView
- BackendView

data.attributes.apiSecurity.openApiPublishSpecificationEnabled

Boolean

If enabled, allow clients to download the API specification.

data.attributes.apiSecurity.openApiPublishSpecificationPath

String

External path to the API specification. Note that the entry path will be added in front of it.

data.attributes.apiSecurity.treatPathSegmentsAsParamValues

Boolean

If enabled, each path segment is interpreted as a separate parameter value and the deny rules for parameter values are applied to it.

data.attributes.application.controlApiAllowed

Boolean

Whether this service is allowed to use Airlock Gateway’s back-end API via the control cookie mechanism. Normally, only the authentication application should be allowed to use the back-end control API of Airlock Gateway.

data.attributes.application.encryptedCookies.enabled

Boolean

Enables encryption of cookies which are sent to the client.

data.attributes.application.encryptedCookies.prefix

String

Regular expression for cookies that should be cryptographically encrypted before being sent to the client.
All cookies that have names which match the regular expression are encrypted and digitally signed with a secret key derived from a pass phrase when sent to the client. They are decrypted and verified when sent to the back-end service.
Because the pass-phrase-based key is used, such cookies are valid over several sessions and can also be persistent on the client’s machine. Such cookies protect the application from manipulated cookie contents and hide the content from the user.

data.attributes.application.environmentCookiesEnabled

Boolean

Whether this service should receive the Airlock Gateway environment cookies that contain useful information about the connection to the client.

data.attributes.application.loadBalancingCookieEnabled

Boolean

If enabled, load balancing information is sent to the client in a load balancing cookie. Disable if no load balancing is needed and no cookie should be generated for this purpose.

data.attributes.application.passthroughCookies.enabled

Boolean

Whether 'Passthrough Cookies' are enabled. Passthrough Cookies are cookies which are sent in plain format to the client.

data.attributes.application.passthroughCookies.prefix

String

Regular expression to select cookies that should be treated as 'Passthrough Cookies'.
Passthrough cookies are not recommended because they are often a carrier for cookie poisoning based web application attacks that can result in buffer overflows etc.

data.attributes.application.redirectForErrorPageEnabled

Boolean

If enabled, Airlock Gateway will deliver error pages by sending a HTTP redirect pointing to the error page to its clients. Otherwise the error page will be directly returned.

data.attributes.application.request.charset

String

Parameter values that are sent in HTTP requests from the client are interpreted by Airlock Gateway as if they were encoded using the given charset. If Airlock Gateway detects that the charset does not match, it tries to use the fallback charset.

Allowed values:
- UTF_8_FALLBACK_WINDOWS_1252
- UTF_8
- ISO_8859_15
- WINDOWS_1251
- WINDOWS_1252

data.attributes.application.request.header.allowlist.additional

Object

Additional headers to allow.

data.attributes.application.request.header.allowlist.additional.pattern

String

The actual pattern.

data.attributes.application.request.header.allowlist.defaultEnabled

Boolean

If enabled, default header allow list will be applied.

data.attributes.application.request.header.denylist.additional

Object

Additional headers to deny.

data.attributes.application.request.header.denylist.additional.pattern

String

The actual pattern.

data.attributes.application.request.header.denylist.defaultEnabled

Boolean

If enabled, default header deny list will be applied.

data.attributes.application.request.header.enforceUtf8

Boolean

If enabled, requests which contain invalid UTF-8 sequences in the headers will be blocked.

data.attributes.application.request.parameter.enforceUtf8

Boolean

If enabled, requests which contain invalid UTF-8 sequences in the parameters will be blocked.

data.attributes.application.request.path.enforceUtf8

Boolean

If enabled, requests which contain invalid UTF-8 sequences in the path will be blocked.

data.attributes.application.response.body.rewrites[].contentPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.application.response.body.rewrites[].contentPattern.pattern

String

The actual pattern.

data.attributes.application.response.body.rewrites[].contentType

String

A response from the back-end server is rewritten only if the response headerContent-Type matches this regular expression.

data.attributes.application.response.body.rewrites[].enabled

Boolean

Whether rewrites are enabled.

data.attributes.application.response.body.rewrites[].replaceWith

String

Target string which will replace the string matched by Content Pattern.

data.attributes.application.response.compressionAllowed

Boolean

Specifies whether Airlock Gateway should compress the output on-the-fly for the client browser (if supported and requested by the browser).
Warning: Allowing compression for data served through SSL/TLS virtual hosts may affect the secrecy of the data.

data.attributes.application.response.errorPage.rewrites[].enabled

Boolean

Whether rewrites are enabled.

data.attributes.application.response.errorPage.rewrites[].replaceWith

String

Target string which will replace the string matched by HTTP status content pattern.

data.attributes.application.response.errorPage.rewrites[].statusContentPattern

String

The HTTP status code pattern.

data.attributes.application.response.header.allowlist.additional

Object

Additional headers to allow.

data.attributes.application.response.header.allowlist.additional.pattern

String

The actual pattern.

data.attributes.application.response.header.allowlist.defaultEnabled

Boolean

If enabled, default header allow list will be applied.

data.attributes.application.response.header.denylist.additional

Object

Additional headers to deny.

data.attributes.application.response.header.denylist.additional.pattern

String

The actual pattern.

data.attributes.application.response.header.denylist.defaultEnabled

Boolean

If enabled, default header deny list will be applied.

data.attributes.application.response.header.location.rewrites[].enabled

Boolean

Whether rewrites are enabled.

data.attributes.application.response.header.location.rewrites[].replaceWith

String

Target string which will replace the string matched by URL pattern.

data.attributes.application.response.header.location.rewrites[].urlPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.application.response.header.location.rewrites[].urlPattern.pattern

String

The actual pattern.

data.attributes.application.response.html.rewrites[].embedded

Boolean

Whether to apply the rule to <script> and <style> blocks embedded in the HTML page

data.attributes.application.response.html.rewrites[].enabled

Boolean

Whether rewrites are enabled.

data.attributes.application.response.html.rewrites[].events

Boolean

Whether to apply the rule to JavaScript event strings such as onsubmit, onload, etc.

data.attributes.application.response.html.rewrites[].replaceWith

String

Target string which will replace the string matched by URL Pattern.

data.attributes.application.response.html.rewrites[].uris

Boolean

Whether to apply the rule to linked HTML elements like href, src, etc.

data.attributes.application.response.html.rewrites[].urlPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.application.response.html.rewrites[].urlPattern.pattern

String

The actual pattern.

data.attributes.application.response.json.rewrites[].contentPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.application.response.json.rewrites[].contentPattern.pattern

String

The actual pattern.

data.attributes.application.response.json.rewrites[].enabled

Boolean

Whether rewrites are enabled.

data.attributes.application.response.json.rewrites[].path

String

A response from the back-end server is rewritten only if the JSON path matches this regular expression.

data.attributes.application.response.json.rewrites[].replaceWith

String

Target string which will replace the string matched by Content Pattern.

data.attributes.application.response.stripCommentsEnabled

Boolean

If enabled, Airlock Gateway removes HTML comments.

data.attributes.application.sessionHandling

String

Allowed values:
- ENFORCE_SESSION: Sessions are enforced. If no session is available, a new session is created.
- OPTIONAL_SESSION: Sessions are optional. Existing sessions are used. If no session is available, no session is used.
- OPTIONAL_SESSION_NO_REFRESH: Same as "OPTIONAL_SESSION" but without refreshing session access timestamps. That is, requests use existing sessions if available but do not reset session idle times.
- IGNORE_SESSION: Session handling is disabled. No sessions are created and existing sessions are ignored. This mode improves performance for delivery of anonymous stateless content, such as image directories or static web repositories.

data.attributes.application.webSocketsAllowed

Boolean

Whether support for the WebSockets protocol as defined in RFC 6455 is enabled.

data.attributes.backendPath

String

The back-end path specifies the internal back-end path, i.e. the path of the request sent to the application server.

data.attributes.botManagement.clientCookieSupportEnforced

Boolean

If enabled, only clients implementing a Cookie-Store will be able to access the application through this mapping. In contrast to regular browsers, most bots do not implement a Cookie-Store and will therefore be blocked if this setting is enabled.

data.attributes.botManagement.customBots.allowed

Boolean

If enabled, custom bots are not blocked.
Custom bots are identified by providing a "User-Agent" and "Domain" pattern.

data.attributes.botManagement.customBots.domainPattern.inverted

Boolean

Whether to invert the match.

data.attributes.botManagement.customBots.domainPattern.pattern

String

The actual pattern.

data.attributes.botManagement.customBots.sourceDomainEnforced

Boolean

Do not block bots whose source-domain matches the "domain pattern".

data.attributes.botManagement.customBots.userAgentPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.botManagement.customBots.userAgentPattern.inverted

Boolean

Whether to invert the match.

data.attributes.botManagement.customBots.userAgentPattern.pattern

String

The actual pattern.

data.attributes.botManagement.logOnly

Boolean

If true, requests from bots are only logged but not blocked.

data.attributes.botManagement.wellKnownBots.allowed

Boolean

Check the User-Agent to determine if a bot is well-known and do not block such bots.
Clients indicating one of the following User-Agent headers are treated as well-known bots: Googlebot, bingbot, MSNBot, Baiduspider, YandexBot, archive.org_bot, DuckDuckBot.

data.attributes.botManagement.wellKnownBots.sourceDomainEnforced

Boolean

If enabled, a reverse IP lookup for well-known bots is performed to verify that the client’s IP address belongs to the operator of a well-known bot.
This prevents bots from pretending to be a well-known bot by sending a fake "User-Agent" header.
The following domains are considered as domains of operators operating well-known bots: google.com, googlebot.com,search.msn.com, yahoo.net, baidu.com, baidu.jp, yandex.ru, yandex.net, yandex.com, archive.org, amazonaws.com (107.20.237.51, 23.21.226.191, 107.21.1.8, 54.208.102.37)

data.attributes.csrfProtection.enabled

Boolean

Whether CSRF protection is enabled.

data.attributes.csrfProtection.invalidTokenRedirectLocation

String

If a missing or invalid CSRF token is detected, the client is redirected to the configured location.

data.attributes.csrfProtection.pathExceptions[].caseIgnored

Boolean

Whether to ignore case.

data.attributes.csrfProtection.pathExceptions[].pattern

String

The actual pattern.

data.attributes.dosAttackPrevention.enabled

Boolean

Whether the DoS attack prevention filter is enabled.

data.attributes.dosAttackPrevention.interval

Number

Interval for measurement of allowed requests per IP address (seconds).

data.attributes.dosAttackPrevention.maxRequestsPerInterval

Number

Maximum requests allowed per IP address.

data.attributes.enableMaintenancePage

Boolean

Whether the maintenance page is enabled.

data.attributes.entryPath.enforceTrailingSlashes

Boolean

Whether a trailing slash is mandatory at the end of the entry path or not.

data.attributes.entryPath.ignoreCase

Boolean

Whether the entry path should be case sensitive.

data.attributes.entryPath.priority

Number

The priority guarantees a deterministic selection of the mapping for a given request path.
The value can be between -999 (highest priority) and 999 (lowest priority). It must be unique among all regular expression mappings.

data.attributes.entryPath.regexFormatEnforced

Boolean

Whether the entry path (the external URL path of the mapping) should be interpreted as regular expression or not.

data.attributes.entryPath.value

String

The entry path specifies the external URL path the mapping should be available under. For each incoming request, Airlock Gateway compares the URL with the entry path to find the right mapping.

data.attributes.expertSettings.apache

Object

Expert settings for the Apache.

data.attributes.expertSettings.apache.enabled

Boolean

Whether the Apache expert settings are enabled.

data.attributes.expertSettings.apache.settings

String

Expert settings for the Apache web listener.

data.attributes.expertSettings.securityGate

Object

Expert settings for the Security Gate.

data.attributes.expertSettings.securityGate.enabled

Boolean

Whether the Security Gate expert settings are enabled.

data.attributes.expertSettings.securityGate.settings

String

Expert settings for the Security Gate.

data.attributes.httpParameterPollutionDetection.mixedTypes

Object

Allows the detection of HTTP Parameter Pollution (HPP) attacks involving both HTTP GET and HTTP POST parameters (thus involving parameters of different/mixed types).

data.attributes.httpParameterPollutionDetection.mixedTypes.enabled

Boolean

If enabled, requests containing HTTP GET and HTTP POST parameters of the same name are blocked to prevent HPP attacks.

data.attributes.httpParameterPollutionDetection.mixedTypes.logOnly

Boolean

If true, potential HPP attack requests are only logged but not blocked.

data.attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern

Object

Parameters named with a name matching this regular expression pattern will be ignored by the HPP detection.

data.attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern.inverted

Boolean

Whether to invert the match.

data.attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern.pattern

String

The actual pattern.

data.attributes.httpParameterPollutionDetection.sameType

Object

Allows the detection of HTTP Parameter Pollution (HPP) attacks involving only HTTP GET or only HTTP POST parameters (thus involving only parameters of the same type).

data.attributes.httpParameterPollutionDetection.sameType.enabled

Boolean

If enabled, parameters named with the same name and type (HTTP GET or POST) are joined together into one parameter before filtering to prevent HPP attacks.
Note: For the filtering itself, a deny rule like the default deny rule '(default) HTTP Parameter Pollution' has to be configured.

data.attributes.ipRules.dynamicIpAddressBlacklist.countMode

String

Counting mode of dynamic IP address blacklist blocks.

Allowed values:
- OFF: Blocks on this mapping are not counted for the dynamic IP address blacklist.
- ALL: All blocks on this mapping are counted for the dynamic IP address blacklist.
- DENY_RULES_ONLY: Only deny rule blocks on this mapping are counted for the dynamic IP address blacklist.

data.attributes.ipRules.dynamicIpAddressBlacklist.enabled

Boolean

If enabled, IPs on the dynamic IP address blacklist are blocked.

data.attributes.ipRules.ipAddressBlacklists.logOnly

Boolean

If true, requests whose source IP address is contained in one of the configured IP Blacklists are only logged but not blocked.

data.attributes.ipRules.ipAddressBlacklists.webrootThreatCategories

String

List of threat categories which should be blocked (;-separated string).

Categories:
SPAM_SOURCES: The Spam Sources category includes IP addresses involved in tunneling spam messages through proxy, anomalous SMTP activities, and forum spam activities.
WINDOWS_EXPLOITS: The Windows Exploits category includes IP addresses participating in the distribution of malware, shell code, rootkits, worms or viruses for Windows platforms.
WEB_ATTACKS: The Web Attacks category includes IP addresses using cross site scripting, iFrame injection, SQL injection, cross domain injection, or domain password brute force attacks to target vulnerabilities on a web server.
BOT_NETS: The Botnets category includes IP addresses acting as Botnet Command and Control (C&C) centers, and infected zombie machines controlled by the C&C servers.
SCANNERS: The Scanners category includes IP addresses involved in unauthorized reconnaissance activities such as probing, host scanning, port scanning and brute force login attempts.
DENIAL_OF_SERVICE: The Denial of Services category includes IPs addresses involved in DOS or DDOS attacks, anomalous sync flood, or anomalous traffic.
PHISHING: The Phishing category includes IP addresses hosting phishing sites and sites related to other kinds of fraudulent activities.
PROXY: The Proxy category includes IP addresses providing proxy services, including both VPN and open web proxy services.
MOBILE_THREATS: The Mobile Threats category includes IP addresses associated with malicious and unwanted mobile applications.
TOR_PROXY: The Tor Proxy category includes IP addresses acting as exit nodes for the Tor Network. Exit nodes are the last point along the proxy chain and make a direct connection to the originator’s intended destination.

data.attributes.ipRules.ipAddressWhitelists.logOnly

Boolean

If true, requests whose source IP address is not contained in one of the configured IP Whitelists are only logged but not blocked.

data.attributes.labels[]

Array

List of assigned Labels (freely defined textual tags). Labels allow grouping of mappings with a common aspect, e.g. all mappings belonging to the same application.

data.attributes.limits.general.maxPathLength

Number

Defines the maximum path length for requests to the current mapping.

data.attributes.limits.general.maxRequestBodySize

Number

Defines the maximum size of the request body. It specifies the number of bytes from 0 (meaning unlimited) to 2147483647 (2GB) that are allowed in a request body. To restrict the size of file uploads, set this limit to the maximum combined size of all files uploaded at once.

data.attributes.limits.http.maxParameterNameLength

Number

Defines the maximum length for a parameter name.

data.attributes.limits.http.maxParameterValueLength

Number

Defines the maximum length for a parameter value.

data.attributes.limits.http.maxParameters

Number

Defines the maximum number of parameters inside the request.

data.attributes.limits.json.enabled

Boolean

Whether JSON limits are enabled.

data.attributes.limits.json.maxArrayItems

Number

Defines the maximum number of items for a single JSON array (non-recursive).

data.attributes.limits.json.maxKeyLength

Number

Defines the maximum length for a JSON key, also known as "JSON property" or "JSON object member".

data.attributes.limits.json.maxKeys

Number

Defines the maximum number of keys of a single JSON object (non-recursive).

data.attributes.limits.json.maxNestingDepth

Number

Defines the maximum depth of nesting for JSON objects and JSON arrays.

data.attributes.limits.json.maxTotalEntries

Number

Defines the maximum number of keys and array items in the whole JSON document (recursive).

data.attributes.limits.json.maxValueLength

Number

Defines the maximum json value length for requests to the current mapping.

data.attributes.locking.access.authenticationFlow

Boolean

Lock for the corresponding member.

data.attributes.locking.access.backendLogoutUrl

Boolean

Lock for the corresponding member.

data.attributes.locking.access.clientCertificateAuthentication

Boolean

Lock for the corresponding member.

data.attributes.locking.access.credentialsPropagation.mandatory

Boolean

Lock for the corresponding member.

data.attributes.locking.access.credentialsPropagation.type

Boolean

Lock for the corresponding member.

data.attributes.locking.access.deniedUrl.mode

Boolean

Lock for the corresponding member.

data.attributes.locking.access.deniedUrl.value

Boolean

Lock for the corresponding member.

data.attributes.locking.access.ntlmPassthroughEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.restrictions

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.cookieExtraction.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.cookieExtraction.name

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.headerExtraction.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.headerExtraction.extractionPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.headerExtraction.replaceWith

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.parameterExtraction.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.parameterExtraction.name

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.presenceMandatoryEnforced

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.claimRestrictions

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.expiryCheckEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.expiryCheckSkew

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.extractTechnicalClientIdEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.extractTechnicalClientIdName

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.localJwksProviders

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.remoteJwksProviders

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.roleExtractions

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.setAuditTokenFromSubjectEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokensEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionCookie.cookieName

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionCookie.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionHeader.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionHeader.replaceWith

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionQueryParameter.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionQueryParameter.parameterName

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyServiceEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyServiceId

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.jsonParser.contentTypePattern

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.jsonParser.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.logOnly

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiCheckResponsesEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiDocumentId

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiEnforced

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiPathMatching

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiPublishSpecificationEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiPublishSpecificationPath

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.treatPathSegmentsAsParamValues

Boolean

Lock for the corresponding member.

data.attributes.locking.application.controlApiAllowed

Boolean

Lock for the corresponding member.

data.attributes.locking.application.encryptedCookies.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.encryptedCookies.prefix

Boolean

Lock for the corresponding member.

data.attributes.locking.application.environmentCookiesEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.loadBalancingCookieEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.passthroughCookies.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.passthroughCookies.prefix

Boolean

Lock for the corresponding member.

data.attributes.locking.application.redirectForErrorPageEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.charset

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.header.allowlist.additional

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.header.allowlist.defaultEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.header.denylist.additional

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.header.denylist.defaultEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.header.enforceUtf8

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.parameter.enforceUtf8

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.path.enforceUtf8

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.body.rewrites

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.compressionAllowed

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.errorPage.rewrites

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.header.allowlist.additional

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.header.allowlist.defaultEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.header.denylist.additional

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.header.denylist.defaultEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.header.location.rewrites

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.html.rewrites

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.json.rewrites

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.stripCommentsEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.sessionHandling

Boolean

Lock for the corresponding member.

data.attributes.locking.application.webSocketsAllowed

Boolean

Lock for the corresponding member.

data.attributes.locking.backendPath

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.clientCookieSupportEnforced

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.customBots.allowed

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.customBots.domainPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.customBots.sourceDomainEnforced

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.customBots.userAgentPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.logOnly

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.wellKnownBots.allowed

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.wellKnownBots.sourceDomainEnforced

Boolean

Lock for the corresponding member.

data.attributes.locking.csrfProtection.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.csrfProtection.invalidTokenRedirectLocation

Boolean

Lock for the corresponding member.

data.attributes.locking.csrfProtection.pathExceptions

Boolean

Lock for the corresponding member.

data.attributes.locking.dosAttackPrevention.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.dosAttackPrevention.interval

Boolean

Lock for the corresponding member.

data.attributes.locking.dosAttackPrevention.maxRequestsPerInterval

Boolean

Lock for the corresponding member.

data.attributes.locking.enableMaintenancePage

Boolean

Lock for the corresponding member.

data.attributes.locking.enabled

Boolean

If true, the state of the attribute locks is displayed in Airlock Gateway’s Configuration Center for this mapping.

data.attributes.locking.entryPath.enforceTrailingSlashes

Boolean

Lock for the corresponding member.

data.attributes.locking.entryPath.priority

Boolean

Lock for the corresponding member.

data.attributes.locking.entryPath.regexFormatEnforced

Boolean

Lock for the corresponding member.

data.attributes.locking.entryPath.settings

Boolean

Lock for the corresponding member. Note that this lock affects both the EntryPath’s 'value' and 'ignoreCase'.

data.attributes.locking.httpParameterPollutionDetection.mixedTypes.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.httpParameterPollutionDetection.mixedTypes.logOnly

Boolean

Lock for the corresponding member.

data.attributes.locking.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.httpParameterPollutionDetection.sameType.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.icap.request.backendViews

Boolean

Lock for the corresponding member.

data.attributes.locking.icap.request.clientViews

Boolean

Lock for the corresponding member.

data.attributes.locking.icap.response.backendViews

Boolean

Lock for the corresponding member.

data.attributes.locking.icap.response.clientViews

Boolean

Lock for the corresponding member.

data.attributes.locking.ipRules.dynamicIpAddressBlacklist.countMode

Boolean

Lock for the corresponding member.

data.attributes.locking.ipRules.dynamicIpAddressBlacklist.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.ipRules.ipAddressBlacklists.logOnly

Boolean

Lock for the corresponding member.

data.attributes.locking.ipRules.ipAddressWhitelists.logOnly

Boolean

Lock for the corresponding member.

data.attributes.locking.labels

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.general.maxPathLength

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.general.maxRequestBodySize

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.http.maxParameterNameLength

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.http.maxParameterValueLength

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.http.maxParameters

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.maxArrayItems

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.maxKeyLength

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.maxKeys

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.maxNestingDepth

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.maxTotalEntries

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.maxValueLength

Boolean

Lock for the corresponding member.

data.attributes.locking.operationalMode

Boolean

Lock for the corresponding member.

data.attributes.locking.requestBodyStreaming.contentTypePattern

Boolean

Lock for the corresponding member.

data.attributes.locking.requestBodyStreaming.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.requestBodyStreaming.httpMethodPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.requestBodyStreaming.pathPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.threatHandling

Boolean

Lock for the corresponding member.

data.attributes.locking.timeouts.backend

Boolean

Lock for the corresponding member.

data.attributes.locking.timeouts.sessionIdle

Boolean

Lock for the corresponding member.

data.attributes.name

String

The unique name of the mapping.

data.attributes.operationalMode

String

The mode in which the mapping runs.

Allowed values:
- PRODUCTION: Standard mode of operation.
- INTEGRATION: More information is logged about all requests and responses (may decrease performance).

data.attributes.requestBodyStreaming.contentTypePattern

Object

Only requests whose content type header matches this regular expression pattern will be streamed.

data.attributes.requestBodyStreaming.contentTypePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.requestBodyStreaming.contentTypePattern.inverted

Boolean

Whether to invert the match.

data.attributes.requestBodyStreaming.contentTypePattern.pattern

String

The actual pattern.

data.attributes.requestBodyStreaming.enabled

Boolean

Whether request body streaming is enabled. If enabled, only requests matching all three regular expression patterns will be streamed.
Empty fields have the same effect as the pattern ^.*$

data.attributes.requestBodyStreaming.httpMethodPattern

Object

Only requests whose HTTP method matches this regular expression pattern will be streamed.

data.attributes.requestBodyStreaming.httpMethodPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.requestBodyStreaming.httpMethodPattern.inverted

Boolean

Whether to invert the match.

data.attributes.requestBodyStreaming.httpMethodPattern.pattern

String

The actual pattern.

data.attributes.requestBodyStreaming.pathPattern

Object

Only requests whose path matches this regular expression pattern will be streamed.

data.attributes.requestBodyStreaming.pathPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.requestBodyStreaming.pathPattern.inverted

Boolean

Whether to invert the match.

data.attributes.requestBodyStreaming.pathPattern.pattern

String

The actual pattern.

data.attributes.tenant

String

Tenant of the mapping.

data.attributes.threatHandling

String

Defines how policy violations, e.g., missing allow rules, matching deny rules, URL encryption and form protection violations, are handled.

Allowed values:
- BLOCK: Requests violating policies are blocked. The session (if available) remains valid.
- TERMINATE_SESSION: Requests violating policies are blocked. The session (if available) is terminated.
- NOTIFY: Requests violating policies are not blocked. The violation is logged and notified.

data.attributes.timeouts.backend

Number

Defines the time (seconds) Airlock Gateway will wait for the back-end response.
In case the request runs into the timeout, Airlock Gateway will send a redirect to the HTTP 503 Service unavailable error page with the corresponding HTTP 503 status code. If In-band Health Checks are configured, then such a request will be counted as a failed request, potentially leading to the back-end server being marked as bad.

data.attributes.timeouts.sessionIdle

Number

Defines the minimum session idle time (seconds) of Airlock Gateway for this mapping.
The value will be ignored if minimum session idle timeout is smaller or equal to the global session idle timeout setting.

data.relationships.virtual-hosts.data[]

Array

The virtual-host references.

data.relationships.virtual-hosts.data[].type

String

The data type of the referenced resource. Must be "virtual-host" for this call.

data.relationships.virtual-hosts.data[].id

String

The ID of the virtual-host resource.

data.relationships.back-end-groups.data[]

Array

The back-end-group references.

data.relationships.back-end-groups.data[].type

String

The data type of the referenced resource. Must be "back-end-group" for this call.

data.relationships.back-end-groups.data[].id

String

The ID of the back-end-group resource.

data.relationships.local-json-web-key-sets.data[]

Array

The local-json-web-key-set references.

data.relationships.local-json-web-key-sets.data[].type

String

The data type of the referenced resource. Must be "local-json-web-key-set" for this call.

data.relationships.local-json-web-key-sets.data[].id

String

The ID of the local-json-web-key-set resource.

data.relationships.remote-json-web-key-sets.data[]

Array

The remote-json-web-key-set references.

data.relationships.remote-json-web-key-sets.data[].type

String

The data type of the referenced resource. Must be "remote-json-web-key-set" for this call.

data.relationships.remote-json-web-key-sets.data[].id

String

The ID of the remote-json-web-key-set resource.

data.relationships.openapi-document.data

Object

The openapi-document references.

data.relationships.openapi-document.data.type

String

The data type of the referenced resource. Must be "openapi-document" for this call.

data.relationships.openapi-document.data.id

String

The ID of the openapi-document resource.

data.relationships.api-policy-service.data

Object

The api-policy-service references.

data.relationships.api-policy-service.data.type

String

The data type of the referenced resource. Must be "api-policy-service" for this call.

data.relationships.api-policy-service.data.id

String

The ID of the api-policy-service resource.

data.relationships.ip-address-whitelists.data[]

Array

The ip-address-list references.

data.relationships.ip-address-whitelists.data[].type

String

The data type of the referenced resource. Must be "ip-address-list" for this call.

data.relationships.ip-address-whitelists.data[].id

String

The ID of the ip-address-list resource.

data.relationships.ip-address-blacklists.data[]

Array

The ip-address-list references.

data.relationships.ip-address-blacklists.data[].type

String

The data type of the referenced resource. Must be "ip-address-list" for this call.

data.relationships.ip-address-blacklists.data[].id

String

The ID of the ip-address-list resource.

data.relationships.ip-address-blacklist-exceptions.data[]

Array

The ip-address-list references.

data.relationships.ip-address-blacklist-exceptions.data[].type

String

The data type of the referenced resource. Must be "ip-address-list" for this call.

data.relationships.ip-address-blacklist-exceptions.data[].id

String

The ID of the ip-address-list resource.

data.relationships.request-frequency-filter-ip-address-whitelist.data[]

Array

The ip-address-list references.

data.relationships.request-frequency-filter-ip-address-whitelist.data[].type

String

The data type of the referenced resource. Must be "ip-address-list" for this call.

data.relationships.request-frequency-filter-ip-address-whitelist.data[].id

String

The ID of the ip-address-list resource.

data.relationships.bot-management-source-ip-address-whitelist.data

Object

The ip-address-list references.

data.relationships.bot-management-source-ip-address-whitelist.data.type

String

The data type of the referenced resource. Must be "ip-address-list" for this call.

data.relationships.bot-management-source-ip-address-whitelist.data.id

String

The ID of the ip-address-list resource.

data.relationships.icap-request-client-views.data[]

Array

The icap-environment references.

data.relationships.icap-request-client-views.data[].type

String

The data type of the referenced resource. Must be "icap-environment" for this call.

data.relationships.icap-request-client-views.data[].id

String

The ID of the icap-environment resource.

data.relationships.icap-request-client-views.data[].meta.type

String

The JSON API meta type, which is: "jsonapi.meta"

data.relationships.icap-request-client-views.data[].meta.usage.enabled

Boolean

Whether this ICAP handler is enabled.

data.relationships.icap-request-client-views.data[].meta.usage.httpMethodPattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-request-client-views.data[].meta.usage.httpMethodPattern.inverted

String

Whether to invert the match.

data.relationships.icap-request-client-views.data[].meta.usage.httpMethodPattern.pattern

String

The actual pattern.

data.relationships.icap-request-client-views.data[].meta.usage.pathPattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-request-client-views.data[].meta.usage.pathPattern.inverted

String

Whether to invert the match.

data.relationships.icap-request-client-views.data[].meta.usage.pathPattern.pattern

String

The actual pattern.

data.relationships.icap-request-client-views.data[].meta.usage.requestHeaderNamePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-request-client-views.data[].meta.usage.requestHeaderNamePattern.inverted

String

Whether to invert the match.

data.relationships.icap-request-client-views.data[].meta.usage.requestHeaderNamePattern.pattern

String

The actual pattern.

data.relationships.icap-request-client-views.data[].meta.usage.requestHeaderValuePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-request-client-views.data[].meta.usage.requestHeaderValuePattern.inverted

String

Whether to invert the match.

data.relationships.icap-request-client-views.data[].meta.usage.requestHeaderValuePattern.pattern

String

The actual pattern.

data.relationships.icap-request-backend-views.data[]

Array

The icap-environment references.

data.relationships.icap-request-backend-views.data[].type

String

The data type of the referenced resource. Must be "icap-environment" for this call.

data.relationships.icap-request-backend-views.data[].id

String

The ID of the icap-environment resource.

data.relationships.icap-request-backend-views.data[].meta.type

String

The JSON API meta type, which is: "jsonapi.meta"

data.relationships.icap-request-backend-views.data[].meta.usage.enabled

Boolean

Whether this ICAP handler is enabled.

data.relationships.icap-request-backend-views.data[].meta.usage.httpMethodPattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-request-backend-views.data[].meta.usage.httpMethodPattern.inverted

String

Whether to invert the match.

data.relationships.icap-request-backend-views.data[].meta.usage.httpMethodPattern.pattern

String

The actual pattern.

data.relationships.icap-request-backend-views.data[].meta.usage.pathPattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-request-backend-views.data[].meta.usage.pathPattern.inverted

String

Whether to invert the match.

data.relationships.icap-request-backend-views.data[].meta.usage.pathPattern.pattern

String

The actual pattern.

data.relationships.icap-request-backend-views.data[].meta.usage.requestHeaderNamePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-request-backend-views.data[].meta.usage.requestHeaderNamePattern.inverted

String

Whether to invert the match.

data.relationships.icap-request-backend-views.data[].meta.usage.requestHeaderNamePattern.pattern

String

The actual pattern.

data.relationships.icap-request-backend-views.data[].meta.usage.requestHeaderValuePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-request-backend-views.data[].meta.usage.requestHeaderValuePattern.inverted

String

Whether to invert the match.

data.relationships.icap-request-backend-views.data[].meta.usage.requestHeaderValuePattern.pattern

String

The actual pattern.

data.relationships.icap-response-backend-views.data[]

Array

The icap-environment references.

data.relationships.icap-response-backend-views.data[].type

String

The data type of the referenced resource. Must be "icap-environment" for this call.

data.relationships.icap-response-backend-views.data[].id

String

The ID of the icap-environment resource.

data.relationships.icap-response-backend-views.data[].meta.type

String

The JSON API meta type, which is: "jsonapi.meta"

data.relationships.icap-response-backend-views.data[].meta.usage.enabled

Boolean

Whether this ICAP handler is enabled.

data.relationships.icap-response-backend-views.data[].meta.usage.httpMethodPattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-backend-views.data[].meta.usage.httpMethodPattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-backend-views.data[].meta.usage.httpMethodPattern.pattern

String

The actual pattern.

data.relationships.icap-response-backend-views.data[].meta.usage.pathPattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-backend-views.data[].meta.usage.pathPattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-backend-views.data[].meta.usage.pathPattern.pattern

String

The actual pattern.

data.relationships.icap-response-backend-views.data[].meta.usage.requestHeaderNamePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-backend-views.data[].meta.usage.requestHeaderNamePattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-backend-views.data[].meta.usage.requestHeaderNamePattern.pattern

String

The actual pattern.

data.relationships.icap-response-backend-views.data[].meta.usage.requestHeaderValuePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-backend-views.data[].meta.usage.requestHeaderValuePattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-backend-views.data[].meta.usage.requestHeaderValuePattern.pattern

String

The actual pattern.

data.relationships.icap-response-backend-views.data[].meta.usage.responseHeaderNamePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-backend-views.data[].meta.usage.responseHeaderNamePattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-backend-views.data[].meta.usage.responseHeaderNamePattern.pattern

String

The actual pattern.

data.relationships.icap-response-backend-views.data[].meta.usage.responseHeaderValuePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-backend-views.data[].meta.usage.responseHeaderValuePattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-backend-views.data[].meta.usage.responseHeaderValuePattern.pattern

String

The actual pattern.

data.relationships.icap-response-client-views.data[]

Array

The icap-environment references.

data.relationships.icap-response-client-views.data[].type

String

The data type of the referenced resource. Must be "icap-environment" for this call.

data.relationships.icap-response-client-views.data[].id

String

The ID of the icap-environment resource.

data.relationships.icap-response-client-views.data[].meta.type

String

The JSON API meta type, which is: "jsonapi.meta"

data.relationships.icap-response-client-views.data[].meta.usage.enabled

Boolean

Whether this ICAP handler is enabled.

data.relationships.icap-response-client-views.data[].meta.usage.httpMethodPattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-client-views.data[].meta.usage.httpMethodPattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-client-views.data[].meta.usage.httpMethodPattern.pattern

String

The actual pattern.

data.relationships.icap-response-client-views.data[].meta.usage.pathPattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-client-views.data[].meta.usage.pathPattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-client-views.data[].meta.usage.pathPattern.pattern

String

The actual pattern.

data.relationships.icap-response-client-views.data[].meta.usage.requestHeaderNamePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-client-views.data[].meta.usage.requestHeaderNamePattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-client-views.data[].meta.usage.requestHeaderNamePattern.pattern

String

The actual pattern.

data.relationships.icap-response-client-views.data[].meta.usage.requestHeaderValuePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-client-views.data[].meta.usage.requestHeaderValuePattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-client-views.data[].meta.usage.requestHeaderValuePattern.pattern

String

The actual pattern.

data.relationships.icap-response-client-views.data[].meta.usage.responseHeaderNamePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-client-views.data[].meta.usage.responseHeaderNamePattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-client-views.data[].meta.usage.responseHeaderNamePattern.pattern

String

The actual pattern.

data.relationships.icap-response-client-views.data[].meta.usage.responseHeaderValuePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-client-views.data[].meta.usage.responseHeaderValuePattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-client-views.data[].meta.usage.responseHeaderValuePattern.pattern

String

The actual pattern.

data.relationships.anomaly-shield-application.data

Object

The anomaly-shield-application references.

data.relationships.anomaly-shield-application.data.type

String

The data type of the referenced resource. Must be "anomaly-shield-application" for this call.

data.relationships.anomaly-shield-application.data.id

String

The ID of the anomaly-shield-application resource.

data.relationships.template.data

Object

The mapping-template references.

data.relationships.template.data.type

String

The data type of the referenced resource. Must be "mapping-template" for this call.

data.relationships.template.data.id

String

The ID of the mapping-template resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 23028

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:05.901Z"
  },
  "data" : {
    "type" : "mapping",
    "id" : "1",
    "attributes" : {
      "name" : "mymapping",
      "labels" : [ "myMappingLabel" ],
      "tenant" : "",
      "entryPath" : {
        "value" : "/mymapping/",
        "enforceTrailingSlashes" : true,
        "regexFormatEnforced" : false,
        "ignoreCase" : false,
        "priority" : 0
      },
      "backendPath" : "/",
      "threatHandling" : "BLOCK",
      "operationalMode" : "PRODUCTION",
      "enableMaintenancePage" : true,
      "access" : {
        "deniedUrl" : {
          "value" : "/",
          "mode" : "GLOBAL"
        },
        "restrictions" : [ {
          "enabled" : true,
          "httpMethodPattern" : {
            "pattern" : "GET",
            "caseIgnored" : true,
            "inverted" : true
          },
          "entryPathPattern" : {
            "pattern" : "/admin/",
            "caseIgnored" : true,
            "inverted" : true
          },
          "authorizedRoles" : [ "admin" ],
          "authorizedPlans" : [ "android", "ios", "browser" ]
        } ],
        "clientCertificateAuthentication" : "NOT_REQUIRED",
        "authenticationFlow" : "REDIRECT",
        "backendLogoutUrl" : "",
        "ntlmPassthroughEnabled" : false,
        "credentialsPropagation" : {
          "mandatory" : false,
          "type" : "NONE"
        },
        "tokensEnabled" : false,
        "tokenTransport" : {
          "presenceMandatoryEnforced" : false,
          "headerExtraction" : {
            "enabled" : false,
            "extractionPattern" : {
              "pattern" : "^Authorization: Bearer (.*)$",
              "caseIgnored" : true
            },
            "replaceWith" : "$1"
          },
          "parameterExtraction" : {
            "enabled" : false,
            "name" : ""
          },
          "cookieExtraction" : {
            "enabled" : false,
            "name" : ""
          }
        },
        "tokenVerification" : {
          "signatureCheckEnforced" : false,
          "expiryCheckEnabled" : false,
          "expiryCheckSkew" : 10,
          "extractTechnicalClientIdEnabled" : false,
          "extractTechnicalClientIdName" : "",
          "setAuditTokenFromSubjectEnabled" : false,
          "claimRestrictions" : [ {
            "enabled" : true,
            "name" : "myClaim",
            "restrictionPattern" : {
              "pattern" : "",
              "caseIgnored" : false,
              "inverted" : false
            }
          } ],
          "roleExtractions" : [ {
            "enabled" : true,
            "name" : "myClaim",
            "extractionPattern" : {
              "pattern" : "",
              "caseIgnored" : false
            },
            "replaceWith" : "$1",
            "tokenLifetimeAsRoleLifetimeEnforced" : true
          } ]
        }
      },
      "ipRules" : {
        "ipAddressWhitelists" : {
          "logOnly" : false
        },
        "ipAddressBlacklists" : {
          "logOnly" : false,
          "webrootThreatCategories" : "WEB_ATTACKS"
        },
        "dynamicIpAddressBlacklist" : {
          "enabled" : false,
          "countMode" : "OFF"
        }
      },
      "botManagement" : {
        "logOnly" : false,
        "clientCookieSupportEnforced" : false,
        "wellKnownBots" : {
          "allowed" : false,
          "sourceDomainEnforced" : false
        },
        "customBots" : {
          "allowed" : false,
          "sourceDomainEnforced" : false,
          "userAgentPattern" : {
            "pattern" : "",
            "caseIgnored" : false,
            "inverted" : false
          },
          "domainPattern" : {
            "pattern" : "",
            "inverted" : false
          }
        }
      },
      "timeouts" : {
        "backend" : 120,
        "sessionIdle" : 0
      },
      "limits" : {
        "general" : {
          "maxRequestBodySize" : 1073741824,
          "maxPathLength" : 1024
        },
        "http" : {
          "maxParameters" : 128,
          "maxParameterNameLength" : 128,
          "maxParameterValueLength" : 1024
        },
        "json" : {
          "enabled" : true,
          "maxKeyLength" : 256,
          "maxValueLength" : 8192,
          "maxNestingDepth" : 100,
          "maxArrayItems" : 500,
          "maxKeys" : 250,
          "maxTotalEntries" : 150000
        }
      },
      "csrfProtection" : {
        "enabled" : false,
        "invalidTokenRedirectLocation" : "/%ENTRYPATH%",
        "pathExceptions" : [ {
          "pattern" : "^/exception$",
          "caseIgnored" : true
        } ]
      },
      "application" : {
        "sessionHandling" : "ENFORCE_SESSION",
        "controlApiAllowed" : false,
        "environmentCookiesEnabled" : false,
        "encryptedCookies" : {
          "enabled" : false,
          "prefix" : ""
        },
        "passthroughCookies" : {
          "enabled" : false,
          "prefix" : ""
        },
        "loadBalancingCookieEnabled" : true,
        "webSocketsAllowed" : false,
        "redirectForErrorPageEnabled" : false,
        "request" : {
          "charset" : "UTF_8_FALLBACK_WINDOWS_1252",
          "path" : {
            "enforceUtf8" : false
          },
          "header" : {
            "enforceUtf8" : false,
            "allowlist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$"
              }
            },
            "denylist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$"
              }
            }
          },
          "parameter" : {
            "enforceUtf8" : false
          }
        },
        "response" : {
          "compressionAllowed" : false,
          "stripCommentsEnabled" : true,
          "header" : {
            "allowlist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$"
              }
            },
            "denylist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$"
              }
            },
            "location" : {
              "rewrites" : [ {
                "enabled" : true,
                "urlPattern" : {
                  "pattern" : "/",
                  "caseIgnored" : true
                },
                "replaceWith" : "$1"
              } ]
            }
          },
          "json" : {
            "rewrites" : [ {
              "enabled" : true,
              "path" : "json#path",
              "contentPattern" : {
                "pattern" : "a",
                "caseIgnored" : true
              },
              "replaceWith" : "b"
            } ]
          },
          "body" : {
            "rewrites" : [ {
              "enabled" : true,
              "contentType" : "application/json",
              "contentPattern" : {
                "pattern" : "a",
                "caseIgnored" : true
              },
              "replaceWith" : "b"
            } ]
          },
          "html" : {
            "rewrites" : [ {
              "enabled" : true,
              "urlPattern" : {
                "pattern" : "a",
                "caseIgnored" : true
              },
              "uris" : true,
              "events" : true,
              "embedded" : true,
              "replaceWith" : "b"
            } ]
          },
          "errorPage" : {
            "rewrites" : [ {
              "enabled" : true,
              "statusContentPattern" : "^5(?!02|03)..$",
              "replaceWith" : "500.html"
            } ]
          }
        }
      },
      "apiSecurity" : {
        "treatPathSegmentsAsParamValues" : true,
        "jsonParser" : {
          "enabled" : false,
          "contentTypePattern" : {
            "pattern" : "",
            "caseIgnored" : true,
            "inverted" : false
          }
        },
        "openApiEnforced" : true,
        "openApiCheckResponsesEnabled" : false,
        "logOnly" : false,
        "openApiPathMatching" : "ClientView",
        "openApiPublishSpecificationEnabled" : true,
        "openApiPublishSpecificationPath" : "path/to/apiSpecification.json",
        "apiPolicyServiceEnabled" : true,
        "apiPolicyKeyExtractionHeader" : {
          "enabled" : true,
          "extractionPattern" : {
            "pattern" : "^Api-Key: (.*)$",
            "caseIgnored" : false,
            "inverted" : false
          },
          "replaceWith" : "$1"
        },
        "apiPolicyKeyExtractionQueryParameter" : {
          "enabled" : false,
          "parameterName" : "api_key"
        },
        "apiPolicyKeyExtractionCookie" : {
          "enabled" : false,
          "cookieName" : "ApiKey"
        }
      },
      "dosAttackPrevention" : {
        "enabled" : false,
        "maxRequestsPerInterval" : 500,
        "interval" : 60
      },
      "requestBodyStreaming" : {
        "enabled" : false,
        "httpMethodPattern" : {
          "pattern" : "",
          "caseIgnored" : false,
          "inverted" : false
        },
        "pathPattern" : {
          "pattern" : "",
          "caseIgnored" : false,
          "inverted" : false
        },
        "contentTypePattern" : {
          "pattern" : "",
          "caseIgnored" : true,
          "inverted" : false
        }
      },
      "httpParameterPollutionDetection" : {
        "mixedTypes" : {
          "enabled" : true,
          "logOnly" : false,
          "parameterNameExceptionPattern" : {
            "pattern" : "",
            "caseIgnored" : false,
            "inverted" : false
          }
        },
        "sameType" : {
          "enabled" : true
        }
      },
      "expertSettings" : {
        "securityGate" : {
          "enabled" : false,
          "settings" : ""
        },
        "apache" : {
          "enabled" : false,
          "settings" : ""
        }
      },
      "locking" : {
        "enabled" : false,
        "labels" : false,
        "access" : {
          "deniedUrl" : {
            "value" : false,
            "mode" : false
          },
          "restrictions" : false,
          "clientCertificateAuthentication" : false,
          "authenticationFlow" : false,
          "backendLogoutUrl" : false,
          "ntlmPassthroughEnabled" : false,
          "credentialsPropagation" : {
            "mandatory" : false,
            "type" : false
          },
          "tokensEnabled" : false,
          "tokenVerification" : {
            "localJwksProviders" : true,
            "remoteJwksProviders" : true,
            "expiryCheckEnabled" : false,
            "expiryCheckSkew" : false,
            "claimRestrictions" : false,
            "roleExtractions" : false,
            "extractTechnicalClientIdEnabled" : false,
            "extractTechnicalClientIdName" : false,
            "setAuditTokenFromSubjectEnabled" : false
          },
          "tokenTransport" : {
            "presenceMandatoryEnforced" : false,
            "headerExtraction" : {
              "enabled" : false,
              "extractionPattern" : false,
              "replaceWith" : false
            },
            "parameterExtraction" : {
              "enabled" : false,
              "name" : false
            },
            "cookieExtraction" : {
              "enabled" : false,
              "name" : false
            }
          }
        },
        "entryPath" : {
          "settings" : true,
          "enforceTrailingSlashes" : true,
          "regexFormatEnforced" : true,
          "priority" : false
        },
        "backendPath" : true,
        "threatHandling" : false,
        "operationalMode" : false,
        "enableMaintenancePage" : false,
        "ipRules" : {
          "ipAddressWhitelists" : {
            "logOnly" : false
          },
          "ipAddressBlacklists" : {
            "logOnly" : false
          },
          "dynamicIpAddressBlacklist" : {
            "enabled" : false,
            "countMode" : false
          }
        },
        "botManagement" : {
          "logOnly" : false,
          "clientCookieSupportEnforced" : false,
          "wellKnownBots" : {
            "allowed" : false,
            "sourceDomainEnforced" : false
          },
          "customBots" : {
            "allowed" : false,
            "sourceDomainEnforced" : false,
            "userAgentPattern" : false,
            "domainPattern" : false
          }
        },
        "timeouts" : {
          "backend" : false,
          "sessionIdle" : false
        },
        "limits" : {
          "general" : {
            "maxRequestBodySize" : true,
            "maxPathLength" : true
          },
          "http" : {
            "maxParameters" : false,
            "maxParameterNameLength" : false,
            "maxParameterValueLength" : false
          },
          "json" : {
            "enabled" : false,
            "maxKeyLength" : false,
            "maxValueLength" : false,
            "maxNestingDepth" : false,
            "maxArrayItems" : false,
            "maxKeys" : false,
            "maxTotalEntries" : false
          }
        },
        "csrfProtection" : {
          "enabled" : false,
          "invalidTokenRedirectLocation" : false,
          "pathExceptions" : false
        },
        "application" : {
          "sessionHandling" : false,
          "controlApiAllowed" : false,
          "environmentCookiesEnabled" : false,
          "encryptedCookies" : {
            "enabled" : false,
            "prefix" : false
          },
          "passthroughCookies" : {
            "enabled" : false,
            "prefix" : false
          },
          "loadBalancingCookieEnabled" : false,
          "webSocketsAllowed" : false,
          "redirectForErrorPageEnabled" : false,
          "request" : {
            "charset" : false,
            "path" : {
              "enforceUtf8" : false
            },
            "header" : {
              "enforceUtf8" : false,
              "allowlist" : {
                "defaultEnabled" : true,
                "additional" : false
              },
              "denylist" : {
                "defaultEnabled" : false,
                "additional" : false
              }
            },
            "parameter" : {
              "enforceUtf8" : false
            }
          },
          "response" : {
            "compressionAllowed" : false,
            "stripCommentsEnabled" : false,
            "header" : {
              "allowlist" : {
                "defaultEnabled" : false,
                "additional" : false
              },
              "denylist" : {
                "defaultEnabled" : false,
                "additional" : false
              },
              "location" : {
                "rewrites" : false
              }
            },
            "json" : {
              "rewrites" : false
            },
            "body" : {
              "rewrites" : false
            },
            "html" : {
              "rewrites" : false
            },
            "errorPage" : {
              "rewrites" : false
            }
          }
        },
        "apiSecurity" : {
          "treatPathSegmentsAsParamValues" : false,
          "jsonParser" : {
            "enabled" : false,
            "contentTypePattern" : false
          },
          "openApiEnforced" : false,
          "openApiCheckResponsesEnabled" : false,
          "openApiDocumentId" : false,
          "logOnly" : false,
          "openApiPathMatching" : false,
          "openApiPublishSpecificationEnabled" : false,
          "openApiPublishSpecificationPath" : false,
          "apiPolicyServiceEnabled" : false,
          "apiPolicyServiceId" : false,
          "apiPolicyKeyExtractionHeader" : {
            "enabled" : false,
            "extractionPattern" : false,
            "replaceWith" : false
          },
          "apiPolicyKeyExtractionQueryParameter" : {
            "enabled" : false,
            "parameterName" : false
          },
          "apiPolicyKeyExtractionCookie" : {
            "enabled" : false,
            "cookieName" : false
          }
        },
        "dosAttackPrevention" : {
          "enabled" : false,
          "maxRequestsPerInterval" : false,
          "interval" : false
        },
        "requestBodyStreaming" : {
          "enabled" : false,
          "httpMethodPattern" : false,
          "pathPattern" : false,
          "contentTypePattern" : false
        },
        "httpParameterPollutionDetection" : {
          "mixedTypes" : {
            "enabled" : false,
            "logOnly" : false,
            "parameterNameExceptionPattern" : false
          },
          "sameType" : {
            "enabled" : false
          }
        },
        "icap" : {
          "request" : {
            "clientViews" : false,
            "backendViews" : false
          },
          "response" : {
            "backendViews" : false,
            "clientViews" : false
          }
        }
      }
    },
    "relationships" : {
      "back-end-groups" : {
        "data" : [ {
          "type" : "back-end-group",
          "id" : "30"
        } ]
      },
      "virtual-hosts" : {
        "data" : [ {
          "type" : "virtual-host",
          "id" : "40"
        } ]
      },
      "local-json-web-key-sets" : {
        "data" : [ {
          "type" : "local-json-web-key-set",
          "id" : "46"
        } ]
      },
      "remote-json-web-key-sets" : {
        "data" : [ {
          "type" : "remote-json-web-key-set",
          "id" : "47"
        } ]
      },
      "openapi-document" : {
        "data" : {
          "type" : "openapi-document",
          "id" : "50"
        }
      },
      "api-policy-service" : {
        "data" : {
          "type" : "api-policy-service",
          "id" : "60"
        }
      },
      "icap-request-client-views" : {
        "data" : [ {
          "type" : "icap-environment",
          "id" : "42",
          "meta" : {
            "type" : "jsonapi.meta",
            "usage" : {
              "httpMethodPattern" : {
                "caseIgnored" : "true",
                "pattern" : "GET",
                "inverted" : "true"
              },
              "pathPattern" : {
                "caseIgnored" : "true",
                "pattern" : "/entity-path",
                "inverted" : "true"
              },
              "requestHeaderNamePattern" : {
                "caseIgnored" : "true",
                "pattern" : "^X-Entity",
                "inverted" : "true"
              },
              "requestHeaderValuePattern" : {
                "caseIgnored" : "true",
                "pattern" : "EntityValue",
                "inverted" : "true"
              },
              "enabled" : true
            }
          }
        } ]
      },
      "icap-request-backend-views" : {
        "data" : [ {
          "type" : "icap-environment",
          "id" : "43",
          "meta" : {
            "type" : "jsonapi.meta",
            "usage" : {
              "httpMethodPattern" : {
                "caseIgnored" : "true",
                "pattern" : "GET",
                "inverted" : "true"
              },
              "pathPattern" : {
                "caseIgnored" : "true",
                "pattern" : "/entity-path",
                "inverted" : "true"
              },
              "requestHeaderNamePattern" : {
                "caseIgnored" : "true",
                "pattern" : "^X-Entity",
                "inverted" : "true"
              },
              "requestHeaderValuePattern" : {
                "caseIgnored" : "true",
                "pattern" : "EntityValue",
                "inverted" : "true"
              },
              "enabled" : true
            }
          }
        } ]
      },
      "icap-response-backend-views" : {
        "data" : [ {
          "type" : "icap-environment",
          "id" : "44",
          "meta" : {
            "type" : "jsonapi.meta",
            "usage" : {
              "httpMethodPattern" : {
                "caseIgnored" : "true",
                "pattern" : "GET",
                "inverted" : "true"
              },
              "pathPattern" : {
                "caseIgnored" : "true",
                "pattern" : "/entity-path",
                "inverted" : "true"
              },
              "requestHeaderNamePattern" : {
                "caseIgnored" : "true",
                "pattern" : "^X-Entity",
                "inverted" : "true"
              },
              "requestHeaderValuePattern" : {
                "caseIgnored" : "true",
                "pattern" : "EntityValue",
                "inverted" : "true"
              },
              "responseHeaderNamePattern" : {
                "caseIgnored" : "true",
                "pattern" : "X-Response",
                "inverted" : "true"
              },
              "responseHeaderValuePattern" : {
                "caseIgnored" : "true",
                "pattern" : "responsevalue",
                "inverted" : "true"
              },
              "enabled" : true
            }
          }
        } ]
      },
      "icap-response-client-views" : {
        "data" : [ {
          "type" : "icap-environment",
          "id" : "45",
          "meta" : {
            "type" : "jsonapi.meta",
            "usage" : {
              "httpMethodPattern" : {
                "caseIgnored" : "true",
                "pattern" : "GET",
                "inverted" : "true"
              },
              "pathPattern" : {
                "caseIgnored" : "true",
                "pattern" : "/entity-path",
                "inverted" : "true"
              },
              "requestHeaderNamePattern" : {
                "caseIgnored" : "true",
                "pattern" : "^X-Entity",
                "inverted" : "true"
              },
              "requestHeaderValuePattern" : {
                "caseIgnored" : "true",
                "pattern" : "EntityValue",
                "inverted" : "true"
              },
              "responseHeaderNamePattern" : {
                "caseIgnored" : "true",
                "pattern" : "X-Response",
                "inverted" : "true"
              },
              "responseHeaderValuePattern" : {
                "caseIgnored" : "true",
                "pattern" : "responsevalue",
                "inverted" : "true"
              },
              "enabled" : true
            }
          }
        } ]
      },
      "anomaly-shield-application" : {
        "data" : {
          "type" : "anomaly-shield-application",
          "id" : "70"
        }
      }
    }
  }
}

Create a Mapping

POST /configuration/mappings

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "mapping" for this call.

data.attributes.access.authenticationFlow

String

yes

Allowed values:
- REDIRECT: If the required role for the mapping is missing on the current session, Airlock Gateway will send a redirect (HTTP 303) to either the global or the custom denied access URL.
This mode is typically used in conjunction with user operated clients.
- DENY_ACCESS: Airlock Gateway will directly send an access denied (HTTP 403) response to the client if the required role is missing.
This is typically used for technical clients.
- ONE_SHOT: When this option is selected and Airlock Gateway receives an incoming request for this mapping that needs to be authenticated, Airlock Gateway implicitly (without redirect) forwards the request to the configured denied access URL for this mapping. The request headers are forwarded but no request body. After the forwarded request, Airlock Gateway checks again if the session is now authenticated.
If so, the original request is passed to the back-end server (successful one-shot authentication).
If the session does not have the required credentials even after the one-shot request, Airlock Gateway will send an access denied (HTTP 403) response to the client.
- ONE_SHOT_WITH_BODY: This is the same as with the "one-shot" option with two notable differences: The whole body of the request is also sent to the denied access URL for this mapping and the request method is always POST instead of GET.
- FRONT_SIDE_NTLM: Choose the front-side NTLM authentication flow to support authentication using NTLM. The front-side NTLM authentication flow is similar to the "one-shot" authentication flow, but also forwards all requests containing an "Authorization" header with value "NTLM .*" to the denied access URL.
For successful authentication, NTLM must be supported by the authentication service.

data.attributes.access.backendLogoutUrl

String

yes

Whenever an Airlock Gateway session terminates (either due to an explicit logout by the user or due to a session timeout), Airlock Gateway will call the given, unmodified path on the currently used back-end host with all information concerning this back-end application such as cookies, headers, etc. to allow clean session termination on the backend host.

data.attributes.access.clientCertificateAuthentication

String

yes

Specifies whether accessing this mapping requires the client to authenticate with a valid SSL client certificate.

Allowed values:
- NOT_REQUIRED: The mapping uses the client certificate settings of the virtual host.
- OPTIONAL: The client may send a certificate if available, but access is still allowed without. The optional setting is normally used in combination with an authentication service that presents an alternative login page if no certificate is sent.
- REQUIRED: The client must send a valid certificate. If no client certificate is sent, the SSL handshake is cancelled and the browser typically presents the user with a technical error message.

data.attributes.access.credentialsPropagation.mandatory

Boolean

yes

If true and the selected SSO credentials are missing, access to the mapping is denied and Airlock Gateway will redirect to either the global or the custom denied access URL.

data.attributes.access.credentialsPropagation.type

String

yes

Defines if SSO credentials set by the control API will be forwarded to the back-end application or not. These credentials are typically set by the authentication service upon successful authentication.

Allowed values:
- NONE: Even if Basic-Auth or NTLM credentials set by the control API are present, Airlock Gateway will not forward them to the back-end application. Access to the mapping is granted without any SSO credentials.
- BASIC_AUTH: If Basic-Auth credentials set by the control API are present, Airlock Gateway will forward them to the back-end application.
- KERBEROS: If a Kerberos user is set by the control API, Airlock Gateway will acquire and send a service ticket to the back-end application.
- NTLM: If NTLM credentials set by the control API are present, Airlock Gateway will forward them to the back-end application.

data.attributes.access.deniedUrl.mode

String

no

Allowed values:
- GLOBAL: Use the global denied access url as configured under the menu Application Firewall - Session - Access Control.
- CUSTOM: Use the mapping specific denied access url.
Default value: GLOBAL

data.attributes.access.deniedUrl.value

String

yes

Location (URL) of the authentication service. In case the required role for the mapping is missing on the current session, Airlock Gateway will redirect the client to this location.

data.attributes.access.ntlmPassthroughEnabled

Boolean

yes

Airlock Gateway is enabled to handle HTTP connections with transparent client to back-end NTLM authentication. Since the authorization of NTLM authenticated connections is bound to the underlying TCP connection, the client and back-end connections are correlated as soon as a NTLM handshake is detected. These one-to-one bindings of client and back-end connections exist until client connections are closed. It is guaranteed that no back-end connection authenticated using NTLM is ever reused by another client connection.

NTLM has well-known security flaws. We strongly recommend adding additional security measures when exposing NTLM authentication to the Internet. If possible, Kerberos should be preferred over NTLM, as suggested by Microsoft.

data.attributes.access.restrictions[].authorizedPlans[]

Array

yes

List of mandatory plans. Only sessions which have at least one of these plans will be able to access the service.

data.attributes.access.restrictions[].authorizedRoles[]

Array

yes

List of mandatory roles. Only sessions which have at least one of these roles will be able to access the service.

data.attributes.access.restrictions[].enabled

Boolean

yes

Whether access restriction is enabled.

data.attributes.access.restrictions[].entryPathPattern.caseIgnored

Boolean

yes

Whether to ignore case.

data.attributes.access.restrictions[].entryPathPattern.inverted

Boolean

yes

Whether to invert the match.

data.attributes.access.restrictions[].entryPathPattern.pattern

String

yes

The actual pattern.

data.attributes.access.restrictions[].httpMethodPattern.caseIgnored

Boolean

yes

Whether to ignore case.

data.attributes.access.restrictions[].httpMethodPattern.inverted

Boolean

yes

Whether to invert the match.

data.attributes.access.restrictions[].httpMethodPattern.pattern

String

yes

The actual pattern.

data.attributes.access.tokenTransport.cookieExtraction.enabled

Boolean

yes

If enabled, Airlock Gateway will extract the token from the specified cookie.

data.attributes.access.tokenTransport.cookieExtraction.name

String

yes

Name of the cookie.

data.attributes.access.tokenTransport.headerExtraction.enabled

Boolean

yes

If enabled, Airlock Gateway will extract the token from the specified header.

data.attributes.access.tokenTransport.headerExtraction.extractionPattern.caseIgnored

Boolean

yes

Whether to ignore case.

data.attributes.access.tokenTransport.headerExtraction.extractionPattern.pattern

String

yes

The actual pattern.

data.attributes.access.tokenTransport.headerExtraction.replaceWith

String

yes

The rewrite expression for the header extraction.

data.attributes.access.tokenTransport.parameterExtraction.enabled

Boolean

yes

If enabled, Airlock Gateway will extract the token from the specified query parameter.

data.attributes.access.tokenTransport.parameterExtraction.name

String

yes

Name of the query parameter.

data.attributes.access.tokenTransport.presenceMandatoryEnforced

Boolean

yes

If not enforced, requests without a token are accepted. However, if a token is present, it is extracted and validated and the configured restrictions and role extractions are applied.

data.attributes.access.tokenVerification.claimRestrictions[].enabled

Boolean

yes

Whether this claim extraction rule is enabled.

data.attributes.access.tokenVerification.claimRestrictions[].name

String

yes

Name of the claim you want to restrict.

data.attributes.access.tokenVerification.claimRestrictions[].restrictionPattern.caseIgnored

Boolean

yes

Whether to ignore case.

data.attributes.access.tokenVerification.claimRestrictions[].restrictionPattern.inverted

Boolean

yes

Whether to invert the match.

data.attributes.access.tokenVerification.claimRestrictions[].restrictionPattern.pattern

String

yes

The actual pattern.

data.attributes.access.tokenVerification.expiryCheckEnabled

Boolean

yes

If enabled, the JWT standard claims expiry (exp) and not before (nbf) will be checked and must be valid.

data.attributes.access.tokenVerification.expiryCheckSkew

Number

yes

Allowed skew when checking expiry / not before in seconds. This can be used if verification fails because of time synchronization issues with the token issuer and your Airlock.

data.attributes.access.tokenVerification.extractTechnicalClientIdEnabled

Boolean

yes

If enabled, a technical client ID is extracted from the JWT.

data.attributes.access.tokenVerification.extractTechnicalClientIdName

String

yes

Name of the claim to extract as technical client ID.

data.attributes.access.tokenVerification.roleExtractions[].enabled

Boolean

yes

Whether this claim extraction rule is enabled.

data.attributes.access.tokenVerification.roleExtractions[].extractionPattern.caseIgnored

Boolean

yes

Whether to ignore case.

data.attributes.access.tokenVerification.roleExtractions[].extractionPattern.pattern

String

yes

The actual pattern.

data.attributes.access.tokenVerification.roleExtractions[].name

String

yes

Name of the claim you want to extract a role from.

data.attributes.access.tokenVerification.roleExtractions[].replaceWith

String

yes

The rewrite expression of the role.

data.attributes.access.tokenVerification.roleExtractions[].tokenLifetimeAsRoleLifetimeEnforced

Boolean

yes

If enforced, the expiry claim (exp) of the JWT will be used as the role lifetime.

data.attributes.access.tokenVerification.setAuditTokenFromSubjectEnabled

Boolean

yes

If enabled, the 'sub' claim is extracted from the JWT and its value is used as audit token of the current Airlock session.

data.attributes.access.tokenVerification.signatureCheckEnforced

Boolean

yes

If enforced, the JWT’s signature must be present and valid.

data.attributes.access.tokensEnabled

Boolean

yes

Whether access tokens should be processed.

data.attributes.apiSecurity.apiPolicyKeyExtractionCookie.cookieName

String

yes

Name of the cookie.

data.attributes.apiSecurity.apiPolicyKeyExtractionCookie.enabled

Boolean

yes

If enabled, Airlock Gateway will extract the API key from the specified cookie.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.enabled

Boolean

yes

If enabled, Airlock Gateway will extract the API key from the specified header.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern.caseIgnored

Boolean

yes

Whether to ignore case.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern.inverted

Boolean

yes

Whether to invert the match.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern.pattern

String

yes

The actual pattern.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.replaceWith

String

yes

Rewrite expression for the header extraction.

data.attributes.apiSecurity.apiPolicyKeyExtractionQueryParameter.enabled

Boolean

yes

If enabled, Airlock Gateway will extract the API key from the specified query parameter.

data.attributes.apiSecurity.apiPolicyKeyExtractionQueryParameter.parameterName

String

yes

Name of the query parameter.

data.attributes.apiSecurity.apiPolicyServiceEnabled

Boolean

yes

Whether to enable the API policy service.

data.attributes.apiSecurity.jsonParser.contentTypePattern.caseIgnored

Boolean

yes

Whether to ignore case.

data.attributes.apiSecurity.jsonParser.contentTypePattern.inverted

Boolean

yes

Whether to invert the match.

data.attributes.apiSecurity.jsonParser.contentTypePattern.pattern

String

yes

The actual pattern.

data.attributes.apiSecurity.jsonParser.enabled

Boolean

yes

If set to true, Airlock Gateway parses JSON objects in requests and filters JSON attributes with allow rules and deny rules. JSON objects are parsed only if their content-type matches the specified pattern.

data.attributes.apiSecurity.logOnly

Boolean

yes

If enabled, potential attack requests are only logged but not blocked.

data.attributes.apiSecurity.openApiCheckResponsesEnabled

Boolean

yes

If enabled, responses are also checked against the API specification.

data.attributes.apiSecurity.openApiEnforced

Boolean

yes

Whether traffic to/from this service shall be checked against an API specification provided in the OpenAPI format.If enforced, traffic not conforming to the API specification will be blocked.

data.attributes.apiSecurity.openApiPathMatching

String

yes

Run OpenAPI path matching against client or server view of request/response.

Allowed values:
- ClientView
- BackendView

data.attributes.apiSecurity.openApiPublishSpecificationEnabled

Boolean

yes

If enabled, allow clients to download the API specification.

data.attributes.apiSecurity.openApiPublishSpecificationPath

String

yes

External path to the API specification. Note that the entry path will be added in front of it.

data.attributes.apiSecurity.treatPathSegmentsAsParamValues

Boolean

yes

If enabled, each path segment is interpreted as a separate parameter value and the deny rules for parameter values are applied to it.

data.attributes.application.controlApiAllowed

Boolean

yes

Whether this service is allowed to use Airlock Gateway’s back-end API via the control cookie mechanism. Normally, only the authentication application should be allowed to use the back-end control API of Airlock Gateway.

data.attributes.application.encryptedCookies.enabled

Boolean

yes

Enables encryption of cookies which are sent to the client.

data.attributes.application.encryptedCookies.prefix

String

yes

Regular expression for cookies that should be cryptographically encrypted before being sent to the client.
All cookies that have names which match the regular expression are encrypted and digitally signed with a secret key derived from a pass phrase when sent to the client. They are decrypted and verified when sent to the back-end service.
Because the pass-phrase-based key is used, such cookies are valid over several sessions and can also be persistent on the client’s machine. Such cookies protect the application from manipulated cookie contents and hide the content from the user.

data.attributes.application.environmentCookiesEnabled

Boolean

yes

Whether this service should receive the Airlock Gateway environment cookies that contain useful information about the connection to the client.

data.attributes.application.loadBalancingCookieEnabled

Boolean

yes

If enabled, load balancing information is sent to the client in a load balancing cookie. Disable if no load balancing is needed and no cookie should be generated for this purpose.

data.attributes.application.passthroughCookies.enabled

Boolean

yes

Whether 'Passthrough Cookies' are enabled. Passthrough Cookies are cookies which are sent in plain format to the client.

data.attributes.application.passthroughCookies.prefix

String

yes

Regular expression to select cookies that should be treated as 'Passthrough Cookies'.
Passthrough cookies are not recommended because they are often a carrier for cookie poisoning based web application attacks that can result in buffer overflows etc.

data.attributes.application.redirectForErrorPageEnabled

Boolean

yes

If enabled, Airlock Gateway will deliver error pages by sending a HTTP redirect pointing to the error page to its clients. Otherwise the error page will be directly returned.

data.attributes.application.request.charset

String

yes

Parameter values that are sent in HTTP requests from the client are interpreted by Airlock Gateway as if they were encoded using the given charset. If Airlock Gateway detects that the charset does not match, it tries to use the fallback charset.

Allowed values:
- UTF_8_FALLBACK_WINDOWS_1252
- UTF_8
- ISO_8859_15
- WINDOWS_1251
- WINDOWS_1252

data.attributes.application.request.header.allowlist.additional

Object

yes

Additional headers to allow.

data.attributes.application.request.header.allowlist.additional.pattern

String

yes

The actual pattern.

data.attributes.application.request.header.allowlist.defaultEnabled

Boolean

yes

If enabled, default header allow list will be applied.

data.attributes.application.request.header.denylist.additional

Object

yes

Additional headers to deny.

data.attributes.application.request.header.denylist.additional.pattern

String

yes

The actual pattern.

data.attributes.application.request.header.denylist.defaultEnabled

Boolean

yes

If enabled, default header deny list will be applied.

data.attributes.application.request.header.enforceUtf8

Boolean

yes

If enabled, requests which contain invalid UTF-8 sequences in the headers will be blocked.

data.attributes.application.request.parameter.enforceUtf8

Boolean

yes

If enabled, requests which contain invalid UTF-8 sequences in the parameters will be blocked.

data.attributes.application.request.path.enforceUtf8

Boolean

yes

If enabled, requests which contain invalid UTF-8 sequences in the path will be blocked.

data.attributes.application.response.body.rewrites[].contentPattern.caseIgnored

Boolean

yes

Whether to ignore case.

data.attributes.application.response.body.rewrites[].contentPattern.pattern

String

yes

The actual pattern.

data.attributes.application.response.body.rewrites[].contentType

String

yes

A response from the back-end server is rewritten only if the response headerContent-Type matches this regular expression.

data.attributes.application.response.body.rewrites[].enabled

Boolean

yes

Whether rewrites are enabled.

data.attributes.application.response.body.rewrites[].replaceWith

String

yes

Target string which will replace the string matched by Content Pattern.

data.attributes.application.response.compressionAllowed

Boolean

yes

Specifies whether Airlock Gateway should compress the output on-the-fly for the client browser (if supported and requested by the browser).
Warning: Allowing compression for data served through SSL/TLS virtual hosts may affect the secrecy of the data.

data.attributes.application.response.errorPage.rewrites[].enabled

Boolean

yes

Whether rewrites are enabled.

data.attributes.application.response.errorPage.rewrites[].replaceWith

String

yes

Target string which will replace the string matched by HTTP status content pattern.

data.attributes.application.response.errorPage.rewrites[].statusContentPattern

String

yes

The HTTP status code pattern.

data.attributes.application.response.header.allowlist.additional

Object

yes

Additional headers to allow.

data.attributes.application.response.header.allowlist.additional.pattern

String

yes

The actual pattern.

data.attributes.application.response.header.allowlist.defaultEnabled

Boolean

yes

If enabled, default header allow list will be applied.

data.attributes.application.response.header.denylist.additional

Object

yes

Additional headers to deny.

data.attributes.application.response.header.denylist.additional.pattern

String

yes

The actual pattern.

data.attributes.application.response.header.denylist.defaultEnabled

Boolean

yes

If enabled, default header deny list will be applied.

data.attributes.application.response.header.location.rewrites[].enabled

Boolean

yes

Whether rewrites are enabled.

data.attributes.application.response.header.location.rewrites[].replaceWith

String

yes

Target string which will replace the string matched by URL pattern.

data.attributes.application.response.header.location.rewrites[].urlPattern.caseIgnored

Boolean

yes

Whether to ignore case.

data.attributes.application.response.header.location.rewrites[].urlPattern.pattern

String

yes

The actual pattern.

data.attributes.application.response.html.rewrites[].embedded

Boolean

yes

Whether to apply the rule to <script> and <style> blocks embedded in the HTML page

data.attributes.application.response.html.rewrites[].enabled

Boolean

yes

Whether rewrites are enabled.

data.attributes.application.response.html.rewrites[].events

Boolean

yes

Whether to apply the rule to JavaScript event strings such as onsubmit, onload, etc.

data.attributes.application.response.html.rewrites[].replaceWith

String

yes

Target string which will replace the string matched by URL Pattern.

data.attributes.application.response.html.rewrites[].uris

Boolean

yes

Whether to apply the rule to linked HTML elements like href, src, etc.

data.attributes.application.response.html.rewrites[].urlPattern.caseIgnored

Boolean

yes

Whether to ignore case.

data.attributes.application.response.html.rewrites[].urlPattern.pattern

String

yes

The actual pattern.

data.attributes.application.response.json.rewrites[].contentPattern.caseIgnored

Boolean

yes

Whether to ignore case.

data.attributes.application.response.json.rewrites[].contentPattern.pattern

String

yes

The actual pattern.

data.attributes.application.response.json.rewrites[].enabled

Boolean

yes

Whether rewrites are enabled.

data.attributes.application.response.json.rewrites[].path

String

yes

A response from the back-end server is rewritten only if the JSON path matches this regular expression.

data.attributes.application.response.json.rewrites[].replaceWith

String

yes

Target string which will replace the string matched by Content Pattern.

data.attributes.application.response.stripCommentsEnabled

Boolean

yes

If enabled, Airlock Gateway removes HTML comments.

data.attributes.application.sessionHandling

String

yes

Allowed values:
- ENFORCE_SESSION: Sessions are enforced. If no session is available, a new session is created.
- OPTIONAL_SESSION: Sessions are optional. Existing sessions are used. If no session is available, no session is used.
- OPTIONAL_SESSION_NO_REFRESH: Same as "OPTIONAL_SESSION" but without refreshing session access timestamps. That is, requests use existing sessions if available but do not reset session idle times.
- IGNORE_SESSION: Session handling is disabled. No sessions are created and existing sessions are ignored. This mode improves performance for delivery of anonymous stateless content, such as image directories or static web repositories.

data.attributes.application.webSocketsAllowed

Boolean

yes

Whether support for the WebSockets protocol as defined in RFC 6455 is enabled.

data.attributes.backendPath

String

yes

The back-end path specifies the internal back-end path, i.e. the path of the request sent to the application server.

data.attributes.botManagement.clientCookieSupportEnforced

Boolean

yes

If enabled, only clients implementing a Cookie-Store will be able to access the application through this mapping. In contrast to regular browsers, most bots do not implement a Cookie-Store and will therefore be blocked if this setting is enabled.

data.attributes.botManagement.customBots.allowed

Boolean

yes

If enabled, custom bots are not blocked.
Custom bots are identified by providing a "User-Agent" and "Domain" pattern.

data.attributes.botManagement.customBots.domainPattern.inverted

Boolean

yes

Whether to invert the match.

data.attributes.botManagement.customBots.domainPattern.pattern

String

yes

The actual pattern.

data.attributes.botManagement.customBots.sourceDomainEnforced

Boolean

yes

Do not block bots whose source-domain matches the "domain pattern".

data.attributes.botManagement.customBots.userAgentPattern.caseIgnored

Boolean

yes

Whether to ignore case.

data.attributes.botManagement.customBots.userAgentPattern.inverted

Boolean

yes

Whether to invert the match.

data.attributes.botManagement.customBots.userAgentPattern.pattern

String

yes

The actual pattern.

data.attributes.botManagement.logOnly

Boolean

yes

If true, requests from bots are only logged but not blocked.

data.attributes.botManagement.wellKnownBots.allowed

Boolean

yes

Check the User-Agent to determine if a bot is well-known and do not block such bots.
Clients indicating one of the following User-Agent headers are treated as well-known bots: Googlebot, bingbot, MSNBot, Baiduspider, YandexBot, archive.org_bot, DuckDuckBot.

data.attributes.botManagement.wellKnownBots.sourceDomainEnforced

Boolean

yes

If enabled, a reverse IP lookup for well-known bots is performed to verify that the client’s IP address belongs to the operator of a well-known bot.
This prevents bots from pretending to be a well-known bot by sending a fake "User-Agent" header.
The following domains are considered as domains of operators operating well-known bots: google.com, googlebot.com,search.msn.com, yahoo.net, baidu.com, baidu.jp, yandex.ru, yandex.net, yandex.com, archive.org, amazonaws.com (107.20.237.51, 23.21.226.191, 107.21.1.8, 54.208.102.37)

data.attributes.csrfProtection.enabled

Boolean

yes

Whether CSRF protection is enabled.

data.attributes.csrfProtection.invalidTokenRedirectLocation

String

yes

If a missing or invalid CSRF token is detected, the client is redirected to the configured location.

data.attributes.csrfProtection.pathExceptions[].caseIgnored

Boolean

yes

Whether to ignore case.

data.attributes.csrfProtection.pathExceptions[].pattern

String

yes

The actual pattern.

data.attributes.dosAttackPrevention.enabled

Boolean

yes

Whether the DoS attack prevention filter is enabled.

data.attributes.dosAttackPrevention.interval

Number

yes

Interval for measurement of allowed requests per IP address (seconds).

data.attributes.dosAttackPrevention.maxRequestsPerInterval

Number

yes

Maximum requests allowed per IP address.

data.attributes.enableMaintenancePage

Boolean

yes

Whether the maintenance page is enabled.

data.attributes.entryPath.enforceTrailingSlashes

Boolean

yes

Whether a trailing slash is mandatory at the end of the entry path or not.

data.attributes.entryPath.ignoreCase

Boolean

yes

Whether the entry path should be case sensitive.

data.attributes.entryPath.priority

Number

yes

The priority guarantees a deterministic selection of the mapping for a given request path.
The value can be between -999 (highest priority) and 999 (lowest priority). It must be unique among all regular expression mappings.

data.attributes.entryPath.regexFormatEnforced

Boolean

yes

Whether the entry path (the external URL path of the mapping) should be interpreted as regular expression or not.

data.attributes.entryPath.value

String

yes

The entry path specifies the external URL path the mapping should be available under. For each incoming request, Airlock Gateway compares the URL with the entry path to find the right mapping.

data.attributes.expertSettings.apache

Object

yes

Expert settings for the Apache.

data.attributes.expertSettings.apache.enabled

Boolean

yes

Whether the Apache expert settings are enabled.

data.attributes.expertSettings.apache.settings

String

yes

Expert settings for the Apache web listener.

data.attributes.expertSettings.securityGate

Object

yes

Expert settings for the Security Gate.

data.attributes.expertSettings.securityGate.enabled

Boolean

yes

Whether the Security Gate expert settings are enabled.

data.attributes.expertSettings.securityGate.settings

String

yes

Expert settings for the Security Gate.

data.attributes.httpParameterPollutionDetection.mixedTypes

Object

yes

Allows the detection of HTTP Parameter Pollution (HPP) attacks involving both HTTP GET and HTTP POST parameters (thus involving parameters of different/mixed types).

data.attributes.httpParameterPollutionDetection.mixedTypes.enabled

Boolean

yes

If enabled, requests containing HTTP GET and HTTP POST parameters of the same name are blocked to prevent HPP attacks.

data.attributes.httpParameterPollutionDetection.mixedTypes.logOnly

Boolean

yes

If true, potential HPP attack requests are only logged but not blocked.

data.attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern

Object

yes

Parameters named with a name matching this regular expression pattern will be ignored by the HPP detection.

data.attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern.caseIgnored

Boolean

yes

Whether to ignore case.

data.attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern.inverted

Boolean

yes

Whether to invert the match.

data.attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern.pattern

String

yes

The actual pattern.

data.attributes.httpParameterPollutionDetection.sameType

Object

yes

Allows the detection of HTTP Parameter Pollution (HPP) attacks involving only HTTP GET or only HTTP POST parameters (thus involving only parameters of the same type).

data.attributes.httpParameterPollutionDetection.sameType.enabled

Boolean

yes

If enabled, parameters named with the same name and type (HTTP GET or POST) are joined together into one parameter before filtering to prevent HPP attacks.
Note: For the filtering itself, a deny rule like the default deny rule '(default) HTTP Parameter Pollution' has to be configured.

data.attributes.ipRules.dynamicIpAddressBlacklist.countMode

String

yes

Counting mode of dynamic IP address blacklist blocks.

Allowed values:
- OFF: Blocks on this mapping are not counted for the dynamic IP address blacklist.
- ALL: All blocks on this mapping are counted for the dynamic IP address blacklist.
- DENY_RULES_ONLY: Only deny rule blocks on this mapping are counted for the dynamic IP address blacklist.

data.attributes.ipRules.dynamicIpAddressBlacklist.enabled

Boolean

yes

If enabled, IPs on the dynamic IP address blacklist are blocked.

data.attributes.ipRules.ipAddressBlacklists.logOnly

Boolean

yes

If true, requests whose source IP address is contained in one of the configured IP Blacklists are only logged but not blocked.

data.attributes.ipRules.ipAddressBlacklists.webrootThreatCategories

String

yes

List of threat categories which should be blocked (;-separated string).

Categories:
SPAM_SOURCES: The Spam Sources category includes IP addresses involved in tunneling spam messages through proxy, anomalous SMTP activities, and forum spam activities.
WINDOWS_EXPLOITS: The Windows Exploits category includes IP addresses participating in the distribution of malware, shell code, rootkits, worms or viruses for Windows platforms.
WEB_ATTACKS: The Web Attacks category includes IP addresses using cross site scripting, iFrame injection, SQL injection, cross domain injection, or domain password brute force attacks to target vulnerabilities on a web server.
BOT_NETS: The Botnets category includes IP addresses acting as Botnet Command and Control (C&C) centers, and infected zombie machines controlled by the C&C servers.
SCANNERS: The Scanners category includes IP addresses involved in unauthorized reconnaissance activities such as probing, host scanning, port scanning and brute force login attempts.
DENIAL_OF_SERVICE: The Denial of Services category includes IPs addresses involved in DOS or DDOS attacks, anomalous sync flood, or anomalous traffic.
PHISHING: The Phishing category includes IP addresses hosting phishing sites and sites related to other kinds of fraudulent activities.
PROXY: The Proxy category includes IP addresses providing proxy services, including both VPN and open web proxy services.
MOBILE_THREATS: The Mobile Threats category includes IP addresses associated with malicious and unwanted mobile applications.
TOR_PROXY: The Tor Proxy category includes IP addresses acting as exit nodes for the Tor Network. Exit nodes are the last point along the proxy chain and make a direct connection to the originator’s intended destination.

data.attributes.ipRules.ipAddressWhitelists.logOnly

Boolean

yes

If true, requests whose source IP address is not contained in one of the configured IP Whitelists are only logged but not blocked.

data.attributes.labels[]

Array

yes

List of assigned Labels (freely defined textual tags). Labels allow grouping of mappings with a common aspect, e.g. all mappings belonging to the same application.

data.attributes.limits.general.maxPathLength

Number

no

Defines the maximum path length for requests to the current mapping.

Default value: 1024

data.attributes.limits.general.maxRequestBodySize

Number

yes

Defines the maximum size of the request body. It specifies the number of bytes from 0 (meaning unlimited) to 2147483647 (2GB) that are allowed in a request body. To restrict the size of file uploads, set this limit to the maximum combined size of all files uploaded at once.

data.attributes.limits.http.maxParameterNameLength

Number

no

Defines the maximum length for a parameter name.

Default value: 128

data.attributes.limits.http.maxParameterValueLength

Number

no

Defines the maximum length for a parameter value.

Default value: 1024

data.attributes.limits.http.maxParameters

Number

no

Defines the maximum number of parameters inside the request.

Default value: 128

data.attributes.limits.json.enabled

Boolean

yes

Whether JSON limits are enabled.

data.attributes.limits.json.maxArrayItems

Number

no

Defines the maximum number of items for a single JSON array (non-recursive).

Default value: 500

data.attributes.limits.json.maxKeyLength

Number

no

Defines the maximum length for a JSON key, also known as "JSON property" or "JSON object member".

Default value: 256

data.attributes.limits.json.maxKeys

Number

no

Defines the maximum number of keys of a single JSON object (non-recursive).

Default value: 250

data.attributes.limits.json.maxNestingDepth

Number

no

Defines the maximum depth of nesting for JSON objects and JSON arrays.

Default value: 100

data.attributes.limits.json.maxTotalEntries

Number

no

Defines the maximum number of keys and array items in the whole JSON document (recursive).

Default value: 150000

data.attributes.limits.json.maxValueLength

Number

no

Defines the maximum json value length for requests to the current mapping.

Default value: 8192

data.attributes.locking.access.authenticationFlow

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.backendLogoutUrl

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.clientCertificateAuthentication

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.credentialsPropagation.mandatory

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.credentialsPropagation.type

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.deniedUrl.mode

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.deniedUrl.value

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.ntlmPassthroughEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.restrictions

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.cookieExtraction.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.cookieExtraction.name

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.headerExtraction.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.headerExtraction.extractionPattern

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.headerExtraction.replaceWith

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.parameterExtraction.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.parameterExtraction.name

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.presenceMandatoryEnforced

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.claimRestrictions

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.expiryCheckEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.expiryCheckSkew

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.extractTechnicalClientIdEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.extractTechnicalClientIdName

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.localJwksProviders

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.remoteJwksProviders

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.roleExtractions

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.setAuditTokenFromSubjectEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokensEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionCookie.cookieName

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionCookie.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionHeader.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionHeader.replaceWith

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionQueryParameter.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionQueryParameter.parameterName

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyServiceEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyServiceId

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.jsonParser.contentTypePattern

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.jsonParser.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.logOnly

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiCheckResponsesEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiDocumentId

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiEnforced

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiPathMatching

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiPublishSpecificationEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiPublishSpecificationPath

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.treatPathSegmentsAsParamValues

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.controlApiAllowed

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.encryptedCookies.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.encryptedCookies.prefix

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.environmentCookiesEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.loadBalancingCookieEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.passthroughCookies.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.passthroughCookies.prefix

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.redirectForErrorPageEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.request.charset

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.request.header.allowlist.additional

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.request.header.allowlist.defaultEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.request.header.denylist.additional

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.request.header.denylist.defaultEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.request.header.enforceUtf8

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.request.parameter.enforceUtf8

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.request.path.enforceUtf8

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.response.body.rewrites

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.response.compressionAllowed

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.response.errorPage.rewrites

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.response.header.allowlist.additional

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.response.header.allowlist.defaultEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.response.header.denylist.additional

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.response.header.denylist.defaultEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.response.header.location.rewrites

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.response.html.rewrites

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.response.json.rewrites

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.response.stripCommentsEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.sessionHandling

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.webSocketsAllowed

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.backendPath

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.botManagement.clientCookieSupportEnforced

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.botManagement.customBots.allowed

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.botManagement.customBots.domainPattern

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.botManagement.customBots.sourceDomainEnforced

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.botManagement.customBots.userAgentPattern

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.botManagement.logOnly

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.botManagement.wellKnownBots.allowed

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.botManagement.wellKnownBots.sourceDomainEnforced

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.csrfProtection.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.csrfProtection.invalidTokenRedirectLocation

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.csrfProtection.pathExceptions

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.dosAttackPrevention.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.dosAttackPrevention.interval

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.dosAttackPrevention.maxRequestsPerInterval

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.enableMaintenancePage

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.enabled

Boolean

yes

If true, the state of the attribute locks is displayed in Airlock Gateway’s Configuration Center for this mapping.

data.attributes.locking.entryPath.enforceTrailingSlashes

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.entryPath.priority

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.entryPath.regexFormatEnforced

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.entryPath.settings

Boolean

yes

Lock for the corresponding member. Note that this lock affects both the EntryPath’s 'value' and 'ignoreCase'.

data.attributes.locking.httpParameterPollutionDetection.mixedTypes.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.httpParameterPollutionDetection.mixedTypes.logOnly

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.httpParameterPollutionDetection.sameType.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.icap.request.backendViews

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.icap.request.clientViews

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.icap.response.backendViews

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.icap.response.clientViews

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.ipRules.dynamicIpAddressBlacklist.countMode

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.ipRules.dynamicIpAddressBlacklist.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.ipRules.ipAddressBlacklists.logOnly

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.ipRules.ipAddressWhitelists.logOnly

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.labels

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.limits.general.maxPathLength

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.limits.general.maxRequestBodySize

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.limits.http.maxParameterNameLength

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.limits.http.maxParameterValueLength

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.limits.http.maxParameters

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.limits.json.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.limits.json.maxArrayItems

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.limits.json.maxKeyLength

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.limits.json.maxKeys

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.limits.json.maxNestingDepth

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.limits.json.maxTotalEntries

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.limits.json.maxValueLength

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.operationalMode

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.requestBodyStreaming.contentTypePattern

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.requestBodyStreaming.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.requestBodyStreaming.httpMethodPattern

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.requestBodyStreaming.pathPattern

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.threatHandling

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.timeouts.backend

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.timeouts.sessionIdle

Boolean

yes

Lock for the corresponding member.

data.attributes.name

String

yes

The unique name of the mapping.

data.attributes.operationalMode

String

no

The mode in which the mapping runs.

Allowed values:
- PRODUCTION: Standard mode of operation.
- INTEGRATION: More information is logged about all requests and responses (may decrease performance).
Default value: PRODUCTION

data.attributes.requestBodyStreaming.contentTypePattern

Object

yes

Only requests whose content type header matches this regular expression pattern will be streamed.

data.attributes.requestBodyStreaming.contentTypePattern.caseIgnored

Boolean

yes

Whether to ignore case.

data.attributes.requestBodyStreaming.contentTypePattern.inverted

Boolean

yes

Whether to invert the match.

data.attributes.requestBodyStreaming.contentTypePattern.pattern

String

yes

The actual pattern.

data.attributes.requestBodyStreaming.enabled

Boolean

yes

Whether request body streaming is enabled. If enabled, only requests matching all three regular expression patterns will be streamed.
Empty fields have the same effect as the pattern ^.*$

data.attributes.requestBodyStreaming.httpMethodPattern

Object

yes

Only requests whose HTTP method matches this regular expression pattern will be streamed.

data.attributes.requestBodyStreaming.httpMethodPattern.caseIgnored

Boolean

yes

Whether to ignore case.

data.attributes.requestBodyStreaming.httpMethodPattern.inverted

Boolean

yes

Whether to invert the match.

data.attributes.requestBodyStreaming.httpMethodPattern.pattern

String

yes

The actual pattern.

data.attributes.requestBodyStreaming.pathPattern

Object

yes

Only requests whose path matches this regular expression pattern will be streamed.

data.attributes.requestBodyStreaming.pathPattern.caseIgnored

Boolean

yes

Whether to ignore case.

data.attributes.requestBodyStreaming.pathPattern.inverted

Boolean

yes

Whether to invert the match.

data.attributes.requestBodyStreaming.pathPattern.pattern

String

yes

The actual pattern.

data.attributes.tenant

String

yes

Tenant of the mapping.

data.attributes.threatHandling

String

yes

Defines how policy violations, e.g., missing allow rules, matching deny rules, URL encryption and form protection violations, are handled.

Allowed values:
- BLOCK: Requests violating policies are blocked. The session (if available) remains valid.
- TERMINATE_SESSION: Requests violating policies are blocked. The session (if available) is terminated.
- NOTIFY: Requests violating policies are not blocked. The violation is logged and notified.

data.attributes.timeouts.backend

Number

yes

Defines the time (seconds) Airlock Gateway will wait for the back-end response.
In case the request runs into the timeout, Airlock Gateway will send a redirect to the HTTP 503 Service unavailable error page with the corresponding HTTP 503 status code. If In-band Health Checks are configured, then such a request will be counted as a failed request, potentially leading to the back-end server being marked as bad.

data.attributes.timeouts.sessionIdle

Number

yes

Defines the minimum session idle time (seconds) of Airlock Gateway for this mapping.
The value will be ignored if minimum session idle timeout is smaller or equal to the global session idle timeout setting.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "mapping" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.access.authenticationFlow

String

Allowed values:
- REDIRECT: If the required role for the mapping is missing on the current session, Airlock Gateway will send a redirect (HTTP 303) to either the global or the custom denied access URL.
This mode is typically used in conjunction with user operated clients.
- DENY_ACCESS: Airlock Gateway will directly send an access denied (HTTP 403) response to the client if the required role is missing.
This is typically used for technical clients.
- ONE_SHOT: When this option is selected and Airlock Gateway receives an incoming request for this mapping that needs to be authenticated, Airlock Gateway implicitly (without redirect) forwards the request to the configured denied access URL for this mapping. The request headers are forwarded but no request body. After the forwarded request, Airlock Gateway checks again if the session is now authenticated.
If so, the original request is passed to the back-end server (successful one-shot authentication).
If the session does not have the required credentials even after the one-shot request, Airlock Gateway will send an access denied (HTTP 403) response to the client.
- ONE_SHOT_WITH_BODY: This is the same as with the "one-shot" option with two notable differences: The whole body of the request is also sent to the denied access URL for this mapping and the request method is always POST instead of GET.
- FRONT_SIDE_NTLM: Choose the front-side NTLM authentication flow to support authentication using NTLM. The front-side NTLM authentication flow is similar to the "one-shot" authentication flow, but also forwards all requests containing an "Authorization" header with value "NTLM .*" to the denied access URL.
For successful authentication, NTLM must be supported by the authentication service.

data.attributes.access.backendLogoutUrl

String

Whenever an Airlock Gateway session terminates (either due to an explicit logout by the user or due to a session timeout), Airlock Gateway will call the given, unmodified path on the currently used back-end host with all information concerning this back-end application such as cookies, headers, etc. to allow clean session termination on the backend host.

data.attributes.access.clientCertificateAuthentication

String

Specifies whether accessing this mapping requires the client to authenticate with a valid SSL client certificate.

Allowed values:
- NOT_REQUIRED: The mapping uses the client certificate settings of the virtual host.
- OPTIONAL: The client may send a certificate if available, but access is still allowed without. The optional setting is normally used in combination with an authentication service that presents an alternative login page if no certificate is sent.
- REQUIRED: The client must send a valid certificate. If no client certificate is sent, the SSL handshake is cancelled and the browser typically presents the user with a technical error message.

data.attributes.access.credentialsPropagation.mandatory

Boolean

If true and the selected SSO credentials are missing, access to the mapping is denied and Airlock Gateway will redirect to either the global or the custom denied access URL.

data.attributes.access.credentialsPropagation.type

String

Defines if SSO credentials set by the control API will be forwarded to the back-end application or not. These credentials are typically set by the authentication service upon successful authentication.

Allowed values:
- NONE: Even if Basic-Auth or NTLM credentials set by the control API are present, Airlock Gateway will not forward them to the back-end application. Access to the mapping is granted without any SSO credentials.
- BASIC_AUTH: If Basic-Auth credentials set by the control API are present, Airlock Gateway will forward them to the back-end application.
- KERBEROS: If a Kerberos user is set by the control API, Airlock Gateway will acquire and send a service ticket to the back-end application.
- NTLM: If NTLM credentials set by the control API are present, Airlock Gateway will forward them to the back-end application.

data.attributes.access.deniedUrl.mode

String

Allowed values:
- GLOBAL: Use the global denied access url as configured under the menu Application Firewall - Session - Access Control.
- CUSTOM: Use the mapping specific denied access url.

data.attributes.access.deniedUrl.value

String

Location (URL) of the authentication service. In case the required role for the mapping is missing on the current session, Airlock Gateway will redirect the client to this location.

data.attributes.access.ntlmPassthroughEnabled

Boolean

Airlock Gateway is enabled to handle HTTP connections with transparent client to back-end NTLM authentication. Since the authorization of NTLM authenticated connections is bound to the underlying TCP connection, the client and back-end connections are correlated as soon as a NTLM handshake is detected. These one-to-one bindings of client and back-end connections exist until client connections are closed. It is guaranteed that no back-end connection authenticated using NTLM is ever reused by another client connection.

NTLM has well-known security flaws. We strongly recommend adding additional security measures when exposing NTLM authentication to the Internet. If possible, Kerberos should be preferred over NTLM, as suggested by Microsoft.

data.attributes.access.restrictions[].authorizedPlans[]

Array

List of mandatory plans. Only sessions which have at least one of these plans will be able to access the service.

data.attributes.access.restrictions[].authorizedRoles[]

Array

List of mandatory roles. Only sessions which have at least one of these roles will be able to access the service.

data.attributes.access.restrictions[].enabled

Boolean

Whether access restriction is enabled.

data.attributes.access.restrictions[].entryPathPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.access.restrictions[].entryPathPattern.inverted

Boolean

Whether to invert the match.

data.attributes.access.restrictions[].entryPathPattern.pattern

String

The actual pattern.

data.attributes.access.restrictions[].httpMethodPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.access.restrictions[].httpMethodPattern.inverted

Boolean

Whether to invert the match.

data.attributes.access.restrictions[].httpMethodPattern.pattern

String

The actual pattern.

data.attributes.access.tokenTransport.cookieExtraction.enabled

Boolean

If enabled, Airlock Gateway will extract the token from the specified cookie.

data.attributes.access.tokenTransport.cookieExtraction.name

String

Name of the cookie.

data.attributes.access.tokenTransport.headerExtraction.enabled

Boolean

If enabled, Airlock Gateway will extract the token from the specified header.

data.attributes.access.tokenTransport.headerExtraction.extractionPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.access.tokenTransport.headerExtraction.extractionPattern.pattern

String

The actual pattern.

data.attributes.access.tokenTransport.headerExtraction.replaceWith

String

The rewrite expression for the header extraction.

data.attributes.access.tokenTransport.parameterExtraction.enabled

Boolean

If enabled, Airlock Gateway will extract the token from the specified query parameter.

data.attributes.access.tokenTransport.parameterExtraction.name

String

Name of the query parameter.

data.attributes.access.tokenTransport.presenceMandatoryEnforced

Boolean

If not enforced, requests without a token are accepted. However, if a token is present, it is extracted and validated and the configured restrictions and role extractions are applied.

data.attributes.access.tokenVerification.claimRestrictions[].enabled

Boolean

Whether this claim extraction rule is enabled.

data.attributes.access.tokenVerification.claimRestrictions[].name

String

Name of the claim you want to restrict.

data.attributes.access.tokenVerification.claimRestrictions[].restrictionPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.access.tokenVerification.claimRestrictions[].restrictionPattern.inverted

Boolean

Whether to invert the match.

data.attributes.access.tokenVerification.claimRestrictions[].restrictionPattern.pattern

String

The actual pattern.

data.attributes.access.tokenVerification.expiryCheckEnabled

Boolean

If enabled, the JWT standard claims expiry (exp) and not before (nbf) will be checked and must be valid.

data.attributes.access.tokenVerification.expiryCheckSkew

Number

Allowed skew when checking expiry / not before in seconds. This can be used if verification fails because of time synchronization issues with the token issuer and your Airlock.

data.attributes.access.tokenVerification.extractTechnicalClientIdEnabled

Boolean

If enabled, a technical client ID is extracted from the JWT.

data.attributes.access.tokenVerification.extractTechnicalClientIdName

String

Name of the claim to extract as technical client ID.

data.attributes.access.tokenVerification.roleExtractions[].enabled

Boolean

Whether this claim extraction rule is enabled.

data.attributes.access.tokenVerification.roleExtractions[].extractionPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.access.tokenVerification.roleExtractions[].extractionPattern.pattern

String

The actual pattern.

data.attributes.access.tokenVerification.roleExtractions[].name

String

Name of the claim you want to extract a role from.

data.attributes.access.tokenVerification.roleExtractions[].replaceWith

String

The rewrite expression of the role.

data.attributes.access.tokenVerification.roleExtractions[].tokenLifetimeAsRoleLifetimeEnforced

Boolean

If enforced, the expiry claim (exp) of the JWT will be used as the role lifetime.

data.attributes.access.tokenVerification.setAuditTokenFromSubjectEnabled

Boolean

If enabled, the 'sub' claim is extracted from the JWT and its value is used as audit token of the current Airlock session.

data.attributes.access.tokenVerification.signatureCheckEnforced

Boolean

If enforced, the JWT’s signature must be present and valid.

data.attributes.access.tokensEnabled

Boolean

Whether access tokens should be processed.

data.attributes.apiSecurity.apiPolicyKeyExtractionCookie.cookieName

String

Name of the cookie.

data.attributes.apiSecurity.apiPolicyKeyExtractionCookie.enabled

Boolean

If enabled, Airlock Gateway will extract the API key from the specified cookie.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.enabled

Boolean

If enabled, Airlock Gateway will extract the API key from the specified header.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern.inverted

Boolean

Whether to invert the match.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern.pattern

String

The actual pattern.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.replaceWith

String

Rewrite expression for the header extraction.

data.attributes.apiSecurity.apiPolicyKeyExtractionQueryParameter.enabled

Boolean

If enabled, Airlock Gateway will extract the API key from the specified query parameter.

data.attributes.apiSecurity.apiPolicyKeyExtractionQueryParameter.parameterName

String

Name of the query parameter.

data.attributes.apiSecurity.apiPolicyServiceEnabled

Boolean

Whether to enable the API policy service.

data.attributes.apiSecurity.jsonParser.contentTypePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.apiSecurity.jsonParser.contentTypePattern.inverted

Boolean

Whether to invert the match.

data.attributes.apiSecurity.jsonParser.contentTypePattern.pattern

String

The actual pattern.

data.attributes.apiSecurity.jsonParser.enabled

Boolean

If set to true, Airlock Gateway parses JSON objects in requests and filters JSON attributes with allow rules and deny rules. JSON objects are parsed only if their content-type matches the specified pattern.

data.attributes.apiSecurity.logOnly

Boolean

If enabled, potential attack requests are only logged but not blocked.

data.attributes.apiSecurity.openApiCheckResponsesEnabled

Boolean

If enabled, responses are also checked against the API specification.

data.attributes.apiSecurity.openApiEnforced

Boolean

Whether traffic to/from this service shall be checked against an API specification provided in the OpenAPI format.If enforced, traffic not conforming to the API specification will be blocked.

data.attributes.apiSecurity.openApiPathMatching

String

Run OpenAPI path matching against client or server view of request/response.

Allowed values:
- ClientView
- BackendView

data.attributes.apiSecurity.openApiPublishSpecificationEnabled

Boolean

If enabled, allow clients to download the API specification.

data.attributes.apiSecurity.openApiPublishSpecificationPath

String

External path to the API specification. Note that the entry path will be added in front of it.

data.attributes.apiSecurity.treatPathSegmentsAsParamValues

Boolean

If enabled, each path segment is interpreted as a separate parameter value and the deny rules for parameter values are applied to it.

data.attributes.application.controlApiAllowed

Boolean

Whether this service is allowed to use Airlock Gateway’s back-end API via the control cookie mechanism. Normally, only the authentication application should be allowed to use the back-end control API of Airlock Gateway.

data.attributes.application.encryptedCookies.enabled

Boolean

Enables encryption of cookies which are sent to the client.

data.attributes.application.encryptedCookies.prefix

String

Regular expression for cookies that should be cryptographically encrypted before being sent to the client.
All cookies that have names which match the regular expression are encrypted and digitally signed with a secret key derived from a pass phrase when sent to the client. They are decrypted and verified when sent to the back-end service.
Because the pass-phrase-based key is used, such cookies are valid over several sessions and can also be persistent on the client’s machine. Such cookies protect the application from manipulated cookie contents and hide the content from the user.

data.attributes.application.environmentCookiesEnabled

Boolean

Whether this service should receive the Airlock Gateway environment cookies that contain useful information about the connection to the client.

data.attributes.application.loadBalancingCookieEnabled

Boolean

If enabled, load balancing information is sent to the client in a load balancing cookie. Disable if no load balancing is needed and no cookie should be generated for this purpose.

data.attributes.application.passthroughCookies.enabled

Boolean

Whether 'Passthrough Cookies' are enabled. Passthrough Cookies are cookies which are sent in plain format to the client.

data.attributes.application.passthroughCookies.prefix

String

Regular expression to select cookies that should be treated as 'Passthrough Cookies'.
Passthrough cookies are not recommended because they are often a carrier for cookie poisoning based web application attacks that can result in buffer overflows etc.

data.attributes.application.redirectForErrorPageEnabled

Boolean

If enabled, Airlock Gateway will deliver error pages by sending a HTTP redirect pointing to the error page to its clients. Otherwise the error page will be directly returned.

data.attributes.application.request.charset

String

Parameter values that are sent in HTTP requests from the client are interpreted by Airlock Gateway as if they were encoded using the given charset. If Airlock Gateway detects that the charset does not match, it tries to use the fallback charset.

Allowed values:
- UTF_8_FALLBACK_WINDOWS_1252
- UTF_8
- ISO_8859_15
- WINDOWS_1251
- WINDOWS_1252

data.attributes.application.request.header.allowlist.additional

Object

Additional headers to allow.

data.attributes.application.request.header.allowlist.additional.pattern

String

The actual pattern.

data.attributes.application.request.header.allowlist.defaultEnabled

Boolean

If enabled, default header allow list will be applied.

data.attributes.application.request.header.denylist.additional

Object

Additional headers to deny.

data.attributes.application.request.header.denylist.additional.pattern

String

The actual pattern.

data.attributes.application.request.header.denylist.defaultEnabled

Boolean

If enabled, default header deny list will be applied.

data.attributes.application.request.header.enforceUtf8

Boolean

If enabled, requests which contain invalid UTF-8 sequences in the headers will be blocked.

data.attributes.application.request.parameter.enforceUtf8

Boolean

If enabled, requests which contain invalid UTF-8 sequences in the parameters will be blocked.

data.attributes.application.request.path.enforceUtf8

Boolean

If enabled, requests which contain invalid UTF-8 sequences in the path will be blocked.

data.attributes.application.response.body.rewrites[].contentPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.application.response.body.rewrites[].contentPattern.pattern

String

The actual pattern.

data.attributes.application.response.body.rewrites[].contentType

String

A response from the back-end server is rewritten only if the response headerContent-Type matches this regular expression.

data.attributes.application.response.body.rewrites[].enabled

Boolean

Whether rewrites are enabled.

data.attributes.application.response.body.rewrites[].replaceWith

String

Target string which will replace the string matched by Content Pattern.

data.attributes.application.response.compressionAllowed

Boolean

Specifies whether Airlock Gateway should compress the output on-the-fly for the client browser (if supported and requested by the browser).
Warning: Allowing compression for data served through SSL/TLS virtual hosts may affect the secrecy of the data.

data.attributes.application.response.errorPage.rewrites[].enabled

Boolean

Whether rewrites are enabled.

data.attributes.application.response.errorPage.rewrites[].replaceWith

String

Target string which will replace the string matched by HTTP status content pattern.

data.attributes.application.response.errorPage.rewrites[].statusContentPattern

String

The HTTP status code pattern.

data.attributes.application.response.header.allowlist.additional

Object

Additional headers to allow.

data.attributes.application.response.header.allowlist.additional.pattern

String

The actual pattern.

data.attributes.application.response.header.allowlist.defaultEnabled

Boolean

If enabled, default header allow list will be applied.

data.attributes.application.response.header.denylist.additional

Object

Additional headers to deny.

data.attributes.application.response.header.denylist.additional.pattern

String

The actual pattern.

data.attributes.application.response.header.denylist.defaultEnabled

Boolean

If enabled, default header deny list will be applied.

data.attributes.application.response.header.location.rewrites[].enabled

Boolean

Whether rewrites are enabled.

data.attributes.application.response.header.location.rewrites[].replaceWith

String

Target string which will replace the string matched by URL pattern.

data.attributes.application.response.header.location.rewrites[].urlPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.application.response.header.location.rewrites[].urlPattern.pattern

String

The actual pattern.

data.attributes.application.response.html.rewrites[].embedded

Boolean

Whether to apply the rule to <script> and <style> blocks embedded in the HTML page

data.attributes.application.response.html.rewrites[].enabled

Boolean

Whether rewrites are enabled.

data.attributes.application.response.html.rewrites[].events

Boolean

Whether to apply the rule to JavaScript event strings such as onsubmit, onload, etc.

data.attributes.application.response.html.rewrites[].replaceWith

String

Target string which will replace the string matched by URL Pattern.

data.attributes.application.response.html.rewrites[].uris

Boolean

Whether to apply the rule to linked HTML elements like href, src, etc.

data.attributes.application.response.html.rewrites[].urlPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.application.response.html.rewrites[].urlPattern.pattern

String

The actual pattern.

data.attributes.application.response.json.rewrites[].contentPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.application.response.json.rewrites[].contentPattern.pattern

String

The actual pattern.

data.attributes.application.response.json.rewrites[].enabled

Boolean

Whether rewrites are enabled.

data.attributes.application.response.json.rewrites[].path

String

A response from the back-end server is rewritten only if the JSON path matches this regular expression.

data.attributes.application.response.json.rewrites[].replaceWith

String

Target string which will replace the string matched by Content Pattern.

data.attributes.application.response.stripCommentsEnabled

Boolean

If enabled, Airlock Gateway removes HTML comments.

data.attributes.application.sessionHandling

String

Allowed values:
- ENFORCE_SESSION: Sessions are enforced. If no session is available, a new session is created.
- OPTIONAL_SESSION: Sessions are optional. Existing sessions are used. If no session is available, no session is used.
- OPTIONAL_SESSION_NO_REFRESH: Same as "OPTIONAL_SESSION" but without refreshing session access timestamps. That is, requests use existing sessions if available but do not reset session idle times.
- IGNORE_SESSION: Session handling is disabled. No sessions are created and existing sessions are ignored. This mode improves performance for delivery of anonymous stateless content, such as image directories or static web repositories.

data.attributes.application.webSocketsAllowed

Boolean

Whether support for the WebSockets protocol as defined in RFC 6455 is enabled.

data.attributes.backendPath

String

The back-end path specifies the internal back-end path, i.e. the path of the request sent to the application server.

data.attributes.botManagement.clientCookieSupportEnforced

Boolean

If enabled, only clients implementing a Cookie-Store will be able to access the application through this mapping. In contrast to regular browsers, most bots do not implement a Cookie-Store and will therefore be blocked if this setting is enabled.

data.attributes.botManagement.customBots.allowed

Boolean

If enabled, custom bots are not blocked.
Custom bots are identified by providing a "User-Agent" and "Domain" pattern.

data.attributes.botManagement.customBots.domainPattern.inverted

Boolean

Whether to invert the match.

data.attributes.botManagement.customBots.domainPattern.pattern

String

The actual pattern.

data.attributes.botManagement.customBots.sourceDomainEnforced

Boolean

Do not block bots whose source-domain matches the "domain pattern".

data.attributes.botManagement.customBots.userAgentPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.botManagement.customBots.userAgentPattern.inverted

Boolean

Whether to invert the match.

data.attributes.botManagement.customBots.userAgentPattern.pattern

String

The actual pattern.

data.attributes.botManagement.logOnly

Boolean

If true, requests from bots are only logged but not blocked.

data.attributes.botManagement.wellKnownBots.allowed

Boolean

Check the User-Agent to determine if a bot is well-known and do not block such bots.
Clients indicating one of the following User-Agent headers are treated as well-known bots: Googlebot, bingbot, MSNBot, Baiduspider, YandexBot, archive.org_bot, DuckDuckBot.

data.attributes.botManagement.wellKnownBots.sourceDomainEnforced

Boolean

If enabled, a reverse IP lookup for well-known bots is performed to verify that the client’s IP address belongs to the operator of a well-known bot.
This prevents bots from pretending to be a well-known bot by sending a fake "User-Agent" header.
The following domains are considered as domains of operators operating well-known bots: google.com, googlebot.com,search.msn.com, yahoo.net, baidu.com, baidu.jp, yandex.ru, yandex.net, yandex.com, archive.org, amazonaws.com (107.20.237.51, 23.21.226.191, 107.21.1.8, 54.208.102.37)

data.attributes.csrfProtection.enabled

Boolean

Whether CSRF protection is enabled.

data.attributes.csrfProtection.invalidTokenRedirectLocation

String

If a missing or invalid CSRF token is detected, the client is redirected to the configured location.

data.attributes.csrfProtection.pathExceptions[].caseIgnored

Boolean

Whether to ignore case.

data.attributes.csrfProtection.pathExceptions[].pattern

String

The actual pattern.

data.attributes.dosAttackPrevention.enabled

Boolean

Whether the DoS attack prevention filter is enabled.

data.attributes.dosAttackPrevention.interval

Number

Interval for measurement of allowed requests per IP address (seconds).

data.attributes.dosAttackPrevention.maxRequestsPerInterval

Number

Maximum requests allowed per IP address.

data.attributes.enableMaintenancePage

Boolean

Whether the maintenance page is enabled.

data.attributes.entryPath.enforceTrailingSlashes

Boolean

Whether a trailing slash is mandatory at the end of the entry path or not.

data.attributes.entryPath.ignoreCase

Boolean

Whether the entry path should be case sensitive.

data.attributes.entryPath.priority

Number

The priority guarantees a deterministic selection of the mapping for a given request path.
The value can be between -999 (highest priority) and 999 (lowest priority). It must be unique among all regular expression mappings.

data.attributes.entryPath.regexFormatEnforced

Boolean

Whether the entry path (the external URL path of the mapping) should be interpreted as regular expression or not.

data.attributes.entryPath.value

String

The entry path specifies the external URL path the mapping should be available under. For each incoming request, Airlock Gateway compares the URL with the entry path to find the right mapping.

data.attributes.expertSettings.apache

Object

Expert settings for the Apache.

data.attributes.expertSettings.apache.enabled

Boolean

Whether the Apache expert settings are enabled.

data.attributes.expertSettings.apache.settings

String

Expert settings for the Apache web listener.

data.attributes.expertSettings.securityGate

Object

Expert settings for the Security Gate.

data.attributes.expertSettings.securityGate.enabled

Boolean

Whether the Security Gate expert settings are enabled.

data.attributes.expertSettings.securityGate.settings

String

Expert settings for the Security Gate.

data.attributes.httpParameterPollutionDetection.mixedTypes

Object

Allows the detection of HTTP Parameter Pollution (HPP) attacks involving both HTTP GET and HTTP POST parameters (thus involving parameters of different/mixed types).

data.attributes.httpParameterPollutionDetection.mixedTypes.enabled

Boolean

If enabled, requests containing HTTP GET and HTTP POST parameters of the same name are blocked to prevent HPP attacks.

data.attributes.httpParameterPollutionDetection.mixedTypes.logOnly

Boolean

If true, potential HPP attack requests are only logged but not blocked.

data.attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern

Object

Parameters named with a name matching this regular expression pattern will be ignored by the HPP detection.

data.attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern.inverted

Boolean

Whether to invert the match.

data.attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern.pattern

String

The actual pattern.

data.attributes.httpParameterPollutionDetection.sameType

Object

Allows the detection of HTTP Parameter Pollution (HPP) attacks involving only HTTP GET or only HTTP POST parameters (thus involving only parameters of the same type).

data.attributes.httpParameterPollutionDetection.sameType.enabled

Boolean

If enabled, parameters named with the same name and type (HTTP GET or POST) are joined together into one parameter before filtering to prevent HPP attacks.
Note: For the filtering itself, a deny rule like the default deny rule '(default) HTTP Parameter Pollution' has to be configured.

data.attributes.ipRules.dynamicIpAddressBlacklist.countMode

String

Counting mode of dynamic IP address blacklist blocks.

Allowed values:
- OFF: Blocks on this mapping are not counted for the dynamic IP address blacklist.
- ALL: All blocks on this mapping are counted for the dynamic IP address blacklist.
- DENY_RULES_ONLY: Only deny rule blocks on this mapping are counted for the dynamic IP address blacklist.

data.attributes.ipRules.dynamicIpAddressBlacklist.enabled

Boolean

If enabled, IPs on the dynamic IP address blacklist are blocked.

data.attributes.ipRules.ipAddressBlacklists.logOnly

Boolean

If true, requests whose source IP address is contained in one of the configured IP Blacklists are only logged but not blocked.

data.attributes.ipRules.ipAddressBlacklists.webrootThreatCategories

String

List of threat categories which should be blocked (;-separated string).

Categories:
SPAM_SOURCES: The Spam Sources category includes IP addresses involved in tunneling spam messages through proxy, anomalous SMTP activities, and forum spam activities.
WINDOWS_EXPLOITS: The Windows Exploits category includes IP addresses participating in the distribution of malware, shell code, rootkits, worms or viruses for Windows platforms.
WEB_ATTACKS: The Web Attacks category includes IP addresses using cross site scripting, iFrame injection, SQL injection, cross domain injection, or domain password brute force attacks to target vulnerabilities on a web server.
BOT_NETS: The Botnets category includes IP addresses acting as Botnet Command and Control (C&C) centers, and infected zombie machines controlled by the C&C servers.
SCANNERS: The Scanners category includes IP addresses involved in unauthorized reconnaissance activities such as probing, host scanning, port scanning and brute force login attempts.
DENIAL_OF_SERVICE: The Denial of Services category includes IPs addresses involved in DOS or DDOS attacks, anomalous sync flood, or anomalous traffic.
PHISHING: The Phishing category includes IP addresses hosting phishing sites and sites related to other kinds of fraudulent activities.
PROXY: The Proxy category includes IP addresses providing proxy services, including both VPN and open web proxy services.
MOBILE_THREATS: The Mobile Threats category includes IP addresses associated with malicious and unwanted mobile applications.
TOR_PROXY: The Tor Proxy category includes IP addresses acting as exit nodes for the Tor Network. Exit nodes are the last point along the proxy chain and make a direct connection to the originator’s intended destination.

data.attributes.ipRules.ipAddressWhitelists.logOnly

Boolean

If true, requests whose source IP address is not contained in one of the configured IP Whitelists are only logged but not blocked.

data.attributes.labels[]

Array

List of assigned Labels (freely defined textual tags). Labels allow grouping of mappings with a common aspect, e.g. all mappings belonging to the same application.

data.attributes.limits.general.maxPathLength

Number

Defines the maximum path length for requests to the current mapping.

data.attributes.limits.general.maxRequestBodySize

Number

Defines the maximum size of the request body. It specifies the number of bytes from 0 (meaning unlimited) to 2147483647 (2GB) that are allowed in a request body. To restrict the size of file uploads, set this limit to the maximum combined size of all files uploaded at once.

data.attributes.limits.http.maxParameterNameLength

Number

Defines the maximum length for a parameter name.

data.attributes.limits.http.maxParameterValueLength

Number

Defines the maximum length for a parameter value.

data.attributes.limits.http.maxParameters

Number

Defines the maximum number of parameters inside the request.

data.attributes.limits.json.enabled

Boolean

Whether JSON limits are enabled.

data.attributes.limits.json.maxArrayItems

Number

Defines the maximum number of items for a single JSON array (non-recursive).

data.attributes.limits.json.maxKeyLength

Number

Defines the maximum length for a JSON key, also known as "JSON property" or "JSON object member".

data.attributes.limits.json.maxKeys

Number

Defines the maximum number of keys of a single JSON object (non-recursive).

data.attributes.limits.json.maxNestingDepth

Number

Defines the maximum depth of nesting for JSON objects and JSON arrays.

data.attributes.limits.json.maxTotalEntries

Number

Defines the maximum number of keys and array items in the whole JSON document (recursive).

data.attributes.limits.json.maxValueLength

Number

Defines the maximum json value length for requests to the current mapping.

data.attributes.locking.access.authenticationFlow

Boolean

Lock for the corresponding member.

data.attributes.locking.access.backendLogoutUrl

Boolean

Lock for the corresponding member.

data.attributes.locking.access.clientCertificateAuthentication

Boolean

Lock for the corresponding member.

data.attributes.locking.access.credentialsPropagation.mandatory

Boolean

Lock for the corresponding member.

data.attributes.locking.access.credentialsPropagation.type

Boolean

Lock for the corresponding member.

data.attributes.locking.access.deniedUrl.mode

Boolean

Lock for the corresponding member.

data.attributes.locking.access.deniedUrl.value

Boolean

Lock for the corresponding member.

data.attributes.locking.access.ntlmPassthroughEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.restrictions

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.cookieExtraction.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.cookieExtraction.name

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.headerExtraction.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.headerExtraction.extractionPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.headerExtraction.replaceWith

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.parameterExtraction.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.parameterExtraction.name

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.presenceMandatoryEnforced

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.claimRestrictions

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.expiryCheckEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.expiryCheckSkew

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.extractTechnicalClientIdEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.extractTechnicalClientIdName

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.localJwksProviders

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.remoteJwksProviders

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.roleExtractions

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.setAuditTokenFromSubjectEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokensEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionCookie.cookieName

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionCookie.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionHeader.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionHeader.replaceWith

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionQueryParameter.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionQueryParameter.parameterName

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyServiceEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyServiceId

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.jsonParser.contentTypePattern

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.jsonParser.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.logOnly

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiCheckResponsesEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiDocumentId

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiEnforced

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiPathMatching

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiPublishSpecificationEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiPublishSpecificationPath

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.treatPathSegmentsAsParamValues

Boolean

Lock for the corresponding member.

data.attributes.locking.application.controlApiAllowed

Boolean

Lock for the corresponding member.

data.attributes.locking.application.encryptedCookies.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.encryptedCookies.prefix

Boolean

Lock for the corresponding member.

data.attributes.locking.application.environmentCookiesEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.loadBalancingCookieEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.passthroughCookies.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.passthroughCookies.prefix

Boolean

Lock for the corresponding member.

data.attributes.locking.application.redirectForErrorPageEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.charset

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.header.allowlist.additional

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.header.allowlist.defaultEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.header.denylist.additional

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.header.denylist.defaultEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.header.enforceUtf8

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.parameter.enforceUtf8

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.path.enforceUtf8

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.body.rewrites

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.compressionAllowed

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.errorPage.rewrites

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.header.allowlist.additional

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.header.allowlist.defaultEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.header.denylist.additional

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.header.denylist.defaultEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.header.location.rewrites

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.html.rewrites

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.json.rewrites

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.stripCommentsEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.sessionHandling

Boolean

Lock for the corresponding member.

data.attributes.locking.application.webSocketsAllowed

Boolean

Lock for the corresponding member.

data.attributes.locking.backendPath

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.clientCookieSupportEnforced

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.customBots.allowed

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.customBots.domainPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.customBots.sourceDomainEnforced

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.customBots.userAgentPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.logOnly

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.wellKnownBots.allowed

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.wellKnownBots.sourceDomainEnforced

Boolean

Lock for the corresponding member.

data.attributes.locking.csrfProtection.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.csrfProtection.invalidTokenRedirectLocation

Boolean

Lock for the corresponding member.

data.attributes.locking.csrfProtection.pathExceptions

Boolean

Lock for the corresponding member.

data.attributes.locking.dosAttackPrevention.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.dosAttackPrevention.interval

Boolean

Lock for the corresponding member.

data.attributes.locking.dosAttackPrevention.maxRequestsPerInterval

Boolean

Lock for the corresponding member.

data.attributes.locking.enableMaintenancePage

Boolean

Lock for the corresponding member.

data.attributes.locking.enabled

Boolean

If true, the state of the attribute locks is displayed in Airlock Gateway’s Configuration Center for this mapping.

data.attributes.locking.entryPath.enforceTrailingSlashes

Boolean

Lock for the corresponding member.

data.attributes.locking.entryPath.priority

Boolean

Lock for the corresponding member.

data.attributes.locking.entryPath.regexFormatEnforced

Boolean

Lock for the corresponding member.

data.attributes.locking.entryPath.settings

Boolean

Lock for the corresponding member. Note that this lock affects both the EntryPath’s 'value' and 'ignoreCase'.

data.attributes.locking.httpParameterPollutionDetection.mixedTypes.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.httpParameterPollutionDetection.mixedTypes.logOnly

Boolean

Lock for the corresponding member.

data.attributes.locking.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.httpParameterPollutionDetection.sameType.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.icap.request.backendViews

Boolean

Lock for the corresponding member.

data.attributes.locking.icap.request.clientViews

Boolean

Lock for the corresponding member.

data.attributes.locking.icap.response.backendViews

Boolean

Lock for the corresponding member.

data.attributes.locking.icap.response.clientViews

Boolean

Lock for the corresponding member.

data.attributes.locking.ipRules.dynamicIpAddressBlacklist.countMode

Boolean

Lock for the corresponding member.

data.attributes.locking.ipRules.dynamicIpAddressBlacklist.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.ipRules.ipAddressBlacklists.logOnly

Boolean

Lock for the corresponding member.

data.attributes.locking.ipRules.ipAddressWhitelists.logOnly

Boolean

Lock for the corresponding member.

data.attributes.locking.labels

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.general.maxPathLength

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.general.maxRequestBodySize

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.http.maxParameterNameLength

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.http.maxParameterValueLength

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.http.maxParameters

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.maxArrayItems

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.maxKeyLength

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.maxKeys

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.maxNestingDepth

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.maxTotalEntries

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.maxValueLength

Boolean

Lock for the corresponding member.

data.attributes.locking.operationalMode

Boolean

Lock for the corresponding member.

data.attributes.locking.requestBodyStreaming.contentTypePattern

Boolean

Lock for the corresponding member.

data.attributes.locking.requestBodyStreaming.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.requestBodyStreaming.httpMethodPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.requestBodyStreaming.pathPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.threatHandling

Boolean

Lock for the corresponding member.

data.attributes.locking.timeouts.backend

Boolean

Lock for the corresponding member.

data.attributes.locking.timeouts.sessionIdle

Boolean

Lock for the corresponding member.

data.attributes.name

String

The unique name of the mapping.

data.attributes.operationalMode

String

The mode in which the mapping runs.

Allowed values:
- PRODUCTION: Standard mode of operation.
- INTEGRATION: More information is logged about all requests and responses (may decrease performance).

data.attributes.requestBodyStreaming.contentTypePattern

Object

Only requests whose content type header matches this regular expression pattern will be streamed.

data.attributes.requestBodyStreaming.contentTypePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.requestBodyStreaming.contentTypePattern.inverted

Boolean

Whether to invert the match.

data.attributes.requestBodyStreaming.contentTypePattern.pattern

String

The actual pattern.

data.attributes.requestBodyStreaming.enabled

Boolean

Whether request body streaming is enabled. If enabled, only requests matching all three regular expression patterns will be streamed.
Empty fields have the same effect as the pattern ^.*$

data.attributes.requestBodyStreaming.httpMethodPattern

Object

Only requests whose HTTP method matches this regular expression pattern will be streamed.

data.attributes.requestBodyStreaming.httpMethodPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.requestBodyStreaming.httpMethodPattern.inverted

Boolean

Whether to invert the match.

data.attributes.requestBodyStreaming.httpMethodPattern.pattern

String

The actual pattern.

data.attributes.requestBodyStreaming.pathPattern

Object

Only requests whose path matches this regular expression pattern will be streamed.

data.attributes.requestBodyStreaming.pathPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.requestBodyStreaming.pathPattern.inverted

Boolean

Whether to invert the match.

data.attributes.requestBodyStreaming.pathPattern.pattern

String

The actual pattern.

data.attributes.tenant

String

Tenant of the mapping.

data.attributes.threatHandling

String

Defines how policy violations, e.g., missing allow rules, matching deny rules, URL encryption and form protection violations, are handled.

Allowed values:
- BLOCK: Requests violating policies are blocked. The session (if available) remains valid.
- TERMINATE_SESSION: Requests violating policies are blocked. The session (if available) is terminated.
- NOTIFY: Requests violating policies are not blocked. The violation is logged and notified.

data.attributes.timeouts.backend

Number

Defines the time (seconds) Airlock Gateway will wait for the back-end response.
In case the request runs into the timeout, Airlock Gateway will send a redirect to the HTTP 503 Service unavailable error page with the corresponding HTTP 503 status code. If In-band Health Checks are configured, then such a request will be counted as a failed request, potentially leading to the back-end server being marked as bad.

data.attributes.timeouts.sessionIdle

Number

Defines the minimum session idle time (seconds) of Airlock Gateway for this mapping.
The value will be ignored if minimum session idle timeout is smaller or equal to the global session idle timeout setting.

data.relationships.template.data

Object

The mapping-template references.

data.relationships.template.data.type

String

The data type of the referenced resource. Must be "mapping-template" for this call.

data.relationships.template.data.id

String

The ID of the mapping-template resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "mapping",
    "attributes" : {
      "name" : "mymapping",
      "labels" : [ "labelA", "labelB" ],
      "tenant" : "AirlockBankingCo",
      "entryPath" : {
        "value" : "/entryPathA/",
        "enforceTrailingSlashes" : true,
        "regexFormatEnforced" : true,
        "ignoreCase" : true,
        "priority" : 0
      },
      "backendPath" : "/backendA/",
      "threatHandling" : "BLOCK",
      "operationalMode" : "PRODUCTION",
      "enableMaintenancePage" : true,
      "access" : {
        "deniedUrl" : {
          "value" : "/auth/login",
          "mode" : "GLOBAL"
        },
        "restrictions" : [ {
          "enabled" : true,
          "httpMethodPattern" : {
            "pattern" : "[GET|POST|DELETE]",
            "caseIgnored" : true,
            "inverted" : true
          },
          "entryPathPattern" : {
            "pattern" : "/admin/",
            "caseIgnored" : true,
            "inverted" : true
          },
          "authorizedRoles" : [ "admin" ],
          "authorizedPlans" : [ "android", "ios", "browser" ]
        } ],
        "clientCertificateAuthentication" : "NOT_REQUIRED",
        "authenticationFlow" : "REDIRECT",
        "backendLogoutUrl" : "/backendA/logout",
        "ntlmPassthroughEnabled" : true,
        "credentialsPropagation" : {
          "mandatory" : true,
          "type" : "BASIC_AUTH"
        },
        "tokensEnabled" : true,
        "tokenTransport" : {
          "presenceMandatoryEnforced" : true,
          "headerExtraction" : {
            "enabled" : true,
            "extractionPattern" : {
              "pattern" : "mypattern",
              "caseIgnored" : true
            },
            "replaceWith" : "$1"
          },
          "parameterExtraction" : {
            "enabled" : true,
            "name" : "paramExtraction"
          },
          "cookieExtraction" : {
            "enabled" : true,
            "name" : "EXTRACTION_COOKIE"
          }
        },
        "tokenVerification" : {
          "signatureCheckEnforced" : true,
          "expiryCheckEnabled" : true,
          "expiryCheckSkew" : 42,
          "extractTechnicalClientIdEnabled" : true,
          "extractTechnicalClientIdName" : "TechnicalClientID",
          "setAuditTokenFromSubjectEnabled" : true,
          "claimRestrictions" : [ {
            "enabled" : true,
            "name" : "myrestriction",
            "restrictionPattern" : {
              "pattern" : "myRestriction",
              "caseIgnored" : true,
              "inverted" : true
            }
          } ],
          "roleExtractions" : [ {
            "enabled" : true,
            "name" : "myextraction",
            "extractionPattern" : {
              "pattern" : "extractionPattern",
              "caseIgnored" : true
            },
            "replaceWith" : "$1",
            "tokenLifetimeAsRoleLifetimeEnforced" : true
          } ]
        }
      },
      "ipRules" : {
        "ipAddressWhitelists" : {
          "logOnly" : true
        },
        "ipAddressBlacklists" : {
          "logOnly" : true,
          "webrootThreatCategories" : ""
        },
        "dynamicIpAddressBlacklist" : {
          "enabled" : true,
          "countMode" : "ALL"
        }
      },
      "botManagement" : {
        "logOnly" : false,
        "clientCookieSupportEnforced" : true,
        "wellKnownBots" : {
          "allowed" : true,
          "sourceDomainEnforced" : true
        },
        "customBots" : {
          "allowed" : true,
          "sourceDomainEnforced" : true,
          "userAgentPattern" : {
            "pattern" : "",
            "caseIgnored" : false,
            "inverted" : false
          },
          "domainPattern" : {
            "pattern" : "",
            "inverted" : false
          }
        }
      },
      "timeouts" : {
        "backend" : 120,
        "sessionIdle" : 0
      },
      "limits" : {
        "general" : {
          "maxRequestBodySize" : 222,
          "maxPathLength" : 111
        },
        "http" : {
          "maxParameters" : 2222,
          "maxParameterNameLength" : 1111,
          "maxParameterValueLength" : 3333
        },
        "json" : {
          "enabled" : true,
          "maxKeyLength" : 48,
          "maxValueLength" : 42,
          "maxNestingDepth" : 2000,
          "maxArrayItems" : 1000,
          "maxKeys" : 4000,
          "maxTotalEntries" : 3000
        }
      },
      "csrfProtection" : {
        "enabled" : true,
        "invalidTokenRedirectLocation" : "%ENTRY_PATH%/index.html",
        "pathExceptions" : [ {
          "pattern" : "^/exception/.*",
          "caseIgnored" : true
        } ]
      },
      "application" : {
        "sessionHandling" : "ENFORCE_SESSION",
        "controlApiAllowed" : true,
        "environmentCookiesEnabled" : true,
        "encryptedCookies" : {
          "enabled" : true,
          "prefix" : "ENCRYPT.*"
        },
        "passthroughCookies" : {
          "enabled" : true,
          "prefix" : "PASSTHROUGH.*"
        },
        "loadBalancingCookieEnabled" : true,
        "webSocketsAllowed" : true,
        "redirectForErrorPageEnabled" : true,
        "request" : {
          "charset" : "UTF_8_FALLBACK_WINDOWS_1252",
          "path" : {
            "enforceUtf8" : true
          },
          "header" : {
            "enforceUtf8" : true,
            "allowlist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$ "
              }
            },
            "denylist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$"
              }
            }
          },
          "parameter" : {
            "enforceUtf8" : true
          }
        },
        "response" : {
          "compressionAllowed" : true,
          "stripCommentsEnabled" : true,
          "header" : {
            "allowlist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$"
              }
            },
            "denylist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$"
              }
            },
            "location" : {
              "rewrites" : [ {
                "enabled" : true,
                "urlPattern" : {
                  "pattern" : "/test/",
                  "caseIgnored" : true
                },
                "replaceWith" : "$1"
              } ]
            }
          },
          "json" : {
            "rewrites" : [ {
              "enabled" : true,
              "path" : "$.address.city",
              "contentPattern" : {
                "pattern" : "Basel",
                "caseIgnored" : true
              },
              "replaceWith" : "Zurich"
            } ]
          },
          "body" : {
            "rewrites" : [ {
              "enabled" : true,
              "contentType" : "application/json",
              "contentPattern" : {
                "pattern" : "test",
                "caseIgnored" : true
              },
              "replaceWith" : "test2"
            } ]
          },
          "html" : {
            "rewrites" : [ {
              "enabled" : true,
              "urlPattern" : {
                "pattern" : "^https?://www.mydomain.com(/[^'\"]*)$",
                "caseIgnored" : true
              },
              "uris" : true,
              "events" : true,
              "embedded" : true,
              "replaceWith" : "$1"
            } ]
          },
          "errorPage" : {
            "rewrites" : [ {
              "enabled" : true,
              "statusContentPattern" : "^5(?!02|03)..$",
              "replaceWith" : "500.html"
            } ]
          }
        }
      },
      "apiSecurity" : {
        "treatPathSegmentsAsParamValues" : true,
        "jsonParser" : {
          "enabled" : true,
          "contentTypePattern" : {
            "pattern" : "application/json",
            "caseIgnored" : true,
            "inverted" : true
          }
        },
        "openApiEnforced" : true,
        "openApiCheckResponsesEnabled" : true,
        "logOnly" : true,
        "openApiPathMatching" : "ClientView",
        "openApiPublishSpecificationEnabled" : true,
        "openApiPublishSpecificationPath" : "path/to/apiSpecification.json",
        "apiPolicyServiceEnabled" : true,
        "apiPolicyKeyExtractionHeader" : {
          "enabled" : true,
          "extractionPattern" : {
            "pattern" : "^Api-Key: (.*)$",
            "caseIgnored" : false,
            "inverted" : false
          },
          "replaceWith" : "$1"
        },
        "apiPolicyKeyExtractionQueryParameter" : {
          "enabled" : true,
          "parameterName" : "api_key"
        },
        "apiPolicyKeyExtractionCookie" : {
          "enabled" : true,
          "cookieName" : "ApiKey"
        }
      },
      "dosAttackPrevention" : {
        "enabled" : true,
        "maxRequestsPerInterval" : 500,
        "interval" : 60
      },
      "requestBodyStreaming" : {
        "enabled" : true,
        "httpMethodPattern" : {
          "pattern" : "^GET$",
          "caseIgnored" : true,
          "inverted" : false
        },
        "pathPattern" : {
          "pattern" : "/path/",
          "caseIgnored" : false,
          "inverted" : false
        },
        "contentTypePattern" : {
          "pattern" : "video/mpeg",
          "caseIgnored" : false,
          "inverted" : false
        }
      },
      "httpParameterPollutionDetection" : {
        "mixedTypes" : {
          "enabled" : false,
          "logOnly" : true,
          "parameterNameExceptionPattern" : {
            "pattern" : "",
            "caseIgnored" : true,
            "inverted" : true
          }
        },
        "sameType" : {
          "enabled" : false
        }
      },
      "expertSettings" : {
        "securityGate" : {
          "enabled" : true,
          "settings" : "AuthenticatedSessionsWarningPercentage            \"90\""
        },
        "apache" : {
          "enabled" : true,
          "settings" : "MaxConnectionsPerChild  15000"
        }
      },
      "locking" : {
        "enabled" : true,
        "labels" : true,
        "access" : {
          "deniedUrl" : {
            "value" : true,
            "mode" : true
          },
          "restrictions" : true,
          "clientCertificateAuthentication" : true,
          "authenticationFlow" : true,
          "backendLogoutUrl" : true,
          "ntlmPassthroughEnabled" : true,
          "credentialsPropagation" : {
            "mandatory" : true,
            "type" : true
          },
          "tokensEnabled" : true,
          "tokenVerification" : {
            "localJwksProviders" : true,
            "remoteJwksProviders" : true,
            "expiryCheckEnabled" : true,
            "expiryCheckSkew" : true,
            "claimRestrictions" : true,
            "roleExtractions" : true,
            "extractTechnicalClientIdEnabled" : true,
            "extractTechnicalClientIdName" : true,
            "setAuditTokenFromSubjectEnabled" : true
          },
          "tokenTransport" : {
            "presenceMandatoryEnforced" : true,
            "headerExtraction" : {
              "enabled" : true,
              "extractionPattern" : true,
              "replaceWith" : true
            },
            "parameterExtraction" : {
              "enabled" : true,
              "name" : true
            },
            "cookieExtraction" : {
              "enabled" : true,
              "name" : true
            }
          }
        },
        "entryPath" : {
          "settings" : true,
          "enforceTrailingSlashes" : true,
          "regexFormatEnforced" : true,
          "priority" : true
        },
        "backendPath" : true,
        "threatHandling" : true,
        "operationalMode" : true,
        "enableMaintenancePage" : true,
        "ipRules" : {
          "ipAddressWhitelists" : {
            "logOnly" : true
          },
          "ipAddressBlacklists" : {
            "logOnly" : true
          },
          "dynamicIpAddressBlacklist" : {
            "enabled" : true,
            "countMode" : true
          }
        },
        "botManagement" : {
          "logOnly" : false,
          "clientCookieSupportEnforced" : true,
          "wellKnownBots" : {
            "allowed" : true,
            "sourceDomainEnforced" : true
          },
          "customBots" : {
            "allowed" : true,
            "sourceDomainEnforced" : true,
            "userAgentPattern" : true,
            "domainPattern" : true
          }
        },
        "timeouts" : {
          "backend" : true,
          "sessionIdle" : true
        },
        "limits" : {
          "general" : {
            "maxRequestBodySize" : true,
            "maxPathLength" : true
          },
          "http" : {
            "maxParameters" : true,
            "maxParameterNameLength" : true,
            "maxParameterValueLength" : true
          },
          "json" : {
            "enabled" : true,
            "maxKeyLength" : true,
            "maxValueLength" : true,
            "maxNestingDepth" : true,
            "maxArrayItems" : true,
            "maxKeys" : true,
            "maxTotalEntries" : true
          }
        },
        "csrfProtection" : {
          "enabled" : true,
          "invalidTokenRedirectLocation" : true,
          "pathExceptions" : true
        },
        "application" : {
          "sessionHandling" : true,
          "controlApiAllowed" : true,
          "environmentCookiesEnabled" : true,
          "encryptedCookies" : {
            "enabled" : true,
            "prefix" : true
          },
          "passthroughCookies" : {
            "enabled" : true,
            "prefix" : true
          },
          "loadBalancingCookieEnabled" : true,
          "webSocketsAllowed" : true,
          "redirectForErrorPageEnabled" : true,
          "request" : {
            "charset" : true,
            "path" : {
              "enforceUtf8" : true
            },
            "header" : {
              "enforceUtf8" : true,
              "allowlist" : {
                "defaultEnabled" : true,
                "additional" : true
              },
              "denylist" : {
                "defaultEnabled" : true,
                "additional" : true
              }
            },
            "parameter" : {
              "enforceUtf8" : true
            }
          },
          "response" : {
            "compressionAllowed" : true,
            "stripCommentsEnabled" : true,
            "header" : {
              "allowlist" : {
                "defaultEnabled" : true,
                "additional" : true
              },
              "denylist" : {
                "defaultEnabled" : true,
                "additional" : true
              },
              "location" : {
                "rewrites" : true
              }
            },
            "json" : {
              "rewrites" : true
            },
            "body" : {
              "rewrites" : true
            },
            "html" : {
              "rewrites" : true
            },
            "errorPage" : {
              "rewrites" : true
            }
          }
        },
        "apiSecurity" : {
          "treatPathSegmentsAsParamValues" : true,
          "jsonParser" : {
            "enabled" : true,
            "contentTypePattern" : true
          },
          "openApiEnforced" : true,
          "openApiCheckResponsesEnabled" : true,
          "openApiDocumentId" : true,
          "logOnly" : true,
          "openApiPathMatching" : true,
          "openApiPublishSpecificationEnabled" : true,
          "openApiPublishSpecificationPath" : true,
          "apiPolicyServiceEnabled" : true,
          "apiPolicyServiceId" : true,
          "apiPolicyKeyExtractionHeader" : {
            "enabled" : true,
            "extractionPattern" : true,
            "replaceWith" : true
          },
          "apiPolicyKeyExtractionQueryParameter" : {
            "enabled" : true,
            "parameterName" : true
          },
          "apiPolicyKeyExtractionCookie" : {
            "enabled" : true,
            "cookieName" : true
          }
        },
        "dosAttackPrevention" : {
          "enabled" : true,
          "maxRequestsPerInterval" : true,
          "interval" : true
        },
        "requestBodyStreaming" : {
          "enabled" : true,
          "httpMethodPattern" : true,
          "pathPattern" : true,
          "contentTypePattern" : true
        },
        "httpParameterPollutionDetection" : {
          "mixedTypes" : {
            "enabled" : true,
            "logOnly" : true,
            "parameterNameExceptionPattern" : true
          },
          "sameType" : {
            "enabled" : true
          }
        },
        "icap" : {
          "request" : {
            "clientViews" : true,
            "backendViews" : true
          },
          "response" : {
            "backendViews" : true,
            "clientViews" : true
          }
        }
      }
    }
  }
}'

Example Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 17774

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:09.303Z"
  },
  "data" : {
    "type" : "mapping",
    "id" : "4",
    "attributes" : {
      "name" : "mymapping",
      "labels" : [ "labelA", "labelB" ],
      "tenant" : "AirlockBankingCo",
      "entryPath" : {
        "value" : "/entryPathA/",
        "enforceTrailingSlashes" : true,
        "regexFormatEnforced" : true,
        "ignoreCase" : true,
        "priority" : 0
      },
      "backendPath" : "/backendA/",
      "threatHandling" : "BLOCK",
      "operationalMode" : "PRODUCTION",
      "enableMaintenancePage" : true,
      "access" : {
        "deniedUrl" : {
          "value" : "/auth/login",
          "mode" : "GLOBAL"
        },
        "restrictions" : [ {
          "enabled" : true,
          "httpMethodPattern" : {
            "pattern" : "[GET|POST|DELETE]",
            "caseIgnored" : true,
            "inverted" : true
          },
          "entryPathPattern" : {
            "pattern" : "/admin/",
            "caseIgnored" : true,
            "inverted" : true
          },
          "authorizedRoles" : [ "admin" ],
          "authorizedPlans" : [ "android", "ios", "browser" ]
        } ],
        "clientCertificateAuthentication" : "NOT_REQUIRED",
        "authenticationFlow" : "REDIRECT",
        "backendLogoutUrl" : "/backendA/logout",
        "ntlmPassthroughEnabled" : true,
        "credentialsPropagation" : {
          "mandatory" : true,
          "type" : "BASIC_AUTH"
        },
        "tokensEnabled" : true,
        "tokenTransport" : {
          "presenceMandatoryEnforced" : true,
          "headerExtraction" : {
            "enabled" : true,
            "extractionPattern" : {
              "pattern" : "mypattern",
              "caseIgnored" : true
            },
            "replaceWith" : "$1"
          },
          "parameterExtraction" : {
            "enabled" : true,
            "name" : "paramExtraction"
          },
          "cookieExtraction" : {
            "enabled" : true,
            "name" : "EXTRACTION_COOKIE"
          }
        },
        "tokenVerification" : {
          "signatureCheckEnforced" : true,
          "expiryCheckEnabled" : true,
          "expiryCheckSkew" : 42,
          "extractTechnicalClientIdEnabled" : true,
          "extractTechnicalClientIdName" : "TechnicalClientID",
          "setAuditTokenFromSubjectEnabled" : true,
          "claimRestrictions" : [ {
            "enabled" : true,
            "name" : "myrestriction",
            "restrictionPattern" : {
              "pattern" : "myRestriction",
              "caseIgnored" : true,
              "inverted" : true
            }
          } ],
          "roleExtractions" : [ {
            "enabled" : true,
            "name" : "myextraction",
            "extractionPattern" : {
              "pattern" : "extractionPattern",
              "caseIgnored" : true
            },
            "replaceWith" : "$1",
            "tokenLifetimeAsRoleLifetimeEnforced" : true
          } ]
        }
      },
      "ipRules" : {
        "ipAddressWhitelists" : {
          "logOnly" : true
        },
        "ipAddressBlacklists" : {
          "logOnly" : true,
          "webrootThreatCategories" : ""
        },
        "dynamicIpAddressBlacklist" : {
          "enabled" : true,
          "countMode" : "ALL"
        }
      },
      "botManagement" : {
        "logOnly" : false,
        "clientCookieSupportEnforced" : true,
        "wellKnownBots" : {
          "allowed" : true,
          "sourceDomainEnforced" : true
        },
        "customBots" : {
          "allowed" : true,
          "sourceDomainEnforced" : true,
          "userAgentPattern" : {
            "pattern" : "",
            "caseIgnored" : false,
            "inverted" : false
          },
          "domainPattern" : {
            "pattern" : "",
            "inverted" : false
          }
        }
      },
      "timeouts" : {
        "backend" : 120,
        "sessionIdle" : 0
      },
      "limits" : {
        "general" : {
          "maxRequestBodySize" : 222,
          "maxPathLength" : 111
        },
        "http" : {
          "maxParameters" : 2222,
          "maxParameterNameLength" : 1111,
          "maxParameterValueLength" : 3333
        },
        "json" : {
          "enabled" : true,
          "maxKeyLength" : 48,
          "maxValueLength" : 42,
          "maxNestingDepth" : 2000,
          "maxArrayItems" : 1000,
          "maxKeys" : 4000,
          "maxTotalEntries" : 3000
        }
      },
      "csrfProtection" : {
        "enabled" : true,
        "invalidTokenRedirectLocation" : "%ENTRY_PATH%/index.html",
        "pathExceptions" : [ {
          "pattern" : "^/exception/.*",
          "caseIgnored" : true
        } ]
      },
      "application" : {
        "sessionHandling" : "ENFORCE_SESSION",
        "controlApiAllowed" : true,
        "environmentCookiesEnabled" : true,
        "encryptedCookies" : {
          "enabled" : true,
          "prefix" : "ENCRYPT.*"
        },
        "passthroughCookies" : {
          "enabled" : true,
          "prefix" : "PASSTHROUGH.*"
        },
        "loadBalancingCookieEnabled" : true,
        "webSocketsAllowed" : true,
        "redirectForErrorPageEnabled" : true,
        "request" : {
          "charset" : "UTF_8_FALLBACK_WINDOWS_1252",
          "path" : {
            "enforceUtf8" : true
          },
          "header" : {
            "enforceUtf8" : true,
            "allowlist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$ "
              }
            },
            "denylist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$"
              }
            }
          },
          "parameter" : {
            "enforceUtf8" : true
          }
        },
        "response" : {
          "compressionAllowed" : true,
          "stripCommentsEnabled" : true,
          "header" : {
            "allowlist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$"
              }
            },
            "denylist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$"
              }
            },
            "location" : {
              "rewrites" : [ {
                "enabled" : true,
                "urlPattern" : {
                  "pattern" : "/test/",
                  "caseIgnored" : true
                },
                "replaceWith" : "$1"
              } ]
            }
          },
          "json" : {
            "rewrites" : [ {
              "enabled" : true,
              "path" : "$.address.city",
              "contentPattern" : {
                "pattern" : "Basel",
                "caseIgnored" : true
              },
              "replaceWith" : "Zurich"
            } ]
          },
          "body" : {
            "rewrites" : [ {
              "enabled" : true,
              "contentType" : "application/json",
              "contentPattern" : {
                "pattern" : "test",
                "caseIgnored" : true
              },
              "replaceWith" : "test2"
            } ]
          },
          "html" : {
            "rewrites" : [ {
              "enabled" : true,
              "urlPattern" : {
                "pattern" : "^https?://www.mydomain.com(/[^'\"]*)$",
                "caseIgnored" : true
              },
              "uris" : true,
              "events" : true,
              "embedded" : true,
              "replaceWith" : "$1"
            } ]
          },
          "errorPage" : {
            "rewrites" : [ {
              "enabled" : true,
              "statusContentPattern" : "^5(?!02|03)..$",
              "replaceWith" : "500.html"
            } ]
          }
        }
      },
      "apiSecurity" : {
        "treatPathSegmentsAsParamValues" : true,
        "jsonParser" : {
          "enabled" : true,
          "contentTypePattern" : {
            "pattern" : "application/json",
            "caseIgnored" : true,
            "inverted" : true
          }
        },
        "openApiEnforced" : true,
        "openApiCheckResponsesEnabled" : true,
        "logOnly" : true,
        "openApiPathMatching" : "ClientView",
        "openApiPublishSpecificationEnabled" : true,
        "openApiPublishSpecificationPath" : "path/to/apiSpecification.json",
        "apiPolicyServiceEnabled" : true,
        "apiPolicyKeyExtractionHeader" : {
          "enabled" : true,
          "extractionPattern" : {
            "pattern" : "^Api-Key: (.*)$",
            "caseIgnored" : false,
            "inverted" : false
          },
          "replaceWith" : "$1"
        },
        "apiPolicyKeyExtractionQueryParameter" : {
          "enabled" : true,
          "parameterName" : "api_key"
        },
        "apiPolicyKeyExtractionCookie" : {
          "enabled" : true,
          "cookieName" : "ApiKey"
        }
      },
      "dosAttackPrevention" : {
        "enabled" : true,
        "maxRequestsPerInterval" : 500,
        "interval" : 60
      },
      "requestBodyStreaming" : {
        "enabled" : true,
        "httpMethodPattern" : {
          "pattern" : "^GET$",
          "caseIgnored" : true,
          "inverted" : false
        },
        "pathPattern" : {
          "pattern" : "/path/",
          "caseIgnored" : false,
          "inverted" : false
        },
        "contentTypePattern" : {
          "pattern" : "video/mpeg",
          "caseIgnored" : false,
          "inverted" : false
        }
      },
      "httpParameterPollutionDetection" : {
        "mixedTypes" : {
          "enabled" : false,
          "logOnly" : true,
          "parameterNameExceptionPattern" : {
            "pattern" : "",
            "caseIgnored" : true,
            "inverted" : true
          }
        },
        "sameType" : {
          "enabled" : false
        }
      },
      "expertSettings" : {
        "securityGate" : {
          "enabled" : true,
          "settings" : "AuthenticatedSessionsWarningPercentage            \"90\""
        },
        "apache" : {
          "enabled" : true,
          "settings" : "MaxConnectionsPerChild  15000"
        }
      },
      "locking" : {
        "enabled" : true,
        "labels" : true,
        "access" : {
          "deniedUrl" : {
            "value" : true,
            "mode" : true
          },
          "restrictions" : true,
          "clientCertificateAuthentication" : true,
          "authenticationFlow" : true,
          "backendLogoutUrl" : true,
          "ntlmPassthroughEnabled" : true,
          "credentialsPropagation" : {
            "mandatory" : true,
            "type" : true
          },
          "tokensEnabled" : true,
          "tokenVerification" : {
            "localJwksProviders" : true,
            "remoteJwksProviders" : true,
            "expiryCheckEnabled" : true,
            "expiryCheckSkew" : true,
            "claimRestrictions" : true,
            "roleExtractions" : true,
            "extractTechnicalClientIdEnabled" : true,
            "extractTechnicalClientIdName" : true,
            "setAuditTokenFromSubjectEnabled" : true
          },
          "tokenTransport" : {
            "presenceMandatoryEnforced" : true,
            "headerExtraction" : {
              "enabled" : true,
              "extractionPattern" : true,
              "replaceWith" : true
            },
            "parameterExtraction" : {
              "enabled" : true,
              "name" : true
            },
            "cookieExtraction" : {
              "enabled" : true,
              "name" : true
            }
          }
        },
        "entryPath" : {
          "settings" : true,
          "enforceTrailingSlashes" : true,
          "regexFormatEnforced" : true,
          "priority" : true
        },
        "backendPath" : true,
        "threatHandling" : true,
        "operationalMode" : true,
        "enableMaintenancePage" : true,
        "ipRules" : {
          "ipAddressWhitelists" : {
            "logOnly" : true
          },
          "ipAddressBlacklists" : {
            "logOnly" : true
          },
          "dynamicIpAddressBlacklist" : {
            "enabled" : true,
            "countMode" : true
          }
        },
        "botManagement" : {
          "logOnly" : false,
          "clientCookieSupportEnforced" : true,
          "wellKnownBots" : {
            "allowed" : true,
            "sourceDomainEnforced" : true
          },
          "customBots" : {
            "allowed" : true,
            "sourceDomainEnforced" : true,
            "userAgentPattern" : true,
            "domainPattern" : true
          }
        },
        "timeouts" : {
          "backend" : true,
          "sessionIdle" : true
        },
        "limits" : {
          "general" : {
            "maxRequestBodySize" : true,
            "maxPathLength" : true
          },
          "http" : {
            "maxParameters" : true,
            "maxParameterNameLength" : true,
            "maxParameterValueLength" : true
          },
          "json" : {
            "enabled" : true,
            "maxKeyLength" : true,
            "maxValueLength" : true,
            "maxNestingDepth" : true,
            "maxArrayItems" : true,
            "maxKeys" : true,
            "maxTotalEntries" : true
          }
        },
        "csrfProtection" : {
          "enabled" : true,
          "invalidTokenRedirectLocation" : true,
          "pathExceptions" : true
        },
        "application" : {
          "sessionHandling" : true,
          "controlApiAllowed" : true,
          "environmentCookiesEnabled" : true,
          "encryptedCookies" : {
            "enabled" : true,
            "prefix" : true
          },
          "passthroughCookies" : {
            "enabled" : true,
            "prefix" : true
          },
          "loadBalancingCookieEnabled" : true,
          "webSocketsAllowed" : true,
          "redirectForErrorPageEnabled" : true,
          "request" : {
            "charset" : true,
            "path" : {
              "enforceUtf8" : true
            },
            "header" : {
              "enforceUtf8" : true,
              "allowlist" : {
                "defaultEnabled" : true,
                "additional" : true
              },
              "denylist" : {
                "defaultEnabled" : true,
                "additional" : true
              }
            },
            "parameter" : {
              "enforceUtf8" : true
            }
          },
          "response" : {
            "compressionAllowed" : true,
            "stripCommentsEnabled" : true,
            "header" : {
              "allowlist" : {
                "defaultEnabled" : true,
                "additional" : true
              },
              "denylist" : {
                "defaultEnabled" : true,
                "additional" : true
              },
              "location" : {
                "rewrites" : true
              }
            },
            "json" : {
              "rewrites" : true
            },
            "body" : {
              "rewrites" : true
            },
            "html" : {
              "rewrites" : true
            },
            "errorPage" : {
              "rewrites" : true
            }
          }
        },
        "apiSecurity" : {
          "treatPathSegmentsAsParamValues" : true,
          "jsonParser" : {
            "enabled" : true,
            "contentTypePattern" : true
          },
          "openApiEnforced" : true,
          "openApiCheckResponsesEnabled" : true,
          "openApiDocumentId" : true,
          "logOnly" : true,
          "openApiPathMatching" : true,
          "openApiPublishSpecificationEnabled" : true,
          "openApiPublishSpecificationPath" : true,
          "apiPolicyServiceEnabled" : true,
          "apiPolicyServiceId" : true,
          "apiPolicyKeyExtractionHeader" : {
            "enabled" : true,
            "extractionPattern" : true,
            "replaceWith" : true
          },
          "apiPolicyKeyExtractionQueryParameter" : {
            "enabled" : true,
            "parameterName" : true
          },
          "apiPolicyKeyExtractionCookie" : {
            "enabled" : true,
            "cookieName" : true
          }
        },
        "dosAttackPrevention" : {
          "enabled" : true,
          "maxRequestsPerInterval" : true,
          "interval" : true
        },
        "requestBodyStreaming" : {
          "enabled" : true,
          "httpMethodPattern" : true,
          "pathPattern" : true,
          "contentTypePattern" : true
        },
        "httpParameterPollutionDetection" : {
          "mixedTypes" : {
            "enabled" : true,
            "logOnly" : true,
            "parameterNameExceptionPattern" : true
          },
          "sameType" : {
            "enabled" : true
          }
        },
        "icap" : {
          "request" : {
            "clientViews" : true,
            "backendViews" : true
          },
          "response" : {
            "backendViews" : true,
            "clientViews" : true
          }
        }
      }
    },
    "relationships" : {
      "template" : {
        "data" : {
          "type" : "mapping-template",
          "id" : "jwaxsKQ9IURXc/B+GE4KAZcjj2KmIofyWmX2OHF21Gw="
        }
      }
    }
  }
}

Create a Mapping from a Template

POST /configuration/mappings/create-from-template

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "create-mapping-from-template" for this call.

data.attributes.id

String

yes

Id of the system mapping template.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "mapping" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.access.authenticationFlow

String

Allowed values:
- REDIRECT: If the required role for the mapping is missing on the current session, Airlock Gateway will send a redirect (HTTP 303) to either the global or the custom denied access URL.
This mode is typically used in conjunction with user operated clients.
- DENY_ACCESS: Airlock Gateway will directly send an access denied (HTTP 403) response to the client if the required role is missing.
This is typically used for technical clients.
- ONE_SHOT: When this option is selected and Airlock Gateway receives an incoming request for this mapping that needs to be authenticated, Airlock Gateway implicitly (without redirect) forwards the request to the configured denied access URL for this mapping. The request headers are forwarded but no request body. After the forwarded request, Airlock Gateway checks again if the session is now authenticated.
If so, the original request is passed to the back-end server (successful one-shot authentication).
If the session does not have the required credentials even after the one-shot request, Airlock Gateway will send an access denied (HTTP 403) response to the client.
- ONE_SHOT_WITH_BODY: This is the same as with the "one-shot" option with two notable differences: The whole body of the request is also sent to the denied access URL for this mapping and the request method is always POST instead of GET.
- FRONT_SIDE_NTLM: Choose the front-side NTLM authentication flow to support authentication using NTLM. The front-side NTLM authentication flow is similar to the "one-shot" authentication flow, but also forwards all requests containing an "Authorization" header with value "NTLM .*" to the denied access URL.
For successful authentication, NTLM must be supported by the authentication service.

data.attributes.access.backendLogoutUrl

String

Whenever an Airlock Gateway session terminates (either due to an explicit logout by the user or due to a session timeout), Airlock Gateway will call the given, unmodified path on the currently used back-end host with all information concerning this back-end application such as cookies, headers, etc. to allow clean session termination on the backend host.

data.attributes.access.clientCertificateAuthentication

String

Specifies whether accessing this mapping requires the client to authenticate with a valid SSL client certificate.

Allowed values:
- NOT_REQUIRED: The mapping uses the client certificate settings of the virtual host.
- OPTIONAL: The client may send a certificate if available, but access is still allowed without. The optional setting is normally used in combination with an authentication service that presents an alternative login page if no certificate is sent.
- REQUIRED: The client must send a valid certificate. If no client certificate is sent, the SSL handshake is cancelled and the browser typically presents the user with a technical error message.

data.attributes.access.credentialsPropagation.mandatory

Boolean

If true and the selected SSO credentials are missing, access to the mapping is denied and Airlock Gateway will redirect to either the global or the custom denied access URL.

data.attributes.access.credentialsPropagation.type

String

Defines if SSO credentials set by the control API will be forwarded to the back-end application or not. These credentials are typically set by the authentication service upon successful authentication.

Allowed values:
- NONE: Even if Basic-Auth or NTLM credentials set by the control API are present, Airlock Gateway will not forward them to the back-end application. Access to the mapping is granted without any SSO credentials.
- BASIC_AUTH: If Basic-Auth credentials set by the control API are present, Airlock Gateway will forward them to the back-end application.
- KERBEROS: If a Kerberos user is set by the control API, Airlock Gateway will acquire and send a service ticket to the back-end application.
- NTLM: If NTLM credentials set by the control API are present, Airlock Gateway will forward them to the back-end application.

data.attributes.access.deniedUrl.mode

String

Allowed values:
- GLOBAL: Use the global denied access url as configured under the menu Application Firewall - Session - Access Control.
- CUSTOM: Use the mapping specific denied access url.

data.attributes.access.deniedUrl.value

String

Location (URL) of the authentication service. In case the required role for the mapping is missing on the current session, Airlock Gateway will redirect the client to this location.

data.attributes.access.ntlmPassthroughEnabled

Boolean

Airlock Gateway is enabled to handle HTTP connections with transparent client to back-end NTLM authentication. Since the authorization of NTLM authenticated connections is bound to the underlying TCP connection, the client and back-end connections are correlated as soon as a NTLM handshake is detected. These one-to-one bindings of client and back-end connections exist until client connections are closed. It is guaranteed that no back-end connection authenticated using NTLM is ever reused by another client connection.

NTLM has well-known security flaws. We strongly recommend adding additional security measures when exposing NTLM authentication to the Internet. If possible, Kerberos should be preferred over NTLM, as suggested by Microsoft.

data.attributes.access.restrictions[].authorizedPlans[]

Array

List of mandatory plans. Only sessions which have at least one of these plans will be able to access the service.

data.attributes.access.restrictions[].authorizedRoles[]

Array

List of mandatory roles. Only sessions which have at least one of these roles will be able to access the service.

data.attributes.access.restrictions[].enabled

Boolean

Whether access restriction is enabled.

data.attributes.access.restrictions[].entryPathPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.access.restrictions[].entryPathPattern.inverted

Boolean

Whether to invert the match.

data.attributes.access.restrictions[].entryPathPattern.pattern

String

The actual pattern.

data.attributes.access.restrictions[].httpMethodPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.access.restrictions[].httpMethodPattern.inverted

Boolean

Whether to invert the match.

data.attributes.access.restrictions[].httpMethodPattern.pattern

String

The actual pattern.

data.attributes.access.tokenTransport.cookieExtraction.enabled

Boolean

If enabled, Airlock Gateway will extract the token from the specified cookie.

data.attributes.access.tokenTransport.cookieExtraction.name

String

Name of the cookie.

data.attributes.access.tokenTransport.headerExtraction.enabled

Boolean

If enabled, Airlock Gateway will extract the token from the specified header.

data.attributes.access.tokenTransport.headerExtraction.extractionPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.access.tokenTransport.headerExtraction.extractionPattern.pattern

String

The actual pattern.

data.attributes.access.tokenTransport.headerExtraction.replaceWith

String

The rewrite expression for the header extraction.

data.attributes.access.tokenTransport.parameterExtraction.enabled

Boolean

If enabled, Airlock Gateway will extract the token from the specified query parameter.

data.attributes.access.tokenTransport.parameterExtraction.name

String

Name of the query parameter.

data.attributes.access.tokenTransport.presenceMandatoryEnforced

Boolean

If not enforced, requests without a token are accepted. However, if a token is present, it is extracted and validated and the configured restrictions and role extractions are applied.

data.attributes.access.tokenVerification.claimRestrictions[].enabled

Boolean

Whether this claim extraction rule is enabled.

data.attributes.access.tokenVerification.claimRestrictions[].name

String

Name of the claim you want to restrict.

data.attributes.access.tokenVerification.claimRestrictions[].restrictionPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.access.tokenVerification.claimRestrictions[].restrictionPattern.inverted

Boolean

Whether to invert the match.

data.attributes.access.tokenVerification.claimRestrictions[].restrictionPattern.pattern

String

The actual pattern.

data.attributes.access.tokenVerification.expiryCheckEnabled

Boolean

If enabled, the JWT standard claims expiry (exp) and not before (nbf) will be checked and must be valid.

data.attributes.access.tokenVerification.expiryCheckSkew

Number

Allowed skew when checking expiry / not before in seconds. This can be used if verification fails because of time synchronization issues with the token issuer and your Airlock.

data.attributes.access.tokenVerification.extractTechnicalClientIdEnabled

Boolean

If enabled, a technical client ID is extracted from the JWT.

data.attributes.access.tokenVerification.extractTechnicalClientIdName

String

Name of the claim to extract as technical client ID.

data.attributes.access.tokenVerification.roleExtractions[].enabled

Boolean

Whether this claim extraction rule is enabled.

data.attributes.access.tokenVerification.roleExtractions[].extractionPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.access.tokenVerification.roleExtractions[].extractionPattern.pattern

String

The actual pattern.

data.attributes.access.tokenVerification.roleExtractions[].name

String

Name of the claim you want to extract a role from.

data.attributes.access.tokenVerification.roleExtractions[].replaceWith

String

The rewrite expression of the role.

data.attributes.access.tokenVerification.roleExtractions[].tokenLifetimeAsRoleLifetimeEnforced

Boolean

If enforced, the expiry claim (exp) of the JWT will be used as the role lifetime.

data.attributes.access.tokenVerification.setAuditTokenFromSubjectEnabled

Boolean

If enabled, the 'sub' claim is extracted from the JWT and its value is used as audit token of the current Airlock session.

data.attributes.access.tokenVerification.signatureCheckEnforced

Boolean

If enforced, the JWT’s signature must be present and valid.

data.attributes.access.tokensEnabled

Boolean

Whether access tokens should be processed.

data.attributes.apiSecurity.apiPolicyKeyExtractionCookie.cookieName

String

Name of the cookie.

data.attributes.apiSecurity.apiPolicyKeyExtractionCookie.enabled

Boolean

If enabled, Airlock Gateway will extract the API key from the specified cookie.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.enabled

Boolean

If enabled, Airlock Gateway will extract the API key from the specified header.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern.inverted

Boolean

Whether to invert the match.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern.pattern

String

The actual pattern.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.replaceWith

String

Rewrite expression for the header extraction.

data.attributes.apiSecurity.apiPolicyKeyExtractionQueryParameter.enabled

Boolean

If enabled, Airlock Gateway will extract the API key from the specified query parameter.

data.attributes.apiSecurity.apiPolicyKeyExtractionQueryParameter.parameterName

String

Name of the query parameter.

data.attributes.apiSecurity.apiPolicyServiceEnabled

Boolean

Whether to enable the API policy service.

data.attributes.apiSecurity.jsonParser.contentTypePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.apiSecurity.jsonParser.contentTypePattern.inverted

Boolean

Whether to invert the match.

data.attributes.apiSecurity.jsonParser.contentTypePattern.pattern

String

The actual pattern.

data.attributes.apiSecurity.jsonParser.enabled

Boolean

If set to true, Airlock Gateway parses JSON objects in requests and filters JSON attributes with allow rules and deny rules. JSON objects are parsed only if their content-type matches the specified pattern.

data.attributes.apiSecurity.logOnly

Boolean

If enabled, potential attack requests are only logged but not blocked.

data.attributes.apiSecurity.openApiCheckResponsesEnabled

Boolean

If enabled, responses are also checked against the API specification.

data.attributes.apiSecurity.openApiEnforced

Boolean

Whether traffic to/from this service shall be checked against an API specification provided in the OpenAPI format.If enforced, traffic not conforming to the API specification will be blocked.

data.attributes.apiSecurity.openApiPathMatching

String

Run OpenAPI path matching against client or server view of request/response.

Allowed values:
- ClientView
- BackendView

data.attributes.apiSecurity.openApiPublishSpecificationEnabled

Boolean

If enabled, allow clients to download the API specification.

data.attributes.apiSecurity.openApiPublishSpecificationPath

String

External path to the API specification. Note that the entry path will be added in front of it.

data.attributes.apiSecurity.treatPathSegmentsAsParamValues

Boolean

If enabled, each path segment is interpreted as a separate parameter value and the deny rules for parameter values are applied to it.

data.attributes.application.controlApiAllowed

Boolean

Whether this service is allowed to use Airlock Gateway’s back-end API via the control cookie mechanism. Normally, only the authentication application should be allowed to use the back-end control API of Airlock Gateway.

data.attributes.application.encryptedCookies.enabled

Boolean

Enables encryption of cookies which are sent to the client.

data.attributes.application.encryptedCookies.prefix

String

Regular expression for cookies that should be cryptographically encrypted before being sent to the client.
All cookies that have names which match the regular expression are encrypted and digitally signed with a secret key derived from a pass phrase when sent to the client. They are decrypted and verified when sent to the back-end service.
Because the pass-phrase-based key is used, such cookies are valid over several sessions and can also be persistent on the client’s machine. Such cookies protect the application from manipulated cookie contents and hide the content from the user.

data.attributes.application.environmentCookiesEnabled

Boolean

Whether this service should receive the Airlock Gateway environment cookies that contain useful information about the connection to the client.

data.attributes.application.loadBalancingCookieEnabled

Boolean

If enabled, load balancing information is sent to the client in a load balancing cookie. Disable if no load balancing is needed and no cookie should be generated for this purpose.

data.attributes.application.passthroughCookies.enabled

Boolean

Whether 'Passthrough Cookies' are enabled. Passthrough Cookies are cookies which are sent in plain format to the client.

data.attributes.application.passthroughCookies.prefix

String

Regular expression to select cookies that should be treated as 'Passthrough Cookies'.
Passthrough cookies are not recommended because they are often a carrier for cookie poisoning based web application attacks that can result in buffer overflows etc.

data.attributes.application.redirectForErrorPageEnabled

Boolean

If enabled, Airlock Gateway will deliver error pages by sending a HTTP redirect pointing to the error page to its clients. Otherwise the error page will be directly returned.

data.attributes.application.request.charset

String

Parameter values that are sent in HTTP requests from the client are interpreted by Airlock Gateway as if they were encoded using the given charset. If Airlock Gateway detects that the charset does not match, it tries to use the fallback charset.

Allowed values:
- UTF_8_FALLBACK_WINDOWS_1252
- UTF_8
- ISO_8859_15
- WINDOWS_1251
- WINDOWS_1252

data.attributes.application.request.header.allowlist.additional

Object

Additional headers to allow.

data.attributes.application.request.header.allowlist.additional.pattern

String

The actual pattern.

data.attributes.application.request.header.allowlist.defaultEnabled

Boolean

If enabled, default header allow list will be applied.

data.attributes.application.request.header.denylist.additional

Object

Additional headers to deny.

data.attributes.application.request.header.denylist.additional.pattern

String

The actual pattern.

data.attributes.application.request.header.denylist.defaultEnabled

Boolean

If enabled, default header deny list will be applied.

data.attributes.application.request.header.enforceUtf8

Boolean

If enabled, requests which contain invalid UTF-8 sequences in the headers will be blocked.

data.attributes.application.request.parameter.enforceUtf8

Boolean

If enabled, requests which contain invalid UTF-8 sequences in the parameters will be blocked.

data.attributes.application.request.path.enforceUtf8

Boolean

If enabled, requests which contain invalid UTF-8 sequences in the path will be blocked.

data.attributes.application.response.body.rewrites[].contentPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.application.response.body.rewrites[].contentPattern.pattern

String

The actual pattern.

data.attributes.application.response.body.rewrites[].contentType

String

A response from the back-end server is rewritten only if the response headerContent-Type matches this regular expression.

data.attributes.application.response.body.rewrites[].enabled

Boolean

Whether rewrites are enabled.

data.attributes.application.response.body.rewrites[].replaceWith

String

Target string which will replace the string matched by Content Pattern.

data.attributes.application.response.compressionAllowed

Boolean

Specifies whether Airlock Gateway should compress the output on-the-fly for the client browser (if supported and requested by the browser).
Warning: Allowing compression for data served through SSL/TLS virtual hosts may affect the secrecy of the data.

data.attributes.application.response.errorPage.rewrites[].enabled

Boolean

Whether rewrites are enabled.

data.attributes.application.response.errorPage.rewrites[].replaceWith

String

Target string which will replace the string matched by HTTP status content pattern.

data.attributes.application.response.errorPage.rewrites[].statusContentPattern

String

The HTTP status code pattern.

data.attributes.application.response.header.allowlist.additional

Object

Additional headers to allow.

data.attributes.application.response.header.allowlist.additional.pattern

String

The actual pattern.

data.attributes.application.response.header.allowlist.defaultEnabled

Boolean

If enabled, default header allow list will be applied.

data.attributes.application.response.header.denylist.additional

Object

Additional headers to deny.

data.attributes.application.response.header.denylist.additional.pattern

String

The actual pattern.

data.attributes.application.response.header.denylist.defaultEnabled

Boolean

If enabled, default header deny list will be applied.

data.attributes.application.response.header.location.rewrites[].enabled

Boolean

Whether rewrites are enabled.

data.attributes.application.response.header.location.rewrites[].replaceWith

String

Target string which will replace the string matched by URL pattern.

data.attributes.application.response.header.location.rewrites[].urlPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.application.response.header.location.rewrites[].urlPattern.pattern

String

The actual pattern.

data.attributes.application.response.html.rewrites[].embedded

Boolean

Whether to apply the rule to <script> and <style> blocks embedded in the HTML page

data.attributes.application.response.html.rewrites[].enabled

Boolean

Whether rewrites are enabled.

data.attributes.application.response.html.rewrites[].events

Boolean

Whether to apply the rule to JavaScript event strings such as onsubmit, onload, etc.

data.attributes.application.response.html.rewrites[].replaceWith

String

Target string which will replace the string matched by URL Pattern.

data.attributes.application.response.html.rewrites[].uris

Boolean

Whether to apply the rule to linked HTML elements like href, src, etc.

data.attributes.application.response.html.rewrites[].urlPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.application.response.html.rewrites[].urlPattern.pattern

String

The actual pattern.

data.attributes.application.response.json.rewrites[].contentPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.application.response.json.rewrites[].contentPattern.pattern

String

The actual pattern.

data.attributes.application.response.json.rewrites[].enabled

Boolean

Whether rewrites are enabled.

data.attributes.application.response.json.rewrites[].path

String

A response from the back-end server is rewritten only if the JSON path matches this regular expression.

data.attributes.application.response.json.rewrites[].replaceWith

String

Target string which will replace the string matched by Content Pattern.

data.attributes.application.response.stripCommentsEnabled

Boolean

If enabled, Airlock Gateway removes HTML comments.

data.attributes.application.sessionHandling

String

Allowed values:
- ENFORCE_SESSION: Sessions are enforced. If no session is available, a new session is created.
- OPTIONAL_SESSION: Sessions are optional. Existing sessions are used. If no session is available, no session is used.
- OPTIONAL_SESSION_NO_REFRESH: Same as "OPTIONAL_SESSION" but without refreshing session access timestamps. That is, requests use existing sessions if available but do not reset session idle times.
- IGNORE_SESSION: Session handling is disabled. No sessions are created and existing sessions are ignored. This mode improves performance for delivery of anonymous stateless content, such as image directories or static web repositories.

data.attributes.application.webSocketsAllowed

Boolean

Whether support for the WebSockets protocol as defined in RFC 6455 is enabled.

data.attributes.backendPath

String

The back-end path specifies the internal back-end path, i.e. the path of the request sent to the application server.

data.attributes.botManagement.clientCookieSupportEnforced

Boolean

If enabled, only clients implementing a Cookie-Store will be able to access the application through this mapping. In contrast to regular browsers, most bots do not implement a Cookie-Store and will therefore be blocked if this setting is enabled.

data.attributes.botManagement.customBots.allowed

Boolean

If enabled, custom bots are not blocked.
Custom bots are identified by providing a "User-Agent" and "Domain" pattern.

data.attributes.botManagement.customBots.domainPattern.inverted

Boolean

Whether to invert the match.

data.attributes.botManagement.customBots.domainPattern.pattern

String

The actual pattern.

data.attributes.botManagement.customBots.sourceDomainEnforced

Boolean

Do not block bots whose source-domain matches the "domain pattern".

data.attributes.botManagement.customBots.userAgentPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.botManagement.customBots.userAgentPattern.inverted

Boolean

Whether to invert the match.

data.attributes.botManagement.customBots.userAgentPattern.pattern

String

The actual pattern.

data.attributes.botManagement.logOnly

Boolean

If true, requests from bots are only logged but not blocked.

data.attributes.botManagement.wellKnownBots.allowed

Boolean

Check the User-Agent to determine if a bot is well-known and do not block such bots.
Clients indicating one of the following User-Agent headers are treated as well-known bots: Googlebot, bingbot, MSNBot, Baiduspider, YandexBot, archive.org_bot, DuckDuckBot.

data.attributes.botManagement.wellKnownBots.sourceDomainEnforced

Boolean

If enabled, a reverse IP lookup for well-known bots is performed to verify that the client’s IP address belongs to the operator of a well-known bot.
This prevents bots from pretending to be a well-known bot by sending a fake "User-Agent" header.
The following domains are considered as domains of operators operating well-known bots: google.com, googlebot.com,search.msn.com, yahoo.net, baidu.com, baidu.jp, yandex.ru, yandex.net, yandex.com, archive.org, amazonaws.com (107.20.237.51, 23.21.226.191, 107.21.1.8, 54.208.102.37)

data.attributes.csrfProtection.enabled

Boolean

Whether CSRF protection is enabled.

data.attributes.csrfProtection.invalidTokenRedirectLocation

String

If a missing or invalid CSRF token is detected, the client is redirected to the configured location.

data.attributes.csrfProtection.pathExceptions[].caseIgnored

Boolean

Whether to ignore case.

data.attributes.csrfProtection.pathExceptions[].pattern

String

The actual pattern.

data.attributes.dosAttackPrevention.enabled

Boolean

Whether the DoS attack prevention filter is enabled.

data.attributes.dosAttackPrevention.interval

Number

Interval for measurement of allowed requests per IP address (seconds).

data.attributes.dosAttackPrevention.maxRequestsPerInterval

Number

Maximum requests allowed per IP address.

data.attributes.enableMaintenancePage

Boolean

Whether the maintenance page is enabled.

data.attributes.entryPath.enforceTrailingSlashes

Boolean

Whether a trailing slash is mandatory at the end of the entry path or not.

data.attributes.entryPath.ignoreCase

Boolean

Whether the entry path should be case sensitive.

data.attributes.entryPath.priority

Number

The priority guarantees a deterministic selection of the mapping for a given request path.
The value can be between -999 (highest priority) and 999 (lowest priority). It must be unique among all regular expression mappings.

data.attributes.entryPath.regexFormatEnforced

Boolean

Whether the entry path (the external URL path of the mapping) should be interpreted as regular expression or not.

data.attributes.entryPath.value

String

The entry path specifies the external URL path the mapping should be available under. For each incoming request, Airlock Gateway compares the URL with the entry path to find the right mapping.

data.attributes.expertSettings.apache

Object

Expert settings for the Apache.

data.attributes.expertSettings.apache.enabled

Boolean

Whether the Apache expert settings are enabled.

data.attributes.expertSettings.apache.settings

String

Expert settings for the Apache web listener.

data.attributes.expertSettings.securityGate

Object

Expert settings for the Security Gate.

data.attributes.expertSettings.securityGate.enabled

Boolean

Whether the Security Gate expert settings are enabled.

data.attributes.expertSettings.securityGate.settings

String

Expert settings for the Security Gate.

data.attributes.httpParameterPollutionDetection.mixedTypes

Object

Allows the detection of HTTP Parameter Pollution (HPP) attacks involving both HTTP GET and HTTP POST parameters (thus involving parameters of different/mixed types).

data.attributes.httpParameterPollutionDetection.mixedTypes.enabled

Boolean

If enabled, requests containing HTTP GET and HTTP POST parameters of the same name are blocked to prevent HPP attacks.

data.attributes.httpParameterPollutionDetection.mixedTypes.logOnly

Boolean

If true, potential HPP attack requests are only logged but not blocked.

data.attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern

Object

Parameters named with a name matching this regular expression pattern will be ignored by the HPP detection.

data.attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern.inverted

Boolean

Whether to invert the match.

data.attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern.pattern

String

The actual pattern.

data.attributes.httpParameterPollutionDetection.sameType

Object

Allows the detection of HTTP Parameter Pollution (HPP) attacks involving only HTTP GET or only HTTP POST parameters (thus involving only parameters of the same type).

data.attributes.httpParameterPollutionDetection.sameType.enabled

Boolean

If enabled, parameters named with the same name and type (HTTP GET or POST) are joined together into one parameter before filtering to prevent HPP attacks.
Note: For the filtering itself, a deny rule like the default deny rule '(default) HTTP Parameter Pollution' has to be configured.

data.attributes.ipRules.dynamicIpAddressBlacklist.countMode

String

Counting mode of dynamic IP address blacklist blocks.

Allowed values:
- OFF: Blocks on this mapping are not counted for the dynamic IP address blacklist.
- ALL: All blocks on this mapping are counted for the dynamic IP address blacklist.
- DENY_RULES_ONLY: Only deny rule blocks on this mapping are counted for the dynamic IP address blacklist.

data.attributes.ipRules.dynamicIpAddressBlacklist.enabled

Boolean

If enabled, IPs on the dynamic IP address blacklist are blocked.

data.attributes.ipRules.ipAddressBlacklists.logOnly

Boolean

If true, requests whose source IP address is contained in one of the configured IP Blacklists are only logged but not blocked.

data.attributes.ipRules.ipAddressBlacklists.webrootThreatCategories

String

List of threat categories which should be blocked (;-separated string).

Categories:
SPAM_SOURCES: The Spam Sources category includes IP addresses involved in tunneling spam messages through proxy, anomalous SMTP activities, and forum spam activities.
WINDOWS_EXPLOITS: The Windows Exploits category includes IP addresses participating in the distribution of malware, shell code, rootkits, worms or viruses for Windows platforms.
WEB_ATTACKS: The Web Attacks category includes IP addresses using cross site scripting, iFrame injection, SQL injection, cross domain injection, or domain password brute force attacks to target vulnerabilities on a web server.
BOT_NETS: The Botnets category includes IP addresses acting as Botnet Command and Control (C&C) centers, and infected zombie machines controlled by the C&C servers.
SCANNERS: The Scanners category includes IP addresses involved in unauthorized reconnaissance activities such as probing, host scanning, port scanning and brute force login attempts.
DENIAL_OF_SERVICE: The Denial of Services category includes IPs addresses involved in DOS or DDOS attacks, anomalous sync flood, or anomalous traffic.
PHISHING: The Phishing category includes IP addresses hosting phishing sites and sites related to other kinds of fraudulent activities.
PROXY: The Proxy category includes IP addresses providing proxy services, including both VPN and open web proxy services.
MOBILE_THREATS: The Mobile Threats category includes IP addresses associated with malicious and unwanted mobile applications.
TOR_PROXY: The Tor Proxy category includes IP addresses acting as exit nodes for the Tor Network. Exit nodes are the last point along the proxy chain and make a direct connection to the originator’s intended destination.

data.attributes.ipRules.ipAddressWhitelists.logOnly

Boolean

If true, requests whose source IP address is not contained in one of the configured IP Whitelists are only logged but not blocked.

data.attributes.labels[]

Array

List of assigned Labels (freely defined textual tags). Labels allow grouping of mappings with a common aspect, e.g. all mappings belonging to the same application.

data.attributes.limits.general.maxPathLength

Number

Defines the maximum path length for requests to the current mapping.

data.attributes.limits.general.maxRequestBodySize

Number

Defines the maximum size of the request body. It specifies the number of bytes from 0 (meaning unlimited) to 2147483647 (2GB) that are allowed in a request body. To restrict the size of file uploads, set this limit to the maximum combined size of all files uploaded at once.

data.attributes.limits.http.maxParameterNameLength

Number

Defines the maximum length for a parameter name.

data.attributes.limits.http.maxParameterValueLength

Number

Defines the maximum length for a parameter value.

data.attributes.limits.http.maxParameters

Number

Defines the maximum number of parameters inside the request.

data.attributes.limits.json.enabled

Boolean

Whether JSON limits are enabled.

data.attributes.limits.json.maxArrayItems

Number

Defines the maximum number of items for a single JSON array (non-recursive).

data.attributes.limits.json.maxKeyLength

Number

Defines the maximum length for a JSON key, also known as "JSON property" or "JSON object member".

data.attributes.limits.json.maxKeys

Number

Defines the maximum number of keys of a single JSON object (non-recursive).

data.attributes.limits.json.maxNestingDepth

Number

Defines the maximum depth of nesting for JSON objects and JSON arrays.

data.attributes.limits.json.maxTotalEntries

Number

Defines the maximum number of keys and array items in the whole JSON document (recursive).

data.attributes.limits.json.maxValueLength

Number

Defines the maximum json value length for requests to the current mapping.

data.attributes.locking.access.authenticationFlow

Boolean

Lock for the corresponding member.

data.attributes.locking.access.backendLogoutUrl

Boolean

Lock for the corresponding member.

data.attributes.locking.access.clientCertificateAuthentication

Boolean

Lock for the corresponding member.

data.attributes.locking.access.credentialsPropagation.mandatory

Boolean

Lock for the corresponding member.

data.attributes.locking.access.credentialsPropagation.type

Boolean

Lock for the corresponding member.

data.attributes.locking.access.deniedUrl.mode

Boolean

Lock for the corresponding member.

data.attributes.locking.access.deniedUrl.value

Boolean

Lock for the corresponding member.

data.attributes.locking.access.ntlmPassthroughEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.restrictions

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.cookieExtraction.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.cookieExtraction.name

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.headerExtraction.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.headerExtraction.extractionPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.headerExtraction.replaceWith

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.parameterExtraction.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.parameterExtraction.name

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.presenceMandatoryEnforced

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.claimRestrictions

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.expiryCheckEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.expiryCheckSkew

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.extractTechnicalClientIdEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.extractTechnicalClientIdName

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.localJwksProviders

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.remoteJwksProviders

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.roleExtractions

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.setAuditTokenFromSubjectEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokensEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionCookie.cookieName

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionCookie.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionHeader.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionHeader.replaceWith

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionQueryParameter.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionQueryParameter.parameterName

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyServiceEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyServiceId

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.jsonParser.contentTypePattern

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.jsonParser.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.logOnly

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiCheckResponsesEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiDocumentId

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiEnforced

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiPathMatching

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiPublishSpecificationEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiPublishSpecificationPath

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.treatPathSegmentsAsParamValues

Boolean

Lock for the corresponding member.

data.attributes.locking.application.controlApiAllowed

Boolean

Lock for the corresponding member.

data.attributes.locking.application.encryptedCookies.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.encryptedCookies.prefix

Boolean

Lock for the corresponding member.

data.attributes.locking.application.environmentCookiesEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.loadBalancingCookieEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.passthroughCookies.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.passthroughCookies.prefix

Boolean

Lock for the corresponding member.

data.attributes.locking.application.redirectForErrorPageEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.charset

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.header.allowlist.additional

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.header.allowlist.defaultEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.header.denylist.additional

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.header.denylist.defaultEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.header.enforceUtf8

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.parameter.enforceUtf8

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.path.enforceUtf8

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.body.rewrites

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.compressionAllowed

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.errorPage.rewrites

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.header.allowlist.additional

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.header.allowlist.defaultEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.header.denylist.additional

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.header.denylist.defaultEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.header.location.rewrites

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.html.rewrites

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.json.rewrites

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.stripCommentsEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.sessionHandling

Boolean

Lock for the corresponding member.

data.attributes.locking.application.webSocketsAllowed

Boolean

Lock for the corresponding member.

data.attributes.locking.backendPath

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.clientCookieSupportEnforced

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.customBots.allowed

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.customBots.domainPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.customBots.sourceDomainEnforced

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.customBots.userAgentPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.logOnly

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.wellKnownBots.allowed

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.wellKnownBots.sourceDomainEnforced

Boolean

Lock for the corresponding member.

data.attributes.locking.csrfProtection.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.csrfProtection.invalidTokenRedirectLocation

Boolean

Lock for the corresponding member.

data.attributes.locking.csrfProtection.pathExceptions

Boolean

Lock for the corresponding member.

data.attributes.locking.dosAttackPrevention.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.dosAttackPrevention.interval

Boolean

Lock for the corresponding member.

data.attributes.locking.dosAttackPrevention.maxRequestsPerInterval

Boolean

Lock for the corresponding member.

data.attributes.locking.enableMaintenancePage

Boolean

Lock for the corresponding member.

data.attributes.locking.enabled

Boolean

If true, the state of the attribute locks is displayed in Airlock Gateway’s Configuration Center for this mapping.

data.attributes.locking.entryPath.enforceTrailingSlashes

Boolean

Lock for the corresponding member.

data.attributes.locking.entryPath.priority

Boolean

Lock for the corresponding member.

data.attributes.locking.entryPath.regexFormatEnforced

Boolean

Lock for the corresponding member.

data.attributes.locking.entryPath.settings

Boolean

Lock for the corresponding member. Note that this lock affects both the EntryPath’s 'value' and 'ignoreCase'.

data.attributes.locking.httpParameterPollutionDetection.mixedTypes.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.httpParameterPollutionDetection.mixedTypes.logOnly

Boolean

Lock for the corresponding member.

data.attributes.locking.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.httpParameterPollutionDetection.sameType.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.icap.request.backendViews

Boolean

Lock for the corresponding member.

data.attributes.locking.icap.request.clientViews

Boolean

Lock for the corresponding member.

data.attributes.locking.icap.response.backendViews

Boolean

Lock for the corresponding member.

data.attributes.locking.icap.response.clientViews

Boolean

Lock for the corresponding member.

data.attributes.locking.ipRules.dynamicIpAddressBlacklist.countMode

Boolean

Lock for the corresponding member.

data.attributes.locking.ipRules.dynamicIpAddressBlacklist.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.ipRules.ipAddressBlacklists.logOnly

Boolean

Lock for the corresponding member.

data.attributes.locking.ipRules.ipAddressWhitelists.logOnly

Boolean

Lock for the corresponding member.

data.attributes.locking.labels

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.general.maxPathLength

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.general.maxRequestBodySize

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.http.maxParameterNameLength

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.http.maxParameterValueLength

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.http.maxParameters

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.maxArrayItems

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.maxKeyLength

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.maxKeys

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.maxNestingDepth

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.maxTotalEntries

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.maxValueLength

Boolean

Lock for the corresponding member.

data.attributes.locking.operationalMode

Boolean

Lock for the corresponding member.

data.attributes.locking.requestBodyStreaming.contentTypePattern

Boolean

Lock for the corresponding member.

data.attributes.locking.requestBodyStreaming.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.requestBodyStreaming.httpMethodPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.requestBodyStreaming.pathPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.threatHandling

Boolean

Lock for the corresponding member.

data.attributes.locking.timeouts.backend

Boolean

Lock for the corresponding member.

data.attributes.locking.timeouts.sessionIdle

Boolean

Lock for the corresponding member.

data.attributes.name

String

The unique name of the mapping.

data.attributes.operationalMode

String

The mode in which the mapping runs.

Allowed values:
- PRODUCTION: Standard mode of operation.
- INTEGRATION: More information is logged about all requests and responses (may decrease performance).

data.attributes.requestBodyStreaming.contentTypePattern

Object

Only requests whose content type header matches this regular expression pattern will be streamed.

data.attributes.requestBodyStreaming.contentTypePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.requestBodyStreaming.contentTypePattern.inverted

Boolean

Whether to invert the match.

data.attributes.requestBodyStreaming.contentTypePattern.pattern

String

The actual pattern.

data.attributes.requestBodyStreaming.enabled

Boolean

Whether request body streaming is enabled. If enabled, only requests matching all three regular expression patterns will be streamed.
Empty fields have the same effect as the pattern ^.*$

data.attributes.requestBodyStreaming.httpMethodPattern

Object

Only requests whose HTTP method matches this regular expression pattern will be streamed.

data.attributes.requestBodyStreaming.httpMethodPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.requestBodyStreaming.httpMethodPattern.inverted

Boolean

Whether to invert the match.

data.attributes.requestBodyStreaming.httpMethodPattern.pattern

String

The actual pattern.

data.attributes.requestBodyStreaming.pathPattern

Object

Only requests whose path matches this regular expression pattern will be streamed.

data.attributes.requestBodyStreaming.pathPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.requestBodyStreaming.pathPattern.inverted

Boolean

Whether to invert the match.

data.attributes.requestBodyStreaming.pathPattern.pattern

String

The actual pattern.

data.attributes.tenant

String

Tenant of the mapping.

data.attributes.threatHandling

String

Defines how policy violations, e.g., missing allow rules, matching deny rules, URL encryption and form protection violations, are handled.

Allowed values:
- BLOCK: Requests violating policies are blocked. The session (if available) remains valid.
- TERMINATE_SESSION: Requests violating policies are blocked. The session (if available) is terminated.
- NOTIFY: Requests violating policies are not blocked. The violation is logged and notified.

data.attributes.timeouts.backend

Number

Defines the time (seconds) Airlock Gateway will wait for the back-end response.
In case the request runs into the timeout, Airlock Gateway will send a redirect to the HTTP 503 Service unavailable error page with the corresponding HTTP 503 status code. If In-band Health Checks are configured, then such a request will be counted as a failed request, potentially leading to the back-end server being marked as bad.

data.attributes.timeouts.sessionIdle

Number

Defines the minimum session idle time (seconds) of Airlock Gateway for this mapping.
The value will be ignored if minimum session idle timeout is smaller or equal to the global session idle timeout setting.

data.relationships.virtual-hosts.data[]

Array

The virtual-host references.

data.relationships.virtual-hosts.data[].type

String

The data type of the referenced resource. Must be "virtual-host" for this call.

data.relationships.virtual-hosts.data[].id

String

The ID of the virtual-host resource.

data.relationships.back-end-groups.data[]

Array

The back-end-group references.

data.relationships.back-end-groups.data[].type

String

The data type of the referenced resource. Must be "back-end-group" for this call.

data.relationships.back-end-groups.data[].id

String

The ID of the back-end-group resource.

data.relationships.local-json-web-key-sets.data[]

Array

The local-json-web-key-set references.

data.relationships.local-json-web-key-sets.data[].type

String

The data type of the referenced resource. Must be "local-json-web-key-set" for this call.

data.relationships.local-json-web-key-sets.data[].id

String

The ID of the local-json-web-key-set resource.

data.relationships.remote-json-web-key-sets.data[]

Array

The remote-json-web-key-set references.

data.relationships.remote-json-web-key-sets.data[].type

String

The data type of the referenced resource. Must be "remote-json-web-key-set" for this call.

data.relationships.remote-json-web-key-sets.data[].id

String

The ID of the remote-json-web-key-set resource.

data.relationships.openapi-document.data

Object

The openapi-document references.

data.relationships.openapi-document.data.type

String

The data type of the referenced resource. Must be "openapi-document" for this call.

data.relationships.openapi-document.data.id

String

The ID of the openapi-document resource.

data.relationships.api-policy-service.data

Object

The api-policy-service references.

data.relationships.api-policy-service.data.type

String

The data type of the referenced resource. Must be "api-policy-service" for this call.

data.relationships.api-policy-service.data.id

String

The ID of the api-policy-service resource.

data.relationships.ip-address-whitelists.data[]

Array

The ip-address-list references.

data.relationships.ip-address-whitelists.data[].type

String

The data type of the referenced resource. Must be "ip-address-list" for this call.

data.relationships.ip-address-whitelists.data[].id

String

The ID of the ip-address-list resource.

data.relationships.ip-address-blacklists.data[]

Array

The ip-address-list references.

data.relationships.ip-address-blacklists.data[].type

String

The data type of the referenced resource. Must be "ip-address-list" for this call.

data.relationships.ip-address-blacklists.data[].id

String

The ID of the ip-address-list resource.

data.relationships.ip-address-blacklist-exceptions.data[]

Array

The ip-address-list references.

data.relationships.ip-address-blacklist-exceptions.data[].type

String

The data type of the referenced resource. Must be "ip-address-list" for this call.

data.relationships.ip-address-blacklist-exceptions.data[].id

String

The ID of the ip-address-list resource.

data.relationships.request-frequency-filter-ip-address-whitelist.data[]

Array

The ip-address-list references.

data.relationships.request-frequency-filter-ip-address-whitelist.data[].type

String

The data type of the referenced resource. Must be "ip-address-list" for this call.

data.relationships.request-frequency-filter-ip-address-whitelist.data[].id

String

The ID of the ip-address-list resource.

data.relationships.bot-management-source-ip-address-whitelist.data

Object

The ip-address-list references.

data.relationships.bot-management-source-ip-address-whitelist.data.type

String

The data type of the referenced resource. Must be "ip-address-list" for this call.

data.relationships.bot-management-source-ip-address-whitelist.data.id

String

The ID of the ip-address-list resource.

data.relationships.icap-request-client-views.data[]

Array

The icap-environment references.

data.relationships.icap-request-client-views.data[].type

String

The data type of the referenced resource. Must be "icap-environment" for this call.

data.relationships.icap-request-client-views.data[].id

String

The ID of the icap-environment resource.

data.relationships.icap-request-client-views.data[].meta.type

String

The JSON API meta type, which is: "jsonapi.meta"

data.relationships.icap-request-client-views.data[].meta.usage.enabled

Boolean

Whether this ICAP handler is enabled.

data.relationships.icap-request-client-views.data[].meta.usage.httpMethodPattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-request-client-views.data[].meta.usage.httpMethodPattern.inverted

String

Whether to invert the match.

data.relationships.icap-request-client-views.data[].meta.usage.httpMethodPattern.pattern

String

The actual pattern.

data.relationships.icap-request-client-views.data[].meta.usage.pathPattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-request-client-views.data[].meta.usage.pathPattern.inverted

String

Whether to invert the match.

data.relationships.icap-request-client-views.data[].meta.usage.pathPattern.pattern

String

The actual pattern.

data.relationships.icap-request-client-views.data[].meta.usage.requestHeaderNamePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-request-client-views.data[].meta.usage.requestHeaderNamePattern.inverted

String

Whether to invert the match.

data.relationships.icap-request-client-views.data[].meta.usage.requestHeaderNamePattern.pattern

String

The actual pattern.

data.relationships.icap-request-client-views.data[].meta.usage.requestHeaderValuePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-request-client-views.data[].meta.usage.requestHeaderValuePattern.inverted

String

Whether to invert the match.

data.relationships.icap-request-client-views.data[].meta.usage.requestHeaderValuePattern.pattern

String

The actual pattern.

data.relationships.icap-request-backend-views.data[]

Array

The icap-environment references.

data.relationships.icap-request-backend-views.data[].type

String

The data type of the referenced resource. Must be "icap-environment" for this call.

data.relationships.icap-request-backend-views.data[].id

String

The ID of the icap-environment resource.

data.relationships.icap-request-backend-views.data[].meta.type

String

The JSON API meta type, which is: "jsonapi.meta"

data.relationships.icap-request-backend-views.data[].meta.usage.enabled

Boolean

Whether this ICAP handler is enabled.

data.relationships.icap-request-backend-views.data[].meta.usage.httpMethodPattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-request-backend-views.data[].meta.usage.httpMethodPattern.inverted

String

Whether to invert the match.

data.relationships.icap-request-backend-views.data[].meta.usage.httpMethodPattern.pattern

String

The actual pattern.

data.relationships.icap-request-backend-views.data[].meta.usage.pathPattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-request-backend-views.data[].meta.usage.pathPattern.inverted

String

Whether to invert the match.

data.relationships.icap-request-backend-views.data[].meta.usage.pathPattern.pattern

String

The actual pattern.

data.relationships.icap-request-backend-views.data[].meta.usage.requestHeaderNamePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-request-backend-views.data[].meta.usage.requestHeaderNamePattern.inverted

String

Whether to invert the match.

data.relationships.icap-request-backend-views.data[].meta.usage.requestHeaderNamePattern.pattern

String

The actual pattern.

data.relationships.icap-request-backend-views.data[].meta.usage.requestHeaderValuePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-request-backend-views.data[].meta.usage.requestHeaderValuePattern.inverted

String

Whether to invert the match.

data.relationships.icap-request-backend-views.data[].meta.usage.requestHeaderValuePattern.pattern

String

The actual pattern.

data.relationships.icap-response-backend-views.data[]

Array

The icap-environment references.

data.relationships.icap-response-backend-views.data[].type

String

The data type of the referenced resource. Must be "icap-environment" for this call.

data.relationships.icap-response-backend-views.data[].id

String

The ID of the icap-environment resource.

data.relationships.icap-response-backend-views.data[].meta.type

String

The JSON API meta type, which is: "jsonapi.meta"

data.relationships.icap-response-backend-views.data[].meta.usage.enabled

Boolean

Whether this ICAP handler is enabled.

data.relationships.icap-response-backend-views.data[].meta.usage.httpMethodPattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-backend-views.data[].meta.usage.httpMethodPattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-backend-views.data[].meta.usage.httpMethodPattern.pattern

String

The actual pattern.

data.relationships.icap-response-backend-views.data[].meta.usage.pathPattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-backend-views.data[].meta.usage.pathPattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-backend-views.data[].meta.usage.pathPattern.pattern

String

The actual pattern.

data.relationships.icap-response-backend-views.data[].meta.usage.requestHeaderNamePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-backend-views.data[].meta.usage.requestHeaderNamePattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-backend-views.data[].meta.usage.requestHeaderNamePattern.pattern

String

The actual pattern.

data.relationships.icap-response-backend-views.data[].meta.usage.requestHeaderValuePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-backend-views.data[].meta.usage.requestHeaderValuePattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-backend-views.data[].meta.usage.requestHeaderValuePattern.pattern

String

The actual pattern.

data.relationships.icap-response-backend-views.data[].meta.usage.responseHeaderNamePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-backend-views.data[].meta.usage.responseHeaderNamePattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-backend-views.data[].meta.usage.responseHeaderNamePattern.pattern

String

The actual pattern.

data.relationships.icap-response-backend-views.data[].meta.usage.responseHeaderValuePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-backend-views.data[].meta.usage.responseHeaderValuePattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-backend-views.data[].meta.usage.responseHeaderValuePattern.pattern

String

The actual pattern.

data.relationships.icap-response-client-views.data[]

Array

The icap-environment references.

data.relationships.icap-response-client-views.data[].type

String

The data type of the referenced resource. Must be "icap-environment" for this call.

data.relationships.icap-response-client-views.data[].id

String

The ID of the icap-environment resource.

data.relationships.icap-response-client-views.data[].meta.type

String

The JSON API meta type, which is: "jsonapi.meta"

data.relationships.icap-response-client-views.data[].meta.usage.enabled

Boolean

Whether this ICAP handler is enabled.

data.relationships.icap-response-client-views.data[].meta.usage.httpMethodPattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-client-views.data[].meta.usage.httpMethodPattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-client-views.data[].meta.usage.httpMethodPattern.pattern

String

The actual pattern.

data.relationships.icap-response-client-views.data[].meta.usage.pathPattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-client-views.data[].meta.usage.pathPattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-client-views.data[].meta.usage.pathPattern.pattern

String

The actual pattern.

data.relationships.icap-response-client-views.data[].meta.usage.requestHeaderNamePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-client-views.data[].meta.usage.requestHeaderNamePattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-client-views.data[].meta.usage.requestHeaderNamePattern.pattern

String

The actual pattern.

data.relationships.icap-response-client-views.data[].meta.usage.requestHeaderValuePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-client-views.data[].meta.usage.requestHeaderValuePattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-client-views.data[].meta.usage.requestHeaderValuePattern.pattern

String

The actual pattern.

data.relationships.icap-response-client-views.data[].meta.usage.responseHeaderNamePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-client-views.data[].meta.usage.responseHeaderNamePattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-client-views.data[].meta.usage.responseHeaderNamePattern.pattern

String

The actual pattern.

data.relationships.icap-response-client-views.data[].meta.usage.responseHeaderValuePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-client-views.data[].meta.usage.responseHeaderValuePattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-client-views.data[].meta.usage.responseHeaderValuePattern.pattern

String

The actual pattern.

data.relationships.anomaly-shield-application.data

Object

The anomaly-shield-application references.

data.relationships.anomaly-shield-application.data.type

String

The data type of the referenced resource. Must be "anomaly-shield-application" for this call.

data.relationships.anomaly-shield-application.data.id

String

The ID of the anomaly-shield-application resource.

data.relationships.template.data

Object

The mapping-template references.

data.relationships.template.data.type

String

The data type of the referenced resource. Must be "mapping-template" for this call.

data.relationships.template.data.id

String

The ID of the mapping-template resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/create-from-template" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "create-mapping-from-template",
    "attributes" : {
      "id" : "FKBzf/MyoN5wczkklO7xN8+QMXtKo1y/C+qt2Lvh1ZM="
    }
  }
}'

Example Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 23059

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:08.643Z"
  },
  "data" : {
    "type" : "mapping",
    "id" : "4",
    "attributes" : {
      "name" : "Some_Mapping",
      "labels" : [ ],
      "tenant" : "NO_TENANT",
      "entryPath" : {
        "value" : "/",
        "enforceTrailingSlashes" : true,
        "regexFormatEnforced" : false,
        "ignoreCase" : false,
        "priority" : 0
      },
      "backendPath" : "/",
      "threatHandling" : "BLOCK",
      "operationalMode" : "PRODUCTION",
      "enableMaintenancePage" : false,
      "access" : {
        "deniedUrl" : {
          "value" : "/",
          "mode" : "GLOBAL"
        },
        "restrictions" : [ {
          "enabled" : true,
          "httpMethodPattern" : {
            "pattern" : "^GET$\n^POST$\n^HEAD$",
            "caseIgnored" : false,
            "inverted" : false
          },
          "entryPathPattern" : {
            "pattern" : "/admin/",
            "caseIgnored" : false,
            "inverted" : false
          },
          "authorizedRoles" : [ "admin" ],
          "authorizedPlans" : [ ]
        } ],
        "clientCertificateAuthentication" : "NOT_REQUIRED",
        "authenticationFlow" : "REDIRECT",
        "backendLogoutUrl" : "",
        "ntlmPassthroughEnabled" : false,
        "credentialsPropagation" : {
          "mandatory" : false,
          "type" : "NONE"
        },
        "tokensEnabled" : false,
        "tokenTransport" : {
          "presenceMandatoryEnforced" : false,
          "headerExtraction" : {
            "enabled" : false,
            "extractionPattern" : {
              "pattern" : "^Authorization: Bearer (.*)$",
              "caseIgnored" : true
            },
            "replaceWith" : "$1"
          },
          "parameterExtraction" : {
            "enabled" : false,
            "name" : ""
          },
          "cookieExtraction" : {
            "enabled" : false,
            "name" : ""
          }
        },
        "tokenVerification" : {
          "signatureCheckEnforced" : true,
          "expiryCheckEnabled" : false,
          "expiryCheckSkew" : 10,
          "extractTechnicalClientIdEnabled" : false,
          "extractTechnicalClientIdName" : "",
          "setAuditTokenFromSubjectEnabled" : false,
          "claimRestrictions" : [ {
            "enabled" : true,
            "name" : "starts-with-valid",
            "restrictionPattern" : {
              "pattern" : "^valid",
              "caseIgnored" : false,
              "inverted" : false
            }
          } ],
          "roleExtractions" : [ {
            "enabled" : true,
            "name" : "static-jwt-role",
            "extractionPattern" : {
              "pattern" : ".*",
              "caseIgnored" : false
            },
            "replaceWith" : "static-jwt-role",
            "tokenLifetimeAsRoleLifetimeEnforced" : false
          } ]
        }
      },
      "ipRules" : {
        "ipAddressWhitelists" : {
          "logOnly" : false
        },
        "ipAddressBlacklists" : {
          "logOnly" : false,
          "webrootThreatCategories" : ""
        },
        "dynamicIpAddressBlacklist" : {
          "enabled" : false,
          "countMode" : "OFF"
        }
      },
      "botManagement" : {
        "logOnly" : false,
        "clientCookieSupportEnforced" : false,
        "wellKnownBots" : {
          "allowed" : false,
          "sourceDomainEnforced" : false
        },
        "customBots" : {
          "allowed" : false,
          "sourceDomainEnforced" : false,
          "userAgentPattern" : {
            "pattern" : "",
            "caseIgnored" : false,
            "inverted" : false
          },
          "domainPattern" : {
            "pattern" : "",
            "inverted" : false
          }
        }
      },
      "timeouts" : {
        "backend" : 120,
        "sessionIdle" : 0
      },
      "limits" : {
        "general" : {
          "maxRequestBodySize" : 104857600,
          "maxPathLength" : 1024
        },
        "http" : {
          "maxParameters" : 128,
          "maxParameterNameLength" : 128,
          "maxParameterValueLength" : 1024
        },
        "json" : {
          "enabled" : true,
          "maxKeyLength" : 256,
          "maxValueLength" : 8192,
          "maxNestingDepth" : 100,
          "maxArrayItems" : 500,
          "maxKeys" : 250,
          "maxTotalEntries" : 150000
        }
      },
      "csrfProtection" : {
        "enabled" : true,
        "invalidTokenRedirectLocation" : "/%ENTRYPATH%",
        "pathExceptions" : [ {
          "pattern" : "/test/",
          "caseIgnored" : false
        } ]
      },
      "application" : {
        "sessionHandling" : "ENFORCE_SESSION",
        "controlApiAllowed" : false,
        "environmentCookiesEnabled" : false,
        "encryptedCookies" : {
          "enabled" : false,
          "prefix" : ""
        },
        "passthroughCookies" : {
          "enabled" : false,
          "prefix" : ""
        },
        "loadBalancingCookieEnabled" : false,
        "webSocketsAllowed" : false,
        "redirectForErrorPageEnabled" : true,
        "request" : {
          "charset" : "UTF_8_FALLBACK_WINDOWS_1252",
          "path" : {
            "enforceUtf8" : false
          },
          "header" : {
            "enforceUtf8" : false,
            "allowlist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : ""
              }
            },
            "denylist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : ""
              }
            }
          },
          "parameter" : {
            "enforceUtf8" : false
          }
        },
        "response" : {
          "compressionAllowed" : false,
          "stripCommentsEnabled" : true,
          "header" : {
            "allowlist" : {
              "defaultEnabled" : false,
              "additional" : {
                "pattern" : ""
              }
            },
            "denylist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : ""
              }
            },
            "location" : {
              "rewrites" : [ {
                "enabled" : true,
                "urlPattern" : {
                  "pattern" : "^(?:https?://%BACKENDHOST%)?(/.*)?$",
                  "caseIgnored" : true
                },
                "replaceWith" : "$1"
              } ]
            }
          },
          "json" : {
            "rewrites" : [ {
              "enabled" : true,
              "path" : "$.address.city",
              "contentPattern" : {
                "pattern" : "Basel",
                "caseIgnored" : true
              },
              "replaceWith" : "Zurich"
            } ]
          },
          "body" : {
            "rewrites" : [ {
              "enabled" : true,
              "contentType" : "^text/css$",
              "contentPattern" : {
                "pattern" : "url[\\h\\v]*\\([\\h\\v]*(['\"]?)(?:https?://[^/'\")]*)?(?<URL>[^)'\"]*)(['\"]?)[\\h\\v]*\\)",
                "caseIgnored" : true
              },
              "replaceWith" : "url($1$2$3)"
            } ]
          },
          "html" : {
            "rewrites" : [ {
              "enabled" : true,
              "urlPattern" : {
                "pattern" : "/test/",
                "caseIgnored" : true
              },
              "uris" : true,
              "events" : false,
              "embedded" : false,
              "replaceWith" : "$1"
            } ]
          },
          "errorPage" : {
            "rewrites" : [ {
              "enabled" : true,
              "statusContentPattern" : "^401$",
              "replaceWith" : "401.html"
            }, {
              "enabled" : true,
              "statusContentPattern" : "^403$",
              "replaceWith" : "403.html"
            }, {
              "enabled" : true,
              "statusContentPattern" : "^404$",
              "replaceWith" : "404.html"
            }, {
              "enabled" : true,
              "statusContentPattern" : "^4(?!01|03|04)..$",
              "replaceWith" : "400.html"
            }, {
              "enabled" : true,
              "statusContentPattern" : "^502$",
              "replaceWith" : "502.html"
            }, {
              "enabled" : true,
              "statusContentPattern" : "^503$",
              "replaceWith" : "503.html"
            }, {
              "enabled" : true,
              "statusContentPattern" : "^5(?!02|03)..$",
              "replaceWith" : "500.html"
            } ]
          }
        }
      },
      "apiSecurity" : {
        "treatPathSegmentsAsParamValues" : false,
        "jsonParser" : {
          "enabled" : true,
          "contentTypePattern" : {
            "pattern" : "json",
            "caseIgnored" : true,
            "inverted" : false
          }
        },
        "openApiEnforced" : false,
        "openApiCheckResponsesEnabled" : false,
        "logOnly" : false,
        "openApiPathMatching" : "ClientView",
        "openApiPublishSpecificationEnabled" : false,
        "openApiPublishSpecificationPath" : "",
        "apiPolicyServiceEnabled" : false,
        "apiPolicyKeyExtractionHeader" : {
          "enabled" : true,
          "extractionPattern" : {
            "pattern" : "^Api-Key: (.*)$",
            "caseIgnored" : false,
            "inverted" : false
          },
          "replaceWith" : "$1"
        },
        "apiPolicyKeyExtractionQueryParameter" : {
          "enabled" : false,
          "parameterName" : "api_key"
        },
        "apiPolicyKeyExtractionCookie" : {
          "enabled" : false,
          "cookieName" : "ApiKey"
        }
      },
      "dosAttackPrevention" : {
        "enabled" : false,
        "maxRequestsPerInterval" : 500,
        "interval" : 60
      },
      "requestBodyStreaming" : {
        "enabled" : false,
        "httpMethodPattern" : {
          "pattern" : "",
          "caseIgnored" : false,
          "inverted" : false
        },
        "pathPattern" : {
          "pattern" : "",
          "caseIgnored" : false,
          "inverted" : false
        },
        "contentTypePattern" : {
          "pattern" : "",
          "caseIgnored" : false,
          "inverted" : false
        }
      },
      "httpParameterPollutionDetection" : {
        "mixedTypes" : {
          "enabled" : true,
          "logOnly" : false,
          "parameterNameExceptionPattern" : {
            "pattern" : "",
            "caseIgnored" : false,
            "inverted" : false
          }
        },
        "sameType" : {
          "enabled" : true
        }
      },
      "expertSettings" : {
        "securityGate" : {
          "enabled" : false,
          "settings" : ""
        },
        "apache" : {
          "enabled" : false,
          "settings" : ""
        }
      },
      "locking" : {
        "enabled" : false,
        "labels" : false,
        "access" : {
          "deniedUrl" : {
            "value" : false,
            "mode" : false
          },
          "restrictions" : false,
          "clientCertificateAuthentication" : false,
          "authenticationFlow" : false,
          "backendLogoutUrl" : false,
          "ntlmPassthroughEnabled" : false,
          "credentialsPropagation" : {
            "mandatory" : false,
            "type" : false
          },
          "tokensEnabled" : false,
          "tokenVerification" : {
            "localJwksProviders" : false,
            "remoteJwksProviders" : false,
            "expiryCheckEnabled" : false,
            "expiryCheckSkew" : false,
            "claimRestrictions" : false,
            "roleExtractions" : false,
            "extractTechnicalClientIdEnabled" : false,
            "extractTechnicalClientIdName" : false,
            "setAuditTokenFromSubjectEnabled" : false
          },
          "tokenTransport" : {
            "presenceMandatoryEnforced" : false,
            "headerExtraction" : {
              "enabled" : false,
              "extractionPattern" : false,
              "replaceWith" : false
            },
            "parameterExtraction" : {
              "enabled" : false,
              "name" : false
            },
            "cookieExtraction" : {
              "enabled" : false,
              "name" : false
            }
          }
        },
        "entryPath" : {
          "settings" : false,
          "enforceTrailingSlashes" : false,
          "regexFormatEnforced" : false,
          "priority" : false
        },
        "backendPath" : false,
        "threatHandling" : false,
        "operationalMode" : false,
        "enableMaintenancePage" : false,
        "ipRules" : {
          "ipAddressWhitelists" : {
            "logOnly" : false
          },
          "ipAddressBlacklists" : {
            "logOnly" : false
          },
          "dynamicIpAddressBlacklist" : {
            "enabled" : false,
            "countMode" : false
          }
        },
        "botManagement" : {
          "logOnly" : false,
          "clientCookieSupportEnforced" : false,
          "wellKnownBots" : {
            "allowed" : false,
            "sourceDomainEnforced" : false
          },
          "customBots" : {
            "allowed" : false,
            "sourceDomainEnforced" : false,
            "userAgentPattern" : false,
            "domainPattern" : false
          }
        },
        "timeouts" : {
          "backend" : false,
          "sessionIdle" : false
        },
        "limits" : {
          "general" : {
            "maxRequestBodySize" : false,
            "maxPathLength" : false
          },
          "http" : {
            "maxParameters" : false,
            "maxParameterNameLength" : false,
            "maxParameterValueLength" : false
          },
          "json" : {
            "enabled" : false,
            "maxKeyLength" : false,
            "maxValueLength" : false,
            "maxNestingDepth" : false,
            "maxArrayItems" : false,
            "maxKeys" : false,
            "maxTotalEntries" : false
          }
        },
        "csrfProtection" : {
          "enabled" : false,
          "invalidTokenRedirectLocation" : false,
          "pathExceptions" : false
        },
        "application" : {
          "sessionHandling" : false,
          "controlApiAllowed" : false,
          "environmentCookiesEnabled" : false,
          "encryptedCookies" : {
            "enabled" : false,
            "prefix" : false
          },
          "passthroughCookies" : {
            "enabled" : false,
            "prefix" : false
          },
          "loadBalancingCookieEnabled" : false,
          "webSocketsAllowed" : false,
          "redirectForErrorPageEnabled" : false,
          "request" : {
            "charset" : false,
            "path" : {
              "enforceUtf8" : false
            },
            "header" : {
              "enforceUtf8" : false,
              "allowlist" : {
                "defaultEnabled" : false,
                "additional" : false
              },
              "denylist" : {
                "defaultEnabled" : false,
                "additional" : false
              }
            },
            "parameter" : {
              "enforceUtf8" : false
            }
          },
          "response" : {
            "compressionAllowed" : false,
            "stripCommentsEnabled" : false,
            "header" : {
              "allowlist" : {
                "defaultEnabled" : false,
                "additional" : false
              },
              "denylist" : {
                "defaultEnabled" : false,
                "additional" : false
              },
              "location" : {
                "rewrites" : false
              }
            },
            "json" : {
              "rewrites" : false
            },
            "body" : {
              "rewrites" : false
            },
            "html" : {
              "rewrites" : false
            },
            "errorPage" : {
              "rewrites" : false
            }
          }
        },
        "apiSecurity" : {
          "treatPathSegmentsAsParamValues" : false,
          "jsonParser" : {
            "enabled" : false,
            "contentTypePattern" : false
          },
          "openApiEnforced" : false,
          "openApiCheckResponsesEnabled" : false,
          "openApiDocumentId" : false,
          "logOnly" : false,
          "openApiPathMatching" : false,
          "openApiPublishSpecificationEnabled" : false,
          "openApiPublishSpecificationPath" : false,
          "apiPolicyServiceEnabled" : false,
          "apiPolicyServiceId" : false,
          "apiPolicyKeyExtractionHeader" : {
            "enabled" : false,
            "extractionPattern" : false,
            "replaceWith" : false
          },
          "apiPolicyKeyExtractionQueryParameter" : {
            "enabled" : false,
            "parameterName" : false
          },
          "apiPolicyKeyExtractionCookie" : {
            "enabled" : false,
            "cookieName" : false
          }
        },
        "dosAttackPrevention" : {
          "enabled" : false,
          "maxRequestsPerInterval" : false,
          "interval" : false
        },
        "requestBodyStreaming" : {
          "enabled" : false,
          "httpMethodPattern" : false,
          "pathPattern" : false,
          "contentTypePattern" : false
        },
        "httpParameterPollutionDetection" : {
          "mixedTypes" : {
            "enabled" : false,
            "logOnly" : false,
            "parameterNameExceptionPattern" : false
          },
          "sameType" : {
            "enabled" : false
          }
        },
        "icap" : {
          "request" : {
            "clientViews" : false,
            "backendViews" : false
          },
          "response" : {
            "backendViews" : false,
            "clientViews" : false
          }
        }
      }
    },
    "relationships" : {
      "back-end-groups" : {
        "data" : [ {
          "type" : "back-end-group",
          "id" : "30"
        } ]
      },
      "virtual-hosts" : {
        "data" : [ {
          "type" : "virtual-host",
          "id" : "40"
        } ]
      },
      "icap-request-client-views" : {
        "data" : [ {
          "type" : "icap-environment",
          "id" : "42",
          "meta" : {
            "type" : "jsonapi.meta",
            "usage" : {
              "httpMethodPattern" : {
                "caseIgnored" : "false",
                "pattern" : "",
                "inverted" : "false"
              },
              "pathPattern" : {
                "caseIgnored" : "false",
                "pattern" : ".*",
                "inverted" : "false"
              },
              "requestHeaderNamePattern" : {
                "caseIgnored" : "false",
                "pattern" : "",
                "inverted" : "false"
              },
              "requestHeaderValuePattern" : {
                "caseIgnored" : "false",
                "pattern" : "",
                "inverted" : "false"
              },
              "enabled" : true
            }
          }
        } ]
      },
      "icap-request-backend-views" : {
        "data" : [ {
          "type" : "icap-environment",
          "id" : "43",
          "meta" : {
            "type" : "jsonapi.meta",
            "usage" : {
              "httpMethodPattern" : {
                "caseIgnored" : "false",
                "pattern" : "",
                "inverted" : "false"
              },
              "pathPattern" : {
                "caseIgnored" : "false",
                "pattern" : "/url2",
                "inverted" : "false"
              },
              "requestHeaderNamePattern" : {
                "caseIgnored" : "false",
                "pattern" : "",
                "inverted" : "false"
              },
              "requestHeaderValuePattern" : {
                "caseIgnored" : "false",
                "pattern" : "",
                "inverted" : "false"
              },
              "enabled" : true
            }
          }
        } ]
      },
      "icap-response-backend-views" : {
        "data" : [ {
          "type" : "icap-environment",
          "id" : "45",
          "meta" : {
            "type" : "jsonapi.meta",
            "usage" : {
              "httpMethodPattern" : {
                "caseIgnored" : "false",
                "pattern" : "",
                "inverted" : "false"
              },
              "pathPattern" : {
                "caseIgnored" : "false",
                "pattern" : ".*",
                "inverted" : "false"
              },
              "requestHeaderNamePattern" : {
                "caseIgnored" : "false",
                "pattern" : "",
                "inverted" : "false"
              },
              "requestHeaderValuePattern" : {
                "caseIgnored" : "false",
                "pattern" : "",
                "inverted" : "false"
              },
              "responseHeaderNamePattern" : {
                "caseIgnored" : "false",
                "pattern" : "",
                "inverted" : "false"
              },
              "responseHeaderValuePattern" : {
                "caseIgnored" : "false",
                "pattern" : "",
                "inverted" : "false"
              },
              "enabled" : true
            }
          }
        } ]
      },
      "icap-response-client-views" : {
        "data" : [ {
          "type" : "icap-environment",
          "id" : "44",
          "meta" : {
            "type" : "jsonapi.meta",
            "usage" : {
              "httpMethodPattern" : {
                "caseIgnored" : "false",
                "pattern" : "",
                "inverted" : "false"
              },
              "pathPattern" : {
                "caseIgnored" : "false",
                "pattern" : ".*",
                "inverted" : "false"
              },
              "requestHeaderNamePattern" : {
                "caseIgnored" : "false",
                "pattern" : "",
                "inverted" : "false"
              },
              "requestHeaderValuePattern" : {
                "caseIgnored" : "false",
                "pattern" : "",
                "inverted" : "false"
              },
              "responseHeaderNamePattern" : {
                "caseIgnored" : "false",
                "pattern" : "",
                "inverted" : "false"
              },
              "responseHeaderValuePattern" : {
                "caseIgnored" : "false",
                "pattern" : "",
                "inverted" : "false"
              },
              "enabled" : true
            }
          }
        } ]
      },
      "template" : {
        "data" : {
          "type" : "mapping-template",
          "id" : "vNaEppw52p2v1l/Vk7HqiR895gTv2mPS/9/50w+oQJo="
        }
      }
    }
  }
}

Update a Mapping

PATCH /configuration/mappings/{id}

Content-Type application/json

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "mapping" for this call.

data.id

String

yes

The ID of the resource to be addressed.

data.attributes.access.authenticationFlow

String

no

Allowed values:
- REDIRECT: If the required role for the mapping is missing on the current session, Airlock Gateway will send a redirect (HTTP 303) to either the global or the custom denied access URL.
This mode is typically used in conjunction with user operated clients.
- DENY_ACCESS: Airlock Gateway will directly send an access denied (HTTP 403) response to the client if the required role is missing.
This is typically used for technical clients.
- ONE_SHOT: When this option is selected and Airlock Gateway receives an incoming request for this mapping that needs to be authenticated, Airlock Gateway implicitly (without redirect) forwards the request to the configured denied access URL for this mapping. The request headers are forwarded but no request body. After the forwarded request, Airlock Gateway checks again if the session is now authenticated.
If so, the original request is passed to the back-end server (successful one-shot authentication).
If the session does not have the required credentials even after the one-shot request, Airlock Gateway will send an access denied (HTTP 403) response to the client.
- ONE_SHOT_WITH_BODY: This is the same as with the "one-shot" option with two notable differences: The whole body of the request is also sent to the denied access URL for this mapping and the request method is always POST instead of GET.
- FRONT_SIDE_NTLM: Choose the front-side NTLM authentication flow to support authentication using NTLM. The front-side NTLM authentication flow is similar to the "one-shot" authentication flow, but also forwards all requests containing an "Authorization" header with value "NTLM .*" to the denied access URL.
For successful authentication, NTLM must be supported by the authentication service.

data.attributes.access.backendLogoutUrl

String

no

Whenever an Airlock Gateway session terminates (either due to an explicit logout by the user or due to a session timeout), Airlock Gateway will call the given, unmodified path on the currently used back-end host with all information concerning this back-end application such as cookies, headers, etc. to allow clean session termination on the backend host.

data.attributes.access.clientCertificateAuthentication

String

no

Specifies whether accessing this mapping requires the client to authenticate with a valid SSL client certificate.

Allowed values:
- NOT_REQUIRED: The mapping uses the client certificate settings of the virtual host.
- OPTIONAL: The client may send a certificate if available, but access is still allowed without. The optional setting is normally used in combination with an authentication service that presents an alternative login page if no certificate is sent.
- REQUIRED: The client must send a valid certificate. If no client certificate is sent, the SSL handshake is cancelled and the browser typically presents the user with a technical error message.

data.attributes.access.credentialsPropagation.mandatory

Boolean

no

If true and the selected SSO credentials are missing, access to the mapping is denied and Airlock Gateway will redirect to either the global or the custom denied access URL.

data.attributes.access.credentialsPropagation.type

String

no

Defines if SSO credentials set by the control API will be forwarded to the back-end application or not. These credentials are typically set by the authentication service upon successful authentication.

Allowed values:
- NONE: Even if Basic-Auth or NTLM credentials set by the control API are present, Airlock Gateway will not forward them to the back-end application. Access to the mapping is granted without any SSO credentials.
- BASIC_AUTH: If Basic-Auth credentials set by the control API are present, Airlock Gateway will forward them to the back-end application.
- KERBEROS: If a Kerberos user is set by the control API, Airlock Gateway will acquire and send a service ticket to the back-end application.
- NTLM: If NTLM credentials set by the control API are present, Airlock Gateway will forward them to the back-end application.

data.attributes.access.deniedUrl.mode

String

no

Allowed values:
- GLOBAL: Use the global denied access url as configured under the menu Application Firewall - Session - Access Control.
- CUSTOM: Use the mapping specific denied access url.

data.attributes.access.deniedUrl.value

String

no

Location (URL) of the authentication service. In case the required role for the mapping is missing on the current session, Airlock Gateway will redirect the client to this location.

data.attributes.access.ntlmPassthroughEnabled

Boolean

no

Airlock Gateway is enabled to handle HTTP connections with transparent client to back-end NTLM authentication. Since the authorization of NTLM authenticated connections is bound to the underlying TCP connection, the client and back-end connections are correlated as soon as a NTLM handshake is detected. These one-to-one bindings of client and back-end connections exist until client connections are closed. It is guaranteed that no back-end connection authenticated using NTLM is ever reused by another client connection.

NTLM has well-known security flaws. We strongly recommend adding additional security measures when exposing NTLM authentication to the Internet. If possible, Kerberos should be preferred over NTLM, as suggested by Microsoft.

data.attributes.access.restrictions[].authorizedPlans[]

Array

no

List of mandatory plans. Only sessions which have at least one of these plans will be able to access the service.

data.attributes.access.restrictions[].authorizedRoles[]

Array

no

List of mandatory roles. Only sessions which have at least one of these roles will be able to access the service.

data.attributes.access.restrictions[].enabled

Boolean

no

Whether access restriction is enabled.

data.attributes.access.restrictions[].entryPathPattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.access.restrictions[].entryPathPattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.access.restrictions[].entryPathPattern.pattern

String

no

The actual pattern.

data.attributes.access.restrictions[].httpMethodPattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.access.restrictions[].httpMethodPattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.access.restrictions[].httpMethodPattern.pattern

String

no

The actual pattern.

data.attributes.access.tokenTransport.cookieExtraction.enabled

Boolean

no

If enabled, Airlock Gateway will extract the token from the specified cookie.

data.attributes.access.tokenTransport.cookieExtraction.name

String

no

Name of the cookie.

data.attributes.access.tokenTransport.headerExtraction.enabled

Boolean

no

If enabled, Airlock Gateway will extract the token from the specified header.

data.attributes.access.tokenTransport.headerExtraction.extractionPattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.access.tokenTransport.headerExtraction.extractionPattern.pattern

String

no

The actual pattern.

data.attributes.access.tokenTransport.headerExtraction.replaceWith

String

no

The rewrite expression for the header extraction.

data.attributes.access.tokenTransport.parameterExtraction.enabled

Boolean

no

If enabled, Airlock Gateway will extract the token from the specified query parameter.

data.attributes.access.tokenTransport.parameterExtraction.name

String

no

Name of the query parameter.

data.attributes.access.tokenTransport.presenceMandatoryEnforced

Boolean

no

If not enforced, requests without a token are accepted. However, if a token is present, it is extracted and validated and the configured restrictions and role extractions are applied.

data.attributes.access.tokenVerification.claimRestrictions[].enabled

Boolean

no

Whether this claim extraction rule is enabled.

data.attributes.access.tokenVerification.claimRestrictions[].name

String

no

Name of the claim you want to restrict.

data.attributes.access.tokenVerification.claimRestrictions[].restrictionPattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.access.tokenVerification.claimRestrictions[].restrictionPattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.access.tokenVerification.claimRestrictions[].restrictionPattern.pattern

String

no

The actual pattern.

data.attributes.access.tokenVerification.expiryCheckEnabled

Boolean

no

If enabled, the JWT standard claims expiry (exp) and not before (nbf) will be checked and must be valid.

data.attributes.access.tokenVerification.expiryCheckSkew

Number

no

Allowed skew when checking expiry / not before in seconds. This can be used if verification fails because of time synchronization issues with the token issuer and your Airlock.

data.attributes.access.tokenVerification.extractTechnicalClientIdEnabled

Boolean

no

If enabled, a technical client ID is extracted from the JWT.

data.attributes.access.tokenVerification.extractTechnicalClientIdName

String

no

Name of the claim to extract as technical client ID.

data.attributes.access.tokenVerification.roleExtractions[].enabled

Boolean

no

Whether this claim extraction rule is enabled.

data.attributes.access.tokenVerification.roleExtractions[].extractionPattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.access.tokenVerification.roleExtractions[].extractionPattern.pattern

String

no

The actual pattern.

data.attributes.access.tokenVerification.roleExtractions[].name

String

no

Name of the claim you want to extract a role from.

data.attributes.access.tokenVerification.roleExtractions[].replaceWith

String

no

The rewrite expression of the role.

data.attributes.access.tokenVerification.roleExtractions[].tokenLifetimeAsRoleLifetimeEnforced

Boolean

no

If enforced, the expiry claim (exp) of the JWT will be used as the role lifetime.

data.attributes.access.tokenVerification.setAuditTokenFromSubjectEnabled

Boolean

no

If enabled, the 'sub' claim is extracted from the JWT and its value is used as audit token of the current Airlock session.

data.attributes.access.tokenVerification.signatureCheckEnforced

Boolean

no

If enforced, the JWT’s signature must be present and valid.

data.attributes.access.tokensEnabled

Boolean

no

Whether access tokens should be processed.

data.attributes.apiSecurity.apiPolicyKeyExtractionCookie.cookieName

String

no

Name of the cookie.

data.attributes.apiSecurity.apiPolicyKeyExtractionCookie.enabled

Boolean

no

If enabled, Airlock Gateway will extract the API key from the specified cookie.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.enabled

Boolean

no

If enabled, Airlock Gateway will extract the API key from the specified header.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern.pattern

String

no

The actual pattern.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.replaceWith

String

no

Rewrite expression for the header extraction.

data.attributes.apiSecurity.apiPolicyKeyExtractionQueryParameter.enabled

Boolean

no

If enabled, Airlock Gateway will extract the API key from the specified query parameter.

data.attributes.apiSecurity.apiPolicyKeyExtractionQueryParameter.parameterName

String

no

Name of the query parameter.

data.attributes.apiSecurity.apiPolicyServiceEnabled

Boolean

no

Whether to enable the API policy service.

data.attributes.apiSecurity.jsonParser.contentTypePattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.apiSecurity.jsonParser.contentTypePattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.apiSecurity.jsonParser.contentTypePattern.pattern

String

no

The actual pattern.

data.attributes.apiSecurity.jsonParser.enabled

Boolean

no

If set to true, Airlock Gateway parses JSON objects in requests and filters JSON attributes with allow rules and deny rules. JSON objects are parsed only if their content-type matches the specified pattern.

data.attributes.apiSecurity.logOnly

Boolean

no

If enabled, potential attack requests are only logged but not blocked.

data.attributes.apiSecurity.openApiCheckResponsesEnabled

Boolean

no

If enabled, responses are also checked against the API specification.

data.attributes.apiSecurity.openApiEnforced

Boolean

no

Whether traffic to/from this service shall be checked against an API specification provided in the OpenAPI format.If enforced, traffic not conforming to the API specification will be blocked.

data.attributes.apiSecurity.openApiPathMatching

String

no

Run OpenAPI path matching against client or server view of request/response.

Allowed values:
- ClientView
- BackendView

data.attributes.apiSecurity.openApiPublishSpecificationEnabled

Boolean

no

If enabled, allow clients to download the API specification.

data.attributes.apiSecurity.openApiPublishSpecificationPath

String

no

External path to the API specification. Note that the entry path will be added in front of it.

data.attributes.apiSecurity.treatPathSegmentsAsParamValues

Boolean

no

If enabled, each path segment is interpreted as a separate parameter value and the deny rules for parameter values are applied to it.

data.attributes.application.controlApiAllowed

Boolean

no

Whether this service is allowed to use Airlock Gateway’s back-end API via the control cookie mechanism. Normally, only the authentication application should be allowed to use the back-end control API of Airlock Gateway.

data.attributes.application.encryptedCookies.enabled

Boolean

no

Enables encryption of cookies which are sent to the client.

data.attributes.application.encryptedCookies.prefix

String

no

Regular expression for cookies that should be cryptographically encrypted before being sent to the client.
All cookies that have names which match the regular expression are encrypted and digitally signed with a secret key derived from a pass phrase when sent to the client. They are decrypted and verified when sent to the back-end service.
Because the pass-phrase-based key is used, such cookies are valid over several sessions and can also be persistent on the client’s machine. Such cookies protect the application from manipulated cookie contents and hide the content from the user.

data.attributes.application.environmentCookiesEnabled

Boolean

no

Whether this service should receive the Airlock Gateway environment cookies that contain useful information about the connection to the client.

data.attributes.application.loadBalancingCookieEnabled

Boolean

no

If enabled, load balancing information is sent to the client in a load balancing cookie. Disable if no load balancing is needed and no cookie should be generated for this purpose.

data.attributes.application.passthroughCookies.enabled

Boolean

no

Whether 'Passthrough Cookies' are enabled. Passthrough Cookies are cookies which are sent in plain format to the client.

data.attributes.application.passthroughCookies.prefix

String

no

Regular expression to select cookies that should be treated as 'Passthrough Cookies'.
Passthrough cookies are not recommended because they are often a carrier for cookie poisoning based web application attacks that can result in buffer overflows etc.

data.attributes.application.redirectForErrorPageEnabled

Boolean

no

If enabled, Airlock Gateway will deliver error pages by sending a HTTP redirect pointing to the error page to its clients. Otherwise the error page will be directly returned.

data.attributes.application.request.charset

String

no

Parameter values that are sent in HTTP requests from the client are interpreted by Airlock Gateway as if they were encoded using the given charset. If Airlock Gateway detects that the charset does not match, it tries to use the fallback charset.

Allowed values:
- UTF_8_FALLBACK_WINDOWS_1252
- UTF_8
- ISO_8859_15
- WINDOWS_1251
- WINDOWS_1252

data.attributes.application.request.header.allowlist.additional

Object

no

Additional headers to allow.

data.attributes.application.request.header.allowlist.additional.pattern

String

no

The actual pattern.

data.attributes.application.request.header.allowlist.defaultEnabled

Boolean

no

If enabled, default header allow list will be applied.

data.attributes.application.request.header.denylist.additional

Object

no

Additional headers to deny.

data.attributes.application.request.header.denylist.additional.pattern

String

no

The actual pattern.

data.attributes.application.request.header.denylist.defaultEnabled

Boolean

no

If enabled, default header deny list will be applied.

data.attributes.application.request.header.enforceUtf8

Boolean

no

If enabled, requests which contain invalid UTF-8 sequences in the headers will be blocked.

data.attributes.application.request.parameter.enforceUtf8

Boolean

no

If enabled, requests which contain invalid UTF-8 sequences in the parameters will be blocked.

data.attributes.application.request.path.enforceUtf8

Boolean

no

If enabled, requests which contain invalid UTF-8 sequences in the path will be blocked.

data.attributes.application.response.body.rewrites[].contentPattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.application.response.body.rewrites[].contentPattern.pattern

String

no

The actual pattern.

data.attributes.application.response.body.rewrites[].contentType

String

no

A response from the back-end server is rewritten only if the response headerContent-Type matches this regular expression.

data.attributes.application.response.body.rewrites[].enabled

Boolean

no

Whether rewrites are enabled.

data.attributes.application.response.body.rewrites[].replaceWith

String

no

Target string which will replace the string matched by Content Pattern.

data.attributes.application.response.compressionAllowed

Boolean

no

Specifies whether Airlock Gateway should compress the output on-the-fly for the client browser (if supported and requested by the browser).
Warning: Allowing compression for data served through SSL/TLS virtual hosts may affect the secrecy of the data.

data.attributes.application.response.errorPage.rewrites[].enabled

Boolean

no

Whether rewrites are enabled.

data.attributes.application.response.errorPage.rewrites[].replaceWith

String

no

Target string which will replace the string matched by HTTP status content pattern.

data.attributes.application.response.errorPage.rewrites[].statusContentPattern

String

no

The HTTP status code pattern.

data.attributes.application.response.header.allowlist.additional

Object

no

Additional headers to allow.

data.attributes.application.response.header.allowlist.additional.pattern

String

no

The actual pattern.

data.attributes.application.response.header.allowlist.defaultEnabled

Boolean

no

If enabled, default header allow list will be applied.

data.attributes.application.response.header.denylist.additional

Object

no

Additional headers to deny.

data.attributes.application.response.header.denylist.additional.pattern

String

no

The actual pattern.

data.attributes.application.response.header.denylist.defaultEnabled

Boolean

no

If enabled, default header deny list will be applied.

data.attributes.application.response.header.location.rewrites[].enabled

Boolean

no

Whether rewrites are enabled.

data.attributes.application.response.header.location.rewrites[].replaceWith

String

no

Target string which will replace the string matched by URL pattern.

data.attributes.application.response.header.location.rewrites[].urlPattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.application.response.header.location.rewrites[].urlPattern.pattern

String

no

The actual pattern.

data.attributes.application.response.html.rewrites[].embedded

Boolean

no

Whether to apply the rule to <script> and <style> blocks embedded in the HTML page

data.attributes.application.response.html.rewrites[].enabled

Boolean

no

Whether rewrites are enabled.

data.attributes.application.response.html.rewrites[].events

Boolean

no

Whether to apply the rule to JavaScript event strings such as onsubmit, onload, etc.

data.attributes.application.response.html.rewrites[].replaceWith

String

no

Target string which will replace the string matched by URL Pattern.

data.attributes.application.response.html.rewrites[].uris

Boolean

no

Whether to apply the rule to linked HTML elements like href, src, etc.

data.attributes.application.response.html.rewrites[].urlPattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.application.response.html.rewrites[].urlPattern.pattern

String

no

The actual pattern.

data.attributes.application.response.json.rewrites[].contentPattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.application.response.json.rewrites[].contentPattern.pattern

String

no

The actual pattern.

data.attributes.application.response.json.rewrites[].enabled

Boolean

no

Whether rewrites are enabled.

data.attributes.application.response.json.rewrites[].path

String

no

A response from the back-end server is rewritten only if the JSON path matches this regular expression.

data.attributes.application.response.json.rewrites[].replaceWith

String

no

Target string which will replace the string matched by Content Pattern.

data.attributes.application.response.stripCommentsEnabled

Boolean

no

If enabled, Airlock Gateway removes HTML comments.

data.attributes.application.sessionHandling

String

no

Allowed values:
- ENFORCE_SESSION: Sessions are enforced. If no session is available, a new session is created.
- OPTIONAL_SESSION: Sessions are optional. Existing sessions are used. If no session is available, no session is used.
- OPTIONAL_SESSION_NO_REFRESH: Same as "OPTIONAL_SESSION" but without refreshing session access timestamps. That is, requests use existing sessions if available but do not reset session idle times.
- IGNORE_SESSION: Session handling is disabled. No sessions are created and existing sessions are ignored. This mode improves performance for delivery of anonymous stateless content, such as image directories or static web repositories.

data.attributes.application.webSocketsAllowed

Boolean

no

Whether support for the WebSockets protocol as defined in RFC 6455 is enabled.

data.attributes.backendPath

String

no

The back-end path specifies the internal back-end path, i.e. the path of the request sent to the application server.

data.attributes.botManagement.clientCookieSupportEnforced

Boolean

no

If enabled, only clients implementing a Cookie-Store will be able to access the application through this mapping. In contrast to regular browsers, most bots do not implement a Cookie-Store and will therefore be blocked if this setting is enabled.

data.attributes.botManagement.customBots.allowed

Boolean

no

If enabled, custom bots are not blocked.
Custom bots are identified by providing a "User-Agent" and "Domain" pattern.

data.attributes.botManagement.customBots.domainPattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.botManagement.customBots.domainPattern.pattern

String

no

The actual pattern.

data.attributes.botManagement.customBots.sourceDomainEnforced

Boolean

no

Do not block bots whose source-domain matches the "domain pattern".

data.attributes.botManagement.customBots.userAgentPattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.botManagement.customBots.userAgentPattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.botManagement.customBots.userAgentPattern.pattern

String

no

The actual pattern.

data.attributes.botManagement.logOnly

Boolean

no

If true, requests from bots are only logged but not blocked.

data.attributes.botManagement.wellKnownBots.allowed

Boolean

no

Check the User-Agent to determine if a bot is well-known and do not block such bots.
Clients indicating one of the following User-Agent headers are treated as well-known bots: Googlebot, bingbot, MSNBot, Baiduspider, YandexBot, archive.org_bot, DuckDuckBot.

data.attributes.botManagement.wellKnownBots.sourceDomainEnforced

Boolean

no

If enabled, a reverse IP lookup for well-known bots is performed to verify that the client’s IP address belongs to the operator of a well-known bot.
This prevents bots from pretending to be a well-known bot by sending a fake "User-Agent" header.
The following domains are considered as domains of operators operating well-known bots: google.com, googlebot.com,search.msn.com, yahoo.net, baidu.com, baidu.jp, yandex.ru, yandex.net, yandex.com, archive.org, amazonaws.com (107.20.237.51, 23.21.226.191, 107.21.1.8, 54.208.102.37)

data.attributes.csrfProtection.enabled

Boolean

no

Whether CSRF protection is enabled.

data.attributes.csrfProtection.invalidTokenRedirectLocation

String

no

If a missing or invalid CSRF token is detected, the client is redirected to the configured location.

data.attributes.csrfProtection.pathExceptions[].caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.csrfProtection.pathExceptions[].pattern

String

no

The actual pattern.

data.attributes.dosAttackPrevention.enabled

Boolean

no

Whether the DoS attack prevention filter is enabled.

data.attributes.dosAttackPrevention.interval

Number

no

Interval for measurement of allowed requests per IP address (seconds).

data.attributes.dosAttackPrevention.maxRequestsPerInterval

Number

no

Maximum requests allowed per IP address.

data.attributes.enableMaintenancePage

Boolean

no

Whether the maintenance page is enabled.

data.attributes.entryPath.enforceTrailingSlashes

Boolean

no

Whether a trailing slash is mandatory at the end of the entry path or not.

data.attributes.entryPath.ignoreCase

Boolean

no

Whether the entry path should be case sensitive.

data.attributes.entryPath.priority

Number

no

The priority guarantees a deterministic selection of the mapping for a given request path.
The value can be between -999 (highest priority) and 999 (lowest priority). It must be unique among all regular expression mappings.

data.attributes.entryPath.regexFormatEnforced

Boolean

no

Whether the entry path (the external URL path of the mapping) should be interpreted as regular expression or not.

data.attributes.entryPath.value

String

no

The entry path specifies the external URL path the mapping should be available under. For each incoming request, Airlock Gateway compares the URL with the entry path to find the right mapping.

data.attributes.expertSettings.apache

Object

no

Expert settings for the Apache.

data.attributes.expertSettings.apache.enabled

Boolean

no

Whether the Apache expert settings are enabled.

data.attributes.expertSettings.apache.settings

String

no

Expert settings for the Apache web listener.

data.attributes.expertSettings.securityGate

Object

no

Expert settings for the Security Gate.

data.attributes.expertSettings.securityGate.enabled

Boolean

no

Whether the Security Gate expert settings are enabled.

data.attributes.expertSettings.securityGate.settings

String

no

Expert settings for the Security Gate.

data.attributes.httpParameterPollutionDetection.mixedTypes

Object

no

Allows the detection of HTTP Parameter Pollution (HPP) attacks involving both HTTP GET and HTTP POST parameters (thus involving parameters of different/mixed types).

data.attributes.httpParameterPollutionDetection.mixedTypes.enabled

Boolean

no

If enabled, requests containing HTTP GET and HTTP POST parameters of the same name are blocked to prevent HPP attacks.

data.attributes.httpParameterPollutionDetection.mixedTypes.logOnly

Boolean

no

If true, potential HPP attack requests are only logged but not blocked.

data.attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern

Object

no

Parameters named with a name matching this regular expression pattern will be ignored by the HPP detection.

data.attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern.pattern

String

no

The actual pattern.

data.attributes.httpParameterPollutionDetection.sameType

Object

no

Allows the detection of HTTP Parameter Pollution (HPP) attacks involving only HTTP GET or only HTTP POST parameters (thus involving only parameters of the same type).

data.attributes.httpParameterPollutionDetection.sameType.enabled

Boolean

no

If enabled, parameters named with the same name and type (HTTP GET or POST) are joined together into one parameter before filtering to prevent HPP attacks.
Note: For the filtering itself, a deny rule like the default deny rule '(default) HTTP Parameter Pollution' has to be configured.

data.attributes.ipRules.dynamicIpAddressBlacklist.countMode

String

no

Counting mode of dynamic IP address blacklist blocks.

Allowed values:
- OFF: Blocks on this mapping are not counted for the dynamic IP address blacklist.
- ALL: All blocks on this mapping are counted for the dynamic IP address blacklist.
- DENY_RULES_ONLY: Only deny rule blocks on this mapping are counted for the dynamic IP address blacklist.

data.attributes.ipRules.dynamicIpAddressBlacklist.enabled

Boolean

no

If enabled, IPs on the dynamic IP address blacklist are blocked.

data.attributes.ipRules.ipAddressBlacklists.logOnly

Boolean

no

If true, requests whose source IP address is contained in one of the configured IP Blacklists are only logged but not blocked.

data.attributes.ipRules.ipAddressBlacklists.webrootThreatCategories

String

no

List of threat categories which should be blocked (;-separated string).

Categories:
SPAM_SOURCES: The Spam Sources category includes IP addresses involved in tunneling spam messages through proxy, anomalous SMTP activities, and forum spam activities.
WINDOWS_EXPLOITS: The Windows Exploits category includes IP addresses participating in the distribution of malware, shell code, rootkits, worms or viruses for Windows platforms.
WEB_ATTACKS: The Web Attacks category includes IP addresses using cross site scripting, iFrame injection, SQL injection, cross domain injection, or domain password brute force attacks to target vulnerabilities on a web server.
BOT_NETS: The Botnets category includes IP addresses acting as Botnet Command and Control (C&C) centers, and infected zombie machines controlled by the C&C servers.
SCANNERS: The Scanners category includes IP addresses involved in unauthorized reconnaissance activities such as probing, host scanning, port scanning and brute force login attempts.
DENIAL_OF_SERVICE: The Denial of Services category includes IPs addresses involved in DOS or DDOS attacks, anomalous sync flood, or anomalous traffic.
PHISHING: The Phishing category includes IP addresses hosting phishing sites and sites related to other kinds of fraudulent activities.
PROXY: The Proxy category includes IP addresses providing proxy services, including both VPN and open web proxy services.
MOBILE_THREATS: The Mobile Threats category includes IP addresses associated with malicious and unwanted mobile applications.
TOR_PROXY: The Tor Proxy category includes IP addresses acting as exit nodes for the Tor Network. Exit nodes are the last point along the proxy chain and make a direct connection to the originator’s intended destination.

data.attributes.ipRules.ipAddressWhitelists.logOnly

Boolean

no

If true, requests whose source IP address is not contained in one of the configured IP Whitelists are only logged but not blocked.

data.attributes.labels[]

Array

no

List of assigned Labels (freely defined textual tags). Labels allow grouping of mappings with a common aspect, e.g. all mappings belonging to the same application.

data.attributes.limits.general.maxPathLength

Number

no

Defines the maximum path length for requests to the current mapping.

data.attributes.limits.general.maxRequestBodySize

Number

no

Defines the maximum size of the request body. It specifies the number of bytes from 0 (meaning unlimited) to 2147483647 (2GB) that are allowed in a request body. To restrict the size of file uploads, set this limit to the maximum combined size of all files uploaded at once.

data.attributes.limits.http.maxParameterNameLength

Number

no

Defines the maximum length for a parameter name.

data.attributes.limits.http.maxParameterValueLength

Number

no

Defines the maximum length for a parameter value.

data.attributes.limits.http.maxParameters

Number

no

Defines the maximum number of parameters inside the request.

data.attributes.limits.json.enabled

Boolean

no

Whether JSON limits are enabled.

data.attributes.limits.json.maxArrayItems

Number

no

Defines the maximum number of items for a single JSON array (non-recursive).

data.attributes.limits.json.maxKeyLength

Number

no

Defines the maximum length for a JSON key, also known as "JSON property" or "JSON object member".

data.attributes.limits.json.maxKeys

Number

no

Defines the maximum number of keys of a single JSON object (non-recursive).

data.attributes.limits.json.maxNestingDepth

Number

no

Defines the maximum depth of nesting for JSON objects and JSON arrays.

data.attributes.limits.json.maxTotalEntries

Number

no

Defines the maximum number of keys and array items in the whole JSON document (recursive).

data.attributes.limits.json.maxValueLength

Number

no

Defines the maximum json value length for requests to the current mapping.

data.attributes.locking.access.authenticationFlow

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.backendLogoutUrl

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.clientCertificateAuthentication

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.credentialsPropagation.mandatory

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.credentialsPropagation.type

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.deniedUrl.mode

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.deniedUrl.value

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.ntlmPassthroughEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.restrictions

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.cookieExtraction.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.cookieExtraction.name

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.headerExtraction.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.headerExtraction.extractionPattern

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.headerExtraction.replaceWith

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.parameterExtraction.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.parameterExtraction.name

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.presenceMandatoryEnforced

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.claimRestrictions

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.expiryCheckEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.expiryCheckSkew

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.extractTechnicalClientIdEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.extractTechnicalClientIdName

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.localJwksProviders

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.remoteJwksProviders

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.roleExtractions

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.setAuditTokenFromSubjectEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.access.tokensEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionCookie.cookieName

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionCookie.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionHeader.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionHeader.replaceWith

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionQueryParameter.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionQueryParameter.parameterName

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyServiceEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyServiceId

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.jsonParser.contentTypePattern

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.jsonParser.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.logOnly

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiCheckResponsesEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiDocumentId

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiEnforced

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiPathMatching

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiPublishSpecificationEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiPublishSpecificationPath

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.apiSecurity.treatPathSegmentsAsParamValues

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.controlApiAllowed

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.encryptedCookies.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.encryptedCookies.prefix

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.environmentCookiesEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.loadBalancingCookieEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.passthroughCookies.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.passthroughCookies.prefix

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.redirectForErrorPageEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.request.charset

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.request.header.allowlist.additional

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.request.header.allowlist.defaultEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.request.header.denylist.additional

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.request.header.denylist.defaultEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.request.header.enforceUtf8

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.request.parameter.enforceUtf8

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.request.path.enforceUtf8

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.response.body.rewrites

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.response.compressionAllowed

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.response.errorPage.rewrites

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.response.header.allowlist.additional

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.response.header.allowlist.defaultEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.response.header.denylist.additional

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.response.header.denylist.defaultEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.response.header.location.rewrites

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.response.html.rewrites

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.response.json.rewrites

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.response.stripCommentsEnabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.sessionHandling

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.application.webSocketsAllowed

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.backendPath

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.botManagement.clientCookieSupportEnforced

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.botManagement.customBots.allowed

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.botManagement.customBots.domainPattern

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.botManagement.customBots.sourceDomainEnforced

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.botManagement.customBots.userAgentPattern

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.botManagement.logOnly

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.botManagement.wellKnownBots.allowed

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.botManagement.wellKnownBots.sourceDomainEnforced

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.csrfProtection.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.csrfProtection.invalidTokenRedirectLocation

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.csrfProtection.pathExceptions

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.dosAttackPrevention.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.dosAttackPrevention.interval

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.dosAttackPrevention.maxRequestsPerInterval

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.enableMaintenancePage

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.enabled

Boolean

no

If true, the state of the attribute locks is displayed in Airlock Gateway’s Configuration Center for this mapping.

data.attributes.locking.entryPath.enforceTrailingSlashes

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.entryPath.priority

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.entryPath.regexFormatEnforced

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.entryPath.settings

Boolean

no

Lock for the corresponding member. Note that this lock affects both the EntryPath’s 'value' and 'ignoreCase'.

data.attributes.locking.httpParameterPollutionDetection.mixedTypes.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.httpParameterPollutionDetection.mixedTypes.logOnly

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.httpParameterPollutionDetection.sameType.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.icap.request.backendViews

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.icap.request.clientViews

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.icap.response.backendViews

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.icap.response.clientViews

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.ipRules.dynamicIpAddressBlacklist.countMode

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.ipRules.dynamicIpAddressBlacklist.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.ipRules.ipAddressBlacklists.logOnly

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.ipRules.ipAddressWhitelists.logOnly

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.labels

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.limits.general.maxPathLength

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.limits.general.maxRequestBodySize

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.limits.http.maxParameterNameLength

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.limits.http.maxParameterValueLength

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.limits.http.maxParameters

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.limits.json.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.limits.json.maxArrayItems

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.limits.json.maxKeyLength

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.limits.json.maxKeys

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.limits.json.maxNestingDepth

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.limits.json.maxTotalEntries

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.limits.json.maxValueLength

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.operationalMode

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.requestBodyStreaming.contentTypePattern

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.requestBodyStreaming.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.requestBodyStreaming.httpMethodPattern

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.requestBodyStreaming.pathPattern

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.threatHandling

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.timeouts.backend

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.timeouts.sessionIdle

Boolean

yes

Lock for the corresponding member.

data.attributes.name

String

no

The unique name of the mapping.

data.attributes.operationalMode

String

no

The mode in which the mapping runs.

Allowed values:
- PRODUCTION: Standard mode of operation.
- INTEGRATION: More information is logged about all requests and responses (may decrease performance).

data.attributes.requestBodyStreaming.contentTypePattern

Object

no

Only requests whose content type header matches this regular expression pattern will be streamed.

data.attributes.requestBodyStreaming.contentTypePattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.requestBodyStreaming.contentTypePattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.requestBodyStreaming.contentTypePattern.pattern

String

no

The actual pattern.

data.attributes.requestBodyStreaming.enabled

Boolean

no

Whether request body streaming is enabled. If enabled, only requests matching all three regular expression patterns will be streamed.
Empty fields have the same effect as the pattern ^.*$

data.attributes.requestBodyStreaming.httpMethodPattern

Object

no

Only requests whose HTTP method matches this regular expression pattern will be streamed.

data.attributes.requestBodyStreaming.httpMethodPattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.requestBodyStreaming.httpMethodPattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.requestBodyStreaming.httpMethodPattern.pattern

String

no

The actual pattern.

data.attributes.requestBodyStreaming.pathPattern

Object

no

Only requests whose path matches this regular expression pattern will be streamed.

data.attributes.requestBodyStreaming.pathPattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.requestBodyStreaming.pathPattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.requestBodyStreaming.pathPattern.pattern

String

no

The actual pattern.

data.attributes.tenant

String

no

Tenant of the mapping.

data.attributes.threatHandling

String

no

Defines how policy violations, e.g., missing allow rules, matching deny rules, URL encryption and form protection violations, are handled.

Allowed values:
- BLOCK: Requests violating policies are blocked. The session (if available) remains valid.
- TERMINATE_SESSION: Requests violating policies are blocked. The session (if available) is terminated.
- NOTIFY: Requests violating policies are not blocked. The violation is logged and notified.

data.attributes.timeouts.backend

Number

no

Defines the time (seconds) Airlock Gateway will wait for the back-end response.
In case the request runs into the timeout, Airlock Gateway will send a redirect to the HTTP 503 Service unavailable error page with the corresponding HTTP 503 status code. If In-band Health Checks are configured, then such a request will be counted as a failed request, potentially leading to the back-end server being marked as bad.

data.attributes.timeouts.sessionIdle

Number

no

Defines the minimum session idle time (seconds) of Airlock Gateway for this mapping.
The value will be ignored if minimum session idle timeout is smaller or equal to the global session idle timeout setting.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "mapping" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.access.authenticationFlow

String

Allowed values:
- REDIRECT: If the required role for the mapping is missing on the current session, Airlock Gateway will send a redirect (HTTP 303) to either the global or the custom denied access URL.
This mode is typically used in conjunction with user operated clients.
- DENY_ACCESS: Airlock Gateway will directly send an access denied (HTTP 403) response to the client if the required role is missing.
This is typically used for technical clients.
- ONE_SHOT: When this option is selected and Airlock Gateway receives an incoming request for this mapping that needs to be authenticated, Airlock Gateway implicitly (without redirect) forwards the request to the configured denied access URL for this mapping. The request headers are forwarded but no request body. After the forwarded request, Airlock Gateway checks again if the session is now authenticated.
If so, the original request is passed to the back-end server (successful one-shot authentication).
If the session does not have the required credentials even after the one-shot request, Airlock Gateway will send an access denied (HTTP 403) response to the client.
- ONE_SHOT_WITH_BODY: This is the same as with the "one-shot" option with two notable differences: The whole body of the request is also sent to the denied access URL for this mapping and the request method is always POST instead of GET.
- FRONT_SIDE_NTLM: Choose the front-side NTLM authentication flow to support authentication using NTLM. The front-side NTLM authentication flow is similar to the "one-shot" authentication flow, but also forwards all requests containing an "Authorization" header with value "NTLM .*" to the denied access URL.
For successful authentication, NTLM must be supported by the authentication service.

data.attributes.access.backendLogoutUrl

String

Whenever an Airlock Gateway session terminates (either due to an explicit logout by the user or due to a session timeout), Airlock Gateway will call the given, unmodified path on the currently used back-end host with all information concerning this back-end application such as cookies, headers, etc. to allow clean session termination on the backend host.

data.attributes.access.clientCertificateAuthentication

String

Specifies whether accessing this mapping requires the client to authenticate with a valid SSL client certificate.

Allowed values:
- NOT_REQUIRED: The mapping uses the client certificate settings of the virtual host.
- OPTIONAL: The client may send a certificate if available, but access is still allowed without. The optional setting is normally used in combination with an authentication service that presents an alternative login page if no certificate is sent.
- REQUIRED: The client must send a valid certificate. If no client certificate is sent, the SSL handshake is cancelled and the browser typically presents the user with a technical error message.

data.attributes.access.credentialsPropagation.mandatory

Boolean

If true and the selected SSO credentials are missing, access to the mapping is denied and Airlock Gateway will redirect to either the global or the custom denied access URL.

data.attributes.access.credentialsPropagation.type

String

Defines if SSO credentials set by the control API will be forwarded to the back-end application or not. These credentials are typically set by the authentication service upon successful authentication.

Allowed values:
- NONE: Even if Basic-Auth or NTLM credentials set by the control API are present, Airlock Gateway will not forward them to the back-end application. Access to the mapping is granted without any SSO credentials.
- BASIC_AUTH: If Basic-Auth credentials set by the control API are present, Airlock Gateway will forward them to the back-end application.
- KERBEROS: If a Kerberos user is set by the control API, Airlock Gateway will acquire and send a service ticket to the back-end application.
- NTLM: If NTLM credentials set by the control API are present, Airlock Gateway will forward them to the back-end application.

data.attributes.access.deniedUrl.mode

String

Allowed values:
- GLOBAL: Use the global denied access url as configured under the menu Application Firewall - Session - Access Control.
- CUSTOM: Use the mapping specific denied access url.

data.attributes.access.deniedUrl.value

String

Location (URL) of the authentication service. In case the required role for the mapping is missing on the current session, Airlock Gateway will redirect the client to this location.

data.attributes.access.ntlmPassthroughEnabled

Boolean

Airlock Gateway is enabled to handle HTTP connections with transparent client to back-end NTLM authentication. Since the authorization of NTLM authenticated connections is bound to the underlying TCP connection, the client and back-end connections are correlated as soon as a NTLM handshake is detected. These one-to-one bindings of client and back-end connections exist until client connections are closed. It is guaranteed that no back-end connection authenticated using NTLM is ever reused by another client connection.

NTLM has well-known security flaws. We strongly recommend adding additional security measures when exposing NTLM authentication to the Internet. If possible, Kerberos should be preferred over NTLM, as suggested by Microsoft.

data.attributes.access.restrictions[].authorizedPlans[]

Array

List of mandatory plans. Only sessions which have at least one of these plans will be able to access the service.

data.attributes.access.restrictions[].authorizedRoles[]

Array

List of mandatory roles. Only sessions which have at least one of these roles will be able to access the service.

data.attributes.access.restrictions[].enabled

Boolean

Whether access restriction is enabled.

data.attributes.access.restrictions[].entryPathPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.access.restrictions[].entryPathPattern.inverted

Boolean

Whether to invert the match.

data.attributes.access.restrictions[].entryPathPattern.pattern

String

The actual pattern.

data.attributes.access.restrictions[].httpMethodPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.access.restrictions[].httpMethodPattern.inverted

Boolean

Whether to invert the match.

data.attributes.access.restrictions[].httpMethodPattern.pattern

String

The actual pattern.

data.attributes.access.tokenTransport.cookieExtraction.enabled

Boolean

If enabled, Airlock Gateway will extract the token from the specified cookie.

data.attributes.access.tokenTransport.cookieExtraction.name

String

Name of the cookie.

data.attributes.access.tokenTransport.headerExtraction.enabled

Boolean

If enabled, Airlock Gateway will extract the token from the specified header.

data.attributes.access.tokenTransport.headerExtraction.extractionPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.access.tokenTransport.headerExtraction.extractionPattern.pattern

String

The actual pattern.

data.attributes.access.tokenTransport.headerExtraction.replaceWith

String

The rewrite expression for the header extraction.

data.attributes.access.tokenTransport.parameterExtraction.enabled

Boolean

If enabled, Airlock Gateway will extract the token from the specified query parameter.

data.attributes.access.tokenTransport.parameterExtraction.name

String

Name of the query parameter.

data.attributes.access.tokenTransport.presenceMandatoryEnforced

Boolean

If not enforced, requests without a token are accepted. However, if a token is present, it is extracted and validated and the configured restrictions and role extractions are applied.

data.attributes.access.tokenVerification.claimRestrictions[].enabled

Boolean

Whether this claim extraction rule is enabled.

data.attributes.access.tokenVerification.claimRestrictions[].name

String

Name of the claim you want to restrict.

data.attributes.access.tokenVerification.claimRestrictions[].restrictionPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.access.tokenVerification.claimRestrictions[].restrictionPattern.inverted

Boolean

Whether to invert the match.

data.attributes.access.tokenVerification.claimRestrictions[].restrictionPattern.pattern

String

The actual pattern.

data.attributes.access.tokenVerification.expiryCheckEnabled

Boolean

If enabled, the JWT standard claims expiry (exp) and not before (nbf) will be checked and must be valid.

data.attributes.access.tokenVerification.expiryCheckSkew

Number

Allowed skew when checking expiry / not before in seconds. This can be used if verification fails because of time synchronization issues with the token issuer and your Airlock.

data.attributes.access.tokenVerification.extractTechnicalClientIdEnabled

Boolean

If enabled, a technical client ID is extracted from the JWT.

data.attributes.access.tokenVerification.extractTechnicalClientIdName

String

Name of the claim to extract as technical client ID.

data.attributes.access.tokenVerification.roleExtractions[].enabled

Boolean

Whether this claim extraction rule is enabled.

data.attributes.access.tokenVerification.roleExtractions[].extractionPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.access.tokenVerification.roleExtractions[].extractionPattern.pattern

String

The actual pattern.

data.attributes.access.tokenVerification.roleExtractions[].name

String

Name of the claim you want to extract a role from.

data.attributes.access.tokenVerification.roleExtractions[].replaceWith

String

The rewrite expression of the role.

data.attributes.access.tokenVerification.roleExtractions[].tokenLifetimeAsRoleLifetimeEnforced

Boolean

If enforced, the expiry claim (exp) of the JWT will be used as the role lifetime.

data.attributes.access.tokenVerification.setAuditTokenFromSubjectEnabled

Boolean

If enabled, the 'sub' claim is extracted from the JWT and its value is used as audit token of the current Airlock session.

data.attributes.access.tokenVerification.signatureCheckEnforced

Boolean

If enforced, the JWT’s signature must be present and valid.

data.attributes.access.tokensEnabled

Boolean

Whether access tokens should be processed.

data.attributes.apiSecurity.apiPolicyKeyExtractionCookie.cookieName

String

Name of the cookie.

data.attributes.apiSecurity.apiPolicyKeyExtractionCookie.enabled

Boolean

If enabled, Airlock Gateway will extract the API key from the specified cookie.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.enabled

Boolean

If enabled, Airlock Gateway will extract the API key from the specified header.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern.inverted

Boolean

Whether to invert the match.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern.pattern

String

The actual pattern.

data.attributes.apiSecurity.apiPolicyKeyExtractionHeader.replaceWith

String

Rewrite expression for the header extraction.

data.attributes.apiSecurity.apiPolicyKeyExtractionQueryParameter.enabled

Boolean

If enabled, Airlock Gateway will extract the API key from the specified query parameter.

data.attributes.apiSecurity.apiPolicyKeyExtractionQueryParameter.parameterName

String

Name of the query parameter.

data.attributes.apiSecurity.apiPolicyServiceEnabled

Boolean

Whether to enable the API policy service.

data.attributes.apiSecurity.jsonParser.contentTypePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.apiSecurity.jsonParser.contentTypePattern.inverted

Boolean

Whether to invert the match.

data.attributes.apiSecurity.jsonParser.contentTypePattern.pattern

String

The actual pattern.

data.attributes.apiSecurity.jsonParser.enabled

Boolean

If set to true, Airlock Gateway parses JSON objects in requests and filters JSON attributes with allow rules and deny rules. JSON objects are parsed only if their content-type matches the specified pattern.

data.attributes.apiSecurity.logOnly

Boolean

If enabled, potential attack requests are only logged but not blocked.

data.attributes.apiSecurity.openApiCheckResponsesEnabled

Boolean

If enabled, responses are also checked against the API specification.

data.attributes.apiSecurity.openApiEnforced

Boolean

Whether traffic to/from this service shall be checked against an API specification provided in the OpenAPI format.If enforced, traffic not conforming to the API specification will be blocked.

data.attributes.apiSecurity.openApiPathMatching

String

Run OpenAPI path matching against client or server view of request/response.

Allowed values:
- ClientView
- BackendView

data.attributes.apiSecurity.openApiPublishSpecificationEnabled

Boolean

If enabled, allow clients to download the API specification.

data.attributes.apiSecurity.openApiPublishSpecificationPath

String

External path to the API specification. Note that the entry path will be added in front of it.

data.attributes.apiSecurity.treatPathSegmentsAsParamValues

Boolean

If enabled, each path segment is interpreted as a separate parameter value and the deny rules for parameter values are applied to it.

data.attributes.application.controlApiAllowed

Boolean

Whether this service is allowed to use Airlock Gateway’s back-end API via the control cookie mechanism. Normally, only the authentication application should be allowed to use the back-end control API of Airlock Gateway.

data.attributes.application.encryptedCookies.enabled

Boolean

Enables encryption of cookies which are sent to the client.

data.attributes.application.encryptedCookies.prefix

String

Regular expression for cookies that should be cryptographically encrypted before being sent to the client.
All cookies that have names which match the regular expression are encrypted and digitally signed with a secret key derived from a pass phrase when sent to the client. They are decrypted and verified when sent to the back-end service.
Because the pass-phrase-based key is used, such cookies are valid over several sessions and can also be persistent on the client’s machine. Such cookies protect the application from manipulated cookie contents and hide the content from the user.

data.attributes.application.environmentCookiesEnabled

Boolean

Whether this service should receive the Airlock Gateway environment cookies that contain useful information about the connection to the client.

data.attributes.application.loadBalancingCookieEnabled

Boolean

If enabled, load balancing information is sent to the client in a load balancing cookie. Disable if no load balancing is needed and no cookie should be generated for this purpose.

data.attributes.application.passthroughCookies.enabled

Boolean

Whether 'Passthrough Cookies' are enabled. Passthrough Cookies are cookies which are sent in plain format to the client.

data.attributes.application.passthroughCookies.prefix

String

Regular expression to select cookies that should be treated as 'Passthrough Cookies'.
Passthrough cookies are not recommended because they are often a carrier for cookie poisoning based web application attacks that can result in buffer overflows etc.

data.attributes.application.redirectForErrorPageEnabled

Boolean

If enabled, Airlock Gateway will deliver error pages by sending a HTTP redirect pointing to the error page to its clients. Otherwise the error page will be directly returned.

data.attributes.application.request.charset

String

Parameter values that are sent in HTTP requests from the client are interpreted by Airlock Gateway as if they were encoded using the given charset. If Airlock Gateway detects that the charset does not match, it tries to use the fallback charset.

Allowed values:
- UTF_8_FALLBACK_WINDOWS_1252
- UTF_8
- ISO_8859_15
- WINDOWS_1251
- WINDOWS_1252

data.attributes.application.request.header.allowlist.additional

Object

Additional headers to allow.

data.attributes.application.request.header.allowlist.additional.pattern

String

The actual pattern.

data.attributes.application.request.header.allowlist.defaultEnabled

Boolean

If enabled, default header allow list will be applied.

data.attributes.application.request.header.denylist.additional

Object

Additional headers to deny.

data.attributes.application.request.header.denylist.additional.pattern

String

The actual pattern.

data.attributes.application.request.header.denylist.defaultEnabled

Boolean

If enabled, default header deny list will be applied.

data.attributes.application.request.header.enforceUtf8

Boolean

If enabled, requests which contain invalid UTF-8 sequences in the headers will be blocked.

data.attributes.application.request.parameter.enforceUtf8

Boolean

If enabled, requests which contain invalid UTF-8 sequences in the parameters will be blocked.

data.attributes.application.request.path.enforceUtf8

Boolean

If enabled, requests which contain invalid UTF-8 sequences in the path will be blocked.

data.attributes.application.response.body.rewrites[].contentPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.application.response.body.rewrites[].contentPattern.pattern

String

The actual pattern.

data.attributes.application.response.body.rewrites[].contentType

String

A response from the back-end server is rewritten only if the response headerContent-Type matches this regular expression.

data.attributes.application.response.body.rewrites[].enabled

Boolean

Whether rewrites are enabled.

data.attributes.application.response.body.rewrites[].replaceWith

String

Target string which will replace the string matched by Content Pattern.

data.attributes.application.response.compressionAllowed

Boolean

Specifies whether Airlock Gateway should compress the output on-the-fly for the client browser (if supported and requested by the browser).
Warning: Allowing compression for data served through SSL/TLS virtual hosts may affect the secrecy of the data.

data.attributes.application.response.errorPage.rewrites[].enabled

Boolean

Whether rewrites are enabled.

data.attributes.application.response.errorPage.rewrites[].replaceWith

String

Target string which will replace the string matched by HTTP status content pattern.

data.attributes.application.response.errorPage.rewrites[].statusContentPattern

String

The HTTP status code pattern.

data.attributes.application.response.header.allowlist.additional

Object

Additional headers to allow.

data.attributes.application.response.header.allowlist.additional.pattern

String

The actual pattern.

data.attributes.application.response.header.allowlist.defaultEnabled

Boolean

If enabled, default header allow list will be applied.

data.attributes.application.response.header.denylist.additional

Object

Additional headers to deny.

data.attributes.application.response.header.denylist.additional.pattern

String

The actual pattern.

data.attributes.application.response.header.denylist.defaultEnabled

Boolean

If enabled, default header deny list will be applied.

data.attributes.application.response.header.location.rewrites[].enabled

Boolean

Whether rewrites are enabled.

data.attributes.application.response.header.location.rewrites[].replaceWith

String

Target string which will replace the string matched by URL pattern.

data.attributes.application.response.header.location.rewrites[].urlPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.application.response.header.location.rewrites[].urlPattern.pattern

String

The actual pattern.

data.attributes.application.response.html.rewrites[].embedded

Boolean

Whether to apply the rule to <script> and <style> blocks embedded in the HTML page

data.attributes.application.response.html.rewrites[].enabled

Boolean

Whether rewrites are enabled.

data.attributes.application.response.html.rewrites[].events

Boolean

Whether to apply the rule to JavaScript event strings such as onsubmit, onload, etc.

data.attributes.application.response.html.rewrites[].replaceWith

String

Target string which will replace the string matched by URL Pattern.

data.attributes.application.response.html.rewrites[].uris

Boolean

Whether to apply the rule to linked HTML elements like href, src, etc.

data.attributes.application.response.html.rewrites[].urlPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.application.response.html.rewrites[].urlPattern.pattern

String

The actual pattern.

data.attributes.application.response.json.rewrites[].contentPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.application.response.json.rewrites[].contentPattern.pattern

String

The actual pattern.

data.attributes.application.response.json.rewrites[].enabled

Boolean

Whether rewrites are enabled.

data.attributes.application.response.json.rewrites[].path

String

A response from the back-end server is rewritten only if the JSON path matches this regular expression.

data.attributes.application.response.json.rewrites[].replaceWith

String

Target string which will replace the string matched by Content Pattern.

data.attributes.application.response.stripCommentsEnabled

Boolean

If enabled, Airlock Gateway removes HTML comments.

data.attributes.application.sessionHandling

String

Allowed values:
- ENFORCE_SESSION: Sessions are enforced. If no session is available, a new session is created.
- OPTIONAL_SESSION: Sessions are optional. Existing sessions are used. If no session is available, no session is used.
- OPTIONAL_SESSION_NO_REFRESH: Same as "OPTIONAL_SESSION" but without refreshing session access timestamps. That is, requests use existing sessions if available but do not reset session idle times.
- IGNORE_SESSION: Session handling is disabled. No sessions are created and existing sessions are ignored. This mode improves performance for delivery of anonymous stateless content, such as image directories or static web repositories.

data.attributes.application.webSocketsAllowed

Boolean

Whether support for the WebSockets protocol as defined in RFC 6455 is enabled.

data.attributes.backendPath

String

The back-end path specifies the internal back-end path, i.e. the path of the request sent to the application server.

data.attributes.botManagement.clientCookieSupportEnforced

Boolean

If enabled, only clients implementing a Cookie-Store will be able to access the application through this mapping. In contrast to regular browsers, most bots do not implement a Cookie-Store and will therefore be blocked if this setting is enabled.

data.attributes.botManagement.customBots.allowed

Boolean

If enabled, custom bots are not blocked.
Custom bots are identified by providing a "User-Agent" and "Domain" pattern.

data.attributes.botManagement.customBots.domainPattern.inverted

Boolean

Whether to invert the match.

data.attributes.botManagement.customBots.domainPattern.pattern

String

The actual pattern.

data.attributes.botManagement.customBots.sourceDomainEnforced

Boolean

Do not block bots whose source-domain matches the "domain pattern".

data.attributes.botManagement.customBots.userAgentPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.botManagement.customBots.userAgentPattern.inverted

Boolean

Whether to invert the match.

data.attributes.botManagement.customBots.userAgentPattern.pattern

String

The actual pattern.

data.attributes.botManagement.logOnly

Boolean

If true, requests from bots are only logged but not blocked.

data.attributes.botManagement.wellKnownBots.allowed

Boolean

Check the User-Agent to determine if a bot is well-known and do not block such bots.
Clients indicating one of the following User-Agent headers are treated as well-known bots: Googlebot, bingbot, MSNBot, Baiduspider, YandexBot, archive.org_bot, DuckDuckBot.

data.attributes.botManagement.wellKnownBots.sourceDomainEnforced

Boolean

If enabled, a reverse IP lookup for well-known bots is performed to verify that the client’s IP address belongs to the operator of a well-known bot.
This prevents bots from pretending to be a well-known bot by sending a fake "User-Agent" header.
The following domains are considered as domains of operators operating well-known bots: google.com, googlebot.com,search.msn.com, yahoo.net, baidu.com, baidu.jp, yandex.ru, yandex.net, yandex.com, archive.org, amazonaws.com (107.20.237.51, 23.21.226.191, 107.21.1.8, 54.208.102.37)

data.attributes.csrfProtection.enabled

Boolean

Whether CSRF protection is enabled.

data.attributes.csrfProtection.invalidTokenRedirectLocation

String

If a missing or invalid CSRF token is detected, the client is redirected to the configured location.

data.attributes.csrfProtection.pathExceptions[].caseIgnored

Boolean

Whether to ignore case.

data.attributes.csrfProtection.pathExceptions[].pattern

String

The actual pattern.

data.attributes.dosAttackPrevention.enabled

Boolean

Whether the DoS attack prevention filter is enabled.

data.attributes.dosAttackPrevention.interval

Number

Interval for measurement of allowed requests per IP address (seconds).

data.attributes.dosAttackPrevention.maxRequestsPerInterval

Number

Maximum requests allowed per IP address.

data.attributes.enableMaintenancePage

Boolean

Whether the maintenance page is enabled.

data.attributes.entryPath.enforceTrailingSlashes

Boolean

Whether a trailing slash is mandatory at the end of the entry path or not.

data.attributes.entryPath.ignoreCase

Boolean

Whether the entry path should be case sensitive.

data.attributes.entryPath.priority

Number

The priority guarantees a deterministic selection of the mapping for a given request path.
The value can be between -999 (highest priority) and 999 (lowest priority). It must be unique among all regular expression mappings.

data.attributes.entryPath.regexFormatEnforced

Boolean

Whether the entry path (the external URL path of the mapping) should be interpreted as regular expression or not.

data.attributes.entryPath.value

String

The entry path specifies the external URL path the mapping should be available under. For each incoming request, Airlock Gateway compares the URL with the entry path to find the right mapping.

data.attributes.expertSettings.apache

Object

Expert settings for the Apache.

data.attributes.expertSettings.apache.enabled

Boolean

Whether the Apache expert settings are enabled.

data.attributes.expertSettings.apache.settings

String

Expert settings for the Apache web listener.

data.attributes.expertSettings.securityGate

Object

Expert settings for the Security Gate.

data.attributes.expertSettings.securityGate.enabled

Boolean

Whether the Security Gate expert settings are enabled.

data.attributes.expertSettings.securityGate.settings

String

Expert settings for the Security Gate.

data.attributes.httpParameterPollutionDetection.mixedTypes

Object

Allows the detection of HTTP Parameter Pollution (HPP) attacks involving both HTTP GET and HTTP POST parameters (thus involving parameters of different/mixed types).

data.attributes.httpParameterPollutionDetection.mixedTypes.enabled

Boolean

If enabled, requests containing HTTP GET and HTTP POST parameters of the same name are blocked to prevent HPP attacks.

data.attributes.httpParameterPollutionDetection.mixedTypes.logOnly

Boolean

If true, potential HPP attack requests are only logged but not blocked.

data.attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern

Object

Parameters named with a name matching this regular expression pattern will be ignored by the HPP detection.

data.attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern.inverted

Boolean

Whether to invert the match.

data.attributes.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern.pattern

String

The actual pattern.

data.attributes.httpParameterPollutionDetection.sameType

Object

Allows the detection of HTTP Parameter Pollution (HPP) attacks involving only HTTP GET or only HTTP POST parameters (thus involving only parameters of the same type).

data.attributes.httpParameterPollutionDetection.sameType.enabled

Boolean

If enabled, parameters named with the same name and type (HTTP GET or POST) are joined together into one parameter before filtering to prevent HPP attacks.
Note: For the filtering itself, a deny rule like the default deny rule '(default) HTTP Parameter Pollution' has to be configured.

data.attributes.ipRules.dynamicIpAddressBlacklist.countMode

String

Counting mode of dynamic IP address blacklist blocks.

Allowed values:
- OFF: Blocks on this mapping are not counted for the dynamic IP address blacklist.
- ALL: All blocks on this mapping are counted for the dynamic IP address blacklist.
- DENY_RULES_ONLY: Only deny rule blocks on this mapping are counted for the dynamic IP address blacklist.

data.attributes.ipRules.dynamicIpAddressBlacklist.enabled

Boolean

If enabled, IPs on the dynamic IP address blacklist are blocked.

data.attributes.ipRules.ipAddressBlacklists.logOnly

Boolean

If true, requests whose source IP address is contained in one of the configured IP Blacklists are only logged but not blocked.

data.attributes.ipRules.ipAddressBlacklists.webrootThreatCategories

String

List of threat categories which should be blocked (;-separated string).

Categories:
SPAM_SOURCES: The Spam Sources category includes IP addresses involved in tunneling spam messages through proxy, anomalous SMTP activities, and forum spam activities.
WINDOWS_EXPLOITS: The Windows Exploits category includes IP addresses participating in the distribution of malware, shell code, rootkits, worms or viruses for Windows platforms.
WEB_ATTACKS: The Web Attacks category includes IP addresses using cross site scripting, iFrame injection, SQL injection, cross domain injection, or domain password brute force attacks to target vulnerabilities on a web server.
BOT_NETS: The Botnets category includes IP addresses acting as Botnet Command and Control (C&C) centers, and infected zombie machines controlled by the C&C servers.
SCANNERS: The Scanners category includes IP addresses involved in unauthorized reconnaissance activities such as probing, host scanning, port scanning and brute force login attempts.
DENIAL_OF_SERVICE: The Denial of Services category includes IPs addresses involved in DOS or DDOS attacks, anomalous sync flood, or anomalous traffic.
PHISHING: The Phishing category includes IP addresses hosting phishing sites and sites related to other kinds of fraudulent activities.
PROXY: The Proxy category includes IP addresses providing proxy services, including both VPN and open web proxy services.
MOBILE_THREATS: The Mobile Threats category includes IP addresses associated with malicious and unwanted mobile applications.
TOR_PROXY: The Tor Proxy category includes IP addresses acting as exit nodes for the Tor Network. Exit nodes are the last point along the proxy chain and make a direct connection to the originator’s intended destination.

data.attributes.ipRules.ipAddressWhitelists.logOnly

Boolean

If true, requests whose source IP address is not contained in one of the configured IP Whitelists are only logged but not blocked.

data.attributes.labels[]

Array

List of assigned Labels (freely defined textual tags). Labels allow grouping of mappings with a common aspect, e.g. all mappings belonging to the same application.

data.attributes.limits.general.maxPathLength

Number

Defines the maximum path length for requests to the current mapping.

data.attributes.limits.general.maxRequestBodySize

Number

Defines the maximum size of the request body. It specifies the number of bytes from 0 (meaning unlimited) to 2147483647 (2GB) that are allowed in a request body. To restrict the size of file uploads, set this limit to the maximum combined size of all files uploaded at once.

data.attributes.limits.http.maxParameterNameLength

Number

Defines the maximum length for a parameter name.

data.attributes.limits.http.maxParameterValueLength

Number

Defines the maximum length for a parameter value.

data.attributes.limits.http.maxParameters

Number

Defines the maximum number of parameters inside the request.

data.attributes.limits.json.enabled

Boolean

Whether JSON limits are enabled.

data.attributes.limits.json.maxArrayItems

Number

Defines the maximum number of items for a single JSON array (non-recursive).

data.attributes.limits.json.maxKeyLength

Number

Defines the maximum length for a JSON key, also known as "JSON property" or "JSON object member".

data.attributes.limits.json.maxKeys

Number

Defines the maximum number of keys of a single JSON object (non-recursive).

data.attributes.limits.json.maxNestingDepth

Number

Defines the maximum depth of nesting for JSON objects and JSON arrays.

data.attributes.limits.json.maxTotalEntries

Number

Defines the maximum number of keys and array items in the whole JSON document (recursive).

data.attributes.limits.json.maxValueLength

Number

Defines the maximum json value length for requests to the current mapping.

data.attributes.locking.access.authenticationFlow

Boolean

Lock for the corresponding member.

data.attributes.locking.access.backendLogoutUrl

Boolean

Lock for the corresponding member.

data.attributes.locking.access.clientCertificateAuthentication

Boolean

Lock for the corresponding member.

data.attributes.locking.access.credentialsPropagation.mandatory

Boolean

Lock for the corresponding member.

data.attributes.locking.access.credentialsPropagation.type

Boolean

Lock for the corresponding member.

data.attributes.locking.access.deniedUrl.mode

Boolean

Lock for the corresponding member.

data.attributes.locking.access.deniedUrl.value

Boolean

Lock for the corresponding member.

data.attributes.locking.access.ntlmPassthroughEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.restrictions

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.cookieExtraction.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.cookieExtraction.name

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.headerExtraction.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.headerExtraction.extractionPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.headerExtraction.replaceWith

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.parameterExtraction.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.parameterExtraction.name

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenTransport.presenceMandatoryEnforced

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.claimRestrictions

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.expiryCheckEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.expiryCheckSkew

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.extractTechnicalClientIdEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.extractTechnicalClientIdName

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.localJwksProviders

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.remoteJwksProviders

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.roleExtractions

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokenVerification.setAuditTokenFromSubjectEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.access.tokensEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionCookie.cookieName

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionCookie.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionHeader.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionHeader.extractionPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionHeader.replaceWith

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionQueryParameter.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyKeyExtractionQueryParameter.parameterName

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyServiceEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.apiPolicyServiceId

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.jsonParser.contentTypePattern

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.jsonParser.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.logOnly

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiCheckResponsesEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiDocumentId

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiEnforced

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiPathMatching

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiPublishSpecificationEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.openApiPublishSpecificationPath

Boolean

Lock for the corresponding member.

data.attributes.locking.apiSecurity.treatPathSegmentsAsParamValues

Boolean

Lock for the corresponding member.

data.attributes.locking.application.controlApiAllowed

Boolean

Lock for the corresponding member.

data.attributes.locking.application.encryptedCookies.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.encryptedCookies.prefix

Boolean

Lock for the corresponding member.

data.attributes.locking.application.environmentCookiesEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.loadBalancingCookieEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.passthroughCookies.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.passthroughCookies.prefix

Boolean

Lock for the corresponding member.

data.attributes.locking.application.redirectForErrorPageEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.charset

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.header.allowlist.additional

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.header.allowlist.defaultEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.header.denylist.additional

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.header.denylist.defaultEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.header.enforceUtf8

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.parameter.enforceUtf8

Boolean

Lock for the corresponding member.

data.attributes.locking.application.request.path.enforceUtf8

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.body.rewrites

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.compressionAllowed

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.errorPage.rewrites

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.header.allowlist.additional

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.header.allowlist.defaultEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.header.denylist.additional

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.header.denylist.defaultEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.header.location.rewrites

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.html.rewrites

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.json.rewrites

Boolean

Lock for the corresponding member.

data.attributes.locking.application.response.stripCommentsEnabled

Boolean

Lock for the corresponding member.

data.attributes.locking.application.sessionHandling

Boolean

Lock for the corresponding member.

data.attributes.locking.application.webSocketsAllowed

Boolean

Lock for the corresponding member.

data.attributes.locking.backendPath

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.clientCookieSupportEnforced

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.customBots.allowed

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.customBots.domainPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.customBots.sourceDomainEnforced

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.customBots.userAgentPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.logOnly

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.wellKnownBots.allowed

Boolean

Lock for the corresponding member.

data.attributes.locking.botManagement.wellKnownBots.sourceDomainEnforced

Boolean

Lock for the corresponding member.

data.attributes.locking.csrfProtection.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.csrfProtection.invalidTokenRedirectLocation

Boolean

Lock for the corresponding member.

data.attributes.locking.csrfProtection.pathExceptions

Boolean

Lock for the corresponding member.

data.attributes.locking.dosAttackPrevention.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.dosAttackPrevention.interval

Boolean

Lock for the corresponding member.

data.attributes.locking.dosAttackPrevention.maxRequestsPerInterval

Boolean

Lock for the corresponding member.

data.attributes.locking.enableMaintenancePage

Boolean

Lock for the corresponding member.

data.attributes.locking.enabled

Boolean

If true, the state of the attribute locks is displayed in Airlock Gateway’s Configuration Center for this mapping.

data.attributes.locking.entryPath.enforceTrailingSlashes

Boolean

Lock for the corresponding member.

data.attributes.locking.entryPath.priority

Boolean

Lock for the corresponding member.

data.attributes.locking.entryPath.regexFormatEnforced

Boolean

Lock for the corresponding member.

data.attributes.locking.entryPath.settings

Boolean

Lock for the corresponding member. Note that this lock affects both the EntryPath’s 'value' and 'ignoreCase'.

data.attributes.locking.httpParameterPollutionDetection.mixedTypes.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.httpParameterPollutionDetection.mixedTypes.logOnly

Boolean

Lock for the corresponding member.

data.attributes.locking.httpParameterPollutionDetection.mixedTypes.parameterNameExceptionPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.httpParameterPollutionDetection.sameType.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.icap.request.backendViews

Boolean

Lock for the corresponding member.

data.attributes.locking.icap.request.clientViews

Boolean

Lock for the corresponding member.

data.attributes.locking.icap.response.backendViews

Boolean

Lock for the corresponding member.

data.attributes.locking.icap.response.clientViews

Boolean

Lock for the corresponding member.

data.attributes.locking.ipRules.dynamicIpAddressBlacklist.countMode

Boolean

Lock for the corresponding member.

data.attributes.locking.ipRules.dynamicIpAddressBlacklist.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.ipRules.ipAddressBlacklists.logOnly

Boolean

Lock for the corresponding member.

data.attributes.locking.ipRules.ipAddressWhitelists.logOnly

Boolean

Lock for the corresponding member.

data.attributes.locking.labels

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.general.maxPathLength

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.general.maxRequestBodySize

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.http.maxParameterNameLength

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.http.maxParameterValueLength

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.http.maxParameters

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.maxArrayItems

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.maxKeyLength

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.maxKeys

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.maxNestingDepth

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.maxTotalEntries

Boolean

Lock for the corresponding member.

data.attributes.locking.limits.json.maxValueLength

Boolean

Lock for the corresponding member.

data.attributes.locking.operationalMode

Boolean

Lock for the corresponding member.

data.attributes.locking.requestBodyStreaming.contentTypePattern

Boolean

Lock for the corresponding member.

data.attributes.locking.requestBodyStreaming.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.requestBodyStreaming.httpMethodPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.requestBodyStreaming.pathPattern

Boolean

Lock for the corresponding member.

data.attributes.locking.threatHandling

Boolean

Lock for the corresponding member.

data.attributes.locking.timeouts.backend

Boolean

Lock for the corresponding member.

data.attributes.locking.timeouts.sessionIdle

Boolean

Lock for the corresponding member.

data.attributes.name

String

The unique name of the mapping.

data.attributes.operationalMode

String

The mode in which the mapping runs.

Allowed values:
- PRODUCTION: Standard mode of operation.
- INTEGRATION: More information is logged about all requests and responses (may decrease performance).

data.attributes.requestBodyStreaming.contentTypePattern

Object

Only requests whose content type header matches this regular expression pattern will be streamed.

data.attributes.requestBodyStreaming.contentTypePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.requestBodyStreaming.contentTypePattern.inverted

Boolean

Whether to invert the match.

data.attributes.requestBodyStreaming.contentTypePattern.pattern

String

The actual pattern.

data.attributes.requestBodyStreaming.enabled

Boolean

Whether request body streaming is enabled. If enabled, only requests matching all three regular expression patterns will be streamed.
Empty fields have the same effect as the pattern ^.*$

data.attributes.requestBodyStreaming.httpMethodPattern

Object

Only requests whose HTTP method matches this regular expression pattern will be streamed.

data.attributes.requestBodyStreaming.httpMethodPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.requestBodyStreaming.httpMethodPattern.inverted

Boolean

Whether to invert the match.

data.attributes.requestBodyStreaming.httpMethodPattern.pattern

String

The actual pattern.

data.attributes.requestBodyStreaming.pathPattern

Object

Only requests whose path matches this regular expression pattern will be streamed.

data.attributes.requestBodyStreaming.pathPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.requestBodyStreaming.pathPattern.inverted

Boolean

Whether to invert the match.

data.attributes.requestBodyStreaming.pathPattern.pattern

String

The actual pattern.

data.attributes.tenant

String

Tenant of the mapping.

data.attributes.threatHandling

String

Defines how policy violations, e.g., missing allow rules, matching deny rules, URL encryption and form protection violations, are handled.

Allowed values:
- BLOCK: Requests violating policies are blocked. The session (if available) remains valid.
- TERMINATE_SESSION: Requests violating policies are blocked. The session (if available) is terminated.
- NOTIFY: Requests violating policies are not blocked. The violation is logged and notified.

data.attributes.timeouts.backend

Number

Defines the time (seconds) Airlock Gateway will wait for the back-end response.
In case the request runs into the timeout, Airlock Gateway will send a redirect to the HTTP 503 Service unavailable error page with the corresponding HTTP 503 status code. If In-band Health Checks are configured, then such a request will be counted as a failed request, potentially leading to the back-end server being marked as bad.

data.attributes.timeouts.sessionIdle

Number

Defines the minimum session idle time (seconds) of Airlock Gateway for this mapping.
The value will be ignored if minimum session idle timeout is smaller or equal to the global session idle timeout setting.

data.relationships.virtual-hosts.data[]

Array

The virtual-host references.

data.relationships.virtual-hosts.data[].type

String

The data type of the referenced resource. Must be "virtual-host" for this call.

data.relationships.virtual-hosts.data[].id

String

The ID of the virtual-host resource.

data.relationships.back-end-groups.data[]

Array

The back-end-group references.

data.relationships.back-end-groups.data[].type

String

The data type of the referenced resource. Must be "back-end-group" for this call.

data.relationships.back-end-groups.data[].id

String

The ID of the back-end-group resource.

data.relationships.local-json-web-key-sets.data[]

Array

The local-json-web-key-set references.

data.relationships.local-json-web-key-sets.data[].type

String

The data type of the referenced resource. Must be "local-json-web-key-set" for this call.

data.relationships.local-json-web-key-sets.data[].id

String

The ID of the local-json-web-key-set resource.

data.relationships.remote-json-web-key-sets.data[]

Array

The remote-json-web-key-set references.

data.relationships.remote-json-web-key-sets.data[].type

String

The data type of the referenced resource. Must be "remote-json-web-key-set" for this call.

data.relationships.remote-json-web-key-sets.data[].id

String

The ID of the remote-json-web-key-set resource.

data.relationships.openapi-document.data

Object

The openapi-document references.

data.relationships.openapi-document.data.type

String

The data type of the referenced resource. Must be "openapi-document" for this call.

data.relationships.openapi-document.data.id

String

The ID of the openapi-document resource.

data.relationships.api-policy-service.data

Object

The api-policy-service references.

data.relationships.api-policy-service.data.type

String

The data type of the referenced resource. Must be "api-policy-service" for this call.

data.relationships.api-policy-service.data.id

String

The ID of the api-policy-service resource.

data.relationships.ip-address-whitelists.data[]

Array

The ip-address-list references.

data.relationships.ip-address-whitelists.data[].type

String

The data type of the referenced resource. Must be "ip-address-list" for this call.

data.relationships.ip-address-whitelists.data[].id

String

The ID of the ip-address-list resource.

data.relationships.ip-address-blacklists.data[]

Array

The ip-address-list references.

data.relationships.ip-address-blacklists.data[].type

String

The data type of the referenced resource. Must be "ip-address-list" for this call.

data.relationships.ip-address-blacklists.data[].id

String

The ID of the ip-address-list resource.

data.relationships.ip-address-blacklist-exceptions.data[]

Array

The ip-address-list references.

data.relationships.ip-address-blacklist-exceptions.data[].type

String

The data type of the referenced resource. Must be "ip-address-list" for this call.

data.relationships.ip-address-blacklist-exceptions.data[].id

String

The ID of the ip-address-list resource.

data.relationships.request-frequency-filter-ip-address-whitelist.data[]

Array

The ip-address-list references.

data.relationships.request-frequency-filter-ip-address-whitelist.data[].type

String

The data type of the referenced resource. Must be "ip-address-list" for this call.

data.relationships.request-frequency-filter-ip-address-whitelist.data[].id

String

The ID of the ip-address-list resource.

data.relationships.bot-management-source-ip-address-whitelist.data

Object

The ip-address-list references.

data.relationships.bot-management-source-ip-address-whitelist.data.type

String

The data type of the referenced resource. Must be "ip-address-list" for this call.

data.relationships.bot-management-source-ip-address-whitelist.data.id

String

The ID of the ip-address-list resource.

data.relationships.icap-request-client-views.data[]

Array

The icap-environment references.

data.relationships.icap-request-client-views.data[].type

String

The data type of the referenced resource. Must be "icap-environment" for this call.

data.relationships.icap-request-client-views.data[].id

String

The ID of the icap-environment resource.

data.relationships.icap-request-client-views.data[].meta.type

String

The JSON API meta type, which is: "jsonapi.meta"

data.relationships.icap-request-client-views.data[].meta.usage.enabled

Boolean

Whether this ICAP handler is enabled.

data.relationships.icap-request-client-views.data[].meta.usage.httpMethodPattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-request-client-views.data[].meta.usage.httpMethodPattern.inverted

String

Whether to invert the match.

data.relationships.icap-request-client-views.data[].meta.usage.httpMethodPattern.pattern

String

The actual pattern.

data.relationships.icap-request-client-views.data[].meta.usage.pathPattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-request-client-views.data[].meta.usage.pathPattern.inverted

String

Whether to invert the match.

data.relationships.icap-request-client-views.data[].meta.usage.pathPattern.pattern

String

The actual pattern.

data.relationships.icap-request-client-views.data[].meta.usage.requestHeaderNamePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-request-client-views.data[].meta.usage.requestHeaderNamePattern.inverted

String

Whether to invert the match.

data.relationships.icap-request-client-views.data[].meta.usage.requestHeaderNamePattern.pattern

String

The actual pattern.

data.relationships.icap-request-client-views.data[].meta.usage.requestHeaderValuePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-request-client-views.data[].meta.usage.requestHeaderValuePattern.inverted

String

Whether to invert the match.

data.relationships.icap-request-client-views.data[].meta.usage.requestHeaderValuePattern.pattern

String

The actual pattern.

data.relationships.icap-request-backend-views.data[]

Array

The icap-environment references.

data.relationships.icap-request-backend-views.data[].type

String

The data type of the referenced resource. Must be "icap-environment" for this call.

data.relationships.icap-request-backend-views.data[].id

String

The ID of the icap-environment resource.

data.relationships.icap-request-backend-views.data[].meta.type

String

The JSON API meta type, which is: "jsonapi.meta"

data.relationships.icap-request-backend-views.data[].meta.usage.enabled

Boolean

Whether this ICAP handler is enabled.

data.relationships.icap-request-backend-views.data[].meta.usage.httpMethodPattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-request-backend-views.data[].meta.usage.httpMethodPattern.inverted

String

Whether to invert the match.

data.relationships.icap-request-backend-views.data[].meta.usage.httpMethodPattern.pattern

String

The actual pattern.

data.relationships.icap-request-backend-views.data[].meta.usage.pathPattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-request-backend-views.data[].meta.usage.pathPattern.inverted

String

Whether to invert the match.

data.relationships.icap-request-backend-views.data[].meta.usage.pathPattern.pattern

String

The actual pattern.

data.relationships.icap-request-backend-views.data[].meta.usage.requestHeaderNamePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-request-backend-views.data[].meta.usage.requestHeaderNamePattern.inverted

String

Whether to invert the match.

data.relationships.icap-request-backend-views.data[].meta.usage.requestHeaderNamePattern.pattern

String

The actual pattern.

data.relationships.icap-request-backend-views.data[].meta.usage.requestHeaderValuePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-request-backend-views.data[].meta.usage.requestHeaderValuePattern.inverted

String

Whether to invert the match.

data.relationships.icap-request-backend-views.data[].meta.usage.requestHeaderValuePattern.pattern

String

The actual pattern.

data.relationships.icap-response-backend-views.data[]

Array

The icap-environment references.

data.relationships.icap-response-backend-views.data[].type

String

The data type of the referenced resource. Must be "icap-environment" for this call.

data.relationships.icap-response-backend-views.data[].id

String

The ID of the icap-environment resource.

data.relationships.icap-response-backend-views.data[].meta.type

String

The JSON API meta type, which is: "jsonapi.meta"

data.relationships.icap-response-backend-views.data[].meta.usage.enabled

Boolean

Whether this ICAP handler is enabled.

data.relationships.icap-response-backend-views.data[].meta.usage.httpMethodPattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-backend-views.data[].meta.usage.httpMethodPattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-backend-views.data[].meta.usage.httpMethodPattern.pattern

String

The actual pattern.

data.relationships.icap-response-backend-views.data[].meta.usage.pathPattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-backend-views.data[].meta.usage.pathPattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-backend-views.data[].meta.usage.pathPattern.pattern

String

The actual pattern.

data.relationships.icap-response-backend-views.data[].meta.usage.requestHeaderNamePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-backend-views.data[].meta.usage.requestHeaderNamePattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-backend-views.data[].meta.usage.requestHeaderNamePattern.pattern

String

The actual pattern.

data.relationships.icap-response-backend-views.data[].meta.usage.requestHeaderValuePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-backend-views.data[].meta.usage.requestHeaderValuePattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-backend-views.data[].meta.usage.requestHeaderValuePattern.pattern

String

The actual pattern.

data.relationships.icap-response-backend-views.data[].meta.usage.responseHeaderNamePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-backend-views.data[].meta.usage.responseHeaderNamePattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-backend-views.data[].meta.usage.responseHeaderNamePattern.pattern

String

The actual pattern.

data.relationships.icap-response-backend-views.data[].meta.usage.responseHeaderValuePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-backend-views.data[].meta.usage.responseHeaderValuePattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-backend-views.data[].meta.usage.responseHeaderValuePattern.pattern

String

The actual pattern.

data.relationships.icap-response-client-views.data[]

Array

The icap-environment references.

data.relationships.icap-response-client-views.data[].type

String

The data type of the referenced resource. Must be "icap-environment" for this call.

data.relationships.icap-response-client-views.data[].id

String

The ID of the icap-environment resource.

data.relationships.icap-response-client-views.data[].meta.type

String

The JSON API meta type, which is: "jsonapi.meta"

data.relationships.icap-response-client-views.data[].meta.usage.enabled

Boolean

Whether this ICAP handler is enabled.

data.relationships.icap-response-client-views.data[].meta.usage.httpMethodPattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-client-views.data[].meta.usage.httpMethodPattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-client-views.data[].meta.usage.httpMethodPattern.pattern

String

The actual pattern.

data.relationships.icap-response-client-views.data[].meta.usage.pathPattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-client-views.data[].meta.usage.pathPattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-client-views.data[].meta.usage.pathPattern.pattern

String

The actual pattern.

data.relationships.icap-response-client-views.data[].meta.usage.requestHeaderNamePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-client-views.data[].meta.usage.requestHeaderNamePattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-client-views.data[].meta.usage.requestHeaderNamePattern.pattern

String

The actual pattern.

data.relationships.icap-response-client-views.data[].meta.usage.requestHeaderValuePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-client-views.data[].meta.usage.requestHeaderValuePattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-client-views.data[].meta.usage.requestHeaderValuePattern.pattern

String

The actual pattern.

data.relationships.icap-response-client-views.data[].meta.usage.responseHeaderNamePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-client-views.data[].meta.usage.responseHeaderNamePattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-client-views.data[].meta.usage.responseHeaderNamePattern.pattern

String

The actual pattern.

data.relationships.icap-response-client-views.data[].meta.usage.responseHeaderValuePattern.caseIgnored

String

Whether to ignore case.

data.relationships.icap-response-client-views.data[].meta.usage.responseHeaderValuePattern.inverted

String

Whether to invert the match.

data.relationships.icap-response-client-views.data[].meta.usage.responseHeaderValuePattern.pattern

String

The actual pattern.

data.relationships.anomaly-shield-application.data

Object

The anomaly-shield-application references.

data.relationships.anomaly-shield-application.data.type

String

The data type of the referenced resource. Must be "anomaly-shield-application" for this call.

data.relationships.anomaly-shield-application.data.id

String

The ID of the anomaly-shield-application resource.

data.relationships.template.data

Object

The mapping-template references.

data.relationships.template.data.type

String

The data type of the referenced resource. Must be "mapping-template" for this call.

data.relationships.template.data.id

String

The ID of the mapping-template resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "mapping",
    "id" : "1",
    "attributes" : {
      "name" : "mymapping",
      "labels" : [ "labelA", "labelB" ],
      "tenant" : "AirlockBankingCo",
      "entryPath" : {
        "value" : "/entryPathA/",
        "enforceTrailingSlashes" : true,
        "regexFormatEnforced" : true,
        "ignoreCase" : true,
        "priority" : 0
      },
      "backendPath" : "/backendA/",
      "threatHandling" : "BLOCK",
      "operationalMode" : "PRODUCTION",
      "enableMaintenancePage" : true,
      "access" : {
        "deniedUrl" : {
          "value" : "/auth/login",
          "mode" : "GLOBAL"
        },
        "restrictions" : [ {
          "enabled" : true,
          "httpMethodPattern" : {
            "pattern" : "[GET|POST|DELETE]",
            "caseIgnored" : true,
            "inverted" : true
          },
          "entryPathPattern" : {
            "pattern" : "/admin/",
            "caseIgnored" : true,
            "inverted" : true
          },
          "authorizedRoles" : [ "admin" ],
          "authorizedPlans" : [ "android", "ios", "browser" ]
        } ],
        "clientCertificateAuthentication" : "NOT_REQUIRED",
        "authenticationFlow" : "REDIRECT",
        "backendLogoutUrl" : "/backendA/logout",
        "ntlmPassthroughEnabled" : true,
        "credentialsPropagation" : {
          "mandatory" : true,
          "type" : "BASIC_AUTH"
        },
        "tokensEnabled" : true,
        "tokenTransport" : {
          "presenceMandatoryEnforced" : true,
          "headerExtraction" : {
            "enabled" : true,
            "extractionPattern" : {
              "pattern" : "mypattern",
              "caseIgnored" : true
            },
            "replaceWith" : "$1"
          },
          "parameterExtraction" : {
            "enabled" : true,
            "name" : "paramExtraction"
          },
          "cookieExtraction" : {
            "enabled" : true,
            "name" : "EXTRACTION_COOKIE"
          }
        },
        "tokenVerification" : {
          "signatureCheckEnforced" : true,
          "expiryCheckEnabled" : true,
          "expiryCheckSkew" : 42,
          "extractTechnicalClientIdEnabled" : true,
          "extractTechnicalClientIdName" : "TechnicalClientID",
          "setAuditTokenFromSubjectEnabled" : true,
          "claimRestrictions" : [ {
            "enabled" : true,
            "name" : "myrestriction",
            "restrictionPattern" : {
              "pattern" : "myRestriction",
              "caseIgnored" : true,
              "inverted" : true
            }
          } ],
          "roleExtractions" : [ {
            "enabled" : true,
            "name" : "myextraction",
            "extractionPattern" : {
              "pattern" : "extractionPattern",
              "caseIgnored" : true
            },
            "replaceWith" : "$1",
            "tokenLifetimeAsRoleLifetimeEnforced" : true
          } ]
        }
      },
      "ipRules" : {
        "ipAddressWhitelists" : {
          "logOnly" : true
        },
        "ipAddressBlacklists" : {
          "logOnly" : true,
          "webrootThreatCategories" : ""
        },
        "dynamicIpAddressBlacklist" : {
          "enabled" : true,
          "countMode" : "ALL"
        }
      },
      "botManagement" : {
        "logOnly" : false,
        "clientCookieSupportEnforced" : true,
        "wellKnownBots" : {
          "allowed" : true,
          "sourceDomainEnforced" : true
        },
        "customBots" : {
          "allowed" : true,
          "sourceDomainEnforced" : true,
          "userAgentPattern" : {
            "pattern" : "",
            "caseIgnored" : false,
            "inverted" : false
          },
          "domainPattern" : {
            "pattern" : "",
            "inverted" : false
          }
        }
      },
      "timeouts" : {
        "backend" : 120,
        "sessionIdle" : 0
      },
      "limits" : {
        "general" : {
          "maxRequestBodySize" : 222,
          "maxPathLength" : 111
        },
        "http" : {
          "maxParameters" : 2222,
          "maxParameterNameLength" : 1111,
          "maxParameterValueLength" : 3333
        },
        "json" : {
          "enabled" : true,
          "maxKeyLength" : 48,
          "maxValueLength" : 42,
          "maxNestingDepth" : 2000,
          "maxArrayItems" : 1000,
          "maxKeys" : 4000,
          "maxTotalEntries" : 3000
        }
      },
      "csrfProtection" : {
        "enabled" : true,
        "invalidTokenRedirectLocation" : "%ENTRY_PATH%/index.html",
        "pathExceptions" : [ {
          "pattern" : "^/exception/.*",
          "caseIgnored" : true
        } ]
      },
      "application" : {
        "sessionHandling" : "ENFORCE_SESSION",
        "controlApiAllowed" : true,
        "environmentCookiesEnabled" : true,
        "encryptedCookies" : {
          "enabled" : true,
          "prefix" : "ENCRYPT.*"
        },
        "passthroughCookies" : {
          "enabled" : true,
          "prefix" : "PASSTHROUGH.*"
        },
        "loadBalancingCookieEnabled" : true,
        "webSocketsAllowed" : true,
        "redirectForErrorPageEnabled" : true,
        "request" : {
          "charset" : "UTF_8_FALLBACK_WINDOWS_1252",
          "path" : {
            "enforceUtf8" : true
          },
          "header" : {
            "enforceUtf8" : true,
            "allowlist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$ "
              }
            },
            "denylist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$"
              }
            }
          },
          "parameter" : {
            "enforceUtf8" : true
          }
        },
        "response" : {
          "compressionAllowed" : true,
          "stripCommentsEnabled" : true,
          "header" : {
            "allowlist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$"
              }
            },
            "denylist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$"
              }
            },
            "location" : {
              "rewrites" : [ {
                "enabled" : true,
                "urlPattern" : {
                  "pattern" : "/test/",
                  "caseIgnored" : true
                },
                "replaceWith" : "$1"
              } ]
            }
          },
          "json" : {
            "rewrites" : [ {
              "enabled" : true,
              "path" : "$.address.city",
              "contentPattern" : {
                "pattern" : "Basel",
                "caseIgnored" : true
              },
              "replaceWith" : "Zurich"
            } ]
          },
          "body" : {
            "rewrites" : [ {
              "enabled" : true,
              "contentType" : "application/json",
              "contentPattern" : {
                "pattern" : "test",
                "caseIgnored" : true
              },
              "replaceWith" : "test2"
            } ]
          },
          "html" : {
            "rewrites" : [ {
              "enabled" : true,
              "urlPattern" : {
                "pattern" : "^https?://www.mydomain.com(/[^'\"]*)$",
                "caseIgnored" : true
              },
              "uris" : true,
              "events" : true,
              "embedded" : true,
              "replaceWith" : "$1"
            } ]
          },
          "errorPage" : {
            "rewrites" : [ {
              "enabled" : true,
              "statusContentPattern" : "^5(?!02|03)..$",
              "replaceWith" : "500.html"
            } ]
          }
        }
      },
      "apiSecurity" : {
        "treatPathSegmentsAsParamValues" : true,
        "jsonParser" : {
          "enabled" : true,
          "contentTypePattern" : {
            "pattern" : "application/json",
            "caseIgnored" : true,
            "inverted" : true
          }
        },
        "openApiEnforced" : true,
        "openApiCheckResponsesEnabled" : true,
        "logOnly" : true,
        "openApiPathMatching" : "ClientView",
        "openApiPublishSpecificationEnabled" : true,
        "openApiPublishSpecificationPath" : "path/to/apiSpecification.json",
        "apiPolicyServiceEnabled" : true,
        "apiPolicyKeyExtractionHeader" : {
          "enabled" : true,
          "extractionPattern" : {
            "pattern" : "^Api-Key: (.*)$",
            "caseIgnored" : false,
            "inverted" : false
          },
          "replaceWith" : "$1"
        },
        "apiPolicyKeyExtractionQueryParameter" : {
          "enabled" : true,
          "parameterName" : "api_key"
        },
        "apiPolicyKeyExtractionCookie" : {
          "enabled" : true,
          "cookieName" : "ApiKey"
        }
      },
      "dosAttackPrevention" : {
        "enabled" : true,
        "maxRequestsPerInterval" : 500,
        "interval" : 60
      },
      "requestBodyStreaming" : {
        "enabled" : true,
        "httpMethodPattern" : {
          "pattern" : "^GET$",
          "caseIgnored" : true,
          "inverted" : false
        },
        "pathPattern" : {
          "pattern" : "/path/",
          "caseIgnored" : false,
          "inverted" : false
        },
        "contentTypePattern" : {
          "pattern" : "video/mpeg",
          "caseIgnored" : false,
          "inverted" : false
        }
      },
      "httpParameterPollutionDetection" : {
        "mixedTypes" : {
          "enabled" : false,
          "logOnly" : true,
          "parameterNameExceptionPattern" : {
            "pattern" : "",
            "caseIgnored" : true,
            "inverted" : true
          }
        },
        "sameType" : {
          "enabled" : false
        }
      },
      "expertSettings" : {
        "securityGate" : {
          "enabled" : true,
          "settings" : "AuthenticatedSessionsWarningPercentage            \"90\""
        },
        "apache" : {
          "enabled" : true,
          "settings" : "MaxConnectionsPerChild  15000"
        }
      },
      "locking" : {
        "enabled" : true,
        "labels" : true,
        "access" : {
          "deniedUrl" : {
            "value" : true,
            "mode" : true
          },
          "restrictions" : true,
          "clientCertificateAuthentication" : true,
          "authenticationFlow" : true,
          "backendLogoutUrl" : true,
          "ntlmPassthroughEnabled" : true,
          "credentialsPropagation" : {
            "mandatory" : true,
            "type" : true
          },
          "tokensEnabled" : true,
          "tokenVerification" : {
            "localJwksProviders" : true,
            "remoteJwksProviders" : true,
            "expiryCheckEnabled" : true,
            "expiryCheckSkew" : true,
            "claimRestrictions" : true,
            "roleExtractions" : true,
            "extractTechnicalClientIdEnabled" : true,
            "extractTechnicalClientIdName" : true,
            "setAuditTokenFromSubjectEnabled" : true
          },
          "tokenTransport" : {
            "presenceMandatoryEnforced" : true,
            "headerExtraction" : {
              "enabled" : true,
              "extractionPattern" : true,
              "replaceWith" : true
            },
            "parameterExtraction" : {
              "enabled" : true,
              "name" : true
            },
            "cookieExtraction" : {
              "enabled" : true,
              "name" : true
            }
          }
        },
        "entryPath" : {
          "settings" : true,
          "enforceTrailingSlashes" : true,
          "regexFormatEnforced" : true,
          "priority" : true
        },
        "backendPath" : true,
        "threatHandling" : true,
        "operationalMode" : true,
        "enableMaintenancePage" : true,
        "ipRules" : {
          "ipAddressWhitelists" : {
            "logOnly" : true
          },
          "ipAddressBlacklists" : {
            "logOnly" : true
          },
          "dynamicIpAddressBlacklist" : {
            "enabled" : true,
            "countMode" : true
          }
        },
        "botManagement" : {
          "logOnly" : false,
          "clientCookieSupportEnforced" : true,
          "wellKnownBots" : {
            "allowed" : true,
            "sourceDomainEnforced" : true
          },
          "customBots" : {
            "allowed" : true,
            "sourceDomainEnforced" : true,
            "userAgentPattern" : true,
            "domainPattern" : true
          }
        },
        "timeouts" : {
          "backend" : true,
          "sessionIdle" : true
        },
        "limits" : {
          "general" : {
            "maxRequestBodySize" : true,
            "maxPathLength" : true
          },
          "http" : {
            "maxParameters" : true,
            "maxParameterNameLength" : true,
            "maxParameterValueLength" : true
          },
          "json" : {
            "enabled" : true,
            "maxKeyLength" : true,
            "maxValueLength" : true,
            "maxNestingDepth" : true,
            "maxArrayItems" : true,
            "maxKeys" : true,
            "maxTotalEntries" : true
          }
        },
        "csrfProtection" : {
          "enabled" : true,
          "invalidTokenRedirectLocation" : true,
          "pathExceptions" : true
        },
        "application" : {
          "sessionHandling" : true,
          "controlApiAllowed" : true,
          "environmentCookiesEnabled" : true,
          "encryptedCookies" : {
            "enabled" : true,
            "prefix" : true
          },
          "passthroughCookies" : {
            "enabled" : true,
            "prefix" : true
          },
          "loadBalancingCookieEnabled" : true,
          "webSocketsAllowed" : true,
          "redirectForErrorPageEnabled" : true,
          "request" : {
            "charset" : true,
            "path" : {
              "enforceUtf8" : true
            },
            "header" : {
              "enforceUtf8" : true,
              "allowlist" : {
                "defaultEnabled" : true,
                "additional" : true
              },
              "denylist" : {
                "defaultEnabled" : true,
                "additional" : true
              }
            },
            "parameter" : {
              "enforceUtf8" : true
            }
          },
          "response" : {
            "compressionAllowed" : true,
            "stripCommentsEnabled" : true,
            "header" : {
              "allowlist" : {
                "defaultEnabled" : true,
                "additional" : true
              },
              "denylist" : {
                "defaultEnabled" : true,
                "additional" : true
              },
              "location" : {
                "rewrites" : true
              }
            },
            "json" : {
              "rewrites" : true
            },
            "body" : {
              "rewrites" : true
            },
            "html" : {
              "rewrites" : true
            },
            "errorPage" : {
              "rewrites" : true
            }
          }
        },
        "apiSecurity" : {
          "treatPathSegmentsAsParamValues" : true,
          "jsonParser" : {
            "enabled" : true,
            "contentTypePattern" : true
          },
          "openApiEnforced" : true,
          "openApiCheckResponsesEnabled" : true,
          "openApiDocumentId" : true,
          "logOnly" : true,
          "openApiPathMatching" : true,
          "openApiPublishSpecificationEnabled" : true,
          "openApiPublishSpecificationPath" : true,
          "apiPolicyServiceEnabled" : true,
          "apiPolicyServiceId" : true,
          "apiPolicyKeyExtractionHeader" : {
            "enabled" : true,
            "extractionPattern" : true,
            "replaceWith" : true
          },
          "apiPolicyKeyExtractionQueryParameter" : {
            "enabled" : true,
            "parameterName" : true
          },
          "apiPolicyKeyExtractionCookie" : {
            "enabled" : true,
            "cookieName" : true
          }
        },
        "dosAttackPrevention" : {
          "enabled" : true,
          "maxRequestsPerInterval" : true,
          "interval" : true
        },
        "requestBodyStreaming" : {
          "enabled" : true,
          "httpMethodPattern" : true,
          "pathPattern" : true,
          "contentTypePattern" : true
        },
        "httpParameterPollutionDetection" : {
          "mixedTypes" : {
            "enabled" : true,
            "logOnly" : true,
            "parameterNameExceptionPattern" : true
          },
          "sameType" : {
            "enabled" : true
          }
        },
        "icap" : {
          "request" : {
            "clientViews" : true,
            "backendViews" : true
          },
          "response" : {
            "backendViews" : true,
            "clientViews" : true
          }
        }
      }
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 23210

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:10.855Z"
  },
  "data" : {
    "type" : "mapping",
    "id" : "1",
    "attributes" : {
      "name" : "mymapping",
      "labels" : [ "labelA", "labelB" ],
      "tenant" : "AirlockBankingCo",
      "entryPath" : {
        "value" : "/entryPathA/",
        "enforceTrailingSlashes" : true,
        "regexFormatEnforced" : true,
        "ignoreCase" : true,
        "priority" : 0
      },
      "backendPath" : "/backendA/",
      "threatHandling" : "BLOCK",
      "operationalMode" : "PRODUCTION",
      "enableMaintenancePage" : true,
      "access" : {
        "deniedUrl" : {
          "value" : "/auth/login",
          "mode" : "GLOBAL"
        },
        "restrictions" : [ {
          "enabled" : true,
          "httpMethodPattern" : {
            "pattern" : "[GET|POST|DELETE]",
            "caseIgnored" : true,
            "inverted" : true
          },
          "entryPathPattern" : {
            "pattern" : "/admin/",
            "caseIgnored" : true,
            "inverted" : true
          },
          "authorizedRoles" : [ "admin" ],
          "authorizedPlans" : [ "android", "ios", "browser" ]
        } ],
        "clientCertificateAuthentication" : "NOT_REQUIRED",
        "authenticationFlow" : "REDIRECT",
        "backendLogoutUrl" : "/backendA/logout",
        "ntlmPassthroughEnabled" : true,
        "credentialsPropagation" : {
          "mandatory" : true,
          "type" : "BASIC_AUTH"
        },
        "tokensEnabled" : true,
        "tokenTransport" : {
          "presenceMandatoryEnforced" : true,
          "headerExtraction" : {
            "enabled" : true,
            "extractionPattern" : {
              "pattern" : "mypattern",
              "caseIgnored" : true
            },
            "replaceWith" : "$1"
          },
          "parameterExtraction" : {
            "enabled" : true,
            "name" : "paramExtraction"
          },
          "cookieExtraction" : {
            "enabled" : true,
            "name" : "EXTRACTION_COOKIE"
          }
        },
        "tokenVerification" : {
          "signatureCheckEnforced" : true,
          "expiryCheckEnabled" : true,
          "expiryCheckSkew" : 42,
          "extractTechnicalClientIdEnabled" : true,
          "extractTechnicalClientIdName" : "TechnicalClientID",
          "setAuditTokenFromSubjectEnabled" : true,
          "claimRestrictions" : [ {
            "enabled" : true,
            "name" : "myrestriction",
            "restrictionPattern" : {
              "pattern" : "myRestriction",
              "caseIgnored" : true,
              "inverted" : true
            }
          } ],
          "roleExtractions" : [ {
            "enabled" : true,
            "name" : "myextraction",
            "extractionPattern" : {
              "pattern" : "extractionPattern",
              "caseIgnored" : true
            },
            "replaceWith" : "$1",
            "tokenLifetimeAsRoleLifetimeEnforced" : true
          } ]
        }
      },
      "ipRules" : {
        "ipAddressWhitelists" : {
          "logOnly" : true
        },
        "ipAddressBlacklists" : {
          "logOnly" : true,
          "webrootThreatCategories" : ""
        },
        "dynamicIpAddressBlacklist" : {
          "enabled" : true,
          "countMode" : "ALL"
        }
      },
      "botManagement" : {
        "logOnly" : false,
        "clientCookieSupportEnforced" : true,
        "wellKnownBots" : {
          "allowed" : true,
          "sourceDomainEnforced" : true
        },
        "customBots" : {
          "allowed" : true,
          "sourceDomainEnforced" : true,
          "userAgentPattern" : {
            "pattern" : "",
            "caseIgnored" : false,
            "inverted" : false
          },
          "domainPattern" : {
            "pattern" : "",
            "inverted" : false
          }
        }
      },
      "timeouts" : {
        "backend" : 120,
        "sessionIdle" : 0
      },
      "limits" : {
        "general" : {
          "maxRequestBodySize" : 222,
          "maxPathLength" : 111
        },
        "http" : {
          "maxParameters" : 2222,
          "maxParameterNameLength" : 1111,
          "maxParameterValueLength" : 3333
        },
        "json" : {
          "enabled" : true,
          "maxKeyLength" : 48,
          "maxValueLength" : 42,
          "maxNestingDepth" : 2000,
          "maxArrayItems" : 1000,
          "maxKeys" : 4000,
          "maxTotalEntries" : 3000
        }
      },
      "csrfProtection" : {
        "enabled" : true,
        "invalidTokenRedirectLocation" : "%ENTRY_PATH%/index.html",
        "pathExceptions" : [ {
          "pattern" : "^/exception/.*",
          "caseIgnored" : true
        } ]
      },
      "application" : {
        "sessionHandling" : "ENFORCE_SESSION",
        "controlApiAllowed" : true,
        "environmentCookiesEnabled" : true,
        "encryptedCookies" : {
          "enabled" : true,
          "prefix" : "ENCRYPT.*"
        },
        "passthroughCookies" : {
          "enabled" : true,
          "prefix" : "PASSTHROUGH.*"
        },
        "loadBalancingCookieEnabled" : true,
        "webSocketsAllowed" : true,
        "redirectForErrorPageEnabled" : true,
        "request" : {
          "charset" : "UTF_8_FALLBACK_WINDOWS_1252",
          "path" : {
            "enforceUtf8" : true
          },
          "header" : {
            "enforceUtf8" : true,
            "allowlist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$ "
              }
            },
            "denylist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$"
              }
            }
          },
          "parameter" : {
            "enforceUtf8" : true
          }
        },
        "response" : {
          "compressionAllowed" : true,
          "stripCommentsEnabled" : true,
          "header" : {
            "allowlist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$"
              }
            },
            "denylist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$"
              }
            },
            "location" : {
              "rewrites" : [ {
                "enabled" : true,
                "urlPattern" : {
                  "pattern" : "/test/",
                  "caseIgnored" : true
                },
                "replaceWith" : "$1"
              } ]
            }
          },
          "json" : {
            "rewrites" : [ {
              "enabled" : true,
              "path" : "$.address.city",
              "contentPattern" : {
                "pattern" : "Basel",
                "caseIgnored" : true
              },
              "replaceWith" : "Zurich"
            } ]
          },
          "body" : {
            "rewrites" : [ {
              "enabled" : true,
              "contentType" : "application/json",
              "contentPattern" : {
                "pattern" : "test",
                "caseIgnored" : true
              },
              "replaceWith" : "test2"
            } ]
          },
          "html" : {
            "rewrites" : [ {
              "enabled" : true,
              "urlPattern" : {
                "pattern" : "^https?://www.mydomain.com(/[^'\"]*)$",
                "caseIgnored" : true
              },
              "uris" : true,
              "events" : true,
              "embedded" : true,
              "replaceWith" : "$1"
            } ]
          },
          "errorPage" : {
            "rewrites" : [ {
              "enabled" : true,
              "statusContentPattern" : "^5(?!02|03)..$",
              "replaceWith" : "500.html"
            } ]
          }
        }
      },
      "apiSecurity" : {
        "treatPathSegmentsAsParamValues" : true,
        "jsonParser" : {
          "enabled" : true,
          "contentTypePattern" : {
            "pattern" : "application/json",
            "caseIgnored" : true,
            "inverted" : true
          }
        },
        "openApiEnforced" : true,
        "openApiCheckResponsesEnabled" : true,
        "logOnly" : true,
        "openApiPathMatching" : "ClientView",
        "openApiPublishSpecificationEnabled" : true,
        "openApiPublishSpecificationPath" : "path/to/apiSpecification.json",
        "apiPolicyServiceEnabled" : true,
        "apiPolicyKeyExtractionHeader" : {
          "enabled" : true,
          "extractionPattern" : {
            "pattern" : "^Api-Key: (.*)$",
            "caseIgnored" : false,
            "inverted" : false
          },
          "replaceWith" : "$1"
        },
        "apiPolicyKeyExtractionQueryParameter" : {
          "enabled" : true,
          "parameterName" : "api_key"
        },
        "apiPolicyKeyExtractionCookie" : {
          "enabled" : true,
          "cookieName" : "ApiKey"
        }
      },
      "dosAttackPrevention" : {
        "enabled" : true,
        "maxRequestsPerInterval" : 500,
        "interval" : 60
      },
      "requestBodyStreaming" : {
        "enabled" : true,
        "httpMethodPattern" : {
          "pattern" : "^GET$",
          "caseIgnored" : true,
          "inverted" : false
        },
        "pathPattern" : {
          "pattern" : "/path/",
          "caseIgnored" : false,
          "inverted" : false
        },
        "contentTypePattern" : {
          "pattern" : "video/mpeg",
          "caseIgnored" : false,
          "inverted" : false
        }
      },
      "httpParameterPollutionDetection" : {
        "mixedTypes" : {
          "enabled" : false,
          "logOnly" : true,
          "parameterNameExceptionPattern" : {
            "pattern" : "",
            "caseIgnored" : true,
            "inverted" : true
          }
        },
        "sameType" : {
          "enabled" : false
        }
      },
      "expertSettings" : {
        "securityGate" : {
          "enabled" : true,
          "settings" : "AuthenticatedSessionsWarningPercentage            \"90\""
        },
        "apache" : {
          "enabled" : true,
          "settings" : "MaxConnectionsPerChild  15000"
        }
      },
      "locking" : {
        "enabled" : true,
        "labels" : true,
        "access" : {
          "deniedUrl" : {
            "value" : true,
            "mode" : true
          },
          "restrictions" : true,
          "clientCertificateAuthentication" : true,
          "authenticationFlow" : true,
          "backendLogoutUrl" : true,
          "ntlmPassthroughEnabled" : true,
          "credentialsPropagation" : {
            "mandatory" : true,
            "type" : true
          },
          "tokensEnabled" : true,
          "tokenVerification" : {
            "localJwksProviders" : true,
            "remoteJwksProviders" : true,
            "expiryCheckEnabled" : true,
            "expiryCheckSkew" : true,
            "claimRestrictions" : true,
            "roleExtractions" : true,
            "extractTechnicalClientIdEnabled" : true,
            "extractTechnicalClientIdName" : true,
            "setAuditTokenFromSubjectEnabled" : true
          },
          "tokenTransport" : {
            "presenceMandatoryEnforced" : true,
            "headerExtraction" : {
              "enabled" : true,
              "extractionPattern" : true,
              "replaceWith" : true
            },
            "parameterExtraction" : {
              "enabled" : true,
              "name" : true
            },
            "cookieExtraction" : {
              "enabled" : true,
              "name" : true
            }
          }
        },
        "entryPath" : {
          "settings" : true,
          "enforceTrailingSlashes" : true,
          "regexFormatEnforced" : true,
          "priority" : true
        },
        "backendPath" : true,
        "threatHandling" : true,
        "operationalMode" : true,
        "enableMaintenancePage" : true,
        "ipRules" : {
          "ipAddressWhitelists" : {
            "logOnly" : true
          },
          "ipAddressBlacklists" : {
            "logOnly" : true
          },
          "dynamicIpAddressBlacklist" : {
            "enabled" : true,
            "countMode" : true
          }
        },
        "botManagement" : {
          "logOnly" : false,
          "clientCookieSupportEnforced" : true,
          "wellKnownBots" : {
            "allowed" : true,
            "sourceDomainEnforced" : true
          },
          "customBots" : {
            "allowed" : true,
            "sourceDomainEnforced" : true,
            "userAgentPattern" : true,
            "domainPattern" : true
          }
        },
        "timeouts" : {
          "backend" : true,
          "sessionIdle" : true
        },
        "limits" : {
          "general" : {
            "maxRequestBodySize" : true,
            "maxPathLength" : true
          },
          "http" : {
            "maxParameters" : true,
            "maxParameterNameLength" : true,
            "maxParameterValueLength" : true
          },
          "json" : {
            "enabled" : true,
            "maxKeyLength" : true,
            "maxValueLength" : true,
            "maxNestingDepth" : true,
            "maxArrayItems" : true,
            "maxKeys" : true,
            "maxTotalEntries" : true
          }
        },
        "csrfProtection" : {
          "enabled" : true,
          "invalidTokenRedirectLocation" : true,
          "pathExceptions" : true
        },
        "application" : {
          "sessionHandling" : true,
          "controlApiAllowed" : true,
          "environmentCookiesEnabled" : true,
          "encryptedCookies" : {
            "enabled" : true,
            "prefix" : true
          },
          "passthroughCookies" : {
            "enabled" : true,
            "prefix" : true
          },
          "loadBalancingCookieEnabled" : true,
          "webSocketsAllowed" : true,
          "redirectForErrorPageEnabled" : true,
          "request" : {
            "charset" : true,
            "path" : {
              "enforceUtf8" : true
            },
            "header" : {
              "enforceUtf8" : true,
              "allowlist" : {
                "defaultEnabled" : true,
                "additional" : true
              },
              "denylist" : {
                "defaultEnabled" : true,
                "additional" : true
              }
            },
            "parameter" : {
              "enforceUtf8" : true
            }
          },
          "response" : {
            "compressionAllowed" : true,
            "stripCommentsEnabled" : true,
            "header" : {
              "allowlist" : {
                "defaultEnabled" : true,
                "additional" : true
              },
              "denylist" : {
                "defaultEnabled" : true,
                "additional" : true
              },
              "location" : {
                "rewrites" : true
              }
            },
            "json" : {
              "rewrites" : true
            },
            "body" : {
              "rewrites" : true
            },
            "html" : {
              "rewrites" : true
            },
            "errorPage" : {
              "rewrites" : true
            }
          }
        },
        "apiSecurity" : {
          "treatPathSegmentsAsParamValues" : true,
          "jsonParser" : {
            "enabled" : true,
            "contentTypePattern" : true
          },
          "openApiEnforced" : true,
          "openApiCheckResponsesEnabled" : true,
          "openApiDocumentId" : true,
          "logOnly" : true,
          "openApiPathMatching" : true,
          "openApiPublishSpecificationEnabled" : true,
          "openApiPublishSpecificationPath" : true,
          "apiPolicyServiceEnabled" : true,
          "apiPolicyServiceId" : true,
          "apiPolicyKeyExtractionHeader" : {
            "enabled" : true,
            "extractionPattern" : true,
            "replaceWith" : true
          },
          "apiPolicyKeyExtractionQueryParameter" : {
            "enabled" : true,
            "parameterName" : true
          },
          "apiPolicyKeyExtractionCookie" : {
            "enabled" : true,
            "cookieName" : true
          }
        },
        "dosAttackPrevention" : {
          "enabled" : true,
          "maxRequestsPerInterval" : true,
          "interval" : true
        },
        "requestBodyStreaming" : {
          "enabled" : true,
          "httpMethodPattern" : true,
          "pathPattern" : true,
          "contentTypePattern" : true
        },
        "httpParameterPollutionDetection" : {
          "mixedTypes" : {
            "enabled" : true,
            "logOnly" : true,
            "parameterNameExceptionPattern" : true
          },
          "sameType" : {
            "enabled" : true
          }
        },
        "icap" : {
          "request" : {
            "clientViews" : true,
            "backendViews" : true
          },
          "response" : {
            "backendViews" : true,
            "clientViews" : true
          }
        }
      }
    },
    "relationships" : {
      "back-end-groups" : {
        "data" : [ {
          "type" : "back-end-group",
          "id" : "30"
        } ]
      },
      "virtual-hosts" : {
        "data" : [ {
          "type" : "virtual-host",
          "id" : "40"
        } ]
      },
      "local-json-web-key-sets" : {
        "data" : [ {
          "type" : "local-json-web-key-set",
          "id" : "46"
        } ]
      },
      "remote-json-web-key-sets" : {
        "data" : [ {
          "type" : "remote-json-web-key-set",
          "id" : "47"
        } ]
      },
      "openapi-document" : {
        "data" : {
          "type" : "openapi-document",
          "id" : "50"
        }
      },
      "api-policy-service" : {
        "data" : {
          "type" : "api-policy-service",
          "id" : "60"
        }
      },
      "icap-request-client-views" : {
        "data" : [ {
          "type" : "icap-environment",
          "id" : "42",
          "meta" : {
            "type" : "jsonapi.meta",
            "usage" : {
              "httpMethodPattern" : {
                "caseIgnored" : "true",
                "pattern" : "GET",
                "inverted" : "true"
              },
              "pathPattern" : {
                "caseIgnored" : "true",
                "pattern" : "/entity-path",
                "inverted" : "true"
              },
              "requestHeaderNamePattern" : {
                "caseIgnored" : "true",
                "pattern" : "^X-Entity",
                "inverted" : "true"
              },
              "requestHeaderValuePattern" : {
                "caseIgnored" : "true",
                "pattern" : "EntityValue",
                "inverted" : "true"
              },
              "enabled" : true
            }
          }
        } ]
      },
      "icap-request-backend-views" : {
        "data" : [ {
          "type" : "icap-environment",
          "id" : "43",
          "meta" : {
            "type" : "jsonapi.meta",
            "usage" : {
              "httpMethodPattern" : {
                "caseIgnored" : "true",
                "pattern" : "GET",
                "inverted" : "true"
              },
              "pathPattern" : {
                "caseIgnored" : "true",
                "pattern" : "/entity-path",
                "inverted" : "true"
              },
              "requestHeaderNamePattern" : {
                "caseIgnored" : "true",
                "pattern" : "^X-Entity",
                "inverted" : "true"
              },
              "requestHeaderValuePattern" : {
                "caseIgnored" : "true",
                "pattern" : "EntityValue",
                "inverted" : "true"
              },
              "enabled" : true
            }
          }
        } ]
      },
      "icap-response-backend-views" : {
        "data" : [ {
          "type" : "icap-environment",
          "id" : "44",
          "meta" : {
            "type" : "jsonapi.meta",
            "usage" : {
              "httpMethodPattern" : {
                "caseIgnored" : "true",
                "pattern" : "GET",
                "inverted" : "true"
              },
              "pathPattern" : {
                "caseIgnored" : "true",
                "pattern" : "/entity-path",
                "inverted" : "true"
              },
              "requestHeaderNamePattern" : {
                "caseIgnored" : "true",
                "pattern" : "^X-Entity",
                "inverted" : "true"
              },
              "requestHeaderValuePattern" : {
                "caseIgnored" : "true",
                "pattern" : "EntityValue",
                "inverted" : "true"
              },
              "responseHeaderNamePattern" : {
                "caseIgnored" : "true",
                "pattern" : "X-Response",
                "inverted" : "true"
              },
              "responseHeaderValuePattern" : {
                "caseIgnored" : "true",
                "pattern" : "responsevalue",
                "inverted" : "true"
              },
              "enabled" : true
            }
          }
        } ]
      },
      "icap-response-client-views" : {
        "data" : [ {
          "type" : "icap-environment",
          "id" : "45",
          "meta" : {
            "type" : "jsonapi.meta",
            "usage" : {
              "httpMethodPattern" : {
                "caseIgnored" : "true",
                "pattern" : "GET",
                "inverted" : "true"
              },
              "pathPattern" : {
                "caseIgnored" : "true",
                "pattern" : "/entity-path",
                "inverted" : "true"
              },
              "requestHeaderNamePattern" : {
                "caseIgnored" : "true",
                "pattern" : "^X-Entity",
                "inverted" : "true"
              },
              "requestHeaderValuePattern" : {
                "caseIgnored" : "true",
                "pattern" : "EntityValue",
                "inverted" : "true"
              },
              "responseHeaderNamePattern" : {
                "caseIgnored" : "true",
                "pattern" : "X-Response",
                "inverted" : "true"
              },
              "responseHeaderValuePattern" : {
                "caseIgnored" : "true",
                "pattern" : "responsevalue",
                "inverted" : "true"
              },
              "enabled" : true
            }
          }
        } ]
      },
      "anomaly-shield-application" : {
        "data" : {
          "type" : "anomaly-shield-application",
          "id" : "70"
        }
      }
    }
  }
}

Delete a Mapping

DELETE /configuration/mappings/{id}

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Access a Deny Rule Group Usage

GET /configuration/mappings/{id}/deny-rule-groups/{shortName}

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

shortName

The short name of the element to access.

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "mapping-deny-rule-group" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.enabled

Boolean

If set to true, all deny rule of this group on the selected security level are active.

data.attributes.exceptions[]

Array

All exceptions for this group.

data.attributes.exceptions[].contentTypePattern

Object

Triggers an exception if the content type of the request matches.

data.attributes.exceptions[].contentTypePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].contentTypePattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].contentTypePattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].contentTypePattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].contentTypePattern.pattern

String

The actual pattern.

data.attributes.exceptions[].enabled

Boolean

If enabled, the exception is active.

data.attributes.exceptions[].headerNamePattern

Object

Triggers an exception for a matching header name.

data.attributes.exceptions[].headerNamePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].headerNamePattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].headerNamePattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].headerNamePattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].headerNamePattern.pattern

String

The actual pattern.

data.attributes.exceptions[].headerValuePattern

Object

Triggers an exception for a matching header value.

data.attributes.exceptions[].headerValuePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].headerValuePattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].headerValuePattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].headerValuePattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].headerValuePattern.pattern

String

The actual pattern.

data.attributes.exceptions[].httpMethodPattern

Object

Triggers an exception if the HTTP method of the request matches.

data.attributes.exceptions[].httpMethodPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].httpMethodPattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].httpMethodPattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].httpMethodPattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].httpMethodPattern.pattern

String

The actual pattern.

data.attributes.exceptions[].parameterNamePattern

Object

Triggers an exception for a matching query parameter name.

data.attributes.exceptions[].parameterNamePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].parameterNamePattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].parameterNamePattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].parameterNamePattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].parameterNamePattern.pattern

String

The actual pattern.

data.attributes.exceptions[].parameterValuePattern

Object

Triggers an exception for a matching query parameter value.

data.attributes.exceptions[].parameterValuePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].parameterValuePattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].parameterValuePattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].parameterValuePattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].parameterValuePattern.pattern

String

The actual pattern.

data.attributes.exceptions[].pathPattern

Object

Triggers an exception for a matching request path.

data.attributes.exceptions[].pathPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].pathPattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].pathPattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].pathPattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].pathPattern.pattern

String

The actual pattern.

data.attributes.locking.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.exceptions

Boolean

Lock for the corresponding member.

data.attributes.logOnly

Boolean

If enabled, requests triggering the group policies are not blocked. The violation is logged and notified.

data.attributes.securityLevel

String

Specifies the security level.

Allowed values:
- BASIC: Rules in level Basic focus on a low false-positive rate, simplifying the integration of applications. Note, however, that certain attack variants may not be covered.
- STANDARD: Level Standard is the default setting on new mappings. It provides strong filters and a low false-positive rate. Exceptions may be required for input fields containing syntactical elements similar to JavaScript or SQL.
- STRICT: Level Strict focuses on blocking many potential attack variants. This level is recommended for very sensitive applications and typically requires some integration effort.
- CUSTOM: Level Custom allows to enable and disable all deny rules in this group individually.

data.attributes.securityLevelLogged

String

Allowed values:
- OFF: Do not log any additional info.
- BASIC: Log as if the security level was on STANDARD.
- STANDARD: Log as if the security level was on STANDARD.
- STRICT: Log as if the security level was on STRICT.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/deny-rule-groups/HEADER_VALUE_INJECTION" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2003

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:59.836Z"
  },
  "data" : {
    "type" : "mapping-deny-rule-group",
    "id" : "HEADER_VALUE_INJECTION",
    "attributes" : {
      "enabled" : true,
      "securityLevel" : "STANDARD",
      "securityLevelLogged" : "STRICT",
      "logOnly" : true,
      "exceptions" : [ {
        "enabled" : true,
        "httpMethodPattern" : {
          "enabled" : true,
          "pattern" : "^POST",
          "caseIgnored" : false,
          "inverted" : false,
          "multipleSingleLineRegex" : true
        },
        "pathPattern" : {
          "enabled" : true,
          "pattern" : "^/internal/",
          "caseIgnored" : true,
          "inverted" : false,
          "multipleSingleLineRegex" : true
        },
        "parameterNamePattern" : {
          "enabled" : true,
          "pattern" : "(?:certificate)",
          "caseIgnored" : true,
          "inverted" : false,
          "multipleSingleLineRegex" : false
        },
        "parameterValuePattern" : {
          "enabled" : true,
          "pattern" : "[a-aA-Z0-9@_=-]+",
          "caseIgnored" : false,
          "inverted" : false,
          "multipleSingleLineRegex" : false
        },
        "contentTypePattern" : {
          "enabled" : true,
          "pattern" : "^form/",
          "caseIgnored" : true,
          "inverted" : false,
          "multipleSingleLineRegex" : false
        },
        "headerNamePattern" : {
          "enabled" : true,
          "pattern" : "^X-Good-Header",
          "caseIgnored" : true,
          "inverted" : false,
          "multipleSingleLineRegex" : false
        },
        "headerValuePattern" : {
          "enabled" : true,
          "pattern" : "\\p{printable}",
          "caseIgnored" : false,
          "inverted" : true,
          "multipleSingleLineRegex" : false
        }
      } ],
      "locking" : {
        "enabled" : false,
        "exceptions" : false
      }
    }
  }
}

Update a Deny Rule Group Usage

PATCH /configuration/mappings/{id}/deny-rule-groups/{shortName}

Content-Type application/json

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

shortName

The short name of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "mapping-deny-rule-group" for this call.

data.id

String

yes

The ID of the resource to be addressed.

data.attributes.enabled

Boolean

no

If set to true, all deny rule of this group on the selected security level are active.

data.attributes.exceptions[]

Array

no

All exceptions for this group.

data.attributes.exceptions[].contentTypePattern

Object

no

Triggers an exception if the content type of the request matches.

data.attributes.exceptions[].contentTypePattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.exceptions[].contentTypePattern.enabled

Boolean

no

Whether the pattern is enabled.

data.attributes.exceptions[].contentTypePattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.exceptions[].contentTypePattern.multipleSingleLineRegex

Boolean

no

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].contentTypePattern.pattern

String

no

The actual pattern.

data.attributes.exceptions[].enabled

Boolean

no

If enabled, the exception is active.

data.attributes.exceptions[].headerNamePattern

Object

no

Triggers an exception for a matching header name.

data.attributes.exceptions[].headerNamePattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.exceptions[].headerNamePattern.enabled

Boolean

no

Whether the pattern is enabled.

data.attributes.exceptions[].headerNamePattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.exceptions[].headerNamePattern.multipleSingleLineRegex

Boolean

no

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].headerNamePattern.pattern

String

no

The actual pattern.

data.attributes.exceptions[].headerValuePattern

Object

no

Triggers an exception for a matching header value.

data.attributes.exceptions[].headerValuePattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.exceptions[].headerValuePattern.enabled

Boolean

no

Whether the pattern is enabled.

data.attributes.exceptions[].headerValuePattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.exceptions[].headerValuePattern.multipleSingleLineRegex

Boolean

no

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].headerValuePattern.pattern

String

no

The actual pattern.

data.attributes.exceptions[].httpMethodPattern

Object

no

Triggers an exception if the HTTP method of the request matches.

data.attributes.exceptions[].httpMethodPattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.exceptions[].httpMethodPattern.enabled

Boolean

no

Whether the pattern is enabled.

data.attributes.exceptions[].httpMethodPattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.exceptions[].httpMethodPattern.multipleSingleLineRegex

Boolean

no

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].httpMethodPattern.pattern

String

no

The actual pattern.

data.attributes.exceptions[].parameterNamePattern

Object

no

Triggers an exception for a matching query parameter name.

data.attributes.exceptions[].parameterNamePattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.exceptions[].parameterNamePattern.enabled

Boolean

no

Whether the pattern is enabled.

data.attributes.exceptions[].parameterNamePattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.exceptions[].parameterNamePattern.multipleSingleLineRegex

Boolean

no

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].parameterNamePattern.pattern

String

no

The actual pattern.

data.attributes.exceptions[].parameterValuePattern

Object

no

Triggers an exception for a matching query parameter value.

data.attributes.exceptions[].parameterValuePattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.exceptions[].parameterValuePattern.enabled

Boolean

no

Whether the pattern is enabled.

data.attributes.exceptions[].parameterValuePattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.exceptions[].parameterValuePattern.multipleSingleLineRegex

Boolean

no

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].parameterValuePattern.pattern

String

no

The actual pattern.

data.attributes.exceptions[].pathPattern

Object

no

Triggers an exception for a matching request path.

data.attributes.exceptions[].pathPattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.exceptions[].pathPattern.enabled

Boolean

no

Whether the pattern is enabled.

data.attributes.exceptions[].pathPattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.exceptions[].pathPattern.multipleSingleLineRegex

Boolean

no

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].pathPattern.pattern

String

no

The actual pattern.

data.attributes.locking.enabled

Boolean

yes

Lock for the corresponding member.

data.attributes.locking.exceptions

Boolean

yes

Lock for the corresponding member.

data.attributes.logOnly

Boolean

no

If enabled, requests triggering the group policies are not blocked. The violation is logged and notified.

data.attributes.securityLevel

String

no

Specifies the security level.

Allowed values:
- BASIC: Rules in level Basic focus on a low false-positive rate, simplifying the integration of applications. Note, however, that certain attack variants may not be covered.
- STANDARD: Level Standard is the default setting on new mappings. It provides strong filters and a low false-positive rate. Exceptions may be required for input fields containing syntactical elements similar to JavaScript or SQL.
- STRICT: Level Strict focuses on blocking many potential attack variants. This level is recommended for very sensitive applications and typically requires some integration effort.
- CUSTOM: Level Custom allows to enable and disable all deny rules in this group individually.

data.attributes.securityLevelLogged

String

no

Allowed values:
- OFF: Do not log any additional info.
- BASIC: Log as if the security level was on STANDARD.
- STANDARD: Log as if the security level was on STANDARD.
- STRICT: Log as if the security level was on STRICT.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "mapping-deny-rule-group" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.enabled

Boolean

If set to true, all deny rule of this group on the selected security level are active.

data.attributes.exceptions[]

Array

All exceptions for this group.

data.attributes.exceptions[].contentTypePattern

Object

Triggers an exception if the content type of the request matches.

data.attributes.exceptions[].contentTypePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].contentTypePattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].contentTypePattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].contentTypePattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].contentTypePattern.pattern

String

The actual pattern.

data.attributes.exceptions[].enabled

Boolean

If enabled, the exception is active.

data.attributes.exceptions[].headerNamePattern

Object

Triggers an exception for a matching header name.

data.attributes.exceptions[].headerNamePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].headerNamePattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].headerNamePattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].headerNamePattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].headerNamePattern.pattern

String

The actual pattern.

data.attributes.exceptions[].headerValuePattern

Object

Triggers an exception for a matching header value.

data.attributes.exceptions[].headerValuePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].headerValuePattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].headerValuePattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].headerValuePattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].headerValuePattern.pattern

String

The actual pattern.

data.attributes.exceptions[].httpMethodPattern

Object

Triggers an exception if the HTTP method of the request matches.

data.attributes.exceptions[].httpMethodPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].httpMethodPattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].httpMethodPattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].httpMethodPattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].httpMethodPattern.pattern

String

The actual pattern.

data.attributes.exceptions[].parameterNamePattern

Object

Triggers an exception for a matching query parameter name.

data.attributes.exceptions[].parameterNamePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].parameterNamePattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].parameterNamePattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].parameterNamePattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].parameterNamePattern.pattern

String

The actual pattern.

data.attributes.exceptions[].parameterValuePattern

Object

Triggers an exception for a matching query parameter value.

data.attributes.exceptions[].parameterValuePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].parameterValuePattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].parameterValuePattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].parameterValuePattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].parameterValuePattern.pattern

String

The actual pattern.

data.attributes.exceptions[].pathPattern

Object

Triggers an exception for a matching request path.

data.attributes.exceptions[].pathPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].pathPattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].pathPattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].pathPattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].pathPattern.pattern

String

The actual pattern.

data.attributes.locking.enabled

Boolean

Lock for the corresponding member.

data.attributes.locking.exceptions

Boolean

Lock for the corresponding member.

data.attributes.logOnly

Boolean

If enabled, requests triggering the group policies are not blocked. The violation is logged and notified.

data.attributes.securityLevel

String

Specifies the security level.

Allowed values:
- BASIC: Rules in level Basic focus on a low false-positive rate, simplifying the integration of applications. Note, however, that certain attack variants may not be covered.
- STANDARD: Level Standard is the default setting on new mappings. It provides strong filters and a low false-positive rate. Exceptions may be required for input fields containing syntactical elements similar to JavaScript or SQL.
- STRICT: Level Strict focuses on blocking many potential attack variants. This level is recommended for very sensitive applications and typically requires some integration effort.
- CUSTOM: Level Custom allows to enable and disable all deny rules in this group individually.

data.attributes.securityLevelLogged

String

Allowed values:
- OFF: Do not log any additional info.
- BASIC: Log as if the security level was on STANDARD.
- STANDARD: Log as if the security level was on STANDARD.
- STRICT: Log as if the security level was on STRICT.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/deny-rule-groups/HEADER_VALUE_INJECTION" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "mapping-deny-rule-group",
    "id" : "1",
    "attributes" : {
      "enabled" : true,
      "securityLevel" : "STANDARD",
      "securityLevelLogged" : "STRICT",
      "logOnly" : true,
      "exceptions" : [ {
        "enabled" : true,
        "httpMethodPattern" : {
          "enabled" : true,
          "pattern" : "GET",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        },
        "pathPattern" : {
          "enabled" : true,
          "pattern" : "/path",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        },
        "parameterNamePattern" : {
          "enabled" : true,
          "pattern" : "parameter",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        },
        "parameterValuePattern" : {
          "enabled" : true,
          "pattern" : "value",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        },
        "contentTypePattern" : {
          "enabled" : true,
          "pattern" : "text/html",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        },
        "headerNamePattern" : {
          "enabled" : true,
          "pattern" : "headerName",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        },
        "headerValuePattern" : {
          "enabled" : true,
          "pattern" : "headerValue",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        }
      } ],
      "locking" : {
        "enabled" : false,
        "exceptions" : false
      }
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1960

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:59.949Z"
  },
  "data" : {
    "type" : "mapping-deny-rule-group",
    "id" : "HEADER_VALUE_INJECTION",
    "attributes" : {
      "enabled" : true,
      "securityLevel" : "STANDARD",
      "securityLevelLogged" : "STRICT",
      "logOnly" : true,
      "exceptions" : [ {
        "enabled" : true,
        "httpMethodPattern" : {
          "enabled" : true,
          "pattern" : "GET",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        },
        "pathPattern" : {
          "enabled" : true,
          "pattern" : "/path",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        },
        "parameterNamePattern" : {
          "enabled" : true,
          "pattern" : "parameter",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        },
        "parameterValuePattern" : {
          "enabled" : true,
          "pattern" : "value",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        },
        "contentTypePattern" : {
          "enabled" : true,
          "pattern" : "text/html",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        },
        "headerNamePattern" : {
          "enabled" : true,
          "pattern" : "headerName",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        },
        "headerValuePattern" : {
          "enabled" : true,
          "pattern" : "headerValue",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        }
      } ],
      "locking" : {
        "enabled" : false,
        "exceptions" : false
      }
    }
  }
}

Access a Deny Rule Usage

GET /configuration/mappings/{id}/deny-rules/{shortName}

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

shortName

The short name of the element to access.

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "mapping-deny-rule" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.enabled

Boolean

If set to true, the deny rule is enabled. Changing this value is only allowed, if the security level of the parent deny rule group is set to "CUSTOM". Otherwise any attempt in changing the value will result in a response with status code '409 Conflict'.

data.attributes.exceptions[]

Array

All exceptions for this group.

data.attributes.exceptions[].contentTypePattern

Object

Triggers an exception if the content type of the request matches.

data.attributes.exceptions[].contentTypePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].contentTypePattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].contentTypePattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].contentTypePattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].contentTypePattern.pattern

String

The actual pattern.

data.attributes.exceptions[].enabled

Boolean

If enabled, the exception is active.

data.attributes.exceptions[].headerNamePattern

Object

Triggers an exception for a matching header name.

data.attributes.exceptions[].headerNamePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].headerNamePattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].headerNamePattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].headerNamePattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].headerNamePattern.pattern

String

The actual pattern.

data.attributes.exceptions[].headerValuePattern

Object

Triggers an exception for a matching header value.

data.attributes.exceptions[].headerValuePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].headerValuePattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].headerValuePattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].headerValuePattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].headerValuePattern.pattern

String

The actual pattern.

data.attributes.exceptions[].httpMethodPattern

Object

Triggers an exception if the HTTP method of the request matches.

data.attributes.exceptions[].httpMethodPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].httpMethodPattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].httpMethodPattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].httpMethodPattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].httpMethodPattern.pattern

String

The actual pattern.

data.attributes.exceptions[].parameterNamePattern

Object

Triggers an exception for a matching query parameter name.

data.attributes.exceptions[].parameterNamePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].parameterNamePattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].parameterNamePattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].parameterNamePattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].parameterNamePattern.pattern

String

The actual pattern.

data.attributes.exceptions[].parameterValuePattern

Object

Triggers an exception for a matching query parameter value.

data.attributes.exceptions[].parameterValuePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].parameterValuePattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].parameterValuePattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].parameterValuePattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].parameterValuePattern.pattern

String

The actual pattern.

data.attributes.exceptions[].pathPattern

Object

Triggers an exception for a matching request path.

data.attributes.exceptions[].pathPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].pathPattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].pathPattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].pathPattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].pathPattern.pattern

String

The actual pattern.

data.attributes.logOnly

Boolean

If enabled, requests triggering the deny rule are not blocked. The violation is logged and notified.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/deny-rules/SQL_001A" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1823

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:59.800Z"
  },
  "data" : {
    "type" : "mapping-deny-rule",
    "id" : "SQL_001A",
    "attributes" : {
      "enabled" : true,
      "logOnly" : false,
      "exceptions" : [ {
        "enabled" : true,
        "httpMethodPattern" : {
          "enabled" : true,
          "pattern" : "^POST",
          "caseIgnored" : false,
          "inverted" : false,
          "multipleSingleLineRegex" : true
        },
        "pathPattern" : {
          "enabled" : true,
          "pattern" : "^/internal/",
          "caseIgnored" : true,
          "inverted" : false,
          "multipleSingleLineRegex" : true
        },
        "parameterNamePattern" : {
          "enabled" : true,
          "pattern" : "(?:certificate)",
          "caseIgnored" : true,
          "inverted" : false,
          "multipleSingleLineRegex" : false
        },
        "parameterValuePattern" : {
          "enabled" : true,
          "pattern" : "[a-aA-Z0-9@_=-]+",
          "caseIgnored" : false,
          "inverted" : false,
          "multipleSingleLineRegex" : false
        },
        "contentTypePattern" : {
          "enabled" : true,
          "pattern" : "^form/",
          "caseIgnored" : true,
          "inverted" : false,
          "multipleSingleLineRegex" : false
        },
        "headerNamePattern" : {
          "enabled" : true,
          "pattern" : "^X-Good-Header",
          "caseIgnored" : true,
          "inverted" : false,
          "multipleSingleLineRegex" : false
        },
        "headerValuePattern" : {
          "enabled" : true,
          "pattern" : "\\p{printable}",
          "caseIgnored" : false,
          "inverted" : true,
          "multipleSingleLineRegex" : false
        }
      } ]
    }
  }
}

Update a Deny Rule Usage

PATCH /configuration/mappings/{id}/deny-rules/{shortName}

Content-Type application/json

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

shortName

The short name of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "mapping-deny-rule" for this call.

data.id

String

yes

The ID of the resource to be addressed.

data.attributes.enabled

Boolean

no

If set to true, the deny rule is enabled. Changing this value is only allowed, if the security level of the parent deny rule group is set to "CUSTOM". Otherwise any attempt in changing the value will result in a response with status code '409 Conflict'.

data.attributes.exceptions[]

Array

no

All exceptions for this group.

data.attributes.exceptions[].contentTypePattern

Object

no

Triggers an exception if the content type of the request matches.

data.attributes.exceptions[].contentTypePattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.exceptions[].contentTypePattern.enabled

Boolean

no

Whether the pattern is enabled.

data.attributes.exceptions[].contentTypePattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.exceptions[].contentTypePattern.multipleSingleLineRegex

Boolean

no

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].contentTypePattern.pattern

String

no

The actual pattern.

data.attributes.exceptions[].enabled

Boolean

no

If enabled, the exception is active.

data.attributes.exceptions[].headerNamePattern

Object

no

Triggers an exception for a matching header name.

data.attributes.exceptions[].headerNamePattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.exceptions[].headerNamePattern.enabled

Boolean

no

Whether the pattern is enabled.

data.attributes.exceptions[].headerNamePattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.exceptions[].headerNamePattern.multipleSingleLineRegex

Boolean

no

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].headerNamePattern.pattern

String

no

The actual pattern.

data.attributes.exceptions[].headerValuePattern

Object

no

Triggers an exception for a matching header value.

data.attributes.exceptions[].headerValuePattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.exceptions[].headerValuePattern.enabled

Boolean

no

Whether the pattern is enabled.

data.attributes.exceptions[].headerValuePattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.exceptions[].headerValuePattern.multipleSingleLineRegex

Boolean

no

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].headerValuePattern.pattern

String

no

The actual pattern.

data.attributes.exceptions[].httpMethodPattern

Object

no

Triggers an exception if the HTTP method of the request matches.

data.attributes.exceptions[].httpMethodPattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.exceptions[].httpMethodPattern.enabled

Boolean

no

Whether the pattern is enabled.

data.attributes.exceptions[].httpMethodPattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.exceptions[].httpMethodPattern.multipleSingleLineRegex

Boolean

no

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].httpMethodPattern.pattern

String

no

The actual pattern.

data.attributes.exceptions[].parameterNamePattern

Object

no

Triggers an exception for a matching query parameter name.

data.attributes.exceptions[].parameterNamePattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.exceptions[].parameterNamePattern.enabled

Boolean

no

Whether the pattern is enabled.

data.attributes.exceptions[].parameterNamePattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.exceptions[].parameterNamePattern.multipleSingleLineRegex

Boolean

no

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].parameterNamePattern.pattern

String

no

The actual pattern.

data.attributes.exceptions[].parameterValuePattern

Object

no

Triggers an exception for a matching query parameter value.

data.attributes.exceptions[].parameterValuePattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.exceptions[].parameterValuePattern.enabled

Boolean

no

Whether the pattern is enabled.

data.attributes.exceptions[].parameterValuePattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.exceptions[].parameterValuePattern.multipleSingleLineRegex

Boolean

no

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].parameterValuePattern.pattern

String

no

The actual pattern.

data.attributes.exceptions[].pathPattern

Object

no

Triggers an exception for a matching request path.

data.attributes.exceptions[].pathPattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.exceptions[].pathPattern.enabled

Boolean

no

Whether the pattern is enabled.

data.attributes.exceptions[].pathPattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.exceptions[].pathPattern.multipleSingleLineRegex

Boolean

no

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].pathPattern.pattern

String

no

The actual pattern.

data.attributes.logOnly

Boolean

no

If enabled, requests triggering the deny rule are not blocked. The violation is logged and notified.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "mapping-deny-rule" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.enabled

Boolean

If set to true, the deny rule is enabled. Changing this value is only allowed, if the security level of the parent deny rule group is set to "CUSTOM". Otherwise any attempt in changing the value will result in a response with status code '409 Conflict'.

data.attributes.exceptions[]

Array

All exceptions for this group.

data.attributes.exceptions[].contentTypePattern

Object

Triggers an exception if the content type of the request matches.

data.attributes.exceptions[].contentTypePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].contentTypePattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].contentTypePattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].contentTypePattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].contentTypePattern.pattern

String

The actual pattern.

data.attributes.exceptions[].enabled

Boolean

If enabled, the exception is active.

data.attributes.exceptions[].headerNamePattern

Object

Triggers an exception for a matching header name.

data.attributes.exceptions[].headerNamePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].headerNamePattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].headerNamePattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].headerNamePattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].headerNamePattern.pattern

String

The actual pattern.

data.attributes.exceptions[].headerValuePattern

Object

Triggers an exception for a matching header value.

data.attributes.exceptions[].headerValuePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].headerValuePattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].headerValuePattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].headerValuePattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].headerValuePattern.pattern

String

The actual pattern.

data.attributes.exceptions[].httpMethodPattern

Object

Triggers an exception if the HTTP method of the request matches.

data.attributes.exceptions[].httpMethodPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].httpMethodPattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].httpMethodPattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].httpMethodPattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].httpMethodPattern.pattern

String

The actual pattern.

data.attributes.exceptions[].parameterNamePattern

Object

Triggers an exception for a matching query parameter name.

data.attributes.exceptions[].parameterNamePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].parameterNamePattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].parameterNamePattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].parameterNamePattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].parameterNamePattern.pattern

String

The actual pattern.

data.attributes.exceptions[].parameterValuePattern

Object

Triggers an exception for a matching query parameter value.

data.attributes.exceptions[].parameterValuePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].parameterValuePattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].parameterValuePattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].parameterValuePattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].parameterValuePattern.pattern

String

The actual pattern.

data.attributes.exceptions[].pathPattern

Object

Triggers an exception for a matching request path.

data.attributes.exceptions[].pathPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.exceptions[].pathPattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.exceptions[].pathPattern.inverted

Boolean

Whether to invert the match.

data.attributes.exceptions[].pathPattern.multipleSingleLineRegex

Boolean

Whether to interpret line breaks as logical ORs.

data.attributes.exceptions[].pathPattern.pattern

String

The actual pattern.

data.attributes.logOnly

Boolean

If enabled, requests triggering the deny rule are not blocked. The violation is logged and notified.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/deny-rules/SQL_001A" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "mapping-deny-rule",
    "id" : "1",
    "attributes" : {
      "enabled" : true,
      "logOnly" : true,
      "exceptions" : [ {
        "enabled" : true,
        "httpMethodPattern" : {
          "enabled" : true,
          "pattern" : "GET",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        },
        "pathPattern" : {
          "enabled" : true,
          "pattern" : "/path",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        },
        "parameterNamePattern" : {
          "enabled" : true,
          "pattern" : "parameter",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        },
        "parameterValuePattern" : {
          "enabled" : true,
          "pattern" : "value",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        },
        "contentTypePattern" : {
          "enabled" : true,
          "pattern" : "text/html",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        },
        "headerNamePattern" : {
          "enabled" : true,
          "pattern" : "headerName",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        },
        "headerValuePattern" : {
          "enabled" : true,
          "pattern" : "headerValue",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        }
      } ]
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1779

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:59.892Z"
  },
  "data" : {
    "type" : "mapping-deny-rule",
    "id" : "SQL_001A",
    "attributes" : {
      "enabled" : true,
      "logOnly" : true,
      "exceptions" : [ {
        "enabled" : true,
        "httpMethodPattern" : {
          "enabled" : true,
          "pattern" : "GET",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        },
        "pathPattern" : {
          "enabled" : true,
          "pattern" : "/path",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        },
        "parameterNamePattern" : {
          "enabled" : true,
          "pattern" : "parameter",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        },
        "parameterValuePattern" : {
          "enabled" : true,
          "pattern" : "value",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        },
        "contentTypePattern" : {
          "enabled" : true,
          "pattern" : "text/html",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        },
        "headerNamePattern" : {
          "enabled" : true,
          "pattern" : "headerName",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        },
        "headerValuePattern" : {
          "enabled" : true,
          "pattern" : "headerValue",
          "caseIgnored" : true,
          "inverted" : true,
          "multipleSingleLineRegex" : true
        }
      } ]
    }
  }
}

Enable 'Show Maintenance Page' Option of a Mapping

POST /configuration/mappings/{id}/maintenance

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/maintenance" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Disable 'Show Maintenance Page' Option of a Mapping

DELETE /configuration/mappings/{id}/maintenance

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/maintenance" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Import Mappings (New or Replace)

PUT /configuration/mappings/import

Content-Type application/zip

Accept application/json

If a mapping with the same name already exists, its settings/connections will be overwritten.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/import" -i -X PUT \
    -H 'Content-Type: application/zip' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    --data-binary '@/tmp/upload.zip'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 14972

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:10.247Z"
  },
  "data" : [ {
    "type" : "mapping",
    "id" : "4",
    "attributes" : {
      "name" : "mymapping",
      "labels" : [ ],
      "tenant" : "",
      "entryPath" : {
        "value" : "/",
        "enforceTrailingSlashes" : true,
        "regexFormatEnforced" : false,
        "ignoreCase" : false,
        "priority" : 0
      },
      "backendPath" : "/",
      "threatHandling" : "BLOCK",
      "operationalMode" : "PRODUCTION",
      "enableMaintenancePage" : false,
      "access" : {
        "deniedUrl" : {
          "value" : "/",
          "mode" : "GLOBAL"
        },
        "restrictions" : [ ],
        "clientCertificateAuthentication" : "NOT_REQUIRED",
        "authenticationFlow" : "REDIRECT",
        "backendLogoutUrl" : "",
        "ntlmPassthroughEnabled" : false,
        "credentialsPropagation" : {
          "mandatory" : false,
          "type" : "NONE"
        },
        "tokensEnabled" : false,
        "tokenTransport" : {
          "presenceMandatoryEnforced" : false,
          "headerExtraction" : {
            "enabled" : false,
            "extractionPattern" : {
              "pattern" : "^Authorization: Bearer (.*)$",
              "caseIgnored" : true
            },
            "replaceWith" : "$1"
          },
          "parameterExtraction" : {
            "enabled" : false,
            "name" : ""
          },
          "cookieExtraction" : {
            "enabled" : false,
            "name" : ""
          }
        },
        "tokenVerification" : {
          "signatureCheckEnforced" : true,
          "expiryCheckEnabled" : false,
          "expiryCheckSkew" : 10,
          "extractTechnicalClientIdEnabled" : false,
          "extractTechnicalClientIdName" : "",
          "setAuditTokenFromSubjectEnabled" : false,
          "claimRestrictions" : [ ],
          "roleExtractions" : [ ]
        }
      },
      "ipRules" : {
        "ipAddressWhitelists" : {
          "logOnly" : false
        },
        "ipAddressBlacklists" : {
          "logOnly" : false,
          "webrootThreatCategories" : ""
        },
        "dynamicIpAddressBlacklist" : {
          "enabled" : false,
          "countMode" : "OFF"
        }
      },
      "botManagement" : {
        "logOnly" : false,
        "clientCookieSupportEnforced" : false,
        "wellKnownBots" : {
          "allowed" : false,
          "sourceDomainEnforced" : false
        },
        "customBots" : {
          "allowed" : false,
          "sourceDomainEnforced" : false,
          "userAgentPattern" : {
            "pattern" : "",
            "caseIgnored" : false,
            "inverted" : false
          },
          "domainPattern" : {
            "pattern" : "",
            "inverted" : false
          }
        }
      },
      "timeouts" : {
        "backend" : 120,
        "sessionIdle" : 0
      },
      "limits" : {
        "general" : {
          "maxRequestBodySize" : 104857600,
          "maxPathLength" : 1024
        },
        "http" : {
          "maxParameters" : 128,
          "maxParameterNameLength" : 128,
          "maxParameterValueLength" : 1024
        },
        "json" : {
          "enabled" : true,
          "maxKeyLength" : 256,
          "maxValueLength" : 8192,
          "maxNestingDepth" : 100,
          "maxArrayItems" : 500,
          "maxKeys" : 250,
          "maxTotalEntries" : 150000
        }
      },
      "csrfProtection" : {
        "enabled" : false,
        "invalidTokenRedirectLocation" : "/%ENTRYPATH%",
        "pathExceptions" : [ {
          "pattern" : "",
          "caseIgnored" : false
        } ]
      },
      "application" : {
        "sessionHandling" : "ENFORCE_SESSION",
        "controlApiAllowed" : false,
        "environmentCookiesEnabled" : false,
        "encryptedCookies" : {
          "enabled" : false,
          "prefix" : ""
        },
        "passthroughCookies" : {
          "enabled" : false,
          "prefix" : ""
        },
        "loadBalancingCookieEnabled" : false,
        "webSocketsAllowed" : false,
        "redirectForErrorPageEnabled" : true,
        "request" : {
          "charset" : "UTF_8_FALLBACK_WINDOWS_1252",
          "path" : {
            "enforceUtf8" : false
          },
          "header" : {
            "enforceUtf8" : false,
            "allowlist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : ""
              }
            },
            "denylist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : ""
              }
            }
          },
          "parameter" : {
            "enforceUtf8" : false
          }
        },
        "response" : {
          "compressionAllowed" : false,
          "stripCommentsEnabled" : true,
          "header" : {
            "allowlist" : {
              "defaultEnabled" : false,
              "additional" : {
                "pattern" : ""
              }
            },
            "denylist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : ""
              }
            },
            "location" : {
              "rewrites" : [ ]
            }
          },
          "json" : {
            "rewrites" : [ ]
          },
          "body" : {
            "rewrites" : [ ]
          },
          "html" : {
            "rewrites" : [ ]
          },
          "errorPage" : {
            "rewrites" : [ ]
          }
        }
      },
      "apiSecurity" : {
        "treatPathSegmentsAsParamValues" : false,
        "jsonParser" : {
          "enabled" : true,
          "contentTypePattern" : {
            "pattern" : "json",
            "caseIgnored" : true,
            "inverted" : false
          }
        },
        "openApiEnforced" : false,
        "openApiCheckResponsesEnabled" : false,
        "logOnly" : false,
        "openApiPathMatching" : "ClientView",
        "openApiPublishSpecificationEnabled" : false,
        "openApiPublishSpecificationPath" : "",
        "apiPolicyServiceEnabled" : false,
        "apiPolicyKeyExtractionHeader" : {
          "enabled" : true,
          "extractionPattern" : {
            "pattern" : "^Api-Key: (.*)$",
            "caseIgnored" : false,
            "inverted" : false
          },
          "replaceWith" : "$1"
        },
        "apiPolicyKeyExtractionQueryParameter" : {
          "enabled" : false,
          "parameterName" : "api_key"
        },
        "apiPolicyKeyExtractionCookie" : {
          "enabled" : false,
          "cookieName" : "ApiKey"
        }
      },
      "dosAttackPrevention" : {
        "enabled" : false,
        "maxRequestsPerInterval" : 500,
        "interval" : 60
      },
      "requestBodyStreaming" : {
        "enabled" : false,
        "httpMethodPattern" : {
          "pattern" : "",
          "caseIgnored" : false,
          "inverted" : false
        },
        "pathPattern" : {
          "pattern" : "",
          "caseIgnored" : false,
          "inverted" : false
        },
        "contentTypePattern" : {
          "pattern" : "",
          "caseIgnored" : false,
          "inverted" : false
        }
      },
      "httpParameterPollutionDetection" : {
        "mixedTypes" : {
          "enabled" : true,
          "logOnly" : false,
          "parameterNameExceptionPattern" : {
            "pattern" : "",
            "caseIgnored" : false,
            "inverted" : false
          }
        },
        "sameType" : {
          "enabled" : true
        }
      },
      "expertSettings" : {
        "securityGate" : {
          "enabled" : false,
          "settings" : ""
        },
        "apache" : {
          "enabled" : false,
          "settings" : ""
        }
      },
      "locking" : {
        "enabled" : false,
        "labels" : false,
        "access" : {
          "deniedUrl" : {
            "value" : false,
            "mode" : false
          },
          "restrictions" : false,
          "clientCertificateAuthentication" : false,
          "authenticationFlow" : false,
          "backendLogoutUrl" : false,
          "ntlmPassthroughEnabled" : false,
          "credentialsPropagation" : {
            "mandatory" : false,
            "type" : false
          },
          "tokensEnabled" : false,
          "tokenVerification" : {
            "localJwksProviders" : false,
            "remoteJwksProviders" : false,
            "expiryCheckEnabled" : false,
            "expiryCheckSkew" : false,
            "claimRestrictions" : false,
            "roleExtractions" : false,
            "extractTechnicalClientIdEnabled" : false,
            "extractTechnicalClientIdName" : false,
            "setAuditTokenFromSubjectEnabled" : false
          },
          "tokenTransport" : {
            "presenceMandatoryEnforced" : false,
            "headerExtraction" : {
              "enabled" : false,
              "extractionPattern" : false,
              "replaceWith" : false
            },
            "parameterExtraction" : {
              "enabled" : false,
              "name" : false
            },
            "cookieExtraction" : {
              "enabled" : false,
              "name" : false
            }
          }
        },
        "entryPath" : {
          "settings" : false,
          "enforceTrailingSlashes" : false,
          "regexFormatEnforced" : false,
          "priority" : false
        },
        "backendPath" : false,
        "threatHandling" : false,
        "operationalMode" : false,
        "enableMaintenancePage" : false,
        "ipRules" : {
          "ipAddressWhitelists" : {
            "logOnly" : false
          },
          "ipAddressBlacklists" : {
            "logOnly" : false
          },
          "dynamicIpAddressBlacklist" : {
            "enabled" : false,
            "countMode" : false
          }
        },
        "botManagement" : {
          "logOnly" : false,
          "clientCookieSupportEnforced" : false,
          "wellKnownBots" : {
            "allowed" : false,
            "sourceDomainEnforced" : false
          },
          "customBots" : {
            "allowed" : false,
            "sourceDomainEnforced" : false,
            "userAgentPattern" : false,
            "domainPattern" : false
          }
        },
        "timeouts" : {
          "backend" : false,
          "sessionIdle" : false
        },
        "limits" : {
          "general" : {
            "maxRequestBodySize" : false,
            "maxPathLength" : false
          },
          "http" : {
            "maxParameters" : false,
            "maxParameterNameLength" : false,
            "maxParameterValueLength" : false
          },
          "json" : {
            "enabled" : false,
            "maxKeyLength" : false,
            "maxValueLength" : false,
            "maxNestingDepth" : false,
            "maxArrayItems" : false,
            "maxKeys" : false,
            "maxTotalEntries" : false
          }
        },
        "csrfProtection" : {
          "enabled" : false,
          "invalidTokenRedirectLocation" : false,
          "pathExceptions" : false
        },
        "application" : {
          "sessionHandling" : false,
          "controlApiAllowed" : false,
          "environmentCookiesEnabled" : false,
          "encryptedCookies" : {
            "enabled" : false,
            "prefix" : false
          },
          "passthroughCookies" : {
            "enabled" : false,
            "prefix" : false
          },
          "loadBalancingCookieEnabled" : false,
          "webSocketsAllowed" : false,
          "redirectForErrorPageEnabled" : false,
          "request" : {
            "charset" : false,
            "path" : {
              "enforceUtf8" : false
            },
            "header" : {
              "enforceUtf8" : false,
              "allowlist" : {
                "defaultEnabled" : true,
                "additional" : false
              },
              "denylist" : {
                "defaultEnabled" : true,
                "additional" : false
              }
            },
            "parameter" : {
              "enforceUtf8" : false
            }
          },
          "response" : {
            "compressionAllowed" : false,
            "stripCommentsEnabled" : false,
            "header" : {
              "allowlist" : {
                "defaultEnabled" : true,
                "additional" : false
              },
              "denylist" : {
                "defaultEnabled" : true,
                "additional" : false
              },
              "location" : {
                "rewrites" : false
              }
            },
            "json" : {
              "rewrites" : false
            },
            "body" : {
              "rewrites" : false
            },
            "html" : {
              "rewrites" : false
            },
            "errorPage" : {
              "rewrites" : false
            }
          }
        },
        "apiSecurity" : {
          "treatPathSegmentsAsParamValues" : false,
          "jsonParser" : {
            "enabled" : false,
            "contentTypePattern" : false
          },
          "openApiEnforced" : false,
          "openApiCheckResponsesEnabled" : false,
          "openApiDocumentId" : false,
          "logOnly" : false,
          "openApiPathMatching" : false,
          "openApiPublishSpecificationEnabled" : false,
          "openApiPublishSpecificationPath" : false,
          "apiPolicyServiceEnabled" : false,
          "apiPolicyServiceId" : false,
          "apiPolicyKeyExtractionHeader" : {
            "enabled" : false,
            "extractionPattern" : false,
            "replaceWith" : false
          },
          "apiPolicyKeyExtractionQueryParameter" : {
            "enabled" : false,
            "parameterName" : false
          },
          "apiPolicyKeyExtractionCookie" : {
            "enabled" : false,
            "cookieName" : false
          }
        },
        "dosAttackPrevention" : {
          "enabled" : false,
          "maxRequestsPerInterval" : false,
          "interval" : false
        },
        "requestBodyStreaming" : {
          "enabled" : false,
          "httpMethodPattern" : false,
          "pathPattern" : false,
          "contentTypePattern" : false
        },
        "httpParameterPollutionDetection" : {
          "mixedTypes" : {
            "enabled" : false,
            "logOnly" : false,
            "parameterNameExceptionPattern" : false
          },
          "sameType" : {
            "enabled" : false
          }
        },
        "icap" : {
          "request" : {
            "clientViews" : false,
            "backendViews" : false
          },
          "response" : {
            "backendViews" : false,
            "clientViews" : false
          }
        }
      }
    }
  } ]
}

Import Mappings (As New Copy)

POST /configuration/mappings/import

Content-Type application/zip

Accept application/json

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/import" -i -X POST \
    -H 'Content-Type: application/zip' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    --data-binary '@/tmp/upload.zip'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 14980

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:05.820Z"
  },
  "data" : [ {
    "type" : "mapping",
    "id" : "4",
    "attributes" : {
      "name" : "Copy-of-mymapping",
      "labels" : [ ],
      "tenant" : "",
      "entryPath" : {
        "value" : "/",
        "enforceTrailingSlashes" : true,
        "regexFormatEnforced" : false,
        "ignoreCase" : false,
        "priority" : 0
      },
      "backendPath" : "/",
      "threatHandling" : "BLOCK",
      "operationalMode" : "PRODUCTION",
      "enableMaintenancePage" : false,
      "access" : {
        "deniedUrl" : {
          "value" : "/",
          "mode" : "GLOBAL"
        },
        "restrictions" : [ ],
        "clientCertificateAuthentication" : "NOT_REQUIRED",
        "authenticationFlow" : "REDIRECT",
        "backendLogoutUrl" : "",
        "ntlmPassthroughEnabled" : false,
        "credentialsPropagation" : {
          "mandatory" : false,
          "type" : "NONE"
        },
        "tokensEnabled" : false,
        "tokenTransport" : {
          "presenceMandatoryEnforced" : false,
          "headerExtraction" : {
            "enabled" : false,
            "extractionPattern" : {
              "pattern" : "^Authorization: Bearer (.*)$",
              "caseIgnored" : true
            },
            "replaceWith" : "$1"
          },
          "parameterExtraction" : {
            "enabled" : false,
            "name" : ""
          },
          "cookieExtraction" : {
            "enabled" : false,
            "name" : ""
          }
        },
        "tokenVerification" : {
          "signatureCheckEnforced" : true,
          "expiryCheckEnabled" : false,
          "expiryCheckSkew" : 10,
          "extractTechnicalClientIdEnabled" : false,
          "extractTechnicalClientIdName" : "",
          "setAuditTokenFromSubjectEnabled" : false,
          "claimRestrictions" : [ ],
          "roleExtractions" : [ ]
        }
      },
      "ipRules" : {
        "ipAddressWhitelists" : {
          "logOnly" : false
        },
        "ipAddressBlacklists" : {
          "logOnly" : false,
          "webrootThreatCategories" : ""
        },
        "dynamicIpAddressBlacklist" : {
          "enabled" : false,
          "countMode" : "OFF"
        }
      },
      "botManagement" : {
        "logOnly" : false,
        "clientCookieSupportEnforced" : false,
        "wellKnownBots" : {
          "allowed" : false,
          "sourceDomainEnforced" : false
        },
        "customBots" : {
          "allowed" : false,
          "sourceDomainEnforced" : false,
          "userAgentPattern" : {
            "pattern" : "",
            "caseIgnored" : false,
            "inverted" : false
          },
          "domainPattern" : {
            "pattern" : "",
            "inverted" : false
          }
        }
      },
      "timeouts" : {
        "backend" : 120,
        "sessionIdle" : 0
      },
      "limits" : {
        "general" : {
          "maxRequestBodySize" : 104857600,
          "maxPathLength" : 1024
        },
        "http" : {
          "maxParameters" : 128,
          "maxParameterNameLength" : 128,
          "maxParameterValueLength" : 1024
        },
        "json" : {
          "enabled" : true,
          "maxKeyLength" : 256,
          "maxValueLength" : 8192,
          "maxNestingDepth" : 100,
          "maxArrayItems" : 500,
          "maxKeys" : 250,
          "maxTotalEntries" : 150000
        }
      },
      "csrfProtection" : {
        "enabled" : false,
        "invalidTokenRedirectLocation" : "/%ENTRYPATH%",
        "pathExceptions" : [ {
          "pattern" : "",
          "caseIgnored" : false
        } ]
      },
      "application" : {
        "sessionHandling" : "ENFORCE_SESSION",
        "controlApiAllowed" : false,
        "environmentCookiesEnabled" : false,
        "encryptedCookies" : {
          "enabled" : false,
          "prefix" : ""
        },
        "passthroughCookies" : {
          "enabled" : false,
          "prefix" : ""
        },
        "loadBalancingCookieEnabled" : false,
        "webSocketsAllowed" : false,
        "redirectForErrorPageEnabled" : true,
        "request" : {
          "charset" : "UTF_8_FALLBACK_WINDOWS_1252",
          "path" : {
            "enforceUtf8" : false
          },
          "header" : {
            "enforceUtf8" : false,
            "allowlist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : ""
              }
            },
            "denylist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : ""
              }
            }
          },
          "parameter" : {
            "enforceUtf8" : false
          }
        },
        "response" : {
          "compressionAllowed" : false,
          "stripCommentsEnabled" : true,
          "header" : {
            "allowlist" : {
              "defaultEnabled" : false,
              "additional" : {
                "pattern" : ""
              }
            },
            "denylist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : ""
              }
            },
            "location" : {
              "rewrites" : [ ]
            }
          },
          "json" : {
            "rewrites" : [ ]
          },
          "body" : {
            "rewrites" : [ ]
          },
          "html" : {
            "rewrites" : [ ]
          },
          "errorPage" : {
            "rewrites" : [ ]
          }
        }
      },
      "apiSecurity" : {
        "treatPathSegmentsAsParamValues" : false,
        "jsonParser" : {
          "enabled" : true,
          "contentTypePattern" : {
            "pattern" : "json",
            "caseIgnored" : true,
            "inverted" : false
          }
        },
        "openApiEnforced" : false,
        "openApiCheckResponsesEnabled" : false,
        "logOnly" : false,
        "openApiPathMatching" : "ClientView",
        "openApiPublishSpecificationEnabled" : false,
        "openApiPublishSpecificationPath" : "",
        "apiPolicyServiceEnabled" : false,
        "apiPolicyKeyExtractionHeader" : {
          "enabled" : true,
          "extractionPattern" : {
            "pattern" : "^Api-Key: (.*)$",
            "caseIgnored" : false,
            "inverted" : false
          },
          "replaceWith" : "$1"
        },
        "apiPolicyKeyExtractionQueryParameter" : {
          "enabled" : false,
          "parameterName" : "api_key"
        },
        "apiPolicyKeyExtractionCookie" : {
          "enabled" : false,
          "cookieName" : "ApiKey"
        }
      },
      "dosAttackPrevention" : {
        "enabled" : false,
        "maxRequestsPerInterval" : 500,
        "interval" : 60
      },
      "requestBodyStreaming" : {
        "enabled" : false,
        "httpMethodPattern" : {
          "pattern" : "",
          "caseIgnored" : false,
          "inverted" : false
        },
        "pathPattern" : {
          "pattern" : "",
          "caseIgnored" : false,
          "inverted" : false
        },
        "contentTypePattern" : {
          "pattern" : "",
          "caseIgnored" : false,
          "inverted" : false
        }
      },
      "httpParameterPollutionDetection" : {
        "mixedTypes" : {
          "enabled" : true,
          "logOnly" : false,
          "parameterNameExceptionPattern" : {
            "pattern" : "",
            "caseIgnored" : false,
            "inverted" : false
          }
        },
        "sameType" : {
          "enabled" : true
        }
      },
      "expertSettings" : {
        "securityGate" : {
          "enabled" : false,
          "settings" : ""
        },
        "apache" : {
          "enabled" : false,
          "settings" : ""
        }
      },
      "locking" : {
        "enabled" : false,
        "labels" : false,
        "access" : {
          "deniedUrl" : {
            "value" : false,
            "mode" : false
          },
          "restrictions" : false,
          "clientCertificateAuthentication" : false,
          "authenticationFlow" : false,
          "backendLogoutUrl" : false,
          "ntlmPassthroughEnabled" : false,
          "credentialsPropagation" : {
            "mandatory" : false,
            "type" : false
          },
          "tokensEnabled" : false,
          "tokenVerification" : {
            "localJwksProviders" : false,
            "remoteJwksProviders" : false,
            "expiryCheckEnabled" : false,
            "expiryCheckSkew" : false,
            "claimRestrictions" : false,
            "roleExtractions" : false,
            "extractTechnicalClientIdEnabled" : false,
            "extractTechnicalClientIdName" : false,
            "setAuditTokenFromSubjectEnabled" : false
          },
          "tokenTransport" : {
            "presenceMandatoryEnforced" : false,
            "headerExtraction" : {
              "enabled" : false,
              "extractionPattern" : false,
              "replaceWith" : false
            },
            "parameterExtraction" : {
              "enabled" : false,
              "name" : false
            },
            "cookieExtraction" : {
              "enabled" : false,
              "name" : false
            }
          }
        },
        "entryPath" : {
          "settings" : false,
          "enforceTrailingSlashes" : false,
          "regexFormatEnforced" : false,
          "priority" : false
        },
        "backendPath" : false,
        "threatHandling" : false,
        "operationalMode" : false,
        "enableMaintenancePage" : false,
        "ipRules" : {
          "ipAddressWhitelists" : {
            "logOnly" : false
          },
          "ipAddressBlacklists" : {
            "logOnly" : false
          },
          "dynamicIpAddressBlacklist" : {
            "enabled" : false,
            "countMode" : false
          }
        },
        "botManagement" : {
          "logOnly" : false,
          "clientCookieSupportEnforced" : false,
          "wellKnownBots" : {
            "allowed" : false,
            "sourceDomainEnforced" : false
          },
          "customBots" : {
            "allowed" : false,
            "sourceDomainEnforced" : false,
            "userAgentPattern" : false,
            "domainPattern" : false
          }
        },
        "timeouts" : {
          "backend" : false,
          "sessionIdle" : false
        },
        "limits" : {
          "general" : {
            "maxRequestBodySize" : false,
            "maxPathLength" : false
          },
          "http" : {
            "maxParameters" : false,
            "maxParameterNameLength" : false,
            "maxParameterValueLength" : false
          },
          "json" : {
            "enabled" : false,
            "maxKeyLength" : false,
            "maxValueLength" : false,
            "maxNestingDepth" : false,
            "maxArrayItems" : false,
            "maxKeys" : false,
            "maxTotalEntries" : false
          }
        },
        "csrfProtection" : {
          "enabled" : false,
          "invalidTokenRedirectLocation" : false,
          "pathExceptions" : false
        },
        "application" : {
          "sessionHandling" : false,
          "controlApiAllowed" : false,
          "environmentCookiesEnabled" : false,
          "encryptedCookies" : {
            "enabled" : false,
            "prefix" : false
          },
          "passthroughCookies" : {
            "enabled" : false,
            "prefix" : false
          },
          "loadBalancingCookieEnabled" : false,
          "webSocketsAllowed" : false,
          "redirectForErrorPageEnabled" : false,
          "request" : {
            "charset" : false,
            "path" : {
              "enforceUtf8" : false
            },
            "header" : {
              "enforceUtf8" : false,
              "allowlist" : {
                "defaultEnabled" : true,
                "additional" : false
              },
              "denylist" : {
                "defaultEnabled" : true,
                "additional" : false
              }
            },
            "parameter" : {
              "enforceUtf8" : false
            }
          },
          "response" : {
            "compressionAllowed" : false,
            "stripCommentsEnabled" : false,
            "header" : {
              "allowlist" : {
                "defaultEnabled" : true,
                "additional" : false
              },
              "denylist" : {
                "defaultEnabled" : true,
                "additional" : false
              },
              "location" : {
                "rewrites" : false
              }
            },
            "json" : {
              "rewrites" : false
            },
            "body" : {
              "rewrites" : false
            },
            "html" : {
              "rewrites" : false
            },
            "errorPage" : {
              "rewrites" : false
            }
          }
        },
        "apiSecurity" : {
          "treatPathSegmentsAsParamValues" : false,
          "jsonParser" : {
            "enabled" : false,
            "contentTypePattern" : false
          },
          "openApiEnforced" : false,
          "openApiCheckResponsesEnabled" : false,
          "openApiDocumentId" : false,
          "logOnly" : false,
          "openApiPathMatching" : false,
          "openApiPublishSpecificationEnabled" : false,
          "openApiPublishSpecificationPath" : false,
          "apiPolicyServiceEnabled" : false,
          "apiPolicyServiceId" : false,
          "apiPolicyKeyExtractionHeader" : {
            "enabled" : false,
            "extractionPattern" : false,
            "replaceWith" : false
          },
          "apiPolicyKeyExtractionQueryParameter" : {
            "enabled" : false,
            "parameterName" : false
          },
          "apiPolicyKeyExtractionCookie" : {
            "enabled" : false,
            "cookieName" : false
          }
        },
        "dosAttackPrevention" : {
          "enabled" : false,
          "maxRequestsPerInterval" : false,
          "interval" : false
        },
        "requestBodyStreaming" : {
          "enabled" : false,
          "httpMethodPattern" : false,
          "pathPattern" : false,
          "contentTypePattern" : false
        },
        "httpParameterPollutionDetection" : {
          "mixedTypes" : {
            "enabled" : false,
            "logOnly" : false,
            "parameterNameExceptionPattern" : false
          },
          "sameType" : {
            "enabled" : false
          }
        },
        "icap" : {
          "request" : {
            "clientViews" : false,
            "backendViews" : false
          },
          "response" : {
            "backendViews" : false,
            "clientViews" : false
          }
        }
      }
    }
  } ]
}

Export a Mapping

GET /configuration/mappings/{id}/export

Accept application/zip

Allows the export of a mapping.

Status Code Description

200

The mapping was successfully exported.

404

There is no mapping with the given ID to export.

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/export" -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/zip' \
    -o '/tmp/download.zip'

Example Response

HTTP/1.1 200 OK
Content-Type: application/zip
Content-Length: 4409

Export Mappings

GET /configuration/mappings/export

Accept application/zip

Export multiple mappings. If no filter parameter is given, all mappings are exported.

Status Code Description

200

Mappings were successfully exported.

404

There is no mapping matching the search filter to export.

Request Structure

Parameter Description Required

filter

Optionally allows to filter by: 'name', 'label', 'entryPath' and 'backendPath'. Click here for more details about the syntax.

no

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/export?filter=label%3D%3DmyMappingLabel&filter=entryPath%3D%3D/mymapping/" -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/zip' \
    -o '/tmp/download.zip'

Example Response

HTTP/1.1 200 OK
Content-Type: application/zip
Content-Length: 4409

Apply Unlocked Settings from Source Mapping

POST /configuration/mappings/{id}/pull-from-source-mapping

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/5/pull-from-source-mapping" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 23149

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:08.091Z"
  },
  "data" : {
    "type" : "mapping",
    "id" : "5",
    "attributes" : {
      "name" : "mymapping",
      "labels" : [ "myMappingLabel" ],
      "tenant" : "",
      "entryPath" : {
        "value" : "/source-mapping-path/",
        "enforceTrailingSlashes" : true,
        "regexFormatEnforced" : false,
        "ignoreCase" : false,
        "priority" : 0
      },
      "backendPath" : "/",
      "threatHandling" : "BLOCK",
      "operationalMode" : "PRODUCTION",
      "enableMaintenancePage" : true,
      "access" : {
        "deniedUrl" : {
          "value" : "/",
          "mode" : "GLOBAL"
        },
        "restrictions" : [ {
          "enabled" : true,
          "httpMethodPattern" : {
            "pattern" : "GET",
            "caseIgnored" : true,
            "inverted" : true
          },
          "entryPathPattern" : {
            "pattern" : "/admin/",
            "caseIgnored" : true,
            "inverted" : true
          },
          "authorizedRoles" : [ "admin" ],
          "authorizedPlans" : [ "android", "ios", "browser" ]
        } ],
        "clientCertificateAuthentication" : "NOT_REQUIRED",
        "authenticationFlow" : "REDIRECT",
        "backendLogoutUrl" : "",
        "ntlmPassthroughEnabled" : false,
        "credentialsPropagation" : {
          "mandatory" : false,
          "type" : "NONE"
        },
        "tokensEnabled" : false,
        "tokenTransport" : {
          "presenceMandatoryEnforced" : false,
          "headerExtraction" : {
            "enabled" : false,
            "extractionPattern" : {
              "pattern" : "^Authorization: Bearer (.*)$",
              "caseIgnored" : true
            },
            "replaceWith" : "$1"
          },
          "parameterExtraction" : {
            "enabled" : false,
            "name" : ""
          },
          "cookieExtraction" : {
            "enabled" : false,
            "name" : ""
          }
        },
        "tokenVerification" : {
          "signatureCheckEnforced" : false,
          "expiryCheckEnabled" : false,
          "expiryCheckSkew" : 10,
          "extractTechnicalClientIdEnabled" : false,
          "extractTechnicalClientIdName" : "",
          "setAuditTokenFromSubjectEnabled" : false,
          "claimRestrictions" : [ {
            "enabled" : true,
            "name" : "myClaim",
            "restrictionPattern" : {
              "pattern" : "",
              "caseIgnored" : false,
              "inverted" : false
            }
          } ],
          "roleExtractions" : [ {
            "enabled" : true,
            "name" : "myClaim",
            "extractionPattern" : {
              "pattern" : "",
              "caseIgnored" : false
            },
            "replaceWith" : "$1",
            "tokenLifetimeAsRoleLifetimeEnforced" : true
          } ]
        }
      },
      "ipRules" : {
        "ipAddressWhitelists" : {
          "logOnly" : false
        },
        "ipAddressBlacklists" : {
          "logOnly" : false,
          "webrootThreatCategories" : "WEB_ATTACKS"
        },
        "dynamicIpAddressBlacklist" : {
          "enabled" : false,
          "countMode" : "OFF"
        }
      },
      "botManagement" : {
        "logOnly" : false,
        "clientCookieSupportEnforced" : false,
        "wellKnownBots" : {
          "allowed" : false,
          "sourceDomainEnforced" : false
        },
        "customBots" : {
          "allowed" : false,
          "sourceDomainEnforced" : false,
          "userAgentPattern" : {
            "pattern" : "",
            "caseIgnored" : false,
            "inverted" : false
          },
          "domainPattern" : {
            "pattern" : "",
            "inverted" : false
          }
        }
      },
      "timeouts" : {
        "backend" : 120,
        "sessionIdle" : 0
      },
      "limits" : {
        "general" : {
          "maxRequestBodySize" : 1073741824,
          "maxPathLength" : 1024
        },
        "http" : {
          "maxParameters" : 128,
          "maxParameterNameLength" : 128,
          "maxParameterValueLength" : 1024
        },
        "json" : {
          "enabled" : true,
          "maxKeyLength" : 256,
          "maxValueLength" : 8192,
          "maxNestingDepth" : 100,
          "maxArrayItems" : 500,
          "maxKeys" : 250,
          "maxTotalEntries" : 150000
        }
      },
      "csrfProtection" : {
        "enabled" : false,
        "invalidTokenRedirectLocation" : "/%ENTRYPATH%",
        "pathExceptions" : [ {
          "pattern" : "^/exception$",
          "caseIgnored" : true
        } ]
      },
      "application" : {
        "sessionHandling" : "ENFORCE_SESSION",
        "controlApiAllowed" : false,
        "environmentCookiesEnabled" : false,
        "encryptedCookies" : {
          "enabled" : false,
          "prefix" : ""
        },
        "passthroughCookies" : {
          "enabled" : false,
          "prefix" : ""
        },
        "loadBalancingCookieEnabled" : true,
        "webSocketsAllowed" : false,
        "redirectForErrorPageEnabled" : false,
        "request" : {
          "charset" : "UTF_8_FALLBACK_WINDOWS_1252",
          "path" : {
            "enforceUtf8" : false
          },
          "header" : {
            "enforceUtf8" : false,
            "allowlist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$"
              }
            },
            "denylist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$"
              }
            }
          },
          "parameter" : {
            "enforceUtf8" : false
          }
        },
        "response" : {
          "compressionAllowed" : false,
          "stripCommentsEnabled" : true,
          "header" : {
            "allowlist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$"
              }
            },
            "denylist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$"
              }
            },
            "location" : {
              "rewrites" : [ {
                "enabled" : true,
                "urlPattern" : {
                  "pattern" : "/",
                  "caseIgnored" : true
                },
                "replaceWith" : "$1"
              } ]
            }
          },
          "json" : {
            "rewrites" : [ {
              "enabled" : true,
              "path" : "json#path",
              "contentPattern" : {
                "pattern" : "a",
                "caseIgnored" : true
              },
              "replaceWith" : "b"
            } ]
          },
          "body" : {
            "rewrites" : [ {
              "enabled" : true,
              "contentType" : "application/json",
              "contentPattern" : {
                "pattern" : "a",
                "caseIgnored" : true
              },
              "replaceWith" : "b"
            } ]
          },
          "html" : {
            "rewrites" : [ {
              "enabled" : true,
              "urlPattern" : {
                "pattern" : "a",
                "caseIgnored" : true
              },
              "uris" : true,
              "events" : true,
              "embedded" : true,
              "replaceWith" : "b"
            } ]
          },
          "errorPage" : {
            "rewrites" : [ {
              "enabled" : true,
              "statusContentPattern" : "^5(?!02|03)..$",
              "replaceWith" : "500.html"
            } ]
          }
        }
      },
      "apiSecurity" : {
        "treatPathSegmentsAsParamValues" : true,
        "jsonParser" : {
          "enabled" : false,
          "contentTypePattern" : {
            "pattern" : "",
            "caseIgnored" : true,
            "inverted" : false
          }
        },
        "openApiEnforced" : true,
        "openApiCheckResponsesEnabled" : false,
        "logOnly" : false,
        "openApiPathMatching" : "ClientView",
        "openApiPublishSpecificationEnabled" : true,
        "openApiPublishSpecificationPath" : "path/to/apiSpecification.json",
        "apiPolicyServiceEnabled" : true,
        "apiPolicyKeyExtractionHeader" : {
          "enabled" : true,
          "extractionPattern" : {
            "pattern" : "^Api-Key: (.*)$",
            "caseIgnored" : false,
            "inverted" : false
          },
          "replaceWith" : "$1"
        },
        "apiPolicyKeyExtractionQueryParameter" : {
          "enabled" : false,
          "parameterName" : "api_key"
        },
        "apiPolicyKeyExtractionCookie" : {
          "enabled" : false,
          "cookieName" : "ApiKey"
        }
      },
      "dosAttackPrevention" : {
        "enabled" : false,
        "maxRequestsPerInterval" : 500,
        "interval" : 60
      },
      "requestBodyStreaming" : {
        "enabled" : false,
        "httpMethodPattern" : {
          "pattern" : "",
          "caseIgnored" : false,
          "inverted" : false
        },
        "pathPattern" : {
          "pattern" : "",
          "caseIgnored" : false,
          "inverted" : false
        },
        "contentTypePattern" : {
          "pattern" : "",
          "caseIgnored" : true,
          "inverted" : false
        }
      },
      "httpParameterPollutionDetection" : {
        "mixedTypes" : {
          "enabled" : true,
          "logOnly" : false,
          "parameterNameExceptionPattern" : {
            "pattern" : "",
            "caseIgnored" : false,
            "inverted" : false
          }
        },
        "sameType" : {
          "enabled" : true
        }
      },
      "expertSettings" : {
        "securityGate" : {
          "enabled" : false,
          "settings" : ""
        },
        "apache" : {
          "enabled" : false,
          "settings" : ""
        }
      },
      "locking" : {
        "enabled" : false,
        "labels" : false,
        "access" : {
          "deniedUrl" : {
            "value" : false,
            "mode" : false
          },
          "restrictions" : false,
          "clientCertificateAuthentication" : false,
          "authenticationFlow" : false,
          "backendLogoutUrl" : false,
          "ntlmPassthroughEnabled" : false,
          "credentialsPropagation" : {
            "mandatory" : false,
            "type" : false
          },
          "tokensEnabled" : false,
          "tokenVerification" : {
            "localJwksProviders" : true,
            "remoteJwksProviders" : true,
            "expiryCheckEnabled" : false,
            "expiryCheckSkew" : false,
            "claimRestrictions" : false,
            "roleExtractions" : false,
            "extractTechnicalClientIdEnabled" : false,
            "extractTechnicalClientIdName" : false,
            "setAuditTokenFromSubjectEnabled" : false
          },
          "tokenTransport" : {
            "presenceMandatoryEnforced" : false,
            "headerExtraction" : {
              "enabled" : false,
              "extractionPattern" : false,
              "replaceWith" : false
            },
            "parameterExtraction" : {
              "enabled" : false,
              "name" : false
            },
            "cookieExtraction" : {
              "enabled" : false,
              "name" : false
            }
          }
        },
        "entryPath" : {
          "settings" : false,
          "enforceTrailingSlashes" : true,
          "regexFormatEnforced" : true,
          "priority" : false
        },
        "backendPath" : true,
        "threatHandling" : false,
        "operationalMode" : false,
        "enableMaintenancePage" : false,
        "ipRules" : {
          "ipAddressWhitelists" : {
            "logOnly" : false
          },
          "ipAddressBlacklists" : {
            "logOnly" : false
          },
          "dynamicIpAddressBlacklist" : {
            "enabled" : false,
            "countMode" : false
          }
        },
        "botManagement" : {
          "logOnly" : false,
          "clientCookieSupportEnforced" : false,
          "wellKnownBots" : {
            "allowed" : false,
            "sourceDomainEnforced" : false
          },
          "customBots" : {
            "allowed" : false,
            "sourceDomainEnforced" : false,
            "userAgentPattern" : false,
            "domainPattern" : false
          }
        },
        "timeouts" : {
          "backend" : false,
          "sessionIdle" : false
        },
        "limits" : {
          "general" : {
            "maxRequestBodySize" : true,
            "maxPathLength" : true
          },
          "http" : {
            "maxParameters" : false,
            "maxParameterNameLength" : false,
            "maxParameterValueLength" : false
          },
          "json" : {
            "enabled" : false,
            "maxKeyLength" : false,
            "maxValueLength" : false,
            "maxNestingDepth" : false,
            "maxArrayItems" : false,
            "maxKeys" : false,
            "maxTotalEntries" : false
          }
        },
        "csrfProtection" : {
          "enabled" : false,
          "invalidTokenRedirectLocation" : false,
          "pathExceptions" : false
        },
        "application" : {
          "sessionHandling" : false,
          "controlApiAllowed" : false,
          "environmentCookiesEnabled" : false,
          "encryptedCookies" : {
            "enabled" : false,
            "prefix" : false
          },
          "passthroughCookies" : {
            "enabled" : false,
            "prefix" : false
          },
          "loadBalancingCookieEnabled" : false,
          "webSocketsAllowed" : false,
          "redirectForErrorPageEnabled" : false,
          "request" : {
            "charset" : false,
            "path" : {
              "enforceUtf8" : false
            },
            "header" : {
              "enforceUtf8" : false,
              "allowlist" : {
                "defaultEnabled" : true,
                "additional" : false
              },
              "denylist" : {
                "defaultEnabled" : false,
                "additional" : false
              }
            },
            "parameter" : {
              "enforceUtf8" : false
            }
          },
          "response" : {
            "compressionAllowed" : false,
            "stripCommentsEnabled" : false,
            "header" : {
              "allowlist" : {
                "defaultEnabled" : false,
                "additional" : false
              },
              "denylist" : {
                "defaultEnabled" : false,
                "additional" : false
              },
              "location" : {
                "rewrites" : false
              }
            },
            "json" : {
              "rewrites" : false
            },
            "body" : {
              "rewrites" : false
            },
            "html" : {
              "rewrites" : false
            },
            "errorPage" : {
              "rewrites" : false
            }
          }
        },
        "apiSecurity" : {
          "treatPathSegmentsAsParamValues" : false,
          "jsonParser" : {
            "enabled" : false,
            "contentTypePattern" : false
          },
          "openApiEnforced" : false,
          "openApiCheckResponsesEnabled" : false,
          "openApiDocumentId" : false,
          "logOnly" : false,
          "openApiPathMatching" : false,
          "openApiPublishSpecificationEnabled" : false,
          "openApiPublishSpecificationPath" : false,
          "apiPolicyServiceEnabled" : false,
          "apiPolicyServiceId" : false,
          "apiPolicyKeyExtractionHeader" : {
            "enabled" : false,
            "extractionPattern" : false,
            "replaceWith" : false
          },
          "apiPolicyKeyExtractionQueryParameter" : {
            "enabled" : false,
            "parameterName" : false
          },
          "apiPolicyKeyExtractionCookie" : {
            "enabled" : false,
            "cookieName" : false
          }
        },
        "dosAttackPrevention" : {
          "enabled" : false,
          "maxRequestsPerInterval" : false,
          "interval" : false
        },
        "requestBodyStreaming" : {
          "enabled" : false,
          "httpMethodPattern" : false,
          "pathPattern" : false,
          "contentTypePattern" : false
        },
        "httpParameterPollutionDetection" : {
          "mixedTypes" : {
            "enabled" : false,
            "logOnly" : false,
            "parameterNameExceptionPattern" : false
          },
          "sameType" : {
            "enabled" : false
          }
        },
        "icap" : {
          "request" : {
            "clientViews" : false,
            "backendViews" : false
          },
          "response" : {
            "backendViews" : false,
            "clientViews" : false
          }
        }
      }
    },
    "relationships" : {
      "back-end-groups" : {
        "data" : [ {
          "type" : "back-end-group",
          "id" : "30"
        } ]
      },
      "virtual-hosts" : {
        "data" : [ {
          "type" : "virtual-host",
          "id" : "40"
        } ]
      },
      "local-json-web-key-sets" : {
        "data" : [ {
          "type" : "local-json-web-key-set",
          "id" : "46"
        } ]
      },
      "remote-json-web-key-sets" : {
        "data" : [ {
          "type" : "remote-json-web-key-set",
          "id" : "47"
        } ]
      },
      "openapi-document" : {
        "data" : {
          "type" : "openapi-document",
          "id" : "50"
        }
      },
      "api-policy-service" : {
        "data" : {
          "type" : "api-policy-service",
          "id" : "60"
        }
      },
      "icap-request-client-views" : {
        "data" : [ {
          "type" : "icap-environment",
          "id" : "42",
          "meta" : {
            "type" : "jsonapi.meta",
            "usage" : {
              "httpMethodPattern" : {
                "caseIgnored" : "true",
                "pattern" : "GET",
                "inverted" : "true"
              },
              "pathPattern" : {
                "caseIgnored" : "true",
                "pattern" : "/entity-path",
                "inverted" : "true"
              },
              "requestHeaderNamePattern" : {
                "caseIgnored" : "true",
                "pattern" : "^X-Entity",
                "inverted" : "true"
              },
              "requestHeaderValuePattern" : {
                "caseIgnored" : "true",
                "pattern" : "EntityValue",
                "inverted" : "true"
              },
              "enabled" : true
            }
          }
        } ]
      },
      "icap-request-backend-views" : {
        "data" : [ {
          "type" : "icap-environment",
          "id" : "43",
          "meta" : {
            "type" : "jsonapi.meta",
            "usage" : {
              "httpMethodPattern" : {
                "caseIgnored" : "true",
                "pattern" : "GET",
                "inverted" : "true"
              },
              "pathPattern" : {
                "caseIgnored" : "true",
                "pattern" : "/entity-path",
                "inverted" : "true"
              },
              "requestHeaderNamePattern" : {
                "caseIgnored" : "true",
                "pattern" : "^X-Entity",
                "inverted" : "true"
              },
              "requestHeaderValuePattern" : {
                "caseIgnored" : "true",
                "pattern" : "EntityValue",
                "inverted" : "true"
              },
              "enabled" : true
            }
          }
        } ]
      },
      "icap-response-backend-views" : {
        "data" : [ {
          "type" : "icap-environment",
          "id" : "44",
          "meta" : {
            "type" : "jsonapi.meta",
            "usage" : {
              "httpMethodPattern" : {
                "caseIgnored" : "true",
                "pattern" : "GET",
                "inverted" : "true"
              },
              "pathPattern" : {
                "caseIgnored" : "true",
                "pattern" : "/entity-path",
                "inverted" : "true"
              },
              "requestHeaderNamePattern" : {
                "caseIgnored" : "true",
                "pattern" : "^X-Entity",
                "inverted" : "true"
              },
              "requestHeaderValuePattern" : {
                "caseIgnored" : "true",
                "pattern" : "EntityValue",
                "inverted" : "true"
              },
              "responseHeaderNamePattern" : {
                "caseIgnored" : "true",
                "pattern" : "X-Response",
                "inverted" : "true"
              },
              "responseHeaderValuePattern" : {
                "caseIgnored" : "true",
                "pattern" : "responsevalue",
                "inverted" : "true"
              },
              "enabled" : true
            }
          }
        } ]
      },
      "icap-response-client-views" : {
        "data" : [ {
          "type" : "icap-environment",
          "id" : "45",
          "meta" : {
            "type" : "jsonapi.meta",
            "usage" : {
              "httpMethodPattern" : {
                "caseIgnored" : "true",
                "pattern" : "GET",
                "inverted" : "true"
              },
              "pathPattern" : {
                "caseIgnored" : "true",
                "pattern" : "/entity-path",
                "inverted" : "true"
              },
              "requestHeaderNamePattern" : {
                "caseIgnored" : "true",
                "pattern" : "^X-Entity",
                "inverted" : "true"
              },
              "requestHeaderValuePattern" : {
                "caseIgnored" : "true",
                "pattern" : "EntityValue",
                "inverted" : "true"
              },
              "responseHeaderNamePattern" : {
                "caseIgnored" : "true",
                "pattern" : "X-Response",
                "inverted" : "true"
              },
              "responseHeaderValuePattern" : {
                "caseIgnored" : "true",
                "pattern" : "responsevalue",
                "inverted" : "true"
              },
              "enabled" : true
            }
          }
        } ]
      },
      "anomaly-shield-application" : {
        "data" : {
          "type" : "anomaly-shield-application",
          "id" : "70"
        }
      },
      "template" : {
        "data" : {
          "type" : "mapping",
          "id" : "4"
        }
      }
    }
  }
}

Apply Unlocked Settings from Import

POST /configuration/mappings/pull-from-uploaded-mappings

Content-Type application/zip

Accept application/json

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/pull-from-uploaded-mappings" -i -X POST \
    -H 'Content-Type: application/zip' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    --data-binary '@/tmp/upload.zip'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 15554

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:07.624Z"
  },
  "data" : [ {
    "type" : "mapping",
    "id" : "1",
    "attributes" : {
      "name" : "mymapping",
      "labels" : [ ],
      "tenant" : "",
      "entryPath" : {
        "value" : "/mymapping/",
        "enforceTrailingSlashes" : true,
        "regexFormatEnforced" : false,
        "ignoreCase" : false,
        "priority" : 0
      },
      "backendPath" : "/",
      "threatHandling" : "BLOCK",
      "operationalMode" : "PRODUCTION",
      "enableMaintenancePage" : false,
      "access" : {
        "deniedUrl" : {
          "value" : "/",
          "mode" : "GLOBAL"
        },
        "restrictions" : [ ],
        "clientCertificateAuthentication" : "NOT_REQUIRED",
        "authenticationFlow" : "REDIRECT",
        "backendLogoutUrl" : "",
        "ntlmPassthroughEnabled" : false,
        "credentialsPropagation" : {
          "mandatory" : false,
          "type" : "NONE"
        },
        "tokensEnabled" : false,
        "tokenTransport" : {
          "presenceMandatoryEnforced" : false,
          "headerExtraction" : {
            "enabled" : false,
            "extractionPattern" : {
              "pattern" : "^Authorization: Bearer (.*)$",
              "caseIgnored" : true
            },
            "replaceWith" : "$1"
          },
          "parameterExtraction" : {
            "enabled" : false,
            "name" : ""
          },
          "cookieExtraction" : {
            "enabled" : false,
            "name" : ""
          }
        },
        "tokenVerification" : {
          "signatureCheckEnforced" : true,
          "expiryCheckEnabled" : false,
          "expiryCheckSkew" : 10,
          "extractTechnicalClientIdEnabled" : false,
          "extractTechnicalClientIdName" : "",
          "setAuditTokenFromSubjectEnabled" : false,
          "claimRestrictions" : [ ],
          "roleExtractions" : [ ]
        }
      },
      "ipRules" : {
        "ipAddressWhitelists" : {
          "logOnly" : false
        },
        "ipAddressBlacklists" : {
          "logOnly" : false,
          "webrootThreatCategories" : ""
        },
        "dynamicIpAddressBlacklist" : {
          "enabled" : false,
          "countMode" : "OFF"
        }
      },
      "botManagement" : {
        "logOnly" : false,
        "clientCookieSupportEnforced" : false,
        "wellKnownBots" : {
          "allowed" : false,
          "sourceDomainEnforced" : false
        },
        "customBots" : {
          "allowed" : false,
          "sourceDomainEnforced" : false,
          "userAgentPattern" : {
            "pattern" : "",
            "caseIgnored" : false,
            "inverted" : false
          },
          "domainPattern" : {
            "pattern" : "",
            "inverted" : false
          }
        }
      },
      "timeouts" : {
        "backend" : 120,
        "sessionIdle" : 0
      },
      "limits" : {
        "general" : {
          "maxRequestBodySize" : 1073741824,
          "maxPathLength" : 1024
        },
        "http" : {
          "maxParameters" : 128,
          "maxParameterNameLength" : 128,
          "maxParameterValueLength" : 1024
        },
        "json" : {
          "enabled" : true,
          "maxKeyLength" : 256,
          "maxValueLength" : 8192,
          "maxNestingDepth" : 100,
          "maxArrayItems" : 500,
          "maxKeys" : 250,
          "maxTotalEntries" : 150000
        }
      },
      "csrfProtection" : {
        "enabled" : false,
        "invalidTokenRedirectLocation" : "/%ENTRYPATH%",
        "pathExceptions" : [ {
          "pattern" : "",
          "caseIgnored" : false
        } ]
      },
      "application" : {
        "sessionHandling" : "ENFORCE_SESSION",
        "controlApiAllowed" : false,
        "environmentCookiesEnabled" : false,
        "encryptedCookies" : {
          "enabled" : false,
          "prefix" : ""
        },
        "passthroughCookies" : {
          "enabled" : false,
          "prefix" : ""
        },
        "loadBalancingCookieEnabled" : false,
        "webSocketsAllowed" : false,
        "redirectForErrorPageEnabled" : true,
        "request" : {
          "charset" : "UTF_8_FALLBACK_WINDOWS_1252",
          "path" : {
            "enforceUtf8" : false
          },
          "header" : {
            "enforceUtf8" : false,
            "allowlist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : ""
              }
            },
            "denylist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : ""
              }
            }
          },
          "parameter" : {
            "enforceUtf8" : false
          }
        },
        "response" : {
          "compressionAllowed" : false,
          "stripCommentsEnabled" : true,
          "header" : {
            "allowlist" : {
              "defaultEnabled" : false,
              "additional" : {
                "pattern" : ""
              }
            },
            "denylist" : {
              "defaultEnabled" : true,
              "additional" : {
                "pattern" : ""
              }
            },
            "location" : {
              "rewrites" : [ ]
            }
          },
          "json" : {
            "rewrites" : [ ]
          },
          "body" : {
            "rewrites" : [ ]
          },
          "html" : {
            "rewrites" : [ ]
          },
          "errorPage" : {
            "rewrites" : [ ]
          }
        }
      },
      "apiSecurity" : {
        "treatPathSegmentsAsParamValues" : false,
        "jsonParser" : {
          "enabled" : true,
          "contentTypePattern" : {
            "pattern" : "json",
            "caseIgnored" : true,
            "inverted" : false
          }
        },
        "openApiEnforced" : false,
        "openApiCheckResponsesEnabled" : false,
        "logOnly" : false,
        "openApiPathMatching" : "ClientView",
        "openApiPublishSpecificationEnabled" : false,
        "openApiPublishSpecificationPath" : "",
        "apiPolicyServiceEnabled" : false,
        "apiPolicyKeyExtractionHeader" : {
          "enabled" : true,
          "extractionPattern" : {
            "pattern" : "^Api-Key: (.*)$",
            "caseIgnored" : false,
            "inverted" : false
          },
          "replaceWith" : "$1"
        },
        "apiPolicyKeyExtractionQueryParameter" : {
          "enabled" : false,
          "parameterName" : "api_key"
        },
        "apiPolicyKeyExtractionCookie" : {
          "enabled" : false,
          "cookieName" : "ApiKey"
        }
      },
      "dosAttackPrevention" : {
        "enabled" : false,
        "maxRequestsPerInterval" : 500,
        "interval" : 60
      },
      "requestBodyStreaming" : {
        "enabled" : false,
        "httpMethodPattern" : {
          "pattern" : "",
          "caseIgnored" : false,
          "inverted" : false
        },
        "pathPattern" : {
          "pattern" : "",
          "caseIgnored" : false,
          "inverted" : false
        },
        "contentTypePattern" : {
          "pattern" : "",
          "caseIgnored" : false,
          "inverted" : false
        }
      },
      "httpParameterPollutionDetection" : {
        "mixedTypes" : {
          "enabled" : true,
          "logOnly" : false,
          "parameterNameExceptionPattern" : {
            "pattern" : "",
            "caseIgnored" : false,
            "inverted" : false
          }
        },
        "sameType" : {
          "enabled" : true
        }
      },
      "expertSettings" : {
        "securityGate" : {
          "enabled" : false,
          "settings" : ""
        },
        "apache" : {
          "enabled" : false,
          "settings" : ""
        }
      },
      "locking" : {
        "enabled" : false,
        "labels" : false,
        "access" : {
          "deniedUrl" : {
            "value" : false,
            "mode" : false
          },
          "restrictions" : false,
          "clientCertificateAuthentication" : false,
          "authenticationFlow" : false,
          "backendLogoutUrl" : false,
          "ntlmPassthroughEnabled" : false,
          "credentialsPropagation" : {
            "mandatory" : false,
            "type" : false
          },
          "tokensEnabled" : false,
          "tokenVerification" : {
            "localJwksProviders" : true,
            "remoteJwksProviders" : true,
            "expiryCheckEnabled" : false,
            "expiryCheckSkew" : false,
            "claimRestrictions" : false,
            "roleExtractions" : false,
            "extractTechnicalClientIdEnabled" : false,
            "extractTechnicalClientIdName" : false,
            "setAuditTokenFromSubjectEnabled" : false
          },
          "tokenTransport" : {
            "presenceMandatoryEnforced" : false,
            "headerExtraction" : {
              "enabled" : false,
              "extractionPattern" : false,
              "replaceWith" : false
            },
            "parameterExtraction" : {
              "enabled" : false,
              "name" : false
            },
            "cookieExtraction" : {
              "enabled" : false,
              "name" : false
            }
          }
        },
        "entryPath" : {
          "settings" : true,
          "enforceTrailingSlashes" : true,
          "regexFormatEnforced" : true,
          "priority" : false
        },
        "backendPath" : true,
        "threatHandling" : false,
        "operationalMode" : false,
        "enableMaintenancePage" : false,
        "ipRules" : {
          "ipAddressWhitelists" : {
            "logOnly" : false
          },
          "ipAddressBlacklists" : {
            "logOnly" : false
          },
          "dynamicIpAddressBlacklist" : {
            "enabled" : false,
            "countMode" : false
          }
        },
        "botManagement" : {
          "logOnly" : false,
          "clientCookieSupportEnforced" : false,
          "wellKnownBots" : {
            "allowed" : false,
            "sourceDomainEnforced" : false
          },
          "customBots" : {
            "allowed" : false,
            "sourceDomainEnforced" : false,
            "userAgentPattern" : false,
            "domainPattern" : false
          }
        },
        "timeouts" : {
          "backend" : false,
          "sessionIdle" : false
        },
        "limits" : {
          "general" : {
            "maxRequestBodySize" : true,
            "maxPathLength" : true
          },
          "http" : {
            "maxParameters" : false,
            "maxParameterNameLength" : false,
            "maxParameterValueLength" : false
          },
          "json" : {
            "enabled" : false,
            "maxKeyLength" : false,
            "maxValueLength" : false,
            "maxNestingDepth" : false,
            "maxArrayItems" : false,
            "maxKeys" : false,
            "maxTotalEntries" : false
          }
        },
        "csrfProtection" : {
          "enabled" : false,
          "invalidTokenRedirectLocation" : false,
          "pathExceptions" : false
        },
        "application" : {
          "sessionHandling" : false,
          "controlApiAllowed" : false,
          "environmentCookiesEnabled" : false,
          "encryptedCookies" : {
            "enabled" : false,
            "prefix" : false
          },
          "passthroughCookies" : {
            "enabled" : false,
            "prefix" : false
          },
          "loadBalancingCookieEnabled" : false,
          "webSocketsAllowed" : false,
          "redirectForErrorPageEnabled" : false,
          "request" : {
            "charset" : false,
            "path" : {
              "enforceUtf8" : false
            },
            "header" : {
              "enforceUtf8" : false,
              "allowlist" : {
                "defaultEnabled" : true,
                "additional" : false
              },
              "denylist" : {
                "defaultEnabled" : false,
                "additional" : false
              }
            },
            "parameter" : {
              "enforceUtf8" : false
            }
          },
          "response" : {
            "compressionAllowed" : false,
            "stripCommentsEnabled" : false,
            "header" : {
              "allowlist" : {
                "defaultEnabled" : false,
                "additional" : false
              },
              "denylist" : {
                "defaultEnabled" : false,
                "additional" : false
              },
              "location" : {
                "rewrites" : false
              }
            },
            "json" : {
              "rewrites" : false
            },
            "body" : {
              "rewrites" : false
            },
            "html" : {
              "rewrites" : false
            },
            "errorPage" : {
              "rewrites" : false
            }
          }
        },
        "apiSecurity" : {
          "treatPathSegmentsAsParamValues" : false,
          "jsonParser" : {
            "enabled" : false,
            "contentTypePattern" : false
          },
          "openApiEnforced" : false,
          "openApiCheckResponsesEnabled" : false,
          "openApiDocumentId" : false,
          "logOnly" : false,
          "openApiPathMatching" : false,
          "openApiPublishSpecificationEnabled" : false,
          "openApiPublishSpecificationPath" : false,
          "apiPolicyServiceEnabled" : false,
          "apiPolicyServiceId" : false,
          "apiPolicyKeyExtractionHeader" : {
            "enabled" : false,
            "extractionPattern" : false,
            "replaceWith" : false
          },
          "apiPolicyKeyExtractionQueryParameter" : {
            "enabled" : false,
            "parameterName" : false
          },
          "apiPolicyKeyExtractionCookie" : {
            "enabled" : false,
            "cookieName" : false
          }
        },
        "dosAttackPrevention" : {
          "enabled" : false,
          "maxRequestsPerInterval" : false,
          "interval" : false
        },
        "requestBodyStreaming" : {
          "enabled" : false,
          "httpMethodPattern" : false,
          "pathPattern" : false,
          "contentTypePattern" : false
        },
        "httpParameterPollutionDetection" : {
          "mixedTypes" : {
            "enabled" : false,
            "logOnly" : false,
            "parameterNameExceptionPattern" : false
          },
          "sameType" : {
            "enabled" : false
          }
        },
        "icap" : {
          "request" : {
            "clientViews" : false,
            "backendViews" : false
          },
          "response" : {
            "backendViews" : false,
            "clientViews" : false
          }
        }
      }
    },
    "relationships" : {
      "back-end-groups" : {
        "data" : [ {
          "type" : "back-end-group",
          "id" : "30"
        } ]
      },
      "virtual-hosts" : {
        "data" : [ {
          "type" : "virtual-host",
          "id" : "40"
        } ]
      },
      "local-json-web-key-sets" : {
        "data" : [ {
          "type" : "local-json-web-key-set",
          "id" : "46"
        } ]
      },
      "remote-json-web-key-sets" : {
        "data" : [ {
          "type" : "remote-json-web-key-set",
          "id" : "47"
        } ]
      }
    }
  } ]
}

Add Virtual Host Connections

PATCH /configuration/mappings/{id}/relationships/virtual-hosts

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "virtual-host" for this call.

data[].id

String

yes

The ID of the referenced "virtual-host" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/virtual-hosts" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "virtual-host",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove Virtual Host Connections

DELETE /configuration/mappings/{id}/relationships/virtual-hosts

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "virtual-host" for this call.

data[].id

String

yes

The ID of the referenced "virtual-host" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/virtual-hosts" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "virtual-host",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Add Back-End Group Connections

PATCH /configuration/mappings/{id}/relationships/back-end-groups

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "back-end-group" for this call.

data[].id

String

yes

The ID of the referenced "back-end-group" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/back-end-groups" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "back-end-group",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove Back-End Group Connections

DELETE /configuration/mappings/{id}/relationships/back-end-groups

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "back-end-group" for this call.

data[].id

String

yes

The ID of the referenced "back-end-group" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/back-end-groups" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "back-end-group",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Add OpenAPI Document Connection

PATCH /configuration/mappings/{id}/relationships/openapi-document

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "openapi-document" for this call.

data.id

String

yes

The ID of the referenced "openapi-document" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/openapi-document" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "openapi-document",
    "id" : "2"
  }
}'

Example Response

HTTP/1.1 204 No Content

Remove OpenAPI Document Connection

DELETE /configuration/mappings/{id}/relationships/openapi-document

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "openapi-document" for this call.

data.id

String

yes

The ID of the referenced "openapi-document" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/openapi-document" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "openapi-document",
    "id" : "2"
  }
}'

Example Response

HTTP/1.1 204 No Content

Add Remote JWKS Connections

PATCH /configuration/mappings/{id}/relationships/json-web-key-sets/remotes

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "remote-json-web-key-set" for this call.

data[].id

String

yes

The ID of the referenced "remote-json-web-key-set" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/json-web-key-sets/remotes" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "remote-json-web-key-set",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove Remote JWKS Connections

DELETE /configuration/mappings/{id}/relationships/json-web-key-sets/remotes

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "remote-json-web-key-set" for this call.

data[].id

String

yes

The ID of the referenced "remote-json-web-key-set" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/json-web-key-sets/remotes" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "remote-json-web-key-set",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Add Local JWKS Connections

PATCH /configuration/mappings/{id}/relationships/json-web-key-sets/locals

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "local-json-web-key-set" for this call.

data[].id

String

yes

The ID of the referenced "local-json-web-key-set" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/json-web-key-sets/locals" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "local-json-web-key-set",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove Local JWKS Connections

DELETE /configuration/mappings/{id}/relationships/json-web-key-sets/locals

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "local-json-web-key-set" for this call.

data[].id

String

yes

The ID of the referenced "local-json-web-key-set" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/json-web-key-sets/locals" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "local-json-web-key-set",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Add IP Address Whitelist Connections

PATCH /configuration/mappings/{id}/relationships/ip-address-whitelists

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "ip-address-list" for this call.

data[].id

String

yes

The ID of the referenced "ip-address-list" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/ip-address-whitelists" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "ip-address-list",
    "id" : "3"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove IP Address Whitelist Connections

DELETE /configuration/mappings/{id}/relationships/ip-address-whitelists

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "ip-address-list" for this call.

data[].id

String

yes

The ID of the referenced "ip-address-list" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/ip-address-whitelists" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "ip-address-list",
    "id" : "3"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Add IP Address Blacklist Connections

PATCH /configuration/mappings/{id}/relationships/ip-address-blacklists

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "ip-address-list" for this call.

data[].id

String

yes

The ID of the referenced "ip-address-list" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/ip-address-blacklists" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "ip-address-list",
    "id" : "3"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove IP Address Blacklist Connections

DELETE /configuration/mappings/{id}/relationships/ip-address-blacklists

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "ip-address-list" for this call.

data[].id

String

yes

The ID of the referenced "ip-address-list" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/ip-address-blacklists" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "ip-address-list",
    "id" : "3"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Add IP Address Blacklist Exception Connections

PATCH /configuration/mappings/{id}/relationships/ip-address-blacklist-exceptions

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "ip-address-list" for this call.

data[].id

String

yes

The ID of the referenced "ip-address-list" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/ip-address-blacklist-exceptions" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "ip-address-list",
    "id" : "3"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove IP Address Blacklist Exception Connections

DELETE /configuration/mappings/{id}/relationships/ip-address-blacklist-exceptions

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "ip-address-list" for this call.

data[].id

String

yes

The ID of the referenced "ip-address-list" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/ip-address-blacklist-exceptions" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "ip-address-list",
    "id" : "3"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Add Bot Management Source IP Address Whitelist

PATCH /configuration/mappings/{id}/relationships/bot-management-source-ip-address-whitelist

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "ip-address-list" for this call.

data.id

String

yes

The ID of the referenced "ip-address-list" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/bot-management-source-ip-address-whitelist" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "ip-address-list",
    "id" : "3"
  }
}'

Example Response

HTTP/1.1 204 No Content

Remove Bot Management Source IP Address Whitelist

DELETE /configuration/mappings/{id}/relationships/bot-management-source-ip-address-whitelist

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "ip-address-list" for this call.

data.id

String

yes

The ID of the referenced "ip-address-list" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/bot-management-source-ip-address-whitelist" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "ip-address-list",
    "id" : "3"
  }
}'

Example Response

HTTP/1.1 204 No Content

Add ICAP Service Request Client View

PATCH /configuration/mappings/{id}/relationships/icap-request-client-view

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "icap-request-client-view" for this call.

data.id

String

yes

The ID of the related entity.

data.meta.type

String

no

The JSON API meta type, which is: "jsonapi.meta"

data.meta.usage.enabled

Boolean

no

Whether this ICAP handler is enabled.

data.meta.usage.httpMethodPattern.caseIgnored

String

no

Whether to ignore case.

data.meta.usage.httpMethodPattern.inverted

String

no

Whether to invert the match.

data.meta.usage.httpMethodPattern.pattern

String

no

The actual pattern.

data.meta.usage.pathPattern.caseIgnored

String

no

Whether to ignore case.

data.meta.usage.pathPattern.inverted

String

no

Whether to invert the match.

data.meta.usage.pathPattern.pattern

String

no

The actual pattern.

data.meta.usage.requestHeaderNamePattern.caseIgnored

String

no

Whether to ignore case.

data.meta.usage.requestHeaderNamePattern.inverted

String

no

Whether to invert the match.

data.meta.usage.requestHeaderNamePattern.pattern

String

no

The actual pattern.

data.meta.usage.requestHeaderValuePattern.caseIgnored

String

no

Whether to ignore case.

data.meta.usage.requestHeaderValuePattern.inverted

String

no

Whether to invert the match.

data.meta.usage.requestHeaderValuePattern.pattern

String

no

The actual pattern.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/icap-request-client-view" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "icap-request-client-view",
    "id" : "3",
    "meta" : {
      "type" : "jsonapi.meta",
      "usage" : {
        "requestHeaderValuePattern" : {
          "caseIgnored" : "true",
          "pattern" : "Example",
          "inverted" : "true"
        },
        "pathPattern" : {
          "caseIgnored" : "true",
          "pattern" : "^/example-path/?",
          "inverted" : "true"
        },
        "requestHeaderNamePattern" : {
          "caseIgnored" : "true",
          "pattern" : "X-Header",
          "inverted" : "true"
        },
        "enabled" : true,
        "httpMethodPattern" : {
          "caseIgnored" : "true",
          "pattern" : "^GET$",
          "inverted" : "true"
        }
      }
    }
  }
}'

Example Response

HTTP/1.1 204 No Content

Remove ICAP Service Request Client View

DELETE /configuration/mappings/{id}/relationships/icap-request-client-view

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "icap-request-client-view" for this call.

data.id

String

yes

The ID of the related entity.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/icap-request-client-view" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "icap-request-client-view",
    "id" : "3"
  }
}'

Example Response

HTTP/1.1 204 No Content

Add ICAP Service Request Back-End View

PATCH /configuration/mappings/{id}/relationships/icap-request-backend-view

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "icap-request-backend-view" for this call.

data.id

String

yes

The ID of the related entity.

data.meta.type

String

no

The JSON API meta type, which is: "jsonapi.meta"

data.meta.usage.enabled

Boolean

no

Whether this ICAP handler is enabled.

data.meta.usage.httpMethodPattern.caseIgnored

String

no

Whether to ignore case.

data.meta.usage.httpMethodPattern.inverted

String

no

Whether to invert the match.

data.meta.usage.httpMethodPattern.pattern

String

no

The actual pattern.

data.meta.usage.pathPattern.caseIgnored

String

no

Whether to ignore case.

data.meta.usage.pathPattern.inverted

String

no

Whether to invert the match.

data.meta.usage.pathPattern.pattern

String

no

The actual pattern.

data.meta.usage.requestHeaderNamePattern.caseIgnored

String

no

Whether to ignore case.

data.meta.usage.requestHeaderNamePattern.inverted

String

no

Whether to invert the match.

data.meta.usage.requestHeaderNamePattern.pattern

String

no

The actual pattern.

data.meta.usage.requestHeaderValuePattern.caseIgnored

String

no

Whether to ignore case.

data.meta.usage.requestHeaderValuePattern.inverted

String

no

Whether to invert the match.

data.meta.usage.requestHeaderValuePattern.pattern

String

no

The actual pattern.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/icap-request-backend-view" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "icap-request-backend-view",
    "id" : "3",
    "meta" : {
      "type" : "jsonapi.meta",
      "usage" : {
        "requestHeaderValuePattern" : {
          "caseIgnored" : "true",
          "pattern" : "Example",
          "inverted" : "true"
        },
        "pathPattern" : {
          "caseIgnored" : "true",
          "pattern" : "^/example-path/?",
          "inverted" : "true"
        },
        "requestHeaderNamePattern" : {
          "caseIgnored" : "true",
          "pattern" : "X-Header",
          "inverted" : "true"
        },
        "enabled" : true,
        "httpMethodPattern" : {
          "caseIgnored" : "true",
          "pattern" : "^GET$",
          "inverted" : "true"
        }
      }
    }
  }
}'

Example Response

HTTP/1.1 204 No Content

Remove ICAP Service Request Back-End View

DELETE /configuration/mappings/{id}/relationships/icap-request-backend-view

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "icap-request-backend-view" for this call.

data.id

String

yes

The ID of the related entity.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/icap-request-backend-view" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "icap-request-backend-view",
    "id" : "3"
  }
}'

Example Response

HTTP/1.1 204 No Content

Add ICAP Service Response Back-End View

PATCH /configuration/mappings/{id}/relationships/icap-response-backend-view

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "icap-reponse-backend-view" for this call.

data.id

String

yes

The ID of the related entity.

data.meta.type

String

no

The JSON API meta type, which is: "jsonapi.meta"

data.meta.usage.enabled

Boolean

no

Whether this ICAP handler is enabled.

data.meta.usage.httpMethodPattern.caseIgnored

String

no

Whether to ignore case.

data.meta.usage.httpMethodPattern.inverted

String

no

Whether to invert the match.

data.meta.usage.httpMethodPattern.pattern

String

no

The actual pattern.

data.meta.usage.pathPattern.caseIgnored

String

no

Whether to ignore case.

data.meta.usage.pathPattern.inverted

String

no

Whether to invert the match.

data.meta.usage.pathPattern.pattern

String

no

The actual pattern.

data.meta.usage.requestHeaderNamePattern.caseIgnored

String

no

Whether to ignore case.

data.meta.usage.requestHeaderNamePattern.inverted

String

no

Whether to invert the match.

data.meta.usage.requestHeaderNamePattern.pattern

String

no

The actual pattern.

data.meta.usage.requestHeaderValuePattern.caseIgnored

String

no

Whether to ignore case.

data.meta.usage.requestHeaderValuePattern.inverted

String

no

Whether to invert the match.

data.meta.usage.requestHeaderValuePattern.pattern

String

no

The actual pattern.

data.meta.usage.responseHeaderNamePattern.caseIgnored

String

no

Whether to ignore case.

data.meta.usage.responseHeaderNamePattern.inverted

String

no

Whether to invert the match.

data.meta.usage.responseHeaderNamePattern.pattern

String

no

The actual pattern.

data.meta.usage.responseHeaderValuePattern.caseIgnored

String

no

Whether to ignore case.

data.meta.usage.responseHeaderValuePattern.inverted

String

no

Whether to invert the match.

data.meta.usage.responseHeaderValuePattern.pattern

String

no

The actual pattern.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/icap-response-backend-view" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "icap-reponse-backend-view",
    "id" : "3",
    "meta" : {
      "type" : "jsonapi.meta",
      "usage" : {
        "responseHeaderValuePattern" : {
          "caseIgnored" : "true",
          "pattern" : "COOKIE_EXAMPLE",
          "inverted" : "true"
        },
        "responseHeaderNamePattern" : {
          "caseIgnored" : "true",
          "pattern" : "Set-Cookie",
          "inverted" : "true"
        },
        "requestHeaderValuePattern" : {
          "caseIgnored" : "true",
          "pattern" : "Example",
          "inverted" : "true"
        },
        "pathPattern" : {
          "caseIgnored" : "true",
          "pattern" : "^/example-path/?",
          "inverted" : "true"
        },
        "requestHeaderNamePattern" : {
          "caseIgnored" : "true",
          "pattern" : "X-Header",
          "inverted" : "true"
        },
        "enabled" : true,
        "httpMethodPattern" : {
          "caseIgnored" : "true",
          "pattern" : "^GET$",
          "inverted" : "true"
        }
      }
    }
  }
}'

Example Response

HTTP/1.1 204 No Content

Remove ICAP Service Response Back-End View

DELETE /configuration/mappings/{id}/relationships/icap-response-backend-view

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "icap-reponse-backend-view" for this call.

data.id

String

yes

The ID of the related entity.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/icap-response-backend-view" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "icap-reponse-backend-view",
    "id" : "3"
  }
}'

Example Response

HTTP/1.1 204 No Content

Add ICAP Service Response Client View

PATCH /configuration/mappings/{id}/relationships/icap-request-client-view

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "icap-response-client-view" for this call.

data.id

String

yes

The ID of the related entity.

data.meta.type

String

no

The JSON API meta type, which is: "jsonapi.meta"

data.meta.usage.enabled

Boolean

no

Whether this ICAP handler is enabled.

data.meta.usage.httpMethodPattern.caseIgnored

String

no

Whether to ignore case.

data.meta.usage.httpMethodPattern.inverted

String

no

Whether to invert the match.

data.meta.usage.httpMethodPattern.pattern

String

no

The actual pattern.

data.meta.usage.pathPattern.caseIgnored

String

no

Whether to ignore case.

data.meta.usage.pathPattern.inverted

String

no

Whether to invert the match.

data.meta.usage.pathPattern.pattern

String

no

The actual pattern.

data.meta.usage.requestHeaderNamePattern.caseIgnored

String

no

Whether to ignore case.

data.meta.usage.requestHeaderNamePattern.inverted

String

no

Whether to invert the match.

data.meta.usage.requestHeaderNamePattern.pattern

String

no

The actual pattern.

data.meta.usage.requestHeaderValuePattern.caseIgnored

String

no

Whether to ignore case.

data.meta.usage.requestHeaderValuePattern.inverted

String

no

Whether to invert the match.

data.meta.usage.requestHeaderValuePattern.pattern

String

no

The actual pattern.

data.meta.usage.responseHeaderNamePattern.caseIgnored

String

no

Whether to ignore case.

data.meta.usage.responseHeaderNamePattern.inverted

String

no

Whether to invert the match.

data.meta.usage.responseHeaderNamePattern.pattern

String

no

The actual pattern.

data.meta.usage.responseHeaderValuePattern.caseIgnored

String

no

Whether to ignore case.

data.meta.usage.responseHeaderValuePattern.inverted

String

no

Whether to invert the match.

data.meta.usage.responseHeaderValuePattern.pattern

String

no

The actual pattern.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/icap-request-client-view" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "icap-response-client-view",
    "id" : "3",
    "meta" : {
      "type" : "jsonapi.meta",
      "usage" : {
        "responseHeaderValuePattern" : {
          "caseIgnored" : "true",
          "pattern" : "COOKIE_EXAMPLE",
          "inverted" : "true"
        },
        "responseHeaderNamePattern" : {
          "caseIgnored" : "true",
          "pattern" : "Set-Cookie",
          "inverted" : "true"
        },
        "requestHeaderValuePattern" : {
          "caseIgnored" : "true",
          "pattern" : "Example",
          "inverted" : "true"
        },
        "pathPattern" : {
          "caseIgnored" : "true",
          "pattern" : "^/example-path/?",
          "inverted" : "true"
        },
        "requestHeaderNamePattern" : {
          "caseIgnored" : "true",
          "pattern" : "X-Header",
          "inverted" : "true"
        },
        "enabled" : true,
        "httpMethodPattern" : {
          "caseIgnored" : "true",
          "pattern" : "^GET$",
          "inverted" : "true"
        }
      }
    }
  }
}'

Example Response

HTTP/1.1 204 No Content

Remove ICAP Service Response Client View

DELETE /configuration/mappings/{id}/relationships/icap-response-client-view

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "icap-response-client-view" for this call.

data.id

String

yes

The ID of the related entity.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/icap-response-client-view" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "icap-response-client-view",
    "id" : "3"
  }
}'

Example Response

HTTP/1.1 204 No Content

Add Source Mapping Connection

PATCH /configuration/mappings/{id}/relationships/template

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "mapping-template" or "mapping" for this call.

data.id

String

yes

The ID of the referenced "mapping-template" or "mapping" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/template" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "mapping-template",
    "id" : "hPg28A988JGwBKRi2BotP6MthrM1XIT1i/expDvvPtY="
  }
}'

Example Response

HTTP/1.1 204 No Content

Remove Source Mapping Connection

DELETE /configuration/mappings/{id}/relationships/template

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "mapping-template" or "mapping" for this call.

data.id

String

yes

The ID of the referenced "mapping-template" or "mapping" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/template" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "mapping-template",
    "id" : "hPg28A988JGwBKRi2BotP6MthrM1XIT1i/expDvvPtY="
  }
}'

Example Response

HTTP/1.1 204 No Content

Add API Policy Service Connection

PATCH /configuration/mappings/{id}/relationships/api-policy-service

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "api-policy-service" for this call.

data.id

String

yes

The ID of the referenced "api-policy-service" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/api-policy-service" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "api-policy-service",
    "id" : "3"
  }
}'

Example Response

HTTP/1.1 204 No Content

Remove API Policy Service Connection

DELETE /configuration/mappings/{id}/relationships/api-policy-service

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "api-policy-service" for this call.

data.id

String

yes

The ID of the referenced "api-policy-service" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/api-policy-service" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "api-policy-service",
    "id" : "3"
  }
}'

Example Response

HTTP/1.1 204 No Content

Add Anomaly Shield Application Connection

PATCH /configuration/mappings/{id}/relationships/anomaly-shield-application

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "anomaly-shield-application" for this call.

data.id

String

yes

The ID of the referenced "anomaly-shield-application" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/anomaly-shield-application" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "anomaly-shield-application",
    "id" : "2"
  }
}'

Example Response

HTTP/1.1 204 No Content

Remove Anomaly Shield Application Connection

DELETE /configuration/mappings/{id}/relationships/anomaly-shield-application

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "anomaly-shield-application" for this call.

data.id

String

yes

The ID of the referenced "anomaly-shield-application" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/anomaly-shield-application" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "anomaly-shield-application",
    "id" : "2"
  }
}'

Example Response

HTTP/1.1 204 No Content

Back-end Group

Access all Back-End Groups

GET /configuration/back-end-groups

Accept application/json

Request Structure

Parameter Description Required

filter

Optionally allows to filter by: 'name' and 'backendHosts.hostName'. Click here for more details about the syntax.

no

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "back-end-group" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.backendHosts[]

Array

List of back-end hosts to use for load balancing.

data[].attributes.backendHosts[].hostName

String

Hostname of the back-end host.

data[].attributes.backendHosts[].mode

String

The mode a back-end host can be in.

Allowed values:
- ENABLED
- NO_NEW_SESSIONS
- DISABLED

data[].attributes.backendHosts[].port

Number

Back-end port. Configuring a port is optional if the default ports for HTTP (80) or HTTPS (443) are used.

data[].attributes.backendHosts[].protocol

String

Protocol used to connect to the back-end application.

Allowed values:
- HTTP
- HTTPS

data[].attributes.backendHosts[].spare

Boolean

Whether the host is spare.

data[].attributes.backendHosts[].weight

Number

The weight determines the relative amount of new sessions assigned to a specific back-end host.

data[].attributes.conditions

Object

Configuration of conditions for mappings with multiple back-end groups.

data[].attributes.conditions.clientHostHeaderPattern

Object

Client host header to use as condition.

data[].attributes.conditions.clientHostHeaderPattern.pattern

String

The actual pattern.

data[].attributes.conditions.priority

Number

The priority guarantees a deterministic selection of the back-end group for a request with a given client host header through a mapping that is connected to multiple back-end groups.
The value can be between -999 (highest priority) and 999 (lowest priority).

data[].attributes.expertSettings.securityGate

Object

Expert settings for the security gate.

data[].attributes.expertSettings.securityGate.enabled

Boolean

Whether the Security Gate expert settings are enabled.

data[].attributes.expertSettings.securityGate.settings

String

Expert settings for the Security Gate.

data[].attributes.inBandChecks

Object

In-band health checks.

data[].attributes.inBandChecks.checkResponseContentEnabled

Boolean

Whether to analyze the response content to detect a back-end failure.

data[].attributes.inBandChecks.contentPattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.inBandChecks.contentPattern.inverted

Boolean

Whether to invert the match.

data[].attributes.inBandChecks.contentPattern.pattern

String

The actual pattern.

data[].attributes.inBandChecks.contentTypePattern.inverted

Boolean

Whether to invert the match.

data[].attributes.inBandChecks.contentTypePattern.pattern

String

The actual pattern.

data[].attributes.inBandChecks.enabled

Boolean

Whether in-band checks are enabled.

data[].attributes.inBandChecks.maxContentSize

Number

Number of bytes that must be available before the response body is inspected.

data[].attributes.inBandChecks.statusPattern.enabled

Boolean

Whether the pattern is enabled.

data[].attributes.inBandChecks.statusPattern.inverted

Boolean

Whether to invert the match.

data[].attributes.inBandChecks.statusPattern.pattern

String

The actual pattern.

data[].attributes.name

String

The unique name of the back-end group.

data[].attributes.outOfBandChecks

Object

Out-of-band health checks.

data[].attributes.outOfBandChecks.checksWhenBad.interval

Number

Interval in seconds between individual calls to the check URL in case of a bad back-end.

data[].attributes.outOfBandChecks.checksWhenBad.switchAfter

Number

Number of subsequent successful requests after which the back-end will be marked as "good".

data[].attributes.outOfBandChecks.checksWhenGood.interval

Number

Interval in seconds between individual calls to the check URL in case of a good back-end.

data[].attributes.outOfBandChecks.checksWhenGood.switchAfter

Number

Number of subsequent failed requests after which the back-end will be marked as "bad".

data[].attributes.outOfBandChecks.contentPattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.outOfBandChecks.contentPattern.enabled

Boolean

Whether the pattern is enabled.

data[].attributes.outOfBandChecks.contentPattern.inverted

Boolean

Whether to invert the match.

data[].attributes.outOfBandChecks.contentPattern.pattern

String

The actual pattern.

data[].attributes.outOfBandChecks.enabled

Boolean

Whether out-of-band checks are enabled.

data[].attributes.outOfBandChecks.statusPattern.enabled

Boolean

Whether the pattern is enabled.

data[].attributes.outOfBandChecks.statusPattern.inverted

Boolean

Whether to invert the match.

data[].attributes.outOfBandChecks.statusPattern.pattern

String

The actual pattern.

data[].attributes.outOfBandChecks.timeout

Number

Time-out in seconds which will only apply to out-of-band calls to the check URL.

data[].attributes.outOfBandChecks.url

String

Address of the test page.

data[].attributes.tenant

String

Tenant of the back-end group.

data[].attributes.tls

Object

Configuration of the TLS connections to back-ends hosts.

data[].attributes.tls.cipherSuite

String

Back-end SSL cipher list. For documentation, visit www.openssl.org and search for 'ciphers'.

data[].attributes.tls.forceNewSession

Boolean

Whether back-end SSL sessions shall be resumed or not.

data[].attributes.tls.protocol

String

Back-end SSL protocol version.

Allowed values:
- DEFAULT
- TLSv1_0
- TLSv1_1
- TLSv1_2
- TLSv1_3

data[].attributes.tls.serverCertificateValidation.caCertificates[]

Array

List of Certificate Authorities which are used to verify the server certificate of the back-end hosts.

data[].attributes.tls.serverCertificateValidation.enabled

Boolean

Indicates if the server certificate will be verified.
If disabled, untrusted server certificates will be accepted without chain validation.

data[].attributes.tls.serverCertificateValidation.verifyHost

Boolean

Whether the server name is verified against the common name (CN) of the server certificate.

data[].relationships.mappings.data[]

Array

The mapping references.

data[].relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data[].relationships.mappings.data[].id

String

The ID of the mapping resource.

data[].relationships.kerberos-environment.data

Object

The kerberos-environment references.

data[].relationships.kerberos-environment.data.type

String

The data type of the referenced resource. Must be "kerberos-environment" for this call.

data[].relationships.kerberos-environment.data.id

String

The ID of the kerberos-environment resource.

data[].relationships.client-certificate.data

Object

The ssl-certificate references.

data[].relationships.client-certificate.data.type

String

The data type of the referenced resource. Must be "ssl-certificate" for this call.

data[].relationships.client-certificate.data.id

String

The ID of the ssl-certificate resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/back-end-groups?filter=name%3D%3Dmybackendgroup" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2363

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:16.482Z"
  },
  "data" : [ {
    "type" : "back-end-group",
    "id" : "1",
    "attributes" : {
      "name" : "mybackendgroup",
      "tenant" : "",
      "backendHosts" : [ {
        "protocol" : "HTTP",
        "hostName" : "backendhost.example.com",
        "port" : 80,
        "mode" : "ENABLED",
        "spare" : false,
        "weight" : 100
      }, {
        "protocol" : "HTTPS",
        "hostName" : "backendhost.airlock.com",
        "port" : 443,
        "mode" : "ENABLED",
        "spare" : false,
        "weight" : 100
      } ],
      "conditions" : {
        "priority" : 0,
        "clientHostHeaderPattern" : {
          "pattern" : "^myvirtualhost[.](airlock|example)[.]com$"
        }
      },
      "inBandChecks" : {
        "enabled" : false,
        "statusPattern" : {
          "enabled" : true,
          "pattern" : "^503$",
          "inverted" : false
        },
        "checkResponseContentEnabled" : false,
        "contentTypePattern" : {
          "pattern" : "^(text|application)/(html|xhtml)",
          "inverted" : false
        },
        "maxContentSize" : 512,
        "contentPattern" : {
          "pattern" : "Service Unavailable",
          "caseIgnored" : true,
          "inverted" : false
        }
      },
      "outOfBandChecks" : {
        "enabled" : false,
        "url" : "/",
        "checksWhenGood" : {
          "interval" : 5,
          "switchAfter" : 3
        },
        "checksWhenBad" : {
          "interval" : 3,
          "switchAfter" : 3
        },
        "timeout" : 2,
        "statusPattern" : {
          "enabled" : true,
          "pattern" : "^503$",
          "inverted" : false
        },
        "contentPattern" : {
          "enabled" : false,
          "pattern" : "Service Unavailable",
          "caseIgnored" : true,
          "inverted" : false
        }
      },
      "tls" : {
        "protocol" : "DEFAULT",
        "cipherSuite" : "DEFAULT",
        "forceNewSession" : false,
        "serverCertificateValidation" : {
          "enabled" : true,
          "verifyHost" : true,
          "caCertificates" : [ ]
        }
      },
      "expertSettings" : {
        "securityGate" : {
          "enabled" : false,
          "settings" : ""
        }
      }
    }
  } ]
}

Access a Back-End Group

GET /configuration/back-end-groups/{id}

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "back-end-group" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.backendHosts[]

Array

List of back-end hosts to use for load balancing.

data.attributes.backendHosts[].hostName

String

Hostname of the back-end host.

data.attributes.backendHosts[].mode

String

The mode a back-end host can be in.

Allowed values:
- ENABLED
- NO_NEW_SESSIONS
- DISABLED

data.attributes.backendHosts[].port

Number

Back-end port. Configuring a port is optional if the default ports for HTTP (80) or HTTPS (443) are used.

data.attributes.backendHosts[].protocol

String

Protocol used to connect to the back-end application.

Allowed values:
- HTTP
- HTTPS

data.attributes.backendHosts[].spare

Boolean

Whether the host is spare.

data.attributes.backendHosts[].weight

Number

The weight determines the relative amount of new sessions assigned to a specific back-end host.

data.attributes.conditions

Object

Configuration of conditions for mappings with multiple back-end groups.

data.attributes.conditions.clientHostHeaderPattern

Object

Client host header to use as condition.

data.attributes.conditions.clientHostHeaderPattern.pattern

String

The actual pattern.

data.attributes.conditions.priority

Number

The priority guarantees a deterministic selection of the back-end group for a request with a given client host header through a mapping that is connected to multiple back-end groups.
The value can be between -999 (highest priority) and 999 (lowest priority).

data.attributes.expertSettings.securityGate

Object

Expert settings for the security gate.

data.attributes.expertSettings.securityGate.enabled

Boolean

Whether the Security Gate expert settings are enabled.

data.attributes.expertSettings.securityGate.settings

String

Expert settings for the Security Gate.

data.attributes.inBandChecks

Object

In-band health checks.

data.attributes.inBandChecks.checkResponseContentEnabled

Boolean

Whether to analyze the response content to detect a back-end failure.

data.attributes.inBandChecks.contentPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.inBandChecks.contentPattern.inverted

Boolean

Whether to invert the match.

data.attributes.inBandChecks.contentPattern.pattern

String

The actual pattern.

data.attributes.inBandChecks.contentTypePattern.inverted

Boolean

Whether to invert the match.

data.attributes.inBandChecks.contentTypePattern.pattern

String

The actual pattern.

data.attributes.inBandChecks.enabled

Boolean

Whether in-band checks are enabled.

data.attributes.inBandChecks.maxContentSize

Number

Number of bytes that must be available before the response body is inspected.

data.attributes.inBandChecks.statusPattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.inBandChecks.statusPattern.inverted

Boolean

Whether to invert the match.

data.attributes.inBandChecks.statusPattern.pattern

String

The actual pattern.

data.attributes.name

String

The unique name of the back-end group.

data.attributes.outOfBandChecks

Object

Out-of-band health checks.

data.attributes.outOfBandChecks.checksWhenBad.interval

Number

Interval in seconds between individual calls to the check URL in case of a bad back-end.

data.attributes.outOfBandChecks.checksWhenBad.switchAfter

Number

Number of subsequent successful requests after which the back-end will be marked as "good".

data.attributes.outOfBandChecks.checksWhenGood.interval

Number

Interval in seconds between individual calls to the check URL in case of a good back-end.

data.attributes.outOfBandChecks.checksWhenGood.switchAfter

Number

Number of subsequent failed requests after which the back-end will be marked as "bad".

data.attributes.outOfBandChecks.contentPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.outOfBandChecks.contentPattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.outOfBandChecks.contentPattern.inverted

Boolean

Whether to invert the match.

data.attributes.outOfBandChecks.contentPattern.pattern

String

The actual pattern.

data.attributes.outOfBandChecks.enabled

Boolean

Whether out-of-band checks are enabled.

data.attributes.outOfBandChecks.statusPattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.outOfBandChecks.statusPattern.inverted

Boolean

Whether to invert the match.

data.attributes.outOfBandChecks.statusPattern.pattern

String

The actual pattern.

data.attributes.outOfBandChecks.timeout

Number

Time-out in seconds which will only apply to out-of-band calls to the check URL.

data.attributes.outOfBandChecks.url

String

Address of the test page.

data.attributes.tenant

String

Tenant of the back-end group.

data.attributes.tls

Object

Configuration of the TLS connections to back-ends hosts.

data.attributes.tls.cipherSuite

String

Back-end SSL cipher list. For documentation, visit www.openssl.org and search for 'ciphers'.

data.attributes.tls.forceNewSession

Boolean

Whether back-end SSL sessions shall be resumed or not.

data.attributes.tls.protocol

String

Back-end SSL protocol version.

Allowed values:
- DEFAULT
- TLSv1_0
- TLSv1_1
- TLSv1_2
- TLSv1_3

data.attributes.tls.serverCertificateValidation.caCertificates[]

Array

List of Certificate Authorities which are used to verify the server certificate of the back-end hosts.

data.attributes.tls.serverCertificateValidation.enabled

Boolean

Indicates if the server certificate will be verified.
If disabled, untrusted server certificates will be accepted without chain validation.

data.attributes.tls.serverCertificateValidation.verifyHost

Boolean

Whether the server name is verified against the common name (CN) of the server certificate.

data.relationships.mappings.data[]

Array

The mapping references.

data.relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.mappings.data[].id

String

The ID of the mapping resource.

data.relationships.kerberos-environment.data

Object

The kerberos-environment references.

data.relationships.kerberos-environment.data.type

String

The data type of the referenced resource. Must be "kerberos-environment" for this call.

data.relationships.kerberos-environment.data.id

String

The ID of the kerberos-environment resource.

data.relationships.client-certificate.data

Object

The ssl-certificate references.

data.relationships.client-certificate.data.type

String

The data type of the referenced resource. Must be "ssl-certificate" for this call.

data.relationships.client-certificate.data.id

String

The ID of the ssl-certificate resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/back-end-groups/1" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2359

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:15.912Z"
  },
  "data" : {
    "type" : "back-end-group",
    "id" : "1",
    "attributes" : {
      "name" : "mybackendgroup",
      "tenant" : "",
      "backendHosts" : [ {
        "protocol" : "HTTP",
        "hostName" : "backendhost.example.com",
        "port" : 80,
        "mode" : "ENABLED",
        "spare" : false,
        "weight" : 100
      }, {
        "protocol" : "HTTPS",
        "hostName" : "backendhost.airlock.com",
        "port" : 443,
        "mode" : "ENABLED",
        "spare" : false,
        "weight" : 100
      } ],
      "conditions" : {
        "priority" : 0,
        "clientHostHeaderPattern" : {
          "pattern" : "^myvirtualhost[.](airlock|example)[.]com$"
        }
      },
      "inBandChecks" : {
        "enabled" : false,
        "statusPattern" : {
          "enabled" : true,
          "pattern" : "^503$",
          "inverted" : false
        },
        "checkResponseContentEnabled" : false,
        "contentTypePattern" : {
          "pattern" : "^(text|application)/(html|xhtml)",
          "inverted" : false
        },
        "maxContentSize" : 512,
        "contentPattern" : {
          "pattern" : "Service Unavailable",
          "caseIgnored" : true,
          "inverted" : false
        }
      },
      "outOfBandChecks" : {
        "enabled" : false,
        "url" : "/",
        "checksWhenGood" : {
          "interval" : 5,
          "switchAfter" : 3
        },
        "checksWhenBad" : {
          "interval" : 3,
          "switchAfter" : 3
        },
        "timeout" : 2,
        "statusPattern" : {
          "enabled" : true,
          "pattern" : "^503$",
          "inverted" : false
        },
        "contentPattern" : {
          "enabled" : false,
          "pattern" : "Service Unavailable",
          "caseIgnored" : true,
          "inverted" : false
        }
      },
      "tls" : {
        "protocol" : "DEFAULT",
        "cipherSuite" : "DEFAULT",
        "forceNewSession" : false,
        "serverCertificateValidation" : {
          "enabled" : true,
          "verifyHost" : true,
          "caCertificates" : [ ]
        }
      },
      "expertSettings" : {
        "securityGate" : {
          "enabled" : false,
          "settings" : ""
        }
      }
    }
  }
}

Create a Back-End Group

POST /configuration/back-end-groups

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "back-end-group" for this call.

data.attributes.backendHosts[]

Array

yes

List of back-end hosts to use for load balancing.

data.attributes.backendHosts[].hostName

String

yes

Hostname of the back-end host.

data.attributes.backendHosts[].mode

String

yes

The mode a back-end host can be in.

Allowed values:
- ENABLED
- NO_NEW_SESSIONS
- DISABLED

data.attributes.backendHosts[].port

Number

yes

Back-end port. Configuring a port is optional if the default ports for HTTP (80) or HTTPS (443) are used.

data.attributes.backendHosts[].protocol

String

yes

Protocol used to connect to the back-end application.

Allowed values:
- HTTP
- HTTPS

data.attributes.backendHosts[].spare

Boolean

yes

Whether the host is spare.

data.attributes.backendHosts[].weight

Number

yes

The weight determines the relative amount of new sessions assigned to a specific back-end host.

data.attributes.conditions

Object

yes

Configuration of conditions for mappings with multiple back-end groups.

data.attributes.conditions.clientHostHeaderPattern

Object

yes

Client host header to use as condition.

data.attributes.conditions.clientHostHeaderPattern.pattern

String

yes

The actual pattern.

data.attributes.conditions.priority

Number

yes

The priority guarantees a deterministic selection of the back-end group for a request with a given client host header through a mapping that is connected to multiple back-end groups.
The value can be between -999 (highest priority) and 999 (lowest priority).

data.attributes.expertSettings.securityGate

Object

yes

Expert settings for the security gate.

data.attributes.expertSettings.securityGate.enabled

Boolean

yes

Whether the Security Gate expert settings are enabled.

data.attributes.expertSettings.securityGate.settings

String

yes

Expert settings for the Security Gate.

data.attributes.inBandChecks

Object

yes

In-band health checks.

data.attributes.inBandChecks.checkResponseContentEnabled

Boolean

yes

Whether to analyze the response content to detect a back-end failure.

data.attributes.inBandChecks.contentPattern.caseIgnored

Boolean

yes

Whether to ignore case.

data.attributes.inBandChecks.contentPattern.inverted

Boolean

yes

Whether to invert the match.

data.attributes.inBandChecks.contentPattern.pattern

String

yes

The actual pattern.

data.attributes.inBandChecks.contentTypePattern.inverted

Boolean

yes

Whether to invert the match.

data.attributes.inBandChecks.contentTypePattern.pattern

String

yes

The actual pattern.

data.attributes.inBandChecks.enabled

Boolean

yes

Whether in-band checks are enabled.

data.attributes.inBandChecks.maxContentSize

Number

yes

Number of bytes that must be available before the response body is inspected.

data.attributes.inBandChecks.statusPattern.enabled

Boolean

yes

Whether the pattern is enabled.

data.attributes.inBandChecks.statusPattern.inverted

Boolean

yes

Whether to invert the match.

data.attributes.inBandChecks.statusPattern.pattern

String

yes

The actual pattern.

data.attributes.name

String

yes

The unique name of the back-end group.

data.attributes.outOfBandChecks

Object

yes

Out-of-band health checks.

data.attributes.outOfBandChecks.checksWhenBad.interval

Number

yes

Interval in seconds between individual calls to the check URL in case of a bad back-end.

data.attributes.outOfBandChecks.checksWhenBad.switchAfter

Number

yes

Number of subsequent successful requests after which the back-end will be marked as "good".

data.attributes.outOfBandChecks.checksWhenGood.interval

Number

yes

Interval in seconds between individual calls to the check URL in case of a good back-end.

data.attributes.outOfBandChecks.checksWhenGood.switchAfter

Number

yes

Number of subsequent failed requests after which the back-end will be marked as "bad".

data.attributes.outOfBandChecks.contentPattern.caseIgnored

Boolean

yes

Whether to ignore case.

data.attributes.outOfBandChecks.contentPattern.enabled

Boolean

yes

Whether the pattern is enabled.

data.attributes.outOfBandChecks.contentPattern.inverted

Boolean

yes

Whether to invert the match.

data.attributes.outOfBandChecks.contentPattern.pattern

String

yes

The actual pattern.

data.attributes.outOfBandChecks.enabled

Boolean

yes

Whether out-of-band checks are enabled.

data.attributes.outOfBandChecks.statusPattern.enabled

Boolean

yes

Whether the pattern is enabled.

data.attributes.outOfBandChecks.statusPattern.inverted

Boolean

yes

Whether to invert the match.

data.attributes.outOfBandChecks.statusPattern.pattern

String

yes

The actual pattern.

data.attributes.outOfBandChecks.timeout

Number

yes

Time-out in seconds which will only apply to out-of-band calls to the check URL.

data.attributes.outOfBandChecks.url

String

yes

Address of the test page.

data.attributes.tenant

String

yes

Tenant of the back-end group.

data.attributes.tls

Object

yes

Configuration of the TLS connections to back-ends hosts.

data.attributes.tls.cipherSuite

String

no

Back-end SSL cipher list. For documentation, visit www.openssl.org and search for 'ciphers'.

Default value: DEFAULT

data.attributes.tls.forceNewSession

Boolean

no

Whether back-end SSL sessions shall be resumed or not.

Default value: false

data.attributes.tls.protocol

String

no

Back-end SSL protocol version.

Allowed values:
- DEFAULT
- TLSv1_0
- TLSv1_1
- TLSv1_2
- TLSv1_3
Default value: DEFAULT

data.attributes.tls.serverCertificateValidation.caCertificates[]

Array

yes

List of Certificate Authorities which are used to verify the server certificate of the back-end hosts.

data.attributes.tls.serverCertificateValidation.enabled

Boolean

no

Indicates if the server certificate will be verified.
If disabled, untrusted server certificates will be accepted without chain validation.

Default value: true

data.attributes.tls.serverCertificateValidation.verifyHost

Boolean

no

Whether the server name is verified against the common name (CN) of the server certificate.

Default value: true

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "back-end-group" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.backendHosts[]

Array

List of back-end hosts to use for load balancing.

data.attributes.backendHosts[].hostName

String

Hostname of the back-end host.

data.attributes.backendHosts[].mode

String

The mode a back-end host can be in.

Allowed values:
- ENABLED
- NO_NEW_SESSIONS
- DISABLED

data.attributes.backendHosts[].port

Number

Back-end port. Configuring a port is optional if the default ports for HTTP (80) or HTTPS (443) are used.

data.attributes.backendHosts[].protocol

String

Protocol used to connect to the back-end application.

Allowed values:
- HTTP
- HTTPS

data.attributes.backendHosts[].spare

Boolean

Whether the host is spare.

data.attributes.backendHosts[].weight

Number

The weight determines the relative amount of new sessions assigned to a specific back-end host.

data.attributes.conditions

Object

Configuration of conditions for mappings with multiple back-end groups.

data.attributes.conditions.clientHostHeaderPattern

Object

Client host header to use as condition.

data.attributes.conditions.clientHostHeaderPattern.pattern

String

The actual pattern.

data.attributes.conditions.priority

Number

The priority guarantees a deterministic selection of the back-end group for a request with a given client host header through a mapping that is connected to multiple back-end groups.
The value can be between -999 (highest priority) and 999 (lowest priority).

data.attributes.expertSettings.securityGate

Object

Expert settings for the security gate.

data.attributes.expertSettings.securityGate.enabled

Boolean

Whether the Security Gate expert settings are enabled.

data.attributes.expertSettings.securityGate.settings

String

Expert settings for the Security Gate.

data.attributes.inBandChecks

Object

In-band health checks.

data.attributes.inBandChecks.checkResponseContentEnabled

Boolean

Whether to analyze the response content to detect a back-end failure.

data.attributes.inBandChecks.contentPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.inBandChecks.contentPattern.inverted

Boolean

Whether to invert the match.

data.attributes.inBandChecks.contentPattern.pattern

String

The actual pattern.

data.attributes.inBandChecks.contentTypePattern.inverted

Boolean

Whether to invert the match.

data.attributes.inBandChecks.contentTypePattern.pattern

String

The actual pattern.

data.attributes.inBandChecks.enabled

Boolean

Whether in-band checks are enabled.

data.attributes.inBandChecks.maxContentSize

Number

Number of bytes that must be available before the response body is inspected.

data.attributes.inBandChecks.statusPattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.inBandChecks.statusPattern.inverted

Boolean

Whether to invert the match.

data.attributes.inBandChecks.statusPattern.pattern

String

The actual pattern.

data.attributes.name

String

The unique name of the back-end group.

data.attributes.outOfBandChecks

Object

Out-of-band health checks.

data.attributes.outOfBandChecks.checksWhenBad.interval

Number

Interval in seconds between individual calls to the check URL in case of a bad back-end.

data.attributes.outOfBandChecks.checksWhenBad.switchAfter

Number

Number of subsequent successful requests after which the back-end will be marked as "good".

data.attributes.outOfBandChecks.checksWhenGood.interval

Number

Interval in seconds between individual calls to the check URL in case of a good back-end.

data.attributes.outOfBandChecks.checksWhenGood.switchAfter

Number

Number of subsequent failed requests after which the back-end will be marked as "bad".

data.attributes.outOfBandChecks.contentPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.outOfBandChecks.contentPattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.outOfBandChecks.contentPattern.inverted

Boolean

Whether to invert the match.

data.attributes.outOfBandChecks.contentPattern.pattern

String

The actual pattern.

data.attributes.outOfBandChecks.enabled

Boolean

Whether out-of-band checks are enabled.

data.attributes.outOfBandChecks.statusPattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.outOfBandChecks.statusPattern.inverted

Boolean

Whether to invert the match.

data.attributes.outOfBandChecks.statusPattern.pattern

String

The actual pattern.

data.attributes.outOfBandChecks.timeout

Number

Time-out in seconds which will only apply to out-of-band calls to the check URL.

data.attributes.outOfBandChecks.url

String

Address of the test page.

data.attributes.tenant

String

Tenant of the back-end group.

data.attributes.tls

Object

Configuration of the TLS connections to back-ends hosts.

data.attributes.tls.cipherSuite

String

Back-end SSL cipher list. For documentation, visit www.openssl.org and search for 'ciphers'.

data.attributes.tls.forceNewSession

Boolean

Whether back-end SSL sessions shall be resumed or not.

data.attributes.tls.protocol

String

Back-end SSL protocol version.

Allowed values:
- DEFAULT
- TLSv1_0
- TLSv1_1
- TLSv1_2
- TLSv1_3

data.attributes.tls.serverCertificateValidation.caCertificates[]

Array

List of Certificate Authorities which are used to verify the server certificate of the back-end hosts.

data.attributes.tls.serverCertificateValidation.enabled

Boolean

Indicates if the server certificate will be verified.
If disabled, untrusted server certificates will be accepted without chain validation.

data.attributes.tls.serverCertificateValidation.verifyHost

Boolean

Whether the server name is verified against the common name (CN) of the server certificate.

data.relationships.mappings.data[]

Array

The mapping references.

data.relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.mappings.data[].id

String

The ID of the mapping resource.

data.relationships.kerberos-environment.data

Object

The kerberos-environment references.

data.relationships.kerberos-environment.data.type

String

The data type of the referenced resource. Must be "kerberos-environment" for this call.

data.relationships.kerberos-environment.data.id

String

The ID of the kerberos-environment resource.

data.relationships.client-certificate.data

Object

The ssl-certificate references.

data.relationships.client-certificate.data.type

String

The data type of the referenced resource. Must be "ssl-certificate" for this call.

data.relationships.client-certificate.data.id

String

The ID of the ssl-certificate resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/back-end-groups" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "back-end-group",
    "attributes" : {
      "name" : "mybackendgroup",
      "tenant" : "AirlockBankingCo",
      "backendHosts" : [ {
        "protocol" : "HTTP",
        "hostName" : "example.com",
        "port" : 80,
        "mode" : "ENABLED",
        "spare" : false,
        "weight" : 200
      } ],
      "conditions" : {
        "priority" : 100,
        "clientHostHeaderPattern" : {
          "pattern" : "^myvirtualhost[.](airlock|example)[.]com$"
        }
      },
      "inBandChecks" : {
        "enabled" : true,
        "statusPattern" : {
          "enabled" : true,
          "pattern" : ".*",
          "inverted" : false
        },
        "checkResponseContentEnabled" : true,
        "contentTypePattern" : {
          "pattern" : ".*",
          "inverted" : false
        },
        "maxContentSize" : 100,
        "contentPattern" : {
          "pattern" : ".*",
          "caseIgnored" : false,
          "inverted" : false
        }
      },
      "outOfBandChecks" : {
        "enabled" : true,
        "url" : "http://example.com/state",
        "checksWhenGood" : {
          "interval" : 10,
          "switchAfter" : 20
        },
        "checksWhenBad" : {
          "interval" : 10,
          "switchAfter" : 20
        },
        "timeout" : 200,
        "statusPattern" : {
          "enabled" : true,
          "pattern" : ".*",
          "inverted" : false
        },
        "contentPattern" : {
          "enabled" : true,
          "pattern" : ".*",
          "caseIgnored" : false,
          "inverted" : false
        }
      },
      "tls" : {
        "protocol" : "TLSv1_3",
        "cipherSuite" : "myCipher",
        "forceNewSession" : true,
        "serverCertificateValidation" : {
          "enabled" : true,
          "verifyHost" : true,
          "caCertificates" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n" ]
        }
      },
      "expertSettings" : {
        "securityGate" : {
          "enabled" : false,
          "settings" : ""
        }
      }
    }
  }
}'

Example Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 4842

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:16.392Z"
  },
  "data" : {
    "type" : "back-end-group",
    "id" : "4",
    "attributes" : {
      "name" : "mybackendgroup",
      "tenant" : "AirlockBankingCo",
      "backendHosts" : [ {
        "protocol" : "HTTP",
        "hostName" : "example.com",
        "port" : 80,
        "mode" : "ENABLED",
        "spare" : false,
        "weight" : 200
      } ],
      "conditions" : {
        "priority" : 100,
        "clientHostHeaderPattern" : {
          "pattern" : "^myvirtualhost[.](airlock|example)[.]com$"
        }
      },
      "inBandChecks" : {
        "enabled" : true,
        "statusPattern" : {
          "enabled" : true,
          "pattern" : ".*",
          "inverted" : false
        },
        "checkResponseContentEnabled" : true,
        "contentTypePattern" : {
          "pattern" : ".*",
          "inverted" : false
        },
        "maxContentSize" : 100,
        "contentPattern" : {
          "pattern" : ".*",
          "caseIgnored" : false,
          "inverted" : false
        }
      },
      "outOfBandChecks" : {
        "enabled" : true,
        "url" : "http://example.com/state",
        "checksWhenGood" : {
          "interval" : 10,
          "switchAfter" : 20
        },
        "checksWhenBad" : {
          "interval" : 10,
          "switchAfter" : 20
        },
        "timeout" : 200,
        "statusPattern" : {
          "enabled" : true,
          "pattern" : ".*",
          "inverted" : false
        },
        "contentPattern" : {
          "enabled" : true,
          "pattern" : ".*",
          "caseIgnored" : false,
          "inverted" : false
        }
      },
      "tls" : {
        "protocol" : "TLSv1_3",
        "cipherSuite" : "myCipher",
        "forceNewSession" : true,
        "serverCertificateValidation" : {
          "enabled" : true,
          "verifyHost" : true,
          "caCertificates" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n" ]
        }
      },
      "expertSettings" : {
        "securityGate" : {
          "enabled" : false,
          "settings" : ""
        }
      }
    }
  }
}

Update a Back-End Group

PATCH /configuration/back-end-groups/{id}

Content-Type application/json

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "back-end-group" for this call.

data.id

String

yes

The ID of the resource to be addressed.

data.attributes.backendHosts[]

Array

no

List of back-end hosts to use for load balancing.

data.attributes.backendHosts[].hostName

String

no

Hostname of the back-end host.

data.attributes.backendHosts[].mode

String

no

The mode a back-end host can be in.

Allowed values:
- ENABLED
- NO_NEW_SESSIONS
- DISABLED

data.attributes.backendHosts[].port

Number

no

Back-end port. Configuring a port is optional if the default ports for HTTP (80) or HTTPS (443) are used.

data.attributes.backendHosts[].protocol

String

no

Protocol used to connect to the back-end application.

Allowed values:
- HTTP
- HTTPS

data.attributes.backendHosts[].spare

Boolean

no

Whether the host is spare.

data.attributes.backendHosts[].weight

Number

no

The weight determines the relative amount of new sessions assigned to a specific back-end host.

data.attributes.conditions

Object

no

Configuration of conditions for mappings with multiple back-end groups.

data.attributes.conditions.clientHostHeaderPattern

Object

no

Client host header to use as condition.

data.attributes.conditions.clientHostHeaderPattern.pattern

String

no

The actual pattern.

data.attributes.conditions.priority

Number

no

The priority guarantees a deterministic selection of the back-end group for a request with a given client host header through a mapping that is connected to multiple back-end groups.
The value can be between -999 (highest priority) and 999 (lowest priority).

data.attributes.expertSettings.securityGate

Object

no

Expert settings for the security gate.

data.attributes.expertSettings.securityGate.enabled

Boolean

no

Whether the Security Gate expert settings are enabled.

data.attributes.expertSettings.securityGate.settings

String

no

Expert settings for the Security Gate.

data.attributes.inBandChecks

Object

no

In-band health checks.

data.attributes.inBandChecks.checkResponseContentEnabled

Boolean

no

Whether to analyze the response content to detect a back-end failure.

data.attributes.inBandChecks.contentPattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.inBandChecks.contentPattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.inBandChecks.contentPattern.pattern

String

no

The actual pattern.

data.attributes.inBandChecks.contentTypePattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.inBandChecks.contentTypePattern.pattern

String

no

The actual pattern.

data.attributes.inBandChecks.enabled

Boolean

no

Whether in-band checks are enabled.

data.attributes.inBandChecks.maxContentSize

Number

no

Number of bytes that must be available before the response body is inspected.

data.attributes.inBandChecks.statusPattern.enabled

Boolean

no

Whether the pattern is enabled.

data.attributes.inBandChecks.statusPattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.inBandChecks.statusPattern.pattern

String

no

The actual pattern.

data.attributes.name

String

no

The unique name of the back-end group.

data.attributes.outOfBandChecks

Object

no

Out-of-band health checks.

data.attributes.outOfBandChecks.checksWhenBad.interval

Number

no

Interval in seconds between individual calls to the check URL in case of a bad back-end.

data.attributes.outOfBandChecks.checksWhenBad.switchAfter

Number

no

Number of subsequent successful requests after which the back-end will be marked as "good".

data.attributes.outOfBandChecks.checksWhenGood.interval

Number

no

Interval in seconds between individual calls to the check URL in case of a good back-end.

data.attributes.outOfBandChecks.checksWhenGood.switchAfter

Number

no

Number of subsequent failed requests after which the back-end will be marked as "bad".

data.attributes.outOfBandChecks.contentPattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.outOfBandChecks.contentPattern.enabled

Boolean

no

Whether the pattern is enabled.

data.attributes.outOfBandChecks.contentPattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.outOfBandChecks.contentPattern.pattern

String

no

The actual pattern.

data.attributes.outOfBandChecks.enabled

Boolean

no

Whether out-of-band checks are enabled.

data.attributes.outOfBandChecks.statusPattern.enabled

Boolean

no

Whether the pattern is enabled.

data.attributes.outOfBandChecks.statusPattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.outOfBandChecks.statusPattern.pattern

String

no

The actual pattern.

data.attributes.outOfBandChecks.timeout

Number

no

Time-out in seconds which will only apply to out-of-band calls to the check URL.

data.attributes.outOfBandChecks.url

String

no

Address of the test page.

data.attributes.tenant

String

no

Tenant of the back-end group.

data.attributes.tls

Object

no

Configuration of the TLS connections to back-ends hosts.

data.attributes.tls.cipherSuite

String

no

Back-end SSL cipher list. For documentation, visit www.openssl.org and search for 'ciphers'.

data.attributes.tls.forceNewSession

Boolean

no

Whether back-end SSL sessions shall be resumed or not.

data.attributes.tls.protocol

String

no

Back-end SSL protocol version.

Allowed values:
- DEFAULT
- TLSv1_0
- TLSv1_1
- TLSv1_2
- TLSv1_3

data.attributes.tls.serverCertificateValidation.caCertificates[]

Array

no

List of Certificate Authorities which are used to verify the server certificate of the back-end hosts.

data.attributes.tls.serverCertificateValidation.enabled

Boolean

no

Indicates if the server certificate will be verified.
If disabled, untrusted server certificates will be accepted without chain validation.

data.attributes.tls.serverCertificateValidation.verifyHost

Boolean

no

Whether the server name is verified against the common name (CN) of the server certificate.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "back-end-group" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.backendHosts[]

Array

List of back-end hosts to use for load balancing.

data.attributes.backendHosts[].hostName

String

Hostname of the back-end host.

data.attributes.backendHosts[].mode

String

The mode a back-end host can be in.

Allowed values:
- ENABLED
- NO_NEW_SESSIONS
- DISABLED

data.attributes.backendHosts[].port

Number

Back-end port. Configuring a port is optional if the default ports for HTTP (80) or HTTPS (443) are used.

data.attributes.backendHosts[].protocol

String

Protocol used to connect to the back-end application.

Allowed values:
- HTTP
- HTTPS

data.attributes.backendHosts[].spare

Boolean

Whether the host is spare.

data.attributes.backendHosts[].weight

Number

The weight determines the relative amount of new sessions assigned to a specific back-end host.

data.attributes.conditions

Object

Configuration of conditions for mappings with multiple back-end groups.

data.attributes.conditions.clientHostHeaderPattern

Object

Client host header to use as condition.

data.attributes.conditions.clientHostHeaderPattern.pattern

String

The actual pattern.

data.attributes.conditions.priority

Number

The priority guarantees a deterministic selection of the back-end group for a request with a given client host header through a mapping that is connected to multiple back-end groups.
The value can be between -999 (highest priority) and 999 (lowest priority).

data.attributes.expertSettings.securityGate

Object

Expert settings for the security gate.

data.attributes.expertSettings.securityGate.enabled

Boolean

Whether the Security Gate expert settings are enabled.

data.attributes.expertSettings.securityGate.settings

String

Expert settings for the Security Gate.

data.attributes.inBandChecks

Object

In-band health checks.

data.attributes.inBandChecks.checkResponseContentEnabled

Boolean

Whether to analyze the response content to detect a back-end failure.

data.attributes.inBandChecks.contentPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.inBandChecks.contentPattern.inverted

Boolean

Whether to invert the match.

data.attributes.inBandChecks.contentPattern.pattern

String

The actual pattern.

data.attributes.inBandChecks.contentTypePattern.inverted

Boolean

Whether to invert the match.

data.attributes.inBandChecks.contentTypePattern.pattern

String

The actual pattern.

data.attributes.inBandChecks.enabled

Boolean

Whether in-band checks are enabled.

data.attributes.inBandChecks.maxContentSize

Number

Number of bytes that must be available before the response body is inspected.

data.attributes.inBandChecks.statusPattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.inBandChecks.statusPattern.inverted

Boolean

Whether to invert the match.

data.attributes.inBandChecks.statusPattern.pattern

String

The actual pattern.

data.attributes.name

String

The unique name of the back-end group.

data.attributes.outOfBandChecks

Object

Out-of-band health checks.

data.attributes.outOfBandChecks.checksWhenBad.interval

Number

Interval in seconds between individual calls to the check URL in case of a bad back-end.

data.attributes.outOfBandChecks.checksWhenBad.switchAfter

Number

Number of subsequent successful requests after which the back-end will be marked as "good".

data.attributes.outOfBandChecks.checksWhenGood.interval

Number

Interval in seconds between individual calls to the check URL in case of a good back-end.

data.attributes.outOfBandChecks.checksWhenGood.switchAfter

Number

Number of subsequent failed requests after which the back-end will be marked as "bad".

data.attributes.outOfBandChecks.contentPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.outOfBandChecks.contentPattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.outOfBandChecks.contentPattern.inverted

Boolean

Whether to invert the match.

data.attributes.outOfBandChecks.contentPattern.pattern

String

The actual pattern.

data.attributes.outOfBandChecks.enabled

Boolean

Whether out-of-band checks are enabled.

data.attributes.outOfBandChecks.statusPattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.outOfBandChecks.statusPattern.inverted

Boolean

Whether to invert the match.

data.attributes.outOfBandChecks.statusPattern.pattern

String

The actual pattern.

data.attributes.outOfBandChecks.timeout

Number

Time-out in seconds which will only apply to out-of-band calls to the check URL.

data.attributes.outOfBandChecks.url

String

Address of the test page.

data.attributes.tenant

String

Tenant of the back-end group.

data.attributes.tls

Object

Configuration of the TLS connections to back-ends hosts.

data.attributes.tls.cipherSuite

String

Back-end SSL cipher list. For documentation, visit www.openssl.org and search for 'ciphers'.

data.attributes.tls.forceNewSession

Boolean

Whether back-end SSL sessions shall be resumed or not.

data.attributes.tls.protocol

String

Back-end SSL protocol version.

Allowed values:
- DEFAULT
- TLSv1_0
- TLSv1_1
- TLSv1_2
- TLSv1_3

data.attributes.tls.serverCertificateValidation.caCertificates[]

Array

List of Certificate Authorities which are used to verify the server certificate of the back-end hosts.

data.attributes.tls.serverCertificateValidation.enabled

Boolean

Indicates if the server certificate will be verified.
If disabled, untrusted server certificates will be accepted without chain validation.

data.attributes.tls.serverCertificateValidation.verifyHost

Boolean

Whether the server name is verified against the common name (CN) of the server certificate.

data.relationships.mappings.data[]

Array

The mapping references.

data.relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.mappings.data[].id

String

The ID of the mapping resource.

data.relationships.kerberos-environment.data

Object

The kerberos-environment references.

data.relationships.kerberos-environment.data.type

String

The data type of the referenced resource. Must be "kerberos-environment" for this call.

data.relationships.kerberos-environment.data.id

String

The ID of the kerberos-environment resource.

data.relationships.client-certificate.data

Object

The ssl-certificate references.

data.relationships.client-certificate.data.type

String

The data type of the referenced resource. Must be "ssl-certificate" for this call.

data.relationships.client-certificate.data.id

String

The ID of the ssl-certificate resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/back-end-groups/1" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "back-end-group",
    "id" : "1",
    "attributes" : {
      "name" : "mybackendgroup",
      "tenant" : "AirlockBankingCo",
      "backendHosts" : [ {
        "protocol" : "HTTP",
        "hostName" : "example.com",
        "port" : 80,
        "mode" : "ENABLED",
        "spare" : false,
        "weight" : 200
      } ],
      "conditions" : {
        "priority" : 100,
        "clientHostHeaderPattern" : {
          "pattern" : "^myvirtualhost[.](airlock|example)[.]com$"
        }
      },
      "inBandChecks" : {
        "enabled" : true,
        "statusPattern" : {
          "enabled" : true,
          "pattern" : ".*",
          "inverted" : false
        },
        "checkResponseContentEnabled" : true,
        "contentTypePattern" : {
          "pattern" : ".*",
          "inverted" : false
        },
        "maxContentSize" : 100,
        "contentPattern" : {
          "pattern" : ".*",
          "caseIgnored" : false,
          "inverted" : false
        }
      },
      "outOfBandChecks" : {
        "enabled" : true,
        "url" : "http://example.com/state",
        "checksWhenGood" : {
          "interval" : 10,
          "switchAfter" : 20
        },
        "checksWhenBad" : {
          "interval" : 10,
          "switchAfter" : 20
        },
        "timeout" : 200,
        "statusPattern" : {
          "enabled" : true,
          "pattern" : ".*",
          "inverted" : false
        },
        "contentPattern" : {
          "enabled" : true,
          "pattern" : ".*",
          "caseIgnored" : false,
          "inverted" : false
        }
      },
      "tls" : {
        "protocol" : "TLSv1_3",
        "cipherSuite" : "myCipher",
        "forceNewSession" : true,
        "serverCertificateValidation" : {
          "enabled" : true,
          "verifyHost" : true,
          "caCertificates" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n" ]
        }
      },
      "expertSettings" : {
        "securityGate" : {
          "enabled" : false,
          "settings" : ""
        }
      }
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 4842

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:16.748Z"
  },
  "data" : {
    "type" : "back-end-group",
    "id" : "1",
    "attributes" : {
      "name" : "mybackendgroup",
      "tenant" : "AirlockBankingCo",
      "backendHosts" : [ {
        "protocol" : "HTTP",
        "hostName" : "example.com",
        "port" : 80,
        "mode" : "ENABLED",
        "spare" : false,
        "weight" : 200
      } ],
      "conditions" : {
        "priority" : 100,
        "clientHostHeaderPattern" : {
          "pattern" : "^myvirtualhost[.](airlock|example)[.]com$"
        }
      },
      "inBandChecks" : {
        "enabled" : true,
        "statusPattern" : {
          "enabled" : true,
          "pattern" : ".*",
          "inverted" : false
        },
        "checkResponseContentEnabled" : true,
        "contentTypePattern" : {
          "pattern" : ".*",
          "inverted" : false
        },
        "maxContentSize" : 100,
        "contentPattern" : {
          "pattern" : ".*",
          "caseIgnored" : false,
          "inverted" : false
        }
      },
      "outOfBandChecks" : {
        "enabled" : true,
        "url" : "http://example.com/state",
        "checksWhenGood" : {
          "interval" : 10,
          "switchAfter" : 20
        },
        "checksWhenBad" : {
          "interval" : 10,
          "switchAfter" : 20
        },
        "timeout" : 200,
        "statusPattern" : {
          "enabled" : true,
          "pattern" : ".*",
          "inverted" : false
        },
        "contentPattern" : {
          "enabled" : true,
          "pattern" : ".*",
          "caseIgnored" : false,
          "inverted" : false
        }
      },
      "tls" : {
        "protocol" : "TLSv1_3",
        "cipherSuite" : "myCipher",
        "forceNewSession" : true,
        "serverCertificateValidation" : {
          "enabled" : true,
          "verifyHost" : true,
          "caCertificates" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n" ]
        }
      },
      "expertSettings" : {
        "securityGate" : {
          "enabled" : false,
          "settings" : ""
        }
      }
    }
  }
}

Delete a Back-End Group

DELETE /configuration/back-end-groups/{id}

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/back-end-groups/1" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Change mode of a Back-End Host

POST /configuration/back-end-groups/{id}/host-mode

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "back-end-host-mode-change" for this call.

data.attributes.hostName

String

yes

Hostname of the back-end.

data.attributes.mode

String

yes

New mode for the back-end host to set.

Allowed values:
- ENABLED
- NO_NEW_SESSIONS
- DISABLED

data.attributes.port

String

yes

Port on which the back-end host is listening. If omitted, the default ports for HTTP (80) and HTTPS (443) are used.

data.attributes.protocol

String

yes

Protocol used by the back-end host.

Allowed values:
- HTTP
- HTTPS

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "back-end-group" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.backendHosts[]

Array

List of back-end hosts to use for load balancing.

data.attributes.backendHosts[].hostName

String

Hostname of the back-end host.

data.attributes.backendHosts[].mode

String

The mode a back-end host can be in.

Allowed values:
- ENABLED
- NO_NEW_SESSIONS
- DISABLED

data.attributes.backendHosts[].port

Number

Back-end port. Configuring a port is optional if the default ports for HTTP (80) or HTTPS (443) are used.

data.attributes.backendHosts[].protocol

String

Protocol used to connect to the back-end application.

Allowed values:
- HTTP
- HTTPS

data.attributes.backendHosts[].spare

Boolean

Whether the host is spare.

data.attributes.backendHosts[].weight

Number

The weight determines the relative amount of new sessions assigned to a specific back-end host.

data.attributes.conditions

Object

Configuration of conditions for mappings with multiple back-end groups.

data.attributes.conditions.clientHostHeaderPattern

Object

Client host header to use as condition.

data.attributes.conditions.clientHostHeaderPattern.pattern

String

The actual pattern.

data.attributes.conditions.priority

Number

The priority guarantees a deterministic selection of the back-end group for a request with a given client host header through a mapping that is connected to multiple back-end groups.
The value can be between -999 (highest priority) and 999 (lowest priority).

data.attributes.expertSettings.securityGate

Object

Expert settings for the security gate.

data.attributes.expertSettings.securityGate.enabled

Boolean

Whether the Security Gate expert settings are enabled.

data.attributes.expertSettings.securityGate.settings

String

Expert settings for the Security Gate.

data.attributes.inBandChecks

Object

In-band health checks.

data.attributes.inBandChecks.checkResponseContentEnabled

Boolean

Whether to analyze the response content to detect a back-end failure.

data.attributes.inBandChecks.contentPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.inBandChecks.contentPattern.inverted

Boolean

Whether to invert the match.

data.attributes.inBandChecks.contentPattern.pattern

String

The actual pattern.

data.attributes.inBandChecks.contentTypePattern.inverted

Boolean

Whether to invert the match.

data.attributes.inBandChecks.contentTypePattern.pattern

String

The actual pattern.

data.attributes.inBandChecks.enabled

Boolean

Whether in-band checks are enabled.

data.attributes.inBandChecks.maxContentSize

Number

Number of bytes that must be available before the response body is inspected.

data.attributes.inBandChecks.statusPattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.inBandChecks.statusPattern.inverted

Boolean

Whether to invert the match.

data.attributes.inBandChecks.statusPattern.pattern

String

The actual pattern.

data.attributes.name

String

The unique name of the back-end group.

data.attributes.outOfBandChecks

Object

Out-of-band health checks.

data.attributes.outOfBandChecks.checksWhenBad.interval

Number

Interval in seconds between individual calls to the check URL in case of a bad back-end.

data.attributes.outOfBandChecks.checksWhenBad.switchAfter

Number

Number of subsequent successful requests after which the back-end will be marked as "good".

data.attributes.outOfBandChecks.checksWhenGood.interval

Number

Interval in seconds between individual calls to the check URL in case of a good back-end.

data.attributes.outOfBandChecks.checksWhenGood.switchAfter

Number

Number of subsequent failed requests after which the back-end will be marked as "bad".

data.attributes.outOfBandChecks.contentPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.outOfBandChecks.contentPattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.outOfBandChecks.contentPattern.inverted

Boolean

Whether to invert the match.

data.attributes.outOfBandChecks.contentPattern.pattern

String

The actual pattern.

data.attributes.outOfBandChecks.enabled

Boolean

Whether out-of-band checks are enabled.

data.attributes.outOfBandChecks.statusPattern.enabled

Boolean

Whether the pattern is enabled.

data.attributes.outOfBandChecks.statusPattern.inverted

Boolean

Whether to invert the match.

data.attributes.outOfBandChecks.statusPattern.pattern

String

The actual pattern.

data.attributes.outOfBandChecks.timeout

Number

Time-out in seconds which will only apply to out-of-band calls to the check URL.

data.attributes.outOfBandChecks.url

String

Address of the test page.

data.attributes.tenant

String

Tenant of the back-end group.

data.attributes.tls

Object

Configuration of the TLS connections to back-ends hosts.

data.attributes.tls.cipherSuite

String

Back-end SSL cipher list. For documentation, visit www.openssl.org and search for 'ciphers'.

data.attributes.tls.forceNewSession

Boolean

Whether back-end SSL sessions shall be resumed or not.

data.attributes.tls.protocol

String

Back-end SSL protocol version.

Allowed values:
- DEFAULT
- TLSv1_0
- TLSv1_1
- TLSv1_2
- TLSv1_3

data.attributes.tls.serverCertificateValidation.caCertificates[]

Array

List of Certificate Authorities which are used to verify the server certificate of the back-end hosts.

data.attributes.tls.serverCertificateValidation.enabled

Boolean

Indicates if the server certificate will be verified.
If disabled, untrusted server certificates will be accepted without chain validation.

data.attributes.tls.serverCertificateValidation.verifyHost

Boolean

Whether the server name is verified against the common name (CN) of the server certificate.

data.relationships.mappings.data[]

Array

The mapping references.

data.relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.mappings.data[].id

String

The ID of the mapping resource.

data.relationships.client-certificate.data

Object

The ssl-certificate references.

data.relationships.client-certificate.data.type

String

The data type of the referenced resource. Must be "ssl-certificate" for this call.

data.relationships.client-certificate.data.id

String

The ID of the ssl-certificate resource.

data.relationships.kerberos-environment.data

Object

The kerberos-environment references.

data.relationships.kerberos-environment.data.type

String

The data type of the referenced resource. Must be "kerberos-environment" for this call.

data.relationships.kerberos-environment.data.id

String

The ID of the kerberos-environment resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/back-end-groups/1/host-mode" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "back-end-host-mode-change",
    "attributes" : {
      "protocol" : "HTTP",
      "hostName" : "myBackendHost",
      "port" : "80",
      "mode" : "NO_NEW_SESSIONS"
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2129

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:15.726Z"
  },
  "data" : {
    "type" : "back-end-group",
    "id" : "1",
    "attributes" : {
      "name" : "myBackendGroup",
      "tenant" : "",
      "backendHosts" : [ {
        "protocol" : "HTTP",
        "hostName" : "myBackendHost",
        "port" : 80,
        "mode" : "NO_NEW_SESSIONS",
        "spare" : false,
        "weight" : 100
      } ],
      "conditions" : {
        "priority" : 0,
        "clientHostHeaderPattern" : {
          "pattern" : ""
        }
      },
      "inBandChecks" : {
        "enabled" : false,
        "statusPattern" : {
          "enabled" : true,
          "pattern" : "^503$",
          "inverted" : false
        },
        "checkResponseContentEnabled" : false,
        "contentTypePattern" : {
          "pattern" : "^(text|application)/(html|xhtml)",
          "inverted" : false
        },
        "maxContentSize" : 512,
        "contentPattern" : {
          "pattern" : "Service Unavailable",
          "caseIgnored" : true,
          "inverted" : false
        }
      },
      "outOfBandChecks" : {
        "enabled" : false,
        "url" : "/",
        "checksWhenGood" : {
          "interval" : 5,
          "switchAfter" : 3
        },
        "checksWhenBad" : {
          "interval" : 3,
          "switchAfter" : 3
        },
        "timeout" : 2,
        "statusPattern" : {
          "enabled" : true,
          "pattern" : "^503$",
          "inverted" : false
        },
        "contentPattern" : {
          "enabled" : false,
          "pattern" : "Service Unavailable",
          "caseIgnored" : true,
          "inverted" : false
        }
      },
      "tls" : {
        "protocol" : "DEFAULT",
        "cipherSuite" : "DEFAULT",
        "forceNewSession" : false,
        "serverCertificateValidation" : {
          "enabled" : true,
          "verifyHost" : true,
          "caCertificates" : [ ]
        }
      },
      "expertSettings" : {
        "securityGate" : {
          "enabled" : false,
          "settings" : ""
        }
      }
    }
  }
}

Add Mapping Connections

PATCH /configuration/back-end-groups/{id}/relationships/mappings

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "mapping" for this call.

data[].id

String

yes

The ID of the referenced "mapping" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/back-end-groups/1/relationships/mappings" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "mapping",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove Mapping Connections

DELETE /configuration/back-end-groups/{id}/relationships/mappings

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "mapping" for this call.

data[].id

String

yes

The ID of the referenced "mapping" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/back-end-groups/1/relationships/mappings" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "mapping",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Add Kerberos Connection

PATCH /configuration/back-end-groups/{id}/relationships/kerberos-environment

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "kerberos-environment" for this call.

data.id

String

yes

The ID of the referenced "kerberos-environment" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/back-end-groups/1/relationships/kerberos-environment" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "kerberos-environment",
    "id" : "4"
  }
}'

Example Response

HTTP/1.1 204 No Content

Remove Kerberos Connection

DELETE /configuration/back-end-groups/{id}/relationships/kerberos-environment

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/back-end-groups/1/relationships/kerberos-environment" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Add Client Certificate Connection

PATCH /configuration/back-end-groups/{id}/relationships/client-certificate

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "ssl-certificate" for this call.

data.id

String

yes

The ID of the referenced "ssl-certificate" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/back-end-groups/1/relationships/client-certificate" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "ssl-certificate",
    "id" : "4"
  }
}'

Example Response

HTTP/1.1 204 No Content

Remove Client Certificate Connection

DELETE /configuration/back-end-groups/{id}/relationships/client-certificate

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "ssl-certificate" for this call.

data.id

String

yes

The ID of the referenced "ssl-certificate" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/back-end-groups/1/relationships/client-certificate" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "ssl-certificate",
    "id" : "4"
  }
}'

Example Response

HTTP/1.1 204 No Content

SSL Certificate

Access all SSL Certificates

GET /configuration/ssl-certificates

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "ssl-certificate" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.certType

String

Type of the certificate.

Allowed values:
- SERVER_CERT
- CLIENT_CERT

data[].attributes.certificate

String

Certificate in PEM format.

data[].attributes.certificateChain[]

Array

List of all intermediate CA certificates in the server certificate’s CA chain in PEM format.

data[].attributes.privateKey

String

Private key for the certificate in PEM format (can be encrypted).

data[].attributes.rootCaCertificate

String

Root CA certificate in PEM format.

data[].relationships.virtual-hosts.data[]

Array

The virtual-host references.

data[].relationships.virtual-hosts.data[].type

String

The data type of the referenced resource. Must be "virtual-host" for this call.

data[].relationships.virtual-hosts.data[].id

String

The ID of the virtual-host resource.

data[].relationships.remote-json-web-key-sets.data[]

Array

The remote-json-web-key-set references.

data[].relationships.remote-json-web-key-sets.data[].type

String

The data type of the referenced resource. Must be "remote-json-web-key-set" for this call.

data[].relationships.remote-json-web-key-sets.data[].id

String

The ID of the remote-json-web-key-set resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 16252

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:51.698Z"
  },
  "data" : [ {
    "type" : "ssl-certificate",
    "id" : "-1000",
    "attributes" : {
      "certificate" : "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n",
      "privateKey" : "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,C5189547CFDBEC5B\n\nKUOALsIUb+GKVxTF1tBeZBGJucah8kWfbVr0LNhUz2MflaKV4AmwN2N+S2KPvqeP\nEg/SicmC8O/J2jcLhrLrXvaL9YWCFYHs27fFACHhbaFC7Xr6WKKAS3hMZQcS2pXc\niij76MPykwxj2aEg8XAn0KqQ+bbkrPhNZfzKCv6KSPM3VOKD7fSE8FHAC8i4cE6D\nnc616mlXMH6G2urB53y4GMlYutkhin5Q5lp3OzGEWs0vVzitmVQ4geRWs5Sg4ctm\nrmnuC0wuajjDvh0momdXNV5yKWIi/sqNrRUAN/hEgQo/LeOlRpDTYPZis+vmh6zz\nVJ0+YyslcKRDhKuz41yki9tss8OjAkJ/bqFpAYW8QfVIAbti5aXEDQwLRrar8NpZ\nYMjT9nKFtY2HAa3NRk6VI9xF1eupEqIdybP/qC71Qera/CZa6q7sEM9BMuQ2bJlE\nnW8Ugvdlk8Suk6XNMxqvCuXYdusgIy9Go6F1o6UrNf7legsa27QeQuX4TL5A37be\nSgZzC3WbMHRPa2FlsB7QIqBlkq/ZQlKmLKX595IxPqEvlNVp+pKo4/sStAAFVyVo\nOAxOEa56PLOJwrRAI66ufKJl/og9pW6qZhEprSIFOZ0GYEAho2qFO7kxF3RK4hqK\n5r32+qtgqbYU4CoMww0MlDj/3TSjNIPNSz5KMXu8cg570ppAQ1pYBL3NhJkKNKHx\nv9yhtszdDlACKok9rqp3LdTWgJI+Lw3H3SP5Xidzg0nOtvnS0LD/huE0thnfkuaB\nLTBSvdFR6sQFtNcxppwKC1X0PDoQuwiNB/J51LpnQ1D1ho/Zor6cRhKEaYACdb2Q\nS/UT6NRzbpS/P4GU06tN8msNaBaPAWWoUECJNX7Dyiq1mk3AzQUmJksGQIcoy1D4\nmAT24Vk/xztrL116R+OIhdNq42BME0w2RRaqcohPLqVa8HTGEsJf7prieov3hQbN\nXVmxG5ewnTj0ozsGY/NQGkdzwmjsThs1UoSAEIQCSDUAEa7UAoLq+Kud+JpaAUvh\n4LTU3T8x0J+HZEclyEqKLzFf3QVAiTR6afTwUAQFNdrjhb0LKgBlEBD1RxXAWikm\nv5/FBViWcaRAJpLKcGB4bWQbEHp5u9U5XyXZtbpwPnRJzFlhhBuxVV8aeCpyBqDs\nSdRo0QmAs/vxzkgVl0XKbm9zJM7D9ZJxa6Ko55uo0gNK8DEduS/F53tJiNFKb1lY\nBBjqugCtKexynS3N4cknJTkq9KFvE27s6FNqOYiOUh9GzTTz3+0Ye+OcyIcONlHd\n8KhijeJWTM7yt7A3ZAUQGFks9nJQONMRKVykzQyRCEbKoqUqf1DrZUcLD8H6TuMt\nR7j4v1KVvptaxBkDqvXhBaqgLc4ug/p2fsXNZ8VXiogskJtTLBzb5eo/s015E72H\nOHNJSiWgG2Yzd7QF1MVZvzpsdSi9/lvuTtzTx5U2P/v+inYIMWNT2DU03Z2X2j2a\n+jkI9aTnN46UNiCPE+FVx0j+Hd2n0hUaEYyy9dtMQ5gn/DYaTF+cuTMdGmLpL2+P\nigiIPf3LlAwUwd+l9iMrDFhDtOa8rQGi8way1gamV9tk0z6AHfFAoYTmA6M0JU0c\n-----END RSA PRIVATE KEY-----\n",
      "certificateChain" : [ "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n" ],
      "rootCaCertificate" : "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n",
      "certType" : "SERVER_CERT"
    },
    "relationships" : {
      "virtual-hosts" : {
        "data" : [ {
          "type" : "virtual-host",
          "id" : "200"
        }, {
          "type" : "virtual-host",
          "id" : "300"
        } ]
      },
      "remote-json-web-key-sets" : {
        "data" : [ {
          "type" : "remote-json-web-key-set",
          "id" : "400"
        }, {
          "type" : "remote-json-web-key-set",
          "id" : "400"
        } ]
      }
    }
  }, {
    "type" : "ssl-certificate",
    "id" : "1",
    "attributes" : {
      "certificate" : "-----BEGIN CERTIFICATE-----\nMIIEaTCCA9KgAwIBAgIBCTANBgkqhkiG9w0BAQUFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wIBcNMTIwOTEzMDkzMzE3WhgPMjA5NDExMDIwOTMzMTdaMIGSMQswCQYD\nVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxHDAaBgNV\nBAoTE0VyZ29uIEluZm9ybWF0aWsgQUcxHDAaBgNVBAMTE2FpcmxvY2suaG9zdC5k\nb21haW4xJTAjBgkqhkiG9w0BCQEWFmFpcmxvY2stZGV2ZWxAZXJnb24uY2gwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwLD++du1o+I0+080T1/VQ+PC5\nXR52b9kSMY3kAML0pG+JTXB61YssCa3jfG8cs+IVKK9gsu2s+SzB/AEJoQeG5De+\nO6p4z2vsGOTz2P9rIEA7fS5o2BKu2WRV+5RJa4w2WbQgNPolmnVvpUaZqc87y/YM\nI60ZBKCBd7GUTIw1KaldiyL8mi2OVjenTVo9dobnbXRpb4U3ziIHrPFrf/M4t7f7\nTeSGrqjRAd8rY2fu39jLweZAyZHzUkNoA/81tSQJ967WaP1I3YMdiUz9vqAImB6B\nzS33WST5MOi92YIUFL6rm3ITBF/X7tgYz2uhFNoFvMf3goRriGERkxB6ovSPAgMB\nAAGjggE0MIIBMDAJBgNVHRMEAjAAMDEGCWCGSAGG+EIBDQQkFiJTZWNsdXRpb25z\nIHRlc3RzdWl0ZUNBIGNlcnRpZmljYXRlMB0GA1UdDgQWBBSXq/aDOorEQmKEFAPx\nvpSP809RozCB0AYDVR0jBIHIMIHFgBRQPwWqPXrmjSsagxrpwlzLLXNvt6GBqaSB\npjCBozELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVy\naWNoMSIwIAYDVQQKExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQD\nExp0ZXN0c3VpdGVDQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVz\ndHN1aXRlQ0FAc2VjbHV0aW9ucy5jb22CAQAwDQYJKoZIhvcNAQEFBQADgYEAE+f1\n+0bs978AnmysqCGW50yJzb9HiYXkisGoZJaGvSrTp+V5bUC9/ZOyhchP06g56OJG\n87KsluBnVSYtdr8ktudk+bnKB26gtY5ZlLT0vTMX2ZgAVQvmCR6kDK77r+woKshW\ng+jN2LaaZGLXm9TZIhgEdzUn5HUB9lDtXUcgRgw=\n-----END CERTIFICATE-----\n",
      "privateKey" : "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,C25730E419F3C597\n\n1hVqxCTfprR/RabWcYGf+ciWj/5mzW14eypJ1fEzaJlVHpuCluNQ7RUMzLl1kSkH\nn2BVCEhNmuqm+I3T88HaAeoKvprLdiMpUwTJlwkZNhaTN46QyqpgGWjIYMJ1/bgH\nsT30xDg9+FdhQnrQQnj2EYy8HeC4teu/bc7cO13ZHfdplDVW+wfhyWAsuj7rfuA0\n1XarTKQwEZvfSUOCpNM3+CkX4Syu6G0SFip4NBe7f8vJADEB1UWMSYRCFled9EmL\nPJo3aX1f3Ji8Mud+83h896mBku0XWPTZQieRRZqiiQtGqf40pmtdjDiC4zQoDxm7\niVmUW31iYL6ESUoVgTKRshC45XSnrGclIeG9GMrqSNFXqYpzPh30KwHkWXfR8EqN\nhi4bJ7L5O0w0NNQIBhO5sTXqHe3objxztZlx0zMgFSaK5mwEdum+0Kmv+DRjExlf\n1l6/kdhMiIjw+PHh6FP2URcx49DIM1cQir1wofWsD5BiTGFIL9jyo5oo16YFWoLx\nfKJjQDnH04SvVQKM5xtIfJP9gp1G7seMaE4SXiVZ9gtEuz0Ws8BJo6gdWeYudhcd\nML8sj/QpVqnNRGsPpQdwlugaB4+eLDsST/Z4dOTloNuXtzuGMs4jXNTJVlAT0lC/\nPn9H6TnX8ixCVYZmqJHvX5aLAV0AUZNYT/AncZj6KzOrCHf6HmUc0y1nYO8ZKu7J\n1nkRUvViqPol9s/5tn01Dg5iIGklJgLf0+vLpV2K1DlJL53WsB14Nqt/cZaOLuq1\n9GaOTDL/GpJwlqH85KI04gG2m+HOBKAUUs9vewFLSgjIRihdLbHYIl3VkAJlZSFu\nYMdutVbbF+hT/TJe9daFlT2w+d7XuTgK2Q37N1J4CbW3tdwQrj8RsK35/a/QVbs9\nRXj7fRqqwAivRmdHENqif8RUNmeMS7/cQtp1K71Kc89bM7TkBH/rE3Iw3QtnzMy4\n8XAtvVDtdS66uPuw9NvzhnaSRFUPOgZ1ywHWH1kcykHjiv/fqA62qqTVaslIvUvr\njXVvYd1BVF5dPZSKoRKOLPnrDacZqnbUkbl1pBHnkfnu3eLyFLmurcc1dhT1S+3F\nfH+6UrSWyKbanoQgUsr+rlTMwfbDX6aDDHPseqsSLk38uBIJ+v/G8oIRMpKjzOja\no7X2xL4mISrAfB3DNkVm+Qdf4uex/NYJhaaT8CrnYdOgERvSNtIPW2gsqUVPvdil\nnEwJ+au6quvBTUAw1zVU7746F5Rf/DWOhKOE/Hsndjuv/PqAVMGeV5K+laAj8huE\nTb6SvO+ZcHIBW4nDFN7e9avx8l4xI8+QWKLUAcsDzaXUv7AJFNCCq+37IGJqszhT\n4zDzNtnWXvk5LzqcrTmsyObg7PZiDhbr64EdVZnqAIMMV/Xu/L52h697a15NqoO5\nRTxMy30ANjb30V1nghGOsoBrNhw6EnifhVk3QxLsLsVL3EU2QZXGoC9ieR85pL4E\n9UVJ+Fgs8gGjYVe/lmhqj6XdoC5r5rOzDCtEO25WiFKVYAXaPuk3myRys+aQArXP\npUyFwsfmX46aEbwLF9VpURoDx08eRrqkuLzmVJcXrTMn9G0xQFWMZw==\n-----END RSA PRIVATE KEY-----\n",
      "certificateChain" : [ "-----BEGIN CERTIFICATE-----\nMIIEaTCCA9KgAwIBAgIBCTANBgkqhkiG9w0BAQUFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wIBcNMTIwOTEzMDkzMzE3WhgPMjA5NDExMDIwOTMzMTdaMIGSMQswCQYD\nVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxHDAaBgNV\nBAoTE0VyZ29uIEluZm9ybWF0aWsgQUcxHDAaBgNVBAMTE2FpcmxvY2suaG9zdC5k\nb21haW4xJTAjBgkqhkiG9w0BCQEWFmFpcmxvY2stZGV2ZWxAZXJnb24uY2gwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwLD++du1o+I0+080T1/VQ+PC5\nXR52b9kSMY3kAML0pG+JTXB61YssCa3jfG8cs+IVKK9gsu2s+SzB/AEJoQeG5De+\nO6p4z2vsGOTz2P9rIEA7fS5o2BKu2WRV+5RJa4w2WbQgNPolmnVvpUaZqc87y/YM\nI60ZBKCBd7GUTIw1KaldiyL8mi2OVjenTVo9dobnbXRpb4U3ziIHrPFrf/M4t7f7\nTeSGrqjRAd8rY2fu39jLweZAyZHzUkNoA/81tSQJ967WaP1I3YMdiUz9vqAImB6B\nzS33WST5MOi92YIUFL6rm3ITBF/X7tgYz2uhFNoFvMf3goRriGERkxB6ovSPAgMB\nAAGjggE0MIIBMDAJBgNVHRMEAjAAMDEGCWCGSAGG+EIBDQQkFiJTZWNsdXRpb25z\nIHRlc3RzdWl0ZUNBIGNlcnRpZmljYXRlMB0GA1UdDgQWBBSXq/aDOorEQmKEFAPx\nvpSP809RozCB0AYDVR0jBIHIMIHFgBRQPwWqPXrmjSsagxrpwlzLLXNvt6GBqaSB\npjCBozELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVy\naWNoMSIwIAYDVQQKExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQD\nExp0ZXN0c3VpdGVDQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVz\ndHN1aXRlQ0FAc2VjbHV0aW9ucy5jb22CAQAwDQYJKoZIhvcNAQEFBQADgYEAE+f1\n+0bs978AnmysqCGW50yJzb9HiYXkisGoZJaGvSrTp+V5bUC9/ZOyhchP06g56OJG\n87KsluBnVSYtdr8ktudk+bnKB26gtY5ZlLT0vTMX2ZgAVQvmCR6kDK77r+woKshW\ng+jN2LaaZGLXm9TZIhgEdzUn5HUB9lDtXUcgRgw=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n" ],
      "rootCaCertificate" : "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n",
      "certType" : "SERVER_CERT"
    },
    "relationships" : {
      "virtual-hosts" : {
        "data" : [ {
          "type" : "virtual-host",
          "id" : "1200"
        }, {
          "type" : "virtual-host",
          "id" : "1300"
        } ]
      }
    }
  } ]
}

Access a SSL Certificate

GET /configuration/ssl-certificates/{id}

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "ssl-certificate" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.certType

String

Type of the certificate.

Allowed values:
- SERVER_CERT
- CLIENT_CERT

data.attributes.certificate

String

Certificate in PEM format.

data.attributes.certificateChain[]

Array

List of all intermediate CA certificates in the server certificate’s CA chain in PEM format.

data.attributes.privateKey

String

Private key for the certificate in PEM format (can be encrypted).

data.attributes.rootCaCertificate

String

Root CA certificate in PEM format.

data.relationships.virtual-hosts.data[]

Array

The virtual-host references.

data.relationships.virtual-hosts.data[].type

String

The data type of the referenced resource. Must be "virtual-host" for this call.

data.relationships.virtual-hosts.data[].id

String

The ID of the virtual-host resource.

data.relationships.remote-json-web-key-sets.data[]

Array

The remote-json-web-key-set references.

data.relationships.remote-json-web-key-sets.data[].type

String

The data type of the referenced resource. Must be "remote-json-web-key-set" for this call.

data.relationships.remote-json-web-key-sets.data[].id

String

The ID of the remote-json-web-key-set resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates/1" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 8369

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:41.124Z"
  },
  "data" : {
    "type" : "ssl-certificate",
    "id" : "1",
    "attributes" : {
      "certificate" : "-----BEGIN CERTIFICATE-----\nMIIEaTCCA9KgAwIBAgIBCTANBgkqhkiG9w0BAQUFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wIBcNMTIwOTEzMDkzMzE3WhgPMjA5NDExMDIwOTMzMTdaMIGSMQswCQYD\nVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxHDAaBgNV\nBAoTE0VyZ29uIEluZm9ybWF0aWsgQUcxHDAaBgNVBAMTE2FpcmxvY2suaG9zdC5k\nb21haW4xJTAjBgkqhkiG9w0BCQEWFmFpcmxvY2stZGV2ZWxAZXJnb24uY2gwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwLD++du1o+I0+080T1/VQ+PC5\nXR52b9kSMY3kAML0pG+JTXB61YssCa3jfG8cs+IVKK9gsu2s+SzB/AEJoQeG5De+\nO6p4z2vsGOTz2P9rIEA7fS5o2BKu2WRV+5RJa4w2WbQgNPolmnVvpUaZqc87y/YM\nI60ZBKCBd7GUTIw1KaldiyL8mi2OVjenTVo9dobnbXRpb4U3ziIHrPFrf/M4t7f7\nTeSGrqjRAd8rY2fu39jLweZAyZHzUkNoA/81tSQJ967WaP1I3YMdiUz9vqAImB6B\nzS33WST5MOi92YIUFL6rm3ITBF/X7tgYz2uhFNoFvMf3goRriGERkxB6ovSPAgMB\nAAGjggE0MIIBMDAJBgNVHRMEAjAAMDEGCWCGSAGG+EIBDQQkFiJTZWNsdXRpb25z\nIHRlc3RzdWl0ZUNBIGNlcnRpZmljYXRlMB0GA1UdDgQWBBSXq/aDOorEQmKEFAPx\nvpSP809RozCB0AYDVR0jBIHIMIHFgBRQPwWqPXrmjSsagxrpwlzLLXNvt6GBqaSB\npjCBozELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVy\naWNoMSIwIAYDVQQKExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQD\nExp0ZXN0c3VpdGVDQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVz\ndHN1aXRlQ0FAc2VjbHV0aW9ucy5jb22CAQAwDQYJKoZIhvcNAQEFBQADgYEAE+f1\n+0bs978AnmysqCGW50yJzb9HiYXkisGoZJaGvSrTp+V5bUC9/ZOyhchP06g56OJG\n87KsluBnVSYtdr8ktudk+bnKB26gtY5ZlLT0vTMX2ZgAVQvmCR6kDK77r+woKshW\ng+jN2LaaZGLXm9TZIhgEdzUn5HUB9lDtXUcgRgw=\n-----END CERTIFICATE-----\n",
      "privateKey" : "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,C25730E419F3C597\n\n1hVqxCTfprR/RabWcYGf+ciWj/5mzW14eypJ1fEzaJlVHpuCluNQ7RUMzLl1kSkH\nn2BVCEhNmuqm+I3T88HaAeoKvprLdiMpUwTJlwkZNhaTN46QyqpgGWjIYMJ1/bgH\nsT30xDg9+FdhQnrQQnj2EYy8HeC4teu/bc7cO13ZHfdplDVW+wfhyWAsuj7rfuA0\n1XarTKQwEZvfSUOCpNM3+CkX4Syu6G0SFip4NBe7f8vJADEB1UWMSYRCFled9EmL\nPJo3aX1f3Ji8Mud+83h896mBku0XWPTZQieRRZqiiQtGqf40pmtdjDiC4zQoDxm7\niVmUW31iYL6ESUoVgTKRshC45XSnrGclIeG9GMrqSNFXqYpzPh30KwHkWXfR8EqN\nhi4bJ7L5O0w0NNQIBhO5sTXqHe3objxztZlx0zMgFSaK5mwEdum+0Kmv+DRjExlf\n1l6/kdhMiIjw+PHh6FP2URcx49DIM1cQir1wofWsD5BiTGFIL9jyo5oo16YFWoLx\nfKJjQDnH04SvVQKM5xtIfJP9gp1G7seMaE4SXiVZ9gtEuz0Ws8BJo6gdWeYudhcd\nML8sj/QpVqnNRGsPpQdwlugaB4+eLDsST/Z4dOTloNuXtzuGMs4jXNTJVlAT0lC/\nPn9H6TnX8ixCVYZmqJHvX5aLAV0AUZNYT/AncZj6KzOrCHf6HmUc0y1nYO8ZKu7J\n1nkRUvViqPol9s/5tn01Dg5iIGklJgLf0+vLpV2K1DlJL53WsB14Nqt/cZaOLuq1\n9GaOTDL/GpJwlqH85KI04gG2m+HOBKAUUs9vewFLSgjIRihdLbHYIl3VkAJlZSFu\nYMdutVbbF+hT/TJe9daFlT2w+d7XuTgK2Q37N1J4CbW3tdwQrj8RsK35/a/QVbs9\nRXj7fRqqwAivRmdHENqif8RUNmeMS7/cQtp1K71Kc89bM7TkBH/rE3Iw3QtnzMy4\n8XAtvVDtdS66uPuw9NvzhnaSRFUPOgZ1ywHWH1kcykHjiv/fqA62qqTVaslIvUvr\njXVvYd1BVF5dPZSKoRKOLPnrDacZqnbUkbl1pBHnkfnu3eLyFLmurcc1dhT1S+3F\nfH+6UrSWyKbanoQgUsr+rlTMwfbDX6aDDHPseqsSLk38uBIJ+v/G8oIRMpKjzOja\no7X2xL4mISrAfB3DNkVm+Qdf4uex/NYJhaaT8CrnYdOgERvSNtIPW2gsqUVPvdil\nnEwJ+au6quvBTUAw1zVU7746F5Rf/DWOhKOE/Hsndjuv/PqAVMGeV5K+laAj8huE\nTb6SvO+ZcHIBW4nDFN7e9avx8l4xI8+QWKLUAcsDzaXUv7AJFNCCq+37IGJqszhT\n4zDzNtnWXvk5LzqcrTmsyObg7PZiDhbr64EdVZnqAIMMV/Xu/L52h697a15NqoO5\nRTxMy30ANjb30V1nghGOsoBrNhw6EnifhVk3QxLsLsVL3EU2QZXGoC9ieR85pL4E\n9UVJ+Fgs8gGjYVe/lmhqj6XdoC5r5rOzDCtEO25WiFKVYAXaPuk3myRys+aQArXP\npUyFwsfmX46aEbwLF9VpURoDx08eRrqkuLzmVJcXrTMn9G0xQFWMZw==\n-----END RSA PRIVATE KEY-----\n",
      "certificateChain" : [ "-----BEGIN CERTIFICATE-----\nMIIEaTCCA9KgAwIBAgIBCTANBgkqhkiG9w0BAQUFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wIBcNMTIwOTEzMDkzMzE3WhgPMjA5NDExMDIwOTMzMTdaMIGSMQswCQYD\nVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxHDAaBgNV\nBAoTE0VyZ29uIEluZm9ybWF0aWsgQUcxHDAaBgNVBAMTE2FpcmxvY2suaG9zdC5k\nb21haW4xJTAjBgkqhkiG9w0BCQEWFmFpcmxvY2stZGV2ZWxAZXJnb24uY2gwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwLD++du1o+I0+080T1/VQ+PC5\nXR52b9kSMY3kAML0pG+JTXB61YssCa3jfG8cs+IVKK9gsu2s+SzB/AEJoQeG5De+\nO6p4z2vsGOTz2P9rIEA7fS5o2BKu2WRV+5RJa4w2WbQgNPolmnVvpUaZqc87y/YM\nI60ZBKCBd7GUTIw1KaldiyL8mi2OVjenTVo9dobnbXRpb4U3ziIHrPFrf/M4t7f7\nTeSGrqjRAd8rY2fu39jLweZAyZHzUkNoA/81tSQJ967WaP1I3YMdiUz9vqAImB6B\nzS33WST5MOi92YIUFL6rm3ITBF/X7tgYz2uhFNoFvMf3goRriGERkxB6ovSPAgMB\nAAGjggE0MIIBMDAJBgNVHRMEAjAAMDEGCWCGSAGG+EIBDQQkFiJTZWNsdXRpb25z\nIHRlc3RzdWl0ZUNBIGNlcnRpZmljYXRlMB0GA1UdDgQWBBSXq/aDOorEQmKEFAPx\nvpSP809RozCB0AYDVR0jBIHIMIHFgBRQPwWqPXrmjSsagxrpwlzLLXNvt6GBqaSB\npjCBozELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVy\naWNoMSIwIAYDVQQKExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQD\nExp0ZXN0c3VpdGVDQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVz\ndHN1aXRlQ0FAc2VjbHV0aW9ucy5jb22CAQAwDQYJKoZIhvcNAQEFBQADgYEAE+f1\n+0bs978AnmysqCGW50yJzb9HiYXkisGoZJaGvSrTp+V5bUC9/ZOyhchP06g56OJG\n87KsluBnVSYtdr8ktudk+bnKB26gtY5ZlLT0vTMX2ZgAVQvmCR6kDK77r+woKshW\ng+jN2LaaZGLXm9TZIhgEdzUn5HUB9lDtXUcgRgw=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n" ],
      "rootCaCertificate" : "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n",
      "certType" : "SERVER_CERT"
    },
    "relationships" : {
      "virtual-hosts" : {
        "data" : [ {
          "type" : "virtual-host",
          "id" : "1200"
        }, {
          "type" : "virtual-host",
          "id" : "1300"
        } ]
      }
    }
  }
}

Create a SSL Certificate

POST /configuration/ssl-certificates

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "ssl-certificate" for this call.

data.attributes.certType

String

no

Type of the certificate.

Allowed values:
- SERVER_CERT
- CLIENT_CERT
Default value: SERVER_CERT

data.attributes.certificate

String

yes

Certificate in PEM format.

data.attributes.certificateChain[]

Array

yes

List of all intermediate CA certificates in the server certificate’s CA chain in PEM format.

data.attributes.passphrase

String

yes

Passphrase in case of an encrypted private key (not persistent).

data.attributes.privateKey

String

yes

Private key for the certificate in PEM format (can be encrypted).

data.attributes.rootCaCertificate

String

yes

Root CA certificate in PEM format.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "ssl-certificate" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.certType

String

Type of the certificate.

Allowed values:
- SERVER_CERT
- CLIENT_CERT

data.attributes.certificate

String

Certificate in PEM format.

data.attributes.certificateChain[]

Array

List of all intermediate CA certificates in the server certificate’s CA chain in PEM format.

data.attributes.privateKey

String

Private key for the certificate in PEM format (can be encrypted).

data.attributes.rootCaCertificate

String

Root CA certificate in PEM format.

data.relationships.virtual-hosts.data[]

Array

The virtual-host references.

data.relationships.virtual-hosts.data[].type

String

The data type of the referenced resource. Must be "virtual-host" for this call.

data.relationships.virtual-hosts.data[].id

String

The ID of the virtual-host resource.

data.relationships.remote-json-web-key-sets.data[]

Array

The remote-json-web-key-set references.

data.relationships.remote-json-web-key-sets.data[].type

String

The data type of the referenced resource. Must be "remote-json-web-key-set" for this call.

data.relationships.remote-json-web-key-sets.data[].id

String

The ID of the remote-json-web-key-set resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "ssl-certificate",
    "attributes" : {
      "certificate" : "-----BEGIN CERTIFICATE-----\nMIIEaTCCA9KgAwIBAgIBCTANBgkqhkiG9w0BAQUFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wIBcNMTIwOTEzMDkzMzE3WhgPMjA5NDExMDIwOTMzMTdaMIGSMQswCQYD\nVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxHDAaBgNV\nBAoTE0VyZ29uIEluZm9ybWF0aWsgQUcxHDAaBgNVBAMTE2FpcmxvY2suaG9zdC5k\nb21haW4xJTAjBgkqhkiG9w0BCQEWFmFpcmxvY2stZGV2ZWxAZXJnb24uY2gwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwLD++du1o+I0+080T1/VQ+PC5\nXR52b9kSMY3kAML0pG+JTXB61YssCa3jfG8cs+IVKK9gsu2s+SzB/AEJoQeG5De+\nO6p4z2vsGOTz2P9rIEA7fS5o2BKu2WRV+5RJa4w2WbQgNPolmnVvpUaZqc87y/YM\nI60ZBKCBd7GUTIw1KaldiyL8mi2OVjenTVo9dobnbXRpb4U3ziIHrPFrf/M4t7f7\nTeSGrqjRAd8rY2fu39jLweZAyZHzUkNoA/81tSQJ967WaP1I3YMdiUz9vqAImB6B\nzS33WST5MOi92YIUFL6rm3ITBF/X7tgYz2uhFNoFvMf3goRriGERkxB6ovSPAgMB\nAAGjggE0MIIBMDAJBgNVHRMEAjAAMDEGCWCGSAGG+EIBDQQkFiJTZWNsdXRpb25z\nIHRlc3RzdWl0ZUNBIGNlcnRpZmljYXRlMB0GA1UdDgQWBBSXq/aDOorEQmKEFAPx\nvpSP809RozCB0AYDVR0jBIHIMIHFgBRQPwWqPXrmjSsagxrpwlzLLXNvt6GBqaSB\npjCBozELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVy\naWNoMSIwIAYDVQQKExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQD\nExp0ZXN0c3VpdGVDQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVz\ndHN1aXRlQ0FAc2VjbHV0aW9ucy5jb22CAQAwDQYJKoZIhvcNAQEFBQADgYEAE+f1\n+0bs978AnmysqCGW50yJzb9HiYXkisGoZJaGvSrTp+V5bUC9/ZOyhchP06g56OJG\n87KsluBnVSYtdr8ktudk+bnKB26gtY5ZlLT0vTMX2ZgAVQvmCR6kDK77r+woKshW\ng+jN2LaaZGLXm9TZIhgEdzUn5HUB9lDtXUcgRgw=\n-----END CERTIFICATE-----\n",
      "privateKey" : "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,C25730E419F3C597\n\n1hVqxCTfprR/RabWcYGf+ciWj/5mzW14eypJ1fEzaJlVHpuCluNQ7RUMzLl1kSkH\nn2BVCEhNmuqm+I3T88HaAeoKvprLdiMpUwTJlwkZNhaTN46QyqpgGWjIYMJ1/bgH\nsT30xDg9+FdhQnrQQnj2EYy8HeC4teu/bc7cO13ZHfdplDVW+wfhyWAsuj7rfuA0\n1XarTKQwEZvfSUOCpNM3+CkX4Syu6G0SFip4NBe7f8vJADEB1UWMSYRCFled9EmL\nPJo3aX1f3Ji8Mud+83h896mBku0XWPTZQieRRZqiiQtGqf40pmtdjDiC4zQoDxm7\niVmUW31iYL6ESUoVgTKRshC45XSnrGclIeG9GMrqSNFXqYpzPh30KwHkWXfR8EqN\nhi4bJ7L5O0w0NNQIBhO5sTXqHe3objxztZlx0zMgFSaK5mwEdum+0Kmv+DRjExlf\n1l6/kdhMiIjw+PHh6FP2URcx49DIM1cQir1wofWsD5BiTGFIL9jyo5oo16YFWoLx\nfKJjQDnH04SvVQKM5xtIfJP9gp1G7seMaE4SXiVZ9gtEuz0Ws8BJo6gdWeYudhcd\nML8sj/QpVqnNRGsPpQdwlugaB4+eLDsST/Z4dOTloNuXtzuGMs4jXNTJVlAT0lC/\nPn9H6TnX8ixCVYZmqJHvX5aLAV0AUZNYT/AncZj6KzOrCHf6HmUc0y1nYO8ZKu7J\n1nkRUvViqPol9s/5tn01Dg5iIGklJgLf0+vLpV2K1DlJL53WsB14Nqt/cZaOLuq1\n9GaOTDL/GpJwlqH85KI04gG2m+HOBKAUUs9vewFLSgjIRihdLbHYIl3VkAJlZSFu\nYMdutVbbF+hT/TJe9daFlT2w+d7XuTgK2Q37N1J4CbW3tdwQrj8RsK35/a/QVbs9\nRXj7fRqqwAivRmdHENqif8RUNmeMS7/cQtp1K71Kc89bM7TkBH/rE3Iw3QtnzMy4\n8XAtvVDtdS66uPuw9NvzhnaSRFUPOgZ1ywHWH1kcykHjiv/fqA62qqTVaslIvUvr\njXVvYd1BVF5dPZSKoRKOLPnrDacZqnbUkbl1pBHnkfnu3eLyFLmurcc1dhT1S+3F\nfH+6UrSWyKbanoQgUsr+rlTMwfbDX6aDDHPseqsSLk38uBIJ+v/G8oIRMpKjzOja\no7X2xL4mISrAfB3DNkVm+Qdf4uex/NYJhaaT8CrnYdOgERvSNtIPW2gsqUVPvdil\nnEwJ+au6quvBTUAw1zVU7746F5Rf/DWOhKOE/Hsndjuv/PqAVMGeV5K+laAj8huE\nTb6SvO+ZcHIBW4nDFN7e9avx8l4xI8+QWKLUAcsDzaXUv7AJFNCCq+37IGJqszhT\n4zDzNtnWXvk5LzqcrTmsyObg7PZiDhbr64EdVZnqAIMMV/Xu/L52h697a15NqoO5\nRTxMy30ANjb30V1nghGOsoBrNhw6EnifhVk3QxLsLsVL3EU2QZXGoC9ieR85pL4E\n9UVJ+Fgs8gGjYVe/lmhqj6XdoC5r5rOzDCtEO25WiFKVYAXaPuk3myRys+aQArXP\npUyFwsfmX46aEbwLF9VpURoDx08eRrqkuLzmVJcXrTMn9G0xQFWMZw==\n-----END RSA PRIVATE KEY-----\n",
      "passphrase" : "password",
      "certificateChain" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIEaTCCA9KgAwIBAgIBCTANBgkqhkiG9w0BAQUFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wIBcNMTIwOTEzMDkzMzE3WhgPMjA5NDExMDIwOTMzMTdaMIGSMQswCQYD\nVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxHDAaBgNV\nBAoTE0VyZ29uIEluZm9ybWF0aWsgQUcxHDAaBgNVBAMTE2FpcmxvY2suaG9zdC5k\nb21haW4xJTAjBgkqhkiG9w0BCQEWFmFpcmxvY2stZGV2ZWxAZXJnb24uY2gwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwLD++du1o+I0+080T1/VQ+PC5\nXR52b9kSMY3kAML0pG+JTXB61YssCa3jfG8cs+IVKK9gsu2s+SzB/AEJoQeG5De+\nO6p4z2vsGOTz2P9rIEA7fS5o2BKu2WRV+5RJa4w2WbQgNPolmnVvpUaZqc87y/YM\nI60ZBKCBd7GUTIw1KaldiyL8mi2OVjenTVo9dobnbXRpb4U3ziIHrPFrf/M4t7f7\nTeSGrqjRAd8rY2fu39jLweZAyZHzUkNoA/81tSQJ967WaP1I3YMdiUz9vqAImB6B\nzS33WST5MOi92YIUFL6rm3ITBF/X7tgYz2uhFNoFvMf3goRriGERkxB6ovSPAgMB\nAAGjggE0MIIBMDAJBgNVHRMEAjAAMDEGCWCGSAGG+EIBDQQkFiJTZWNsdXRpb25z\nIHRlc3RzdWl0ZUNBIGNlcnRpZmljYXRlMB0GA1UdDgQWBBSXq/aDOorEQmKEFAPx\nvpSP809RozCB0AYDVR0jBIHIMIHFgBRQPwWqPXrmjSsagxrpwlzLLXNvt6GBqaSB\npjCBozELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVy\naWNoMSIwIAYDVQQKExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQD\nExp0ZXN0c3VpdGVDQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVz\ndHN1aXRlQ0FAc2VjbHV0aW9ucy5jb22CAQAwDQYJKoZIhvcNAQEFBQADgYEAE+f1\n+0bs978AnmysqCGW50yJzb9HiYXkisGoZJaGvSrTp+V5bUC9/ZOyhchP06g56OJG\n87KsluBnVSYtdr8ktudk+bnKB26gtY5ZlLT0vTMX2ZgAVQvmCR6kDK77r+woKshW\ng+jN2LaaZGLXm9TZIhgEdzUn5HUB9lDtXUcgRgw=\n-----END CERTIFICATE-----\n" ],
      "rootCaCertificate" : "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n",
      "certType" : "SERVER_CERT"
    }
  }
}'

Example Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 8140

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:48.666Z"
  },
  "data" : {
    "type" : "ssl-certificate",
    "id" : "4",
    "attributes" : {
      "certificate" : "-----BEGIN CERTIFICATE-----\nMIIEaTCCA9KgAwIBAgIBCTANBgkqhkiG9w0BAQUFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wIBcNMTIwOTEzMDkzMzE3WhgPMjA5NDExMDIwOTMzMTdaMIGSMQswCQYD\nVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxHDAaBgNV\nBAoTE0VyZ29uIEluZm9ybWF0aWsgQUcxHDAaBgNVBAMTE2FpcmxvY2suaG9zdC5k\nb21haW4xJTAjBgkqhkiG9w0BCQEWFmFpcmxvY2stZGV2ZWxAZXJnb24uY2gwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwLD++du1o+I0+080T1/VQ+PC5\nXR52b9kSMY3kAML0pG+JTXB61YssCa3jfG8cs+IVKK9gsu2s+SzB/AEJoQeG5De+\nO6p4z2vsGOTz2P9rIEA7fS5o2BKu2WRV+5RJa4w2WbQgNPolmnVvpUaZqc87y/YM\nI60ZBKCBd7GUTIw1KaldiyL8mi2OVjenTVo9dobnbXRpb4U3ziIHrPFrf/M4t7f7\nTeSGrqjRAd8rY2fu39jLweZAyZHzUkNoA/81tSQJ967WaP1I3YMdiUz9vqAImB6B\nzS33WST5MOi92YIUFL6rm3ITBF/X7tgYz2uhFNoFvMf3goRriGERkxB6ovSPAgMB\nAAGjggE0MIIBMDAJBgNVHRMEAjAAMDEGCWCGSAGG+EIBDQQkFiJTZWNsdXRpb25z\nIHRlc3RzdWl0ZUNBIGNlcnRpZmljYXRlMB0GA1UdDgQWBBSXq/aDOorEQmKEFAPx\nvpSP809RozCB0AYDVR0jBIHIMIHFgBRQPwWqPXrmjSsagxrpwlzLLXNvt6GBqaSB\npjCBozELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVy\naWNoMSIwIAYDVQQKExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQD\nExp0ZXN0c3VpdGVDQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVz\ndHN1aXRlQ0FAc2VjbHV0aW9ucy5jb22CAQAwDQYJKoZIhvcNAQEFBQADgYEAE+f1\n+0bs978AnmysqCGW50yJzb9HiYXkisGoZJaGvSrTp+V5bUC9/ZOyhchP06g56OJG\n87KsluBnVSYtdr8ktudk+bnKB26gtY5ZlLT0vTMX2ZgAVQvmCR6kDK77r+woKshW\ng+jN2LaaZGLXm9TZIhgEdzUn5HUB9lDtXUcgRgw=\n-----END CERTIFICATE-----\n",
      "privateKey" : "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,C25730E419F3C597\n\n1hVqxCTfprR/RabWcYGf+ciWj/5mzW14eypJ1fEzaJlVHpuCluNQ7RUMzLl1kSkH\nn2BVCEhNmuqm+I3T88HaAeoKvprLdiMpUwTJlwkZNhaTN46QyqpgGWjIYMJ1/bgH\nsT30xDg9+FdhQnrQQnj2EYy8HeC4teu/bc7cO13ZHfdplDVW+wfhyWAsuj7rfuA0\n1XarTKQwEZvfSUOCpNM3+CkX4Syu6G0SFip4NBe7f8vJADEB1UWMSYRCFled9EmL\nPJo3aX1f3Ji8Mud+83h896mBku0XWPTZQieRRZqiiQtGqf40pmtdjDiC4zQoDxm7\niVmUW31iYL6ESUoVgTKRshC45XSnrGclIeG9GMrqSNFXqYpzPh30KwHkWXfR8EqN\nhi4bJ7L5O0w0NNQIBhO5sTXqHe3objxztZlx0zMgFSaK5mwEdum+0Kmv+DRjExlf\n1l6/kdhMiIjw+PHh6FP2URcx49DIM1cQir1wofWsD5BiTGFIL9jyo5oo16YFWoLx\nfKJjQDnH04SvVQKM5xtIfJP9gp1G7seMaE4SXiVZ9gtEuz0Ws8BJo6gdWeYudhcd\nML8sj/QpVqnNRGsPpQdwlugaB4+eLDsST/Z4dOTloNuXtzuGMs4jXNTJVlAT0lC/\nPn9H6TnX8ixCVYZmqJHvX5aLAV0AUZNYT/AncZj6KzOrCHf6HmUc0y1nYO8ZKu7J\n1nkRUvViqPol9s/5tn01Dg5iIGklJgLf0+vLpV2K1DlJL53WsB14Nqt/cZaOLuq1\n9GaOTDL/GpJwlqH85KI04gG2m+HOBKAUUs9vewFLSgjIRihdLbHYIl3VkAJlZSFu\nYMdutVbbF+hT/TJe9daFlT2w+d7XuTgK2Q37N1J4CbW3tdwQrj8RsK35/a/QVbs9\nRXj7fRqqwAivRmdHENqif8RUNmeMS7/cQtp1K71Kc89bM7TkBH/rE3Iw3QtnzMy4\n8XAtvVDtdS66uPuw9NvzhnaSRFUPOgZ1ywHWH1kcykHjiv/fqA62qqTVaslIvUvr\njXVvYd1BVF5dPZSKoRKOLPnrDacZqnbUkbl1pBHnkfnu3eLyFLmurcc1dhT1S+3F\nfH+6UrSWyKbanoQgUsr+rlTMwfbDX6aDDHPseqsSLk38uBIJ+v/G8oIRMpKjzOja\no7X2xL4mISrAfB3DNkVm+Qdf4uex/NYJhaaT8CrnYdOgERvSNtIPW2gsqUVPvdil\nnEwJ+au6quvBTUAw1zVU7746F5Rf/DWOhKOE/Hsndjuv/PqAVMGeV5K+laAj8huE\nTb6SvO+ZcHIBW4nDFN7e9avx8l4xI8+QWKLUAcsDzaXUv7AJFNCCq+37IGJqszhT\n4zDzNtnWXvk5LzqcrTmsyObg7PZiDhbr64EdVZnqAIMMV/Xu/L52h697a15NqoO5\nRTxMy30ANjb30V1nghGOsoBrNhw6EnifhVk3QxLsLsVL3EU2QZXGoC9ieR85pL4E\n9UVJ+Fgs8gGjYVe/lmhqj6XdoC5r5rOzDCtEO25WiFKVYAXaPuk3myRys+aQArXP\npUyFwsfmX46aEbwLF9VpURoDx08eRrqkuLzmVJcXrTMn9G0xQFWMZw==\n-----END RSA PRIVATE KEY-----\n",
      "certificateChain" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIEaTCCA9KgAwIBAgIBCTANBgkqhkiG9w0BAQUFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wIBcNMTIwOTEzMDkzMzE3WhgPMjA5NDExMDIwOTMzMTdaMIGSMQswCQYD\nVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxHDAaBgNV\nBAoTE0VyZ29uIEluZm9ybWF0aWsgQUcxHDAaBgNVBAMTE2FpcmxvY2suaG9zdC5k\nb21haW4xJTAjBgkqhkiG9w0BCQEWFmFpcmxvY2stZGV2ZWxAZXJnb24uY2gwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwLD++du1o+I0+080T1/VQ+PC5\nXR52b9kSMY3kAML0pG+JTXB61YssCa3jfG8cs+IVKK9gsu2s+SzB/AEJoQeG5De+\nO6p4z2vsGOTz2P9rIEA7fS5o2BKu2WRV+5RJa4w2WbQgNPolmnVvpUaZqc87y/YM\nI60ZBKCBd7GUTIw1KaldiyL8mi2OVjenTVo9dobnbXRpb4U3ziIHrPFrf/M4t7f7\nTeSGrqjRAd8rY2fu39jLweZAyZHzUkNoA/81tSQJ967WaP1I3YMdiUz9vqAImB6B\nzS33WST5MOi92YIUFL6rm3ITBF/X7tgYz2uhFNoFvMf3goRriGERkxB6ovSPAgMB\nAAGjggE0MIIBMDAJBgNVHRMEAjAAMDEGCWCGSAGG+EIBDQQkFiJTZWNsdXRpb25z\nIHRlc3RzdWl0ZUNBIGNlcnRpZmljYXRlMB0GA1UdDgQWBBSXq/aDOorEQmKEFAPx\nvpSP809RozCB0AYDVR0jBIHIMIHFgBRQPwWqPXrmjSsagxrpwlzLLXNvt6GBqaSB\npjCBozELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVy\naWNoMSIwIAYDVQQKExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQD\nExp0ZXN0c3VpdGVDQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVz\ndHN1aXRlQ0FAc2VjbHV0aW9ucy5jb22CAQAwDQYJKoZIhvcNAQEFBQADgYEAE+f1\n+0bs978AnmysqCGW50yJzb9HiYXkisGoZJaGvSrTp+V5bUC9/ZOyhchP06g56OJG\n87KsluBnVSYtdr8ktudk+bnKB26gtY5ZlLT0vTMX2ZgAVQvmCR6kDK77r+woKshW\ng+jN2LaaZGLXm9TZIhgEdzUn5HUB9lDtXUcgRgw=\n-----END CERTIFICATE-----\n" ],
      "rootCaCertificate" : "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n",
      "certType" : "SERVER_CERT"
    }
  }
}

Example Request with wrong passphrase

$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "ssl-certificate",
    "attributes" : {
      "certificate" : "-----BEGIN CERTIFICATE-----\nMIIEaTCCA9KgAwIBAgIBCTANBgkqhkiG9w0BAQUFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wIBcNMTIwOTEzMDkzMzE3WhgPMjA5NDExMDIwOTMzMTdaMIGSMQswCQYD\nVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxHDAaBgNV\nBAoTE0VyZ29uIEluZm9ybWF0aWsgQUcxHDAaBgNVBAMTE2FpcmxvY2suaG9zdC5k\nb21haW4xJTAjBgkqhkiG9w0BCQEWFmFpcmxvY2stZGV2ZWxAZXJnb24uY2gwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwLD++du1o+I0+080T1/VQ+PC5\nXR52b9kSMY3kAML0pG+JTXB61YssCa3jfG8cs+IVKK9gsu2s+SzB/AEJoQeG5De+\nO6p4z2vsGOTz2P9rIEA7fS5o2BKu2WRV+5RJa4w2WbQgNPolmnVvpUaZqc87y/YM\nI60ZBKCBd7GUTIw1KaldiyL8mi2OVjenTVo9dobnbXRpb4U3ziIHrPFrf/M4t7f7\nTeSGrqjRAd8rY2fu39jLweZAyZHzUkNoA/81tSQJ967WaP1I3YMdiUz9vqAImB6B\nzS33WST5MOi92YIUFL6rm3ITBF/X7tgYz2uhFNoFvMf3goRriGERkxB6ovSPAgMB\nAAGjggE0MIIBMDAJBgNVHRMEAjAAMDEGCWCGSAGG+EIBDQQkFiJTZWNsdXRpb25z\nIHRlc3RzdWl0ZUNBIGNlcnRpZmljYXRlMB0GA1UdDgQWBBSXq/aDOorEQmKEFAPx\nvpSP809RozCB0AYDVR0jBIHIMIHFgBRQPwWqPXrmjSsagxrpwlzLLXNvt6GBqaSB\npjCBozELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVy\naWNoMSIwIAYDVQQKExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQD\nExp0ZXN0c3VpdGVDQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVz\ndHN1aXRlQ0FAc2VjbHV0aW9ucy5jb22CAQAwDQYJKoZIhvcNAQEFBQADgYEAE+f1\n+0bs978AnmysqCGW50yJzb9HiYXkisGoZJaGvSrTp+V5bUC9/ZOyhchP06g56OJG\n87KsluBnVSYtdr8ktudk+bnKB26gtY5ZlLT0vTMX2ZgAVQvmCR6kDK77r+woKshW\ng+jN2LaaZGLXm9TZIhgEdzUn5HUB9lDtXUcgRgw=\n-----END CERTIFICATE-----\n",
      "privateKey" : "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,C25730E419F3C597\n\n1hVqxCTfprR/RabWcYGf+ciWj/5mzW14eypJ1fEzaJlVHpuCluNQ7RUMzLl1kSkH\nn2BVCEhNmuqm+I3T88HaAeoKvprLdiMpUwTJlwkZNhaTN46QyqpgGWjIYMJ1/bgH\nsT30xDg9+FdhQnrQQnj2EYy8HeC4teu/bc7cO13ZHfdplDVW+wfhyWAsuj7rfuA0\n1XarTKQwEZvfSUOCpNM3+CkX4Syu6G0SFip4NBe7f8vJADEB1UWMSYRCFled9EmL\nPJo3aX1f3Ji8Mud+83h896mBku0XWPTZQieRRZqiiQtGqf40pmtdjDiC4zQoDxm7\niVmUW31iYL6ESUoVgTKRshC45XSnrGclIeG9GMrqSNFXqYpzPh30KwHkWXfR8EqN\nhi4bJ7L5O0w0NNQIBhO5sTXqHe3objxztZlx0zMgFSaK5mwEdum+0Kmv+DRjExlf\n1l6/kdhMiIjw+PHh6FP2URcx49DIM1cQir1wofWsD5BiTGFIL9jyo5oo16YFWoLx\nfKJjQDnH04SvVQKM5xtIfJP9gp1G7seMaE4SXiVZ9gtEuz0Ws8BJo6gdWeYudhcd\nML8sj/QpVqnNRGsPpQdwlugaB4+eLDsST/Z4dOTloNuXtzuGMs4jXNTJVlAT0lC/\nPn9H6TnX8ixCVYZmqJHvX5aLAV0AUZNYT/AncZj6KzOrCHf6HmUc0y1nYO8ZKu7J\n1nkRUvViqPol9s/5tn01Dg5iIGklJgLf0+vLpV2K1DlJL53WsB14Nqt/cZaOLuq1\n9GaOTDL/GpJwlqH85KI04gG2m+HOBKAUUs9vewFLSgjIRihdLbHYIl3VkAJlZSFu\nYMdutVbbF+hT/TJe9daFlT2w+d7XuTgK2Q37N1J4CbW3tdwQrj8RsK35/a/QVbs9\nRXj7fRqqwAivRmdHENqif8RUNmeMS7/cQtp1K71Kc89bM7TkBH/rE3Iw3QtnzMy4\n8XAtvVDtdS66uPuw9NvzhnaSRFUPOgZ1ywHWH1kcykHjiv/fqA62qqTVaslIvUvr\njXVvYd1BVF5dPZSKoRKOLPnrDacZqnbUkbl1pBHnkfnu3eLyFLmurcc1dhT1S+3F\nfH+6UrSWyKbanoQgUsr+rlTMwfbDX6aDDHPseqsSLk38uBIJ+v/G8oIRMpKjzOja\no7X2xL4mISrAfB3DNkVm+Qdf4uex/NYJhaaT8CrnYdOgERvSNtIPW2gsqUVPvdil\nnEwJ+au6quvBTUAw1zVU7746F5Rf/DWOhKOE/Hsndjuv/PqAVMGeV5K+laAj8huE\nTb6SvO+ZcHIBW4nDFN7e9avx8l4xI8+QWKLUAcsDzaXUv7AJFNCCq+37IGJqszhT\n4zDzNtnWXvk5LzqcrTmsyObg7PZiDhbr64EdVZnqAIMMV/Xu/L52h697a15NqoO5\nRTxMy30ANjb30V1nghGOsoBrNhw6EnifhVk3QxLsLsVL3EU2QZXGoC9ieR85pL4E\n9UVJ+Fgs8gGjYVe/lmhqj6XdoC5r5rOzDCtEO25WiFKVYAXaPuk3myRys+aQArXP\npUyFwsfmX46aEbwLF9VpURoDx08eRrqkuLzmVJcXrTMn9G0xQFWMZw==\n-----END RSA PRIVATE KEY-----\n",
      "passphrase" : "invalid-password",
      "certificateChain" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIEaTCCA9KgAwIBAgIBCTANBgkqhkiG9w0BAQUFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wIBcNMTIwOTEzMDkzMzE3WhgPMjA5NDExMDIwOTMzMTdaMIGSMQswCQYD\nVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxHDAaBgNV\nBAoTE0VyZ29uIEluZm9ybWF0aWsgQUcxHDAaBgNVBAMTE2FpcmxvY2suaG9zdC5k\nb21haW4xJTAjBgkqhkiG9w0BCQEWFmFpcmxvY2stZGV2ZWxAZXJnb24uY2gwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwLD++du1o+I0+080T1/VQ+PC5\nXR52b9kSMY3kAML0pG+JTXB61YssCa3jfG8cs+IVKK9gsu2s+SzB/AEJoQeG5De+\nO6p4z2vsGOTz2P9rIEA7fS5o2BKu2WRV+5RJa4w2WbQgNPolmnVvpUaZqc87y/YM\nI60ZBKCBd7GUTIw1KaldiyL8mi2OVjenTVo9dobnbXRpb4U3ziIHrPFrf/M4t7f7\nTeSGrqjRAd8rY2fu39jLweZAyZHzUkNoA/81tSQJ967WaP1I3YMdiUz9vqAImB6B\nzS33WST5MOi92YIUFL6rm3ITBF/X7tgYz2uhFNoFvMf3goRriGERkxB6ovSPAgMB\nAAGjggE0MIIBMDAJBgNVHRMEAjAAMDEGCWCGSAGG+EIBDQQkFiJTZWNsdXRpb25z\nIHRlc3RzdWl0ZUNBIGNlcnRpZmljYXRlMB0GA1UdDgQWBBSXq/aDOorEQmKEFAPx\nvpSP809RozCB0AYDVR0jBIHIMIHFgBRQPwWqPXrmjSsagxrpwlzLLXNvt6GBqaSB\npjCBozELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVy\naWNoMSIwIAYDVQQKExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQD\nExp0ZXN0c3VpdGVDQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVz\ndHN1aXRlQ0FAc2VjbHV0aW9ucy5jb22CAQAwDQYJKoZIhvcNAQEFBQADgYEAE+f1\n+0bs978AnmysqCGW50yJzb9HiYXkisGoZJaGvSrTp+V5bUC9/ZOyhchP06g56OJG\n87KsluBnVSYtdr8ktudk+bnKB26gtY5ZlLT0vTMX2ZgAVQvmCR6kDK77r+woKshW\ng+jN2LaaZGLXm9TZIhgEdzUn5HUB9lDtXUcgRgw=\n-----END CERTIFICATE-----\n" ],
      "rootCaCertificate" : "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n",
      "certType" : "SERVER_CERT"
    }
  }
}'

Example Response with wrong passphrase

HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 251

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:39.817Z",
    "rid" : "n/a"
  },
  "errors" : [ {
    "code" : "INVALID_VALUE",
    "source" : {
      "pointer" : "/data/attributes/passphrase"
    }
  } ]
}

Update a SSL Certificate

PATCH /configuration/ssl-certificates/{id}

Content-Type application/json

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "ssl-certificate" for this call.

data.attributes.certType

String

no

Type of the certificate.

Allowed values:
- SERVER_CERT
- CLIENT_CERT

data.attributes.certificate

String

no

Certificate in PEM format.

data.attributes.certificateChain[]

Array

no

List of all intermediate CA certificates in the server certificate’s CA chain in PEM format.

data.attributes.passphrase

String

no

Passphrase in case of an encrypted private key (not persistent).

data.attributes.privateKey

String

no

Private key for the certificate in PEM format (can be encrypted).

data.attributes.rootCaCertificate

String

no

Root CA certificate in PEM format.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "ssl-certificate" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.certType

String

Type of the certificate.

Allowed values:
- SERVER_CERT
- CLIENT_CERT

data.attributes.certificate

String

Certificate in PEM format.

data.attributes.certificateChain[]

Array

List of all intermediate CA certificates in the server certificate’s CA chain in PEM format.

data.attributes.privateKey

String

Private key for the certificate in PEM format (can be encrypted).

data.attributes.rootCaCertificate

String

Root CA certificate in PEM format.

data.relationships.virtual-hosts.data[]

Array

The virtual-host references.

data.relationships.virtual-hosts.data[].type

String

The data type of the referenced resource. Must be "virtual-host" for this call.

data.relationships.virtual-hosts.data[].id

String

The ID of the virtual-host resource.

data.relationships.remote-json-web-key-sets.data[]

Array

The remote-json-web-key-set references.

data.relationships.remote-json-web-key-sets.data[].type

String

The data type of the referenced resource. Must be "remote-json-web-key-set" for this call.

data.relationships.remote-json-web-key-sets.data[].id

String

The ID of the remote-json-web-key-set resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates/1" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "ssl-certificate",
    "attributes" : {
      "certificate" : "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n",
      "privateKey" : "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,C5189547CFDBEC5B\n\nKUOALsIUb+GKVxTF1tBeZBGJucah8kWfbVr0LNhUz2MflaKV4AmwN2N+S2KPvqeP\nEg/SicmC8O/J2jcLhrLrXvaL9YWCFYHs27fFACHhbaFC7Xr6WKKAS3hMZQcS2pXc\niij76MPykwxj2aEg8XAn0KqQ+bbkrPhNZfzKCv6KSPM3VOKD7fSE8FHAC8i4cE6D\nnc616mlXMH6G2urB53y4GMlYutkhin5Q5lp3OzGEWs0vVzitmVQ4geRWs5Sg4ctm\nrmnuC0wuajjDvh0momdXNV5yKWIi/sqNrRUAN/hEgQo/LeOlRpDTYPZis+vmh6zz\nVJ0+YyslcKRDhKuz41yki9tss8OjAkJ/bqFpAYW8QfVIAbti5aXEDQwLRrar8NpZ\nYMjT9nKFtY2HAa3NRk6VI9xF1eupEqIdybP/qC71Qera/CZa6q7sEM9BMuQ2bJlE\nnW8Ugvdlk8Suk6XNMxqvCuXYdusgIy9Go6F1o6UrNf7legsa27QeQuX4TL5A37be\nSgZzC3WbMHRPa2FlsB7QIqBlkq/ZQlKmLKX595IxPqEvlNVp+pKo4/sStAAFVyVo\nOAxOEa56PLOJwrRAI66ufKJl/og9pW6qZhEprSIFOZ0GYEAho2qFO7kxF3RK4hqK\n5r32+qtgqbYU4CoMww0MlDj/3TSjNIPNSz5KMXu8cg570ppAQ1pYBL3NhJkKNKHx\nv9yhtszdDlACKok9rqp3LdTWgJI+Lw3H3SP5Xidzg0nOtvnS0LD/huE0thnfkuaB\nLTBSvdFR6sQFtNcxppwKC1X0PDoQuwiNB/J51LpnQ1D1ho/Zor6cRhKEaYACdb2Q\nS/UT6NRzbpS/P4GU06tN8msNaBaPAWWoUECJNX7Dyiq1mk3AzQUmJksGQIcoy1D4\nmAT24Vk/xztrL116R+OIhdNq42BME0w2RRaqcohPLqVa8HTGEsJf7prieov3hQbN\nXVmxG5ewnTj0ozsGY/NQGkdzwmjsThs1UoSAEIQCSDUAEa7UAoLq+Kud+JpaAUvh\n4LTU3T8x0J+HZEclyEqKLzFf3QVAiTR6afTwUAQFNdrjhb0LKgBlEBD1RxXAWikm\nv5/FBViWcaRAJpLKcGB4bWQbEHp5u9U5XyXZtbpwPnRJzFlhhBuxVV8aeCpyBqDs\nSdRo0QmAs/vxzkgVl0XKbm9zJM7D9ZJxa6Ko55uo0gNK8DEduS/F53tJiNFKb1lY\nBBjqugCtKexynS3N4cknJTkq9KFvE27s6FNqOYiOUh9GzTTz3+0Ye+OcyIcONlHd\n8KhijeJWTM7yt7A3ZAUQGFks9nJQONMRKVykzQyRCEbKoqUqf1DrZUcLD8H6TuMt\nR7j4v1KVvptaxBkDqvXhBaqgLc4ug/p2fsXNZ8VXiogskJtTLBzb5eo/s015E72H\nOHNJSiWgG2Yzd7QF1MVZvzpsdSi9/lvuTtzTx5U2P/v+inYIMWNT2DU03Z2X2j2a\n+jkI9aTnN46UNiCPE+FVx0j+Hd2n0hUaEYyy9dtMQ5gn/DYaTF+cuTMdGmLpL2+P\nigiIPf3LlAwUwd+l9iMrDFhDtOa8rQGi8way1gamV9tk0z6AHfFAoYTmA6M0JU0c\n-----END RSA PRIVATE KEY-----\n",
      "passphrase" : "password",
      "certificateChain" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n" ],
      "rootCaCertificate" : "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n",
      "certType" : "SERVER_CERT"
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 7765

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:53.261Z"
  },
  "data" : {
    "type" : "ssl-certificate",
    "id" : "1",
    "attributes" : {
      "certificate" : "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n",
      "privateKey" : "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,C5189547CFDBEC5B\n\nKUOALsIUb+GKVxTF1tBeZBGJucah8kWfbVr0LNhUz2MflaKV4AmwN2N+S2KPvqeP\nEg/SicmC8O/J2jcLhrLrXvaL9YWCFYHs27fFACHhbaFC7Xr6WKKAS3hMZQcS2pXc\niij76MPykwxj2aEg8XAn0KqQ+bbkrPhNZfzKCv6KSPM3VOKD7fSE8FHAC8i4cE6D\nnc616mlXMH6G2urB53y4GMlYutkhin5Q5lp3OzGEWs0vVzitmVQ4geRWs5Sg4ctm\nrmnuC0wuajjDvh0momdXNV5yKWIi/sqNrRUAN/hEgQo/LeOlRpDTYPZis+vmh6zz\nVJ0+YyslcKRDhKuz41yki9tss8OjAkJ/bqFpAYW8QfVIAbti5aXEDQwLRrar8NpZ\nYMjT9nKFtY2HAa3NRk6VI9xF1eupEqIdybP/qC71Qera/CZa6q7sEM9BMuQ2bJlE\nnW8Ugvdlk8Suk6XNMxqvCuXYdusgIy9Go6F1o6UrNf7legsa27QeQuX4TL5A37be\nSgZzC3WbMHRPa2FlsB7QIqBlkq/ZQlKmLKX595IxPqEvlNVp+pKo4/sStAAFVyVo\nOAxOEa56PLOJwrRAI66ufKJl/og9pW6qZhEprSIFOZ0GYEAho2qFO7kxF3RK4hqK\n5r32+qtgqbYU4CoMww0MlDj/3TSjNIPNSz5KMXu8cg570ppAQ1pYBL3NhJkKNKHx\nv9yhtszdDlACKok9rqp3LdTWgJI+Lw3H3SP5Xidzg0nOtvnS0LD/huE0thnfkuaB\nLTBSvdFR6sQFtNcxppwKC1X0PDoQuwiNB/J51LpnQ1D1ho/Zor6cRhKEaYACdb2Q\nS/UT6NRzbpS/P4GU06tN8msNaBaPAWWoUECJNX7Dyiq1mk3AzQUmJksGQIcoy1D4\nmAT24Vk/xztrL116R+OIhdNq42BME0w2RRaqcohPLqVa8HTGEsJf7prieov3hQbN\nXVmxG5ewnTj0ozsGY/NQGkdzwmjsThs1UoSAEIQCSDUAEa7UAoLq+Kud+JpaAUvh\n4LTU3T8x0J+HZEclyEqKLzFf3QVAiTR6afTwUAQFNdrjhb0LKgBlEBD1RxXAWikm\nv5/FBViWcaRAJpLKcGB4bWQbEHp5u9U5XyXZtbpwPnRJzFlhhBuxVV8aeCpyBqDs\nSdRo0QmAs/vxzkgVl0XKbm9zJM7D9ZJxa6Ko55uo0gNK8DEduS/F53tJiNFKb1lY\nBBjqugCtKexynS3N4cknJTkq9KFvE27s6FNqOYiOUh9GzTTz3+0Ye+OcyIcONlHd\n8KhijeJWTM7yt7A3ZAUQGFks9nJQONMRKVykzQyRCEbKoqUqf1DrZUcLD8H6TuMt\nR7j4v1KVvptaxBkDqvXhBaqgLc4ug/p2fsXNZ8VXiogskJtTLBzb5eo/s015E72H\nOHNJSiWgG2Yzd7QF1MVZvzpsdSi9/lvuTtzTx5U2P/v+inYIMWNT2DU03Z2X2j2a\n+jkI9aTnN46UNiCPE+FVx0j+Hd2n0hUaEYyy9dtMQ5gn/DYaTF+cuTMdGmLpL2+P\nigiIPf3LlAwUwd+l9iMrDFhDtOa8rQGi8way1gamV9tk0z6AHfFAoYTmA6M0JU0c\n-----END RSA PRIVATE KEY-----\n",
      "certificateChain" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n" ],
      "rootCaCertificate" : "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n",
      "certType" : "SERVER_CERT"
    },
    "relationships" : {
      "virtual-hosts" : {
        "data" : [ {
          "type" : "virtual-host",
          "id" : "1200"
        }, {
          "type" : "virtual-host",
          "id" : "1300"
        } ]
      }
    }
  }
}

Example Request with wrong passphrase

$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates/1" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "ssl-certificate",
    "attributes" : {
      "certificate" : "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n",
      "privateKey" : "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,C5189547CFDBEC5B\n\nKUOALsIUb+GKVxTF1tBeZBGJucah8kWfbVr0LNhUz2MflaKV4AmwN2N+S2KPvqeP\nEg/SicmC8O/J2jcLhrLrXvaL9YWCFYHs27fFACHhbaFC7Xr6WKKAS3hMZQcS2pXc\niij76MPykwxj2aEg8XAn0KqQ+bbkrPhNZfzKCv6KSPM3VOKD7fSE8FHAC8i4cE6D\nnc616mlXMH6G2urB53y4GMlYutkhin5Q5lp3OzGEWs0vVzitmVQ4geRWs5Sg4ctm\nrmnuC0wuajjDvh0momdXNV5yKWIi/sqNrRUAN/hEgQo/LeOlRpDTYPZis+vmh6zz\nVJ0+YyslcKRDhKuz41yki9tss8OjAkJ/bqFpAYW8QfVIAbti5aXEDQwLRrar8NpZ\nYMjT9nKFtY2HAa3NRk6VI9xF1eupEqIdybP/qC71Qera/CZa6q7sEM9BMuQ2bJlE\nnW8Ugvdlk8Suk6XNMxqvCuXYdusgIy9Go6F1o6UrNf7legsa27QeQuX4TL5A37be\nSgZzC3WbMHRPa2FlsB7QIqBlkq/ZQlKmLKX595IxPqEvlNVp+pKo4/sStAAFVyVo\nOAxOEa56PLOJwrRAI66ufKJl/og9pW6qZhEprSIFOZ0GYEAho2qFO7kxF3RK4hqK\n5r32+qtgqbYU4CoMww0MlDj/3TSjNIPNSz5KMXu8cg570ppAQ1pYBL3NhJkKNKHx\nv9yhtszdDlACKok9rqp3LdTWgJI+Lw3H3SP5Xidzg0nOtvnS0LD/huE0thnfkuaB\nLTBSvdFR6sQFtNcxppwKC1X0PDoQuwiNB/J51LpnQ1D1ho/Zor6cRhKEaYACdb2Q\nS/UT6NRzbpS/P4GU06tN8msNaBaPAWWoUECJNX7Dyiq1mk3AzQUmJksGQIcoy1D4\nmAT24Vk/xztrL116R+OIhdNq42BME0w2RRaqcohPLqVa8HTGEsJf7prieov3hQbN\nXVmxG5ewnTj0ozsGY/NQGkdzwmjsThs1UoSAEIQCSDUAEa7UAoLq+Kud+JpaAUvh\n4LTU3T8x0J+HZEclyEqKLzFf3QVAiTR6afTwUAQFNdrjhb0LKgBlEBD1RxXAWikm\nv5/FBViWcaRAJpLKcGB4bWQbEHp5u9U5XyXZtbpwPnRJzFlhhBuxVV8aeCpyBqDs\nSdRo0QmAs/vxzkgVl0XKbm9zJM7D9ZJxa6Ko55uo0gNK8DEduS/F53tJiNFKb1lY\nBBjqugCtKexynS3N4cknJTkq9KFvE27s6FNqOYiOUh9GzTTz3+0Ye+OcyIcONlHd\n8KhijeJWTM7yt7A3ZAUQGFks9nJQONMRKVykzQyRCEbKoqUqf1DrZUcLD8H6TuMt\nR7j4v1KVvptaxBkDqvXhBaqgLc4ug/p2fsXNZ8VXiogskJtTLBzb5eo/s015E72H\nOHNJSiWgG2Yzd7QF1MVZvzpsdSi9/lvuTtzTx5U2P/v+inYIMWNT2DU03Z2X2j2a\n+jkI9aTnN46UNiCPE+FVx0j+Hd2n0hUaEYyy9dtMQ5gn/DYaTF+cuTMdGmLpL2+P\nigiIPf3LlAwUwd+l9iMrDFhDtOa8rQGi8way1gamV9tk0z6AHfFAoYTmA6M0JU0c\n-----END RSA PRIVATE KEY-----\n",
      "passphrase" : "invalid-password",
      "certificateChain" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n" ],
      "rootCaCertificate" : "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n",
      "certType" : "SERVER_CERT"
    }
  }
}'

Example Response with wrong passphrase

HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 251

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:41.931Z",
    "rid" : "n/a"
  },
  "errors" : [ {
    "code" : "INVALID_VALUE",
    "source" : {
      "pointer" : "/data/attributes/passphrase"
    }
  } ]
}

Delete a SSL Certificate

DELETE /configuration/ssl-certificates/{id}

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates/1" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Add Virtual Host Connections

PATCH /configuration/ssl-certificates/{id}/relationships/virtual-hosts

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "virtual-host" for this call.

data[].id

String

yes

The ID of the referenced "virtual-host" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates/1/relationships/virtual-hosts" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "virtual-host",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove Virtual Host Connections

DELETE /configuration/ssl-certificates/{id}/relationships/virtual-hosts

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "virtual-host" for this call.

data[].id

String

yes

The ID of the referenced "virtual-host" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates/1/relationships/virtual-hosts" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "virtual-host",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Add Back-End Group Connection

PATCH /configuration/ssl-certificates/{id}/relationships/back-end-groups

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "back-end-group" for this call.

data[].id

String

yes

The ID of the referenced "back-end-group" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates/1/relationships/back-end-groups" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "back-end-group",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove Back-End Group Connections

DELETE /configuration/ssl-certificates/{id}/relationships/back-end-groups

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "back-end-group" for this call.

data[].id

String

yes

The ID of the referenced "back-end-group" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates/1/relationships/back-end-groups" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "back-end-group",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Add Remote JWKS Connection

PATCH /configuration/ssl-certificates/{id}/relationships/json-web-key-sets/remotes

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "remote-json-web-key-set" for this call.

data[].id

String

yes

The ID of the referenced "remote-json-web-key-set" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates/1/relationships/json-web-key-sets/remotes" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "remote-json-web-key-set",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove Remote JWKS Connections

PATCH /configuration/ssl-certificates/{id}/relationships/json-web-key-sets/remotes

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "remote-json-web-key-set" for this call.

data[].id

String

yes

The ID of the referenced "remote-json-web-key-set" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates/1/relationships/json-web-key-sets/remotes" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "remote-json-web-key-set",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Local JSON Web Key Sets

Access all Local JSON Web Key Sets

GET /configuration/json-web-key-sets/locals

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "local-json-web-key-set" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.content

String

The Json Web Key Set.

data[].attributes.issuer

String

An issuer to bind the JWKS to.

data[].attributes.name

String

The unique name of the local JWKS provider.

data[].relationships.mappings.data[]

Array

The mapping references.

data[].relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data[].relationships.mappings.data[].id

String

The ID of the mapping resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/locals" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2121

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:50.251Z"
  },
  "data" : [ {
    "type" : "local-json-web-key-set",
    "id" : "1",
    "attributes" : {
      "name" : "a local JWKS",
      "content" : "{\n\"keys\": [\n  {\n    \"alg\": \"RS256\",\n    \"kty\": \"RSA\",\n    \"use\": \"sig\",\n    \"x5c\": [\n      \"MIIC+DCCAeCgAwIBAgIJBIGjYW6hFpn2MA0GCSqGSIb3DQEBBQUAMCMxITAfBgNVBAMTGGN1c3RvbWVyLWRlbW9zLmF1dGgwLmNvbTAeFw0xNjExMjIyMjIyMDVaFw0zMDA4MDEyMjIyMDVaMCMxITAfBgNVBAMTGGN1c3RvbWVyLWRlbW9zLmF1dGgwLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMnjZc5bm/eGIHq09N9HKHahM7Y31P0ul+A2wwP4lSpIwFrWHzxw88/7Dwk9QMc+orGXX95R6av4GF+Es/nG3uK45ooMVMa/hYCh0Mtx3gnSuoTavQEkLzCvSwTqVwzZ+5noukWVqJuMKNwjL77GNcPLY7Xy2/skMCT5bR8UoWaufooQvYq6SyPcRAU4BtdquZRiBT4U5f+4pwNTxSvey7ki50yc1tG49Per/0zA4O6Tlpv8x7Red6m1bCNHt7+Z5nSl3RX/QYyAEUX1a28VcYmR41Osy+o2OUCXYdUAphDaHo4/8rbKTJhlu8jEcc1KoMXAKjgaVZtG/v5ltx6AXY0CAwEAAaMvMC0wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUQxFG602h1cG+pnyvJoy9pGJJoCswDQYJKoZIhvcNAQEFBQADggEBAGvtCbzGNBUJPLICth3mLsX0Z4z8T8iu4tyoiuAshP/Ry/ZBnFnXmhD8vwgMZ2lTgUWwlrvlgN+fAtYKnwFO2G3BOCFw96Nm8So9sjTda9CCZ3dhoH57F/hVMBB0K6xhklAc0b5ZxUpCIN92v/w+xZoz1XQBHe8ZbRHaP1HpRM4M7DJk2G5cgUCyu3UBvYS41sHvzrxQ3z7vIePRA4WF4bEkfX12gvny0RsPkrbVMXX1Rj9t6V7QXrbPYBAO+43JvDGYawxYVvLhz+BJ45x50GFQmHszfY3BR9TPK8xmMmQwtIvLu1PMttNCs7niCYkSiUv2sc2mlq1i3IashGkkgmo=\"\n    ],\n    \"n\": \"yeNlzlub94YgerT030codqEztjfU_S6X4DbDA_iVKkjAWtYfPHDzz_sPCT1Axz6isZdf3lHpq_gYX4Sz-cbe4rjmigxUxr-FgKHQy3HeCdK6hNq9ASQvMK9LBOpXDNn7mei6RZWom4wo3CMvvsY1w8tjtfLb-yQwJPltHxShZq5-ihC9irpLI9xEBTgG12q5lGIFPhTl_7inA1PFK97LuSLnTJzW0bj096v_TMDg7pOWm_zHtF53qbVsI0e3v5nmdKXdFf9BjIARRfVrbxVxiZHjU6zL6jY5QJdh1QCmENoejj_ytspMmGW7yMRxzUqgxcAqOBpVm0b-_mW3HoBdjQ\",\n    \"e\": \"AQAB\",\n    \"kid\": \"NjVBRjY5MDlCMUIwNzU4RTA2QzZFMDQ4QzQ2MDAyQjVDNjk1RTM2Qg\",\n    \"x5t\": \"NjVBRjY5MDlCMUIwNzU4RTA2QzZFMDQ4QzQ2MDAyQjVDNjk1RTM2Qg\"\n  }\n]}",
      "issuer" : "myIssuer"
    },
    "relationships" : {
      "mappings" : {
        "data" : [ {
          "type" : "mapping",
          "id" : "30"
        } ]
      }
    }
  } ]
}

Access a Local JSON Web Key Set

GET /configuration/json-web-key-sets/locals/{id}

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "local-json-web-key-set" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.content

String

The Json Web Key Set.

data.attributes.issuer

String

An issuer to bind the JWKS to.

data.attributes.name

String

The unique name of the local JWKS provider.

data.relationships.mappings.data[]

Array

The mapping references.

data.relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.mappings.data[].id

String

The ID of the mapping resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/locals/1" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2117

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:50.167Z"
  },
  "data" : {
    "type" : "local-json-web-key-set",
    "id" : "1",
    "attributes" : {
      "name" : "a local JWKS",
      "content" : "{\n\"keys\": [\n  {\n    \"alg\": \"RS256\",\n    \"kty\": \"RSA\",\n    \"use\": \"sig\",\n    \"x5c\": [\n      \"MIIC+DCCAeCgAwIBAgIJBIGjYW6hFpn2MA0GCSqGSIb3DQEBBQUAMCMxITAfBgNVBAMTGGN1c3RvbWVyLWRlbW9zLmF1dGgwLmNvbTAeFw0xNjExMjIyMjIyMDVaFw0zMDA4MDEyMjIyMDVaMCMxITAfBgNVBAMTGGN1c3RvbWVyLWRlbW9zLmF1dGgwLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMnjZc5bm/eGIHq09N9HKHahM7Y31P0ul+A2wwP4lSpIwFrWHzxw88/7Dwk9QMc+orGXX95R6av4GF+Es/nG3uK45ooMVMa/hYCh0Mtx3gnSuoTavQEkLzCvSwTqVwzZ+5noukWVqJuMKNwjL77GNcPLY7Xy2/skMCT5bR8UoWaufooQvYq6SyPcRAU4BtdquZRiBT4U5f+4pwNTxSvey7ki50yc1tG49Per/0zA4O6Tlpv8x7Red6m1bCNHt7+Z5nSl3RX/QYyAEUX1a28VcYmR41Osy+o2OUCXYdUAphDaHo4/8rbKTJhlu8jEcc1KoMXAKjgaVZtG/v5ltx6AXY0CAwEAAaMvMC0wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUQxFG602h1cG+pnyvJoy9pGJJoCswDQYJKoZIhvcNAQEFBQADggEBAGvtCbzGNBUJPLICth3mLsX0Z4z8T8iu4tyoiuAshP/Ry/ZBnFnXmhD8vwgMZ2lTgUWwlrvlgN+fAtYKnwFO2G3BOCFw96Nm8So9sjTda9CCZ3dhoH57F/hVMBB0K6xhklAc0b5ZxUpCIN92v/w+xZoz1XQBHe8ZbRHaP1HpRM4M7DJk2G5cgUCyu3UBvYS41sHvzrxQ3z7vIePRA4WF4bEkfX12gvny0RsPkrbVMXX1Rj9t6V7QXrbPYBAO+43JvDGYawxYVvLhz+BJ45x50GFQmHszfY3BR9TPK8xmMmQwtIvLu1PMttNCs7niCYkSiUv2sc2mlq1i3IashGkkgmo=\"\n    ],\n    \"n\": \"yeNlzlub94YgerT030codqEztjfU_S6X4DbDA_iVKkjAWtYfPHDzz_sPCT1Axz6isZdf3lHpq_gYX4Sz-cbe4rjmigxUxr-FgKHQy3HeCdK6hNq9ASQvMK9LBOpXDNn7mei6RZWom4wo3CMvvsY1w8tjtfLb-yQwJPltHxShZq5-ihC9irpLI9xEBTgG12q5lGIFPhTl_7inA1PFK97LuSLnTJzW0bj096v_TMDg7pOWm_zHtF53qbVsI0e3v5nmdKXdFf9BjIARRfVrbxVxiZHjU6zL6jY5QJdh1QCmENoejj_ytspMmGW7yMRxzUqgxcAqOBpVm0b-_mW3HoBdjQ\",\n    \"e\": \"AQAB\",\n    \"kid\": \"NjVBRjY5MDlCMUIwNzU4RTA2QzZFMDQ4QzQ2MDAyQjVDNjk1RTM2Qg\",\n    \"x5t\": \"NjVBRjY5MDlCMUIwNzU4RTA2QzZFMDQ4QzQ2MDAyQjVDNjk1RTM2Qg\"\n  }\n]}",
      "issuer" : "myIssuer"
    },
    "relationships" : {
      "mappings" : {
        "data" : [ {
          "type" : "mapping",
          "id" : "30"
        } ]
      }
    }
  }
}

Create a Local JSON Web Key Set

POST /configuration/json-web-key-sets/locals

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "local-json-web-key-set" for this call.

data.attributes.content

String

yes

The Json Web Key Set.

data.attributes.issuer

String

yes

An issuer to bind the JWKS to.

data.attributes.name

String

yes

The unique name of the local JWKS provider.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "local-json-web-key-set" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.content

String

The Json Web Key Set.

data.attributes.issuer

String

An issuer to bind the JWKS to.

data.attributes.name

String

The unique name of the local JWKS provider.

data.relationships.mappings.data[]

Array

The mapping references.

data.relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.mappings.data[].id

String

The ID of the mapping resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/locals" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "local-json-web-key-set",
    "attributes" : {
      "name" : "a local JWKS",
      "content" : "{\"keys\":\n       [\n         {\"kty\":\"oct\",\n          \"alg\":\"A128KW\",\n          \"k\":\"GawgguFyGrWKav7AX4VKUg\"},\n         {\"kty\":\"oct\",\n          \"k\":\"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow\",\n          \"kid\":\"HMAC key used in JWS spec Appendix A.1 example\"}\n       ]\n     }",
      "issuer" : "myissuer"
    }
  }
}'

Example Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 639

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:50.219Z"
  },
  "data" : {
    "type" : "local-json-web-key-set",
    "id" : "4",
    "attributes" : {
      "name" : "a local JWKS",
      "content" : "{\"keys\":\n       [\n         {\"kty\":\"oct\",\n          \"alg\":\"A128KW\",\n          \"k\":\"GawgguFyGrWKav7AX4VKUg\"},\n         {\"kty\":\"oct\",\n          \"k\":\"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow\",\n          \"kid\":\"HMAC key used in JWS spec Appendix A.1 example\"}\n       ]\n     }",
      "issuer" : "myissuer"
    }
  }
}

Update a Local JSON Web Key Set

PATCH /configuration/json-web-key-sets/locals/{id}

Content-Type application/json

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "local-json-web-key-set" for this call.

data.id

String

yes

The ID of the resource to be addressed.

data.attributes.content

String

no

The Json Web Key Set.

data.attributes.issuer

String

no

An issuer to bind the JWKS to.

data.attributes.name

String

no

The unique name of the local JWKS provider.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "local-json-web-key-set" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.content

String

The Json Web Key Set.

data.attributes.issuer

String

An issuer to bind the JWKS to.

data.attributes.name

String

The unique name of the local JWKS provider.

data.relationships.mappings.data[]

Array

The mapping references.

data.relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.mappings.data[].id

String

The ID of the mapping resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/locals/1" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "local-json-web-key-set",
    "id" : "1",
    "attributes" : {
      "name" : "a local JWKS",
      "content" : "{\"keys\":\n       [\n         {\"kty\":\"oct\",\n          \"alg\":\"A128KW\",\n          \"k\":\"GawgguFyGrWKav7AX4VKUg\"},\n         {\"kty\":\"oct\",\n          \"k\":\"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow\",\n          \"kid\":\"HMAC key used in JWS spec Appendix A.1 example\"}\n       ]\n     }",
      "issuer" : "myissuer"
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 784

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:50.270Z"
  },
  "data" : {
    "type" : "local-json-web-key-set",
    "id" : "1",
    "attributes" : {
      "name" : "a local JWKS",
      "content" : "{\"keys\":\n       [\n         {\"kty\":\"oct\",\n          \"alg\":\"A128KW\",\n          \"k\":\"GawgguFyGrWKav7AX4VKUg\"},\n         {\"kty\":\"oct\",\n          \"k\":\"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow\",\n          \"kid\":\"HMAC key used in JWS spec Appendix A.1 example\"}\n       ]\n     }",
      "issuer" : "myissuer"
    },
    "relationships" : {
      "mappings" : {
        "data" : [ {
          "type" : "mapping",
          "id" : "30"
        } ]
      }
    }
  }
}

Delete a Local JSON Web Key Set

DELETE /configuration/json-web-key-sets/locals/{id}

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/locals/1" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Add Mapping Connections

PATCH /configuration/json-web-key-sets/locals/{id}/relationships/mappings

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "mapping" for this call.

data[].id

String

yes

The ID of the referenced "mapping" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/locals/1/relationships/mappings" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "mapping",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove Mapping Connections

DELETE /configuration/json-web-key-sets/locals/{id}/relationships/mappings

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "mapping" for this call.

data[].id

String

yes

The ID of the referenced "mapping" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/locals/1/relationships/mappings" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "mapping",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remote JSON Web Key Sets

Access all Remote JSON Web Key Sets

GET /configuration/json-web-key-sets/remotes

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "remote-json-web-key-set" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.issuer

String

An issuer to bind the JWKS to.

data[].attributes.name

String

The unique name of the remote JWKS provider.

data[].attributes.serviceUrl

String

The URL of the service provider.

data[].attributes.tls.cipherSuite

String

Back-end SSL cipher list. For documentation, visit www.openssl.org and search for 'ciphers'.

data[].attributes.tls.forceNewSession

Boolean

Whether back-end SSL sessions shall be resumed or not.

data[].attributes.tls.protocol

String

Back-end SSL protocol version.

Allowed values:
- DEFAULT
- TLSv1_0
- TLSv1_1
- TLSv1_2
- TLSv1_3

data[].attributes.tls.serverCertificateValidation.caCertificates[]

Array

List of Certificate Authorities which are used to verify the server certificate of the back-end hosts.

data[].attributes.tls.serverCertificateValidation.enabled

Boolean

Indicates if the server certificate will be verified.
If disabled, untrusted server certificates will be accepted without chain validation.

data[].attributes.tls.serverCertificateValidation.verifyHost

Boolean

Whether the server name is verified against the common name (CN) of the server certificate.

data[].relationships.mappings.data[]

Array

The mapping references.

data[].relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data[].relationships.mappings.data[].id

String

The ID of the mapping resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/remotes" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 745

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:23.673Z"
  },
  "data" : [ {
    "type" : "remote-json-web-key-set",
    "id" : "1",
    "attributes" : {
      "name" : "a remote JWKS",
      "serviceUrl" : "https://example.com/jwks.json",
      "issuer" : "myIssuer",
      "tls" : {
        "protocol" : "TLSv1_3",
        "cipherSuite" : "AES_256_CBC",
        "forceNewSession" : true,
        "serverCertificateValidation" : {
          "enabled" : true,
          "verifyHost" : true,
          "caCertificates" : [ ]
        }
      }
    },
    "relationships" : {
      "mappings" : {
        "data" : [ {
          "type" : "mapping",
          "id" : "30"
        } ]
      }
    }
  } ]
}

Access a Remote JSON Web Key Set

GET /configuration/json-web-key-sets/remotes/{id}

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "remote-json-web-key-set" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.issuer

String

An issuer to bind the JWKS to.

data.attributes.name

String

The unique name of the remote JWKS provider.

data.attributes.serviceUrl

String

The URL of the service provider.

data.attributes.tls.cipherSuite

String

Back-end SSL cipher list. For documentation, visit www.openssl.org and search for 'ciphers'.

data.attributes.tls.forceNewSession

Boolean

Whether back-end SSL sessions shall be resumed or not.

data.attributes.tls.protocol

String

Back-end SSL protocol version.

Allowed values:
- DEFAULT
- TLSv1_0
- TLSv1_1
- TLSv1_2
- TLSv1_3

data.attributes.tls.serverCertificateValidation.caCertificates[]

Array

List of Certificate Authorities which are used to verify the server certificate of the back-end hosts.

data.attributes.tls.serverCertificateValidation.enabled

Boolean

Indicates if the server certificate will be verified.
If disabled, untrusted server certificates will be accepted without chain validation.

data.attributes.tls.serverCertificateValidation.verifyHost

Boolean

Whether the server name is verified against the common name (CN) of the server certificate.

data.relationships.mappings.data[]

Array

The mapping references.

data.relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.mappings.data[].id

String

The ID of the mapping resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/remotes/1" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 741

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:22.863Z"
  },
  "data" : {
    "type" : "remote-json-web-key-set",
    "id" : "1",
    "attributes" : {
      "name" : "a remote JWKS",
      "serviceUrl" : "https://example.com/jwks.json",
      "issuer" : "myIssuer",
      "tls" : {
        "protocol" : "TLSv1_3",
        "cipherSuite" : "AES_256_CBC",
        "forceNewSession" : true,
        "serverCertificateValidation" : {
          "enabled" : true,
          "verifyHost" : true,
          "caCertificates" : [ ]
        }
      }
    },
    "relationships" : {
      "mappings" : {
        "data" : [ {
          "type" : "mapping",
          "id" : "30"
        } ]
      }
    }
  }
}

Create a Remote JSON Web Key Set

POST /configuration/json-web-key-sets/remotes

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "remote-json-web-key-set" for this call.

data.attributes.issuer

String

yes

An issuer to bind the JWKS to.

data.attributes.name

String

yes

The unique name of the remote JWKS provider.

data.attributes.serviceUrl

String

yes

The URL of the service provider.

data.attributes.tls.cipherSuite

String

no

Back-end SSL cipher list. For documentation, visit www.openssl.org and search for 'ciphers'.

Default value: DEFAULT

data.attributes.tls.forceNewSession

Boolean

no

Whether back-end SSL sessions shall be resumed or not.

Default value: false

data.attributes.tls.protocol

String

no

Back-end SSL protocol version.

Allowed values:
- DEFAULT
- TLSv1_0
- TLSv1_1
- TLSv1_2
- TLSv1_3
Default value: DEFAULT

data.attributes.tls.serverCertificateValidation.caCertificates[]

Array

yes

List of Certificate Authorities which are used to verify the server certificate of the back-end hosts.

data.attributes.tls.serverCertificateValidation.enabled

Boolean

no

Indicates if the server certificate will be verified.
If disabled, untrusted server certificates will be accepted without chain validation.

Default value: true

data.attributes.tls.serverCertificateValidation.verifyHost

Boolean

no

Whether the server name is verified against the common name (CN) of the server certificate.

Default value: true

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "remote-json-web-key-set" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.issuer

String

An issuer to bind the JWKS to.

data.attributes.name

String

The unique name of the remote JWKS provider.

data.attributes.serviceUrl

String

The URL of the service provider.

data.attributes.tls.cipherSuite

String

Back-end SSL cipher list. For documentation, visit www.openssl.org and search for 'ciphers'.

data.attributes.tls.forceNewSession

Boolean

Whether back-end SSL sessions shall be resumed or not.

data.attributes.tls.protocol

String

Back-end SSL protocol version.

Allowed values:
- DEFAULT
- TLSv1_0
- TLSv1_1
- TLSv1_2
- TLSv1_3

data.attributes.tls.serverCertificateValidation.caCertificates[]

Array

List of Certificate Authorities which are used to verify the server certificate of the back-end hosts.

data.attributes.tls.serverCertificateValidation.enabled

Boolean

Indicates if the server certificate will be verified.
If disabled, untrusted server certificates will be accepted without chain validation.

data.attributes.tls.serverCertificateValidation.verifyHost

Boolean

Whether the server name is verified against the common name (CN) of the server certificate.

data.relationships.mappings.data[]

Array

The mapping references.

data.relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.mappings.data[].id

String

The ID of the mapping resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/remotes" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "remote-json-web-key-set",
    "attributes" : {
      "name" : "a remote JWKS",
      "serviceUrl" : "https://airlock.com/jwks-example.json",
      "issuer" : "myissuer",
      "tls" : {
        "protocol" : "TLSv1_3",
        "cipherSuite" : "myCipher",
        "forceNewSession" : true,
        "serverCertificateValidation" : {
          "enabled" : true,
          "verifyHost" : true,
          "caCertificates" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n" ]
        }
      }
    }
  }
}'

Example Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 3308

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:23.641Z"
  },
  "data" : {
    "type" : "remote-json-web-key-set",
    "id" : "4",
    "attributes" : {
      "name" : "a remote JWKS",
      "serviceUrl" : "https://airlock.com/jwks-example.json",
      "issuer" : "myissuer",
      "tls" : {
        "protocol" : "TLSv1_3",
        "cipherSuite" : "myCipher",
        "forceNewSession" : true,
        "serverCertificateValidation" : {
          "enabled" : true,
          "verifyHost" : true,
          "caCertificates" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n" ]
        }
      }
    }
  }
}

Update a Remote JSON Web Key Set

PATCH /configuration/json-web-key-sets/remotes/{id}

Content-Type application/json

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "remote-json-web-key-set" for this call.

data.id

String

yes

The ID of the resource to be addressed.

data.attributes.issuer

String

no

An issuer to bind the JWKS to.

data.attributes.name

String

no

The unique name of the remote JWKS provider.

data.attributes.serviceUrl

String

no

The URL of the service provider.

data.attributes.tls.cipherSuite

String

no

Back-end SSL cipher list. For documentation, visit www.openssl.org and search for 'ciphers'.

data.attributes.tls.forceNewSession

Boolean

no

Whether back-end SSL sessions shall be resumed or not.

data.attributes.tls.protocol

String

no

Back-end SSL protocol version.

Allowed values:
- DEFAULT
- TLSv1_0
- TLSv1_1
- TLSv1_2
- TLSv1_3

data.attributes.tls.serverCertificateValidation.caCertificates[]

Array

no

List of Certificate Authorities which are used to verify the server certificate of the back-end hosts.

data.attributes.tls.serverCertificateValidation.enabled

Boolean

no

Indicates if the server certificate will be verified.
If disabled, untrusted server certificates will be accepted without chain validation.

data.attributes.tls.serverCertificateValidation.verifyHost

Boolean

no

Whether the server name is verified against the common name (CN) of the server certificate.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "remote-json-web-key-set" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.issuer

String

An issuer to bind the JWKS to.

data.attributes.name

String

The unique name of the remote JWKS provider.

data.attributes.serviceUrl

String

The URL of the service provider.

data.attributes.tls.cipherSuite

String

Back-end SSL cipher list. For documentation, visit www.openssl.org and search for 'ciphers'.

data.attributes.tls.forceNewSession

Boolean

Whether back-end SSL sessions shall be resumed or not.

data.attributes.tls.protocol

String

Back-end SSL protocol version.

Allowed values:
- DEFAULT
- TLSv1_0
- TLSv1_1
- TLSv1_2
- TLSv1_3

data.attributes.tls.serverCertificateValidation.caCertificates[]

Array

List of Certificate Authorities which are used to verify the server certificate of the back-end hosts.

data.attributes.tls.serverCertificateValidation.enabled

Boolean

Indicates if the server certificate will be verified.
If disabled, untrusted server certificates will be accepted without chain validation.

data.attributes.tls.serverCertificateValidation.verifyHost

Boolean

Whether the server name is verified against the common name (CN) of the server certificate.

data.relationships.mappings.data[]

Array

The mapping references.

data.relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.mappings.data[].id

String

The ID of the mapping resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/remotes/1" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "remote-json-web-key-set",
    "id" : "1",
    "attributes" : {
      "name" : "a remote JWKS",
      "serviceUrl" : "https://airlock.com/jwks-example.json",
      "issuer" : "myissuer",
      "tls" : {
        "protocol" : "TLSv1_3",
        "cipherSuite" : "myCipher",
        "forceNewSession" : true,
        "serverCertificateValidation" : {
          "enabled" : true,
          "verifyHost" : true,
          "caCertificates" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n" ]
        }
      }
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 3453

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:23.880Z"
  },
  "data" : {
    "type" : "remote-json-web-key-set",
    "id" : "1",
    "attributes" : {
      "name" : "a remote JWKS",
      "serviceUrl" : "https://airlock.com/jwks-example.json",
      "issuer" : "myissuer",
      "tls" : {
        "protocol" : "TLSv1_3",
        "cipherSuite" : "myCipher",
        "forceNewSession" : true,
        "serverCertificateValidation" : {
          "enabled" : true,
          "verifyHost" : true,
          "caCertificates" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n" ]
        }
      }
    },
    "relationships" : {
      "mappings" : {
        "data" : [ {
          "type" : "mapping",
          "id" : "30"
        } ]
      }
    }
  }
}

Delete a Remote JSON Web Key Set

DELETE /configuration/json-web-key-sets/remotes/{id}

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/remotes/1" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Add Mapping Connections

PATCH /configuration/json-web-key-sets/remotes/{id}/relationships/mappings

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "mapping" for this call.

data[].id

String

yes

The ID of the referenced "mapping" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/remotes/1/relationships/mappings" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "mapping",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove Mapping Connections

DELETE /configuration/json-web-key-sets/remotes/{id}/relationships/mappings

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "mapping" for this call.

data[].id

String

yes

The ID of the referenced "mapping" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/remotes/1/relationships/mappings" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "mapping",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Add Client Certificate Connection

PATCH /configuration/json-web-key-sets/remotes/{id}/relationships/client-certificate

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "ssl-certificate" for this call.

data.id

String

yes

The ID of the referenced "ssl-certificate" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/remotes/1/relationships/client-certificate" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "ssl-certificate",
    "id" : "2"
  }
}'

Example Response

HTTP/1.1 204 No Content

Remove Client Certificate Connection

DELETE /configuration/json-web-key-sets/remotes/{id}/relationships/client-certificate

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "ssl-certificate" for this call.

data.id

String

yes

The ID of the referenced "ssl-certificate" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/remotes/1/relationships/client-certificate" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "ssl-certificate",
    "id" : "2"
  }
}'

Example Response

HTTP/1.1 204 No Content

OpenAPI

Access all OpenAPI Documents

GET /configuration/api-security/openapi-documents

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "openapi-document" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.name

String

The unique name of the OpenAPI document.

data[].relationships.mappings.data[]

Array

The mapping references.

data[].relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data[].relationships.mappings.data[].id

String

The ID of the mapping resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/openapi-documents" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 358

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:18.341Z"
  },
  "data" : [ {
    "type" : "openapi-document",
    "id" : "1",
    "attributes" : {
      "name" : "apiSpecificationA"
    }
  }, {
    "type" : "openapi-document",
    "id" : "2",
    "attributes" : {
      "name" : "apiSpecificationB"
    }
  } ]
}

Access an OpenAPI Document

GET /configuration/api-security/openapi-documents/{id}

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "openapi-document" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.name

String

The unique name of the OpenAPI document.

data.relationships.mappings.data[]

Array

The mapping references.

data.relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.mappings.data[].id

String

The ID of the mapping resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/openapi-documents/1" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 235

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:18.237Z"
  },
  "data" : {
    "type" : "openapi-document",
    "id" : "1",
    "attributes" : {
      "name" : "apiSpecification"
    }
  }
}

Create an OpenAPI Document

POST /configuration/api-security/openapi-documents

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "openapi-document" for this call.

data.attributes.name

String

yes

The unique name of the OpenAPI document.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "openapi-document" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.name

String

The unique name of the OpenAPI document.

data.relationships.mappings.data[]

Array

The mapping references.

data.relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.mappings.data[].id

String

The ID of the mapping resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/openapi-documents" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "openapi-document",
    "attributes" : {
      "name" : "newApiSpecification"
    }
  }
}'

Example Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 238

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:18.297Z"
  },
  "data" : {
    "type" : "openapi-document",
    "id" : "4",
    "attributes" : {
      "name" : "newApiSpecification"
    }
  }
}

Update an OpenAPI Document

PATCH /configuration/api-security/openapi-documents/{id}

Content-Type application/json

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "openapi-document" for this call.

data.id

String

yes

The ID of the resource to be addressed.

data.attributes.name

String

no

The unique name of the OpenAPI document.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "openapi-document" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.name

String

The unique name of the OpenAPI document.

data.relationships.mappings.data[]

Array

The mapping references.

data.relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.mappings.data[].id

String

The ID of the mapping resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/openapi-documents/1" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "openapi-document",
    "id" : "1",
    "attributes" : {
      "name" : "updatedApiSpecification"
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 242

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:18.356Z"
  },
  "data" : {
    "type" : "openapi-document",
    "id" : "1",
    "attributes" : {
      "name" : "updatedApiSpecification"
    }
  }
}

Delete an OpenAPI Document

DELETE /configuration/api-security/openapi-documents/{id}

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/openapi-documents/1" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Upload OpenAPI Document Content

Uploads an API specification in the OpenAPI format. Please note that the content must be UTF-8 encoded and that the OpenApi document, for which the content is intended, must already exist.

PUT /configuration/api-security/openapi-documents/{id}/content

Content-Type application/octet-stream

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/openapi-documents/1/content" -i -X PUT \
    -H 'Content-Type: application/octet-stream' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '@/tmp/upload.zip'

Example Response

HTTP/1.1 204 No Content

Get OpenAPI Document Content

GET /configuration/api-security/openapi-documents/{id}/content

Accept application/octet-stream

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/openapi-documents/2/content" -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/octet-stream'

Example Response

HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 1629

Add Mapping Connections

PATCH /configuration/api-security/openapi-documents/{id}/relationships/mappings

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "mapping" for this call.

data[].id

String

yes

The ID of the referenced "mapping" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/openapi-documents/3/relationships/mappings" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "mapping",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove Mapping Connections

DELETE /configuration/api-security/openapi-documents/{id}/relationships/mappings

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "mapping" for this call.

data[].id

String

yes

The ID of the referenced "mapping" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/openapi-documents/3/relationships/mappings" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "mapping",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Anomaly Shield

Access Anomaly Shield Settings

GET /configuration/anomaly-shield

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "anomaly-shield" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.enabled

Boolean

Whether the Airlock Anomaly Shield feature is enabled.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 222

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:02.006Z"
  },
  "data" : {
    "type" : "anomaly-shield",
    "id" : "2",
    "attributes" : {
      "enabled" : true
    }
  }
}

Update Anomaly Shield Settings

PATCH /configuration/anomaly-shield

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "anomaly-shield" for this call.

data.attributes.enabled

Boolean

no

Whether the Airlock Anomaly Shield feature is enabled.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "anomaly-shield" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.enabled

Boolean

Whether the Airlock Anomaly Shield feature is enabled.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "anomaly-shield",
    "attributes" : {
      "enabled" : true
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 222

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:02.046Z"
  },
  "data" : {
    "type" : "anomaly-shield",
    "id" : "2",
    "attributes" : {
      "enabled" : true
    }
  }
}

Anomaly Shield Applications

Access Anomaly Shield Applications

GET /configuration/anomaly-shield-applications

Accept application/json

Request Structure

Parameter Description Required

filter

Optionally allows to filter by: 'name'. Click here for more details about the syntax.

no

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "anomaly-shield-application" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.anomalyDetectionAndResponse.enabled

Boolean

Whether anomaly detection and response rules are enabled.

data[].attributes.anomalyDetectionAndResponse.sessionAnomalyDetailsLogging

String

Specifies when low-level machine learning information (e.g. the current session anomaly pattern) should be logged. If set to ALWAYS, the information will be logged for every request.

Allowed values:
- NEVER
- ON_PATTERN_CHANGES
- ON_VALUE_CHANGES
- ALWAYS

data[].attributes.anomalyDetectionAndResponse.threatHandling

String

Specifies whether actions of triggered rules should be executed or only logged.

Allowed values:
- EXECUTE_ACTIONS
- LOG_ONLY

data[].attributes.name

String

The unique name of the Anomaly Shield Application.

data[].attributes.tenant

String

Tenant of the Anomaly Shield Application.

data[].attributes.trainingDataCollection.enabled

Boolean

Whether request data of this application should be collected for subsequent Anomaly Shield training.

data[].relationships.mappings.data[]

Array

The mapping references.

data[].relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data[].relationships.mappings.data[].id

String

The ID of the mapping resource.

data[].relationships.anomaly-shield-rules.data[]

Array

The anomaly-shield-rule references.

data[].relationships.anomaly-shield-rules.data[].type

String

The data type of the referenced resource. Must be "anomaly-shield-rule" for this call.

data[].relationships.anomaly-shield-rules.data[].id

String

The ID of the anomaly-shield-rule resource.

data[].relationships.training-data-collection-exclusions.data[]

Array

The anomaly-shield-traffic-matcher references.

data[].relationships.training-data-collection-exclusions.data[].type

String

The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call.

data[].relationships.training-data-collection-exclusions.data[].id

String

The ID of the anomaly-shield-traffic-matcher resource.

data[].relationships.anomaly-detection-exclusions.data[]

Array

The anomaly-shield-traffic-matcher references.

data[].relationships.anomaly-detection-exclusions.data[].type

String

The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call.

data[].relationships.anomaly-detection-exclusions.data[].id

String

The ID of the anomaly-shield-traffic-matcher resource.

data[].relationships.response-rule-exceptions.data[]

Array

The anomaly-shield-traffic-matcher references.

data[].relationships.response-rule-exceptions.data[].type

String

The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call.

data[].relationships.response-rule-exceptions.data[].id

String

The ID of the anomaly-shield-traffic-matcher resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications?filter=name%3D%3DAnomalyShieldApplication" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1143

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:24:58.854Z"
  },
  "data" : [ {
    "type" : "anomaly-shield-application",
    "id" : "1",
    "attributes" : {
      "name" : "AnomalyShieldApplication",
      "tenant" : "AirlockBankingCo",
      "trainingDataCollection" : {
        "enabled" : true
      },
      "anomalyDetectionAndResponse" : {
        "enabled" : false,
        "threatHandling" : "LOG_ONLY",
        "sessionAnomalyDetailsLogging" : "ON_PATTERN_CHANGES"
      }
    },
    "relationships" : {
      "mappings" : {
        "data" : [ {
          "type" : "mapping",
          "id" : "30"
        } ]
      },
      "anomaly-shield-rules" : {
        "data" : [ {
          "type" : "anomaly-shield-rule",
          "id" : "35"
        } ]
      },
      "training-data-collection-exclusions" : {
        "data" : [ {
          "type" : "anomaly-shield-traffic-matcher",
          "id" : "40"
        } ]
      },
      "response-rule-exceptions" : {
        "data" : [ {
          "type" : "anomaly-shield-traffic-matcher",
          "id" : "50"
        } ]
      }
    }
  } ]
}

Access an Anomaly Shield Application

GET /configuration/anomaly-shield-applications/{id}

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "anomaly-shield-application" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.anomalyDetectionAndResponse.enabled

Boolean

Whether anomaly detection and response rules are enabled.

data.attributes.anomalyDetectionAndResponse.sessionAnomalyDetailsLogging

String

Specifies when low-level machine learning information (e.g. the current session anomaly pattern) should be logged. If set to ALWAYS, the information will be logged for every request.

Allowed values:
- NEVER
- ON_PATTERN_CHANGES
- ON_VALUE_CHANGES
- ALWAYS

data.attributes.anomalyDetectionAndResponse.threatHandling

String

Specifies whether actions of triggered rules should be executed or only logged.

Allowed values:
- EXECUTE_ACTIONS
- LOG_ONLY

data.attributes.name

String

The unique name of the Anomaly Shield Application.

data.attributes.tenant

String

Tenant of the Anomaly Shield Application.

data.attributes.trainingDataCollection.enabled

Boolean

Whether request data of this application should be collected for subsequent Anomaly Shield training.

data.relationships.mappings.data[]

Array

The mapping references.

data.relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.mappings.data[].id

String

The ID of the mapping resource.

data.relationships.anomaly-shield-rules.data[]

Array

The anomaly-shield-rule references.

data.relationships.anomaly-shield-rules.data[].type

String

The data type of the referenced resource. Must be "anomaly-shield-rule" for this call.

data.relationships.anomaly-shield-rules.data[].id

String

The ID of the anomaly-shield-rule resource.

data.relationships.training-data-collection-exclusions.data[]

Array

The anomaly-shield-traffic-matcher references.

data.relationships.training-data-collection-exclusions.data[].type

String

The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call.

data.relationships.training-data-collection-exclusions.data[].id

String

The ID of the anomaly-shield-traffic-matcher resource.

data.relationships.anomaly-detection-exclusions.data[]

Array

The anomaly-shield-traffic-matcher references.

data.relationships.anomaly-detection-exclusions.data[].type

String

The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call.

data.relationships.anomaly-detection-exclusions.data[].id

String

The ID of the anomaly-shield-traffic-matcher resource.

data.relationships.response-rule-exceptions.data[]

Array

The anomaly-shield-traffic-matcher references.

data.relationships.response-rule-exceptions.data[].type

String

The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call.

data.relationships.response-rule-exceptions.data[].id

String

The ID of the anomaly-shield-traffic-matcher resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications/1" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1139

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:24:58.480Z"
  },
  "data" : {
    "type" : "anomaly-shield-application",
    "id" : "1",
    "attributes" : {
      "name" : "AnomalyShieldApplication",
      "tenant" : "AirlockBankingCo",
      "trainingDataCollection" : {
        "enabled" : true
      },
      "anomalyDetectionAndResponse" : {
        "enabled" : false,
        "threatHandling" : "LOG_ONLY",
        "sessionAnomalyDetailsLogging" : "ON_PATTERN_CHANGES"
      }
    },
    "relationships" : {
      "mappings" : {
        "data" : [ {
          "type" : "mapping",
          "id" : "30"
        } ]
      },
      "anomaly-shield-rules" : {
        "data" : [ {
          "type" : "anomaly-shield-rule",
          "id" : "35"
        } ]
      },
      "training-data-collection-exclusions" : {
        "data" : [ {
          "type" : "anomaly-shield-traffic-matcher",
          "id" : "40"
        } ]
      },
      "response-rule-exceptions" : {
        "data" : [ {
          "type" : "anomaly-shield-traffic-matcher",
          "id" : "50"
        } ]
      }
    }
  }
}

Create an Anomaly Shield Application

POST /configuration/anomaly-shield-applications

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "anomaly-shield-application" for this call.

data.attributes.anomalyDetectionAndResponse.enabled

Boolean

yes

Whether anomaly detection and response rules are enabled.

data.attributes.anomalyDetectionAndResponse.sessionAnomalyDetailsLogging

String

yes

Specifies when low-level machine learning information (e.g. the current session anomaly pattern) should be logged. If set to ALWAYS, the information will be logged for every request.

Allowed values:
- NEVER
- ON_PATTERN_CHANGES
- ON_VALUE_CHANGES
- ALWAYS

data.attributes.anomalyDetectionAndResponse.threatHandling

String

yes

Specifies whether actions of triggered rules should be executed or only logged.

Allowed values:
- EXECUTE_ACTIONS
- LOG_ONLY

data.attributes.name

String

yes

The unique name of the Anomaly Shield Application.

data.attributes.tenant

String

yes

Tenant of the Anomaly Shield Application.

data.attributes.trainingDataCollection.enabled

Boolean

yes

Whether request data of this application should be collected for subsequent Anomaly Shield training.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "anomaly-shield-application" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.anomalyDetectionAndResponse.enabled

Boolean

Whether anomaly detection and response rules are enabled.

data.attributes.anomalyDetectionAndResponse.sessionAnomalyDetailsLogging

String

Specifies when low-level machine learning information (e.g. the current session anomaly pattern) should be logged. If set to ALWAYS, the information will be logged for every request.

Allowed values:
- NEVER
- ON_PATTERN_CHANGES
- ON_VALUE_CHANGES
- ALWAYS

data.attributes.anomalyDetectionAndResponse.threatHandling

String

Specifies whether actions of triggered rules should be executed or only logged.

Allowed values:
- EXECUTE_ACTIONS
- LOG_ONLY

data.attributes.name

String

The unique name of the Anomaly Shield Application.

data.attributes.tenant

String

Tenant of the Anomaly Shield Application.

data.attributes.trainingDataCollection.enabled

Boolean

Whether request data of this application should be collected for subsequent Anomaly Shield training.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "anomaly-shield-application",
    "attributes" : {
      "name" : "AnomalyShieldApplication",
      "tenant" : "AirlockBankingCo",
      "trainingDataCollection" : {
        "enabled" : true
      },
      "anomalyDetectionAndResponse" : {
        "enabled" : false,
        "threatHandling" : "LOG_ONLY",
        "sessionAnomalyDetailsLogging" : "ON_PATTERN_CHANGES"
      }
    }
  }
}'

Example Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 536

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:24:58.779Z"
  },
  "data" : {
    "type" : "anomaly-shield-application",
    "id" : "4",
    "attributes" : {
      "name" : "AnomalyShieldApplication",
      "tenant" : "AirlockBankingCo",
      "trainingDataCollection" : {
        "enabled" : true
      },
      "anomalyDetectionAndResponse" : {
        "enabled" : false,
        "threatHandling" : "LOG_ONLY",
        "sessionAnomalyDetailsLogging" : "ON_PATTERN_CHANGES"
      }
    }
  }
}

Update an Anomaly Shield Application

PATCH /configuration/anomaly-shield-applications/{id}

Content-Type application/json

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "anomaly-shield-application" for this call.

data.id

String

yes

The ID of the resource to be addressed.

data.attributes.anomalyDetectionAndResponse.enabled

Boolean

no

Whether anomaly detection and response rules are enabled.

data.attributes.anomalyDetectionAndResponse.sessionAnomalyDetailsLogging

String

no

Specifies when low-level machine learning information (e.g. the current session anomaly pattern) should be logged. If set to ALWAYS, the information will be logged for every request.

Allowed values:
- NEVER
- ON_PATTERN_CHANGES
- ON_VALUE_CHANGES
- ALWAYS

data.attributes.anomalyDetectionAndResponse.threatHandling

String

no

Specifies whether actions of triggered rules should be executed or only logged.

Allowed values:
- EXECUTE_ACTIONS
- LOG_ONLY

data.attributes.name

String

no

The unique name of the Anomaly Shield Application.

data.attributes.tenant

String

no

Tenant of the Anomaly Shield Application.

data.attributes.trainingDataCollection.enabled

Boolean

no

Whether request data of this application should be collected for subsequent Anomaly Shield training.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "anomaly-shield-application" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.anomalyDetectionAndResponse.enabled

Boolean

Whether anomaly detection and response rules are enabled.

data.attributes.anomalyDetectionAndResponse.sessionAnomalyDetailsLogging

String

Specifies when low-level machine learning information (e.g. the current session anomaly pattern) should be logged. If set to ALWAYS, the information will be logged for every request.

Allowed values:
- NEVER
- ON_PATTERN_CHANGES
- ON_VALUE_CHANGES
- ALWAYS

data.attributes.anomalyDetectionAndResponse.threatHandling

String

Specifies whether actions of triggered rules should be executed or only logged.

Allowed values:
- EXECUTE_ACTIONS
- LOG_ONLY

data.attributes.name

String

The unique name of the Anomaly Shield Application.

data.attributes.tenant

String

Tenant of the Anomaly Shield Application.

data.attributes.trainingDataCollection.enabled

Boolean

Whether request data of this application should be collected for subsequent Anomaly Shield training.

data.relationships.mappings.data[]

Array

The mapping references.

data.relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.mappings.data[].id

String

The ID of the mapping resource.

data.relationships.anomaly-shield-rules.data[]

Array

The anomaly-shield-rule references.

data.relationships.anomaly-shield-rules.data[].type

String

The data type of the referenced resource. Must be "anomaly-shield-rule" for this call.

data.relationships.anomaly-shield-rules.data[].id

String

The ID of the anomaly-shield-rule resource.

data.relationships.training-data-collection-exclusions.data[]

Array

The anomaly-shield-traffic-matcher references.

data.relationships.training-data-collection-exclusions.data[].type

String

The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call.

data.relationships.training-data-collection-exclusions.data[].id

String

The ID of the anomaly-shield-traffic-matcher resource.

data.relationships.anomaly-detection-exclusions.data[]

Array

The anomaly-shield-traffic-matcher references.

data.relationships.anomaly-detection-exclusions.data[].type

String

The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call.

data.relationships.anomaly-detection-exclusions.data[].id

String

The ID of the anomaly-shield-traffic-matcher resource.

data.relationships.response-rule-exceptions.data[]

Array

The anomaly-shield-traffic-matcher references.

data.relationships.response-rule-exceptions.data[].type

String

The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call.

data.relationships.response-rule-exceptions.data[].id

String

The ID of the anomaly-shield-traffic-matcher resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications/1" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "anomaly-shield-application",
    "id" : "1",
    "attributes" : {
      "name" : "AnomalyShieldApplication",
      "tenant" : "AirlockBankingCo",
      "trainingDataCollection" : {
        "enabled" : true
      },
      "anomalyDetectionAndResponse" : {
        "enabled" : false,
        "threatHandling" : "LOG_ONLY",
        "sessionAnomalyDetailsLogging" : "ON_PATTERN_CHANGES"
      }
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1139

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:24:58.967Z"
  },
  "data" : {
    "type" : "anomaly-shield-application",
    "id" : "1",
    "attributes" : {
      "name" : "AnomalyShieldApplication",
      "tenant" : "AirlockBankingCo",
      "trainingDataCollection" : {
        "enabled" : true
      },
      "anomalyDetectionAndResponse" : {
        "enabled" : false,
        "threatHandling" : "LOG_ONLY",
        "sessionAnomalyDetailsLogging" : "ON_PATTERN_CHANGES"
      }
    },
    "relationships" : {
      "mappings" : {
        "data" : [ {
          "type" : "mapping",
          "id" : "30"
        } ]
      },
      "anomaly-shield-rules" : {
        "data" : [ {
          "type" : "anomaly-shield-rule",
          "id" : "35"
        } ]
      },
      "training-data-collection-exclusions" : {
        "data" : [ {
          "type" : "anomaly-shield-traffic-matcher",
          "id" : "40"
        } ]
      },
      "response-rule-exceptions" : {
        "data" : [ {
          "type" : "anomaly-shield-traffic-matcher",
          "id" : "50"
        } ]
      }
    }
  }
}

Delete an Anomaly Shield Application

DELETE /configuration/anomaly-shield-applications/{id}

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications/1" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Add Mapping Anomaly Shield Application Connections

PATCH /configuration/anomaly-shield-applications/{id}/relationships/mappings

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "mapping" for this call.

data[].id

String

yes

The ID of the referenced "mapping" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications/3/relationships/mappings" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "mapping",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove Mapping Anomaly Shield Application Connections

DELETE /configuration/anomaly-shield-applications/{id}/relationships/mappings

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "mapping" for this call.

data[].id

String

yes

The ID of the referenced "mapping" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications/3/relationships/mappings" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "mapping",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Add Anomaly Shield Rule Connections

PATCH /configuration/anomaly-shield-applications/{id}/relationships/anomaly-shield-rules

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "anomaly-shield-rule" for this call.

data[].id

String

yes

The ID of the referenced "anomaly-shield-rule" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications/3/relationships/anomaly-shield-rules" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "anomaly-shield-rule",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove Anomaly Shield Rule Connections

DELETE /configuration/anomaly-shield-applications/{id}/relationships/anomaly-shield-rules

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "anomaly-shield-rule" for this call.

data[].id

String

yes

The ID of the referenced "anomaly-shield-rule" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications/3/relationships/anomaly-shield-rules" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "anomaly-shield-rule",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Add Training Data Collection Exclusions

PATCH /configuration/anomaly-shield-applications/{id}/relationships/training-data-collection-exclusions

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call.

data[].id

String

yes

The ID of the referenced "anomaly-shield-traffic-matcher" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications/3/relationships/training-data-collection-exclusions" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "anomaly-shield-traffic-matcher",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove Training Data Collection Exclusions

DELETE /configuration/anomaly-shield-applications/{id}/relationships/training-data-collection-exclusions

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call.

data[].id

String

yes

The ID of the referenced "anomaly-shield-traffic-matcher" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications/3/relationships/training-data-collection-exclusions" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "anomaly-shield-traffic-matcher",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Add Anomaly Detection Exclusions

PATCH /configuration/anomaly-shield-applications/{id}/relationships/anomaly-detection-exclusions

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call.

data[].id

String

yes

The ID of the referenced "anomaly-shield-traffic-matcher" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications/3/relationships/anomaly-detection-exclusions" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "anomaly-shield-traffic-matcher",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove Anomaly Detection Exclusions

DELETE /configuration/anomaly-shield-applications/{id}/relationships/anomaly-detection-exclusions

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call.

data[].id

String

yes

The ID of the referenced "anomaly-shield-traffic-matcher" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications/3/relationships/anomaly-detection-exclusions" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "anomaly-shield-traffic-matcher",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Add Response Rule Exceptions

PATCH /configuration/anomaly-shield-applications/{id}/relationships/response-rule-exceptions

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call.

data[].id

String

yes

The ID of the referenced "anomaly-shield-traffic-matcher" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications/3/relationships/response-rule-exceptions" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "anomaly-shield-traffic-matcher",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove Response Rule Exceptions

DELETE /configuration/anomaly-shield-applications/{id}/relationships/response-rule-exceptions

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call.

data[].id

String

yes

The ID of the referenced "anomaly-shield-traffic-matcher" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications/3/relationships/response-rule-exceptions" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "anomaly-shield-traffic-matcher",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Anomaly Shield Traffic Matchers

Access Anomaly Shield Traffic Matchers

GET /configuration/anomaly-shield-traffic-matchers

Accept application/json

Request Structure

Parameter Description Required

filter

Optionally allows to filter by: 'name'. Click here for more details about the syntax.

no

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "anomaly-shield-traffic-matcher" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.contentTypePattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.contentTypePattern.inverted

Boolean

Whether to invert the match.

data[].attributes.contentTypePattern.pattern

String

The actual pattern.

data[].attributes.headerNamePattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.headerNamePattern.inverted

Boolean

Whether to invert the match.

data[].attributes.headerNamePattern.pattern

String

The actual pattern.

data[].attributes.headerValuePattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.headerValuePattern.inverted

Boolean

Whether to invert the match.

data[].attributes.headerValuePattern.pattern

String

The actual pattern.

data[].attributes.httpMethodPattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.httpMethodPattern.inverted

Boolean

Whether to invert the match.

data[].attributes.httpMethodPattern.pattern

String

The actual pattern.

data[].attributes.name

String

The unique name of the Anomaly Shield Traffic Matcher.

data[].attributes.pathPattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.pathPattern.inverted

Boolean

Whether to invert the match.

data[].attributes.pathPattern.pattern

String

The actual pattern.

data[].attributes.tenant

String

Tenant of the Anomaly Shield Traffic Matcher.

data[].relationships.ip-address-lists.data[]

Array

The ip-address-list references.

data[].relationships.ip-address-lists.data[].type

String

The data type of the referenced resource. Must be "ip-address-list" for this call.

data[].relationships.ip-address-lists.data[].id

String

The ID of the ip-address-list resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-traffic-matchers?filter=name%3D%3DAnomalyShieldTrafficMatcher" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1109

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:08.250Z"
  },
  "data" : [ {
    "type" : "anomaly-shield-traffic-matcher",
    "id" : "1",
    "attributes" : {
      "name" : "AnomalyShieldTrafficMatcher",
      "tenant" : "AirlockBankingCo",
      "headerNamePattern" : {
        "pattern" : "^X-Header$",
        "caseIgnored" : false,
        "inverted" : false
      },
      "headerValuePattern" : {
        "pattern" : "^header-value$",
        "caseIgnored" : false,
        "inverted" : false
      },
      "pathPattern" : {
        "pattern" : "^/mypath",
        "caseIgnored" : true,
        "inverted" : false
      },
      "httpMethodPattern" : {
        "pattern" : "^GET$",
        "caseIgnored" : true,
        "inverted" : false
      },
      "contentTypePattern" : {
        "pattern" : "^image/jpeg$",
        "caseIgnored" : true,
        "inverted" : false
      }
    },
    "relationships" : {
      "ip-address-lists" : {
        "data" : [ {
          "type" : "ip-address-list",
          "id" : "60"
        } ]
      }
    }
  } ]
}

Access an Anomaly Shield Traffic Matcher

GET /configuration/anomaly-shield-traffic-matchers/{id}

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "anomaly-shield-traffic-matcher" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.contentTypePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.contentTypePattern.inverted

Boolean

Whether to invert the match.

data.attributes.contentTypePattern.pattern

String

The actual pattern.

data.attributes.headerNamePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.headerNamePattern.inverted

Boolean

Whether to invert the match.

data.attributes.headerNamePattern.pattern

String

The actual pattern.

data.attributes.headerValuePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.headerValuePattern.inverted

Boolean

Whether to invert the match.

data.attributes.headerValuePattern.pattern

String

The actual pattern.

data.attributes.httpMethodPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.httpMethodPattern.inverted

Boolean

Whether to invert the match.

data.attributes.httpMethodPattern.pattern

String

The actual pattern.

data.attributes.name

String

The unique name of the Anomaly Shield Traffic Matcher.

data.attributes.pathPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.pathPattern.inverted

Boolean

Whether to invert the match.

data.attributes.pathPattern.pattern

String

The actual pattern.

data.attributes.tenant

String

Tenant of the Anomaly Shield Traffic Matcher.

data.relationships.ip-address-lists.data[]

Array

The ip-address-list references.

data.relationships.ip-address-lists.data[].type

String

The data type of the referenced resource. Must be "ip-address-list" for this call.

data.relationships.ip-address-lists.data[].id

String

The ID of the ip-address-list resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-traffic-matchers/1" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1105

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:08.079Z"
  },
  "data" : {
    "type" : "anomaly-shield-traffic-matcher",
    "id" : "1",
    "attributes" : {
      "name" : "AnomalyShieldTrafficMatcher",
      "tenant" : "AirlockBankingCo",
      "headerNamePattern" : {
        "pattern" : "^X-Header$",
        "caseIgnored" : false,
        "inverted" : false
      },
      "headerValuePattern" : {
        "pattern" : "^header-value$",
        "caseIgnored" : false,
        "inverted" : false
      },
      "pathPattern" : {
        "pattern" : "^/mypath",
        "caseIgnored" : true,
        "inverted" : false
      },
      "httpMethodPattern" : {
        "pattern" : "^GET$",
        "caseIgnored" : true,
        "inverted" : false
      },
      "contentTypePattern" : {
        "pattern" : "^image/jpeg$",
        "caseIgnored" : true,
        "inverted" : false
      }
    },
    "relationships" : {
      "ip-address-lists" : {
        "data" : [ {
          "type" : "ip-address-list",
          "id" : "60"
        } ]
      }
    }
  }
}

Create an Anomaly Shield Traffic Matcher

POST /configuration/anomaly-shield-traffic-matchers

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "anomaly-shield-traffic-matcher" for this call.

data.attributes.contentTypePattern.caseIgnored

Boolean

yes

Whether to ignore case.

data.attributes.contentTypePattern.inverted

Boolean

yes

Whether to invert the match.

data.attributes.contentTypePattern.pattern

String

yes

The actual pattern.

data.attributes.headerNamePattern.caseIgnored

Boolean

yes

Whether to ignore case.

data.attributes.headerNamePattern.inverted

Boolean

yes

Whether to invert the match.

data.attributes.headerNamePattern.pattern

String

yes

The actual pattern.

data.attributes.headerValuePattern.caseIgnored

Boolean

yes

Whether to ignore case.

data.attributes.headerValuePattern.inverted

Boolean

yes

Whether to invert the match.

data.attributes.headerValuePattern.pattern

String

yes

The actual pattern.

data.attributes.httpMethodPattern.caseIgnored

Boolean

yes

Whether to ignore case.

data.attributes.httpMethodPattern.inverted

Boolean

yes

Whether to invert the match.

data.attributes.httpMethodPattern.pattern

String

yes

The actual pattern.

data.attributes.name

String

yes

The unique name of the Anomaly Shield Traffic Matcher.

data.attributes.pathPattern.caseIgnored

Boolean

yes

Whether to ignore case.

data.attributes.pathPattern.inverted

Boolean

yes

Whether to invert the match.

data.attributes.pathPattern.pattern

String

yes

The actual pattern.

data.attributes.tenant

String

yes

Tenant of the Anomaly Shield Traffic Matcher.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "anomaly-shield-traffic-matcher" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.contentTypePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.contentTypePattern.inverted

Boolean

Whether to invert the match.

data.attributes.contentTypePattern.pattern

String

The actual pattern.

data.attributes.headerNamePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.headerNamePattern.inverted

Boolean

Whether to invert the match.

data.attributes.headerNamePattern.pattern

String

The actual pattern.

data.attributes.headerValuePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.headerValuePattern.inverted

Boolean

Whether to invert the match.

data.attributes.headerValuePattern.pattern

String

The actual pattern.

data.attributes.httpMethodPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.httpMethodPattern.inverted

Boolean

Whether to invert the match.

data.attributes.httpMethodPattern.pattern

String

The actual pattern.

data.attributes.name

String

The unique name of the Anomaly Shield Traffic Matcher.

data.attributes.pathPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.pathPattern.inverted

Boolean

Whether to invert the match.

data.attributes.pathPattern.pattern

String

The actual pattern.

data.attributes.tenant

String

Tenant of the Anomaly Shield Traffic Matcher.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-traffic-matchers" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "anomaly-shield-traffic-matcher",
    "attributes" : {
      "name" : "AnomalyShieldTrafficMatcher",
      "tenant" : "AirlockBankingCo",
      "headerNamePattern" : {
        "pattern" : "^X-Header$",
        "caseIgnored" : false,
        "inverted" : false
      },
      "headerValuePattern" : {
        "pattern" : "^header-value$",
        "caseIgnored" : false,
        "inverted" : false
      },
      "pathPattern" : {
        "pattern" : "^/mypath",
        "caseIgnored" : true,
        "inverted" : false
      },
      "httpMethodPattern" : {
        "pattern" : "^GET$",
        "caseIgnored" : true,
        "inverted" : false
      },
      "contentTypePattern" : {
        "pattern" : "^image/jpeg$",
        "caseIgnored" : true,
        "inverted" : false
      }
    }
  }
}'

Example Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 944

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:08.203Z"
  },
  "data" : {
    "type" : "anomaly-shield-traffic-matcher",
    "id" : "4",
    "attributes" : {
      "name" : "AnomalyShieldTrafficMatcher",
      "tenant" : "AirlockBankingCo",
      "headerNamePattern" : {
        "pattern" : "^X-Header$",
        "caseIgnored" : false,
        "inverted" : false
      },
      "headerValuePattern" : {
        "pattern" : "^header-value$",
        "caseIgnored" : false,
        "inverted" : false
      },
      "pathPattern" : {
        "pattern" : "^/mypath",
        "caseIgnored" : true,
        "inverted" : false
      },
      "httpMethodPattern" : {
        "pattern" : "^GET$",
        "caseIgnored" : true,
        "inverted" : false
      },
      "contentTypePattern" : {
        "pattern" : "^image/jpeg$",
        "caseIgnored" : true,
        "inverted" : false
      }
    }
  }
}

Update an Anomaly Shield Traffic Matcher

PATCH /configuration/anomaly-shield-traffic-matchers/{id}

Content-Type application/json

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "anomaly-shield-traffic-matcher" for this call.

data.id

String

yes

The ID of the resource to be addressed.

data.attributes.contentTypePattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.contentTypePattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.contentTypePattern.pattern

String

no

The actual pattern.

data.attributes.headerNamePattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.headerNamePattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.headerNamePattern.pattern

String

no

The actual pattern.

data.attributes.headerValuePattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.headerValuePattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.headerValuePattern.pattern

String

no

The actual pattern.

data.attributes.httpMethodPattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.httpMethodPattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.httpMethodPattern.pattern

String

no

The actual pattern.

data.attributes.name

String

no

The unique name of the Anomaly Shield Traffic Matcher.

data.attributes.pathPattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.pathPattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.pathPattern.pattern

String

no

The actual pattern.

data.attributes.tenant

String

no

Tenant of the Anomaly Shield Traffic Matcher.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "anomaly-shield-traffic-matcher" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.contentTypePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.contentTypePattern.inverted

Boolean

Whether to invert the match.

data.attributes.contentTypePattern.pattern

String

The actual pattern.

data.attributes.headerNamePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.headerNamePattern.inverted

Boolean

Whether to invert the match.

data.attributes.headerNamePattern.pattern

String

The actual pattern.

data.attributes.headerValuePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.headerValuePattern.inverted

Boolean

Whether to invert the match.

data.attributes.headerValuePattern.pattern

String

The actual pattern.

data.attributes.httpMethodPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.httpMethodPattern.inverted

Boolean

Whether to invert the match.

data.attributes.httpMethodPattern.pattern

String

The actual pattern.

data.attributes.name

String

The unique name of the Anomaly Shield Traffic Matcher.

data.attributes.pathPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.pathPattern.inverted

Boolean

Whether to invert the match.

data.attributes.pathPattern.pattern

String

The actual pattern.

data.attributes.tenant

String

Tenant of the Anomaly Shield Traffic Matcher.

data.relationships.ip-address-lists.data[]

Array

The ip-address-list references.

data.relationships.ip-address-lists.data[].type

String

The data type of the referenced resource. Must be "ip-address-list" for this call.

data.relationships.ip-address-lists.data[].id

String

The ID of the ip-address-list resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-traffic-matchers/1" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "anomaly-shield-traffic-matcher",
    "id" : "1",
    "attributes" : {
      "name" : "AnomalyShieldTrafficMatcher",
      "tenant" : "AirlockBankingCo",
      "headerNamePattern" : {
        "pattern" : "^X-Header$",
        "caseIgnored" : false,
        "inverted" : false
      },
      "headerValuePattern" : {
        "pattern" : "^header-value$",
        "caseIgnored" : false,
        "inverted" : false
      },
      "pathPattern" : {
        "pattern" : "^/mypath",
        "caseIgnored" : true,
        "inverted" : false
      },
      "httpMethodPattern" : {
        "pattern" : "^GET$",
        "caseIgnored" : true,
        "inverted" : false
      },
      "contentTypePattern" : {
        "pattern" : "^image/jpeg$",
        "caseIgnored" : true,
        "inverted" : false
      }
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1105

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:08.278Z"
  },
  "data" : {
    "type" : "anomaly-shield-traffic-matcher",
    "id" : "1",
    "attributes" : {
      "name" : "AnomalyShieldTrafficMatcher",
      "tenant" : "AirlockBankingCo",
      "headerNamePattern" : {
        "pattern" : "^X-Header$",
        "caseIgnored" : false,
        "inverted" : false
      },
      "headerValuePattern" : {
        "pattern" : "^header-value$",
        "caseIgnored" : false,
        "inverted" : false
      },
      "pathPattern" : {
        "pattern" : "^/mypath",
        "caseIgnored" : true,
        "inverted" : false
      },
      "httpMethodPattern" : {
        "pattern" : "^GET$",
        "caseIgnored" : true,
        "inverted" : false
      },
      "contentTypePattern" : {
        "pattern" : "^image/jpeg$",
        "caseIgnored" : true,
        "inverted" : false
      }
    },
    "relationships" : {
      "ip-address-lists" : {
        "data" : [ {
          "type" : "ip-address-list",
          "id" : "60"
        } ]
      }
    }
  }
}

Delete an Anomaly Shield Traffic Matcher

DELETE /configuration/anomaly-shield-traffic-matchers/{id}

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-traffic-matchers/1" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Add IP Address List Connections

PATCH /configuration/anomaly-shield-traffic-matchers/{id}/relationships/ip-address-lists

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "ip-address-list" for this call.

data[].id

String

yes

The ID of the referenced "ip-address-list" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-traffic-matchers/3/relationships/ip-address-lists" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "ip-address-list",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove IP Address List Connections

DELETE /configuration/anomaly-shield-traffic-matchers/{id}/relationships/ip-address-lists

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "ip-address-list" for this call.

data[].id

String

yes

The ID of the referenced "ip-address-list" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-traffic-matchers/3/relationships/ip-address-lists" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "ip-address-list",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Anomaly Shield Triggers

Access Anomaly Shield Triggers

GET /configuration/anomaly-shield-triggers

Accept application/json

Request Structure

Parameter Description Required

filter

Optionally allows to filter by: 'name'. Click here for more details about the syntax.

no

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "anomaly-shield-trigger" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.minimalBitCount

Number

Minimal count of hit anomalous indicators that is needed to trigger a pattern of the Anomaly Shield Trigger.

data[].attributes.name

String

The unique name of the Anomaly Shield Trigger.

data[].attributes.tenant

String

Tenant of the Anomaly Shield Trigger.

data[].attributes.triggerPatterns[]

Array

This trigger will be activated whenever the current session anomaly pattern matches any of these patterns (while satisfying minimalBitCount).

data[].attributes.triggerPatterns[].connectionMetrics

String

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data[].attributes.triggerPatterns[].graphMetricsCluster

String

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data[].attributes.triggerPatterns[].isolationForest

String

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data[].attributes.triggerPatterns[].multipleCountries

String

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data[].attributes.triggerPatterns[].statusCodeMeta

String

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data[].attributes.triggerPatterns[].timingCluster

String

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data[].relationships.anomaly-shield-rules.data[]

Array

The anomaly-shield-rule references.

data[].relationships.anomaly-shield-rules.data[].type

String

The data type of the referenced resource. Must be "anomaly-shield-rule" for this call.

data[].relationships.anomaly-shield-rules.data[].id

String

The ID of the anomaly-shield-rule resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-triggers?filter=name%3D%3DAnomalyShieldTrigger" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 766

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:10.904Z"
  },
  "data" : [ {
    "type" : "anomaly-shield-trigger",
    "id" : "1",
    "attributes" : {
      "name" : "AnomalyShieldTrigger",
      "tenant" : "AirlockBankingCo",
      "minimalBitCount" : 3,
      "triggerPatterns" : [ {
        "connectionMetrics" : "NORMAL",
        "graphMetricsCluster" : "ANOMALOUS",
        "isolationForest" : "DISABLED",
        "multipleCountries" : "NORMAL",
        "statusCodeMeta" : "ANOMALOUS",
        "timingCluster" : "DISABLED"
      } ]
    },
    "relationships" : {
      "anomaly-shield-rules" : {
        "data" : [ {
          "type" : "anomaly-shield-rule",
          "id" : "5"
        } ]
      }
    }
  } ]
}

Access an Anomaly Shield Trigger

GET /configuration/anomaly-shield-triggers/{id}

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "anomaly-shield-trigger" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.minimalBitCount

Number

Minimal count of hit anomalous indicators that is needed to trigger a pattern of the Anomaly Shield Trigger.

data.attributes.name

String

The unique name of the Anomaly Shield Trigger.

data.attributes.tenant

String

Tenant of the Anomaly Shield Trigger.

data.attributes.triggerPatterns[]

Array

This trigger will be activated whenever the current session anomaly pattern matches any of these patterns (while satisfying minimalBitCount).

data.attributes.triggerPatterns[].connectionMetrics

String

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.attributes.triggerPatterns[].graphMetricsCluster

String

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.attributes.triggerPatterns[].isolationForest

String

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.attributes.triggerPatterns[].multipleCountries

String

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.attributes.triggerPatterns[].statusCodeMeta

String

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.attributes.triggerPatterns[].timingCluster

String

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.relationships.anomaly-shield-rules.data[]

Array

The anomaly-shield-rule references.

data.relationships.anomaly-shield-rules.data[].type

String

The data type of the referenced resource. Must be "anomaly-shield-rule" for this call.

data.relationships.anomaly-shield-rules.data[].id

String

The ID of the anomaly-shield-rule resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-triggers/1" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 762

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:10.814Z"
  },
  "data" : {
    "type" : "anomaly-shield-trigger",
    "id" : "1",
    "attributes" : {
      "name" : "AnomalyShieldTrigger",
      "tenant" : "AirlockBankingCo",
      "minimalBitCount" : 3,
      "triggerPatterns" : [ {
        "connectionMetrics" : "NORMAL",
        "graphMetricsCluster" : "ANOMALOUS",
        "isolationForest" : "DISABLED",
        "multipleCountries" : "NORMAL",
        "statusCodeMeta" : "ANOMALOUS",
        "timingCluster" : "DISABLED"
      } ]
    },
    "relationships" : {
      "anomaly-shield-rules" : {
        "data" : [ {
          "type" : "anomaly-shield-rule",
          "id" : "5"
        } ]
      }
    }
  }
}

Create an Anomaly Shield Trigger

POST /configuration/anomaly-shield-triggers

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "anomaly-shield-trigger" for this call.

data.attributes.minimalBitCount

Number

yes

Minimal count of hit anomalous indicators that is needed to trigger a pattern of the Anomaly Shield Trigger.

data.attributes.name

String

yes

The unique name of the Anomaly Shield Trigger.

data.attributes.tenant

String

yes

Tenant of the Anomaly Shield Trigger.

data.attributes.triggerPatterns[]

Array

yes

This trigger will be activated whenever the current session anomaly pattern matches any of these patterns (while satisfying minimalBitCount).

data.attributes.triggerPatterns[].connectionMetrics

String

yes

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.attributes.triggerPatterns[].graphMetricsCluster

String

yes

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.attributes.triggerPatterns[].isolationForest

String

yes

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.attributes.triggerPatterns[].multipleCountries

String

yes

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.attributes.triggerPatterns[].statusCodeMeta

String

yes

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.attributes.triggerPatterns[].timingCluster

String

yes

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "anomaly-shield-trigger" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.minimalBitCount

Number

Minimal count of hit anomalous indicators that is needed to trigger a pattern of the Anomaly Shield Trigger.

data.attributes.name

String

The unique name of the Anomaly Shield Trigger.

data.attributes.tenant

String

Tenant of the Anomaly Shield Trigger.

data.attributes.triggerPatterns[]

Array

This trigger will be activated whenever the current session anomaly pattern matches any of these patterns (while satisfying minimalBitCount).

data.attributes.triggerPatterns[].connectionMetrics

String

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.attributes.triggerPatterns[].graphMetricsCluster

String

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.attributes.triggerPatterns[].isolationForest

String

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.attributes.triggerPatterns[].multipleCountries

String

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.attributes.triggerPatterns[].statusCodeMeta

String

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.attributes.triggerPatterns[].timingCluster

String

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-triggers" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "anomaly-shield-trigger",
    "attributes" : {
      "name" : "AnomalyShieldTrigger",
      "tenant" : "AirlockBankingCo",
      "minimalBitCount" : 3,
      "triggerPatterns" : [ {
        "connectionMetrics" : "NORMAL",
        "graphMetricsCluster" : "ANOMALOUS",
        "isolationForest" : "DISABLED",
        "multipleCountries" : "NORMAL",
        "statusCodeMeta" : "ANOMALOUS",
        "timingCluster" : "ANOMALOUS"
      } ]
    }
  }
}'

Example Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 595

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:10.862Z"
  },
  "data" : {
    "type" : "anomaly-shield-trigger",
    "id" : "4",
    "attributes" : {
      "name" : "AnomalyShieldTrigger",
      "tenant" : "AirlockBankingCo",
      "minimalBitCount" : 3,
      "triggerPatterns" : [ {
        "connectionMetrics" : "NORMAL",
        "graphMetricsCluster" : "ANOMALOUS",
        "isolationForest" : "DISABLED",
        "multipleCountries" : "NORMAL",
        "statusCodeMeta" : "ANOMALOUS",
        "timingCluster" : "ANOMALOUS"
      } ]
    }
  }
}

Update an Anomaly Shield Trigger

PATCH /configuration/anomaly-shield-triggers/{id}

Content-Type application/json

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "anomaly-shield-trigger" for this call.

data.id

String

yes

The ID of the resource to be addressed.

data.attributes.minimalBitCount

Number

no

Minimal count of hit anomalous indicators that is needed to trigger a pattern of the Anomaly Shield Trigger.

data.attributes.name

String

no

The unique name of the Anomaly Shield Trigger.

data.attributes.tenant

String

no

Tenant of the Anomaly Shield Trigger.

data.attributes.triggerPatterns[]

Array

no

This trigger will be activated whenever the current session anomaly pattern matches any of these patterns (while satisfying minimalBitCount).

data.attributes.triggerPatterns[].connectionMetrics

String

no

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.attributes.triggerPatterns[].graphMetricsCluster

String

no

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.attributes.triggerPatterns[].isolationForest

String

no

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.attributes.triggerPatterns[].multipleCountries

String

no

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.attributes.triggerPatterns[].statusCodeMeta

String

no

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.attributes.triggerPatterns[].timingCluster

String

no

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "anomaly-shield-trigger" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.minimalBitCount

Number

Minimal count of hit anomalous indicators that is needed to trigger a pattern of the Anomaly Shield Trigger.

data.attributes.name

String

The unique name of the Anomaly Shield Trigger.

data.attributes.tenant

String

Tenant of the Anomaly Shield Trigger.

data.attributes.triggerPatterns[]

Array

This trigger will be activated whenever the current session anomaly pattern matches any of these patterns (while satisfying minimalBitCount).

data.attributes.triggerPatterns[].connectionMetrics

String

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.attributes.triggerPatterns[].graphMetricsCluster

String

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.attributes.triggerPatterns[].isolationForest

String

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.attributes.triggerPatterns[].multipleCountries

String

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.attributes.triggerPatterns[].statusCodeMeta

String

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.attributes.triggerPatterns[].timingCluster

String

Anomaly Shield Indicator.

Allowed values:
- DISABLED
- NORMAL
- ANOMALOUS

data.relationships.anomaly-shield-rules.data[]

Array

The anomaly-shield-rule references.

data.relationships.anomaly-shield-rules.data[].type

String

The data type of the referenced resource. Must be "anomaly-shield-rule" for this call.

data.relationships.anomaly-shield-rules.data[].id

String

The ID of the anomaly-shield-rule resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-triggers/1" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "anomaly-shield-trigger",
    "id" : "1",
    "attributes" : {
      "name" : "AnomalyShieldTrigger",
      "tenant" : "AirlockBankingCo",
      "minimalBitCount" : 3,
      "triggerPatterns" : [ {
        "connectionMetrics" : "NORMAL",
        "graphMetricsCluster" : "ANOMALOUS",
        "isolationForest" : "DISABLED",
        "multipleCountries" : "NORMAL",
        "statusCodeMeta" : "ANOMALOUS",
        "timingCluster" : "ANOMALOUS"
      } ]
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 763

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:10.929Z"
  },
  "data" : {
    "type" : "anomaly-shield-trigger",
    "id" : "1",
    "attributes" : {
      "name" : "AnomalyShieldTrigger",
      "tenant" : "AirlockBankingCo",
      "minimalBitCount" : 3,
      "triggerPatterns" : [ {
        "connectionMetrics" : "NORMAL",
        "graphMetricsCluster" : "ANOMALOUS",
        "isolationForest" : "DISABLED",
        "multipleCountries" : "NORMAL",
        "statusCodeMeta" : "ANOMALOUS",
        "timingCluster" : "ANOMALOUS"
      } ]
    },
    "relationships" : {
      "anomaly-shield-rules" : {
        "data" : [ {
          "type" : "anomaly-shield-rule",
          "id" : "5"
        } ]
      }
    }
  }
}

Delete an Anomaly Shield Trigger

DELETE /configuration/anomaly-shield-triggers/{id}

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-triggers/1" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Anomaly Shield Rules

Access Anomaly Shield Rules

GET /configuration/anomaly-shield-rules

Accept application/json

Request Structure

Parameter Description Required

filter

Optionally allows to filter by: 'name'. Click here for more details about the syntax.

no

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "anomaly-shield-rule" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.actions.incidentLoggingEnabled

Boolean

If enabled, a message will be written to the log whenever a session triggers this rule.

data[].attributes.actions.ipBlockingEnabled

Boolean

If enabled, the source IPs of sessions which trigger this rule will be blocked.

data[].attributes.actions.removeRoles.enabled

Boolean

If enabled, authorization roles matching the specified pattern will be revoked whenever a session triggers this rule.

data[].attributes.actions.removeRoles.rolePattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.actions.removeRoles.rolePattern.inverted

Boolean

Whether to invert the match.

data[].attributes.actions.removeRoles.rolePattern.pattern

String

The actual pattern.

data[].attributes.actions.sessionTaggingEnabled

Boolean

If enabled, sessions which trigger this rule will be tagged as anomalous.

data[].attributes.actions.sessionTerminationEnabled

Boolean

If enabled, sessions which trigger this rule will be immediately terminated.

data[].attributes.name

String

The unique name of the Anomaly Shield Rule.

data[].attributes.tenant

String

Tenant of the Anomaly Shield Rule.

data[].relationships.anomaly-shield-applications.data[]

Array

The anomaly-shield-application references.

data[].relationships.anomaly-shield-applications.data[].type

String

The data type of the referenced resource. Must be "anomaly-shield-application" for this call.

data[].relationships.anomaly-shield-applications.data[].id

String

The ID of the anomaly-shield-application resource.

data[].relationships.anomaly-shield-triggers.data[]

Array

The anomaly-shield-trigger references.

data[].relationships.anomaly-shield-triggers.data[].type

String

The data type of the referenced resource. Must be "anomaly-shield-trigger" for this call.

data[].relationships.anomaly-shield-triggers.data[].id

String

The ID of the anomaly-shield-trigger resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-rules?filter=name%3D%3DAnomalyShieldRule" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 998

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:05.229Z"
  },
  "data" : [ {
    "type" : "anomaly-shield-rule",
    "id" : "1",
    "attributes" : {
      "name" : "AnomalyShieldRule",
      "tenant" : "AirlockBankingCo",
      "actions" : {
        "incidentLoggingEnabled" : true,
        "sessionTaggingEnabled" : true,
        "sessionTerminationEnabled" : true,
        "ipBlockingEnabled" : false,
        "removeRoles" : {
          "enabled" : false,
          "rolePattern" : {
            "pattern" : "",
            "caseIgnored" : false,
            "inverted" : false
          }
        }
      }
    },
    "relationships" : {
      "anomaly-shield-applications" : {
        "data" : [ {
          "type" : "anomaly-shield-application",
          "id" : "20"
        } ]
      },
      "anomaly-shield-triggers" : {
        "data" : [ {
          "type" : "anomaly-shield-trigger",
          "id" : "30"
        } ]
      }
    }
  } ]
}

Access Anomaly Shield Rule

GET /configuration/anomaly-shield-rules/{id}

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "anomaly-shield-rule" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.actions.incidentLoggingEnabled

Boolean

If enabled, a message will be written to the log whenever a session triggers this rule.

data.attributes.actions.ipBlockingEnabled

Boolean

If enabled, the source IPs of sessions which trigger this rule will be blocked.

data.attributes.actions.removeRoles.enabled

Boolean

If enabled, authorization roles matching the specified pattern will be revoked whenever a session triggers this rule.

data.attributes.actions.removeRoles.rolePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.actions.removeRoles.rolePattern.inverted

Boolean

Whether to invert the match.

data.attributes.actions.removeRoles.rolePattern.pattern

String

The actual pattern.

data.attributes.actions.sessionTaggingEnabled

Boolean

If enabled, sessions which trigger this rule will be tagged as anomalous.

data.attributes.actions.sessionTerminationEnabled

Boolean

If enabled, sessions which trigger this rule will be immediately terminated.

data.attributes.name

String

The unique name of the Anomaly Shield Rule.

data.attributes.tenant

String

Tenant of the Anomaly Shield Rule.

data.relationships.anomaly-shield-applications.data[]

Array

The anomaly-shield-application references.

data.relationships.anomaly-shield-applications.data[].type

String

The data type of the referenced resource. Must be "anomaly-shield-application" for this call.

data.relationships.anomaly-shield-applications.data[].id

String

The ID of the anomaly-shield-application resource.

data.relationships.anomaly-shield-triggers.data[]

Array

The anomaly-shield-trigger references.

data.relationships.anomaly-shield-triggers.data[].type

String

The data type of the referenced resource. Must be "anomaly-shield-trigger" for this call.

data.relationships.anomaly-shield-triggers.data[].id

String

The ID of the anomaly-shield-trigger resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-rules/1" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 994

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:05.046Z"
  },
  "data" : {
    "type" : "anomaly-shield-rule",
    "id" : "1",
    "attributes" : {
      "name" : "AnomalyShieldRule",
      "tenant" : "AirlockBankingCo",
      "actions" : {
        "incidentLoggingEnabled" : true,
        "sessionTaggingEnabled" : true,
        "sessionTerminationEnabled" : true,
        "ipBlockingEnabled" : false,
        "removeRoles" : {
          "enabled" : false,
          "rolePattern" : {
            "pattern" : "",
            "caseIgnored" : false,
            "inverted" : false
          }
        }
      }
    },
    "relationships" : {
      "anomaly-shield-applications" : {
        "data" : [ {
          "type" : "anomaly-shield-application",
          "id" : "20"
        } ]
      },
      "anomaly-shield-triggers" : {
        "data" : [ {
          "type" : "anomaly-shield-trigger",
          "id" : "30"
        } ]
      }
    }
  }
}

Create an Anomaly Shield Rule

POST /configuration/anomaly-shield-rules

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "anomaly-shield-rule" for this call.

data.attributes.actions.incidentLoggingEnabled

Boolean

yes

If enabled, a message will be written to the log whenever a session triggers this rule.

data.attributes.actions.ipBlockingEnabled

Boolean

yes

If enabled, the source IPs of sessions which trigger this rule will be blocked.

data.attributes.actions.removeRoles.enabled

Boolean

yes

If enabled, authorization roles matching the specified pattern will be revoked whenever a session triggers this rule.

data.attributes.actions.removeRoles.rolePattern.caseIgnored

Boolean

yes

Whether to ignore case.

data.attributes.actions.removeRoles.rolePattern.inverted

Boolean

yes

Whether to invert the match.

data.attributes.actions.removeRoles.rolePattern.pattern

String

yes

The actual pattern.

data.attributes.actions.sessionTaggingEnabled

Boolean

yes

If enabled, sessions which trigger this rule will be tagged as anomalous.

data.attributes.actions.sessionTerminationEnabled

Boolean

yes

If enabled, sessions which trigger this rule will be immediately terminated.

data.attributes.name

String

yes

The unique name of the Anomaly Shield Rule.

data.attributes.tenant

String

yes

Tenant of the Anomaly Shield Rule.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "anomaly-shield-rule" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.actions.incidentLoggingEnabled

Boolean

If enabled, a message will be written to the log whenever a session triggers this rule.

data.attributes.actions.ipBlockingEnabled

Boolean

If enabled, the source IPs of sessions which trigger this rule will be blocked.

data.attributes.actions.removeRoles.enabled

Boolean

If enabled, authorization roles matching the specified pattern will be revoked whenever a session triggers this rule.

data.attributes.actions.removeRoles.rolePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.actions.removeRoles.rolePattern.inverted

Boolean

Whether to invert the match.

data.attributes.actions.removeRoles.rolePattern.pattern

String

The actual pattern.

data.attributes.actions.sessionTaggingEnabled

Boolean

If enabled, sessions which trigger this rule will be tagged as anomalous.

data.attributes.actions.sessionTerminationEnabled

Boolean

If enabled, sessions which trigger this rule will be immediately terminated.

data.attributes.name

String

The unique name of the Anomaly Shield Rule.

data.attributes.tenant

String

Tenant of the Anomaly Shield Rule.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-rules" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "anomaly-shield-rule",
    "attributes" : {
      "name" : "AnomalyShieldRule",
      "tenant" : "AirlockBankingCo",
      "actions" : {
        "incidentLoggingEnabled" : true,
        "sessionTaggingEnabled" : true,
        "sessionTerminationEnabled" : true,
        "ipBlockingEnabled" : false,
        "removeRoles" : {
          "enabled" : true,
          "rolePattern" : {
            "pattern" : "normal-auth",
            "caseIgnored" : false,
            "inverted" : false
          }
        }
      }
    }
  }
}'

Example Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 676

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:05.178Z"
  },
  "data" : {
    "type" : "anomaly-shield-rule",
    "id" : "4",
    "attributes" : {
      "name" : "AnomalyShieldRule",
      "tenant" : "AirlockBankingCo",
      "actions" : {
        "incidentLoggingEnabled" : true,
        "sessionTaggingEnabled" : true,
        "sessionTerminationEnabled" : true,
        "ipBlockingEnabled" : false,
        "removeRoles" : {
          "enabled" : true,
          "rolePattern" : {
            "pattern" : "normal-auth",
            "caseIgnored" : false,
            "inverted" : false
          }
        }
      }
    }
  }
}

Update an Anomaly Shield Rule

PATCH /configuration/anomaly-shield-rules/{id}

Content-Type application/json

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "anomaly-shield-rule" for this call.

data.id

String

yes

The ID of the resource to be addressed.

data.attributes.actions.incidentLoggingEnabled

Boolean

no

If enabled, a message will be written to the log whenever a session triggers this rule.

data.attributes.actions.ipBlockingEnabled

Boolean

no

If enabled, the source IPs of sessions which trigger this rule will be blocked.

data.attributes.actions.removeRoles.enabled

Boolean

no

If enabled, authorization roles matching the specified pattern will be revoked whenever a session triggers this rule.

data.attributes.actions.removeRoles.rolePattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.actions.removeRoles.rolePattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.actions.removeRoles.rolePattern.pattern

String

no

The actual pattern.

data.attributes.actions.sessionTaggingEnabled

Boolean

no

If enabled, sessions which trigger this rule will be tagged as anomalous.

data.attributes.actions.sessionTerminationEnabled

Boolean

no

If enabled, sessions which trigger this rule will be immediately terminated.

data.attributes.name

String

no

The unique name of the Anomaly Shield Rule.

data.attributes.tenant

String

no

Tenant of the Anomaly Shield Rule.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "anomaly-shield-rule" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.actions.incidentLoggingEnabled

Boolean

If enabled, a message will be written to the log whenever a session triggers this rule.

data.attributes.actions.ipBlockingEnabled

Boolean

If enabled, the source IPs of sessions which trigger this rule will be blocked.

data.attributes.actions.removeRoles.enabled

Boolean

If enabled, authorization roles matching the specified pattern will be revoked whenever a session triggers this rule.

data.attributes.actions.removeRoles.rolePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.actions.removeRoles.rolePattern.inverted

Boolean

Whether to invert the match.

data.attributes.actions.removeRoles.rolePattern.pattern

String

The actual pattern.

data.attributes.actions.sessionTaggingEnabled

Boolean

If enabled, sessions which trigger this rule will be tagged as anomalous.

data.attributes.actions.sessionTerminationEnabled

Boolean

If enabled, sessions which trigger this rule will be immediately terminated.

data.attributes.name

String

The unique name of the Anomaly Shield Rule.

data.attributes.tenant

String

Tenant of the Anomaly Shield Rule.

data.relationships.anomaly-shield-applications.data[]

Array

The anomaly-shield-application references.

data.relationships.anomaly-shield-applications.data[].type

String

The data type of the referenced resource. Must be "anomaly-shield-application" for this call.

data.relationships.anomaly-shield-applications.data[].id

String

The ID of the anomaly-shield-application resource.

data.relationships.anomaly-shield-triggers.data[]

Array

The anomaly-shield-trigger references.

data.relationships.anomaly-shield-triggers.data[].type

String

The data type of the referenced resource. Must be "anomaly-shield-trigger" for this call.

data.relationships.anomaly-shield-triggers.data[].id

String

The ID of the anomaly-shield-trigger resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-rules/1" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "anomaly-shield-rule",
    "id" : "1",
    "attributes" : {
      "name" : "AnomalyShieldRule",
      "tenant" : "AirlockBankingCo",
      "actions" : {
        "incidentLoggingEnabled" : true,
        "sessionTaggingEnabled" : true,
        "sessionTerminationEnabled" : true,
        "ipBlockingEnabled" : false,
        "removeRoles" : {
          "enabled" : true,
          "rolePattern" : {
            "pattern" : "normal-auth",
            "caseIgnored" : false,
            "inverted" : false
          }
        }
      }
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1004

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:05.288Z"
  },
  "data" : {
    "type" : "anomaly-shield-rule",
    "id" : "1",
    "attributes" : {
      "name" : "AnomalyShieldRule",
      "tenant" : "AirlockBankingCo",
      "actions" : {
        "incidentLoggingEnabled" : true,
        "sessionTaggingEnabled" : true,
        "sessionTerminationEnabled" : true,
        "ipBlockingEnabled" : false,
        "removeRoles" : {
          "enabled" : true,
          "rolePattern" : {
            "pattern" : "normal-auth",
            "caseIgnored" : false,
            "inverted" : false
          }
        }
      }
    },
    "relationships" : {
      "anomaly-shield-applications" : {
        "data" : [ {
          "type" : "anomaly-shield-application",
          "id" : "20"
        } ]
      },
      "anomaly-shield-triggers" : {
        "data" : [ {
          "type" : "anomaly-shield-trigger",
          "id" : "30"
        } ]
      }
    }
  }
}

Delete an Anomaly Shield Rule

DELETE /configuration/anomaly-shield-rules/{id}

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-rules/1" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Add Anomaly Shield Trigger Connections

PATCH /configuration/anomaly-shield-rules/{id}/relationships/anomaly-shield-triggers

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "anomaly-shield-trigger" for this call.

data[].id

String

yes

The ID of the referenced "anomaly-shield-trigger" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-rules/2/relationships/anomaly-shield-triggers" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "anomaly-shield-trigger",
    "id" : "3"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove Anomaly Shield Trigger Connections

DELETE /configuration/anomaly-shield-rules/{id}/relationships/anomaly-shield-triggers

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "anomaly-shield-trigger" for this call.

data[].id

String

yes

The ID of the referenced "anomaly-shield-trigger" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-rules/2/relationships/anomaly-shield-triggers" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "anomaly-shield-trigger",
    "id" : "3"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Deny Rule Groups

Access all Deny Rule Groups

GET /configuration/deny-rule-groups

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "deny-rule-group" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.denyRules[]

Array

All deny rules that are member of this group.

data[].attributes.denyRules[].securityLevel

String

Specifies the security level.

Allowed values:
- BASIC: Rules in level Basic focus on a low false-positive rate, simplifying the integration of applications. Note, however, that certain attack variants may not be covered.
- STANDARD: Level Standard is the default setting on new mappings. It provides strong filters and a low false-positive rate. Exceptions may be required for input fields containing syntactical elements similar to JavaScript or SQL.
- STRICT: Level Strict focuses on blocking many potential attack variants. This level is recommended for very sensitive applications and typically requires some integration effort.

data[].attributes.denyRules[].shortNames[]

Array

All deny rules belonging to the security level.

data[].attributes.name

String

The name of the deny-rule group.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/deny-rule-groups" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1464

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:24.499Z"
  },
  "data" : [ {
    "type" : "deny-rule-group",
    "id" : "SQLI_PARAM_VALUE",
    "attributes" : {
      "name" : "(default) SQL Injection (SQLi) in Parameter Value",
      "denyRules" : [ {
        "securityLevel" : "BASIC",
        "shortNames" : [ "SQL_020A", "SQL_030A", "SQL_060A" ]
      }, {
        "securityLevel" : "STANDARD",
        "shortNames" : [ "SQL_005A", "SQL_020A", "SQL_025A", "SQL_030A", "SQL_045A", "SQL_055A", "SQL_060A", "SQL_065A" ]
      }, {
        "securityLevel" : "STRICT",
        "shortNames" : [ "SQL_001A", "SQL_005A", "SQL_020A", "SQL_025A", "SQL_030A", "SQL_040A", "SQL_045A", "SQL_050A", "SQL_055A", "SQL_060A", "SQL_065A" ]
      } ]
    }
  }, {
    "type" : "deny-rule-group",
    "id" : "SQLI_HEADER_VALUE",
    "attributes" : {
      "name" : "(default) SQL Injection (SQLi) in Header Value",
      "denyRules" : [ {
        "securityLevel" : "BASIC",
        "shortNames" : [ "SQL_020B", "SQL_030B", "SQL_060B" ]
      }, {
        "securityLevel" : "STANDARD",
        "shortNames" : [ "SQL_005B", "SQL_020B", "SQL_025B", "SQL_030B", "SQL_045B", "SQL_055B", "SQL_060B", "SQL_065B" ]
      }, {
        "securityLevel" : "STRICT",
        "shortNames" : [ "SQL_001B", "SQL_005B", "SQL_020B", "SQL_025B", "SQL_030B", "SQL_040B", "SQL_045B", "SQL_050B", "SQL_055B", "SQL_060B", "SQL_065B" ]
      } ]
    }
  } ]
}

Access a Deny Rule Group

GET /configuration/deny-rule-groups/{shortName}

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "deny-rule-group" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.denyRules[]

Array

All deny rules that are member of this group.

data.attributes.denyRules[].securityLevel

String

Specifies the security level.

Allowed values:
- BASIC: Rules in level Basic focus on a low false-positive rate, simplifying the integration of applications. Note, however, that certain attack variants may not be covered.
- STANDARD: Level Standard is the default setting on new mappings. It provides strong filters and a low false-positive rate. Exceptions may be required for input fields containing syntactical elements similar to JavaScript or SQL.
- STRICT: Level Strict focuses on blocking many potential attack variants. This level is recommended for very sensitive applications and typically requires some integration effort.

data.attributes.denyRules[].shortNames[]

Array

All deny rules belonging to the security level.

data.attributes.name

String

The name of the deny-rule group.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/deny-rule-groups/SQLI_PARAM_VALUE" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 790

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:24.224Z"
  },
  "data" : {
    "type" : "deny-rule-group",
    "id" : "SQLI_PARAM_VALUE",
    "attributes" : {
      "name" : "(default) SQL Injection (SQLi) in Parameter Value",
      "denyRules" : [ {
        "securityLevel" : "BASIC",
        "shortNames" : [ "SQL_020A", "SQL_030A", "SQL_060A" ]
      }, {
        "securityLevel" : "STANDARD",
        "shortNames" : [ "SQL_005A", "SQL_020A", "SQL_025A", "SQL_030A", "SQL_045A", "SQL_055A", "SQL_060A", "SQL_065A" ]
      }, {
        "securityLevel" : "STRICT",
        "shortNames" : [ "SQL_001A", "SQL_005A", "SQL_020A", "SQL_025A", "SQL_030A", "SQL_040A", "SQL_045A", "SQL_050A", "SQL_055A", "SQL_060A", "SQL_065A" ]
      } ]
    }
  }
}

Deny Rules

Access all Deny Rules

GET /configuration/deny-rules

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "deny-rule" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.attackType

String

Attack type covered by the deny rule.

data[].attributes.groupShortName

String

Short name of the deny rule group this rule is belongs to.

data[].attributes.name

String

The name of the deny rule.

data[].attributes.restrictions

Object

All restriction patterns used. Only active patterns will be returned.

data[].attributes.restrictions.contentTypePattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.restrictions.contentTypePattern.inverted

Boolean

Whether to invert the match.

data[].attributes.restrictions.contentTypePattern.pattern

String

The actual pattern.

data[].attributes.restrictions.httpHeaderNamePattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.restrictions.httpHeaderNamePattern.inverted

Boolean

Whether to invert the match.

data[].attributes.restrictions.httpHeaderNamePattern.pattern

String

The actual pattern.

data[].attributes.restrictions.httpHeaderValuePattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.restrictions.httpHeaderValuePattern.inverted

Boolean

Whether to invert the match.

data[].attributes.restrictions.httpHeaderValuePattern.pattern

String

The actual pattern.

data[].attributes.restrictions.httpMethodPattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.restrictions.httpMethodPattern.inverted

Boolean

Whether to invert the match.

data[].attributes.restrictions.httpMethodPattern.pattern

String

The actual pattern.

data[].attributes.restrictions.parameterNamePattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.restrictions.parameterNamePattern.inverted

Boolean

Whether to invert the match.

data[].attributes.restrictions.parameterNamePattern.pattern

String

The actual pattern.

data[].attributes.restrictions.parameterValuePattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.restrictions.parameterValuePattern.inverted

Boolean

Whether to invert the match.

data[].attributes.restrictions.parameterValuePattern.pattern

String

The actual pattern.

data[].attributes.restrictions.pathPattern.caseIgnored

Boolean

Whether to ignore case.

data[].attributes.restrictions.pathPattern.inverted

Boolean

Whether to invert the match.

data[].attributes.restrictions.pathPattern.pattern

String

The actual pattern.

data[].attributes.securityLevels[]

Array

Allowed values:
- BASIC: Rules in level Basic focus on a low false-positive rate, simplifying the integration of applications. Note, however, that certain attack variants may not be covered.
- STANDARD: Level Standard is the default setting on new mappings. It provides strong filters and a low false-positive rate. Exceptions may be required for input fields containing syntactical elements similar to JavaScript or SQL.
- STRICT: Level Strict focuses on blocking many potential attack variants. This level is recommended for very sensitive applications and typically requires some integration effort.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/deny-rules" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 788

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:26.769Z"
  },
  "data" : [ {
    "type" : "deny-rule",
    "id" : "BADIP_001C",
    "attributes" : {
      "name" : "(default BADIP_001C) evil internal network",
      "securityLevels" : [ ],
      "attackType" : "0 day",
      "groupShortName" : "BAD_IP"
    }
  }, {
    "type" : "deny-rule",
    "id" : "LDAP_001A",
    "attributes" : {
      "name" : "(default LDAP_001A) search subtree",
      "securityLevels" : [ ],
      "attackType" : "0 day",
      "groupShortName" : "LDAP_PARAM_INJECTION",
      "restrictions" : {
        "parameterValuePattern" : {
          "pattern" : "\\p{printable}",
          "caseIgnored" : false,
          "inverted" : true
        }
      }
    }
  } ]
}

Access a Deny Rule

GET /configuration/deny-rules/{shortName}

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "deny-rule" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.attackType

String

Attack type covered by the deny rule.

data.attributes.groupShortName

String

Short name of the deny rule group this rule is belongs to.

data.attributes.name

String

The name of the deny rule.

data.attributes.restrictions

Object

All restriction patterns used. Only active patterns will be returned.

data.attributes.restrictions.contentTypePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.restrictions.contentTypePattern.inverted

Boolean

Whether to invert the match.

data.attributes.restrictions.contentTypePattern.pattern

String

The actual pattern.

data.attributes.restrictions.httpHeaderNamePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.restrictions.httpHeaderNamePattern.inverted

Boolean

Whether to invert the match.

data.attributes.restrictions.httpHeaderNamePattern.pattern

String

The actual pattern.

data.attributes.restrictions.httpHeaderValuePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.restrictions.httpHeaderValuePattern.inverted

Boolean

Whether to invert the match.

data.attributes.restrictions.httpHeaderValuePattern.pattern

String

The actual pattern.

data.attributes.restrictions.httpMethodPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.restrictions.httpMethodPattern.inverted

Boolean

Whether to invert the match.

data.attributes.restrictions.httpMethodPattern.pattern

String

The actual pattern.

data.attributes.restrictions.parameterNamePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.restrictions.parameterNamePattern.inverted

Boolean

Whether to invert the match.

data.attributes.restrictions.parameterNamePattern.pattern

String

The actual pattern.

data.attributes.restrictions.parameterValuePattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.restrictions.parameterValuePattern.inverted

Boolean

Whether to invert the match.

data.attributes.restrictions.parameterValuePattern.pattern

String

The actual pattern.

data.attributes.restrictions.pathPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.restrictions.pathPattern.inverted

Boolean

Whether to invert the match.

data.attributes.restrictions.pathPattern.pattern

String

The actual pattern.

data.attributes.securityLevels[]

Array

Allowed values:
- BASIC: Rules in level Basic focus on a low false-positive rate, simplifying the integration of applications. Note, however, that certain attack variants may not be covered.
- STANDARD: Level Standard is the default setting on new mappings. It provides strong filters and a low false-positive rate. Exceptions may be required for input fields containing syntactical elements similar to JavaScript or SQL.
- STRICT: Level Strict focuses on blocking many potential attack variants. This level is recommended for very sensitive applications and typically requires some integration effort.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/deny-rules/RULE_001A" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1379

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:26.741Z"
  },
  "data" : {
    "type" : "deny-rule",
    "id" : "RULE_001A",
    "attributes" : {
      "name" : "(default RULE_001A) some default deny rule",
      "securityLevels" : [ ],
      "attackType" : "0 day",
      "groupShortName" : "DENY_001",
      "restrictions" : {
        "httpMethodPattern" : {
          "pattern" : "^GET$",
          "caseIgnored" : false,
          "inverted" : true
        },
        "pathPattern" : {
          "pattern" : "^/internal/",
          "caseIgnored" : true,
          "inverted" : false
        },
        "parameterNamePattern" : {
          "pattern" : "(?:evil|bad)",
          "caseIgnored" : true,
          "inverted" : false
        },
        "parameterValuePattern" : {
          "pattern" : "\\p{printable}",
          "caseIgnored" : false,
          "inverted" : true
        },
        "contentTypePattern" : {
          "pattern" : "^image/",
          "caseIgnored" : true,
          "inverted" : false
        },
        "httpHeaderNamePattern" : {
          "pattern" : "^X-",
          "caseIgnored" : true,
          "inverted" : false
        },
        "httpHeaderValuePattern" : {
          "pattern" : "\\p{printable}",
          "caseIgnored" : false,
          "inverted" : true
        }
      }
    }
  }
}

IP Address List

Access all IP Address Lists

GET /configuration/ip-address-lists

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "ip-address-list" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.ips[]

Array

List of IP addresses (in CIDR notation).

data[].attributes.name

String

Name of the IP address list.

data[].relationships.ip-address-whitelists.data[]

Array

The mapping references.

data[].relationships.ip-address-whitelists.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data[].relationships.ip-address-whitelists.data[].id

String

The ID of the mapping resource.

data[].relationships.ip-address-blacklists.data[]

Array

The mapping references.

data[].relationships.ip-address-blacklists.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data[].relationships.ip-address-blacklists.data[].id

String

The ID of the mapping resource.

data[].relationships.ip-address-blacklist-exceptions.data[]

Array

The mapping references.

data[].relationships.ip-address-blacklist-exceptions.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data[].relationships.ip-address-blacklist-exceptions.data[].id

String

The ID of the mapping resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/ip-address-lists" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 255

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:42.946Z"
  },
  "data" : [ {
    "type" : "ip-address-list",
    "id" : "1",
    "attributes" : {
      "name" : "tor-ip-list",
      "ips" : [ "" ]
    }
  } ]
}

Access an IP Address List

GET /configuration/ip-address-lists/{id}

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "ip-address-list" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.ips[]

Array

List of IP addresses (in CIDR notation).

data.attributes.name

String

Name of the IP address list.

data.relationships.ip-address-whitelists.data[]

Array

The mapping references.

data.relationships.ip-address-whitelists.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.ip-address-whitelists.data[].id

String

The ID of the mapping resource.

data.relationships.ip-address-blacklists.data[]

Array

The mapping references.

data.relationships.ip-address-blacklists.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.ip-address-blacklists.data[].id

String

The ID of the mapping resource.

data.relationships.ip-address-blacklist-exceptions.data[]

Array

The mapping references.

data.relationships.ip-address-blacklist-exceptions.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.ip-address-blacklist-exceptions.data[].id

String

The ID of the mapping resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/ip-address-lists/1" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 251

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:42.789Z"
  },
  "data" : {
    "type" : "ip-address-list",
    "id" : "1",
    "attributes" : {
      "name" : "tor-ip-list",
      "ips" : [ "" ]
    }
  }
}

Create an IP Address List

POST /configuration/ip-address-lists/

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "ip-address-list" for this call.

data.attributes.ips[]

Array

yes

List of IP addresses (in CIDR notation).

data.attributes.name

String

yes

Name of the IP address list.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "ip-address-list" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.ips[]

Array

List of IP addresses (in CIDR notation).

data.attributes.name

String

Name of the IP address list.

data.relationships.ip-address-whitelists.data[]

Array

The mapping references.

data.relationships.ip-address-whitelists.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.ip-address-whitelists.data[].id

String

The ID of the mapping resource.

data.relationships.ip-address-blacklists.data[]

Array

The mapping references.

data.relationships.ip-address-blacklists.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.ip-address-blacklists.data[].id

String

The ID of the mapping resource.

data.relationships.ip-address-blacklist-exceptions.data[]

Array

The mapping references.

data.relationships.ip-address-blacklist-exceptions.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.ip-address-blacklist-exceptions.data[].id

String

The ID of the mapping resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/ip-address-lists/" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "ip-address-list",
    "attributes" : {
      "name" : "custom-ip-list",
      "ips" : [ "127.0.0.1/24" ]
    }
  }
}'

Example Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 266

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:42.911Z"
  },
  "data" : {
    "type" : "ip-address-list",
    "id" : "4",
    "attributes" : {
      "name" : "custom-ip-list",
      "ips" : [ "127.0.0.1/24" ]
    }
  }
}

Update an IP Address List

PATCH /configuration/ip-address-lists/{id}

Content-Type application/json

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "ip-address-list" for this call.

data.id

String

yes

The ID of the resource to be addressed.

data.attributes.ips[]

Array

no

List of IP addresses (in CIDR notation).

data.attributes.name

String

no

Name of the IP address list.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "ip-address-list" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.ips[]

Array

List of IP addresses (in CIDR notation).

data.attributes.name

String

Name of the IP address list.

data.relationships.ip-address-whitelists.data[]

Array

The mapping references.

data.relationships.ip-address-whitelists.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.ip-address-whitelists.data[].id

String

The ID of the mapping resource.

data.relationships.ip-address-blacklists.data[]

Array

The mapping references.

data.relationships.ip-address-blacklists.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.ip-address-blacklists.data[].id

String

The ID of the mapping resource.

data.relationships.ip-address-blacklist-exceptions.data[]

Array

The mapping references.

data.relationships.ip-address-blacklist-exceptions.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.ip-address-blacklist-exceptions.data[].id

String

The ID of the mapping resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/ip-address-lists/1" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "ip-address-list",
    "id" : "1",
    "attributes" : {
      "name" : "custom-ip-list",
      "ips" : [ "127.0.0.1/24" ]
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 266

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:42.966Z"
  },
  "data" : {
    "type" : "ip-address-list",
    "id" : "1",
    "attributes" : {
      "name" : "custom-ip-list",
      "ips" : [ "127.0.0.1/24" ]
    }
  }
}

Delete an IP Address List

DELETE /configuration/ip-address-lists/{id}

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/ip-address-lists/1" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Add Mapping Whitelist Connections

PATCH /configuration/ip-address-lists/{id}/relationships/mappings-whitelist

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "mapping" for this call.

data[].id

String

yes

The ID of the referenced "mapping" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/ip-address-lists/3/relationships/mappings-whitelist" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "mapping",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove Mapping Whitelist Connections

DELETE /configuration/ip-address-lists/{id}/relationships/mappings-whitelist

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "mapping" for this call.

data[].id

String

yes

The ID of the referenced "mapping" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/ip-address-lists/3/relationships/mappings-whitelist" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "mapping",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Add Mapping Blacklist Connections

PATCH /configuration/ip-address-lists/{id}/relationships/mappings-blacklist

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "mapping" for this call.

data[].id

String

yes

The ID of the referenced "mapping" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/ip-address-lists/3/relationships/mappings-blacklist" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "mapping",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove Mapping Blacklist Connections

DELETE /configuration/ip-address-lists/{id}/relationships/mappings-blacklist

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "mapping" for this call.

data[].id

String

yes

The ID of the referenced "mapping" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/ip-address-lists/3/relationships/mappings-blacklist" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "mapping",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Add Mapping Blacklist Exception Connections

PATCH /configuration/ip-address-lists/{id}/relationships/mappings-blacklist-exception

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "mapping" for this call.

data[].id

String

yes

The ID of the referenced "mapping" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/ip-address-lists/3/relationships/mappings-blacklist-exception" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "mapping",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove Mapping Blacklist Exception Connections

DELETE /configuration/ip-address-lists/{id}/relationships/mappings-blacklist-exception

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "mapping" for this call.

data[].id

String

yes

The ID of the referenced "mapping" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/ip-address-lists/3/relationships/mappings-blacklist-exception" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "mapping",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Add Mapping Request Frequency Filter Whitelist Connections

PATCH /configuration/ip-address-lists/{id}/relationships/mappings-request-frequency-filter-whitelist

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "mapping" for this call.

data[].id

String

yes

The ID of the referenced "mapping" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/ip-address-lists/3/relationships/mappings-request-frequency-filter-whitelist" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "mapping",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove Mapping Request Frequency Filter Whitelist Connections

DELETE /configuration/ip-address-lists/{id}/relationships/mappings-request-frequency-filter-whitelist

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "mapping" for this call.

data[].id

String

yes

The ID of the referenced "mapping" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/ip-address-lists/3/relationships/mappings-request-frequency-filter-whitelist" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "mapping",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Dynamic IP Address Blacklist

Access Dynamic IP Address Blacklist Settings

GET /configuration/dynamic-ip-address-blacklist

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "dynamic-ip-address-blacklist" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.blockPeriod

Number

Time period in seconds for which an IP is blocked once blacklisted.

data.attributes.blockThreshold

Number

Number of blocks an IP must trigger during an observation period in order to get blacklisted.

data.attributes.observationPeriod

Number

Time period in seconds for which an IP is observed.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/dynamic-ip-address-blacklist" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 300

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:28.953Z"
  },
  "data" : {
    "type" : "dynamic-ip-address-blacklist",
    "id" : "2",
    "attributes" : {
      "observationPeriod" : 60,
      "blockThreshold" : 10,
      "blockPeriod" : 120
    }
  }
}

Update Dynamic IP Address Blacklist Settings

PATCH /configuration/dynamic-ip-address-blacklist

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "dynamic-ip-address-blacklist" for this call.

data.attributes.blockPeriod

Number

no

Time period in seconds for which an IP is blocked once blacklisted.

data.attributes.blockThreshold

Number

no

Number of blocks an IP must trigger during an observation period in order to get blacklisted.

data.attributes.observationPeriod

Number

no

Time period in seconds for which an IP is observed.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "dynamic-ip-address-blacklist" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.blockPeriod

Number

Time period in seconds for which an IP is blocked once blacklisted.

data.attributes.blockThreshold

Number

Number of blocks an IP must trigger during an observation period in order to get blacklisted.

data.attributes.observationPeriod

Number

Time period in seconds for which an IP is observed.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/dynamic-ip-address-blacklist" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "dynamic-ip-address-blacklist",
    "attributes" : {
      "observationPeriod" : 60,
      "blockThreshold" : 10,
      "blockPeriod" : 120
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 300

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:28.986Z"
  },
  "data" : {
    "type" : "dynamic-ip-address-blacklist",
    "id" : "2",
    "attributes" : {
      "observationPeriod" : 60,
      "blockThreshold" : 10,
      "blockPeriod" : 120
    }
  }
}

Error pages

Access Error Pages Settings

GET /configuration/error-pages

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "error-pages" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.errorPath

String

The path the error-pages are accessible on the virtual host.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/error-pages" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 225

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:31.144Z"
  },
  "data" : {
    "type" : "error-pages",
    "id" : "2",
    "attributes" : {
      "errorPath" : "/error"
    }
  }
}

Update Error Pages Settings

PATCH /configuration/error-pages

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "error-pages" for this call.

data.attributes.errorPath

String

no

The path the error-pages are accessible on the virtual host.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "error-pages" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.errorPath

String

The path the error-pages are accessible on the virtual host.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/error-pages" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "error-pages",
    "attributes" : {
      "errorPath" : "/error_path"
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 230

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:31.228Z"
  },
  "data" : {
    "type" : "error-pages",
    "id" : "2",
    "attributes" : {
      "errorPath" : "/error_path"
    }
  }
}

Export the error pages

GET /configuration/error-pages/content

Accept application/zip

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/error-pages/content" -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/zip' \
    -o '/tmp/download.zip'

Example Response

HTTP/1.1 200 OK
Content-Type: application/zip
Content-Length: 3054

Import error pages

PUT /configuration/error-pages/content

Content-Type application/zip

Note that prior to the import, a configuration must first be loaded.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/error-pages/content" -i -X PUT \
    -H 'Content-Type: application/zip' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    --data-binary '@/tmp/upload.zip'

Example Response

HTTP/1.1 200 OK

Delete error pages

DELETE /configuration/error-pages/content

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/error-pages/content" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK

Export the error pages templates

GET /configuration/error-pages/content/default

Accept application/zip

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/error-pages/content/default" -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/zip' \
    -o '/tmp/download.zip'

Example Response

HTTP/1.1 200 OK
Content-Type: application/zip
Content-Length: 3054

System Templates

Access all System Mapping Templates

GET /configuration/templates/mappings

Accept application/json

Request Structure

Parameter Description Required

filter

Optionally allows to filter by: 'group', 'application' and 'name'. Click here for more details about the syntax.

no

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "template.mapping" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.application

String

Application name of the system mapping template.

data[].attributes.group

String

Group name of the system mapping template.

data[].attributes.name

String

Name of the mapping inside the mapping template.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/templates/mappings?filter=name%3D%3DNew_Mapping" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 351

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:27:00.628Z"
  },
  "data" : [ {
    "type" : "mapping-template",
    "id" : "hPg28A988JGwBKRi2BotP6MthrM1XIT1i/expDvvPtY=",
    "attributes" : {
      "group" : "Airlock Gateway",
      "application" : "Empty Mapping",
      "name" : "New_Mapping"
    }
  } ]
}

Session Settings

Access Session Settings

GET /configuration/session

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "session" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.cookieStoreDomainInterpretationEnabled

Boolean

Whether Airlock Gateway should interpret the domain and the path attribute of cookies that are stored in the cookie store.

data.attributes.csrfTokenName

String

Name of Airlock Gateway’s CSRF token.

data.attributes.dosMitigation.enabled

Boolean

If enabled, the number of sessions that can be concurrently allocated by the same source IP address is limited.

data.attributes.dosMitigation.maxSessionsPerIp

Number

Maximum number of concurrent sessions (total of authenticated and unauthenticated sessions) that can be allocated by the same source IP address.

data.attributes.encryptionPassphrase

String

The passphrase for the passphrase based encryption mechanism (PBE).

data.attributes.globalDeniedAccessUrl

String

URL to which mappings with a role restriction and "access.deniedUrl.mode" set to "GLOBAL" should redirect when authentication is required.

data.attributes.loadbalancingCookieName

String

Name of the load-balancing cookie. This cookie is used to keep track of non-critical load balancing status information.

data.attributes.store.autoSizingEnabled

Boolean

If enabled, Airlock Gateway will automatically adapt the session store size.

data.attributes.store.mode

String

Allowed values:
- SOCKET: The local Redis instance is used as session store.
- SERVER: A single remote Redis instance is used as session store (first server in the "redisServers" list).
- CLUSTER: A Redis cluster is used as remote session store, multiple servers can be configured.

data.attributes.store.redisServers[].hostName

String

Name of the host running the Redis Server.

data.attributes.store.redisServers[].port

Number

Port on which the Redis Server is listening.

data.attributes.store.size

Number

Size of the Session Store in MiB.

data.attributes.tracking.basedOn

String

Whether the session shall be tracked by using a cookie or the SSL session ID.

data.attributes.tracking.cookieName

String

Name of the session cookie.

data.attributes.tracking.lifetime

Number

Session lifetime in seconds.

data.attributes.tracking.timeout

Number

Session timeout in seconds.

data.relationships.session-dos-mitigation-source-ip-whitelist.data

Object

The ip-address-list references.

data.relationships.session-dos-mitigation-source-ip-whitelist.data.type

String

The data type of the referenced resource. Must be "ip-address-list" for this call.

data.relationships.session-dos-mitigation-source-ip-whitelist.data.id

String

The ID of the ip-address-list resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/session" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1067

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:58.467Z"
  },
  "data" : {
    "type" : "session",
    "id" : "2",
    "attributes" : {
      "store" : {
        "mode" : "SERVER",
        "autoSizingEnabled" : true,
        "size" : 100,
        "redisServers" : [ {
          "hostName" : "myRedisServerHostname",
          "port" : 1234
        } ]
      },
      "tracking" : {
        "basedOn" : "COOKIE",
        "timeout" : 600,
        "lifetime" : 28800,
        "cookieName" : "AL_SESS"
      },
      "dosMitigation" : {
        "enabled" : true,
        "maxSessionsPerIp" : 1500
      },
      "csrfTokenName" : "CSRFT759",
      "loadbalancingCookieName" : "AL_BALANCE",
      "cookieStoreDomainInterpretationEnabled" : true,
      "encryptionPassphrase" : "",
      "globalDeniedAccessUrl" : "/auth/check-login"
    },
    "relationships" : {
      "session-dos-mitigation-source-ip-whitelist" : {
        "data" : {
          "type" : "ip-address-list",
          "id" : "42"
        }
      }
    }
  }
}

Update Session Settings

PATCH /configuration/session

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "session" for this call.

data.attributes.cookieStoreDomainInterpretationEnabled

Boolean

no

Whether Airlock Gateway should interpret the domain and the path attribute of cookies that are stored in the cookie store.

data.attributes.csrfTokenName

String

no

Name of Airlock Gateway’s CSRF token.

data.attributes.dosMitigation.enabled

Boolean

no

If enabled, the number of sessions that can be concurrently allocated by the same source IP address is limited.

data.attributes.dosMitigation.maxSessionsPerIp

Number

no

Maximum number of concurrent sessions (total of authenticated and unauthenticated sessions) that can be allocated by the same source IP address.

data.attributes.encryptionPassphrase

String

no

The passphrase for the passphrase based encryption mechanism (PBE).

data.attributes.globalDeniedAccessUrl

String

no

URL to which mappings with a role restriction and "access.deniedUrl.mode" set to "GLOBAL" should redirect when authentication is required.

data.attributes.loadbalancingCookieName

String

no

Name of the load-balancing cookie. This cookie is used to keep track of non-critical load balancing status information.

data.attributes.store.autoSizingEnabled

Boolean

no

If enabled, Airlock Gateway will automatically adapt the session store size.

data.attributes.store.mode

String

no

Allowed values:
- SOCKET: The local Redis instance is used as session store.
- SERVER: A single remote Redis instance is used as session store (first server in the "redisServers" list).
- CLUSTER: A Redis cluster is used as remote session store, multiple servers can be configured.

data.attributes.store.redisServers[].hostName

String

no

Name of the host running the Redis Server.

data.attributes.store.redisServers[].port

Number

no

Port on which the Redis Server is listening.

data.attributes.store.size

Number

no

Size of the Session Store in MiB.

data.attributes.tracking.basedOn

String

no

Whether the session shall be tracked by using a cookie or the SSL session ID.

data.attributes.tracking.cookieName

String

no

Name of the session cookie.

data.attributes.tracking.lifetime

Number

no

Session lifetime in seconds.

data.attributes.tracking.timeout

Number

no

Session timeout in seconds.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "session" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.cookieStoreDomainInterpretationEnabled

Boolean

Whether Airlock Gateway should interpret the domain and the path attribute of cookies that are stored in the cookie store.

data.attributes.csrfTokenName

String

Name of Airlock Gateway’s CSRF token.

data.attributes.dosMitigation.enabled

Boolean

If enabled, the number of sessions that can be concurrently allocated by the same source IP address is limited.

data.attributes.dosMitigation.maxSessionsPerIp

Number

Maximum number of concurrent sessions (total of authenticated and unauthenticated sessions) that can be allocated by the same source IP address.

data.attributes.encryptionPassphrase

String

The passphrase for the passphrase based encryption mechanism (PBE).

data.attributes.globalDeniedAccessUrl

String

URL to which mappings with a role restriction and "access.deniedUrl.mode" set to "GLOBAL" should redirect when authentication is required.

data.attributes.loadbalancingCookieName

String

Name of the load-balancing cookie. This cookie is used to keep track of non-critical load balancing status information.

data.attributes.store.autoSizingEnabled

Boolean

If enabled, Airlock Gateway will automatically adapt the session store size.

data.attributes.store.mode

String

Allowed values:
- SOCKET: The local Redis instance is used as session store.
- SERVER: A single remote Redis instance is used as session store (first server in the "redisServers" list).
- CLUSTER: A Redis cluster is used as remote session store, multiple servers can be configured.

data.attributes.store.redisServers[].hostName

String

Name of the host running the Redis Server.

data.attributes.store.redisServers[].port

Number

Port on which the Redis Server is listening.

data.attributes.store.size

Number

Size of the Session Store in MiB.

data.attributes.tracking.basedOn

String

Whether the session shall be tracked by using a cookie or the SSL session ID.

data.attributes.tracking.cookieName

String

Name of the session cookie.

data.attributes.tracking.lifetime

Number

Session lifetime in seconds.

data.attributes.tracking.timeout

Number

Session timeout in seconds.

data.relationships.session-dos-mitigation-source-ip-whitelist.data

Object

The ip-address-list references.

data.relationships.session-dos-mitigation-source-ip-whitelist.data.type

String

The data type of the referenced resource. Must be "ip-address-list" for this call.

data.relationships.session-dos-mitigation-source-ip-whitelist.data.id

String

The ID of the ip-address-list resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/session" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "session",
    "attributes" : {
      "store" : {
        "mode" : "SERVER",
        "autoSizingEnabled" : true,
        "size" : 100,
        "redisServers" : [ {
          "hostName" : "redisServerHostname",
          "port" : 1234
        } ]
      },
      "tracking" : {
        "basedOn" : "SSL_SESSION_ID",
        "timeout" : 60,
        "lifetime" : 28800,
        "cookieName" : "MY_SESSION_COOKIE_NAME"
      },
      "dosMitigation" : {
        "enabled" : true,
        "maxSessionsPerIp" : 1500
      },
      "csrfTokenName" : "myCsrfTokenName",
      "loadbalancingCookieName" : "MY_LOADBALANCING_COOKIE_NAME",
      "cookieStoreDomainInterpretationEnabled" : true,
      "encryptionPassphrase" : "pbePassPhrase",
      "globalDeniedAccessUrl" : "myGlobalDeniedAccessUrl"
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1131

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:58.530Z"
  },
  "data" : {
    "type" : "session",
    "id" : "2",
    "attributes" : {
      "store" : {
        "mode" : "SERVER",
        "autoSizingEnabled" : true,
        "size" : 100,
        "redisServers" : [ {
          "hostName" : "redisServerHostname",
          "port" : 1234
        } ]
      },
      "tracking" : {
        "basedOn" : "SSL_SESSION_ID",
        "timeout" : 60,
        "lifetime" : 28800,
        "cookieName" : "MY_SESSION_COOKIE_NAME"
      },
      "dosMitigation" : {
        "enabled" : true,
        "maxSessionsPerIp" : 1500
      },
      "csrfTokenName" : "myCsrfTokenName",
      "loadbalancingCookieName" : "MY_LOADBALANCING_COOKIE_NAME",
      "cookieStoreDomainInterpretationEnabled" : true,
      "encryptionPassphrase" : "pbePassPhrase",
      "globalDeniedAccessUrl" : "myGlobalDeniedAccessUrl"
    },
    "relationships" : {
      "session-dos-mitigation-source-ip-whitelist" : {
        "data" : {
          "type" : "ip-address-list",
          "id" : "42"
        }
      }
    }
  }
}

Add Connection to Session DoS Mitigation Source IP Whitelist

PATCH /configuration/session/relationships/session-dos-mitigation-source-ip-whitelist

Content-Type application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "ip-address-list" for this call.

data.id

String

yes

The ID of the referenced "ip-address-list" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/session/relationships/session-dos-mitigation-source-ip-whitelist" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "ip-address-list",
    "id" : "42"
  }
}'

Example Response

HTTP/1.1 204 No Content

Remove Connection to Session DoS Mitigation Source IP Whitelist

DELETE /configuration/session/relationships/session-dos-mitigation-source-ip-whitelist

Content-Type application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type of the referenced resource. Must be "ip-address-list" for this call.

data.id

String

yes

The ID of the referenced "ip-address-list" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/session/relationships/session-dos-mitigation-source-ip-whitelist" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "ip-address-list",
    "id" : "42"
  }
}'

Example Response

HTTP/1.1 204 No Content

License

Access License

GET /configuration/license

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "license-response" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.backendHosts

Number

Number of licensed back-end hosts.

data.attributes.deploymentForm

String

License is valid for Appliance (A) or Microgateway (M)

data.attributes.environment

String

Environment for which the license was issued.

data.attributes.expiry

String

Expiry date.

data.attributes.graceMargin

Number

Grace margin for authenticated sessions.

data.attributes.licensedFeatures.anomalyShield

Boolean

Whether Airlock Anomaly Shield is licensed.

data.attributes.licensedFeatures.apiGateway

Boolean

Whether the API Gateway features are licensed.

data.attributes.licensedFeatures.icap

Boolean

Whether ICAP is licensed.

data.attributes.licensedFeatures.kerberos

Boolean

Whether Kerberos is licensed.

data.attributes.licensedFeatures.policyEnforcement

Boolean

Whether full filtering is licensed.

data.attributes.licensedFeatures.webrootThreatIntelligence

Boolean

Whether Webroot Threat Intelligence is licensed.

data.attributes.licensedFeatures.webrootThreatIntelligenceLicenseCustomerId

String

Your anonymized user id.

data.attributes.licensedFeatures.webrootThreatIntelligenceLicenseType

String

Webroot Threat Intelligence license type.

data.attributes.macAddresses[]

Array

List of licensed ethernet addresses.

data.attributes.owner

String

License owner.

data.attributes.platformRestriction

String

License can be cloud license and restricted to Amazon Web Services (A), Google Compute Engine (G), Microsoft Azure (Z) or empty.

data.attributes.rawLicense

String

Encoded license string.

data.attributes.requestRate

Number

Licensed request rate.

data.attributes.sessions

Number

Number of licensed authenticated sessions.

data.attributes.trial

Boolean

Whether this is a trial license.

data.attributes.usedBackendHosts

Number

Number of licensed back-end hosts in used.

data.attributes.version

String

License version.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/license" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1929

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:47.792Z"
  },
  "data" : {
    "type" : "license-response",
    "id" : "2",
    "attributes" : {
      "version" : "4",
      "owner" : "Ergon Informatik AG",
      "environment" : "Production - HA",
      "expiry" : "2525-01-01",
      "licensedFeatures" : {
        "icap" : true,
        "kerberos" : true,
        "policyEnforcement" : true,
        "apiGateway" : true,
        "anomalyShield" : false,
        "webrootThreatIntelligence" : false,
        "webrootThreatIntelligenceLicenseType" : "",
        "webrootThreatIntelligenceLicenseCustomerId" : ""
      },
      "trial" : false,
      "deploymentForm" : "A",
      "platformRestriction" : "A",
      "sessions" : 10000,
      "graceMargin" : 20000,
      "requestRate" : 0,
      "backendHosts" : 50,
      "usedBackendHosts" : 0,
      "macAddresses" : [ "56:00:ca:fe:ba:be", "56:00:de:ad:be:ef" ],
      "rawLicense" : "-----BEGIN LICENSE-----\neJxF0EmTmlAUBeD/4pZUCQo0pCoLJmVGmVRCFswyvPeUx2hX//dYWaSX9zvn\nbO7nZip6XCNoJQ3qNz831ObHf6rhPyLf1NVZAXGBNz9/f24AyseueCdC3Xco\na78nb2O+2+8L7p2Liw4i44yQSRheWlxUWTdPI6i5p+RnOxIvJ3xxXkp3ssp5\nTS6RA9NcZP3p0ZGSx3CHfHjXnxPzce0KaunV5GziiMEB75/b52Ml1sH1yWfT\na0lik2zAYEUEw3rOKIW8EPQ1hvNACxY27EOtJKMjqTo07sjolEU7K/d9dVrJ\ntqD9gLoK2Dfti7f6Qu1lu+hhyfohugs2c2Ml1sH1yWfTzxELPMOaqqrvJDjl\nqT9KB1CpU9iQ8t33+PLDTRocuvsKmWmx8k9VimFC9FqGczEKTvpjvIFkfWVc\n4rTLLuuPQ7rctHKm5celGptmndWrBdPpchJpnWs4x9nbMWR0uFWAoFKcMPKl\nWzZzR9f+o1dIHU8AgK6Ri6SpVKIhweU0Yh/GIgbZfpnWs4x9cAyz/EYo/K2l\n2GOdHh7R1jqEQP+Q6vJaXF3q7Bwq0zHVVD81aNKE7AJe4tofXGvo8vRk6zGU\nJfVqDMOuGgxPpNrRZMHC50Dy62Mz3XnAWS5bYXcnW7a8yuHeCfsZv6aPaSgT\nVyWoGAZmyUI7B65o0xkb3shKOoVZZ6So01DkS4jVCcZHC50Dy629a/QBVIPT\nOpl3kIiLV8SwlxAilezm80y9tefgxvKue59RymvCIonIjoryynXEVlrzasko\nkTYz9BSE/RJB2mXff5BYntAs62Mz3XnAWS5bYXcnWd2ZGDZtpciscfMIlAuH\nfsVw8/Xn6y9lSRIB\n-----END LICENSE-----\n"
    }
  }
}

Update License

PATCH /configuration/license

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "license-response" for this call.

data.attributes.license

String

no

Encoded license.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "license-response" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.backendHosts

Number

Number of licensed back-end hosts.

data.attributes.deploymentForm

String

License is valid for Appliance (A) or Microgateway (M)

data.attributes.environment

String

Environment for which the license was issued.

data.attributes.expiry

String

Expiry date.

data.attributes.graceMargin

Number

Grace margin for authenticated sessions.

data.attributes.licensedFeatures.anomalyShield

Boolean

Whether Airlock Anomaly Shield is licensed.

data.attributes.licensedFeatures.apiGateway

Boolean

Whether the API Gateway features are licensed.

data.attributes.licensedFeatures.icap

Boolean

Whether ICAP is licensed.

data.attributes.licensedFeatures.kerberos

Boolean

Whether Kerberos is licensed.

data.attributes.licensedFeatures.policyEnforcement

Boolean

Whether full filtering is licensed.

data.attributes.licensedFeatures.webrootThreatIntelligence

Boolean

Whether Webroot Threat Intelligence is licensed.

data.attributes.licensedFeatures.webrootThreatIntelligenceLicenseCustomerId

String

Your anonymized user id.

data.attributes.licensedFeatures.webrootThreatIntelligenceLicenseType

String

Webroot Threat Intelligence license type.

data.attributes.macAddresses[]

Array

List of licensed ethernet addresses.

data.attributes.owner

String

License owner.

data.attributes.platformRestriction

String

License can be cloud license and restricted to Amazon Web Services (A), Google Compute Engine (G), Microsoft Azure (Z) or empty.

data.attributes.rawLicense

String

Encoded license string.

data.attributes.requestRate

Number

Licensed request rate.

data.attributes.sessions

Number

Number of licensed authenticated sessions.

data.attributes.trial

Boolean

Whether this is a trial license.

data.attributes.usedBackendHosts

Number

Number of licensed back-end hosts in used.

data.attributes.version

String

License version.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/license" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "license",
    "attributes" : {
      "license" : "-----BEGIN LICENSE-----\neJxF0EmTmlAUBeD/4pZUCQo0pCoLJmVGmVRCFswyvPeUx2hX//dYWaSX9zvn\nbO7nZip6XCNoJQ3qNz831ObHf6rhPyLf1NVZAXGBNz9/f24AyseueCdC3Xco\na78nb2O+2+8L7p2Liw4i44yQSRheWlxUWTdPI6i5p+RnOxIvJ3xxXkp3ssp5\nTS6RA9NcZP3p0ZGSx3CHfHjXnxPzce0KaunV5GziiMEB75/b52Ml1sH1yWfT\na0lik2zAYEUEw3rOKIW8EPQ1hvNACxY27EOtJKMjqTo07sjolEU7K/d9dVrJ\ntqD9gLoK2Dfti7f6Qu1lu+hhyfohugs2c2Ml1sH1yWfTzxELPMOaqqrvJDjl\nqT9KB1CpU9iQ8t33+PLDTRocuvsKmWmx8k9VimFC9FqGczEKTvpjvIFkfWVc\n4rTLLuuPQ7rctHKm5celGptmndWrBdPpchJpnWs4x9nbMWR0uFWAoFKcMPKl\nWzZzR9f+o1dIHU8AgK6Ri6SpVKIhweU0Yh/GIgbZfpnWs4x9cAyz/EYo/K2l\n2GOdHh7R1jqEQP+Q6vJaXF3q7Bwq0zHVVD81aNKE7AJe4tofXGvo8vRk6zGU\nJfVqDMOuGgxPpNrRZMHC50Dy62Mz3XnAWS5bYXcnW7a8yuHeCfsZv6aPaSgT\nVyWoGAZmyUI7B65o0xkb3shKOoVZZ6So01DkS4jVCcZHC50Dy629a/QBVIPT\nOpl3kIiLV8SwlxAilezm80y9tefgxvKue59RymvCIonIjoryynXEVlrzasko\nkTYz9BSE/RJB2mXff5BYntAs62Mz3XnAWS5bYXcnWd2ZGDZtpciscfMIlAuH\nfsVw8/Xn6y9lSRIB\n-----END LICENSE-----\n"
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1835

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:47.858Z"
  },
  "data" : {
    "type" : "license-response",
    "id" : "2",
    "attributes" : {
      "version" : "",
      "owner" : "",
      "environment" : "",
      "expiry" : "",
      "licensedFeatures" : {
        "icap" : false,
        "kerberos" : false,
        "policyEnforcement" : true,
        "apiGateway" : false,
        "anomalyShield" : false,
        "webrootThreatIntelligence" : false,
        "webrootThreatIntelligenceLicenseType" : "",
        "webrootThreatIntelligenceLicenseCustomerId" : ""
      },
      "trial" : false,
      "deploymentForm" : "",
      "platformRestriction" : "",
      "sessions" : 0,
      "graceMargin" : 0,
      "requestRate" : 0,
      "backendHosts" : 0,
      "usedBackendHosts" : 0,
      "macAddresses" : [ ],
      "rawLicense" : "-----BEGIN LICENSE-----\neJxF0EmTmlAUBeD/4pZUCQo0pCoLJmVGmVRCFswyvPeUx2hX//dYWaSX9zvn\nbO7nZip6XCNoJQ3qNz831ObHf6rhPyLf1NVZAXGBNz9/f24AyseueCdC3Xco\na78nb2O+2+8L7p2Liw4i44yQSRheWlxUWTdPI6i5p+RnOxIvJ3xxXkp3ssp5\nTS6RA9NcZP3p0ZGSx3CHfHjXnxPzce0KaunV5GziiMEB75/b52Ml1sH1yWfT\na0lik2zAYEUEw3rOKIW8EPQ1hvNACxY27EOtJKMjqTo07sjolEU7K/d9dVrJ\ntqD9gLoK2Dfti7f6Qu1lu+hhyfohugs2c2Ml1sH1yWfTzxELPMOaqqrvJDjl\nqT9KB1CpU9iQ8t33+PLDTRocuvsKmWmx8k9VimFC9FqGczEKTvpjvIFkfWVc\n4rTLLuuPQ7rctHKm5celGptmndWrBdPpchJpnWs4x9nbMWR0uFWAoFKcMPKl\nWzZzR9f+o1dIHU8AgK6Ri6SpVKIhweU0Yh/GIgbZfpnWs4x9cAyz/EYo/K2l\n2GOdHh7R1jqEQP+Q6vJaXF3q7Bwq0zHVVD81aNKE7AJe4tofXGvo8vRk6zGU\nJfVqDMOuGgxPpNrRZMHC50Dy62Mz3XnAWS5bYXcnW7a8yuHeCfsZv6aPaSgT\nVyWoGAZmyUI7B65o0xkb3shKOoVZZ6So01DkS4jVCcZHC50Dy629a/QBVIPT\nOpl3kIiLV8SwlxAilezm80y9tefgxvKue59RymvCIonIjoryynXEVlrzasko\nkTYz9BSE/RJB2mXff5BYntAs62Mz3XnAWS5bYXcnWd2ZGDZtpciscfMIlAuH\nfsVw8/Xn6y9lSRIB\n-----END LICENSE-----\n"
    }
  }
}

Clear License

DELETE /configuration/license

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/license" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Nodes

Access Current Node and Interfaces

GET /configuration/nodes/current

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "node" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.backendAddresses[].ipAddress

String

The IP address in CIDR format.

data.attributes.backendAddresses[].logicalName

String

The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.failoverAddresses[].logicalName

String

The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.failoverAddresses[].mirrorIpAddress

String

Private IP address of the mirror host of this external network interface. This is the private failover IP address of the other Airlock Gateway instance.

data.attributes.failoverAddresses[].privateIpAddress

String

Private IP address that this external network interface uses for the failover communication link.

data.attributes.hostName

String

Static system host/node name (ignored if hostNameDhcpInterface is set).

data.attributes.hostNameDhcpInterface

String

Name of the physical interface from which to retrieve the hostname via DHCP.

data.attributes.managementAddresses[].ipAddress

String

IP address in CIDR format.

data.attributes.managementAddresses[].logicalName

String

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.managementAddresses[].port

Number

Port on which the Configuration Center listens for HTTPS (SSL/TLS) connections.

data.attributes.networkInterfaces.bonded[].bondingMode

String

Bonding mode to use.

Allowed values:
- ACTIVE_BACKUP: Only one slave in the bond is active. A different slave becomes active if and only if the active slave fails. The bond’s MAC address is externally visible on only one port (network adapter) to avoid confusing the switch.
- BALANCE_RR: Round-robin policy that transmits packets in sequential order from the first available slave through the last.
- BALANCE_XOR: Transmit based on [(source MAC address XOR’d with destination MAC address) modulo slave count].
- BALANCE_TLB: Adaptive transmit load balancing. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave.

Note: requires Ethtool support in the base drivers for retrieving the speed and duplex of each slave.
- BALANCE_ALB: ARP-Based adaptive load balancing that includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic.
- BROADCAST: Transmits everything on all slave interfaces.
- IEEE_8023_AD: IEEE 802.3ad Dynamic link aggregation.

Note: requires Ethtool support in the base drivers and a switch that supports IEEE 802.3ad Dynamic link aggregation.

data.attributes.networkInterfaces.bonded[].logicalName

String

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.networkInterfaces.bonded[].mtu

Number

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data.attributes.networkInterfaces.bonded[].slaveInterfaces.first

String

Logical name of the first physical interface that is part of the bonding interface.

data.attributes.networkInterfaces.bonded[].slaveInterfaces.second

String

Logical name of the second physical interface that is part of the bonding interface.

data.attributes.networkInterfaces.physical[].device

String

Physical interface that is connected to the logical name.
A list of available interfaces and their supported speed modes can be obtained from the interface status endpoint.

data.attributes.networkInterfaces.physical[].dhcpMode

String

Allowed values:
- OFF
- DHCPV4
- DHCPV6
- DHCPV4_AND_DHCPV6

data.attributes.networkInterfaces.physical[].logicalName

String

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.networkInterfaces.physical[].mtu

Number

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data.attributes.networkInterfaces.virtual[].baseInterfaceName

String

The logical name of the physical or bonded interface on which the VLAN for this virtual interface is configured.

data.attributes.networkInterfaces.virtual[].logicalName

String

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.networkInterfaces.virtual[].mtu

Number

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data.attributes.networkInterfaces.virtual[].vlan

Number

ID of the VLAN to which the virtual interface should be connected.

data.attributes.skinName

String

Skin color of the Configuration Center GUI.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/nodes/current" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1558

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:15.977Z"
  },
  "data" : {
    "type" : "node",
    "id" : "4",
    "attributes" : {
      "hostName" : "localhost",
      "hostNameDhcpInterface" : "eth0",
      "skinName" : "skinBlue",
      "networkInterfaces" : {
        "physical" : [ {
          "logicalName" : "EXT0-a",
          "dhcpMode" : "DHCPV4",
          "device" : "hme0",
          "mtu" : 1500
        }, {
          "logicalName" : "EXT0-b",
          "dhcpMode" : "DHCPV4",
          "device" : "hne1",
          "mtu" : 1500
        } ],
        "bonded" : [ {
          "logicalName" : "BOND0",
          "slaveInterfaces" : {
            "first" : "EXT0-a",
            "second" : "EXT0-b"
          },
          "bondingMode" : "BALANCE_RR",
          "mtu" : 1500
        } ],
        "virtual" : [ {
          "logicalName" : "MGT",
          "baseInterfaceName" : "EXT",
          "vlan" : 1,
          "mtu" : 1500
        }, {
          "logicalName" : "BACK",
          "baseInterfaceName" : "EXT",
          "vlan" : 1,
          "mtu" : 1500
        } ]
      },
      "backendAddresses" : [ {
        "logicalName" : "MGT",
        "ipAddress" : "192.168.0.1"
      } ],
      "managementAddresses" : [ {
        "logicalName" : "BACK",
        "ipAddress" : "192.168.1.1",
        "port" : 443
      } ],
      "failoverAddresses" : [ {
        "logicalName" : "FAILOVER",
        "privateIpAddress" : "10.0.69.1/24",
        "mirrorIpAddress" : "10.0.69.2"
      } ]
    }
  }
}

Update Current Node and Interfaces

PATCH /configuration/nodes/current

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "node" for this call.

data.id

String

yes

The ID of the resource to be addressed.

data.attributes.backendAddresses[].ipAddress

String

no

The IP address in CIDR format.

data.attributes.backendAddresses[].logicalName

String

no

The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.failoverAddresses[].logicalName

String

no

The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.failoverAddresses[].mirrorIpAddress

String

no

Private IP address of the mirror host of this external network interface. This is the private failover IP address of the other Airlock Gateway instance.

data.attributes.failoverAddresses[].privateIpAddress

String

no

Private IP address that this external network interface uses for the failover communication link.

data.attributes.hostName

String

no

Static system host/node name (ignored if hostNameDhcpInterface is set).

data.attributes.hostNameDhcpInterface

String

no

Name of the physical interface from which to retrieve the hostname via DHCP.

data.attributes.managementAddresses[].ipAddress

String

no

IP address in CIDR format.

data.attributes.managementAddresses[].logicalName

String

no

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.managementAddresses[].port

Number

no

Port on which the Configuration Center listens for HTTPS (SSL/TLS) connections.

data.attributes.networkInterfaces.bonded[].bondingMode

String

no

Bonding mode to use.

Allowed values:
- ACTIVE_BACKUP: Only one slave in the bond is active. A different slave becomes active if and only if the active slave fails. The bond’s MAC address is externally visible on only one port (network adapter) to avoid confusing the switch.
- BALANCE_RR: Round-robin policy that transmits packets in sequential order from the first available slave through the last.
- BALANCE_XOR: Transmit based on [(source MAC address XOR’d with destination MAC address) modulo slave count].
- BALANCE_TLB: Adaptive transmit load balancing. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave.

Note: requires Ethtool support in the base drivers for retrieving the speed and duplex of each slave.
- BALANCE_ALB: ARP-Based adaptive load balancing that includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic.
- BROADCAST: Transmits everything on all slave interfaces.
- IEEE_8023_AD: IEEE 802.3ad Dynamic link aggregation.

Note: requires Ethtool support in the base drivers and a switch that supports IEEE 802.3ad Dynamic link aggregation.

data.attributes.networkInterfaces.bonded[].logicalName

String

no

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.networkInterfaces.bonded[].mtu

Number

no

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data.attributes.networkInterfaces.bonded[].slaveInterfaces.first

String

no

Logical name of the first physical interface that is part of the bonding interface.

data.attributes.networkInterfaces.bonded[].slaveInterfaces.second

String

no

Logical name of the second physical interface that is part of the bonding interface.

data.attributes.networkInterfaces.physical[].device

String

no

Physical interface that is connected to the logical name.
A list of available interfaces and their supported speed modes can be obtained from the interface status endpoint.

data.attributes.networkInterfaces.physical[].dhcpMode

String

no

Allowed values:
- OFF
- DHCPV4
- DHCPV6
- DHCPV4_AND_DHCPV6

data.attributes.networkInterfaces.physical[].logicalName

String

no

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.networkInterfaces.physical[].mtu

Number

no

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data.attributes.networkInterfaces.virtual[].baseInterfaceName

String

no

The logical name of the physical or bonded interface on which the VLAN for this virtual interface is configured.

data.attributes.networkInterfaces.virtual[].logicalName

String

no

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.networkInterfaces.virtual[].mtu

Number

no

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data.attributes.networkInterfaces.virtual[].vlan

Number

no

ID of the VLAN to which the virtual interface should be connected.

data.attributes.skinName

String

no

Skin color of the Configuration Center GUI.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "node" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.backendAddresses[].ipAddress

String

The IP address in CIDR format.

data.attributes.backendAddresses[].logicalName

String

The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.failoverAddresses[].logicalName

String

The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.failoverAddresses[].mirrorIpAddress

String

Private IP address of the mirror host of this external network interface. This is the private failover IP address of the other Airlock Gateway instance.

data.attributes.failoverAddresses[].privateIpAddress

String

Private IP address that this external network interface uses for the failover communication link.

data.attributes.hostName

String

Static system host/node name (ignored if hostNameDhcpInterface is set).

data.attributes.hostNameDhcpInterface

String

Name of the physical interface from which to retrieve the hostname via DHCP.

data.attributes.managementAddresses[].ipAddress

String

IP address in CIDR format.

data.attributes.managementAddresses[].logicalName

String

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.managementAddresses[].port

Number

Port on which the Configuration Center listens for HTTPS (SSL/TLS) connections.

data.attributes.networkInterfaces.bonded[].bondingMode

String

Bonding mode to use.

Allowed values:
- ACTIVE_BACKUP: Only one slave in the bond is active. A different slave becomes active if and only if the active slave fails. The bond’s MAC address is externally visible on only one port (network adapter) to avoid confusing the switch.
- BALANCE_RR: Round-robin policy that transmits packets in sequential order from the first available slave through the last.
- BALANCE_XOR: Transmit based on [(source MAC address XOR’d with destination MAC address) modulo slave count].
- BALANCE_TLB: Adaptive transmit load balancing. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave.

Note: requires Ethtool support in the base drivers for retrieving the speed and duplex of each slave.
- BALANCE_ALB: ARP-Based adaptive load balancing that includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic.
- BROADCAST: Transmits everything on all slave interfaces.
- IEEE_8023_AD: IEEE 802.3ad Dynamic link aggregation.

Note: requires Ethtool support in the base drivers and a switch that supports IEEE 802.3ad Dynamic link aggregation.

data.attributes.networkInterfaces.bonded[].logicalName

String

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.networkInterfaces.bonded[].mtu

Number

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data.attributes.networkInterfaces.bonded[].slaveInterfaces.first

String

Logical name of the first physical interface that is part of the bonding interface.

data.attributes.networkInterfaces.bonded[].slaveInterfaces.second

String

Logical name of the second physical interface that is part of the bonding interface.

data.attributes.networkInterfaces.physical[].device

String

Physical interface that is connected to the logical name.
A list of available interfaces and their supported speed modes can be obtained from the interface status endpoint.

data.attributes.networkInterfaces.physical[].dhcpMode

String

Allowed values:
- OFF
- DHCPV4
- DHCPV6
- DHCPV4_AND_DHCPV6

data.attributes.networkInterfaces.physical[].logicalName

String

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.networkInterfaces.physical[].mtu

Number

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data.attributes.networkInterfaces.virtual[].baseInterfaceName

String

The logical name of the physical or bonded interface on which the VLAN for this virtual interface is configured.

data.attributes.networkInterfaces.virtual[].logicalName

String

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.networkInterfaces.virtual[].mtu

Number

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data.attributes.networkInterfaces.virtual[].vlan

Number

ID of the VLAN to which the virtual interface should be connected.

data.attributes.skinName

String

Skin color of the Configuration Center GUI.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/nodes/current" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "node",
    "id" : "4",
    "attributes" : {
      "hostName" : "testHost",
      "hostNameDhcpInterface" : "MGT",
      "skinName" : "skinBlue",
      "networkInterfaces" : {
        "physical" : [ {
          "logicalName" : "MGT",
          "dhcpMode" : "DHCPV4",
          "device" : "hme0",
          "mtu" : 1499
        } ],
        "bonded" : [ {
          "logicalName" : "EXT",
          "slaveInterfaces" : {
            "first" : "EXT0-a",
            "second" : "EXT0-b"
          },
          "bondingMode" : "ACTIVE_BACKUP",
          "mtu" : 1300
        } ],
        "virtual" : [ {
          "logicalName" : "BACK",
          "baseInterfaceName" : "MGT",
          "vlan" : 42,
          "mtu" : 1400
        } ]
      },
      "backendAddresses" : [ {
        "logicalName" : "BACK",
        "ipAddress" : "127.1.0.1"
      } ],
      "managementAddresses" : [ {
        "logicalName" : "MGT",
        "ipAddress" : "127.2.0.1",
        "port" : 443
      } ],
      "failoverAddresses" : [ {
        "logicalName" : "FAILOVER",
        "privateIpAddress" : "127.0.0.1/24",
        "mirrorIpAddress" : "127.0.0.2"
      } ]
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1287

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:16.002Z"
  },
  "data" : {
    "type" : "node",
    "id" : "4",
    "attributes" : {
      "hostName" : "testHost",
      "hostNameDhcpInterface" : "MGT",
      "skinName" : "skinBlue",
      "networkInterfaces" : {
        "physical" : [ {
          "logicalName" : "MGT",
          "dhcpMode" : "DHCPV4",
          "device" : "hme0",
          "mtu" : 1499
        } ],
        "bonded" : [ {
          "logicalName" : "EXT",
          "slaveInterfaces" : {
            "first" : "EXT0-a",
            "second" : "EXT0-b"
          },
          "bondingMode" : "ACTIVE_BACKUP",
          "mtu" : 1300
        } ],
        "virtual" : [ {
          "logicalName" : "BACK",
          "baseInterfaceName" : "MGT",
          "vlan" : 42,
          "mtu" : 1400
        } ]
      },
      "backendAddresses" : [ {
        "logicalName" : "BACK",
        "ipAddress" : "127.1.0.1"
      } ],
      "managementAddresses" : [ {
        "logicalName" : "MGT",
        "ipAddress" : "127.2.0.1",
        "port" : 443
      } ],
      "failoverAddresses" : [ {
        "logicalName" : "FAILOVER",
        "privateIpAddress" : "127.0.0.1/24",
        "mirrorIpAddress" : "127.0.0.2"
      } ]
    }
  }
}

Access all Nodes and Interfaces

GET /configuration/nodes

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "node" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.backendAddresses[].ipAddress

String

The IP address in CIDR format.

data[].attributes.backendAddresses[].logicalName

String

The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data[].attributes.failoverAddresses[].logicalName

String

The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data[].attributes.failoverAddresses[].mirrorIpAddress

String

Private IP address of the mirror host of this external network interface. This is the private failover IP address of the other Airlock Gateway instance.

data[].attributes.failoverAddresses[].privateIpAddress

String

Private IP address that this external network interface uses for the failover communication link.

data[].attributes.hostName

String

Static system host/node name (ignored if hostNameDhcpInterface is set).

data[].attributes.hostNameDhcpInterface

String

Name of the physical interface from which to retrieve the hostname via DHCP.

data[].attributes.managementAddresses[].ipAddress

String

IP address in CIDR format.

data[].attributes.managementAddresses[].logicalName

String

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data[].attributes.managementAddresses[].port

Number

Port on which the Configuration Center listens for HTTPS (SSL/TLS) connections.

data[].attributes.networkInterfaces.bonded[].bondingMode

String

Bonding mode to use.

Allowed values:
- ACTIVE_BACKUP: Only one slave in the bond is active. A different slave becomes active if and only if the active slave fails. The bond’s MAC address is externally visible on only one port (network adapter) to avoid confusing the switch.
- BALANCE_RR: Round-robin policy that transmits packets in sequential order from the first available slave through the last.
- BALANCE_XOR: Transmit based on [(source MAC address XOR’d with destination MAC address) modulo slave count].
- BALANCE_TLB: Adaptive transmit load balancing. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave.

Note: requires Ethtool support in the base drivers for retrieving the speed and duplex of each slave.
- BALANCE_ALB: ARP-Based adaptive load balancing that includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic.
- BROADCAST: Transmits everything on all slave interfaces.
- IEEE_8023_AD: IEEE 802.3ad Dynamic link aggregation.

Note: requires Ethtool support in the base drivers and a switch that supports IEEE 802.3ad Dynamic link aggregation.

data[].attributes.networkInterfaces.bonded[].logicalName

String

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data[].attributes.networkInterfaces.bonded[].mtu

Number

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data[].attributes.networkInterfaces.bonded[].slaveInterfaces.first

String

Logical name of the first physical interface that is part of the bonding interface.

data[].attributes.networkInterfaces.bonded[].slaveInterfaces.second

String

Logical name of the second physical interface that is part of the bonding interface.

data[].attributes.networkInterfaces.physical[].device

String

Physical interface that is connected to the logical name.
A list of available interfaces and their supported speed modes can be obtained from the interface status endpoint.

data[].attributes.networkInterfaces.physical[].dhcpMode

String

Allowed values:
- OFF
- DHCPV4
- DHCPV6
- DHCPV4_AND_DHCPV6

data[].attributes.networkInterfaces.physical[].logicalName

String

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data[].attributes.networkInterfaces.physical[].mtu

Number

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data[].attributes.networkInterfaces.virtual[].baseInterfaceName

String

The logical name of the physical or bonded interface on which the VLAN for this virtual interface is configured.

data[].attributes.networkInterfaces.virtual[].logicalName

String

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data[].attributes.networkInterfaces.virtual[].mtu

Number

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data[].attributes.networkInterfaces.virtual[].vlan

Number

ID of the VLAN to which the virtual interface should be connected.

data[].attributes.skinName

String

Skin color of the Configuration Center GUI.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/nodes" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1562

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:15.957Z"
  },
  "data" : [ {
    "type" : "node",
    "id" : "1",
    "attributes" : {
      "hostName" : "localhost",
      "hostNameDhcpInterface" : "eth0",
      "skinName" : "skinBlue",
      "networkInterfaces" : {
        "physical" : [ {
          "logicalName" : "EXT0-a",
          "dhcpMode" : "DHCPV4",
          "device" : "hme0",
          "mtu" : 1500
        }, {
          "logicalName" : "EXT0-b",
          "dhcpMode" : "DHCPV4",
          "device" : "hne1",
          "mtu" : 1500
        } ],
        "bonded" : [ {
          "logicalName" : "BOND0",
          "slaveInterfaces" : {
            "first" : "EXT0-a",
            "second" : "EXT0-b"
          },
          "bondingMode" : "BALANCE_RR",
          "mtu" : 1500
        } ],
        "virtual" : [ {
          "logicalName" : "MGT",
          "baseInterfaceName" : "EXT",
          "vlan" : 1,
          "mtu" : 1500
        }, {
          "logicalName" : "BACK",
          "baseInterfaceName" : "EXT",
          "vlan" : 1,
          "mtu" : 1500
        } ]
      },
      "backendAddresses" : [ {
        "logicalName" : "MGT",
        "ipAddress" : "192.168.0.1"
      } ],
      "managementAddresses" : [ {
        "logicalName" : "BACK",
        "ipAddress" : "192.168.1.1",
        "port" : 443
      } ],
      "failoverAddresses" : [ {
        "logicalName" : "FAILOVER",
        "privateIpAddress" : "10.0.69.1/24",
        "mirrorIpAddress" : "10.0.69.2"
      } ]
    }
  } ]
}

Access a Node

GET /configuration/nodes/{id}

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "node" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.backendAddresses[].ipAddress

String

The IP address in CIDR format.

data.attributes.backendAddresses[].logicalName

String

The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.failoverAddresses[].logicalName

String

The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.failoverAddresses[].mirrorIpAddress

String

Private IP address of the mirror host of this external network interface. This is the private failover IP address of the other Airlock Gateway instance.

data.attributes.failoverAddresses[].privateIpAddress

String

Private IP address that this external network interface uses for the failover communication link.

data.attributes.hostName

String

Static system host/node name (ignored if hostNameDhcpInterface is set).

data.attributes.hostNameDhcpInterface

String

Name of the physical interface from which to retrieve the hostname via DHCP.

data.attributes.managementAddresses[].ipAddress

String

IP address in CIDR format.

data.attributes.managementAddresses[].logicalName

String

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.managementAddresses[].port

Number

Port on which the Configuration Center listens for HTTPS (SSL/TLS) connections.

data.attributes.networkInterfaces.bonded[].bondingMode

String

Bonding mode to use.

Allowed values:
- ACTIVE_BACKUP: Only one slave in the bond is active. A different slave becomes active if and only if the active slave fails. The bond’s MAC address is externally visible on only one port (network adapter) to avoid confusing the switch.
- BALANCE_RR: Round-robin policy that transmits packets in sequential order from the first available slave through the last.
- BALANCE_XOR: Transmit based on [(source MAC address XOR’d with destination MAC address) modulo slave count].
- BALANCE_TLB: Adaptive transmit load balancing. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave.

Note: requires Ethtool support in the base drivers for retrieving the speed and duplex of each slave.
- BALANCE_ALB: ARP-Based adaptive load balancing that includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic.
- BROADCAST: Transmits everything on all slave interfaces.
- IEEE_8023_AD: IEEE 802.3ad Dynamic link aggregation.

Note: requires Ethtool support in the base drivers and a switch that supports IEEE 802.3ad Dynamic link aggregation.

data.attributes.networkInterfaces.bonded[].logicalName

String

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.networkInterfaces.bonded[].mtu

Number

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data.attributes.networkInterfaces.bonded[].slaveInterfaces.first

String

Logical name of the first physical interface that is part of the bonding interface.

data.attributes.networkInterfaces.bonded[].slaveInterfaces.second

String

Logical name of the second physical interface that is part of the bonding interface.

data.attributes.networkInterfaces.physical[].device

String

Physical interface that is connected to the logical name.
A list of available interfaces and their supported speed modes can be obtained from the interface status endpoint.

data.attributes.networkInterfaces.physical[].dhcpMode

String

Allowed values:
- OFF
- DHCPV4
- DHCPV6
- DHCPV4_AND_DHCPV6

data.attributes.networkInterfaces.physical[].logicalName

String

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.networkInterfaces.physical[].mtu

Number

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data.attributes.networkInterfaces.virtual[].baseInterfaceName

String

The logical name of the physical or bonded interface on which the VLAN for this virtual interface is configured.

data.attributes.networkInterfaces.virtual[].logicalName

String

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.networkInterfaces.virtual[].mtu

Number

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data.attributes.networkInterfaces.virtual[].vlan

Number

ID of the VLAN to which the virtual interface should be connected.

data.attributes.skinName

String

Skin color of the Configuration Center GUI.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/nodes/4" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1558

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:15.850Z"
  },
  "data" : {
    "type" : "node",
    "id" : "4",
    "attributes" : {
      "hostName" : "localhost",
      "hostNameDhcpInterface" : "eth0",
      "skinName" : "skinBlue",
      "networkInterfaces" : {
        "physical" : [ {
          "logicalName" : "EXT0-a",
          "dhcpMode" : "DHCPV4",
          "device" : "hme0",
          "mtu" : 1500
        }, {
          "logicalName" : "EXT0-b",
          "dhcpMode" : "DHCPV4",
          "device" : "hne1",
          "mtu" : 1500
        } ],
        "bonded" : [ {
          "logicalName" : "BOND0",
          "slaveInterfaces" : {
            "first" : "EXT0-a",
            "second" : "EXT0-b"
          },
          "bondingMode" : "BALANCE_RR",
          "mtu" : 1500
        } ],
        "virtual" : [ {
          "logicalName" : "MGT",
          "baseInterfaceName" : "EXT",
          "vlan" : 1,
          "mtu" : 1500
        }, {
          "logicalName" : "BACK",
          "baseInterfaceName" : "EXT",
          "vlan" : 1,
          "mtu" : 1500
        } ]
      },
      "backendAddresses" : [ {
        "logicalName" : "MGT",
        "ipAddress" : "192.168.0.1"
      } ],
      "managementAddresses" : [ {
        "logicalName" : "BACK",
        "ipAddress" : "192.168.1.1",
        "port" : 443
      } ],
      "failoverAddresses" : [ {
        "logicalName" : "FAILOVER",
        "privateIpAddress" : "10.0.69.1/24",
        "mirrorIpAddress" : "10.0.69.2"
      } ]
    }
  }
}

Create a Node

If you try to create more than a total of two nodes (current and failover), the error code 'BAD REQUEST' will be returned.

POST /configuration/nodes

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "node" for this call.

data.attributes.backendAddresses[].ipAddress

String

yes

The IP address in CIDR format.

data.attributes.backendAddresses[].logicalName

String

yes

The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.failoverAddresses[].logicalName

String

yes

The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.failoverAddresses[].mirrorIpAddress

String

yes

Private IP address of the mirror host of this external network interface. This is the private failover IP address of the other Airlock Gateway instance.

data.attributes.failoverAddresses[].privateIpAddress

String

yes

Private IP address that this external network interface uses for the failover communication link.

data.attributes.hostName

String

yes

Static system host/node name (ignored if hostNameDhcpInterface is set).

data.attributes.hostNameDhcpInterface

String

yes

Name of the physical interface from which to retrieve the hostname via DHCP.

data.attributes.managementAddresses[].ipAddress

String

yes

IP address in CIDR format.

data.attributes.managementAddresses[].logicalName

String

yes

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.managementAddresses[].port

Number

yes

Port on which the Configuration Center listens for HTTPS (SSL/TLS) connections.

data.attributes.networkInterfaces.bonded[].bondingMode

String

yes

Bonding mode to use.

Allowed values:
- ACTIVE_BACKUP: Only one slave in the bond is active. A different slave becomes active if and only if the active slave fails. The bond’s MAC address is externally visible on only one port (network adapter) to avoid confusing the switch.
- BALANCE_RR: Round-robin policy that transmits packets in sequential order from the first available slave through the last.
- BALANCE_XOR: Transmit based on [(source MAC address XOR’d with destination MAC address) modulo slave count].
- BALANCE_TLB: Adaptive transmit load balancing. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave.

Note: requires Ethtool support in the base drivers for retrieving the speed and duplex of each slave.
- BALANCE_ALB: ARP-Based adaptive load balancing that includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic.
- BROADCAST: Transmits everything on all slave interfaces.
- IEEE_8023_AD: IEEE 802.3ad Dynamic link aggregation.

Note: requires Ethtool support in the base drivers and a switch that supports IEEE 802.3ad Dynamic link aggregation.

data.attributes.networkInterfaces.bonded[].logicalName

String

yes

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.networkInterfaces.bonded[].mtu

Number

yes

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data.attributes.networkInterfaces.bonded[].slaveInterfaces.first

String

yes

Logical name of the first physical interface that is part of the bonding interface.

data.attributes.networkInterfaces.bonded[].slaveInterfaces.second

String

yes

Logical name of the second physical interface that is part of the bonding interface.

data.attributes.networkInterfaces.physical[].device

String

yes

Physical interface that is connected to the logical name.
A list of available interfaces and their supported speed modes can be obtained from the interface status endpoint.

data.attributes.networkInterfaces.physical[].dhcpMode

String

yes

Allowed values:
- OFF
- DHCPV4
- DHCPV6
- DHCPV4_AND_DHCPV6

data.attributes.networkInterfaces.physical[].logicalName

String

yes

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.networkInterfaces.physical[].mtu

Number

yes

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data.attributes.networkInterfaces.virtual[].baseInterfaceName

String

yes

The logical name of the physical or bonded interface on which the VLAN for this virtual interface is configured.

data.attributes.networkInterfaces.virtual[].logicalName

String

yes

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.networkInterfaces.virtual[].mtu

Number

yes

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data.attributes.networkInterfaces.virtual[].vlan

Number

yes

ID of the VLAN to which the virtual interface should be connected.

data.attributes.skinName

String

yes

Skin color of the Configuration Center GUI.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "node" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.backendAddresses[].ipAddress

String

The IP address in CIDR format.

data.attributes.backendAddresses[].logicalName

String

The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.failoverAddresses[].logicalName

String

The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.failoverAddresses[].mirrorIpAddress

String

Private IP address of the mirror host of this external network interface. This is the private failover IP address of the other Airlock Gateway instance.

data.attributes.failoverAddresses[].privateIpAddress

String

Private IP address that this external network interface uses for the failover communication link.

data.attributes.hostName

String

Static system host/node name (ignored if hostNameDhcpInterface is set).

data.attributes.hostNameDhcpInterface

String

Name of the physical interface from which to retrieve the hostname via DHCP.

data.attributes.managementAddresses[].ipAddress

String

IP address in CIDR format.

data.attributes.managementAddresses[].logicalName

String

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.managementAddresses[].port

Number

Port on which the Configuration Center listens for HTTPS (SSL/TLS) connections.

data.attributes.networkInterfaces.bonded[].bondingMode

String

Bonding mode to use.

Allowed values:
- ACTIVE_BACKUP: Only one slave in the bond is active. A different slave becomes active if and only if the active slave fails. The bond’s MAC address is externally visible on only one port (network adapter) to avoid confusing the switch.
- BALANCE_RR: Round-robin policy that transmits packets in sequential order from the first available slave through the last.
- BALANCE_XOR: Transmit based on [(source MAC address XOR’d with destination MAC address) modulo slave count].
- BALANCE_TLB: Adaptive transmit load balancing. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave.

Note: requires Ethtool support in the base drivers for retrieving the speed and duplex of each slave.
- BALANCE_ALB: ARP-Based adaptive load balancing that includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic.
- BROADCAST: Transmits everything on all slave interfaces.
- IEEE_8023_AD: IEEE 802.3ad Dynamic link aggregation.

Note: requires Ethtool support in the base drivers and a switch that supports IEEE 802.3ad Dynamic link aggregation.

data.attributes.networkInterfaces.bonded[].logicalName

String

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.networkInterfaces.bonded[].mtu

Number

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data.attributes.networkInterfaces.bonded[].slaveInterfaces.first

String

Logical name of the first physical interface that is part of the bonding interface.

data.attributes.networkInterfaces.bonded[].slaveInterfaces.second

String

Logical name of the second physical interface that is part of the bonding interface.

data.attributes.networkInterfaces.physical[].device

String

Physical interface that is connected to the logical name.
A list of available interfaces and their supported speed modes can be obtained from the interface status endpoint.

data.attributes.networkInterfaces.physical[].dhcpMode

String

Allowed values:
- OFF
- DHCPV4
- DHCPV6
- DHCPV4_AND_DHCPV6

data.attributes.networkInterfaces.physical[].logicalName

String

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.networkInterfaces.physical[].mtu

Number

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data.attributes.networkInterfaces.virtual[].baseInterfaceName

String

The logical name of the physical or bonded interface on which the VLAN for this virtual interface is configured.

data.attributes.networkInterfaces.virtual[].logicalName

String

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.networkInterfaces.virtual[].mtu

Number

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data.attributes.networkInterfaces.virtual[].vlan

Number

ID of the VLAN to which the virtual interface should be connected.

data.attributes.skinName

String

Skin color of the Configuration Center GUI.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/nodes" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "node",
    "attributes" : {
      "hostName" : "failo",
      "hostNameDhcpInterface" : "pci4n",
      "skinName" : "orange",
      "networkInterfaces" : {
        "physical" : [ {
          "logicalName" : "MGT",
          "dhcpMode" : "DHCPV4",
          "device" : "pci4n",
          "mtu" : 1499
        } ],
        "bonded" : [ {
          "logicalName" : "EXT",
          "slaveInterfaces" : {
            "first" : "EXT0-a",
            "second" : "EXT0-b"
          },
          "bondingMode" : "ACTIVE_BACKUP",
          "mtu" : 1300
        } ],
        "virtual" : [ {
          "logicalName" : "BACK",
          "baseInterfaceName" : "MGT",
          "vlan" : 42,
          "mtu" : 1400
        } ]
      },
      "backendAddresses" : [ {
        "logicalName" : "BACK",
        "ipAddress" : "127.1.0.1"
      } ],
      "managementAddresses" : [ {
        "logicalName" : "MGT",
        "ipAddress" : "127.2.0.1",
        "port" : 443
      } ],
      "failoverAddresses" : [ {
        "logicalName" : "FAILOVER",
        "privateIpAddress" : "127.0.0.1/24",
        "mirrorIpAddress" : "127.0.0.2"
      } ]
    }
  }
}'

Example Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 1285

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:15.906Z"
  },
  "data" : {
    "type" : "node",
    "id" : "4",
    "attributes" : {
      "hostName" : "failo",
      "hostNameDhcpInterface" : "pci4n",
      "skinName" : "orange",
      "networkInterfaces" : {
        "physical" : [ {
          "logicalName" : "MGT",
          "dhcpMode" : "DHCPV4",
          "device" : "pci4n",
          "mtu" : 1499
        } ],
        "bonded" : [ {
          "logicalName" : "EXT",
          "slaveInterfaces" : {
            "first" : "EXT0-a",
            "second" : "EXT0-b"
          },
          "bondingMode" : "ACTIVE_BACKUP",
          "mtu" : 1300
        } ],
        "virtual" : [ {
          "logicalName" : "BACK",
          "baseInterfaceName" : "MGT",
          "vlan" : 42,
          "mtu" : 1400
        } ]
      },
      "backendAddresses" : [ {
        "logicalName" : "BACK",
        "ipAddress" : "127.1.0.1"
      } ],
      "managementAddresses" : [ {
        "logicalName" : "MGT",
        "ipAddress" : "127.2.0.1",
        "port" : 443
      } ],
      "failoverAddresses" : [ {
        "logicalName" : "FAILOVER",
        "privateIpAddress" : "127.0.0.1/24",
        "mirrorIpAddress" : "127.0.0.2"
      } ]
    }
  }
}

Update a Node

PATCH /configuration/nodes/{id}

Content-Type application/json

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "node" for this call.

data.id

String

yes

The ID of the resource to be addressed.

data.attributes.backendAddresses[].ipAddress

String

no

The IP address in CIDR format.

data.attributes.backendAddresses[].logicalName

String

no

The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.failoverAddresses[].logicalName

String

no

The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.failoverAddresses[].mirrorIpAddress

String

no

Private IP address of the mirror host of this external network interface. This is the private failover IP address of the other Airlock Gateway instance.

data.attributes.failoverAddresses[].privateIpAddress

String

no

Private IP address that this external network interface uses for the failover communication link.

data.attributes.hostName

String

no

Static system host/node name (ignored if hostNameDhcpInterface is set).

data.attributes.hostNameDhcpInterface

String

no

Name of the physical interface from which to retrieve the hostname via DHCP.

data.attributes.managementAddresses[].ipAddress

String

no

IP address in CIDR format.

data.attributes.managementAddresses[].logicalName

String

no

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.managementAddresses[].port

Number

no

Port on which the Configuration Center listens for HTTPS (SSL/TLS) connections.

data.attributes.networkInterfaces.bonded[].bondingMode

String

no

Bonding mode to use.

Allowed values:
- ACTIVE_BACKUP: Only one slave in the bond is active. A different slave becomes active if and only if the active slave fails. The bond’s MAC address is externally visible on only one port (network adapter) to avoid confusing the switch.
- BALANCE_RR: Round-robin policy that transmits packets in sequential order from the first available slave through the last.
- BALANCE_XOR: Transmit based on [(source MAC address XOR’d with destination MAC address) modulo slave count].
- BALANCE_TLB: Adaptive transmit load balancing. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave.

Note: requires Ethtool support in the base drivers for retrieving the speed and duplex of each slave.
- BALANCE_ALB: ARP-Based adaptive load balancing that includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic.
- BROADCAST: Transmits everything on all slave interfaces.
- IEEE_8023_AD: IEEE 802.3ad Dynamic link aggregation.

Note: requires Ethtool support in the base drivers and a switch that supports IEEE 802.3ad Dynamic link aggregation.

data.attributes.networkInterfaces.bonded[].logicalName

String

no

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.networkInterfaces.bonded[].mtu

Number

no

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data.attributes.networkInterfaces.bonded[].slaveInterfaces.first

String

no

Logical name of the first physical interface that is part of the bonding interface.

data.attributes.networkInterfaces.bonded[].slaveInterfaces.second

String

no

Logical name of the second physical interface that is part of the bonding interface.

data.attributes.networkInterfaces.physical[].device

String

no

Physical interface that is connected to the logical name.
A list of available interfaces and their supported speed modes can be obtained from the interface status endpoint.

data.attributes.networkInterfaces.physical[].dhcpMode

String

no

Allowed values:
- OFF
- DHCPV4
- DHCPV6
- DHCPV4_AND_DHCPV6

data.attributes.networkInterfaces.physical[].logicalName

String

no

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.networkInterfaces.physical[].mtu

Number

no

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data.attributes.networkInterfaces.virtual[].baseInterfaceName

String

no

The logical name of the physical or bonded interface on which the VLAN for this virtual interface is configured.

data.attributes.networkInterfaces.virtual[].logicalName

String

no

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.networkInterfaces.virtual[].mtu

Number

no

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data.attributes.networkInterfaces.virtual[].vlan

Number

no

ID of the VLAN to which the virtual interface should be connected.

data.attributes.skinName

String

no

Skin color of the Configuration Center GUI.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "node" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.backendAddresses[].ipAddress

String

The IP address in CIDR format.

data.attributes.backendAddresses[].logicalName

String

The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.failoverAddresses[].logicalName

String

The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.failoverAddresses[].mirrorIpAddress

String

Private IP address of the mirror host of this external network interface. This is the private failover IP address of the other Airlock Gateway instance.

data.attributes.failoverAddresses[].privateIpAddress

String

Private IP address that this external network interface uses for the failover communication link.

data.attributes.hostName

String

Static system host/node name (ignored if hostNameDhcpInterface is set).

data.attributes.hostNameDhcpInterface

String

Name of the physical interface from which to retrieve the hostname via DHCP.

data.attributes.managementAddresses[].ipAddress

String

IP address in CIDR format.

data.attributes.managementAddresses[].logicalName

String

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.managementAddresses[].port

Number

Port on which the Configuration Center listens for HTTPS (SSL/TLS) connections.

data.attributes.networkInterfaces.bonded[].bondingMode

String

Bonding mode to use.

Allowed values:
- ACTIVE_BACKUP: Only one slave in the bond is active. A different slave becomes active if and only if the active slave fails. The bond’s MAC address is externally visible on only one port (network adapter) to avoid confusing the switch.
- BALANCE_RR: Round-robin policy that transmits packets in sequential order from the first available slave through the last.
- BALANCE_XOR: Transmit based on [(source MAC address XOR’d with destination MAC address) modulo slave count].
- BALANCE_TLB: Adaptive transmit load balancing. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave.

Note: requires Ethtool support in the base drivers for retrieving the speed and duplex of each slave.
- BALANCE_ALB: ARP-Based adaptive load balancing that includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic.
- BROADCAST: Transmits everything on all slave interfaces.
- IEEE_8023_AD: IEEE 802.3ad Dynamic link aggregation.

Note: requires Ethtool support in the base drivers and a switch that supports IEEE 802.3ad Dynamic link aggregation.

data.attributes.networkInterfaces.bonded[].logicalName

String

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.networkInterfaces.bonded[].mtu

Number

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data.attributes.networkInterfaces.bonded[].slaveInterfaces.first

String

Logical name of the first physical interface that is part of the bonding interface.

data.attributes.networkInterfaces.bonded[].slaveInterfaces.second

String

Logical name of the second physical interface that is part of the bonding interface.

data.attributes.networkInterfaces.physical[].device

String

Physical interface that is connected to the logical name.
A list of available interfaces and their supported speed modes can be obtained from the interface status endpoint.

data.attributes.networkInterfaces.physical[].dhcpMode

String

Allowed values:
- OFF
- DHCPV4
- DHCPV6
- DHCPV4_AND_DHCPV6

data.attributes.networkInterfaces.physical[].logicalName

String

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.networkInterfaces.physical[].mtu

Number

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data.attributes.networkInterfaces.virtual[].baseInterfaceName

String

The logical name of the physical or bonded interface on which the VLAN for this virtual interface is configured.

data.attributes.networkInterfaces.virtual[].logicalName

String

The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration.

data.attributes.networkInterfaces.virtual[].mtu

Number

MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments.
Ask your network administrator for more details.

data.attributes.networkInterfaces.virtual[].vlan

Number

ID of the VLAN to which the virtual interface should be connected.

data.attributes.skinName

String

Skin color of the Configuration Center GUI.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/nodes/4" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "node",
    "id" : "4",
    "attributes" : {
      "hostName" : "testHost",
      "hostNameDhcpInterface" : "MGT",
      "skinName" : "skinBlue",
      "networkInterfaces" : {
        "physical" : [ {
          "logicalName" : "MGT",
          "dhcpMode" : "DHCPV4",
          "device" : "hme0",
          "mtu" : 1499
        } ],
        "bonded" : [ {
          "logicalName" : "EXT",
          "slaveInterfaces" : {
            "first" : "EXT0-a",
            "second" : "EXT0-b"
          },
          "bondingMode" : "ACTIVE_BACKUP",
          "mtu" : 1300
        } ],
        "virtual" : [ {
          "logicalName" : "BACK",
          "baseInterfaceName" : "MGT",
          "vlan" : 42,
          "mtu" : 1400
        } ]
      },
      "backendAddresses" : [ {
        "logicalName" : "BACK",
        "ipAddress" : "127.1.0.1"
      } ],
      "managementAddresses" : [ {
        "logicalName" : "MGT",
        "ipAddress" : "127.2.0.1",
        "port" : 443
      } ],
      "failoverAddresses" : [ {
        "logicalName" : "FAILOVER",
        "privateIpAddress" : "127.0.0.1/24",
        "mirrorIpAddress" : "127.0.0.2"
      } ]
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1287

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:16.031Z"
  },
  "data" : {
    "type" : "node",
    "id" : "4",
    "attributes" : {
      "hostName" : "testHost",
      "hostNameDhcpInterface" : "MGT",
      "skinName" : "skinBlue",
      "networkInterfaces" : {
        "physical" : [ {
          "logicalName" : "MGT",
          "dhcpMode" : "DHCPV4",
          "device" : "hme0",
          "mtu" : 1499
        } ],
        "bonded" : [ {
          "logicalName" : "EXT",
          "slaveInterfaces" : {
            "first" : "EXT0-a",
            "second" : "EXT0-b"
          },
          "bondingMode" : "ACTIVE_BACKUP",
          "mtu" : 1300
        } ],
        "virtual" : [ {
          "logicalName" : "BACK",
          "baseInterfaceName" : "MGT",
          "vlan" : 42,
          "mtu" : 1400
        } ]
      },
      "backendAddresses" : [ {
        "logicalName" : "BACK",
        "ipAddress" : "127.1.0.1"
      } ],
      "managementAddresses" : [ {
        "logicalName" : "MGT",
        "ipAddress" : "127.2.0.1",
        "port" : 443
      } ],
      "failoverAddresses" : [ {
        "logicalName" : "FAILOVER",
        "privateIpAddress" : "127.0.0.1/24",
        "mirrorIpAddress" : "127.0.0.2"
      } ]
    }
  }
}

Delete a Node

Only the failover node can be deleted, if you supply the id of the current node, the error code 'BAD REQUEST' will be returned.

DELETE /configuration/nodes/{id}

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/nodes/5" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Routes

Access Default Gateways and Settings

GET /configuration/routes/default

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "route-default" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.ipv4.destinationRoutesFromDhcpEnabled

Boolean

Enables configuration of static routes via DHCP for all interfaces with DHCP enabled.
Static routes may be configured via the DHCP Static Route option (option 33) or via Classless Static Route Option (RFC3442).

data.attributes.ipv4.dhcpInterface

String

The logical name of the physical interface to retrieve the default gateway from. DHCP needs to be enabled on that interface.

data.attributes.ipv4.gateway

String

Static IPv4 address of the default gateway for destination based routing (ignored if dhcpInterface is set).

data.attributes.ipv4.sourceRoutesFromDhcpEnabled

Boolean

Enables automatic configuration of source-based routes for interfaces with enabled DHCP. Then for each interface with a default gateway, a source-based routing rule is generated.

data.attributes.ipv6.gateway

String

Static IPv6 address of the default gateway for destination based routing.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/default" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 459

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:28.092Z"
  },
  "data" : {
    "type" : "route-default",
    "id" : "2",
    "attributes" : {
      "ipv4" : {
        "dhcpInterface" : "INT",
        "gateway" : "192.168.1.42",
        "destinationRoutesFromDhcpEnabled" : true,
        "sourceRoutesFromDhcpEnabled" : true
      },
      "ipv6" : {
        "gateway" : "2001:1620:2000:1861::1"
      }
    }
  }
}

Update Default Gateways and Settings

PATCH /configuration/routes/default

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "route-default" for this call.

data.attributes.ipv4.destinationRoutesFromDhcpEnabled

Boolean

no

Enables configuration of static routes via DHCP for all interfaces with DHCP enabled.
Static routes may be configured via the DHCP Static Route option (option 33) or via Classless Static Route Option (RFC3442).

data.attributes.ipv4.dhcpInterface

String

no

The logical name of the physical interface to retrieve the default gateway from. DHCP needs to be enabled on that interface.

data.attributes.ipv4.gateway

String

no

Static IPv4 address of the default gateway for destination based routing (ignored if dhcpInterface is set).

data.attributes.ipv4.sourceRoutesFromDhcpEnabled

Boolean

no

Enables automatic configuration of source-based routes for interfaces with enabled DHCP. Then for each interface with a default gateway, a source-based routing rule is generated.

data.attributes.ipv6.gateway

String

no

Static IPv6 address of the default gateway for destination based routing.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "route-default" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.ipv4.destinationRoutesFromDhcpEnabled

Boolean

Enables configuration of static routes via DHCP for all interfaces with DHCP enabled.
Static routes may be configured via the DHCP Static Route option (option 33) or via Classless Static Route Option (RFC3442).

data.attributes.ipv4.dhcpInterface

String

The logical name of the physical interface to retrieve the default gateway from. DHCP needs to be enabled on that interface.

data.attributes.ipv4.gateway

String

Static IPv4 address of the default gateway for destination based routing (ignored if dhcpInterface is set).

data.attributes.ipv4.sourceRoutesFromDhcpEnabled

Boolean

Enables automatic configuration of source-based routes for interfaces with enabled DHCP. Then for each interface with a default gateway, a source-based routing rule is generated.

data.attributes.ipv6.gateway

String

Static IPv6 address of the default gateway for destination based routing.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/default" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "route-default",
    "attributes" : {
      "ipv4" : {
        "dhcpInterface" : "EXT",
        "gateway" : "192.168.1.42",
        "destinationRoutesFromDhcpEnabled" : true,
        "sourceRoutesFromDhcpEnabled" : true
      },
      "ipv6" : {
        "gateway" : "::1"
      }
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 440

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:28.119Z"
  },
  "data" : {
    "type" : "route-default",
    "id" : "2",
    "attributes" : {
      "ipv4" : {
        "dhcpInterface" : "EXT",
        "gateway" : "192.168.1.42",
        "destinationRoutesFromDhcpEnabled" : true,
        "sourceRoutesFromDhcpEnabled" : true
      },
      "ipv6" : {
        "gateway" : "::1"
      }
    }
  }
}

Access all IPv4 Destination Routes

GET /configuration/routes/ipv4/destination

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "route-ipv4-destination" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.destination

String

Destination IPv4 address or network for this routing rule, in CIDR format (e.g. 192.168.1.1/24).

data[].attributes.gateway

String

IPv4 address of the gateway for this routing rule.

data[].attributes.logicalName

String

Force the route to be associated with the specified interface.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv4/destination" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 312

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:30.261Z"
  },
  "data" : [ {
    "type" : "route-ipv4-destination",
    "id" : "1",
    "attributes" : {
      "gateway" : "192.168.0.1",
      "destination" : "192.168.1.0/24",
      "logicalName" : "INT"
    }
  } ]
}

Access an IPv4 Destination Route

GET /configuration/routes/ipv4/destination/{id}

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "route-ipv4-destination" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.destination

String

Destination IPv4 address or network for this routing rule, in CIDR format (e.g. 192.168.1.1/24).

data.attributes.gateway

String

IPv4 address of the gateway for this routing rule.

data.attributes.logicalName

String

Force the route to be associated with the specified interface.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv4/destination/2" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 308

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:30.199Z"
  },
  "data" : {
    "type" : "route-ipv4-destination",
    "id" : "2",
    "attributes" : {
      "gateway" : "192.168.0.1",
      "destination" : "192.168.2.0/24",
      "logicalName" : "INT"
    }
  }
}

Create an IPv4 Destination Route

POST /configuration/routes/ipv4/destination

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "route-ipv4-destination" for this call.

data.attributes.destination

String

no

Destination IPv4 address or network for this routing rule, in CIDR format (e.g. 192.168.1.1/24).

data.attributes.gateway

String

no

IPv4 address of the gateway for this routing rule.

data.attributes.logicalName

String

no

Force the route to be associated with the specified interface.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "route-ipv4-destination" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.destination

String

Destination IPv4 address or network for this routing rule, in CIDR format (e.g. 192.168.1.1/24).

data.attributes.gateway

String

IPv4 address of the gateway for this routing rule.

data.attributes.logicalName

String

Force the route to be associated with the specified interface.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv4/destination" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "route-ipv4-destination",
    "attributes" : {
      "gateway" : "127.0.0.1",
      "destination" : "8.0.0.0/12",
      "logicalName" : "INT"
    }
  }
}'

Example Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 302

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:30.233Z"
  },
  "data" : {
    "type" : "route-ipv4-destination",
    "id" : "4",
    "attributes" : {
      "gateway" : "127.0.0.1",
      "destination" : "8.0.0.0/12",
      "logicalName" : "INT"
    }
  }
}

Update an IPv4 Destination Route

PATCH /configuration/routes/ipv4/destination/{id}

Content-Type application/json

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "route-ipv4-destination" for this call.

data.id

String

yes

The ID of the resource to be addressed.

data.attributes.destination

String

no

Destination IPv4 address or network for this routing rule, in CIDR format (e.g. 192.168.1.1/24).

data.attributes.gateway

String

no

IPv4 address of the gateway for this routing rule.

data.attributes.logicalName

String

no

Force the route to be associated with the specified interface.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "route-ipv4-destination" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.destination

String

Destination IPv4 address or network for this routing rule, in CIDR format (e.g. 192.168.1.1/24).

data.attributes.gateway

String

IPv4 address of the gateway for this routing rule.

data.attributes.logicalName

String

Force the route to be associated with the specified interface.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv4/destination/1" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "route-ipv4-destination",
    "id" : "1",
    "attributes" : {
      "gateway" : "127.0.0.1",
      "destination" : "8.0.0.0/12",
      "logicalName" : "MGT"
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 302

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:30.277Z"
  },
  "data" : {
    "type" : "route-ipv4-destination",
    "id" : "1",
    "attributes" : {
      "gateway" : "127.0.0.1",
      "destination" : "8.0.0.0/12",
      "logicalName" : "MGT"
    }
  }
}

Delete an IPv4 Destination Route

DELETE /configuration/routes/ipv4/destination/{id}

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv4/destination/1" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Access all IPv4 Source Routes

GET /configuration/routes/ipv4/source

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "route-ipv4-source" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.gateway

String

IPv4 address of the gateway for this routing rule.

data[].attributes.source

String

Source IPv4 address or network for this routing rule, in CIDR format (e.g. 192.168.1.1/24).

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv4/source" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 273

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:32.462Z"
  },
  "data" : [ {
    "type" : "route-ipv4-source",
    "id" : "1",
    "attributes" : {
      "gateway" : "192.168.0.1",
      "source" : "192.168.1.8/32"
    }
  } ]
}

Access a IPv4 Source Route

GET /configuration/routes/ipv4/source/{id}

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "route-ipv4-source" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.gateway

String

IPv4 address of the gateway for this routing rule.

data.attributes.source

String

Source IPv4 address or network for this routing rule, in CIDR format (e.g. 192.168.1.1/24).

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv4/source/2" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 269

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:32.408Z"
  },
  "data" : {
    "type" : "route-ipv4-source",
    "id" : "2",
    "attributes" : {
      "gateway" : "192.168.0.1",
      "source" : "192.168.2.8/32"
    }
  }
}

Create an IPv4 Source Route

POST /configuration/routes/ipv4/source

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "route-ipv4-source" for this call.

data.attributes.gateway

String

yes

IPv4 address of the gateway for this routing rule.

data.attributes.source

String

yes

Source IPv4 address or network for this routing rule, in CIDR format (e.g. 192.168.1.1/24).

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "route-ipv4-source" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.gateway

String

IPv4 address of the gateway for this routing rule.

data.attributes.source

String

Source IPv4 address or network for this routing rule, in CIDR format (e.g. 192.168.1.1/24).

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv4/source" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "route-ipv4-source",
    "attributes" : {
      "gateway" : "127.2.3.4",
      "source" : "1.2.3.4/32"
    }
  }
}'

Example Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 263

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:32.431Z"
  },
  "data" : {
    "type" : "route-ipv4-source",
    "id" : "4",
    "attributes" : {
      "gateway" : "127.2.3.4",
      "source" : "1.2.3.4/32"
    }
  }
}

Update an IPv4 Source Route

PATCH /configuration/routes/ipv4/source/{id}

Content-Type application/json

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "route-ipv4-source" for this call.

data.id

String

yes

The ID of the resource to be addressed.

data.attributes.gateway

String

no

IPv4 address of the gateway for this routing rule.

data.attributes.source

String

no

Source IPv4 address or network for this routing rule, in CIDR format (e.g. 192.168.1.1/24).

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "route-ipv4-source" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.gateway

String

IPv4 address of the gateway for this routing rule.

data.attributes.source

String

Source IPv4 address or network for this routing rule, in CIDR format (e.g. 192.168.1.1/24).

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv4/source/1" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "route-ipv4-source",
    "id" : "1",
    "attributes" : {
      "gateway" : "127.0.0.1",
      "source" : "1.2.3.4/32"
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 263

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:32.480Z"
  },
  "data" : {
    "type" : "route-ipv4-source",
    "id" : "1",
    "attributes" : {
      "gateway" : "127.0.0.1",
      "source" : "1.2.3.4/32"
    }
  }
}

Delete an IPv4 Source Route

DELETE /configuration/routes/ipv4/source/{id}

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv4/source/1" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Access all IPv6 Destination Routes

GET /configuration/routes/ipv6/destination

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "route-ipv6-destination" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.destination

String

Destination IPv6 address or network for this routing rule, in CIDR format (e.g. 2001:db8::1::1/64).

data[].attributes.gateway

String

IPv6 address of the gateway for this routing rule.

data[].attributes.logicalName

String

Force the route to be associated with the specified interface.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv6/destination" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 333

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:34.795Z"
  },
  "data" : [ {
    "type" : "route-ipv6-destination",
    "id" : "1",
    "attributes" : {
      "gateway" : "2001:1620:2000:1860::1",
      "destination" : "2001:1620:2000:1861::/64",
      "logicalName" : "INT"
    }
  } ]
}

Access an IPv6 Destination Route

GET /configuration/routes/ipv6/destination/{id}

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "route-ipv6-destination" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.destination

String

Destination IPv6 address or network for this routing rule, in CIDR format (e.g. 2001:db8::1::1/64).

data.attributes.gateway

String

IPv6 address of the gateway for this routing rule.

data.attributes.logicalName

String

Force the route to be associated with the specified interface.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv6/destination/2" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:34.745Z"
  },
  "data" : {
    "type" : "route-ipv6-destination",
    "id" : "2",
    "attributes" : {
      "gateway" : "2001:1620:2000:1860::1",
      "destination" : "2001:1620:2000:1862::/64",
      "logicalName" : "INT"
    }
  }
}

Update an IPv6 Destination Route

PATCH /configuration/routes/ipv6/destination/{id}

Content-Type application/json

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "route-ipv6-destination" for this call.

data.id

String

yes

The ID of the resource to be addressed.

data.attributes.destination

String

no

Destination IPv6 address or network for this routing rule, in CIDR format (e.g. 2001:db8::1::1/64).

data.attributes.gateway

String

no

IPv6 address of the gateway for this routing rule.

data.attributes.logicalName

String

no

Force the route to be associated with the specified interface.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "route-ipv6-destination" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.destination

String

Destination IPv6 address or network for this routing rule, in CIDR format (e.g. 2001:db8::1::1/64).

data.attributes.gateway

String

IPv6 address of the gateway for this routing rule.

data.attributes.logicalName

String

Force the route to be associated with the specified interface.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv6/destination/1" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "route-ipv6-destination",
    "id" : "1",
    "attributes" : {
      "gateway" : "2001:1620:2000:1860::1",
      "destination" : "2001:1620:2000:1861::/64",
      "logicalName" : "MGT"
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:34.811Z"
  },
  "data" : {
    "type" : "route-ipv6-destination",
    "id" : "1",
    "attributes" : {
      "gateway" : "2001:1620:2000:1860::1",
      "destination" : "2001:1620:2000:1861::/64",
      "logicalName" : "MGT"
    }
  }
}

Create an IPv6 Destination Route

POST /configuration/routes/ipv6/destination

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "route-ipv6-destination" for this call.

data.attributes.destination

String

no

Destination IPv6 address or network for this routing rule, in CIDR format (e.g. 2001:db8::1::1/64).

data.attributes.gateway

String

no

IPv6 address of the gateway for this routing rule.

data.attributes.logicalName

String

no

Force the route to be associated with the specified interface.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "route-ipv6-destination" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.destination

String

Destination IPv6 address or network for this routing rule, in CIDR format (e.g. 2001:db8::1::1/64).

data.attributes.gateway

String

IPv6 address of the gateway for this routing rule.

data.attributes.logicalName

String

Force the route to be associated with the specified interface.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv6/destination" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "route-ipv6-destination",
    "attributes" : {
      "gateway" : "2001:1620:2000:1860::1",
      "destination" : "2001:1620:2000:1861::/64",
      "logicalName" : "INT"
    }
  }
}'

Example Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 329

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:34.768Z"
  },
  "data" : {
    "type" : "route-ipv6-destination",
    "id" : "4",
    "attributes" : {
      "gateway" : "2001:1620:2000:1860::1",
      "destination" : "2001:1620:2000:1861::/64",
      "logicalName" : "INT"
    }
  }
}

Delete an IPv6 Destination Route

DELETE /configuration/routes/ipv6/destination/{id}

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv6/destination/1" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Access all IPv6 Source Routes

GET /configuration/routes/ipv6/source

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "route-ipv6-source" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.gateway

String

IPv6 address of the gateway for this routing rule.

data[].attributes.source

String

Source IPv6 address or network for this routing rule, in CIDR format (e.g. 2001:db8:0:cd30::1/60).

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv6/source" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 301

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:36.844Z"
  },
  "data" : [ {
    "type" : "route-ipv6-source",
    "id" : "1",
    "attributes" : {
      "gateway" : "2001:db8:85a3::8a2e:370:1",
      "source" : "fe80::202:b3ff:fe1e:8329/128"
    }
  } ]
}

Access a IPv6 Source Route

GET /configuration/routes/ipv6/source/{id}

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "route-ipv6-source" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.gateway

String

IPv6 address of the gateway for this routing rule.

data.attributes.source

String

Source IPv6 address or network for this routing rule, in CIDR format (e.g. 2001:db8:0:cd30::1/60).

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv6/source/2" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 294

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:36.795Z"
  },
  "data" : {
    "type" : "route-ipv6-source",
    "id" : "2",
    "attributes" : {
      "gateway" : "2001:db8:85a3::8a2e:370:2",
      "source" : "fe80::202:b3ff:fe1e:2/128"
    }
  }
}

Create an IPv6 Source Route

POST /configuration/routes/ipv6/source

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "route-ipv6-source" for this call.

data.attributes.gateway

String

yes

IPv6 address of the gateway for this routing rule.

data.attributes.source

String

yes

Source IPv6 address or network for this routing rule, in CIDR format (e.g. 2001:db8:0:cd30::1/60).

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "route-ipv6-source" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.gateway

String

IPv6 address of the gateway for this routing rule.

data.attributes.source

String

Source IPv6 address or network for this routing rule, in CIDR format (e.g. 2001:db8:0:cd30::1/60).

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv6/source" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "route-ipv6-source",
    "attributes" : {
      "gateway" : "2001:1620:2000:1861::1",
      "source" : "2001:1620:2000:1860::/48"
    }
  }
}'

Example Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 290

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:36.814Z"
  },
  "data" : {
    "type" : "route-ipv6-source",
    "id" : "4",
    "attributes" : {
      "gateway" : "2001:1620:2000:1861::1",
      "source" : "2001:1620:2000:1860::/48"
    }
  }
}

Update an IPv6 Source Route

PATCH /configuration/routes/ipv6/source/{id}

Content-Type application/json

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "route-ipv6-source" for this call.

data.id

String

yes

The ID of the resource to be addressed.

data.attributes.gateway

String

no

IPv6 address of the gateway for this routing rule.

data.attributes.source

String

no

Source IPv6 address or network for this routing rule, in CIDR format (e.g. 2001:db8:0:cd30::1/60).

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "route-ipv6-source" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.gateway

String

IPv6 address of the gateway for this routing rule.

data.attributes.source

String

Source IPv6 address or network for this routing rule, in CIDR format (e.g. 2001:db8:0:cd30::1/60).

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv6/source/1" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "route-ipv6-source",
    "id" : "1",
    "attributes" : {
      "gateway" : "2001:db8:85a3::8a2e:370:2",
      "source" : "2001:1620:2000:1860::/48"
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 293

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:36.860Z"
  },
  "data" : {
    "type" : "route-ipv6-source",
    "id" : "1",
    "attributes" : {
      "gateway" : "2001:db8:85a3::8a2e:370:2",
      "source" : "2001:1620:2000:1860::/48"
    }
  }
}

Delete an IPv6 Source Route

DELETE /configuration/routes/ipv6/source/{id}

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv6/source/1" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Host

Access all Hosts

GET /configuration/hosts

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "host" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.hostNames[]

Array

Host names and aliases.

data[].attributes.ipAddress

String

IP address of the host.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/hosts" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 276

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:35.688Z"
  },
  "data" : [ {
    "type" : "host",
    "id" : "1",
    "attributes" : {
      "ipAddress" : "192.168.0.42",
      "hostNames" : [ "marvin", "marvin-int" ]
    }
  } ]
}

Access a Host

GET /configuration/hosts/{id}

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "host" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.hostNames[]

Array

Host names and aliases.

data.attributes.ipAddress

String

IP address of the host.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/hosts/1" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 272

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:35.622Z"
  },
  "data" : {
    "type" : "host",
    "id" : "1",
    "attributes" : {
      "ipAddress" : "192.168.0.42",
      "hostNames" : [ "marvin", "marvin-int" ]
    }
  }
}

Create a Host

POST /configuration/hosts

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "host" for this call.

data.attributes.hostNames[]

Array

yes

Host names and aliases.

data.attributes.ipAddress

String

yes

IP address of the host.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "host" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.hostNames[]

Array

Host names and aliases.

data.attributes.ipAddress

String

IP address of the host.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/hosts" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "host",
    "attributes" : {
      "ipAddress" : "2001:500:2::c",
      "hostNames" : [ "host1", "host2" ]
    }
  }
}'

Example Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 267

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:35.657Z"
  },
  "data" : {
    "type" : "host",
    "id" : "4",
    "attributes" : {
      "ipAddress" : "2001:500:2::c",
      "hostNames" : [ "host1", "host2" ]
    }
  }
}

Update a Host

PATCH /configuration/hosts/{id}

Content-Type application/json

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "host" for this call.

data.id

String

yes

The ID of the resource to be addressed.

data.attributes.hostNames[]

Array

no

Host names and aliases.

data.attributes.ipAddress

String

no

IP address of the host.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "host" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.hostNames[]

Array

Host names and aliases.

data.attributes.ipAddress

String

IP address of the host.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/hosts/1" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "host",
    "id" : "1",
    "attributes" : {
      "ipAddress" : "2001:500:2::c",
      "hostNames" : [ "host1", "host2" ]
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 267

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:35.708Z"
  },
  "data" : {
    "type" : "host",
    "id" : "1",
    "attributes" : {
      "ipAddress" : "2001:500:2::c",
      "hostNames" : [ "host1", "host2" ]
    }
  }
}

Delete a Host

DELETE /configuration/hosts/{id}

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/hosts/1" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Network Services

Access Network Services

GET /configuration/network-services

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "network-services" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.apiPolicy.cacheEnabled

Boolean

Whether the cache is enabled.

data.attributes.apiPolicy.cacheExpiry

Number

Lifetime of cached data in seconds.

data.attributes.dns.defaultDomain

String

Specifies the default DNS domain for resolving host names of the back-end application servers.

data.attributes.dns.dhcpInterface

String

Logical interface from which to obtain DNS settings via DHCP.

data.attributes.dns.ipAddresses[]

Array

Specifies up to three DNS server IP addresses for resolving host names of the back-end application servers.

data.attributes.ntp.servers[]

Array

List of NTP servers to use.

data.attributes.smtp.senderAddress

String

Sender address for emails sent via the defined mail hosts. If unspecified, the default address "administrator@<hostname>" is used.

data.attributes.smtp.senderName

String

Sender name for emails sent via the defined mail hosts. If unspecified, the default name "Airlock Administrator" is used.

data.attributes.smtp.servers[]

Array

Specifies the mail hosts. If multiple servers are specified, they act as fallback.

data.attributes.snmp.community

String

Specifies the SNMPv2 read only community string to access the SNMP monitoring data.

data.attributes.snmp.v3.authenticationAlgorithm

String

The authentication algorithm used for authenticated SNMPv3 messages.

Allowed values:
- MD5
- SHA

data.attributes.snmp.v3.authenticationPassphrase

String

The authentication passphrase used for authenticated SNMPv3 messages.

data.attributes.snmp.v3.privacyAlgorithm

String

The privacy algorithm used for encrypted SNMPv3 messages.

Allowed values:
- NONE
- DES
- AES

data.attributes.snmp.v3.privacyPassphrase

String

The privacy pass phrase used for encrypted SNMPv3 messages.

data.attributes.snmp.v3.username

String

The securityName used for authenticated SNMPv3 messages.

data.attributes.snmp.version

String

SNMP protocol version

Allowed values:
- NONE: SNMP is disabled
- SNMPv2: SNMP Version 2
- SNMPv3: SNMP Version 3

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/network-services" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1042

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:13.590Z"
  },
  "data" : {
    "type" : "network-services",
    "id" : "2",
    "attributes" : {
      "dns" : {
        "dhcpInterface" : "INTERN",
        "ipAddresses" : [ "192.168.1.42", "2001:1620:2000:1899::42" ],
        "defaultDomain" : "me.local"
      },
      "ntp" : {
        "servers" : [ "ntp1.me.local", "ntp2.me.local" ]
      },
      "smtp" : {
        "servers" : [ "smtp.me.local" ],
        "senderName" : "Airlock Notifications",
        "senderAddress" : "airlock-admin@example.com"
      },
      "snmp" : {
        "version" : "SNMPv2",
        "community" : "airlock",
        "v3" : {
          "username" : "JohnDoe",
          "authenticationPassphrase" : "passphrase2",
          "authenticationAlgorithm" : "SHA",
          "privacyPassphrase" : "passphrase",
          "privacyAlgorithm" : "AES"
        }
      },
      "apiPolicy" : {
        "cacheEnabled" : true,
        "cacheExpiry" : 300
      }
    }
  }
}

Update Network Services

PATCH /configuration/network-services

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "network-services" for this call.

data.attributes.apiPolicy.cacheEnabled

Boolean

no

Whether the cache is enabled.

data.attributes.apiPolicy.cacheExpiry

Number

no

Lifetime of cached data in seconds.

data.attributes.dns.defaultDomain

String

no

Specifies the default DNS domain for resolving host names of the back-end application servers.

data.attributes.dns.dhcpInterface

String

no

Logical interface from which to obtain DNS settings via DHCP.

data.attributes.dns.ipAddresses[]

Array

no

Specifies up to three DNS server IP addresses for resolving host names of the back-end application servers.

data.attributes.ntp.servers[]

Array

no

List of NTP servers to use.

data.attributes.smtp.senderAddress

String

no

Sender address for emails sent via the defined mail hosts. If unspecified, the default address "administrator@<hostname>" is used.

data.attributes.smtp.senderName

String

no

Sender name for emails sent via the defined mail hosts. If unspecified, the default name "Airlock Administrator" is used.

data.attributes.smtp.servers[]

Array

no

Specifies the mail hosts. If multiple servers are specified, they act as fallback.

data.attributes.snmp.community

String

no

Specifies the SNMPv2 read only community string to access the SNMP monitoring data.

data.attributes.snmp.v3.authenticationAlgorithm

String

no

The authentication algorithm used for authenticated SNMPv3 messages.

Allowed values:
- MD5
- SHA

data.attributes.snmp.v3.authenticationPassphrase

String

no

The authentication passphrase used for authenticated SNMPv3 messages.

data.attributes.snmp.v3.privacyAlgorithm

String

no

The privacy algorithm used for encrypted SNMPv3 messages.

Allowed values:
- NONE
- DES
- AES

data.attributes.snmp.v3.privacyPassphrase

String

no

The privacy pass phrase used for encrypted SNMPv3 messages.

data.attributes.snmp.v3.username

String

no

The securityName used for authenticated SNMPv3 messages.

data.attributes.snmp.version

String

no

SNMP protocol version

Allowed values:
- NONE: SNMP is disabled
- SNMPv2: SNMP Version 2
- SNMPv3: SNMP Version 3

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "network-services" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.apiPolicy.cacheEnabled

Boolean

Whether the cache is enabled.

data.attributes.apiPolicy.cacheExpiry

Number

Lifetime of cached data in seconds.

data.attributes.dns.defaultDomain

String

Specifies the default DNS domain for resolving host names of the back-end application servers.

data.attributes.dns.dhcpInterface

String

Logical interface from which to obtain DNS settings via DHCP.

data.attributes.dns.ipAddresses[]

Array

Specifies up to three DNS server IP addresses for resolving host names of the back-end application servers.

data.attributes.ntp.servers[]

Array

List of NTP servers to use.

data.attributes.smtp.senderAddress

String

Sender address for emails sent via the defined mail hosts. If unspecified, the default address "administrator@<hostname>" is used.

data.attributes.smtp.senderName

String

Sender name for emails sent via the defined mail hosts. If unspecified, the default name "Airlock Administrator" is used.

data.attributes.smtp.servers[]

Array

Specifies the mail hosts. If multiple servers are specified, they act as fallback.

data.attributes.snmp.community

String

Specifies the SNMPv2 read only community string to access the SNMP monitoring data.

data.attributes.snmp.v3.authenticationAlgorithm

String

The authentication algorithm used for authenticated SNMPv3 messages.

Allowed values:
- MD5
- SHA

data.attributes.snmp.v3.authenticationPassphrase

String

The authentication passphrase used for authenticated SNMPv3 messages.

data.attributes.snmp.v3.privacyAlgorithm

String

The privacy algorithm used for encrypted SNMPv3 messages.

Allowed values:
- NONE
- DES
- AES

data.attributes.snmp.v3.privacyPassphrase

String

The privacy pass phrase used for encrypted SNMPv3 messages.

data.attributes.snmp.v3.username

String

The securityName used for authenticated SNMPv3 messages.

data.attributes.snmp.version

String

SNMP protocol version

Allowed values:
- NONE: SNMP is disabled
- SNMPv2: SNMP Version 2
- SNMPv3: SNMP Version 3

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/network-services" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "network-services",
    "attributes" : {
      "dns" : {
        "dhcpInterface" : "INT",
        "ipAddresses" : [ "127.0.0.1", "127.0.0.2" ],
        "defaultDomain" : "domain.my"
      },
      "ntp" : {
        "servers" : [ "127.2.0.1" ]
      },
      "smtp" : {
        "servers" : [ "127.1.0.1", "127.1.0.2" ],
        "senderName" : "Airlock Notifications",
        "senderAddress" : "airlock-admin@example.com"
      },
      "snmp" : {
        "version" : "SNMPv2",
        "community" : "public",
        "v3" : {
          "username" : "JaneDoe",
          "authenticationPassphrase" : "auth-pass",
          "authenticationAlgorithm" : "SHA",
          "privacyPassphrase" : "enc-pass",
          "privacyAlgorithm" : "AES"
        }
      },
      "apiPolicy" : {
        "cacheEnabled" : true,
        "cacheExpiry" : 300
      }
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1006

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:13.628Z"
  },
  "data" : {
    "type" : "network-services",
    "id" : "2",
    "attributes" : {
      "dns" : {
        "dhcpInterface" : "INT",
        "ipAddresses" : [ "127.0.0.1", "127.0.0.2" ],
        "defaultDomain" : "domain.my"
      },
      "ntp" : {
        "servers" : [ "127.2.0.1" ]
      },
      "smtp" : {
        "servers" : [ "127.1.0.1", "127.1.0.2" ],
        "senderName" : "Airlock Notifications",
        "senderAddress" : "airlock-admin@example.com"
      },
      "snmp" : {
        "version" : "SNMPv2",
        "community" : "public",
        "v3" : {
          "username" : "JaneDoe",
          "authenticationPassphrase" : "auth-pass",
          "authenticationAlgorithm" : "SHA",
          "privacyPassphrase" : "enc-pass",
          "privacyAlgorithm" : "AES"
        }
      },
      "apiPolicy" : {
        "cacheEnabled" : true,
        "cacheExpiry" : 300
      }
    }
  }
}

ICAP Environments

Access all ICAP Environments

GET /configuration/icap-environments

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "icap-environment" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.failOpen

Boolean

Whether application usage is allowed to continue even if all configured ICAP Service URLs are unreachable.
If enabled, the reaction of Airlock Gateway to an unavailable ICAP service is as if no ICAP Service was configured. Enable if the ICAP service is not mandatory.

data[].attributes.icapUrls[]

Array

Either an ICAP URL (icap://…​ or icaps://…​) for a traditional ICAP service or an HTTP URL (http://…​; or https://…​) for an ICAP service such as the Airlock Gateway SOAP/XML Filter which runs on a Java web application container. Using an HTTP URL will slightly modify the ICAP protocol by transferring the data in a HTTP data stream.

data[].attributes.name

String

The unique name of the ICAP environment.

data[].relationships.icap-request-client-views.data[]

Array

The mapping references.

data[].relationships.icap-request-client-views.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data[].relationships.icap-request-client-views.data[].id

String

The ID of the mapping resource.

data[].relationships.icap-request-backend-views.data[]

Array

The mapping references.

data[].relationships.icap-request-backend-views.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data[].relationships.icap-request-backend-views.data[].id

String

The ID of the mapping resource.

data[].relationships.icap-response-backend-views.data[]

Array

The mapping references.

data[].relationships.icap-response-backend-views.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data[].relationships.icap-response-backend-views.data[].id

String

The ID of the mapping resource.

data[].relationships.icap-response-client-views.data[]

Array

The mapping references.

data[].relationships.icap-response-client-views.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data[].relationships.icap-response-client-views.data[].id

String

The ID of the mapping resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/icap-environments" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 328

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:38.056Z"
  },
  "data" : [ {
    "type" : "icap-environment",
    "id" : "1",
    "attributes" : {
      "name" : "my-icap-environment",
      "failOpen" : true,
      "icapUrls" : [ "icap://server-1", "icap://server-2" ]
    }
  } ]
}

Access an ICAP Environment

GET /configuration/icap-environments/{id}

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "icap-environment" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.failOpen

Boolean

Whether application usage is allowed to continue even if all configured ICAP Service URLs are unreachable.
If enabled, the reaction of Airlock Gateway to an unavailable ICAP service is as if no ICAP Service was configured. Enable if the ICAP service is not mandatory.

data.attributes.icapUrls[]

Array

Either an ICAP URL (icap://…​ or icaps://…​) for a traditional ICAP service or an HTTP URL (http://…​; or https://…​) for an ICAP service such as the Airlock Gateway SOAP/XML Filter which runs on a Java web application container. Using an HTTP URL will slightly modify the ICAP protocol by transferring the data in a HTTP data stream.

data.attributes.name

String

The unique name of the ICAP environment.

data.relationships.icap-request-client-views.data[]

Array

The mapping references.

data.relationships.icap-request-client-views.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.icap-request-client-views.data[].id

String

The ID of the mapping resource.

data.relationships.icap-request-backend-views.data[]

Array

The mapping references.

data.relationships.icap-request-backend-views.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.icap-request-backend-views.data[].id

String

The ID of the mapping resource.

data.relationships.icap-response-backend-views.data[]

Array

The mapping references.

data.relationships.icap-response-backend-views.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.icap-response-backend-views.data[].id

String

The ID of the mapping resource.

data.relationships.icap-response-client-views.data[]

Array

The mapping references.

data.relationships.icap-response-client-views.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.icap-response-client-views.data[].id

String

The ID of the mapping resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/icap-environments/1" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 324

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:37.998Z"
  },
  "data" : {
    "type" : "icap-environment",
    "id" : "1",
    "attributes" : {
      "name" : "my-icap-environment",
      "failOpen" : true,
      "icapUrls" : [ "icap://server-1", "icap://server-2" ]
    }
  }
}

Create an ICAP Environment

POST /configuration/icap-environments

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "icap-environment" for this call.

data.attributes.failOpen

Boolean

yes

Whether application usage is allowed to continue even if all configured ICAP Service URLs are unreachable.
If enabled, the reaction of Airlock Gateway to an unavailable ICAP service is as if no ICAP Service was configured. Enable if the ICAP service is not mandatory.

data.attributes.icapUrls[]

Array

yes

Either an ICAP URL (icap://…​ or icaps://…​) for a traditional ICAP service or an HTTP URL (http://…​; or https://…​) for an ICAP service such as the Airlock Gateway SOAP/XML Filter which runs on a Java web application container. Using an HTTP URL will slightly modify the ICAP protocol by transferring the data in a HTTP data stream.

data.attributes.name

String

yes

The unique name of the ICAP environment.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "icap-environment" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.failOpen

Boolean

Whether application usage is allowed to continue even if all configured ICAP Service URLs are unreachable.
If enabled, the reaction of Airlock Gateway to an unavailable ICAP service is as if no ICAP Service was configured. Enable if the ICAP service is not mandatory.

data.attributes.icapUrls[]

Array

Either an ICAP URL (icap://…​ or icaps://…​) for a traditional ICAP service or an HTTP URL (http://…​; or https://…​) for an ICAP service such as the Airlock Gateway SOAP/XML Filter which runs on a Java web application container. Using an HTTP URL will slightly modify the ICAP protocol by transferring the data in a HTTP data stream.

data.attributes.name

String

The unique name of the ICAP environment.

data.relationships.icap-request-client-views.data[]

Array

The mapping references.

data.relationships.icap-request-client-views.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.icap-request-client-views.data[].id

String

The ID of the mapping resource.

data.relationships.icap-request-backend-views.data[]

Array

The mapping references.

data.relationships.icap-request-backend-views.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.icap-request-backend-views.data[].id

String

The ID of the mapping resource.

data.relationships.icap-response-backend-views.data[]

Array

The mapping references.

data.relationships.icap-response-backend-views.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.icap-response-backend-views.data[].id

String

The ID of the mapping resource.

data.relationships.icap-response-client-views.data[]

Array

The mapping references.

data.relationships.icap-response-client-views.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.icap-response-client-views.data[].id

String

The ID of the mapping resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/icap-environments" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "icap-environment",
    "attributes" : {
      "name" : "my-icap-environment",
      "failOpen" : true,
      "icapUrls" : [ "http://127.0.0.1:8888", "http://127.0.0.2:9999" ]
    }
  }
}'

Example Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 336

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:38.026Z"
  },
  "data" : {
    "type" : "icap-environment",
    "id" : "4",
    "attributes" : {
      "name" : "my-icap-environment",
      "failOpen" : true,
      "icapUrls" : [ "http://127.0.0.1:8888", "http://127.0.0.2:9999" ]
    }
  }
}

Update an ICAP Environment

PATCH /configuration/icap-environments/{id}

Content-Type application/json

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "icap-environment" for this call.

data.id

String

yes

The ID of the resource to be addressed.

data.attributes.failOpen

Boolean

no

Whether application usage is allowed to continue even if all configured ICAP Service URLs are unreachable.
If enabled, the reaction of Airlock Gateway to an unavailable ICAP service is as if no ICAP Service was configured. Enable if the ICAP service is not mandatory.

data.attributes.icapUrls[]

Array

no

Either an ICAP URL (icap://…​ or icaps://…​) for a traditional ICAP service or an HTTP URL (http://…​; or https://…​) for an ICAP service such as the Airlock Gateway SOAP/XML Filter which runs on a Java web application container. Using an HTTP URL will slightly modify the ICAP protocol by transferring the data in a HTTP data stream.

data.attributes.name

String

no

The unique name of the ICAP environment.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "icap-environment" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.failOpen

Boolean

Whether application usage is allowed to continue even if all configured ICAP Service URLs are unreachable.
If enabled, the reaction of Airlock Gateway to an unavailable ICAP service is as if no ICAP Service was configured. Enable if the ICAP service is not mandatory.

data.attributes.icapUrls[]

Array

Either an ICAP URL (icap://…​ or icaps://…​) for a traditional ICAP service or an HTTP URL (http://…​; or https://…​) for an ICAP service such as the Airlock Gateway SOAP/XML Filter which runs on a Java web application container. Using an HTTP URL will slightly modify the ICAP protocol by transferring the data in a HTTP data stream.

data.attributes.name

String

The unique name of the ICAP environment.

data.relationships.icap-request-client-views.data[]

Array

The mapping references.

data.relationships.icap-request-client-views.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.icap-request-client-views.data[].id

String

The ID of the mapping resource.

data.relationships.icap-request-backend-views.data[]

Array

The mapping references.

data.relationships.icap-request-backend-views.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.icap-request-backend-views.data[].id

String

The ID of the mapping resource.

data.relationships.icap-response-backend-views.data[]

Array

The mapping references.

data.relationships.icap-response-backend-views.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.icap-response-backend-views.data[].id

String

The ID of the mapping resource.

data.relationships.icap-response-client-views.data[]

Array

The mapping references.

data.relationships.icap-response-client-views.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.icap-response-client-views.data[].id

String

The ID of the mapping resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/icap-environments/1" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "icap-environment",
    "id" : "1",
    "attributes" : {
      "name" : "my-icap-environment",
      "failOpen" : true,
      "icapUrls" : [ "http://127.0.0.1:8888", "http://127.0.0.2:9999" ]
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 336

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:38.074Z"
  },
  "data" : {
    "type" : "icap-environment",
    "id" : "1",
    "attributes" : {
      "name" : "my-icap-environment",
      "failOpen" : true,
      "icapUrls" : [ "http://127.0.0.1:8888", "http://127.0.0.2:9999" ]
    }
  }
}

Delete an ICAP Environment

DELETE /configuration/icap-environments/{id}

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/icap-environments/1" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Kerberos Environments

Access all Kerberos Environments

GET /configuration/kerberos-environments

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "kerberos-environment" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.domainControllers[]

Array

List of domain controllers. The default port is 88.

data[].attributes.domainName

String

Kerberos domain

data[].attributes.name

String

The unique name of the kerberos environment

data[].attributes.password

String

Password of the Kerberos systemuser. The field is masked in the response.

data[].attributes.username

String

Username of the Kerberos systemuser. This user must be allowed to perform Kerberos constrained delegation.

data[].relationships.back-end-group.data

Object

The back-end-group references.

data[].relationships.back-end-group.data.type

String

The data type of the referenced resource. Must be "back-end-group" for this call.

data[].relationships.back-end-group.data.id

String

The ID of the back-end-group resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/kerberos-environments" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 414

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:45.516Z"
  },
  "data" : [ {
    "type" : "kerberos-environment",
    "id" : "4",
    "attributes" : {
      "name" : "KerberosResourceTest",
      "domainName" : "domain.krb",
      "domainControllers" : [ "pdc1.domain.krb", "pdc2.domain.krb" ],
      "username" : "",
      "password" : "**** hidden ****"
    }
  } ]
}

Access a Kerberos Environment

GET /configuration/kerberos-environments/{id}

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "kerberos-environment" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.domainControllers[]

Array

List of domain controllers. The default port is 88.

data.attributes.domainName

String

Kerberos domain

data.attributes.name

String

The unique name of the kerberos environment

data.attributes.password

String

Password of the Kerberos systemuser. The field is masked in the response.

data.attributes.username

String

Username of the Kerberos systemuser. This user must be allowed to perform Kerberos constrained delegation.

data.relationships.back-end-group.data

Object

The back-end-group references.

data.relationships.back-end-group.data.type

String

The data type of the referenced resource. Must be "back-end-group" for this call.

data.relationships.back-end-group.data.id

String

The ID of the back-end-group resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/kerberos-environments/4" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 410

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:45.423Z"
  },
  "data" : {
    "type" : "kerberos-environment",
    "id" : "4",
    "attributes" : {
      "name" : "KerberosResourceTest",
      "domainName" : "domain.krb",
      "domainControllers" : [ "pdc1.domain.krb", "pdc2.domain.krb" ],
      "username" : "",
      "password" : "**** hidden ****"
    }
  }
}

Create a Kerberos Environment

POST /configuration/kerberos-environments

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "kerberos-environment" for this call.

data.attributes.domainControllers[]

Array

yes

List of domain controllers. The default port is 88.

data.attributes.domainName

String

yes

Kerberos domain

data.attributes.name

String

yes

The unique name of the kerberos environment

data.attributes.password

String

yes

Password of the Kerberos systemuser. The field is masked in the response.

data.attributes.username

String

yes

Username of the Kerberos systemuser. This user must be allowed to perform Kerberos constrained delegation.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "kerberos-environment" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.domainControllers[]

Array

List of domain controllers. The default port is 88.

data.attributes.domainName

String

Kerberos domain

data.attributes.name

String

The unique name of the kerberos environment

data.attributes.password

String

Password of the Kerberos systemuser. The field is masked in the response.

data.attributes.username

String

Username of the Kerberos systemuser. This user must be allowed to perform Kerberos constrained delegation.

data.relationships.back-end-group.data

Object

The back-end-group references.

data.relationships.back-end-group.data.type

String

The data type of the referenced resource. Must be "back-end-group" for this call.

data.relationships.back-end-group.data.id

String

The ID of the back-end-group resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/kerberos-environments" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "kerberos-environment",
    "attributes" : {
      "name" : "my-kerb-dto",
      "domainName" : "domain.dto",
      "domainControllers" : [ "pdc1", "pdc2" ],
      "username" : "dto-user",
      "password" : "dto-pass"
    }
  }
}'

Example Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 387

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:45.485Z"
  },
  "data" : {
    "type" : "kerberos-environment",
    "id" : "4",
    "attributes" : {
      "name" : "my-kerb-dto",
      "domainName" : "domain.dto",
      "domainControllers" : [ "pdc1", "pdc2" ],
      "username" : "dto-user",
      "password" : "**** hidden ****"
    }
  }
}

Update a Kerberos Environment

PATCH /configuration/kerberos-environments/{id}

Content-Type application/json

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "kerberos-environment" for this call.

data.id

String

yes

The ID of the resource to be addressed.

data.attributes.domainControllers[]

Array

no

List of domain controllers. The default port is 88.

data.attributes.domainName

String

no

Kerberos domain

data.attributes.name

String

no

The unique name of the kerberos environment

data.attributes.password

String

no

Password of the Kerberos systemuser. The field is masked in the response.

data.attributes.username

String

no

Username of the Kerberos systemuser. This user must be allowed to perform Kerberos constrained delegation.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "kerberos-environment" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.domainControllers[]

Array

List of domain controllers. The default port is 88.

data.attributes.domainName

String

Kerberos domain

data.attributes.name

String

The unique name of the kerberos environment

data.attributes.password

String

Password of the Kerberos systemuser. The field is masked in the response.

data.attributes.username

String

Username of the Kerberos systemuser. This user must be allowed to perform Kerberos constrained delegation.

data.relationships.back-end-group.data

Object

The back-end-group references.

data.relationships.back-end-group.data.type

String

The data type of the referenced resource. Must be "back-end-group" for this call.

data.relationships.back-end-group.data.id

String

The ID of the back-end-group resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/kerberos-environments/4" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "kerberos-environment",
    "id" : "4",
    "attributes" : {
      "name" : "my-kerb-dto",
      "domainName" : "domain.dto",
      "domainControllers" : [ "pdc1", "pdc2" ],
      "username" : "dto-user",
      "password" : "dto-pass"
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 387

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:45.536Z"
  },
  "data" : {
    "type" : "kerberos-environment",
    "id" : "4",
    "attributes" : {
      "name" : "my-kerb-dto",
      "domainName" : "domain.dto",
      "domainControllers" : [ "pdc1", "pdc2" ],
      "username" : "dto-user",
      "password" : "**** hidden ****"
    }
  }
}

Delete a Kerberos Environment

DELETE /configuration/kerberos-environments/{id}

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/kerberos-environments/4" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Add Back-End Group Connections

PATCH /configuration/kerberos-environments/{id}/relationships/back-end-groups

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "back-end-group" for this call.

data[].id

String

yes

The ID of the referenced "back-end-group" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/kerberos-environments/4/relationships/back-end-groups" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "back-end-group",
    "id" : "1"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove Back-End Group Connections

DELETE /configuration/kerberos-environments/{id}/relationships/back-end-groups

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "back-end-group" for this call.

data[].id

String

yes

The ID of the referenced "back-end-group" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/kerberos-environments/4/relationships/back-end-groups" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "back-end-group",
    "id" : "1"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Allowed Network Endpoints

Access all allowed Network Endpoints

GET /configuration/allowed-network-endpoints

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "allowed-network-endpoint" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.hostName

String

Hostname or IP Address of the external server to which a connection should be allowed.

data[].attributes.port

Number

Port of the external service.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/allowed-network-endpoints" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 275

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:24:54.964Z"
  },
  "data" : [ {
    "type" : "allowed-network-endpoint",
    "id" : "1",
    "attributes" : {
      "hostName" : "allowed.example.com",
      "port" : 4242
    }
  } ]
}

Access an allowed Network Endpoint

GET /configuration/allowed-network-endpoints/{id}

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "allowed-network-endpoint" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.hostName

String

Hostname or IP Address of the external server to which a connection should be allowed.

data.attributes.port

Number

Port of the external service.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/allowed-network-endpoints/1" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 271

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:24:54.483Z"
  },
  "data" : {
    "type" : "allowed-network-endpoint",
    "id" : "1",
    "attributes" : {
      "hostName" : "allowed.example.com",
      "port" : 4242
    }
  }
}

Create an allowed Network Endpoint

POST /configuration/allowed-network-endpoints

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "allowed-network-endpoint" for this call.

data.attributes.hostName

String

yes

Hostname or IP Address of the external server to which a connection should be allowed.

data.attributes.port

Number

yes

Port of the external service.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "allowed-network-endpoint" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.hostName

String

Hostname or IP Address of the external server to which a connection should be allowed.

data.attributes.port

Number

Port of the external service.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/allowed-network-endpoints" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "allowed-network-endpoint",
    "attributes" : {
      "hostName" : "allowed.example.com",
      "port" : 42424
    }
  }
}'

Example Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 272

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:24:54.824Z"
  },
  "data" : {
    "type" : "allowed-network-endpoint",
    "id" : "4",
    "attributes" : {
      "hostName" : "allowed.example.com",
      "port" : 42424
    }
  }
}

Update an allowed Network Endpoint

PATCH /configuration/allowed-network-endpoints/{id}

Content-Type application/json

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "allowed-network-endpoint" for this call.

data.id

String

yes

The ID of the resource to be addressed.

data.attributes.hostName

String

no

Hostname or IP Address of the external server to which a connection should be allowed.

data.attributes.port

Number

no

Port of the external service.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "allowed-network-endpoint" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.hostName

String

Hostname or IP Address of the external server to which a connection should be allowed.

data.attributes.port

Number

Port of the external service.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/allowed-network-endpoints/1" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "allowed-network-endpoint",
    "id" : "1",
    "attributes" : {
      "hostName" : "allowed.example.com",
      "port" : 42424
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 272

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:24:55.013Z"
  },
  "data" : {
    "type" : "allowed-network-endpoint",
    "id" : "1",
    "attributes" : {
      "hostName" : "allowed.example.com",
      "port" : 42424
    }
  }
}

Delete an allowed Network Endpoint

DELETE /configuration/allowed-network-endpoints/{id}

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/allowed-network-endpoints/1" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

API Policy Service

Access all API Policy Services

GET /configuration/api-policy-services

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "api-policy-service" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.endpoint

String

Endpoint of the API policy service.

data[].attributes.name

String

The unique name of the API policy service.

data[].attributes.sharedSecret

String

Shared secret used to encrypt the JWT token for access to API policy service. The field is masked in the response.

data[].attributes.url

String

URL of the API policy service.

data[].relationships.mappings.data[]

Array

The mapping references.

data[].relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data[].relationships.mappings.data[].id

String

The ID of the mapping resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-policy-services" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 599

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:13.405Z"
  },
  "data" : [ {
    "type" : "api-policy-service",
    "id" : "1",
    "attributes" : {
      "name" : "IAM",
      "url" : "https://iam.example.com:8443",
      "endpoint" : "/auth-api-policy-service/rest/resolve-tech-client",
      "sharedSecret" : "**** hidden ****"
    },
    "relationships" : {
      "mappings" : {
        "data" : [ {
          "type" : "mapping",
          "id" : "21"
        }, {
          "type" : "mapping",
          "id" : "22"
        } ]
      }
    }
  } ]
}

Access an API Policy Service

GET /configuration/api-policy-services/{id}

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "api-policy-service" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.endpoint

String

Endpoint of the API policy service.

data.attributes.name

String

The unique name of the API policy service.

data.attributes.sharedSecret

String

Shared secret used to encrypt the JWT token for access to API policy service. The field is masked in the response.

data.attributes.url

String

URL of the API policy service.

data.relationships.mappings.data[]

Array

The mapping references.

data.relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.mappings.data[].id

String

The ID of the mapping resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-policy-services/1" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 595

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:13.316Z"
  },
  "data" : {
    "type" : "api-policy-service",
    "id" : "1",
    "attributes" : {
      "name" : "IAM",
      "url" : "https://iam.example.com:8443",
      "endpoint" : "/auth-api-policy-service/rest/resolve-tech-client",
      "sharedSecret" : "**** hidden ****"
    },
    "relationships" : {
      "mappings" : {
        "data" : [ {
          "type" : "mapping",
          "id" : "21"
        }, {
          "type" : "mapping",
          "id" : "22"
        } ]
      }
    }
  }
}

Create an API Policy Service

POST /configuration/api-policy-services

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "api-policy-service" for this call.

data.attributes.endpoint

String

yes

Endpoint of the API policy service.

data.attributes.name

String

yes

The unique name of the API policy service.

data.attributes.sharedSecret

String

yes

Shared secret used to encrypt the JWT token for access to API policy service. The field is masked in the response.

data.attributes.url

String

yes

URL of the API policy service.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "api-policy-service" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.endpoint

String

Endpoint of the API policy service.

data.attributes.name

String

The unique name of the API policy service.

data.attributes.sharedSecret

String

Shared secret used to encrypt the JWT token for access to API policy service. The field is masked in the response.

data.attributes.url

String

URL of the API policy service.

data.relationships.mappings.data[]

Array

The mapping references.

data.relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.mappings.data[].id

String

The ID of the mapping resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-policy-services" -i -X POST \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "api-policy-service",
    "attributes" : {
      "name" : "IAM",
      "url" : "https://iam.example.com:8443",
      "endpoint" : "/auth-api-policy-service/rest/resolve-tech-client",
      "sharedSecret" : "**** hidden ****"
    }
  }
}'

Example Response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 385

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:13.371Z"
  },
  "data" : {
    "type" : "api-policy-service",
    "id" : "4",
    "attributes" : {
      "name" : "IAM",
      "url" : "https://iam.example.com:8443",
      "endpoint" : "/auth-api-policy-service/rest/resolve-tech-client",
      "sharedSecret" : "**** hidden ****"
    }
  }
}

Update an API Policy Service

PATCH /configuration/api-policy-services/{id}

Content-Type application/json

Accept application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "api-policy-service" for this call.

data.id

String

yes

The ID of the resource to be addressed.

data.attributes.endpoint

String

no

Endpoint of the API policy service.

data.attributes.name

String

no

The unique name of the API policy service.

data.attributes.sharedSecret

String

no

Shared secret used to encrypt the JWT token for access to API policy service. The field is masked in the response.

data.attributes.url

String

no

URL of the API policy service.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "api-policy-service" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.endpoint

String

Endpoint of the API policy service.

data.attributes.name

String

The unique name of the API policy service.

data.attributes.sharedSecret

String

Shared secret used to encrypt the JWT token for access to API policy service. The field is masked in the response.

data.attributes.url

String

URL of the API policy service.

data.relationships.mappings.data[]

Array

The mapping references.

data.relationships.mappings.data[].type

String

The data type of the referenced resource. Must be "mapping" for this call.

data.relationships.mappings.data[].id

String

The ID of the mapping resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-policy-services/1" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "api-policy-service",
    "id" : "1",
    "attributes" : {
      "name" : "IAM",
      "url" : "https://iam.example.com:8443",
      "endpoint" : "/auth-api-policy-service/rest/resolve-tech-client",
      "sharedSecret" : "**** hidden ****"
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 595

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:13.424Z"
  },
  "data" : {
    "type" : "api-policy-service",
    "id" : "1",
    "attributes" : {
      "name" : "IAM",
      "url" : "https://iam.example.com:8443",
      "endpoint" : "/auth-api-policy-service/rest/resolve-tech-client",
      "sharedSecret" : "**** hidden ****"
    },
    "relationships" : {
      "mappings" : {
        "data" : [ {
          "type" : "mapping",
          "id" : "21"
        }, {
          "type" : "mapping",
          "id" : "22"
        } ]
      }
    }
  }
}

Delete an API Policy Service

DELETE /configuration/api-policy-services/{id}

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-policy-services/1" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 204 No Content

Add Mapping API Policy Service Connections

PATCH /configuration/api-policy-services/{id}/relationships/mappings

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "mapping" for this call.

data[].id

String

yes

The ID of the referenced "mapping" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-policy-services/1/relationships/mappings" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "mapping",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Remove Mapping API Policy Service Connections

DELETE /configuration/api-policy-services/{id}/relationships/mappings

Content-Type application/json

Request Structure

Parameter Description Required

id

The ID of the element to access.

yes

Path Type Required Description

data[].type

String

yes

The data type of the referenced resource. Must be "mapping" for this call.

data[].id

String

yes

The ID of the referenced "mapping" resource.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-policy-services/1/relationships/mappings" -i -X DELETE \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : [ {
    "type" : "mapping",
    "id" : "2"
  } ]
}'

Example Response

HTTP/1.1 204 No Content

Log Settings

Access log settings

GET /configuration/log

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "log" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.forwards[]

Array

Forwarding configurations.

data.attributes.forwards[].blockedRequestsForwarded

Boolean

If true, blocked request information is sent to the configured loghosts.

data.attributes.forwards[].eventsForwarded

Boolean

If true, events related to web requests are sent to the configured loghosts.

data.attributes.forwards[].format

String

Format of the messages that are sent to the loghost.

Allowed values:
- RAW
- CEF
- JSON

data.attributes.forwards[].hostName

String

IP address or host name of the remote loghost which will receive the Airlock Gateway messages.

data.attributes.forwards[].messageFilterPattern

Object

A PCRE regular expression to apply against the text body of log messages. Headers are not considered. All matching messages are sent to the configured loghosts.

data.attributes.forwards[].messageFilterPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.forwards[].messageFilterPattern.inverted

Boolean

Whether to invert the match.

data.attributes.forwards[].messageFilterPattern.pattern

String

The actual pattern.

data.attributes.forwards[].port

Number

Port of the remote loghost.

data.attributes.forwards[].requestSummariesForwarded

Boolean

If true, the summary line of each request handled by Airlock Gateway is sent to the configured loghosts.

data.attributes.forwards[].systemErrorsForwarded

Boolean

If true, system related events and system errors are sent to the configured loghosts.

data.attributes.forwards[].transportProtocol

String

Type of transport used for remote logging.

Allowed values:
- UDP
- TCP
- SSL

data.attributes.level

String

Log level.

Allowed values:
- TRACE
- INFO

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/log" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 685

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:52.868Z"
  },
  "data" : {
    "type" : "log",
    "id" : "2",
    "attributes" : {
      "level" : "TRACE",
      "forwards" : [ {
        "hostName" : "myLogHostName",
        "port" : 514,
        "format" : "CEF",
        "transportProtocol" : "TCP",
        "systemErrorsForwarded" : true,
        "requestSummariesForwarded" : true,
        "blockedRequestsForwarded" : true,
        "eventsForwarded" : true,
        "messageFilterPattern" : {
          "pattern" : "logMessagesFilterPattern",
          "caseIgnored" : true,
          "inverted" : true
        }
      } ]
    }
  }
}

Update log settings

PATCH /configuration/log

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "log" for this call.

data.attributes.forwards[]

Array

no

Forwarding configurations.

data.attributes.forwards[].blockedRequestsForwarded

Boolean

no

If true, blocked request information is sent to the configured loghosts.

data.attributes.forwards[].eventsForwarded

Boolean

no

If true, events related to web requests are sent to the configured loghosts.

data.attributes.forwards[].format

String

no

Format of the messages that are sent to the loghost.

Allowed values:
- RAW
- CEF
- JSON

data.attributes.forwards[].hostName

String

no

IP address or host name of the remote loghost which will receive the Airlock Gateway messages.

data.attributes.forwards[].messageFilterPattern

Object

no

A PCRE regular expression to apply against the text body of log messages. Headers are not considered. All matching messages are sent to the configured loghosts.

data.attributes.forwards[].messageFilterPattern.caseIgnored

Boolean

no

Whether to ignore case.

data.attributes.forwards[].messageFilterPattern.inverted

Boolean

no

Whether to invert the match.

data.attributes.forwards[].messageFilterPattern.pattern

String

no

The actual pattern.

data.attributes.forwards[].port

Number

no

Port of the remote loghost.

data.attributes.forwards[].requestSummariesForwarded

Boolean

no

If true, the summary line of each request handled by Airlock Gateway is sent to the configured loghosts.

data.attributes.forwards[].systemErrorsForwarded

Boolean

no

If true, system related events and system errors are sent to the configured loghosts.

data.attributes.forwards[].transportProtocol

String

no

Type of transport used for remote logging.

Allowed values:
- UDP
- TCP
- SSL

data.attributes.level

String

no

Log level.

Allowed values:
- TRACE
- INFO

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "log" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.forwards[]

Array

Forwarding configurations.

data.attributes.forwards[].blockedRequestsForwarded

Boolean

If true, blocked request information is sent to the configured loghosts.

data.attributes.forwards[].eventsForwarded

Boolean

If true, events related to web requests are sent to the configured loghosts.

data.attributes.forwards[].format

String

Format of the messages that are sent to the loghost.

Allowed values:
- RAW
- CEF
- JSON

data.attributes.forwards[].hostName

String

IP address or host name of the remote loghost which will receive the Airlock Gateway messages.

data.attributes.forwards[].messageFilterPattern

Object

A PCRE regular expression to apply against the text body of log messages. Headers are not considered. All matching messages are sent to the configured loghosts.

data.attributes.forwards[].messageFilterPattern.caseIgnored

Boolean

Whether to ignore case.

data.attributes.forwards[].messageFilterPattern.inverted

Boolean

Whether to invert the match.

data.attributes.forwards[].messageFilterPattern.pattern

String

The actual pattern.

data.attributes.forwards[].port

Number

Port of the remote loghost.

data.attributes.forwards[].requestSummariesForwarded

Boolean

If true, the summary line of each request handled by Airlock Gateway is sent to the configured loghosts.

data.attributes.forwards[].systemErrorsForwarded

Boolean

If true, system related events and system errors are sent to the configured loghosts.

data.attributes.forwards[].transportProtocol

String

Type of transport used for remote logging.

Allowed values:
- UDP
- TCP
- SSL

data.attributes.level

String

Log level.

Allowed values:
- TRACE
- INFO

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/log" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "log",
    "attributes" : {
      "level" : "TRACE",
      "forwards" : [ {
        "hostName" : "destinationLogHost",
        "port" : 514,
        "format" : "CEF",
        "transportProtocol" : "TCP",
        "systemErrorsForwarded" : true,
        "requestSummariesForwarded" : true,
        "blockedRequestsForwarded" : true,
        "eventsForwarded" : true,
        "messageFilterPattern" : {
          "pattern" : "logMessageFilterPattern",
          "caseIgnored" : true,
          "inverted" : true
        }
      } ]
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 689

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:52.920Z"
  },
  "data" : {
    "type" : "log",
    "id" : "2",
    "attributes" : {
      "level" : "TRACE",
      "forwards" : [ {
        "hostName" : "destinationLogHost",
        "port" : 514,
        "format" : "CEF",
        "transportProtocol" : "TCP",
        "systemErrorsForwarded" : true,
        "requestSummariesForwarded" : true,
        "blockedRequestsForwarded" : true,
        "eventsForwarded" : true,
        "messageFilterPattern" : {
          "pattern" : "logMessageFilterPattern",
          "caseIgnored" : true,
          "inverted" : true
        }
      } ]
    }
  }
}

Reporting Settings

Access reporting settings

GET /configuration/reporting

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "reporting" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.localEnabled

Boolean

If true, all logs are sent to the local Elasticsearch database.

data.attributes.remote.enabled

Boolean

If true, all logs are sent to the specified remote Elasticsearch database.

data.attributes.remote.serverUrl

String

URL of the remote reporting server.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/reporting" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 328

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:26.017Z"
  },
  "data" : {
    "type" : "reporting",
    "id" : "2",
    "attributes" : {
      "localEnabled" : true,
      "remote" : {
        "enabled" : true,
        "serverUrl" : "http://elastic-cluster:9200"
      }
    }
  }
}

Update reporting settings

PATCH /configuration/reporting

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "reporting" for this call.

data.attributes.localEnabled

Boolean

no

If true, all logs are sent to the local Elasticsearch database.

data.attributes.remote.enabled

Boolean

no

If true, all logs are sent to the specified remote Elasticsearch database.

data.attributes.remote.serverUrl

String

no

URL of the remote reporting server.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "reporting" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.localEnabled

Boolean

If true, all logs are sent to the local Elasticsearch database.

data.attributes.remote.enabled

Boolean

If true, all logs are sent to the specified remote Elasticsearch database.

data.attributes.remote.serverUrl

String

URL of the remote reporting server.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/reporting" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "reporting",
    "attributes" : {
      "localEnabled" : true,
      "remote" : {
        "enabled" : true,
        "serverUrl" : "http://elastic-cluster:9200"
      }
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 328

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:26:26.041Z"
  },
  "data" : {
    "type" : "reporting",
    "id" : "2",
    "attributes" : {
      "localEnabled" : true,
      "remote" : {
        "enabled" : true,
        "serverUrl" : "http://elastic-cluster:9200"
      }
    }
  }
}

Expert Settings

Access Expert Settings

GET /configuration/expert-settings

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "expert-settings" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.apache

Object

Expert settings for the Apache.

data.attributes.apache.enabled

Boolean

Whether the Apache expert settings are enabled.

data.attributes.apache.settings

String

Expert settings for the Apache web listener.

data.attributes.securityGate

Object

Expert settings for the Security Gate.

data.attributes.securityGate.enabled

Boolean

Whether the Security Gate expert settings are enabled.

data.attributes.securityGate.settings

String

Expert settings for the Security Gate.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/expert-settings" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 363

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:33.325Z"
  },
  "data" : {
    "type" : "expert-settings",
    "id" : "2",
    "attributes" : {
      "securityGate" : {
        "enabled" : false,
        "settings" : ""
      },
      "apache" : {
        "enabled" : false,
        "settings" : ""
      }
    }
  }
}

Update Expert Settings

PATCH /configuration/expert-settings

Content-Type application/json

Accept application/json

Request Structure

Path Type Required Description

data.type

String

yes

The data type sent to the server. Must be set to "expert-settings" for this call.

data.attributes.apache

Object

no

Expert settings for the Apache.

data.attributes.apache.enabled

Boolean

no

Whether the Apache expert settings are enabled.

data.attributes.apache.settings

String

no

Expert settings for the Apache web listener.

data.attributes.securityGate

Object

no

Expert settings for the Security Gate.

data.attributes.securityGate.enabled

Boolean

no

Whether the Security Gate expert settings are enabled.

data.attributes.securityGate.settings

String

no

Expert settings for the Security Gate.

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "expert-settings" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.apache

Object

Expert settings for the Apache.

data.attributes.apache.enabled

Boolean

Whether the Apache expert settings are enabled.

data.attributes.apache.settings

String

Expert settings for the Apache web listener.

data.attributes.securityGate

Object

Expert settings for the Security Gate.

data.attributes.securityGate.enabled

Boolean

Whether the Security Gate expert settings are enabled.

data.attributes.securityGate.settings

String

Expert settings for the Security Gate.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/expert-settings" -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json' \
    -d '{
  "data" : {
    "type" : "expert-settings",
    "attributes" : {
      "securityGate" : {
        "enabled" : true,
        "settings" : "AuthenticatedSessionsWarningPercentage            \"90\""
      },
      "apache" : {
        "enabled" : true,
        "settings" : "MaxConnectionsPerChild  15000"
      }
    }
  }
}'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 446

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:25:33.380Z"
  },
  "data" : {
    "type" : "expert-settings",
    "id" : "2",
    "attributes" : {
      "securityGate" : {
        "enabled" : true,
        "settings" : "AuthenticatedSessionsWarningPercentage            \"90\""
      },
      "apache" : {
        "enabled" : true,
        "settings" : "MaxConnectionsPerChild  15000"
      }
    }
  }
}

Validator Message

Validation Error Codes

A description of all error codes that can occur in a validator message

Error code Description

REQUIRED

The value may not be empty or null.

OUTSIDE_RANGE

The number is too large or too small.

NOT_UNIQUE

The value must be unique among other values.

LICENSE_NOT_MATCH

The Airlock license is either invalid, expired, does not match the system or the configuration uses unlicensed features.

INVALID_VALUE

Generic message to show validation errors.

Access all Validator Messages

GET /configuration/validator-messages

Accept application/json

Request Structure

Parameter Description Required

filter

Optionally allows to filter by: 'meta.severity', 'meta.model.type' and 'meta.model.id'. For this REST endpoint, note that only exact matches using '==' are allowed. Click here for more details about the syntax.

no

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "validator-message" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.code

String

Application-specific error code.

data[].attributes.detail

String

Detailed description of the validation error.

data[].attributes.meta

Object

Non-standard meta-information about the error.

data[].attributes.meta.model

Object

Model that is affected by the validation error.

data[].attributes.meta.model.id

String

ID of the affected model.

data[].attributes.meta.model.type

String

Type of the affected model.

data[].attributes.meta.parameters

String

Optional parameters that are useful for the particular error in form of a key-value map.

data[].attributes.meta.severity

String

Severity of the error which is one of: ERROR, WARNING, INFO

data[].attributes.meta.type

String

Type of the metadata object.

data[].attributes.source

Object

The request entity or request parameter causing the error.

data[].attributes.source.pointer

String

A JSON pointer (RFC 6901) identifying the associated entity in the request document that caused the error, e.g. "/data/attributes/x" for the attribute "x" of the primary data object.

data[].attributes.title

String

Short description of the model value that failed to validate.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/configuration/validator-messages?filter=meta.severity%3D%3Dwarning&filter=meta.model.type%3D%3Dback-end-group" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 833

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:27:02.947Z"
  },
  "data" : [ {
    "type" : "validatormessage",
    "id" : "d00833c2-6cd7-4c19-9043-3ea6f38656e8",
    "attributes" : {
      "code" : "INVALID_VALUE",
      "title" : "backendHosts[0].address",
      "detail" : "The host name is invalid. Only characters a-Z, numbers and the special characters '.', '_' and '-' are allowed, no '.', '_' or '-' at beginning or end. An IP address can also be configured instead of a host name.",
      "source" : {
        "pointer" : "/data/attributes/backendHosts[0]/hostName"
      },
      "meta" : {
        "type" : "jsonapi.metadata.validation",
        "severity" : "WARNING",
        "model" : {
          "id" : "1",
          "type" : "back-end-group"
        }
      }
    }
  } ]
}

Status Information

Access Node Status

GET /system/status/node

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "node-state" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.countUserLogins

Number

Number of users currently logged in to the configuration center.

data.attributes.failoverState

String

Failover state of this Airlock. Possible values are "offline", "active", "passive" and "standalone".

data.attributes.hostName

String

Your current hostname.

data.attributes.version

String

The software version of this Airlock.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/system/status/node" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 350

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:27:08.581Z"
  },
  "data" : {
    "type" : "node-state",
    "id" : "airlock.example.com",
    "attributes" : {
      "hostName" : "airlock.example.com",
      "version" : "999.9.9",
      "failoverState" : "standalone",
      "countUserLogins" : 0
    }
  }
}

Access Network Interface Status

GET /system/status/interfaces

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data[].type

String

The data type of the resource. Must be "interface-state" for this call.

data[].id

String

The ID of the resource to be addressed.

data[].attributes.device

String

Name of the network device.

data[].attributes.linkInformation

String

Link information and negotiated speed settings.

data[].attributes.macAddress

String

Mac address of the network device.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/system/status/interfaces" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 302

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:27:08.393Z"
  },
  "data" : [ {
    "type" : "interface-state",
    "id" : "hme0",
    "attributes" : {
      "device" : "hme0",
      "macAddress" : "94:18:82:89:6c:0",
      "linkInformation" : ""
    }
  } ]
}

List Bad Back-end Groups

GET /system/status/back-end-groups/with-bad-hosts

Accept application/json

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "back-end-groups-state" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.badBackendGroups[]

Array

List of unreachable back-end group names.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/system/status/back-end-groups/with-bad-hosts" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 259

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:27:08.216Z"
  },
  "data" : {
    "type" : "back-end-groups-state",
    "id" : "-1657064165",
    "attributes" : {
      "badBackendGroups" : [ "bad-group" ]
    }
  }
}

Access Back-end Group Status

GET /system/status/back-end-groups/{back-end-group-name}

Accept application/json

Request Structure

Parameter Description Required

back-end-group-name

The name of the back-end group to access.

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "back-end-group-state" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.backendHosts[].hostName

String

Name or IP address of the back-end host.

data.attributes.backendHosts[].port

Number

Port on which the host listens for HTTP connections.

data.attributes.backendHosts[].sessionCount

Number

Number of active sessions on the back-end host.

data.attributes.backendHosts[].state

String

State of the back-end host.

Allowed values:
- GOOD: The back-end host responds to requests.
- BAD: The back-end host is not responsive.
- UNKNOWN: No requests have been sent so far.

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/system/status/back-end-groups/back-end-group-example" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 387

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:27:08.202Z"
  },
  "data" : {
    "type" : "back-end-group-state",
    "id" : "back-end-group-example",
    "attributes" : {
      "backendHosts" : [ {
        "hostName" : "backend-host.example.com",
        "port" : 80,
        "sessionCount" : 20,
        "state" : "GOOD"
      } ]
    }
  }
}

List Sessions

GET /system/status/sessions/query/{query}/sortattribute/{sortattribute}/sortmode/{sortmode}/returnattributes/{returnattributes}/maxresults/{maxresults}

Accept application/json

Request Structure

Parameter Description Required

query

Query Expression. Please check the 'Session Viewer' section in the Airlock Gateway manual for detailed information and examples. Using a ' ' or '*' will return all sessions. Be aware that retrieving many sessions or executing complex queries could be very costly and impact performance.

yes

sortattribute

Sort results according to this field name.
Allowed values:
- sid
- trackingid
- audittoken
- ipcreation
- idletime
- idleremaining
- timecreation
- timelast
- lifetimeremaining
- hasroles
- roles
- mappingsaccessed
- backendgrouphost

yes

sortmode

Defines the order of the sorted result list.
Allowed values:
- asc: The smallest or first or earliest in the order will appear at the top of the result list.
- desc: The largest or last in the order will appear at the top of the result list.

yes

returnattributes

Space separated list of fields to return.
Allowed values:
- sid
- trackingid
- audittoken
- ipcreation
- idletime
- idleremaining
- timecreation
- timelast
- lifetimeremaining
- hasroles
- roles
- mappingsaccessed
- backendgrouphost
Using a ' ' or '*' will return all known fields. More fields will make the query more expensive.

yes

maxresults

Limit the number of matching elements.

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "com.airlock.waf.status.sessions" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.resultCount

Number

Number of returned sessions.

data.attributes.returnCode

String

Result status of the query.

Allowed values:
- OK
- QUERY_SYNTAX_ERROR
- ADMIN_CONSOLE_UNREACHABLE
- INTERNAL_ERROR
- SID_NOT_FOUND

data.attributes.sessions[].auditToken

String

Audit token.

data.attributes.sessions[].backendHostsSelected[].groupName

String

The name of the back-end group.

data.attributes.sessions[].backendHostsSelected[].hostName

String

When a back-end group contains more than one host and has load balancing configured, then at creation every session is assigned to one host. This field shows that assignment (only for back-end groups that have a host assignment, i.e. those that the session has accessed before).

data.attributes.sessions[].backendHostsSelected[].port

Number

TCP port of the back-end host. This helps to identify the used service if different ports are used on the same back-end system.

data.attributes.sessions[].hasRoles

Boolean

Whether this session has any roles.

data.attributes.sessions[].idleRemaining

Number

Maximum idle time (seconds) that’s left before being terminated.

data.attributes.sessions[].idleTime

Number

Time in seconds since the last access.

data.attributes.sessions[].ipCreation

String

IP address used at the moment of session creation.

data.attributes.sessions[].lifetimeRemaining

Number

Remaining lifetime in seconds.

data.attributes.sessions[].mappingsAccessed[]

Array

List of all accessed mappings (not including requests that were redirected to "Denied access URL" for authentication).

data.attributes.sessions[].roles[].idleMax

Number

Maximum time (seconds) a session can be idle before being terminated.

data.attributes.sessions[].roles[].idleRemaining

Number

Maximum idle time (seconds) that’s left before being terminated.

data.attributes.sessions[].roles[].idleTime

Number

Time in seconds since the last access.

data.attributes.sessions[].roles[].initTime

Number

Timestamp when the role was initially set.

data.attributes.sessions[].roles[].lifetimeMax

Number

Maximum lifetime in seconds.

data.attributes.sessions[].roles[].lifetimeRemaining

Number

Remaining lifetime in seconds.

data.attributes.sessions[].roles[].name

String

Role name.

data.attributes.sessions[].sid

String

Session ID.

data.attributes.sessions[].timeCreation

String

Timestamp of session creation.

data.attributes.sessions[].timeLast

String

Timestamp of last access.

data.attributes.sessions[].trackingId

String

Special session tracking identifier (e.g. sslId).

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/system/status/sessions/query/*/sortattribute/idletime/sortmode/asc/returnattributes/*/maxresults/2" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2231

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:27:08.978Z"
  },
  "data" : {
    "type" : "com.airlock.waf.status.sessions",
    "id" : "921733063",
    "attributes" : {
      "returnCode" : "OK",
      "resultCount" : 2,
      "sessions" : [ {
        "sid" : "0000000000000000000000000000000",
        "trackingId" : "0000000-000-0000000",
        "ipCreation" : "10.0.0.0",
        "lifetimeRemaining" : 0,
        "timeCreation" : "2024-08-03",
        "timeLast" : "18:27:08.975875",
        "idleTime" : 0,
        "idleRemaining" : 10,
        "roles" : [ {
          "name" : "customer-0",
          "initTime" : 0,
          "lifetimeMax" : 86400,
          "lifetimeRemaining" : 72000,
          "idleTime" : 60,
          "idleRemaining" : 0,
          "idleMax" : 3600
        } ],
        "hasRoles" : true,
        "auditToken" : "audit-token-0",
        "backendHostsSelected" : [ {
          "groupName" : "e-banking",
          "hostName" : "node-0.payment.example.com",
          "port" : 8443
        }, {
          "groupName" : "iam",
          "hostName" : "login-0.example.com",
          "port" : 8443
        } ],
        "mappingsAccessed" : [ "iam", "payment", "quotes" ]
      }, {
        "sid" : "1111111111111111111111111111111",
        "trackingId" : "1111111-111-1111111",
        "ipCreation" : "10.0.0.1",
        "lifetimeRemaining" : 1000,
        "timeCreation" : "2024-08-03",
        "timeLast" : "18:27:08.977392",
        "idleTime" : 1,
        "idleRemaining" : 11,
        "roles" : [ {
          "name" : "customer-1",
          "initTime" : 0,
          "lifetimeMax" : 86400,
          "lifetimeRemaining" : 72000,
          "idleTime" : 60,
          "idleRemaining" : 0,
          "idleMax" : 3600
        } ],
        "hasRoles" : true,
        "auditToken" : "audit-token-1",
        "backendHostsSelected" : [ {
          "groupName" : "e-banking",
          "hostName" : "node-1.payment.example.com",
          "port" : 8443
        }, {
          "groupName" : "iam",
          "hostName" : "login-1.example.com",
          "port" : 8443
        } ],
        "mappingsAccessed" : [ "iam", "payment", "quotes" ]
      } ]
    }
  }
}

Access Session Details

GET /system/status/sessions/{sid}

Accept application/json

Request Structure

Parameter Description Required

sid

The session identifier

yes

Response structure

Path Type Description

meta.type

String

The JSON API meta type, which is: "jsonapi.metadata.document"

meta.timestamp

String

The current server time as a timestamp.

data.type

String

The data type of the resource. Must be "com.airlock.waf.status.session" for this call.

data.id

String

The ID of the resource to be addressed.

data.attributes.returnCode

String

Result status of the query.

Allowed values:
- OK
- QUERY_SYNTAX_ERROR
- ADMIN_CONSOLE_UNREACHABLE
- INTERNAL_ERROR
- SID_NOT_FOUND

data.attributes.session.auditToken

String

Audit token.

data.attributes.session.backendHostsSelected[].groupName

String

The name of the back-end group.

data.attributes.session.backendHostsSelected[].hostName

String

When a back-end group contains more than one host and has load balancing configured, then at creation every session is assigned to one host. This field shows that assignment (only for back-end groups that have a host assignment, i.e. those that the session has accessed before).

data.attributes.session.backendHostsSelected[].port

Number

TCP port of the back-end host. This helps to identify the used service if different ports are used on the same back-end system.

data.attributes.session.cfpIncidents[]

Array

List of all client fingerprinting incidents that have occurred on this session.

data.attributes.session.cfpThresholds[]

Array

List of all client fingerprinting thresholds that have been reached, out of (Log / Notify / Block). The "Terminate" threshold will never appear because the affected sessions will be terminated immediately.

data.attributes.session.cookies[].comment

String

Cookie description.

data.attributes.session.cookies[].commentUrl

String

URL describing how the cookie is intended to be used.

data.attributes.session.cookies[].discard

Boolean

Whether the client should discard the cookie when it terminates.

data.attributes.session.cookies[].domain

String

Cookie domain attribute if set.

data.attributes.session.cookies[].expires

String

Date and time when the browser should delete the cookie.

data.attributes.session.cookies[].httpOnly

Boolean

Whether the cookie should not be exposed through channels other than HTTP(S) requests.

data.attributes.session.cookies[].maxAge

String

Number of seconds until the cookie expires.

data.attributes.session.cookies[].name

String

Name identifying the cookie.

data.attributes.session.cookies[].origin

String

Server which initially set the cookie.

data.attributes.session.cookies[].path

String

Cookie path attribute if set.

data.attributes.session.cookies[].port

String

Restricts the TCP port to which a cookie may be sent.

data.attributes.session.cookies[].secure

Boolean

Whether cookie communication should be limited to encrypted transmission.

data.attributes.session.cookies[].value

String

Stored value.

data.attributes.session.cookies[].version

String

Cookie version if applicable.

data.attributes.session.hasRoles

Boolean

Whether this session has any roles.

data.attributes.session.headers[].mapping

String

If configured, the mapping where the response header was set.

data.attributes.session.headers[].name

String

Response header name.

data.attributes.session.headers[].value

String

Response header value.

data.attributes.session.idleMax

Number

Maximum time (seconds) a session can be idle before being terminated.

data.attributes.session.idleRemaining

Number

Maximum idle time (seconds) that’s left before being terminated.

data.attributes.session.idleTime

Number

Time in seconds since the last access.

data.attributes.session.ipCreation

String

IP address used at the moment of session creation.

data.attributes.session.kerberosUsers[].mapping

String

The mapping used.

data.attributes.session.kerberosUsers[].user

String

The kerberos user.

data.attributes.session.lifetimeMax

Number

Maximum lifetime in seconds.

data.attributes.session.lifetimeRemaining

Number

Remaining lifetime in seconds.

data.attributes.session.mappingsAccessed[]

Array

List of all accessed mappings (not including requests that were redirected to "Denied access URL" for authentication).

data.attributes.session.ntlmCredentials[].mapping

String

The mapping the credential is set for.

data.attributes.session.ntlmCredentials[].value

String

Usually a combination of <username>:<password> (sensitive data is masked).

data.attributes.session.roles[].idleMax

Number

Maximum time (seconds) a session can be idle before being terminated.

data.attributes.session.roles[].idleRemaining

Number

Maximum idle time (seconds) that’s left before being terminated.

data.attributes.session.roles[].idleTime

Number

Time in seconds since the last access.

data.attributes.session.roles[].initTime

Number

Timestamp when the role was initially set.

data.attributes.session.roles[].lifetimeMax

Number

Maximum lifetime in seconds.

data.attributes.session.roles[].lifetimeRemaining

Number

Remaining lifetime in seconds.

data.attributes.session.roles[].name

String

Role name.

data.attributes.session.sid

String

Session ID.

data.attributes.session.timeCreation

String

Timestamp of session creation.

data.attributes.session.timeLast

String

Timestamp of last access.

data.attributes.session.trackingId

String

Special session tracking identifier (e.g. SSL session ID).

Example Request

$ curl "https://${AIRLOCK}/airlock/rest/system/status/sessions/12345678901234567890123456789012" -i -X GET \
    -H "Cookie: JSESSIONID=${JSESSIONID}" \
    -H 'Accept: application/json'

Example Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1992

{
  "meta" : {
    "type" : "jsonapi.metadata.document",
    "timestamp" : "2024-08-04T18:27:08.952Z"
  },
  "data" : {
    "type" : "com.airlock.waf.status.session",
    "id" : "12345678901234567890123456789012",
    "attributes" : {
      "returnCode" : "OK",
      "session" : {
        "sid" : "12345678901234567890123456789012",
        "trackingId" : "30b87285-4f58-4f21-a289-7b9dcd941a0a",
        "ipCreation" : "127.0.0.1",
        "lifetimeMax" : 0,
        "lifetimeRemaining" : 0,
        "timeCreation" : "14:27:08.949393",
        "timeLast" : "18:26:08.949462",
        "idleTime" : 60,
        "idleRemaining" : 3540,
        "idleMax" : 3600,
        "roles" : [ {
          "name" : "customer",
          "initTime" : 0,
          "lifetimeMax" : 86400,
          "lifetimeRemaining" : 72000,
          "idleTime" : 60,
          "idleRemaining" : 0,
          "idleMax" : 3600
        } ],
        "hasRoles" : true,
        "auditToken" : "audit-token",
        "backendHostsSelected" : [ {
          "groupName" : "e-banking",
          "hostName" : "node-14.payment.example.com",
          "port" : 8443
        }, {
          "groupName" : "iam",
          "hostName" : "login-2.example.com",
          "port" : 8443
        } ],
        "mappingsAccessed" : [ "iam", "payment", "quotes" ],
        "headers" : [ {
          "name" : "x-airlock-gateway-version",
          "value" : "999.9-a72d225"
        } ],
        "cookies" : [ {
          "name" : "JSESSIONID",
          "value" : "85290242ac130003 ",
          "maxAge" : "42d",
          "secure" : false,
          "discard" : false,
          "httpOnly" : true
        } ],
        "cfpIncidents" : [ "sess_userAgentChange", "req_ipChange" ],
        "cfpThresholds" : [ "Log" ],
        "ntlmCredentials" : [ {
          "value" : "test-customer",
          "mapping" : "iam"
        } ],
        "kerberosUsers" : [ {
          "user" : "user",
          "mapping" : "root"
        } ]
      }
    }
  }
}

API Changes

Notable changes between versions in the Airlock Gateway REST API are listed below. The first version of the API was introduced Airlock Gateway 7.1.

Airlock Gateway 8.0

Mapping

Removed Fields
Name Description

data[].attributes.dosAttackPrevention.whitelistIpPattern

Removed according to deprecated warning. Use data[].relationships.request-frequency-filter-ip-address-whitelist instead.

Anomaly Shield Applications

General

An Anomaly Shield Application can now have multiple training data collection traffic exclusions and response rule exceptions. The corresponding configuration was moved into a dedicated Anomaly Shield Traffic Matcher resource of which multiple can be connected to an Anomaly Shield Application via the new training-data-collection-exclusions and response-rule-exceptions relationships.

Removed Fields
Name Description

data[].attributes.anomalyDetectionAndResponse.responseRuleException.*

These settings were moved to the Anomaly Shield Traffic Matcher resource

data[].attributes.trainingDataCollection.trafficExclusion.*

These settings were moved to the Anomaly Shield Traffic Matcher resource

Changed Endpoints

New

Old

Description

PATCH /configuration/anomaly-shield-traffic-matchers/{id}/relationships/ip-address-lists

PATCH /configuration/anomaly-shield-applications/{id}/relationships/response-rule-exception/ip-address-whitelists

PATCH /configuration/anomaly-shield-applications/{id}/relationships/training-data-collection-traffic-exclusion/ip-address-lists

The IP address lists are now linked to an Anomaly Shield Traffic Matcher instead of directly to an Anomaly Shield Application

DELETE /configuration/anomaly-shield-traffic-matchers/{id}/relationships/ip-address-lists

DELETE /configuration/anomaly-shield-applications/{id}/relationships/response-rule-exception/ip-address-whitelists

DELETE /configuration/anomaly-shield-applications/{id}/relationships/training-data-collection-traffic-exclusion/ip-address-lists

The IP address lists are now linked to an Anomaly Shield Traffic Matcher instead of directly to an Anomaly Shield Application

Network Services

Removed Fields
Name Description

data.attributes.ntp.clientMode

This flag was removed because the new NTP daemon Chrony does not support MULTICAST mode. NTP is now enabled if data.attributes.ntp.servers[] is not empty.`.

Node

Removed Fields
Name Description

data.attributes.networkInterfaces.physical[].speedMode

Speed mode setting is not available anymore in 8.0

Network Interface Status

Removed Fields
Name Description

data[].attributes.availableSpeedModes[]

Speed mode setting is not available anymore in 8.0

Airlock Gateway 7.8

Mapping

Changed Endpoints
New Old Description

PATCH /configuration/mappings/{id}/relationships/back-end-groups

PATCH /configuration/mappings/{id}/relationships/back-end-group

Mappings can be connected to multiple Back-End Groups

DELETE /configuration/mappings/{id}/relationships/back-end-groups

DELETE /configuration/mappings/{id}/relationships/back-end-group

Mappings can be connected to multiple Back-End Groups

Renamed Path
New Old Description

data.relationships.back-end-group.data[]

data.relationships.back-end-group.data

Mappings can be connected to multiple Back-End Groups

Airlock Gateway 7.7

License

Renamed Path
New Old Description

data.attributes.licensedFeatures.anomalyShield

data.attributes.licensedFeatures.machineLearning

Renamed license field for consistency.

Mapping

Renamed group and id of empty Mapping Template
New Old Description

data[].attributes.group: "Airlock WAF" data[].id: "OsnY/IlkTRn1aV7AtqU1+4SNNNyfEvwwvj7fq3UTWnA="

data[].attributes.group: "Airlock Gateway" data[].id: "hPg28A988JGwBKRi2BotP6MthrM1XIT1i/expDvvPtY="

The group name was changed due to our efforts to rename Airlock WAF to Airlock Gateway. The id changed because of the group name change.

Airlock Gateway 7.6

SSL Certificate

Renamed Paths
New Old Description

data[].attributes.certificate

data[].attributes.serverCertificate

Because this end point is now also used for client certificates of Back-end groups.

Virtual Host

Removed Fields
Name Description

data[].attributes.tls.lowStrengthCiphersAllowed

This flag was removed and replaced by data[].attributes.tls.protocol and the expert setting SSLInsecureRenegotiation On.

Airlock Gateway 7.5

Activation

New Option
New Description

options.ignoreOutdatedConfiguration

This new option has to be set to true in the activation call after the import of a configuration or after a rollback to a previously active configuration: "options.ignoreOutdatedConfiguration" : true

Node

Renamed Paths
New Old Description

data.attributes.managementAddresses[].ipAddress

data.attributes.managementAddresses[].ipV4Address

Support IPv4 and IPv6 for management address instead of only IPv4.

data.attributes.backendAddresses[].ipAddress

data.attributes.backendAddresses[].ipV4Address

Support IPv4 and IPv6 for back-end address instead of only IPv4.

networkInterfaces.physical[].dhcpMode

networkInterfaces.physical[].enableDhcp

Support DHCPv4 and DHCPv6 instead of only DHCPv4.

Log Settings

Renamed Paths
New Old Description

data.attributes.forwards[].hostName + data.attributes.forwards[].port

data.attributes.forwards[].hostName

Log forwarding host port is in a separate field.

Airlock Gateway 7.4

General

Content-Type "application/json;charset=UTF-8" has been replaced through Content-Type "application/json" in the REST API responses.

Airlock Gateway 7.3

Mapping

Changed Endpoints
New Old Description

GET /configuration/mappings/{id}/export - returns application/zip

GET /configuration/mappings/{id}/export-mapping - returns application/zip

Export a Mapping

PUT /configuration/mappings/import - returns data[]

PUT /configuration/mappings/import-mapping - returns data

Import Mappings (New or Replace)

POST /configuration/mappings/import - returns data[]

POST /configuration/mappings/import-mapping - returns data

Import Mappings (As New Copy)

POST /configuration/mappings/pull-from-uploaded-mappings - returns data[]

POST /configuration/mappings/pull-from-uploaded-mappings - returns data

Apply Unlocked Settings from Import

Renamed Paths
New Old Description

data.attributes.access.tokenVerification.claimExtractions[]

data.attributes.access.tokenVerification.roleExtractions[]

data.attributes.locking.access.tokenVerification.claimExtractions[]

data.attributes.locking.access.tokenVerification.roleExtractions[]

data.attributes.apiSecurity.jsonParser

data.attributes.application.request.jsonParser

data.attributes.locking.apiSecurity.jsonParser

data.attributes.locking.application.request.jsonParser

Airlock Gateway 7.2

Mapping

Renamed Paths
New Old Description

data.attributes.access.backendLogoutUrl

data.attributes.application.backendLogoutUrl

Whenever an Airlock Gateway session terminates (either due to an explicit logout by the user or due to a session timeout), Airlock Gateway will call the given, unmodified path on the currently used back-end host with all information concerning this back-end application such as cookies, headers, etc. to allow clean session termination on the backend host.

data.attributes.locking.access.backendLogoutUrl

data.attributes.locking.application.backendLogoutUrl

Lock for the corresponding member.

data.attributes.access.authorizedRoles

data.attributes.access.restrictions

Specifies a list of access restrictions. Each request that matches the combination of HTTP method and path of an entry must have at least one of the specified roles to access the service.

data.attributes.locking.access.authorizedRoles

data.attributes.locking.access.restrictions

Lock for the corresponding member.