Introduction
The Airlock Gateway REST API supports manipulation of virtual hosts, mappings, back-end groups and certificates. Before using the Airlock Gateway REST API for the first time, an API key must be generated in the Configuration Center or using the airlock-user-manager-tool. API keys for a read-only user must be generated with the tool.
Typical Call Sequence
The call sequence of a typical REST API interaction is as follows:
-
Creating an Airlock REST Session
The first call must create a REST session. In this call, the generated API key must be sent as an
Authorization: Bearer
header. The session is identified by theJSESSIONID
cookie provided in the response. This cookie must be appended to all subsequent calls of the same session. -
Loading a Configuration
Handling of configurations is similar to the Configuration Center UI. A configuration must first be loaded, then edited and finally activated or saved. After activation/saving, a new configuration entry is available. Before activating/saving the edited configuration is only available in the current session context and not persisted. Note that the currently active configuration is not automatically loaded. In order to do so call Load the Active Configuration. For an overview of the available configuration actions, have a look at section Configurations.
-
Manipulating Objects
Once a configuration is loaded, the actual manipulation of objects may start. Arbitrary calls on virtual hosts, mappings, back-end groups or certificate resources may be sent. Each call updates the state of the configuration and subsequent calls operate on the most current state of the configuration.
To access specific resources directly, e.g. to load a mapping by its name, use the
filter
parameter. Supported parameters vary depending on the accessed objects. Please refer to the corresponding call for accessing all objects, e.g. Access all Mappings, for details on the supported filter parameters. -
Validating Changes
When configuration manipulation is finished, validation messages can be retrieved. Messages with severity
ERROR
prevent activation of the configuration. -
Activating or Saving the Configuration
-
Terminating the REST Session
After the session is finished, the session must be terminated.
Best Practices for Configuration Staging
When a service configuration is staged from development through testing into production, several processes are involved. Regarding the Airlock Gateway configuration, an approach based on common configuration templates is most suitable:
Configuration Templating
While the REST API supports export and import of entire mappings (e.g. Import Mappings (New or Replace)), the JSON objects received from GET calls (e.g. virtual hosts or back-end groups) may serve as templates as well and be used in UPDATE/PATCH calls. Integration aspects of a service should be covered by these environment-agnostic template objects. For instance, the choices of adequate security levels for deny rules and possible exceptions should be made during initial (and continuous) service integration. This integration process is best supported by features of the graphical user interface, such as the policy learning dashboard.
Service Deployment
When a service is deployed, configuration templates must be enriched with environment-specific attributes (e.g., IP addresses, hostnames, certificates, paths, etc.).
This process is typically fully automated and supported by the Airlock Gateway REST API. Parameterization of template objects could be done by replacing placeholders
in template JSON objects before calling the corresponding UPDATE
or PATCH
action. For mappings, which contain by far the most configuration attributes,
we have added sophisticated staging features to the REST API: Source mappings and locked attributes. That is, a common source mapping may serve as the integration
template for all environments and be synchronized using import/export calls. The environment-specfic parameters may be mixed in by deriving from the template
mapping and overriding specific attributes. Note that Airlock system templates (e.g., the Exchange mapping templates) may also be used as source mappings.
Have a look at these calls for more information:
-
Export Mappings: Export a Mapping and Export Mappings
-
Import Mappings: Import Mappings (New or Replace) or Import Mappings (As New Copy)
-
Applying unlocked settings from a source mapping: Apply Unlocked Settings from Source Mapping or Apply Unlocked Settings from Import
-
Defining a source mapping: Attribute
data.attributes.mappingTemplateName
in the mapping object -
Defining locked attributes on mappings:
data[].attributes.locking.*
in the mapping object
Reference Handling
Airlock Gateway’s configuration objects hold many references to each other, e.g., mappings are linked to virtual hosts and back-end groups and certificates are linked to virtual hosts. These references are managed by separate relationship REST endpoints (see e.g. Add Virtual Host Connections).
JSON:API Format
Where applicable, the Airlock Gateway REST API follows the JSON:API specification. In a nutshell, it specifies a schema for the request and response JSON objects. Top-level JSON:API documents contains at least one resource object, a collection of resource objects or a certain amount of error objects. In addition, a metadata object may be provided. Every resource object has a symbolic type and an id. Attributes are located in an attribute object.
HTTP Verbs
Verb | Usage |
---|---|
|
Used to retrieve a resource. |
|
Used to create a new resource. |
|
Used to update an existing resource, including partial updates. |
|
Used to delete an existing resource. |
Using PATCH
When using PATCH to update an existing resource, the following attributes must be provided:
-
data[].type
-
data[].id
-
At least one element in the
data[].attributes
object
The data[].id attribute and the resource identifier path segment MUST be equal.
|
For lists and arrays within the data[].attributes
object, the complete list/array must be provided.
For instance, this is how to PATCH
the maintenance page flag on mapping 42
:
PATCH https://${AIRLOCK}/airlock/rest/configuration/mappings/42 HTTP/1.1
Content-Type: application/json
Cookie: JSESSIONID=1810C58523C084F6ED5C237C09B70CB7
Accept: application/json
Host: $AIRLOCK
{
"data": {
"type": "mapping",
"id": 42,
"attributes": {
"enableMaintenancePage": true
}
}
}
Note: The placeholder "${AIRLOCK}" in the example above must be replaced with the hostname of the targeted Airlock Gateway.
HTTP Status Codes
Status code | Usage |
---|---|
|
The request completed successfully. This status code is returned e.g. by a successful GET request. |
|
A new resource has been successfully created with a POST request. |
|
The request completed successfully. This status code is returned e.g. by a successful DELETE or PATCH request. |
|
The request was malformed. |
|
Invalid or missing authentication. |
|
Insufficient credentials or call is not allowed. |
|
The requested resource or entity did not exist. |
|
The REST endpoint doesn’t support the payload format. |
|
The service call did not succeed. |
Note: The JSON:API specification describes the possible HTTP status codes for the various HTTP verbs. Generally HTTP status codes 2xx (like 200, 204, …) indicate that the requested operation was successful.
Date Format
Timestamps retrieved via REST API conform to the format (ISO-8601):
yyyy-MM-dd'T'HH:mm:ss.SSSXXX
An example of such a timestamp is:
2011-12-03T10:15:30.000+01:00
Search and Filtering
Some endpoints allow to apply a filter. The query parameter that facilitates a search filter is called filter
. A single filter has the structure:
property operator value
where
-
property
is the field in the JSON structure to which the filter refers to -
operator
defines what kind of search is performed. It can either be an exact search==
or a substring search=@
-
value
the value that is being searched for (case sensitive!)
All of the following examples do not use URL encoding for better readability. |
Note: The placeholder "${AIRLOCK}" in the following examples must be replaced with the hostname of the targeted Airlock Gateway.
An example for an exact search on a back-end group’s name is:
GET https://${AIRLOCK}/airlock/rest/configuration/back-end-groups?filter=name==mySearchTerm
An example for a substring search is:
GET https://${AIRLOCK}/airlock/rest/configuration/back-end-groups?filter=name=@mySearchTerm
Filters can be combined using AND logic by providing multiple filter parameters. For example, to search for
all validator messages of type WARNING
for all back-end groups, the query is:
GET https://${AIRLOCK}/airlock/rest/configuration/validator-messages?filter=severity=warning&filter=type==back-end-group
Filters can also be combined using OR logic by using commas inside a filter expression. For example, to search for all virtual hosts with either name equal to 'mySearchTerm' or HTTP port equal to 88, the query is:
GET https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts?filter=name==mySearchTerm,networkInterface.http.port==88
Response Format
Responses in the Airlock Gateway REST API follow the JSON:API specification as defined in JSON:API specification.
JSON:API distinguishes between regular and error responses, where errors have a HTTP status code in the range 4XX
or 5XX
.
Error responses are generic and decribed below.
Error Response
Error responses are sent to the client, if either the user provides wrong input, or if server-side errors occur.
They have HTTP status codes in the range 4XX
(client errors) or 5XX
(server errors).
Example
{
"meta": {
"type": "jsonapi.metadata.document",
"timestamp": "2018-04-23T10:36:12.193+02:00"
},
"errors": [
{
"code": "ENTITY_NOT_FOUND"
}
]
}
404 (NOT FOUND) response
A call will be answered with a 404 - NOT FOUND response if the requested resource cannot be found. This might be the case if
-
the requested URL contains a typo
-
the requested URL contains an identifier but no entity with this identifier exists in the context of the current request. In cases where the entity that could not be found, the error code
ENTITY_NOT_FOUND
is set in the response.
409 (CONFLICT) response
A call will be answered with a 409 - CONFLICT response if the requested entity is read-only (a default entity) and would be modified
-
the ID of the entity refers to a default entity that cannot be modified
-
A property of the modified entity is read-only.
415 (UNSUPPORTED MEDIA TYPE) response
The HTTP status code 415 - UNSUPPORTED MEDIA TYPE indicates that the server refuses to accept the request because the payload
format is in an unsupported format. The format problem might be due to the request’s indicated Content-Type
or Content-Encoding
,
or as a result of inspecting the data directly.
Where applicable the endpoint declares the accepted Content-Type which is typically application/json
.
Error Codes
Error objects can contain an optional code that gives more detail about the error situation. Currently, the following generic error codes can occur:
-
CONFIGURATION_LOAD_REQUIRED
: the operation requires to load a configuration. -
ENTITY_NOT_FOUND
: the specified resource could not be found. -
INVALID_REQUEST_FORMAT
: the request format is syntactically invalid (parse error). -
INVALID_VALUE
: the request contains invalid values. For more information see logs.
Examples
The following examples illustrate the typical call sequence for enabling the maintenance page on a given mapping. One example uses Python, one bash.
Python Example
#!/usr/bin/env python3
import requests
import urllib3
from urllib.parse import urlencode
from json import dumps
TOKEN = 'Bearer ...'
AIRLOCK_HOSTNAME = '...'
BASE_URL = f"https://{AIRLOCK_HOSTNAME}/airlock/rest"
HEADERS = {
'Authorization': TOKEN,
'Accept': 'application/json',
'Content-Type': 'application/json'
}
urllib3.disable_warnings()
session = requests.session()
session.verify = False
session.headers.update(HEADERS)
def build_url(*res, **params):
u = BASE_URL
for r in res:
u = '{}/{}'.format(u, r)
if params:
u = '{}?{}'.format(u, urlencode(params))
return u
try:
url = build_url('session/create')
response = session.post(url)
response.raise_for_status()
url = build_url('configuration/configurations/load-active')
response = session.post(url)
response.raise_for_status()
url = build_url('configuration/mappings', filter='name==auth')
response = session.get(url)
response.raise_for_status()
mapping_id = response.json()['data'][0]['id']
data = {
'data': {
'type': 'mapping',
'id': mapping_id,
'attributes': {
'enableMaintenancePage': True,
}
}
}
url = build_url('configuration/mappings', mapping_id)
response = session.patch(url, data=dumps(data))
response.raise_for_status()
url = build_url('configuration/validator-messages', filter='meta.severity==error')
response = session.get(url)
response.raise_for_status()
error_count = len(response.json()['data'])
if error_count != 0:
raise RuntimeError('Configuration is invalid')
data = {'comment': 'Enable maintenance page for mapping auth'}
url = build_url('configuration/configurations/activate')
response = session.post(url, data=dumps(data))
response.raise_for_status()
print('Maintenance page set successfully')
finally:
url = build_url('session/terminate')
response = session.post(url)
response.raise_for_status()
Bash Example
#!/bin/bash
#
TOKEN="Bearer ..."
AIRLOCK_HOSTNAME="..."
BASE_URL="https://${AIRLOCK_HOSTNAME}/airlock/rest"
COOKIE=$(mktemp)
CURL="curl --insecure --silent --header 'Accept: application/json' --cookie-jar ${COOKIE} --cookie ${COOKIE}"
MAPPING_NAME='auth'
function assertHttpStatusCode2xx() {
httpStatusCode=$1
if [[ ! ${httpStatusCode} =~ 20[014] ]];then
echo >&2 "Expected HTTP status codes: 200/201/204. Actual status code: ${httpStatusCode}"
exit 1
fi
}
trap 'rm -f -- "${COOKIE}"' INT TERM HUP EXIT
# create session
HTTP_STATUS_CODE=$(${CURL} ${BASE_URL}/session/create \
--request POST \
--header "Authorization: ${TOKEN}" \
--write-out "%{http_code}")
assertHttpStatusCode2xx ${HTTP_STATUS_CODE}
# load the active configuration
HTTP_STATUS_CODE=$(${CURL} ${BASE_URL}/configuration/configurations/load-active \
--request POST \
--write-out "%{http_code}" \
--output /dev/null)
assertHttpStatusCode2xx ${HTTP_STATUS_CODE}
# search mapping with name 'auth'
MAPPING_AUTH_COUNT=$(${CURL} ${BASE_URL}/configuration/mappings?filter=name%3D%3D${MAPPING_NAME} | jq ".data | length")
if [[ ${MAPPING_AUTH_COUNT} -ne 1 ]]; then
echo >&2 "Could not find mapping '${MAPPING_NAME}'"
exit 1
fi
MAPPING_ID=$(${CURL} ${BASE_URL}/configuration/mappings?filter=name%3D%3D${MAPPING_NAME} | jq -r '.data[].id')
# enable maintenance page
HTTP_STATUS_CODE=$(${CURL} ${BASE_URL}/configuration/mappings/${MAPPING_ID} \
--request PATCH \
--write-out "%{http_code}" \
--output /dev/null \
--header 'Content-Type: application/json' \
--data '{ "data" : { "type" : "mapping", "attributes" : { "enableMaintenancePage" : true }}}')
assertHttpStatusCode2xx ${HTTP_STATUS_CODE}
# verify configuration
ERROR_COUNT=$(${CURL} ${BASE_URL}/configuration/validator-messages?filter=meta.severity%3D%3Derror | jq ".data | length")
if [[ ${ERROR_COUNT} -ne 0 ]]; then
echo >&2 "Configuration is invalid"
exit 1
fi
# activate configuration
HTTP_STATUS_CODE=$(${CURL} ${BASE_URL}/configuration/configurations/activate \
--request POST \
--write-out "%{http_code}" \
--header 'Content-Type: application/json' \
--data '{ "comment" : "Enable maintenance page for mapping auth" }')
assertHttpStatusCode2xx ${HTTP_STATUS_CODE}
# terminate session
HTTP_STATUS_CODE=$(${CURL} ${BASE_URL}/session/terminate \
--request POST \
--write-out "%{http_code}" \
--output /dev/null)
assertHttpStatusCode2xx ${HTTP_STATUS_CODE}
echo "Maintenance page set successfully"
Authentication
Overview
The first REST call to create a session must be authenticated with an "Authorization: Bearer" header and a valid JWT token. The issued tokens have a validity period of 2 years. Existing tokens can be revoked or deleted at any time. If a token is invalid or expired the REST call will return the HTTP status code '403'.
Create a Token
In the Airlock Configuration Center - 'System Admin, any user with the role 'airlock-administrator' can generate or renew the token. Regeneration of a token renders any older token invalid.
Usage
Once the token is issued it can be used in scripts to authenticate the REST call. To authenticate and create a session the resource /session/create must be called. All future calls must then use the issued JSESSIONID cookie.
Create a Session
POST /session/create
The call to /session/create does not implicitly load a configuration. Please refer to Load the Active Configuration or Load a Configuration for more information.
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/session/create" -i -X POST \
-H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIwIiwibmFtZSI6IkpvaG4gRG9lIn0.Zg5Pnu-F_JPWNf2QrQb6BACHw6IUPptKuMlPaTwOhHo' \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Terminate a Session
POST /session/terminate
This terminates the session, any unsaved or unactivated configuration changes will be lost.
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/session/terminate" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Configurations
Access all Configurations
GET /configuration/configurations
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "configuration" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Comment describing the changes made. |
|
|
Configuration file type. Allowed values: |
|
|
Time when the configuration was created. |
|
|
Name of the user who created the configuration. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/configurations" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 607
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:17.845Z"
},
"data" : [ {
"type" : "configuration",
"id" : "87",
"attributes" : {
"createdBy" : "admin",
"createdAt" : "2024-10-28T19:02:17.842Z",
"comment" : "Added a new mapping",
"configType" : "CURRENTLY_ACTIVE"
}
}, {
"type" : "configuration",
"id" : "39",
"attributes" : {
"createdBy" : "admin",
"createdAt" : "2024-10-28T18:55:17.844Z",
"comment" : "Saving config with new back-end group",
"configType" : "SAVED"
}
} ]
}
Load a Configuration
POST /configuration/configurations/{id}/load
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/configurations/1/load" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Load an Empty Configuration
POST /configuration/configurations/load-empty-config
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/configurations/load-empty-config" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Load the Active Configuration
POST /configuration/configurations/load-active
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/configurations/load-active" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Save a Configuration
POST /configuration/configurations/save
Content-Type application/json
Accept application/json
Allows to save a configuration.
Status Code | Description |
---|---|
200 |
The configuration was successfully saved. |
400 |
No configuration was loaded before. |
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
no |
Optional comment describing the change. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "configuration" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Comment describing the changes made. |
|
|
Configuration file type. Allowed values: |
|
|
Time when the configuration was created. |
|
|
Name of the user who created the configuration. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/configurations/save" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"comment" : "describing the changes made"
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 353
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:17.936Z"
},
"data" : {
"type" : "configuration",
"id" : "1",
"attributes" : {
"createdBy" : "admin",
"createdAt" : "2024-10-28T19:32:17.934Z",
"comment" : "describing the changes made",
"configType" : "SAVED"
}
}
}
Delete a Configuration
DELETE /configuration/configurations/{id}
Allows to delete a configuration. Note that deletion is not allowed for the currently active and the initial configuration and will be answered with a 403 status code.
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/configurations/1" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Activate a Configuration
POST /configuration/configurations/activate
Content-Type application/json
Performing an activation. Depending on the outcome of the activation, the server responds with different HTTP status codes:
Status Code | Description |
---|---|
200 |
The activation was successful. |
400 |
The configuration has validation errors and thus cannot be activated or no configuration was loaded. |
409 |
The activation could not be completed due to a conflict with the current state of the configuration. Possible reasons are:
|
500 |
The activation fails for some reason. |
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
no |
Optional comment describing the change. |
|
|
no |
Whether the activation should try to merge concurrent activation attempts. If set to Default value: |
|
|
no |
Whether the activation should perform the changes also on the other host in a failover setup. Default value: |
|
|
no |
Whether the activation should ignore when another user changed the active configuration during your session. Default value: |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/configurations/activate" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"comment" : "Describing my changes for this activation",
"options" : {
"ignoreOutdatedConfiguration" : false,
"autoMerge" : true,
"failoverActivation" : true
}
}'
Example Response
HTTP/1.1 200 OK
Export the Current Configuration
GET /configuration/configurations/export
Accept application/zip
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/configurations/export" -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/zip' \
-o '/tmp/download.zip'
Example Response
HTTP/1.1 200 OK
Content-Type: application/zip
Content-Length: 1
Export a Configuration
GET /configuration/configurations/{id}/export
Accept application/zip
Request a Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/configurations/1/export" -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/zip' \
-o '/tmp/download.zip'
Example Response
HTTP/1.1 200 OK
Content-Type: application/zip
Content-Length: 1
Import Configuration
PUT /configuration/configurations/import
Content-Type application/zip
Note that prior to the import, a configuration must first be loaded.
After the configuration import the option "options.ignoreOutdatedConfiguration" has to be set to true in the activation call.
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/configurations/import" -i -X PUT \
-H 'Content-Type: application/zip' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
--data-binary '@/tmp/upload.zip'
Example Response
HTTP/1.1 200 OK
Virtual Host
Access all Virtual Hosts
GET /configuration/virtual-hosts
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
Optionally allows to filter by: 'name', 'hostName', 'networkInterface.http.port', 'networkInterface.https.port', 'networkInterface.http.enabled' and 'networkInterface.https.enabled'. Click here for more details about the syntax. |
no |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "virtual-host" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Additional server aliases for this virtual host. |
|
|
The URL to which clients accessing the root directory of the entry server (without a more qualified path) will be redirected. |
|
|
Whether PDF documents (detected by their content-type application/pdf) are always downloaded as attachments (instead of being displayed within the browser). |
|
|
Whether encoded slashes (%2F) are allowed in the URL path. |
|
|
Expert settings for the Apache web listener. |
|
|
Whether the Apache expert settings are enabled. |
|
|
Expert settings for the Apache web listener. |
|
|
Expert settings for the Security Gate. |
|
|
Whether the Security Gate expert settings are enabled. |
|
|
Expert settings for the Security Gate. |
|
|
Hostname of the virtual host. |
|
|
HTTP keep-alive timeout in seconds for this virtual host. A value of 0 (zero) disables the HTTP keep-alive function. |
|
|
The logical name of the virtual host. |
|
|
The external network interface for this virtual host to receive requests. |
|
|
Whether HTTP connections are enabled for this host. |
|
|
Whether to redirect all HTTP traffic to HTTPS on this virtual host. |
|
|
Port on which this host listens for HTTP connections. |
|
|
Whether HTTPS (SSL/TLS) connections are enabled for this host. |
|
|
Whether HTTP/2 connections are enabled for this host. HTTP/2 can only be enabled for hosts with enabled HTTPS. |
|
|
Port on which this host listens for HTTPS (SSL/TLS) connections. |
|
|
The IPv4 address in CIDR format. |
|
|
The IPv6 address in CIDR format. |
|
|
Dynamic URL redirects of the virtual host. |
|
|
Pattern for paths which shall be redirected. If a matching redirect path is detected, the client will be redirected to the redirect destination. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Status code to use in the redirect response. Allowed values: |
|
|
Destination to which the client shall be redirected. |
|
|
Email address of the server administrator. It is used as contact information for ACME services functionality (e.g. Let’s Encrypt). |
|
|
Domain for Airlock’s session cookie if the cookie is created inside this virtual host. |
|
|
Cookie path for Airlock’s session cookie if the cookie is created inside this virtual host. |
|
|
Whether Airlock Gateway should display a maintenance page instead of performing the request to the back-end server. |
|
|
Whether a virtual host should reply only to requests that match its hostname or any of its server alias names. |
|
|
Tenant of the virtual host. |
|
|
The CA certificates (PEM format) which are used as "trust anchor" during chain and OCSP validation. |
|
|
The Certificate Authorities which are sent to the client during SSL handshake (CA-certificates in PEM format). |
|
|
Allowed values: |
|
|
The maximum number of intermediate certificate issuers, i.e. the number of CA certificates which are allowed at maximum to be followed while verifying the client certificate. |
|
|
Colon separated list of ciphers that the client is permitted to negotiate. See the mod_ssl documentation for a complete list. |
|
|
Allowed values: |
|
|
Allowed values: |
|
|
Whether OCSP stapling, as defined by the "Certificate Status Request" TLS extension specified in RFC 6066, is enabled. |
|
|
Whether OCSP validation of the client certificate chain is enabled. |
|
|
Allowed and restricted protocols. See the mod_ssl documentation for more information. |
|
|
Allowed values: |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The acme-service references. |
|
|
The data type of the referenced resource. Must be "acme-service" for this call. |
|
|
The ID of the acme-service resource. |
|
|
The ssl-certificate references. |
|
|
The data type of the referenced resource. Must be "ssl-certificate" for this call. |
|
|
The ID of the ssl-certificate resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts?filter=name%3D%3DmyVirtualHost" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2685
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:34:01.506Z"
},
"data" : [ {
"type" : "virtual-host",
"id" : "1",
"attributes" : {
"name" : "myVirtualHost",
"tenant" : "",
"hostName" : "myvirtualhost.example.com",
"aliasNames" : [ "Alias1DemoHost", "Alias2DemoHost" ],
"showMaintenancePage" : false,
"strictlyMatchFullyQualifiedDomainName" : true,
"keepAliveTimeout" : 100,
"encodedSlashesAllowed" : true,
"downloadPdfsAsAttachmentsEnforced" : true,
"serverAdmin" : "admin@example.com",
"defaultRedirect" : "/",
"pathRedirects" : [ {
"from" : {
"pattern" : "/sale",
"caseIgnored" : false
},
"to" : "/eshop/products.asp?id=3342",
"redirectStatusCode" : "MOVED_PERMANENTLY"
} ],
"networkInterface" : {
"externalLogicalInterfaceName" : "EXTERNAL",
"ipV4Address" : "87.239.214.12/24",
"ipV6Address" : "2001:500:2::c/64",
"http" : {
"enabled" : true,
"port" : 80,
"httpsRedirectEnforced" : false
},
"https" : {
"enabled" : false,
"port" : 443,
"http2Allowed" : true
}
},
"tls" : {
"protocol" : "all -TLSv1 -TLSv1.1",
"protocolMode" : "DEFAULT",
"cipherSuite" : "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256",
"cipherSuiteMode" : "DEFAULT",
"ocspStaplingEnabled" : false,
"certificateMode" : "CERTIFICATE",
"clientCertificateAuthentication" : "NOT_REQUIRED",
"chainVerificationDepth" : 1,
"ocspValidationEnforced" : false,
"caCertificatesForClientCertificateSelection" : [ ],
"caCertificatesForChainAndOcspValidation" : [ ]
},
"session" : {
"cookiePath" : "/",
"cookieDomain" : "example.com"
},
"expertSettings" : {
"securityGate" : {
"enabled" : false,
"settings" : ""
},
"apache" : {
"enabled" : false,
"settings" : ""
}
}
},
"relationships" : {
"mappings" : {
"data" : [ {
"type" : "mapping",
"id" : "50"
} ]
},
"ssl-certificate" : {
"data" : {
"type" : "ssl-certificate",
"id" : "-1000"
}
},
"acme-service" : {
"data" : {
"type" : "acme-service",
"id" : "-1100"
}
}
}
} ]
}
Access a Virtual Host
GET /configuration/virtual-hosts/{id}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "virtual-host" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Additional server aliases for this virtual host. |
|
|
The URL to which clients accessing the root directory of the entry server (without a more qualified path) will be redirected. |
|
|
Whether PDF documents (detected by their content-type application/pdf) are always downloaded as attachments (instead of being displayed within the browser). |
|
|
Whether encoded slashes (%2F) are allowed in the URL path. |
|
|
Expert settings for the Apache web listener. |
|
|
Whether the Apache expert settings are enabled. |
|
|
Expert settings for the Apache web listener. |
|
|
Expert settings for the Security Gate. |
|
|
Whether the Security Gate expert settings are enabled. |
|
|
Expert settings for the Security Gate. |
|
|
Hostname of the virtual host. |
|
|
HTTP keep-alive timeout in seconds for this virtual host. A value of 0 (zero) disables the HTTP keep-alive function. |
|
|
The logical name of the virtual host. |
|
|
The external network interface for this virtual host to receive requests. |
|
|
Whether HTTP connections are enabled for this host. |
|
|
Whether to redirect all HTTP traffic to HTTPS on this virtual host. |
|
|
Port on which this host listens for HTTP connections. |
|
|
Whether HTTPS (SSL/TLS) connections are enabled for this host. |
|
|
Whether HTTP/2 connections are enabled for this host. HTTP/2 can only be enabled for hosts with enabled HTTPS. |
|
|
Port on which this host listens for HTTPS (SSL/TLS) connections. |
|
|
The IPv4 address in CIDR format. |
|
|
The IPv6 address in CIDR format. |
|
|
Dynamic URL redirects of the virtual host. |
|
|
Pattern for paths which shall be redirected. If a matching redirect path is detected, the client will be redirected to the redirect destination. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Status code to use in the redirect response. Allowed values: |
|
|
Destination to which the client shall be redirected. |
|
|
Email address of the server administrator. It is used as contact information for ACME services functionality (e.g. Let’s Encrypt). |
|
|
Domain for Airlock’s session cookie if the cookie is created inside this virtual host. |
|
|
Cookie path for Airlock’s session cookie if the cookie is created inside this virtual host. |
|
|
Whether Airlock Gateway should display a maintenance page instead of performing the request to the back-end server. |
|
|
Whether a virtual host should reply only to requests that match its hostname or any of its server alias names. |
|
|
Tenant of the virtual host. |
|
|
The CA certificates (PEM format) which are used as "trust anchor" during chain and OCSP validation. |
|
|
The Certificate Authorities which are sent to the client during SSL handshake (CA-certificates in PEM format). |
|
|
Allowed values: |
|
|
The maximum number of intermediate certificate issuers, i.e. the number of CA certificates which are allowed at maximum to be followed while verifying the client certificate. |
|
|
Colon separated list of ciphers that the client is permitted to negotiate. See the mod_ssl documentation for a complete list. |
|
|
Allowed values: |
|
|
Allowed values: |
|
|
Whether OCSP stapling, as defined by the "Certificate Status Request" TLS extension specified in RFC 6066, is enabled. |
|
|
Whether OCSP validation of the client certificate chain is enabled. |
|
|
Allowed and restricted protocols. See the mod_ssl documentation for more information. |
|
|
Allowed values: |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The acme-service references. |
|
|
The data type of the referenced resource. Must be "acme-service" for this call. |
|
|
The ID of the acme-service resource. |
|
|
The ssl-certificate references. |
|
|
The data type of the referenced resource. Must be "ssl-certificate" for this call. |
|
|
The ID of the ssl-certificate resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts/2" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2681
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:34:01.098Z"
},
"data" : {
"type" : "virtual-host",
"id" : "2",
"attributes" : {
"name" : "myVirtualHost",
"tenant" : "",
"hostName" : "myvirtualhost.example.com",
"aliasNames" : [ "Alias1DemoHost", "Alias2DemoHost" ],
"showMaintenancePage" : false,
"strictlyMatchFullyQualifiedDomainName" : true,
"keepAliveTimeout" : 100,
"encodedSlashesAllowed" : true,
"downloadPdfsAsAttachmentsEnforced" : true,
"serverAdmin" : "admin@example.com",
"defaultRedirect" : "/",
"pathRedirects" : [ {
"from" : {
"pattern" : "/sale",
"caseIgnored" : false
},
"to" : "/eshop/products.asp?id=3342",
"redirectStatusCode" : "MOVED_PERMANENTLY"
} ],
"networkInterface" : {
"externalLogicalInterfaceName" : "EXTERNAL",
"ipV4Address" : "87.239.214.12/24",
"ipV6Address" : "2001:500:2::c/64",
"http" : {
"enabled" : true,
"port" : 80,
"httpsRedirectEnforced" : false
},
"https" : {
"enabled" : false,
"port" : 443,
"http2Allowed" : true
}
},
"tls" : {
"protocol" : "all -TLSv1 -TLSv1.1",
"protocolMode" : "DEFAULT",
"cipherSuite" : "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256",
"cipherSuiteMode" : "DEFAULT",
"ocspStaplingEnabled" : false,
"certificateMode" : "CERTIFICATE",
"clientCertificateAuthentication" : "NOT_REQUIRED",
"chainVerificationDepth" : 1,
"ocspValidationEnforced" : false,
"caCertificatesForClientCertificateSelection" : [ ],
"caCertificatesForChainAndOcspValidation" : [ ]
},
"session" : {
"cookiePath" : "/",
"cookieDomain" : "example.com"
},
"expertSettings" : {
"securityGate" : {
"enabled" : false,
"settings" : ""
},
"apache" : {
"enabled" : false,
"settings" : ""
}
}
},
"relationships" : {
"mappings" : {
"data" : [ {
"type" : "mapping",
"id" : "50"
} ]
},
"ssl-certificate" : {
"data" : {
"type" : "ssl-certificate",
"id" : "-1000"
}
},
"acme-service" : {
"data" : {
"type" : "acme-service",
"id" : "-1100"
}
}
}
}
}
Create a Virtual Host
POST /configuration/virtual-hosts
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "virtual-host" for this call. |
|
|
yes |
Additional server aliases for this virtual host. |
|
|
yes |
The URL to which clients accessing the root directory of the entry server (without a more qualified path) will be redirected. |
|
|
yes |
Whether PDF documents (detected by their content-type application/pdf) are always downloaded as attachments (instead of being displayed within the browser). |
|
|
yes |
Whether encoded slashes (%2F) are allowed in the URL path. |
|
|
yes |
Expert settings for the Apache web listener. |
|
|
yes |
Whether the Apache expert settings are enabled. |
|
|
yes |
Expert settings for the Apache web listener. |
|
|
yes |
Expert settings for the Security Gate. |
|
|
yes |
Whether the Security Gate expert settings are enabled. |
|
|
yes |
Expert settings for the Security Gate. |
|
|
yes |
Hostname of the virtual host. |
|
|
yes |
HTTP keep-alive timeout in seconds for this virtual host. A value of 0 (zero) disables the HTTP keep-alive function. |
|
|
yes |
The logical name of the virtual host. |
|
|
yes |
The external network interface for this virtual host to receive requests. |
|
|
yes |
Whether HTTP connections are enabled for this host. |
|
|
yes |
Whether to redirect all HTTP traffic to HTTPS on this virtual host. |
|
|
yes |
Port on which this host listens for HTTP connections. |
|
|
yes |
Whether HTTPS (SSL/TLS) connections are enabled for this host. |
|
|
yes |
Whether HTTP/2 connections are enabled for this host. HTTP/2 can only be enabled for hosts with enabled HTTPS. |
|
|
yes |
Port on which this host listens for HTTPS (SSL/TLS) connections. |
|
|
yes |
The IPv4 address in CIDR format. |
|
|
yes |
The IPv6 address in CIDR format. |
|
|
yes |
Dynamic URL redirects of the virtual host. |
|
|
yes |
Pattern for paths which shall be redirected. If a matching redirect path is detected, the client will be redirected to the redirect destination. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
The actual pattern. |
|
|
yes |
Status code to use in the redirect response. Allowed values: |
|
|
yes |
Destination to which the client shall be redirected. |
|
|
yes |
Email address of the server administrator. It is used as contact information for ACME services functionality (e.g. Let’s Encrypt). |
|
|
yes |
Domain for Airlock’s session cookie if the cookie is created inside this virtual host. |
|
|
yes |
Cookie path for Airlock’s session cookie if the cookie is created inside this virtual host. |
|
|
yes |
Whether Airlock Gateway should display a maintenance page instead of performing the request to the back-end server. |
|
|
yes |
Whether a virtual host should reply only to requests that match its hostname or any of its server alias names. |
|
|
yes |
Tenant of the virtual host. |
|
|
yes |
The CA certificates (PEM format) which are used as "trust anchor" during chain and OCSP validation. |
|
|
yes |
The Certificate Authorities which are sent to the client during SSL handshake (CA-certificates in PEM format). |
|
|
yes |
Allowed values: |
|
|
yes |
The maximum number of intermediate certificate issuers, i.e. the number of CA certificates which are allowed at maximum to be followed while verifying the client certificate. |
|
|
yes |
Colon separated list of ciphers that the client is permitted to negotiate. See the mod_ssl documentation for a complete list. |
|
|
yes |
Allowed values: |
|
|
yes |
Allowed values: |
|
|
yes |
Whether OCSP stapling, as defined by the "Certificate Status Request" TLS extension specified in RFC 6066, is enabled. |
|
|
yes |
Whether OCSP validation of the client certificate chain is enabled. |
|
|
yes |
Allowed and restricted protocols. See the mod_ssl documentation for more information. |
|
|
yes |
Allowed values: |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "virtual-host" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Additional server aliases for this virtual host. |
|
|
The URL to which clients accessing the root directory of the entry server (without a more qualified path) will be redirected. |
|
|
Whether PDF documents (detected by their content-type application/pdf) are always downloaded as attachments (instead of being displayed within the browser). |
|
|
Whether encoded slashes (%2F) are allowed in the URL path. |
|
|
Expert settings for the Apache web listener. |
|
|
Whether the Apache expert settings are enabled. |
|
|
Expert settings for the Apache web listener. |
|
|
Expert settings for the Security Gate. |
|
|
Whether the Security Gate expert settings are enabled. |
|
|
Expert settings for the Security Gate. |
|
|
Hostname of the virtual host. |
|
|
HTTP keep-alive timeout in seconds for this virtual host. A value of 0 (zero) disables the HTTP keep-alive function. |
|
|
The logical name of the virtual host. |
|
|
The external network interface for this virtual host to receive requests. |
|
|
Whether HTTP connections are enabled for this host. |
|
|
Whether to redirect all HTTP traffic to HTTPS on this virtual host. |
|
|
Port on which this host listens for HTTP connections. |
|
|
Whether HTTPS (SSL/TLS) connections are enabled for this host. |
|
|
Whether HTTP/2 connections are enabled for this host. HTTP/2 can only be enabled for hosts with enabled HTTPS. |
|
|
Port on which this host listens for HTTPS (SSL/TLS) connections. |
|
|
The IPv4 address in CIDR format. |
|
|
The IPv6 address in CIDR format. |
|
|
Dynamic URL redirects of the virtual host. |
|
|
Pattern for paths which shall be redirected. If a matching redirect path is detected, the client will be redirected to the redirect destination. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Status code to use in the redirect response. Allowed values: |
|
|
Destination to which the client shall be redirected. |
|
|
Email address of the server administrator. It is used as contact information for ACME services functionality (e.g. Let’s Encrypt). |
|
|
Domain for Airlock’s session cookie if the cookie is created inside this virtual host. |
|
|
Cookie path for Airlock’s session cookie if the cookie is created inside this virtual host. |
|
|
Whether Airlock Gateway should display a maintenance page instead of performing the request to the back-end server. |
|
|
Whether a virtual host should reply only to requests that match its hostname or any of its server alias names. |
|
|
Tenant of the virtual host. |
|
|
The CA certificates (PEM format) which are used as "trust anchor" during chain and OCSP validation. |
|
|
The Certificate Authorities which are sent to the client during SSL handshake (CA-certificates in PEM format). |
|
|
Allowed values: |
|
|
The maximum number of intermediate certificate issuers, i.e. the number of CA certificates which are allowed at maximum to be followed while verifying the client certificate. |
|
|
Colon separated list of ciphers that the client is permitted to negotiate. See the mod_ssl documentation for a complete list. |
|
|
Allowed values: |
|
|
Allowed values: |
|
|
Whether OCSP stapling, as defined by the "Certificate Status Request" TLS extension specified in RFC 6066, is enabled. |
|
|
Whether OCSP validation of the client certificate chain is enabled. |
|
|
Allowed and restricted protocols. See the mod_ssl documentation for more information. |
|
|
Allowed values: |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The acme-service references. |
|
|
The data type of the referenced resource. Must be "acme-service" for this call. |
|
|
The ID of the acme-service resource. |
|
|
The ssl-certificate references. |
|
|
The data type of the referenced resource. Must be "ssl-certificate" for this call. |
|
|
The ID of the ssl-certificate resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "virtual-host",
"attributes" : {
"name" : "myVirtualHost",
"tenant" : "AirlockBankingCo",
"hostName" : "myvirtualhost.example.com",
"aliasNames" : [ ],
"showMaintenancePage" : true,
"strictlyMatchFullyQualifiedDomainName" : false,
"keepAliveTimeout" : 3600,
"encodedSlashesAllowed" : true,
"downloadPdfsAsAttachmentsEnforced" : true,
"serverAdmin" : "admin@example.com",
"defaultRedirect" : "/",
"pathRedirects" : [ {
"from" : {
"pattern" : "/",
"caseIgnored" : true
},
"to" : "/redirect/path",
"redirectStatusCode" : "MOVED_PERMANENTLY"
} ],
"networkInterface" : {
"externalLogicalInterfaceName" : "EXT0",
"ipV4Address" : "87.239.214.12/24",
"ipV6Address" : "2001:500:2::c/64",
"http" : {
"enabled" : true,
"port" : 80,
"httpsRedirectEnforced" : false
},
"https" : {
"enabled" : false,
"port" : 443,
"http2Allowed" : false
}
},
"tls" : {
"protocol" : "SSL42",
"protocolMode" : "CUSTOM",
"cipherSuite" : "AES42",
"cipherSuiteMode" : "CUSTOM",
"ocspStaplingEnabled" : true,
"certificateMode" : "CERTIFICATE",
"clientCertificateAuthentication" : "NOT_REQUIRED",
"chainVerificationDepth" : 1,
"ocspValidationEnforced" : true,
"caCertificatesForClientCertificateSelection" : [ ],
"caCertificatesForChainAndOcspValidation" : [ ]
},
"session" : {
"cookiePath" : "/",
"cookieDomain" : ""
},
"expertSettings" : {
"securityGate" : {
"enabled" : false,
"settings" : ""
},
"apache" : {
"enabled" : false,
"settings" : ""
}
}
}
}
}'
Example Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 2048
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:34:01.470Z"
},
"data" : {
"type" : "virtual-host",
"id" : "3",
"attributes" : {
"name" : "myVirtualHost",
"tenant" : "AirlockBankingCo",
"hostName" : "myvirtualhost.example.com",
"aliasNames" : [ ],
"showMaintenancePage" : true,
"strictlyMatchFullyQualifiedDomainName" : false,
"keepAliveTimeout" : 3600,
"encodedSlashesAllowed" : true,
"downloadPdfsAsAttachmentsEnforced" : true,
"serverAdmin" : "admin@example.com",
"defaultRedirect" : "/",
"pathRedirects" : [ {
"from" : {
"pattern" : "/",
"caseIgnored" : true
},
"to" : "/redirect/path",
"redirectStatusCode" : "MOVED_PERMANENTLY"
} ],
"networkInterface" : {
"externalLogicalInterfaceName" : "EXT0",
"ipV4Address" : "87.239.214.12/24",
"ipV6Address" : "2001:500:2::c/64",
"http" : {
"enabled" : true,
"port" : 80,
"httpsRedirectEnforced" : false
},
"https" : {
"enabled" : false,
"port" : 443,
"http2Allowed" : false
}
},
"tls" : {
"protocol" : "SSL42",
"protocolMode" : "CUSTOM",
"cipherSuite" : "AES42",
"cipherSuiteMode" : "CUSTOM",
"ocspStaplingEnabled" : true,
"certificateMode" : "CERTIFICATE",
"clientCertificateAuthentication" : "NOT_REQUIRED",
"chainVerificationDepth" : 1,
"ocspValidationEnforced" : true,
"caCertificatesForClientCertificateSelection" : [ ],
"caCertificatesForChainAndOcspValidation" : [ ]
},
"session" : {
"cookiePath" : "/",
"cookieDomain" : ""
},
"expertSettings" : {
"securityGate" : {
"enabled" : false,
"settings" : ""
},
"apache" : {
"enabled" : false,
"settings" : ""
}
}
}
}
}
Update a Virtual Host
PATCH /configuration/virtual-hosts/{id}
Content-Type application/json
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "virtual-host" for this call. |
|
|
yes |
The ID of the resource to be addressed. |
|
|
no |
Additional server aliases for this virtual host. |
|
|
no |
The URL to which clients accessing the root directory of the entry server (without a more qualified path) will be redirected. |
|
|
no |
Whether PDF documents (detected by their content-type application/pdf) are always downloaded as attachments (instead of being displayed within the browser). |
|
|
no |
Whether encoded slashes (%2F) are allowed in the URL path. |
|
|
no |
Expert settings for the Apache web listener. |
|
|
no |
Whether the Apache expert settings are enabled. |
|
|
no |
Expert settings for the Apache web listener. |
|
|
no |
Expert settings for the Security Gate. |
|
|
no |
Whether the Security Gate expert settings are enabled. |
|
|
no |
Expert settings for the Security Gate. |
|
|
no |
Hostname of the virtual host. |
|
|
no |
HTTP keep-alive timeout in seconds for this virtual host. A value of 0 (zero) disables the HTTP keep-alive function. |
|
|
no |
The logical name of the virtual host. |
|
|
no |
The external network interface for this virtual host to receive requests. |
|
|
no |
Whether HTTP connections are enabled for this host. |
|
|
no |
Whether to redirect all HTTP traffic to HTTPS on this virtual host. |
|
|
no |
Port on which this host listens for HTTP connections. |
|
|
no |
Whether HTTPS (SSL/TLS) connections are enabled for this host. |
|
|
no |
Whether HTTP/2 connections are enabled for this host. HTTP/2 can only be enabled for hosts with enabled HTTPS. |
|
|
no |
Port on which this host listens for HTTPS (SSL/TLS) connections. |
|
|
no |
The IPv4 address in CIDR format. |
|
|
no |
The IPv6 address in CIDR format. |
|
|
no |
Dynamic URL redirects of the virtual host. |
|
|
no |
Pattern for paths which shall be redirected. If a matching redirect path is detected, the client will be redirected to the redirect destination. |
|
|
no |
Whether to ignore case. |
|
|
no |
The actual pattern. |
|
|
no |
Status code to use in the redirect response. Allowed values: |
|
|
no |
Destination to which the client shall be redirected. |
|
|
no |
Email address of the server administrator. It is used as contact information for ACME services functionality (e.g. Let’s Encrypt). |
|
|
no |
Domain for Airlock’s session cookie if the cookie is created inside this virtual host. |
|
|
no |
Cookie path for Airlock’s session cookie if the cookie is created inside this virtual host. |
|
|
no |
Whether Airlock Gateway should display a maintenance page instead of performing the request to the back-end server. |
|
|
no |
Whether a virtual host should reply only to requests that match its hostname or any of its server alias names. |
|
|
no |
Tenant of the virtual host. |
|
|
no |
The CA certificates (PEM format) which are used as "trust anchor" during chain and OCSP validation. |
|
|
no |
The Certificate Authorities which are sent to the client during SSL handshake (CA-certificates in PEM format). |
|
|
no |
Allowed values: |
|
|
no |
The maximum number of intermediate certificate issuers, i.e. the number of CA certificates which are allowed at maximum to be followed while verifying the client certificate. |
|
|
no |
Colon separated list of ciphers that the client is permitted to negotiate. See the mod_ssl documentation for a complete list. |
|
|
no |
Allowed values: |
|
|
no |
Allowed values: |
|
|
no |
Whether OCSP stapling, as defined by the "Certificate Status Request" TLS extension specified in RFC 6066, is enabled. |
|
|
no |
Whether OCSP validation of the client certificate chain is enabled. |
|
|
no |
Allowed and restricted protocols. See the mod_ssl documentation for more information. |
|
|
no |
Allowed values: |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "virtual-host" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Additional server aliases for this virtual host. |
|
|
The URL to which clients accessing the root directory of the entry server (without a more qualified path) will be redirected. |
|
|
Whether PDF documents (detected by their content-type application/pdf) are always downloaded as attachments (instead of being displayed within the browser). |
|
|
Whether encoded slashes (%2F) are allowed in the URL path. |
|
|
Expert settings for the Apache web listener. |
|
|
Whether the Apache expert settings are enabled. |
|
|
Expert settings for the Apache web listener. |
|
|
Expert settings for the Security Gate. |
|
|
Whether the Security Gate expert settings are enabled. |
|
|
Expert settings for the Security Gate. |
|
|
Hostname of the virtual host. |
|
|
HTTP keep-alive timeout in seconds for this virtual host. A value of 0 (zero) disables the HTTP keep-alive function. |
|
|
The logical name of the virtual host. |
|
|
The external network interface for this virtual host to receive requests. |
|
|
Whether HTTP connections are enabled for this host. |
|
|
Whether to redirect all HTTP traffic to HTTPS on this virtual host. |
|
|
Port on which this host listens for HTTP connections. |
|
|
Whether HTTPS (SSL/TLS) connections are enabled for this host. |
|
|
Whether HTTP/2 connections are enabled for this host. HTTP/2 can only be enabled for hosts with enabled HTTPS. |
|
|
Port on which this host listens for HTTPS (SSL/TLS) connections. |
|
|
The IPv4 address in CIDR format. |
|
|
The IPv6 address in CIDR format. |
|
|
Dynamic URL redirects of the virtual host. |
|
|
Pattern for paths which shall be redirected. If a matching redirect path is detected, the client will be redirected to the redirect destination. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Status code to use in the redirect response. Allowed values: |
|
|
Destination to which the client shall be redirected. |
|
|
Email address of the server administrator. It is used as contact information for ACME services functionality (e.g. Let’s Encrypt). |
|
|
Domain for Airlock’s session cookie if the cookie is created inside this virtual host. |
|
|
Cookie path for Airlock’s session cookie if the cookie is created inside this virtual host. |
|
|
Whether Airlock Gateway should display a maintenance page instead of performing the request to the back-end server. |
|
|
Whether a virtual host should reply only to requests that match its hostname or any of its server alias names. |
|
|
Tenant of the virtual host. |
|
|
The CA certificates (PEM format) which are used as "trust anchor" during chain and OCSP validation. |
|
|
The Certificate Authorities which are sent to the client during SSL handshake (CA-certificates in PEM format). |
|
|
Allowed values: |
|
|
The maximum number of intermediate certificate issuers, i.e. the number of CA certificates which are allowed at maximum to be followed while verifying the client certificate. |
|
|
Colon separated list of ciphers that the client is permitted to negotiate. See the mod_ssl documentation for a complete list. |
|
|
Allowed values: |
|
|
Allowed values: |
|
|
Whether OCSP stapling, as defined by the "Certificate Status Request" TLS extension specified in RFC 6066, is enabled. |
|
|
Whether OCSP validation of the client certificate chain is enabled. |
|
|
Allowed and restricted protocols. See the mod_ssl documentation for more information. |
|
|
Allowed values: |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The acme-service references. |
|
|
The data type of the referenced resource. Must be "acme-service" for this call. |
|
|
The ID of the acme-service resource. |
|
|
The ssl-certificate references. |
|
|
The data type of the referenced resource. Must be "ssl-certificate" for this call. |
|
|
The ID of the ssl-certificate resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts/1" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "virtual-host",
"id" : "1",
"attributes" : {
"name" : "myVirtualHost",
"tenant" : "AirlockBankingCo",
"hostName" : "myvirtualhost.example.com",
"aliasNames" : [ ],
"showMaintenancePage" : true,
"strictlyMatchFullyQualifiedDomainName" : false,
"keepAliveTimeout" : 3600,
"encodedSlashesAllowed" : true,
"downloadPdfsAsAttachmentsEnforced" : true,
"serverAdmin" : "admin@example.com",
"defaultRedirect" : "/",
"pathRedirects" : [ {
"from" : {
"pattern" : "/",
"caseIgnored" : true
},
"to" : "/redirect/path",
"redirectStatusCode" : "MOVED_PERMANENTLY"
} ],
"networkInterface" : {
"externalLogicalInterfaceName" : "EXT0",
"ipV4Address" : "87.239.214.12/24",
"ipV6Address" : "2001:500:2::c/64",
"http" : {
"enabled" : true,
"port" : 80,
"httpsRedirectEnforced" : false
},
"https" : {
"enabled" : false,
"port" : 443,
"http2Allowed" : false
}
},
"tls" : {
"protocol" : "SSL42",
"protocolMode" : "CUSTOM",
"cipherSuite" : "AES42",
"cipherSuiteMode" : "CUSTOM",
"ocspStaplingEnabled" : true,
"certificateMode" : "CERTIFICATE",
"clientCertificateAuthentication" : "NOT_REQUIRED",
"chainVerificationDepth" : 1,
"ocspValidationEnforced" : true,
"caCertificatesForClientCertificateSelection" : [ ],
"caCertificatesForChainAndOcspValidation" : [ ]
},
"session" : {
"cookiePath" : "/",
"cookieDomain" : ""
},
"expertSettings" : {
"securityGate" : {
"enabled" : false,
"settings" : ""
},
"apache" : {
"enabled" : false,
"settings" : ""
}
}
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2445
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:34:01.610Z"
},
"data" : {
"type" : "virtual-host",
"id" : "1",
"attributes" : {
"name" : "myVirtualHost",
"tenant" : "AirlockBankingCo",
"hostName" : "myvirtualhost.example.com",
"aliasNames" : [ ],
"showMaintenancePage" : true,
"strictlyMatchFullyQualifiedDomainName" : false,
"keepAliveTimeout" : 3600,
"encodedSlashesAllowed" : true,
"downloadPdfsAsAttachmentsEnforced" : true,
"serverAdmin" : "admin@example.com",
"defaultRedirect" : "/",
"pathRedirects" : [ {
"from" : {
"pattern" : "/",
"caseIgnored" : true
},
"to" : "/redirect/path",
"redirectStatusCode" : "MOVED_PERMANENTLY"
} ],
"networkInterface" : {
"externalLogicalInterfaceName" : "EXT0",
"ipV4Address" : "87.239.214.12/24",
"ipV6Address" : "2001:500:2::c/64",
"http" : {
"enabled" : true,
"port" : 80,
"httpsRedirectEnforced" : false
},
"https" : {
"enabled" : false,
"port" : 443,
"http2Allowed" : false
}
},
"tls" : {
"protocol" : "SSL42",
"protocolMode" : "CUSTOM",
"cipherSuite" : "AES42",
"cipherSuiteMode" : "CUSTOM",
"ocspStaplingEnabled" : true,
"certificateMode" : "CERTIFICATE",
"clientCertificateAuthentication" : "NOT_REQUIRED",
"chainVerificationDepth" : 1,
"ocspValidationEnforced" : true,
"caCertificatesForClientCertificateSelection" : [ ],
"caCertificatesForChainAndOcspValidation" : [ ]
},
"session" : {
"cookiePath" : "/",
"cookieDomain" : ""
},
"expertSettings" : {
"securityGate" : {
"enabled" : false,
"settings" : ""
},
"apache" : {
"enabled" : false,
"settings" : ""
}
}
},
"relationships" : {
"mappings" : {
"data" : [ {
"type" : "mapping",
"id" : "50"
} ]
},
"ssl-certificate" : {
"data" : {
"type" : "ssl-certificate",
"id" : "-1000"
}
},
"acme-service" : {
"data" : {
"type" : "acme-service",
"id" : "-1100"
}
}
}
}
}
Delete a Virtual Host
DELETE /configuration/virtual-hosts/{id}
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts/1" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Enable 'Show Maintenance Page' Option of a Virtual Host
POST /configuration/virtual-hosts/{id}/maintenance
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts/1/maintenance" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Disable 'Show Maintenance Page' Option of a Virtual Host
DELETE /configuration/virtual-hosts/{id}/maintenance
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts/1/maintenance" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Add Mapping Connections
PATCH /configuration/virtual-hosts/{id}/relationships/mappings
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
yes |
The ID of the referenced "mapping" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts/1/relationships/mappings" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "mapping",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Mapping Connections
DELETE /configuration/virtual-hosts/{id}/relationships/mappings
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
yes |
The ID of the referenced "mapping" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts/1/relationships/mappings" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "mapping",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Add SSL Certificate Connection
PATCH /configuration/virtual-hosts/{id}/relationships/ssl-certificate
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "ssl-certificate" for this call. |
|
|
yes |
The ID of the referenced "ssl-certificate" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts/1/relationships/ssl-certificate" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "ssl-certificate",
"id" : "2"
}
}'
Example Response
HTTP/1.1 204 No Content
Remove SSL Certificate Connection
DELETE /configuration/virtual-hosts/{id}/relationships/ssl-certificate
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "ssl-certificate" for this call. |
|
|
yes |
The ID of the referenced "ssl-certificate" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts/1/relationships/ssl-certificate" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "ssl-certificate",
"id" : "2"
}
}'
Example Response
HTTP/1.1 204 No Content
Certificate Revocation List
Airlock Gateway provides the possibility to upload, download and delete the PEM representation of certificate revocation lists.
Upload a Certificate Revocation List for a Virtual Host
Please note that the virtual host, for which the certificate revocation list is intended, must already exist.
PUT /configuration/virtual-hosts/{id}/crl
Content-Type application/pkix-crl
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts/1/crl" -i -X PUT \
-H 'Content-Type: application/pkix-crl' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '-----BEGIN X509 CRL-----
MIIBoDCCAQkwDQYJKoZIhvcNAQEFBQAwga8xCzAJBgNVBAYTAkNIMQ8wDQYDVQQI
EwZadXJpY2gxDzANBgNVBAcTBlp1cmljaDEmMCQGA1UEChMddGVzdHN1aXRlIFN1
YkNBMSAoYnkgc2x0LmNvbSkxJzAlBgNVBAMTHnRlc3RzdWl0ZVN1YkNBMS5zZWNs
dXRpb25zLmNvbTEtMCsGCSqGSIb3DQEJARYedGVzdHN1aXRlU3ViQ0ExQHNlY2x1
dGlvbnMuY29tFw0xMDAzMTgxNDQ4MDNaFw0zNzA4MDMxNDQ4MDNaMCgwEgIBAhcN
MTAwMzE4MTQ0MjEwWjASAgEDFw0xMDAzMTgxNDQ3MTRaMA0GCSqGSIb3DQEBBQUA
A4GBAC/gVFl1g/gBDxzeV8v0auMc1+W5vDG6KSHS6LcI81m0ijS2Jgzre8Tpxmi6
hBFnv8MJA4Safn06EysGK4oVb35tVOWlmG+Oyrr3BbKwcvoYosNnEeI7WjDlEwwc
6NTFOfx4o/KQnmNFyp2CHn4K5GwWsoo/AqxNqltjmlJeZ8x2
-----END X509 CRL-----
-----BEGIN X509 CRL-----
MIIBlDCB/jANBgkqhkiG9w0BAQUFADCBuDELMAkGA1UEBhMCQ0gxDzANBgNVBAgT
Blp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSkwJwYDVQQKEyB0ZXN0c3VpdGUgU3Vi
U3ViQ0ExIChieSBzbHQuY29tKTEqMCgGA1UEAxMhdGVzdHN1aXRlU3ViU3ViQ0Ex
LnNlY2x1dGlvbnMuY29tMTAwLgYJKoZIhvcNAQkBFiF0ZXN0c3VpdGVTdWJTdWJD
QTFAc2VjbHV0aW9ucy5jb20XDTEwMDMxODE0MzM0OFoXDTM3MDgwMzE0MzM0OFow
FDASAgECFw0xMDAzMTgxNDI2MjZaMA0GCSqGSIb3DQEBBQUAA4GBALdkvRMoIf0f
ZZv8XQkYwsqJKhljBqU/xBmerqVfs0sy+TGbuD8WKqtNnhehMgWWAFn7bDi68xb8
I2Hv9wbGF1z7ngWWCMaJLb0LGdkSC0b0Et/+ngnhOa3Y42NRQESN1UX3n9slo9R4
j0FkDCHLU5UeZE3VWDn1qJVmQlPWc0ve
-----END X509 CRL-----'
Example Response
HTTP/1.1 204 No Content
Example Request with invalid CRL
$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts/1/crl" -i -X PUT \
-H 'Content-Type: application/pkix-crl' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '-----BEGIN CERTIFICATE-----
MIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx
DzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0
c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs
dXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u
cy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE
BhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK
Exl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD
QS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj
bHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL
spQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf
1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb
wT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU
UD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa
6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx
DzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu
Y29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq
hkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF
MAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI
59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+
HkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN
kD1kLHTbrs4=
-----END CERTIFICATE-----
'
Example Response with invalid CRL
HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 179
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:34:01.277Z",
"rid" : "n/a"
},
"errors" : [ {
"code" : "INVALID_VALUE"
} ]
}
Download a Certificate Revocation List of a Virtual Host
GET /configuration/virtual-hosts/{id}/crl
Accept application/pkix-crl
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts/2/crl" -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/pkix-crl'
Example Response
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Content-Length: 1217
-----BEGIN X509 CRL-----
MIIBoDCCAQkwDQYJKoZIhvcNAQEFBQAwga8xCzAJBgNVBAYTAkNIMQ8wDQYDVQQI
EwZadXJpY2gxDzANBgNVBAcTBlp1cmljaDEmMCQGA1UEChMddGVzdHN1aXRlIFN1
YkNBMSAoYnkgc2x0LmNvbSkxJzAlBgNVBAMTHnRlc3RzdWl0ZVN1YkNBMS5zZWNs
dXRpb25zLmNvbTEtMCsGCSqGSIb3DQEJARYedGVzdHN1aXRlU3ViQ0ExQHNlY2x1
dGlvbnMuY29tFw0xMDAzMTgxNDQ4MDNaFw0zNzA4MDMxNDQ4MDNaMCgwEgIBAhcN
MTAwMzE4MTQ0MjEwWjASAgEDFw0xMDAzMTgxNDQ3MTRaMA0GCSqGSIb3DQEBBQUA
A4GBAC/gVFl1g/gBDxzeV8v0auMc1+W5vDG6KSHS6LcI81m0ijS2Jgzre8Tpxmi6
hBFnv8MJA4Safn06EysGK4oVb35tVOWlmG+Oyrr3BbKwcvoYosNnEeI7WjDlEwwc
6NTFOfx4o/KQnmNFyp2CHn4K5GwWsoo/AqxNqltjmlJeZ8x2
-----END X509 CRL-----
-----BEGIN X509 CRL-----
MIIBlDCB/jANBgkqhkiG9w0BAQUFADCBuDELMAkGA1UEBhMCQ0gxDzANBgNVBAgT
Blp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSkwJwYDVQQKEyB0ZXN0c3VpdGUgU3Vi
U3ViQ0ExIChieSBzbHQuY29tKTEqMCgGA1UEAxMhdGVzdHN1aXRlU3ViU3ViQ0Ex
LnNlY2x1dGlvbnMuY29tMTAwLgYJKoZIhvcNAQkBFiF0ZXN0c3VpdGVTdWJTdWJD
QTFAc2VjbHV0aW9ucy5jb20XDTEwMDMxODE0MzM0OFoXDTM3MDgwMzE0MzM0OFow
FDASAgECFw0xMDAzMTgxNDI2MjZaMA0GCSqGSIb3DQEBBQUAA4GBALdkvRMoIf0f
ZZv8XQkYwsqJKhljBqU/xBmerqVfs0sy+TGbuD8WKqtNnhehMgWWAFn7bDi68xb8
I2Hv9wbGF1z7ngWWCMaJLb0LGdkSC0b0Et/+ngnhOa3Y42NRQESN1UX3n9slo9R4
j0FkDCHLU5UeZE3VWDn1qJVmQlPWc0ve
-----END X509 CRL-----
Delete the Certificate Revocation List of a Virtual Host
DELETE /configuration/virtual-hosts/{id}/crl
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/virtual-hosts/1/crl" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Mapping
Access all Mappings
GET /configuration/mappings
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
Optionally allows to filter by: 'name', 'label', 'entryPath' and 'backendPath'. Click here for more details about the syntax. |
no |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "mapping" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Allowed values: |
|
|
The host header to send with the logout request. |
|
|
Whenever an Airlock Gateway session terminates (either due to an explicit logout by the user or due to a session timeout), Airlock Gateway will call the given, unmodified path on the currently used back-end host with all information concerning this back-end application such as cookies, headers, etc. to allow clean session termination on the backend host. |
|
|
Specifies whether accessing this mapping requires the client to authenticate with a valid SSL client certificate. Allowed values: |
|
|
If true and the selected SSO credentials are missing, access to the mapping is denied and Airlock Gateway will redirect to either the global or the custom denied access URL. |
|
|
Defines if SSO credentials set by the control API will be forwarded to the back-end application or not. These credentials are typically set by the authentication service upon successful authentication. Allowed values: |
|
|
Allowed values: |
|
|
Location (URL) of the authentication service. In case the required role for the mapping is missing on the current session, Airlock Gateway will redirect the client to this location. |
|
|
Airlock Gateway is enabled to handle HTTP connections with transparent client to back-end NTLM authentication. Since the authorization of NTLM authenticated connections is bound to the underlying TCP connection, the client and back-end connections are correlated as soon as a NTLM handshake is detected. These one-to-one bindings of client and back-end connections exist until client connections are closed. It is guaranteed that no back-end connection authenticated using NTLM is ever reused by another client connection. NTLM has well-known security flaws. We strongly recommend adding additional security measures when exposing NTLM authentication to the Internet. If possible, Kerberos should be preferred over NTLM, as suggested by Microsoft. |
|
|
List of mandatory plans. Only sessions which have at least one of these plans will be able to access the service. |
|
|
List of mandatory roles. Only sessions which have at least one of these roles will be able to access the service. |
|
|
Whether access restriction is enabled. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
If enabled, Airlock Gateway will extract the token from the specified cookie. |
|
|
Name of the cookie. |
|
|
If enabled, Airlock Gateway will extract the token from the specified header. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
The rewrite expression for the header extraction. |
|
|
If enabled, Airlock Gateway will extract the token from the specified query parameter. |
|
|
Name of the query parameter. |
|
|
If not enforced, requests without a token are accepted. However, if a token is present, it is extracted and validated and the configured restrictions and role extractions are applied. |
|
|
Whether this claim extraction rule is enabled. |
|
|
Name of the claim you want to restrict. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
If enabled, the JWT standard claims expiry (exp) and not before (nbf) will be checked and must be valid. |
|
|
Allowed skew when checking expiry / not before in seconds. This can be used if verification fails because of time synchronization issues with the token issuer and your Airlock. |
|
|
If enabled, a technical client ID is extracted from the JWT. |
|
|
Name of the claim to extract as technical client ID. |
|
|
Whether this claim extraction rule is enabled. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Name of the claim you want to extract a role from. |
|
|
The rewrite expression of the role. |
|
|
If enforced, the expiry claim (exp) of the JWT will be used as the role lifetime. |
|
|
If enabled, the 'sub' claim is extracted from the JWT and its value is used as audit token of the current Airlock session. |
|
|
If enforced, the JWT’s signature must be present and valid. |
|
|
Whether access tokens should be processed. |
|
|
Whether to enable the API policy service. |
|
|
Name of the cookie. |
|
|
If enabled, Airlock Gateway will extract the API key from the specified cookie. |
|
|
If enabled, Airlock Gateway will extract the API key from the specified header. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Rewrite expression for the header extraction. |
|
|
If enabled, Airlock Gateway will extract the API key from the specified query parameter. |
|
|
Name of the query parameter. |
|
|
GraphQL inspections are enabled. |
|
|
Indicates if introspection is allowed. |
|
|
If true, requests containing invalid GraphQL payload are only logged but not blocked. |
|
|
Indicates if mutations are allowed. |
|
|
Indicates an optionally provided GraphQL schema is checked and enforced. |
|
|
Indicates if values are checked against allow and deny rules. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
If set to true, Airlock Gateway filters JSON attributes with allow rules and deny rules. |
|
|
Whether traffic to/from this service shall be checked against an API specification provided in the OpenAPI format.If enforced, traffic not conforming to the API specification will be blocked. |
|
|
If enabled, potential attack requests are only logged but not blocked. |
|
|
Run OpenAPI path matching against client or server view of request/response. Allowed values: |
|
|
If enabled, responses are also checked against the API specification. |
|
|
External path to the API specification. Note that the entry path will be added in front of it. |
|
|
If enabled, allow clients to download the API specification. |
|
|
If enabled, each path segment is interpreted as a separate parameter value and the deny rules for parameter values are applied to it. |
|
|
Whether this service is allowed to use Airlock Gateway’s back-end API via the control cookie mechanism. Normally, only the authentication application should be allowed to use the back-end control API of Airlock Gateway. |
|
|
Enables encryption of cookies which are sent to the client. |
|
|
Regular expression for cookies that should be cryptographically encrypted before being sent to the client. |
|
|
Whether this service should receive the Airlock Gateway environment cookies that contain useful information about the connection to the client. |
|
|
If enabled, load balancing information is sent to the client in a load balancing cookie. Disable if no load balancing is needed and no cookie should be generated for this purpose. |
|
|
Whether 'Passthrough Cookies' are enabled. Passthrough Cookies are cookies which are sent in plain format to the client. |
|
|
Regular expression to select cookies that should be treated as 'Passthrough Cookies'. |
|
|
If enabled, Airlock Gateway will deliver error pages by sending a HTTP redirect pointing to the error page to its clients. Otherwise the error page will be directly returned. |
|
|
Parameter values that are sent in HTTP requests from the client are interpreted by Airlock Gateway as if they were encoded using the given charset. If Airlock Gateway detects that the charset does not match, it tries to use the fallback charset. Allowed values: |
|
|
Additional headers to allow. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The actual pattern. |
|
|
If enabled, default header allow list will be applied. |
|
|
Additional headers to deny. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The actual pattern. |
|
|
If enabled, default header deny list will be applied. |
|
|
If enabled, requests which contain invalid UTF-8 sequences in the headers will be blocked. |
|
|
If enabled, requests which contain invalid UTF-8 sequences in the parameters will be blocked. |
|
|
If enabled, requests which contain invalid UTF-8 sequences in the path will be blocked. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
A response from the back-end server is rewritten only if the response headerContent-Type matches this regular expression. |
|
|
Whether rewrites are enabled. |
|
|
Target string which will replace the string matched by Content Pattern. |
|
|
Specifies whether Airlock Gateway should compress the output on-the-fly for the client browser (if supported and requested by the browser). |
|
|
Whether rewrites are enabled. |
|
|
Target string which will replace the string matched by HTTP status content pattern. |
|
|
The HTTP status code pattern. |
|
|
Additional headers to allow. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The actual pattern. |
|
|
If enabled, default header allow list will be applied. |
|
|
Additional headers to deny. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The actual pattern. |
|
|
If enabled, default header deny list will be applied. |
|
|
Whether rewrites are enabled. |
|
|
Target string which will replace the string matched by URL pattern. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Whether to apply the rule to <script> and <style> blocks embedded in the HTML page |
|
|
Whether rewrites are enabled. |
|
|
Whether to apply the rule to JavaScript event strings such as onsubmit, onload, etc. |
|
|
Target string which will replace the string matched by URL Pattern. |
|
|
Whether to apply the rule to linked HTML elements like href, src, etc. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Whether rewrites are enabled. |
|
|
A response from the back-end server is rewritten only if the JSON path matches this regular expression. |
|
|
Target string which will replace the string matched by Content Pattern. |
|
|
If enabled, Airlock Gateway removes HTML comments. |
|
|
Allowed values: |
|
|
Whether support for the WebSockets protocol as defined in RFC 6455 is enabled. |
|
|
The back-end path specifies the internal back-end path, i.e. the path of the request sent to the application server. |
|
|
If enabled, only clients implementing a Cookie-Store will be able to access the application through this mapping. In contrast to regular browsers, most bots do not implement a Cookie-Store and will therefore be blocked if this setting is enabled. |
|
|
If enabled, custom bots are not blocked. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Do not block bots whose source-domain matches the "domain pattern". |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
If true, requests from bots are only logged but not blocked. |
|
|
Check the User-Agent to determine if a bot is well-known and do not block such bots. |
|
|
If enabled, a reverse IP lookup for well-known bots is performed to verify that the client’s IP address belongs to the operator of a well-known bot. |
|
|
Whether CSRF protection is enabled. |
|
|
If a missing or invalid CSRF token is detected, the client is redirected to the configured location. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Whether the DoS attack prevention filter is enabled. |
|
|
Whether the DoS attack prevention filter is log-only. |
|
|
List of request frequency restrictions. Processed in order, the first matching path will win. |
|
|
If enabled, the restriction is active. |
|
|
Interval for measurement of allowed requests per IP address (seconds). |
|
|
Maximum requests allowed per IP address. |
|
|
Triggers the restriction if the path of the request matches. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether the maintenance page is enabled. |
|
|
Whether a trailing slash is mandatory at the end of the entry path or not. |
|
|
Whether the entry path should be case sensitive. |
|
|
The priority guarantees a deterministic selection of the mapping for a given request path. |
|
|
Whether the entry path (the external URL path of the mapping) should be interpreted as regular expression or not. |
|
|
The entry path specifies the external URL path the mapping should be available under. For each incoming request, Airlock Gateway compares the URL with the entry path to find the right mapping. |
|
|
Expert settings for the Apache web listener. |
|
|
Whether the Apache expert settings are enabled. |
|
|
Expert settings for the Apache web listener. |
|
|
Expert settings for the Security Gate. |
|
|
Whether the Security Gate expert settings are enabled. |
|
|
Expert settings for the Security Gate. |
|
|
Allows the detection of HTTP Parameter Pollution (HPP) attacks involving both HTTP GET and HTTP POST parameters (thus involving parameters of different/mixed types). |
|
|
If enabled, requests containing HTTP GET and HTTP POST parameters of the same name are blocked to prevent HPP attacks. |
|
|
If true, potential HPP attack requests are only logged but not blocked. |
|
|
Parameters named with a name matching this regular expression pattern will be ignored by the HPP detection. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Allows the detection of HTTP Parameter Pollution (HPP) attacks involving only HTTP GET or only HTTP POST parameters (thus involving only parameters of the same type). |
|
|
If enabled, parameters named with the same name and type (HTTP GET or POST) are joined together into one parameter before filtering to prevent HPP attacks. |
|
|
Counting mode of dynamic IP address blacklist blocks. Allowed values: |
|
|
If enabled, IPs on the dynamic IP address blacklist are blocked. |
|
|
If true, requests whose source IP address is contained in one of the configured IP Blacklists are only logged but not blocked. |
|
|
List of threat categories which should be blocked (;-separated string). Categories: |
|
|
If true, requests whose source IP address is not contained in one of the configured IP address whitelists are only logged but not blocked. |
|
|
If enabled, IP address whitelists will be applied if path matches. |
|
|
The IDs of referenced IP address whitelists |
|
|
IP address whitelists will be checked only for requests whose path matches this regular expression pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
List of assigned Labels (freely defined textual tags). Labels allow grouping of mappings with a common aspect, e.g. all mappings belonging to the same application. |
|
|
Defines the maximum path length for requests to the current mapping. |
|
|
Defines the maximum size of the request body. It specifies the number of bytes from 0 (meaning unlimited) to 2147483647 (2GB) that are allowed in a request body. To restrict the size of file uploads, set this limit to the maximum combined size of all files uploaded at once. |
|
|
Whether limits are enabled. |
|
|
Defines the maximum nesting depth. |
|
|
Defines the maximum number of parameters inside the request. |
|
|
Defines the maximum value length for a query parameter. |
|
|
Defines the maximum length for a parameter name. |
|
|
Defines the maximum length for a parameter value. |
|
|
Defines the maximum number of parameters inside the request. |
|
|
Whether JSON limits are enabled. |
|
|
Defines the maximum number of items for a single JSON array (non-recursive). |
|
|
Defines the maximum length for a JSON key, also known as "JSON property" or "JSON object member". |
|
|
Defines the maximum number of keys of a single JSON object (non-recursive). |
|
|
Defines the maximum depth of nesting for JSON objects and JSON arrays. |
|
|
Defines the maximum number of keys and array items in the whole JSON document (recursive). |
|
|
Defines the maximum json value length for requests to the current mapping. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
If true, the state of the attribute locks is displayed in Airlock Gateway’s Configuration Center for this mapping. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. Note that this lock affects both the EntryPath’s 'value' and 'ignoreCase'. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
The unique name of the mapping. |
|
|
The mode in which the mapping runs. Allowed values: |
|
|
Whether the overload prevention filter is enabled. |
|
|
Whether the overload prevention filter is log-only. |
|
|
List of request frequency restrictions. Processed in order, the first matching path will win. |
|
|
If enabled, the restriction is active. |
|
|
Interval for measurement of allowed requests per IP address (seconds). |
|
|
Maximum requests allowed per IP address. |
|
|
Triggers the restriction if the path of the request matches. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Only requests whose content type header matches this regular expression pattern will be streamed. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether request body streaming is enabled. If enabled, only requests matching all three regular expression patterns will be streamed. |
|
|
Only requests whose HTTP method matches this regular expression pattern will be streamed. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Only requests whose path matches this regular expression pattern will be streamed. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Tenant of the mapping. |
|
|
Defines how policy violations, e.g., missing allow rules, matching deny rules, URL encryption and form protection violations, are handled. Allowed values: |
|
|
Defines the time (seconds) Airlock Gateway will wait for the back-end response. |
|
|
Defines the minimum session idle time (seconds) of Airlock Gateway for this mapping. |
|
|
The virtual-host references. |
|
|
The data type of the referenced resource. Must be "virtual-host" for this call. |
|
|
The ID of the virtual-host resource. |
|
|
The back-end-group references. |
|
|
The data type of the referenced resource. Must be "back-end-group" for this call. |
|
|
The ID of the back-end-group resource. |
|
|
The local-json-web-key-set references. |
|
|
The data type of the referenced resource. Must be "local-json-web-key-set" for this call. |
|
|
The ID of the local-json-web-key-set resource. |
|
|
The remote-json-web-key-set references. |
|
|
The data type of the referenced resource. Must be "remote-json-web-key-set" for this call. |
|
|
The ID of the remote-json-web-key-set resource. |
|
|
The openapi-document references. |
|
|
The data type of the referenced resource. Must be "openapi-document" for this call. |
|
|
The ID of the openapi-document resource. |
|
|
The graphql-document references. |
|
|
The data type of the referenced resource. Must be "graphql-document" for this call. |
|
|
The ID of the graphql-document resource. |
|
|
The api-policy-service references. |
|
|
The data type of the referenced resource. Must be "api-policy-service" for this call. |
|
|
The ID of the api-policy-service resource. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
|
|
The icap-environment references. |
|
|
The data type of the referenced resource. Must be "icap-environment" for this call. |
|
|
The ID of the icap-environment resource. |
|
|
The JSON API meta type, which is: "jsonapi.meta" |
|
|
Whether this ICAP handler is enabled. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
The icap-environment references. |
|
|
The data type of the referenced resource. Must be "icap-environment" for this call. |
|
|
The ID of the icap-environment resource. |
|
|
The JSON API meta type, which is: "jsonapi.meta" |
|
|
Whether this ICAP handler is enabled. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
The icap-environment references. |
|
|
The data type of the referenced resource. Must be "icap-environment" for this call. |
|
|
The ID of the icap-environment resource. |
|
|
The JSON API meta type, which is: "jsonapi.meta" |
|
|
Whether this ICAP handler is enabled. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
The icap-environment references. |
|
|
The data type of the referenced resource. Must be "icap-environment" for this call. |
|
|
The ID of the icap-environment resource. |
|
|
The JSON API meta type, which is: "jsonapi.meta" |
|
|
Whether this ICAP handler is enabled. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
The anomaly-shield-application references. |
|
|
The data type of the referenced resource. Must be "anomaly-shield-application" for this call. |
|
|
The ID of the anomaly-shield-application resource. |
|
|
The mapping-template references. |
|
|
The data type of the referenced resource. Must be "mapping-template" for this call. |
|
|
The ID of the mapping-template resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings?filter=label%3D%3DmyMappingLabel&filter=entryPath%3D%3D/mymapping/" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 26874
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:04.008Z"
},
"data" : [ {
"type" : "mapping",
"id" : "1",
"attributes" : {
"name" : "mymapping",
"labels" : [ "myMappingLabel" ],
"tenant" : "",
"entryPath" : {
"value" : "/mymapping/",
"enforceTrailingSlashes" : true,
"regexFormatEnforced" : false,
"ignoreCase" : false,
"priority" : 0
},
"backendPath" : "/",
"threatHandling" : "BLOCK",
"operationalMode" : "PRODUCTION",
"enableMaintenancePage" : true,
"access" : {
"deniedUrl" : {
"value" : "/",
"mode" : "GLOBAL"
},
"restrictions" : [ {
"enabled" : true,
"httpMethodPattern" : {
"pattern" : "GET",
"caseIgnored" : true,
"inverted" : true
},
"entryPathPattern" : {
"pattern" : "/admin/",
"caseIgnored" : true,
"inverted" : true
},
"authorizedRoles" : [ "admin" ],
"authorizedPlans" : [ "android", "ios", "browser" ]
} ],
"clientCertificateAuthentication" : "NOT_REQUIRED",
"authenticationFlow" : "REDIRECT",
"backendLogoutUrl" : "/logout",
"backendLogoutHostHeader" : "%BACKENDHOST%",
"ntlmPassthroughEnabled" : false,
"credentialsPropagation" : {
"mandatory" : false,
"type" : "NONE"
},
"tokensEnabled" : false,
"tokenTransport" : {
"presenceMandatoryEnforced" : false,
"headerExtraction" : {
"enabled" : false,
"extractionPattern" : {
"pattern" : "^Authorization: Bearer (.*)$",
"caseIgnored" : true
},
"replaceWith" : "$1"
},
"parameterExtraction" : {
"enabled" : false,
"name" : ""
},
"cookieExtraction" : {
"enabled" : false,
"name" : ""
}
},
"tokenVerification" : {
"signatureCheckEnforced" : false,
"expiryCheckEnabled" : false,
"expiryCheckSkew" : 10,
"extractTechnicalClientIdEnabled" : false,
"extractTechnicalClientIdName" : "",
"setAuditTokenFromSubjectEnabled" : false,
"claimRestrictions" : [ {
"enabled" : true,
"name" : "myClaim",
"restrictionPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
}
} ],
"roleExtractions" : [ {
"enabled" : true,
"name" : "myClaim",
"extractionPattern" : {
"pattern" : "",
"caseIgnored" : false
},
"replaceWith" : "$1",
"tokenLifetimeAsRoleLifetimeEnforced" : true
} ]
}
},
"ipRules" : {
"ipAddressWhitelists" : {
"logOnly" : false,
"pathWhitelists" : [ {
"enabled" : true,
"pathPattern" : {
"pattern" : ".*",
"caseIgnored" : true,
"inverted" : true
},
"ipAddressListIds" : [ 90, 91 ]
} ]
},
"ipAddressBlacklists" : {
"logOnly" : false,
"webrootThreatCategories" : "WEB_ATTACKS"
},
"dynamicIpAddressBlacklist" : {
"enabled" : false,
"countMode" : "OFF"
}
},
"botManagement" : {
"logOnly" : false,
"clientCookieSupportEnforced" : false,
"wellKnownBots" : {
"allowed" : false,
"sourceDomainEnforced" : false
},
"customBots" : {
"allowed" : false,
"sourceDomainEnforced" : false,
"userAgentPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
},
"domainPattern" : {
"pattern" : "",
"inverted" : false
}
}
},
"timeouts" : {
"backend" : 120,
"sessionIdle" : 0
},
"limits" : {
"general" : {
"maxRequestBodySize" : 1073741824,
"maxPathLength" : 1024
},
"http" : {
"maxParameters" : 128,
"maxParameterNameLength" : 128,
"maxParameterValueLength" : 1024
},
"json" : {
"enabled" : true,
"maxKeyLength" : 256,
"maxValueLength" : 8192,
"maxNestingDepth" : 100,
"maxArrayItems" : 500,
"maxKeys" : 250,
"maxTotalEntries" : 150000
},
"graphql" : {
"enabled" : false,
"maxQuerySize" : 1024,
"maxQueryNestingDepth" : 10,
"maxValueLength" : 256
}
},
"csrfProtection" : {
"enabled" : false,
"invalidTokenRedirectLocation" : "/%ENTRYPATH%",
"pathExceptions" : [ {
"pattern" : "^/exception$",
"caseIgnored" : true
} ]
},
"application" : {
"sessionHandling" : "ENFORCE_SESSION",
"controlApiAllowed" : false,
"environmentCookiesEnabled" : false,
"encryptedCookies" : {
"enabled" : false,
"prefix" : ""
},
"passthroughCookies" : {
"enabled" : false,
"prefix" : ""
},
"loadBalancingCookieEnabled" : true,
"webSocketsAllowed" : false,
"redirectForErrorPageEnabled" : false,
"request" : {
"charset" : "UTF_8_FALLBACK_WINDOWS_1252",
"path" : {
"enforceUtf8" : false
},
"header" : {
"enforceUtf8" : false,
"allowlist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"denylist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
}
},
"parameter" : {
"enforceUtf8" : false
}
},
"response" : {
"compressionAllowed" : false,
"stripCommentsEnabled" : true,
"header" : {
"allowlist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"denylist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"location" : {
"rewrites" : [ {
"enabled" : true,
"urlPattern" : {
"pattern" : "/",
"caseIgnored" : true
},
"replaceWith" : "$1"
} ]
}
},
"json" : {
"rewrites" : [ {
"enabled" : true,
"path" : "json#path",
"contentPattern" : {
"pattern" : "a",
"caseIgnored" : true
},
"replaceWith" : "b"
} ]
},
"body" : {
"rewrites" : [ {
"enabled" : true,
"contentType" : "application/json",
"contentPattern" : {
"pattern" : "a",
"caseIgnored" : true
},
"replaceWith" : "b"
} ]
},
"html" : {
"rewrites" : [ {
"enabled" : true,
"urlPattern" : {
"pattern" : "a",
"caseIgnored" : true
},
"uris" : true,
"events" : true,
"embedded" : true,
"replaceWith" : "b"
} ]
},
"errorPage" : {
"rewrites" : [ {
"enabled" : true,
"statusContentPattern" : "^5(?!02|03)..$",
"replaceWith" : "500.html"
} ]
}
}
},
"apiSecurity" : {
"treatPathSegmentsAsParamValues" : true,
"json" : {
"valuesChecked" : false,
"contentTypePattern" : {
"pattern" : "",
"caseIgnored" : true,
"inverted" : false
},
"pathExceptions" : [ {
"pattern" : "^/json-parse-exception$",
"caseIgnored" : true
} ]
},
"graphql" : {
"enabled" : true,
"logOnly" : true,
"mutationsAllowed" : true,
"introspectionAllowed" : true,
"valuesChecked" : true,
"schemaEnforced" : true
},
"openApi" : {
"enabled" : true,
"logOnly" : false,
"responseCheckEnforced" : false,
"pathMatching" : "ClientView",
"specificationPublished" : true,
"specificationPublishPath" : "path/to/apiSpecification.json"
},
"apiPolicy" : {
"enabled" : true,
"keyExtractionHeader" : {
"enabled" : true,
"extractionPattern" : {
"pattern" : "^Api-Key: (.*)$",
"caseIgnored" : false,
"inverted" : false
},
"replaceWith" : "$1"
},
"keyExtractionQueryParameter" : {
"enabled" : false,
"parameterName" : "api_key"
},
"keyExtractionCookie" : {
"enabled" : false,
"cookieName" : "ApiKey"
}
}
},
"dosAttackPrevention" : {
"enabled" : true,
"logOnly" : true,
"restrictions" : [ {
"enabled" : true,
"pathPattern" : {
"pattern" : "^%ENTRYDIR%/",
"caseIgnored" : true,
"inverted" : true
},
"maxRequestsPerInterval" : 500,
"interval" : 60
} ]
},
"overloadPrevention" : {
"enabled" : false,
"logOnly" : false,
"restrictions" : [ {
"enabled" : true,
"pathPattern" : {
"pattern" : "%/.*",
"caseIgnored" : true,
"inverted" : true
},
"maxRequestsPerInterval" : 500,
"interval" : 60
} ]
},
"requestBodyStreaming" : {
"enabled" : false,
"httpMethodPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
},
"pathPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
},
"contentTypePattern" : {
"pattern" : "",
"caseIgnored" : true,
"inverted" : false
}
},
"httpParameterPollutionDetection" : {
"mixedTypes" : {
"enabled" : true,
"logOnly" : false,
"parameterNameExceptionPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
}
},
"sameType" : {
"enabled" : true
}
},
"expertSettings" : {
"securityGate" : {
"enabled" : false,
"settings" : ""
},
"apache" : {
"enabled" : false,
"settings" : ""
}
},
"locking" : {
"enabled" : false,
"labels" : false,
"access" : {
"deniedUrl" : {
"value" : false,
"mode" : false
},
"restrictions" : false,
"clientCertificateAuthentication" : false,
"authenticationFlow" : false,
"backendLogoutUrl" : false,
"backendLogoutHostHeader" : false,
"ntlmPassthroughEnabled" : false,
"credentialsPropagation" : {
"mandatory" : false,
"type" : false
},
"tokensEnabled" : false,
"tokenVerification" : {
"localJwksProviders" : true,
"remoteJwksProviders" : true,
"expiryCheckEnabled" : false,
"expiryCheckSkew" : false,
"claimRestrictions" : false,
"roleExtractions" : false,
"extractTechnicalClientIdEnabled" : false,
"extractTechnicalClientIdName" : false,
"setAuditTokenFromSubjectEnabled" : false
},
"tokenTransport" : {
"presenceMandatoryEnforced" : false,
"headerExtraction" : {
"enabled" : false,
"extractionPattern" : false,
"replaceWith" : false
},
"parameterExtraction" : {
"enabled" : false,
"name" : false
},
"cookieExtraction" : {
"enabled" : false,
"name" : false
}
}
},
"entryPath" : {
"settings" : true,
"enforceTrailingSlashes" : true,
"regexFormatEnforced" : true,
"priority" : false
},
"backendPath" : true,
"threatHandling" : false,
"operationalMode" : false,
"enableMaintenancePage" : false,
"ipRules" : {
"ipAddressWhitelists" : {
"logOnly" : false,
"pathIpAddressWhitelists" : false
},
"ipAddressBlacklists" : {
"logOnly" : false
},
"dynamicIpAddressBlacklist" : {
"enabled" : false,
"countMode" : false
}
},
"botManagement" : {
"logOnly" : false,
"clientCookieSupportEnforced" : false,
"wellKnownBots" : {
"allowed" : false,
"sourceDomainEnforced" : false
},
"customBots" : {
"allowed" : false,
"sourceDomainEnforced" : false,
"userAgentPattern" : false,
"domainPattern" : false
}
},
"timeouts" : {
"backend" : false,
"sessionIdle" : false
},
"limits" : {
"general" : {
"maxRequestBodySize" : true,
"maxPathLength" : true
},
"http" : {
"maxParameters" : false,
"maxParameterNameLength" : false,
"maxParameterValueLength" : false,
"maxParameterLengthException" : false
},
"json" : {
"enabled" : false,
"maxKeyLength" : false,
"maxValueLength" : false,
"maxLengthException" : false,
"maxNestingDepth" : false,
"maxArrayItems" : false,
"maxKeys" : false,
"maxTotalEntries" : false
},
"graphql" : {
"enabled" : false,
"maxQuerySize" : false,
"maxQueryNestingDepth" : false,
"maxValueLength" : false,
"maxLengthException" : false
}
},
"csrfProtection" : {
"enabled" : false,
"invalidTokenRedirectLocation" : false,
"pathExceptions" : false
},
"application" : {
"sessionHandling" : false,
"controlApiAllowed" : false,
"environmentCookiesEnabled" : false,
"encryptedCookies" : {
"enabled" : false,
"prefix" : false
},
"passthroughCookies" : {
"enabled" : false,
"prefix" : false
},
"loadBalancingCookieEnabled" : false,
"webSocketsAllowed" : false,
"redirectForErrorPageEnabled" : false,
"request" : {
"charset" : false,
"path" : {
"enforceUtf8" : false
},
"header" : {
"enforceUtf8" : false,
"allowlist" : {
"defaultEnabled" : true,
"additional" : false
},
"denylist" : {
"defaultEnabled" : false,
"additional" : false
}
},
"parameter" : {
"enforceUtf8" : false
}
},
"response" : {
"compressionAllowed" : false,
"stripCommentsEnabled" : false,
"header" : {
"allowlist" : {
"defaultEnabled" : false,
"additional" : false
},
"denylist" : {
"defaultEnabled" : false,
"additional" : false
},
"location" : {
"rewrites" : false
}
},
"json" : {
"rewrites" : false
},
"body" : {
"rewrites" : false
},
"html" : {
"rewrites" : false
},
"errorPage" : {
"rewrites" : false
}
}
},
"apiSecurity" : {
"treatPathSegmentsAsParamValues" : false,
"json" : {
"valuesChecked" : false,
"contentTypePattern" : false,
"pathExceptions" : false
},
"graphql" : {
"enabled" : false,
"logOnly" : false,
"mutationsAllowed" : false,
"introspectionAllowed" : false,
"valuesChecked" : false,
"schemaEnforced" : false
},
"openApi" : {
"enabled" : false,
"logOnly" : false,
"documentId" : false,
"responseCheckEnforced" : false,
"pathMatching" : false,
"specificationPublished" : false,
"specificationPublishPath" : false
},
"apiPolicy" : {
"enabled" : false,
"serviceId" : false,
"keyExtractionHeader" : {
"enabled" : false,
"extractionPattern" : false,
"replaceWith" : false
},
"keyExtractionQueryParameter" : {
"enabled" : false,
"parameterName" : false
},
"keyExtractionCookie" : {
"enabled" : false,
"cookieName" : false
}
}
},
"dosAttackPrevention" : {
"enabled" : false,
"logOnly" : false,
"ipAddressException" : false,
"restrictions" : false
},
"overloadPrevention" : {
"enabled" : false,
"logOnly" : false,
"ipAddressException" : false,
"restrictions" : false
},
"requestBodyStreaming" : {
"enabled" : false,
"httpMethodPattern" : false,
"pathPattern" : false,
"contentTypePattern" : false
},
"httpParameterPollutionDetection" : {
"mixedTypes" : {
"enabled" : false,
"logOnly" : false,
"parameterNameExceptionPattern" : false
},
"sameType" : {
"enabled" : false
}
},
"icap" : {
"request" : {
"clientViews" : false,
"backendViews" : false
},
"response" : {
"backendViews" : false,
"clientViews" : false
}
}
}
},
"relationships" : {
"back-end-groups" : {
"data" : [ {
"type" : "back-end-group",
"id" : "30"
} ]
},
"virtual-hosts" : {
"data" : [ {
"type" : "virtual-host",
"id" : "40"
} ]
},
"local-json-web-key-sets" : {
"data" : [ {
"type" : "local-json-web-key-set",
"id" : "46"
} ]
},
"remote-json-web-key-sets" : {
"data" : [ {
"type" : "remote-json-web-key-set",
"id" : "47"
} ]
},
"openapi-document" : {
"data" : {
"type" : "openapi-document",
"id" : "50"
}
},
"graphql-document" : {
"data" : {
"type" : "graphql-document",
"id" : "80"
}
},
"api-policy-service" : {
"data" : {
"type" : "api-policy-service",
"id" : "60"
}
},
"ip-address-whitelists" : {
"data" : [ {
"type" : "ip-address-list",
"id" : "90"
}, {
"type" : "ip-address-list",
"id" : "91"
} ]
},
"ip-address-blacklists" : {
"data" : [ {
"type" : "ip-address-list",
"id" : "92"
} ]
},
"ip-address-blacklist-exceptions" : {
"data" : [ {
"type" : "ip-address-list",
"id" : "92"
} ]
},
"dos-attack-prevention-source-ip-address-exception" : {
"data" : {
"type" : "ip-address-list",
"id" : "80"
}
},
"icap-request-client-views" : {
"data" : [ {
"type" : "icap-environment",
"id" : "42",
"meta" : {
"type" : "jsonapi.meta",
"usage" : {
"httpMethodPattern" : {
"caseIgnored" : "true",
"pattern" : "GET",
"inverted" : "true"
},
"pathPattern" : {
"caseIgnored" : "true",
"pattern" : "/entity-path",
"inverted" : "true"
},
"requestHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "^X-Entity",
"inverted" : "true"
},
"requestHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "EntityValue",
"inverted" : "true"
},
"enabled" : true
}
}
} ]
},
"icap-request-backend-views" : {
"data" : [ {
"type" : "icap-environment",
"id" : "43",
"meta" : {
"type" : "jsonapi.meta",
"usage" : {
"httpMethodPattern" : {
"caseIgnored" : "true",
"pattern" : "GET",
"inverted" : "true"
},
"pathPattern" : {
"caseIgnored" : "true",
"pattern" : "/entity-path",
"inverted" : "true"
},
"requestHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "^X-Entity",
"inverted" : "true"
},
"requestHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "EntityValue",
"inverted" : "true"
},
"enabled" : true
}
}
} ]
},
"icap-response-backend-views" : {
"data" : [ {
"type" : "icap-environment",
"id" : "44",
"meta" : {
"type" : "jsonapi.meta",
"usage" : {
"httpMethodPattern" : {
"caseIgnored" : "true",
"pattern" : "GET",
"inverted" : "true"
},
"pathPattern" : {
"caseIgnored" : "true",
"pattern" : "/entity-path",
"inverted" : "true"
},
"requestHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "^X-Entity",
"inverted" : "true"
},
"requestHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "EntityValue",
"inverted" : "true"
},
"responseHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "X-Response",
"inverted" : "true"
},
"responseHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "responsevalue",
"inverted" : "true"
},
"enabled" : true
}
}
} ]
},
"icap-response-client-views" : {
"data" : [ {
"type" : "icap-environment",
"id" : "45",
"meta" : {
"type" : "jsonapi.meta",
"usage" : {
"httpMethodPattern" : {
"caseIgnored" : "true",
"pattern" : "GET",
"inverted" : "true"
},
"pathPattern" : {
"caseIgnored" : "true",
"pattern" : "/entity-path",
"inverted" : "true"
},
"requestHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "^X-Entity",
"inverted" : "true"
},
"requestHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "EntityValue",
"inverted" : "true"
},
"responseHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "X-Response",
"inverted" : "true"
},
"responseHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "responsevalue",
"inverted" : "true"
},
"enabled" : true
}
}
} ]
},
"anomaly-shield-application" : {
"data" : {
"type" : "anomaly-shield-application",
"id" : "70"
}
}
}
} ]
}
Access a Mapping
GET /configuration/mappings/{id}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "mapping" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Allowed values: |
|
|
The host header to send with the logout request. |
|
|
Whenever an Airlock Gateway session terminates (either due to an explicit logout by the user or due to a session timeout), Airlock Gateway will call the given, unmodified path on the currently used back-end host with all information concerning this back-end application such as cookies, headers, etc. to allow clean session termination on the backend host. |
|
|
Specifies whether accessing this mapping requires the client to authenticate with a valid SSL client certificate. Allowed values: |
|
|
If true and the selected SSO credentials are missing, access to the mapping is denied and Airlock Gateway will redirect to either the global or the custom denied access URL. |
|
|
Defines if SSO credentials set by the control API will be forwarded to the back-end application or not. These credentials are typically set by the authentication service upon successful authentication. Allowed values: |
|
|
Allowed values: |
|
|
Location (URL) of the authentication service. In case the required role for the mapping is missing on the current session, Airlock Gateway will redirect the client to this location. |
|
|
Airlock Gateway is enabled to handle HTTP connections with transparent client to back-end NTLM authentication. Since the authorization of NTLM authenticated connections is bound to the underlying TCP connection, the client and back-end connections are correlated as soon as a NTLM handshake is detected. These one-to-one bindings of client and back-end connections exist until client connections are closed. It is guaranteed that no back-end connection authenticated using NTLM is ever reused by another client connection. NTLM has well-known security flaws. We strongly recommend adding additional security measures when exposing NTLM authentication to the Internet. If possible, Kerberos should be preferred over NTLM, as suggested by Microsoft. |
|
|
List of mandatory plans. Only sessions which have at least one of these plans will be able to access the service. |
|
|
List of mandatory roles. Only sessions which have at least one of these roles will be able to access the service. |
|
|
Whether access restriction is enabled. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
If enabled, Airlock Gateway will extract the token from the specified cookie. |
|
|
Name of the cookie. |
|
|
If enabled, Airlock Gateway will extract the token from the specified header. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
The rewrite expression for the header extraction. |
|
|
If enabled, Airlock Gateway will extract the token from the specified query parameter. |
|
|
Name of the query parameter. |
|
|
If not enforced, requests without a token are accepted. However, if a token is present, it is extracted and validated and the configured restrictions and role extractions are applied. |
|
|
Whether this claim extraction rule is enabled. |
|
|
Name of the claim you want to restrict. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
If enabled, the JWT standard claims expiry (exp) and not before (nbf) will be checked and must be valid. |
|
|
Allowed skew when checking expiry / not before in seconds. This can be used if verification fails because of time synchronization issues with the token issuer and your Airlock. |
|
|
If enabled, a technical client ID is extracted from the JWT. |
|
|
Name of the claim to extract as technical client ID. |
|
|
Whether this claim extraction rule is enabled. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Name of the claim you want to extract a role from. |
|
|
The rewrite expression of the role. |
|
|
If enforced, the expiry claim (exp) of the JWT will be used as the role lifetime. |
|
|
If enabled, the 'sub' claim is extracted from the JWT and its value is used as audit token of the current Airlock session. |
|
|
If enforced, the JWT’s signature must be present and valid. |
|
|
Whether access tokens should be processed. |
|
|
Whether to enable the API policy service. |
|
|
Name of the cookie. |
|
|
If enabled, Airlock Gateway will extract the API key from the specified cookie. |
|
|
If enabled, Airlock Gateway will extract the API key from the specified header. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Rewrite expression for the header extraction. |
|
|
If enabled, Airlock Gateway will extract the API key from the specified query parameter. |
|
|
Name of the query parameter. |
|
|
GraphQL inspections are enabled. |
|
|
Indicates if introspection is allowed. |
|
|
If true, requests containing invalid GraphQL payload are only logged but not blocked. |
|
|
Indicates if mutations are allowed. |
|
|
Indicates an optionally provided GraphQL schema is checked and enforced. |
|
|
Indicates if values are checked against allow and deny rules. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
If set to true, Airlock Gateway filters JSON attributes with allow rules and deny rules. |
|
|
Whether traffic to/from this service shall be checked against an API specification provided in the OpenAPI format.If enforced, traffic not conforming to the API specification will be blocked. |
|
|
If enabled, potential attack requests are only logged but not blocked. |
|
|
Run OpenAPI path matching against client or server view of request/response. Allowed values: |
|
|
If enabled, responses are also checked against the API specification. |
|
|
External path to the API specification. Note that the entry path will be added in front of it. |
|
|
If enabled, allow clients to download the API specification. |
|
|
If enabled, each path segment is interpreted as a separate parameter value and the deny rules for parameter values are applied to it. |
|
|
Whether this service is allowed to use Airlock Gateway’s back-end API via the control cookie mechanism. Normally, only the authentication application should be allowed to use the back-end control API of Airlock Gateway. |
|
|
Enables encryption of cookies which are sent to the client. |
|
|
Regular expression for cookies that should be cryptographically encrypted before being sent to the client. |
|
|
Whether this service should receive the Airlock Gateway environment cookies that contain useful information about the connection to the client. |
|
|
If enabled, load balancing information is sent to the client in a load balancing cookie. Disable if no load balancing is needed and no cookie should be generated for this purpose. |
|
|
Whether 'Passthrough Cookies' are enabled. Passthrough Cookies are cookies which are sent in plain format to the client. |
|
|
Regular expression to select cookies that should be treated as 'Passthrough Cookies'. |
|
|
If enabled, Airlock Gateway will deliver error pages by sending a HTTP redirect pointing to the error page to its clients. Otherwise the error page will be directly returned. |
|
|
Parameter values that are sent in HTTP requests from the client are interpreted by Airlock Gateway as if they were encoded using the given charset. If Airlock Gateway detects that the charset does not match, it tries to use the fallback charset. Allowed values: |
|
|
Additional headers to allow. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The actual pattern. |
|
|
If enabled, default header allow list will be applied. |
|
|
Additional headers to deny. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The actual pattern. |
|
|
If enabled, default header deny list will be applied. |
|
|
If enabled, requests which contain invalid UTF-8 sequences in the headers will be blocked. |
|
|
If enabled, requests which contain invalid UTF-8 sequences in the parameters will be blocked. |
|
|
If enabled, requests which contain invalid UTF-8 sequences in the path will be blocked. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
A response from the back-end server is rewritten only if the response headerContent-Type matches this regular expression. |
|
|
Whether rewrites are enabled. |
|
|
Target string which will replace the string matched by Content Pattern. |
|
|
Specifies whether Airlock Gateway should compress the output on-the-fly for the client browser (if supported and requested by the browser). |
|
|
Whether rewrites are enabled. |
|
|
Target string which will replace the string matched by HTTP status content pattern. |
|
|
The HTTP status code pattern. |
|
|
Additional headers to allow. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The actual pattern. |
|
|
If enabled, default header allow list will be applied. |
|
|
Additional headers to deny. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The actual pattern. |
|
|
If enabled, default header deny list will be applied. |
|
|
Whether rewrites are enabled. |
|
|
Target string which will replace the string matched by URL pattern. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Whether to apply the rule to <script> and <style> blocks embedded in the HTML page |
|
|
Whether rewrites are enabled. |
|
|
Whether to apply the rule to JavaScript event strings such as onsubmit, onload, etc. |
|
|
Target string which will replace the string matched by URL Pattern. |
|
|
Whether to apply the rule to linked HTML elements like href, src, etc. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Whether rewrites are enabled. |
|
|
A response from the back-end server is rewritten only if the JSON path matches this regular expression. |
|
|
Target string which will replace the string matched by Content Pattern. |
|
|
If enabled, Airlock Gateway removes HTML comments. |
|
|
Allowed values: |
|
|
Whether support for the WebSockets protocol as defined in RFC 6455 is enabled. |
|
|
The back-end path specifies the internal back-end path, i.e. the path of the request sent to the application server. |
|
|
If enabled, only clients implementing a Cookie-Store will be able to access the application through this mapping. In contrast to regular browsers, most bots do not implement a Cookie-Store and will therefore be blocked if this setting is enabled. |
|
|
If enabled, custom bots are not blocked. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Do not block bots whose source-domain matches the "domain pattern". |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
If true, requests from bots are only logged but not blocked. |
|
|
Check the User-Agent to determine if a bot is well-known and do not block such bots. |
|
|
If enabled, a reverse IP lookup for well-known bots is performed to verify that the client’s IP address belongs to the operator of a well-known bot. |
|
|
Whether CSRF protection is enabled. |
|
|
If a missing or invalid CSRF token is detected, the client is redirected to the configured location. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Whether the DoS attack prevention filter is enabled. |
|
|
Whether the DoS attack prevention filter is log-only. |
|
|
List of request frequency restrictions. Processed in order, the first matching path will win. |
|
|
If enabled, the restriction is active. |
|
|
Interval for measurement of allowed requests per IP address (seconds). |
|
|
Maximum requests allowed per IP address. |
|
|
Triggers the restriction if the path of the request matches. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether the maintenance page is enabled. |
|
|
Whether a trailing slash is mandatory at the end of the entry path or not. |
|
|
Whether the entry path should be case sensitive. |
|
|
The priority guarantees a deterministic selection of the mapping for a given request path. |
|
|
Whether the entry path (the external URL path of the mapping) should be interpreted as regular expression or not. |
|
|
The entry path specifies the external URL path the mapping should be available under. For each incoming request, Airlock Gateway compares the URL with the entry path to find the right mapping. |
|
|
Expert settings for the Apache web listener. |
|
|
Whether the Apache expert settings are enabled. |
|
|
Expert settings for the Apache web listener. |
|
|
Expert settings for the Security Gate. |
|
|
Whether the Security Gate expert settings are enabled. |
|
|
Expert settings for the Security Gate. |
|
|
Allows the detection of HTTP Parameter Pollution (HPP) attacks involving both HTTP GET and HTTP POST parameters (thus involving parameters of different/mixed types). |
|
|
If enabled, requests containing HTTP GET and HTTP POST parameters of the same name are blocked to prevent HPP attacks. |
|
|
If true, potential HPP attack requests are only logged but not blocked. |
|
|
Parameters named with a name matching this regular expression pattern will be ignored by the HPP detection. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Allows the detection of HTTP Parameter Pollution (HPP) attacks involving only HTTP GET or only HTTP POST parameters (thus involving only parameters of the same type). |
|
|
If enabled, parameters named with the same name and type (HTTP GET or POST) are joined together into one parameter before filtering to prevent HPP attacks. |
|
|
Counting mode of dynamic IP address blacklist blocks. Allowed values: |
|
|
If enabled, IPs on the dynamic IP address blacklist are blocked. |
|
|
If true, requests whose source IP address is contained in one of the configured IP Blacklists are only logged but not blocked. |
|
|
List of threat categories which should be blocked (;-separated string). Categories: |
|
|
If true, requests whose source IP address is not contained in one of the configured IP address whitelists are only logged but not blocked. |
|
|
If enabled, IP address whitelists will be applied if path matches. |
|
|
The IDs of referenced IP address whitelists |
|
|
IP address whitelists will be checked only for requests whose path matches this regular expression pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
List of assigned Labels (freely defined textual tags). Labels allow grouping of mappings with a common aspect, e.g. all mappings belonging to the same application. |
|
|
Defines the maximum path length for requests to the current mapping. |
|
|
Defines the maximum size of the request body. It specifies the number of bytes from 0 (meaning unlimited) to 2147483647 (2GB) that are allowed in a request body. To restrict the size of file uploads, set this limit to the maximum combined size of all files uploaded at once. |
|
|
Whether limits are enabled. |
|
|
Defines the maximum nesting depth. |
|
|
Defines the maximum number of parameters inside the request. |
|
|
Defines the maximum value length for a query parameter. |
|
|
Defines the maximum length for a parameter name. |
|
|
Defines the maximum length for a parameter value. |
|
|
Defines the maximum number of parameters inside the request. |
|
|
Whether JSON limits are enabled. |
|
|
Defines the maximum number of items for a single JSON array (non-recursive). |
|
|
Defines the maximum length for a JSON key, also known as "JSON property" or "JSON object member". |
|
|
Defines the maximum number of keys of a single JSON object (non-recursive). |
|
|
Defines the maximum depth of nesting for JSON objects and JSON arrays. |
|
|
Defines the maximum number of keys and array items in the whole JSON document (recursive). |
|
|
Defines the maximum json value length for requests to the current mapping. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
If true, the state of the attribute locks is displayed in Airlock Gateway’s Configuration Center for this mapping. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. Note that this lock affects both the EntryPath’s 'value' and 'ignoreCase'. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
The unique name of the mapping. |
|
|
The mode in which the mapping runs. Allowed values: |
|
|
Whether the overload prevention filter is enabled. |
|
|
Whether the overload prevention filter is log-only. |
|
|
List of request frequency restrictions. Processed in order, the first matching path will win. |
|
|
If enabled, the restriction is active. |
|
|
Interval for measurement of allowed requests per IP address (seconds). |
|
|
Maximum requests allowed per IP address. |
|
|
Triggers the restriction if the path of the request matches. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Only requests whose content type header matches this regular expression pattern will be streamed. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether request body streaming is enabled. If enabled, only requests matching all three regular expression patterns will be streamed. |
|
|
Only requests whose HTTP method matches this regular expression pattern will be streamed. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Only requests whose path matches this regular expression pattern will be streamed. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Tenant of the mapping. |
|
|
Defines how policy violations, e.g., missing allow rules, matching deny rules, URL encryption and form protection violations, are handled. Allowed values: |
|
|
Defines the time (seconds) Airlock Gateway will wait for the back-end response. |
|
|
Defines the minimum session idle time (seconds) of Airlock Gateway for this mapping. |
|
|
The virtual-host references. |
|
|
The data type of the referenced resource. Must be "virtual-host" for this call. |
|
|
The ID of the virtual-host resource. |
|
|
The back-end-group references. |
|
|
The data type of the referenced resource. Must be "back-end-group" for this call. |
|
|
The ID of the back-end-group resource. |
|
|
The local-json-web-key-set references. |
|
|
The data type of the referenced resource. Must be "local-json-web-key-set" for this call. |
|
|
The ID of the local-json-web-key-set resource. |
|
|
The remote-json-web-key-set references. |
|
|
The data type of the referenced resource. Must be "remote-json-web-key-set" for this call. |
|
|
The ID of the remote-json-web-key-set resource. |
|
|
The openapi-document references. |
|
|
The data type of the referenced resource. Must be "openapi-document" for this call. |
|
|
The ID of the openapi-document resource. |
|
|
The graphql-document references. |
|
|
The data type of the referenced resource. Must be "graphql-document" for this call. |
|
|
The ID of the graphql-document resource. |
|
|
The api-policy-service references. |
|
|
The data type of the referenced resource. Must be "api-policy-service" for this call. |
|
|
The ID of the api-policy-service resource. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
|
|
The icap-environment references. |
|
|
The data type of the referenced resource. Must be "icap-environment" for this call. |
|
|
The ID of the icap-environment resource. |
|
|
The JSON API meta type, which is: "jsonapi.meta" |
|
|
Whether this ICAP handler is enabled. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
The icap-environment references. |
|
|
The data type of the referenced resource. Must be "icap-environment" for this call. |
|
|
The ID of the icap-environment resource. |
|
|
The JSON API meta type, which is: "jsonapi.meta" |
|
|
Whether this ICAP handler is enabled. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
The icap-environment references. |
|
|
The data type of the referenced resource. Must be "icap-environment" for this call. |
|
|
The ID of the icap-environment resource. |
|
|
The JSON API meta type, which is: "jsonapi.meta" |
|
|
Whether this ICAP handler is enabled. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
The icap-environment references. |
|
|
The data type of the referenced resource. Must be "icap-environment" for this call. |
|
|
The ID of the icap-environment resource. |
|
|
The JSON API meta type, which is: "jsonapi.meta" |
|
|
Whether this ICAP handler is enabled. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
The anomaly-shield-application references. |
|
|
The data type of the referenced resource. Must be "anomaly-shield-application" for this call. |
|
|
The ID of the anomaly-shield-application resource. |
|
|
The mapping-template references. |
|
|
The data type of the referenced resource. Must be "mapping-template" for this call. |
|
|
The ID of the mapping-template resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 26870
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:00.320Z"
},
"data" : {
"type" : "mapping",
"id" : "1",
"attributes" : {
"name" : "mymapping",
"labels" : [ "myMappingLabel" ],
"tenant" : "",
"entryPath" : {
"value" : "/mymapping/",
"enforceTrailingSlashes" : true,
"regexFormatEnforced" : false,
"ignoreCase" : false,
"priority" : 0
},
"backendPath" : "/",
"threatHandling" : "BLOCK",
"operationalMode" : "PRODUCTION",
"enableMaintenancePage" : true,
"access" : {
"deniedUrl" : {
"value" : "/",
"mode" : "GLOBAL"
},
"restrictions" : [ {
"enabled" : true,
"httpMethodPattern" : {
"pattern" : "GET",
"caseIgnored" : true,
"inverted" : true
},
"entryPathPattern" : {
"pattern" : "/admin/",
"caseIgnored" : true,
"inverted" : true
},
"authorizedRoles" : [ "admin" ],
"authorizedPlans" : [ "android", "ios", "browser" ]
} ],
"clientCertificateAuthentication" : "NOT_REQUIRED",
"authenticationFlow" : "REDIRECT",
"backendLogoutUrl" : "/logout",
"backendLogoutHostHeader" : "%BACKENDHOST%",
"ntlmPassthroughEnabled" : false,
"credentialsPropagation" : {
"mandatory" : false,
"type" : "NONE"
},
"tokensEnabled" : false,
"tokenTransport" : {
"presenceMandatoryEnforced" : false,
"headerExtraction" : {
"enabled" : false,
"extractionPattern" : {
"pattern" : "^Authorization: Bearer (.*)$",
"caseIgnored" : true
},
"replaceWith" : "$1"
},
"parameterExtraction" : {
"enabled" : false,
"name" : ""
},
"cookieExtraction" : {
"enabled" : false,
"name" : ""
}
},
"tokenVerification" : {
"signatureCheckEnforced" : false,
"expiryCheckEnabled" : false,
"expiryCheckSkew" : 10,
"extractTechnicalClientIdEnabled" : false,
"extractTechnicalClientIdName" : "",
"setAuditTokenFromSubjectEnabled" : false,
"claimRestrictions" : [ {
"enabled" : true,
"name" : "myClaim",
"restrictionPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
}
} ],
"roleExtractions" : [ {
"enabled" : true,
"name" : "myClaim",
"extractionPattern" : {
"pattern" : "",
"caseIgnored" : false
},
"replaceWith" : "$1",
"tokenLifetimeAsRoleLifetimeEnforced" : true
} ]
}
},
"ipRules" : {
"ipAddressWhitelists" : {
"logOnly" : false,
"pathWhitelists" : [ {
"enabled" : true,
"pathPattern" : {
"pattern" : ".*",
"caseIgnored" : true,
"inverted" : true
},
"ipAddressListIds" : [ 90, 91 ]
} ]
},
"ipAddressBlacklists" : {
"logOnly" : false,
"webrootThreatCategories" : "WEB_ATTACKS"
},
"dynamicIpAddressBlacklist" : {
"enabled" : false,
"countMode" : "OFF"
}
},
"botManagement" : {
"logOnly" : false,
"clientCookieSupportEnforced" : false,
"wellKnownBots" : {
"allowed" : false,
"sourceDomainEnforced" : false
},
"customBots" : {
"allowed" : false,
"sourceDomainEnforced" : false,
"userAgentPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
},
"domainPattern" : {
"pattern" : "",
"inverted" : false
}
}
},
"timeouts" : {
"backend" : 120,
"sessionIdle" : 0
},
"limits" : {
"general" : {
"maxRequestBodySize" : 1073741824,
"maxPathLength" : 1024
},
"http" : {
"maxParameters" : 128,
"maxParameterNameLength" : 128,
"maxParameterValueLength" : 1024
},
"json" : {
"enabled" : true,
"maxKeyLength" : 256,
"maxValueLength" : 8192,
"maxNestingDepth" : 100,
"maxArrayItems" : 500,
"maxKeys" : 250,
"maxTotalEntries" : 150000
},
"graphql" : {
"enabled" : false,
"maxQuerySize" : 1024,
"maxQueryNestingDepth" : 10,
"maxValueLength" : 256
}
},
"csrfProtection" : {
"enabled" : false,
"invalidTokenRedirectLocation" : "/%ENTRYPATH%",
"pathExceptions" : [ {
"pattern" : "^/exception$",
"caseIgnored" : true
} ]
},
"application" : {
"sessionHandling" : "ENFORCE_SESSION",
"controlApiAllowed" : false,
"environmentCookiesEnabled" : false,
"encryptedCookies" : {
"enabled" : false,
"prefix" : ""
},
"passthroughCookies" : {
"enabled" : false,
"prefix" : ""
},
"loadBalancingCookieEnabled" : true,
"webSocketsAllowed" : false,
"redirectForErrorPageEnabled" : false,
"request" : {
"charset" : "UTF_8_FALLBACK_WINDOWS_1252",
"path" : {
"enforceUtf8" : false
},
"header" : {
"enforceUtf8" : false,
"allowlist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"denylist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
}
},
"parameter" : {
"enforceUtf8" : false
}
},
"response" : {
"compressionAllowed" : false,
"stripCommentsEnabled" : true,
"header" : {
"allowlist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"denylist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"location" : {
"rewrites" : [ {
"enabled" : true,
"urlPattern" : {
"pattern" : "/",
"caseIgnored" : true
},
"replaceWith" : "$1"
} ]
}
},
"json" : {
"rewrites" : [ {
"enabled" : true,
"path" : "json#path",
"contentPattern" : {
"pattern" : "a",
"caseIgnored" : true
},
"replaceWith" : "b"
} ]
},
"body" : {
"rewrites" : [ {
"enabled" : true,
"contentType" : "application/json",
"contentPattern" : {
"pattern" : "a",
"caseIgnored" : true
},
"replaceWith" : "b"
} ]
},
"html" : {
"rewrites" : [ {
"enabled" : true,
"urlPattern" : {
"pattern" : "a",
"caseIgnored" : true
},
"uris" : true,
"events" : true,
"embedded" : true,
"replaceWith" : "b"
} ]
},
"errorPage" : {
"rewrites" : [ {
"enabled" : true,
"statusContentPattern" : "^5(?!02|03)..$",
"replaceWith" : "500.html"
} ]
}
}
},
"apiSecurity" : {
"treatPathSegmentsAsParamValues" : true,
"json" : {
"valuesChecked" : false,
"contentTypePattern" : {
"pattern" : "",
"caseIgnored" : true,
"inverted" : false
},
"pathExceptions" : [ {
"pattern" : "^/json-parse-exception$",
"caseIgnored" : true
} ]
},
"graphql" : {
"enabled" : true,
"logOnly" : true,
"mutationsAllowed" : true,
"introspectionAllowed" : true,
"valuesChecked" : true,
"schemaEnforced" : true
},
"openApi" : {
"enabled" : true,
"logOnly" : false,
"responseCheckEnforced" : false,
"pathMatching" : "ClientView",
"specificationPublished" : true,
"specificationPublishPath" : "path/to/apiSpecification.json"
},
"apiPolicy" : {
"enabled" : true,
"keyExtractionHeader" : {
"enabled" : true,
"extractionPattern" : {
"pattern" : "^Api-Key: (.*)$",
"caseIgnored" : false,
"inverted" : false
},
"replaceWith" : "$1"
},
"keyExtractionQueryParameter" : {
"enabled" : false,
"parameterName" : "api_key"
},
"keyExtractionCookie" : {
"enabled" : false,
"cookieName" : "ApiKey"
}
}
},
"dosAttackPrevention" : {
"enabled" : true,
"logOnly" : true,
"restrictions" : [ {
"enabled" : true,
"pathPattern" : {
"pattern" : "^%ENTRYDIR%/",
"caseIgnored" : true,
"inverted" : true
},
"maxRequestsPerInterval" : 500,
"interval" : 60
} ]
},
"overloadPrevention" : {
"enabled" : false,
"logOnly" : false,
"restrictions" : [ {
"enabled" : true,
"pathPattern" : {
"pattern" : "%/.*",
"caseIgnored" : true,
"inverted" : true
},
"maxRequestsPerInterval" : 500,
"interval" : 60
} ]
},
"requestBodyStreaming" : {
"enabled" : false,
"httpMethodPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
},
"pathPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
},
"contentTypePattern" : {
"pattern" : "",
"caseIgnored" : true,
"inverted" : false
}
},
"httpParameterPollutionDetection" : {
"mixedTypes" : {
"enabled" : true,
"logOnly" : false,
"parameterNameExceptionPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
}
},
"sameType" : {
"enabled" : true
}
},
"expertSettings" : {
"securityGate" : {
"enabled" : false,
"settings" : ""
},
"apache" : {
"enabled" : false,
"settings" : ""
}
},
"locking" : {
"enabled" : false,
"labels" : false,
"access" : {
"deniedUrl" : {
"value" : false,
"mode" : false
},
"restrictions" : false,
"clientCertificateAuthentication" : false,
"authenticationFlow" : false,
"backendLogoutUrl" : false,
"backendLogoutHostHeader" : false,
"ntlmPassthroughEnabled" : false,
"credentialsPropagation" : {
"mandatory" : false,
"type" : false
},
"tokensEnabled" : false,
"tokenVerification" : {
"localJwksProviders" : true,
"remoteJwksProviders" : true,
"expiryCheckEnabled" : false,
"expiryCheckSkew" : false,
"claimRestrictions" : false,
"roleExtractions" : false,
"extractTechnicalClientIdEnabled" : false,
"extractTechnicalClientIdName" : false,
"setAuditTokenFromSubjectEnabled" : false
},
"tokenTransport" : {
"presenceMandatoryEnforced" : false,
"headerExtraction" : {
"enabled" : false,
"extractionPattern" : false,
"replaceWith" : false
},
"parameterExtraction" : {
"enabled" : false,
"name" : false
},
"cookieExtraction" : {
"enabled" : false,
"name" : false
}
}
},
"entryPath" : {
"settings" : true,
"enforceTrailingSlashes" : true,
"regexFormatEnforced" : true,
"priority" : false
},
"backendPath" : true,
"threatHandling" : false,
"operationalMode" : false,
"enableMaintenancePage" : false,
"ipRules" : {
"ipAddressWhitelists" : {
"logOnly" : false,
"pathIpAddressWhitelists" : false
},
"ipAddressBlacklists" : {
"logOnly" : false
},
"dynamicIpAddressBlacklist" : {
"enabled" : false,
"countMode" : false
}
},
"botManagement" : {
"logOnly" : false,
"clientCookieSupportEnforced" : false,
"wellKnownBots" : {
"allowed" : false,
"sourceDomainEnforced" : false
},
"customBots" : {
"allowed" : false,
"sourceDomainEnforced" : false,
"userAgentPattern" : false,
"domainPattern" : false
}
},
"timeouts" : {
"backend" : false,
"sessionIdle" : false
},
"limits" : {
"general" : {
"maxRequestBodySize" : true,
"maxPathLength" : true
},
"http" : {
"maxParameters" : false,
"maxParameterNameLength" : false,
"maxParameterValueLength" : false,
"maxParameterLengthException" : false
},
"json" : {
"enabled" : false,
"maxKeyLength" : false,
"maxValueLength" : false,
"maxLengthException" : false,
"maxNestingDepth" : false,
"maxArrayItems" : false,
"maxKeys" : false,
"maxTotalEntries" : false
},
"graphql" : {
"enabled" : false,
"maxQuerySize" : false,
"maxQueryNestingDepth" : false,
"maxValueLength" : false,
"maxLengthException" : false
}
},
"csrfProtection" : {
"enabled" : false,
"invalidTokenRedirectLocation" : false,
"pathExceptions" : false
},
"application" : {
"sessionHandling" : false,
"controlApiAllowed" : false,
"environmentCookiesEnabled" : false,
"encryptedCookies" : {
"enabled" : false,
"prefix" : false
},
"passthroughCookies" : {
"enabled" : false,
"prefix" : false
},
"loadBalancingCookieEnabled" : false,
"webSocketsAllowed" : false,
"redirectForErrorPageEnabled" : false,
"request" : {
"charset" : false,
"path" : {
"enforceUtf8" : false
},
"header" : {
"enforceUtf8" : false,
"allowlist" : {
"defaultEnabled" : true,
"additional" : false
},
"denylist" : {
"defaultEnabled" : false,
"additional" : false
}
},
"parameter" : {
"enforceUtf8" : false
}
},
"response" : {
"compressionAllowed" : false,
"stripCommentsEnabled" : false,
"header" : {
"allowlist" : {
"defaultEnabled" : false,
"additional" : false
},
"denylist" : {
"defaultEnabled" : false,
"additional" : false
},
"location" : {
"rewrites" : false
}
},
"json" : {
"rewrites" : false
},
"body" : {
"rewrites" : false
},
"html" : {
"rewrites" : false
},
"errorPage" : {
"rewrites" : false
}
}
},
"apiSecurity" : {
"treatPathSegmentsAsParamValues" : false,
"json" : {
"valuesChecked" : false,
"contentTypePattern" : false,
"pathExceptions" : false
},
"graphql" : {
"enabled" : false,
"logOnly" : false,
"mutationsAllowed" : false,
"introspectionAllowed" : false,
"valuesChecked" : false,
"schemaEnforced" : false
},
"openApi" : {
"enabled" : false,
"logOnly" : false,
"documentId" : false,
"responseCheckEnforced" : false,
"pathMatching" : false,
"specificationPublished" : false,
"specificationPublishPath" : false
},
"apiPolicy" : {
"enabled" : false,
"serviceId" : false,
"keyExtractionHeader" : {
"enabled" : false,
"extractionPattern" : false,
"replaceWith" : false
},
"keyExtractionQueryParameter" : {
"enabled" : false,
"parameterName" : false
},
"keyExtractionCookie" : {
"enabled" : false,
"cookieName" : false
}
}
},
"dosAttackPrevention" : {
"enabled" : false,
"logOnly" : false,
"ipAddressException" : false,
"restrictions" : false
},
"overloadPrevention" : {
"enabled" : false,
"logOnly" : false,
"ipAddressException" : false,
"restrictions" : false
},
"requestBodyStreaming" : {
"enabled" : false,
"httpMethodPattern" : false,
"pathPattern" : false,
"contentTypePattern" : false
},
"httpParameterPollutionDetection" : {
"mixedTypes" : {
"enabled" : false,
"logOnly" : false,
"parameterNameExceptionPattern" : false
},
"sameType" : {
"enabled" : false
}
},
"icap" : {
"request" : {
"clientViews" : false,
"backendViews" : false
},
"response" : {
"backendViews" : false,
"clientViews" : false
}
}
}
},
"relationships" : {
"back-end-groups" : {
"data" : [ {
"type" : "back-end-group",
"id" : "30"
} ]
},
"virtual-hosts" : {
"data" : [ {
"type" : "virtual-host",
"id" : "40"
} ]
},
"local-json-web-key-sets" : {
"data" : [ {
"type" : "local-json-web-key-set",
"id" : "46"
} ]
},
"remote-json-web-key-sets" : {
"data" : [ {
"type" : "remote-json-web-key-set",
"id" : "47"
} ]
},
"openapi-document" : {
"data" : {
"type" : "openapi-document",
"id" : "50"
}
},
"graphql-document" : {
"data" : {
"type" : "graphql-document",
"id" : "80"
}
},
"api-policy-service" : {
"data" : {
"type" : "api-policy-service",
"id" : "60"
}
},
"ip-address-whitelists" : {
"data" : [ {
"type" : "ip-address-list",
"id" : "90"
}, {
"type" : "ip-address-list",
"id" : "91"
} ]
},
"ip-address-blacklists" : {
"data" : [ {
"type" : "ip-address-list",
"id" : "92"
} ]
},
"ip-address-blacklist-exceptions" : {
"data" : [ {
"type" : "ip-address-list",
"id" : "92"
} ]
},
"dos-attack-prevention-source-ip-address-exception" : {
"data" : {
"type" : "ip-address-list",
"id" : "80"
}
},
"icap-request-client-views" : {
"data" : [ {
"type" : "icap-environment",
"id" : "42",
"meta" : {
"type" : "jsonapi.meta",
"usage" : {
"httpMethodPattern" : {
"caseIgnored" : "true",
"pattern" : "GET",
"inverted" : "true"
},
"pathPattern" : {
"caseIgnored" : "true",
"pattern" : "/entity-path",
"inverted" : "true"
},
"requestHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "^X-Entity",
"inverted" : "true"
},
"requestHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "EntityValue",
"inverted" : "true"
},
"enabled" : true
}
}
} ]
},
"icap-request-backend-views" : {
"data" : [ {
"type" : "icap-environment",
"id" : "43",
"meta" : {
"type" : "jsonapi.meta",
"usage" : {
"httpMethodPattern" : {
"caseIgnored" : "true",
"pattern" : "GET",
"inverted" : "true"
},
"pathPattern" : {
"caseIgnored" : "true",
"pattern" : "/entity-path",
"inverted" : "true"
},
"requestHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "^X-Entity",
"inverted" : "true"
},
"requestHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "EntityValue",
"inverted" : "true"
},
"enabled" : true
}
}
} ]
},
"icap-response-backend-views" : {
"data" : [ {
"type" : "icap-environment",
"id" : "44",
"meta" : {
"type" : "jsonapi.meta",
"usage" : {
"httpMethodPattern" : {
"caseIgnored" : "true",
"pattern" : "GET",
"inverted" : "true"
},
"pathPattern" : {
"caseIgnored" : "true",
"pattern" : "/entity-path",
"inverted" : "true"
},
"requestHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "^X-Entity",
"inverted" : "true"
},
"requestHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "EntityValue",
"inverted" : "true"
},
"responseHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "X-Response",
"inverted" : "true"
},
"responseHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "responsevalue",
"inverted" : "true"
},
"enabled" : true
}
}
} ]
},
"icap-response-client-views" : {
"data" : [ {
"type" : "icap-environment",
"id" : "45",
"meta" : {
"type" : "jsonapi.meta",
"usage" : {
"httpMethodPattern" : {
"caseIgnored" : "true",
"pattern" : "GET",
"inverted" : "true"
},
"pathPattern" : {
"caseIgnored" : "true",
"pattern" : "/entity-path",
"inverted" : "true"
},
"requestHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "^X-Entity",
"inverted" : "true"
},
"requestHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "EntityValue",
"inverted" : "true"
},
"responseHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "X-Response",
"inverted" : "true"
},
"responseHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "responsevalue",
"inverted" : "true"
},
"enabled" : true
}
}
} ]
},
"anomaly-shield-application" : {
"data" : {
"type" : "anomaly-shield-application",
"id" : "70"
}
}
}
}
}
Create a Mapping
POST /configuration/mappings
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "mapping" for this call. |
|
|
yes |
Allowed values: |
|
|
yes |
The host header to send with the logout request. |
|
|
yes |
Whenever an Airlock Gateway session terminates (either due to an explicit logout by the user or due to a session timeout), Airlock Gateway will call the given, unmodified path on the currently used back-end host with all information concerning this back-end application such as cookies, headers, etc. to allow clean session termination on the backend host. |
|
|
yes |
Specifies whether accessing this mapping requires the client to authenticate with a valid SSL client certificate. Allowed values: |
|
|
yes |
If true and the selected SSO credentials are missing, access to the mapping is denied and Airlock Gateway will redirect to either the global or the custom denied access URL. |
|
|
yes |
Defines if SSO credentials set by the control API will be forwarded to the back-end application or not. These credentials are typically set by the authentication service upon successful authentication. Allowed values: |
|
|
no |
Allowed values: |
|
|
yes |
Location (URL) of the authentication service. In case the required role for the mapping is missing on the current session, Airlock Gateway will redirect the client to this location. |
|
|
yes |
Airlock Gateway is enabled to handle HTTP connections with transparent client to back-end NTLM authentication. Since the authorization of NTLM authenticated connections is bound to the underlying TCP connection, the client and back-end connections are correlated as soon as a NTLM handshake is detected. These one-to-one bindings of client and back-end connections exist until client connections are closed. It is guaranteed that no back-end connection authenticated using NTLM is ever reused by another client connection. NTLM has well-known security flaws. We strongly recommend adding additional security measures when exposing NTLM authentication to the Internet. If possible, Kerberos should be preferred over NTLM, as suggested by Microsoft. |
|
|
yes |
List of mandatory plans. Only sessions which have at least one of these plans will be able to access the service. |
|
|
yes |
List of mandatory roles. Only sessions which have at least one of these roles will be able to access the service. |
|
|
yes |
Whether access restriction is enabled. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
The actual pattern. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
The actual pattern. |
|
|
yes |
If enabled, Airlock Gateway will extract the token from the specified cookie. |
|
|
yes |
Name of the cookie. |
|
|
yes |
If enabled, Airlock Gateway will extract the token from the specified header. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
The actual pattern. |
|
|
yes |
The rewrite expression for the header extraction. |
|
|
yes |
If enabled, Airlock Gateway will extract the token from the specified query parameter. |
|
|
yes |
Name of the query parameter. |
|
|
yes |
If not enforced, requests without a token are accepted. However, if a token is present, it is extracted and validated and the configured restrictions and role extractions are applied. |
|
|
yes |
Whether this claim extraction rule is enabled. |
|
|
yes |
Name of the claim you want to restrict. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
The actual pattern. |
|
|
yes |
If enabled, the JWT standard claims expiry (exp) and not before (nbf) will be checked and must be valid. |
|
|
yes |
Allowed skew when checking expiry / not before in seconds. This can be used if verification fails because of time synchronization issues with the token issuer and your Airlock. |
|
|
yes |
If enabled, a technical client ID is extracted from the JWT. |
|
|
yes |
Name of the claim to extract as technical client ID. |
|
|
yes |
Whether this claim extraction rule is enabled. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
The actual pattern. |
|
|
yes |
Name of the claim you want to extract a role from. |
|
|
yes |
The rewrite expression of the role. |
|
|
yes |
If enforced, the expiry claim (exp) of the JWT will be used as the role lifetime. |
|
|
yes |
If enabled, the 'sub' claim is extracted from the JWT and its value is used as audit token of the current Airlock session. |
|
|
yes |
If enforced, the JWT’s signature must be present and valid. |
|
|
yes |
Whether access tokens should be processed. |
|
|
yes |
Whether to enable the API policy service. |
|
|
yes |
Name of the cookie. |
|
|
yes |
If enabled, Airlock Gateway will extract the API key from the specified cookie. |
|
|
yes |
If enabled, Airlock Gateway will extract the API key from the specified header. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
The actual pattern. |
|
|
yes |
Rewrite expression for the header extraction. |
|
|
yes |
If enabled, Airlock Gateway will extract the API key from the specified query parameter. |
|
|
yes |
Name of the query parameter. |
|
|
yes |
GraphQL inspections are enabled. |
|
|
yes |
Indicates if introspection is allowed. |
|
|
yes |
If true, requests containing invalid GraphQL payload are only logged but not blocked. |
|
|
yes |
Indicates if mutations are allowed. |
|
|
yes |
Indicates an optionally provided GraphQL schema is checked and enforced. |
|
|
yes |
Indicates if values are checked against allow and deny rules. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
The actual pattern. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
The actual pattern. |
|
|
yes |
If set to true, Airlock Gateway filters JSON attributes with allow rules and deny rules. |
|
|
yes |
Whether traffic to/from this service shall be checked against an API specification provided in the OpenAPI format.If enforced, traffic not conforming to the API specification will be blocked. |
|
|
yes |
If enabled, potential attack requests are only logged but not blocked. |
|
|
yes |
Run OpenAPI path matching against client or server view of request/response. Allowed values: |
|
|
yes |
If enabled, responses are also checked against the API specification. |
|
|
yes |
External path to the API specification. Note that the entry path will be added in front of it. |
|
|
yes |
If enabled, allow clients to download the API specification. |
|
|
yes |
If enabled, each path segment is interpreted as a separate parameter value and the deny rules for parameter values are applied to it. |
|
|
yes |
Whether this service is allowed to use Airlock Gateway’s back-end API via the control cookie mechanism. Normally, only the authentication application should be allowed to use the back-end control API of Airlock Gateway. |
|
|
yes |
Enables encryption of cookies which are sent to the client. |
|
|
yes |
Regular expression for cookies that should be cryptographically encrypted before being sent to the client. |
|
|
yes |
Whether this service should receive the Airlock Gateway environment cookies that contain useful information about the connection to the client. |
|
|
yes |
If enabled, load balancing information is sent to the client in a load balancing cookie. Disable if no load balancing is needed and no cookie should be generated for this purpose. |
|
|
yes |
Whether 'Passthrough Cookies' are enabled. Passthrough Cookies are cookies which are sent in plain format to the client. |
|
|
yes |
Regular expression to select cookies that should be treated as 'Passthrough Cookies'. |
|
|
yes |
If enabled, Airlock Gateway will deliver error pages by sending a HTTP redirect pointing to the error page to its clients. Otherwise the error page will be directly returned. |
|
|
yes |
Parameter values that are sent in HTTP requests from the client are interpreted by Airlock Gateway as if they were encoded using the given charset. If Airlock Gateway detects that the charset does not match, it tries to use the fallback charset. Allowed values: |
|
|
yes |
Additional headers to allow. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
Whether the pattern is enabled. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
Whether to interpret line breaks as logical ORs. |
|
|
yes |
The actual pattern. |
|
|
yes |
If enabled, default header allow list will be applied. |
|
|
yes |
Additional headers to deny. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
Whether the pattern is enabled. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
Whether to interpret line breaks as logical ORs. |
|
|
yes |
The actual pattern. |
|
|
yes |
If enabled, default header deny list will be applied. |
|
|
yes |
If enabled, requests which contain invalid UTF-8 sequences in the headers will be blocked. |
|
|
yes |
If enabled, requests which contain invalid UTF-8 sequences in the parameters will be blocked. |
|
|
yes |
If enabled, requests which contain invalid UTF-8 sequences in the path will be blocked. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
The actual pattern. |
|
|
yes |
A response from the back-end server is rewritten only if the response headerContent-Type matches this regular expression. |
|
|
yes |
Whether rewrites are enabled. |
|
|
yes |
Target string which will replace the string matched by Content Pattern. |
|
|
yes |
Specifies whether Airlock Gateway should compress the output on-the-fly for the client browser (if supported and requested by the browser). |
|
|
yes |
Whether rewrites are enabled. |
|
|
yes |
Target string which will replace the string matched by HTTP status content pattern. |
|
|
yes |
The HTTP status code pattern. |
|
|
yes |
Additional headers to allow. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
Whether the pattern is enabled. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
Whether to interpret line breaks as logical ORs. |
|
|
yes |
The actual pattern. |
|
|
yes |
If enabled, default header allow list will be applied. |
|
|
yes |
Additional headers to deny. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
Whether the pattern is enabled. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
Whether to interpret line breaks as logical ORs. |
|
|
yes |
The actual pattern. |
|
|
yes |
If enabled, default header deny list will be applied. |
|
|
yes |
Whether rewrites are enabled. |
|
|
yes |
Target string which will replace the string matched by URL pattern. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
The actual pattern. |
|
|
yes |
Whether to apply the rule to <script> and <style> blocks embedded in the HTML page |
|
|
yes |
Whether rewrites are enabled. |
|
|
yes |
Whether to apply the rule to JavaScript event strings such as onsubmit, onload, etc. |
|
|
yes |
Target string which will replace the string matched by URL Pattern. |
|
|
yes |
Whether to apply the rule to linked HTML elements like href, src, etc. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
The actual pattern. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
The actual pattern. |
|
|
yes |
Whether rewrites are enabled. |
|
|
yes |
A response from the back-end server is rewritten only if the JSON path matches this regular expression. |
|
|
yes |
Target string which will replace the string matched by Content Pattern. |
|
|
yes |
If enabled, Airlock Gateway removes HTML comments. |
|
|
yes |
Allowed values: |
|
|
yes |
Whether support for the WebSockets protocol as defined in RFC 6455 is enabled. |
|
|
yes |
The back-end path specifies the internal back-end path, i.e. the path of the request sent to the application server. |
|
|
yes |
If enabled, only clients implementing a Cookie-Store will be able to access the application through this mapping. In contrast to regular browsers, most bots do not implement a Cookie-Store and will therefore be blocked if this setting is enabled. |
|
|
yes |
If enabled, custom bots are not blocked. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
The actual pattern. |
|
|
yes |
Do not block bots whose source-domain matches the "domain pattern". |
|
|
yes |
Whether to ignore case. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
The actual pattern. |
|
|
yes |
If true, requests from bots are only logged but not blocked. |
|
|
yes |
Check the User-Agent to determine if a bot is well-known and do not block such bots. |
|
|
yes |
If enabled, a reverse IP lookup for well-known bots is performed to verify that the client’s IP address belongs to the operator of a well-known bot. |
|
|
yes |
Whether CSRF protection is enabled. |
|
|
yes |
If a missing or invalid CSRF token is detected, the client is redirected to the configured location. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
The actual pattern. |
|
|
yes |
Whether the DoS attack prevention filter is enabled. |
|
|
yes |
Whether the DoS attack prevention filter is log-only. |
|
|
yes |
List of request frequency restrictions. Processed in order, the first matching path will win. |
|
|
yes |
If enabled, the restriction is active. |
|
|
yes |
Interval for measurement of allowed requests per IP address (seconds). |
|
|
yes |
Maximum requests allowed per IP address. |
|
|
yes |
Triggers the restriction if the path of the request matches. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
The actual pattern. |
|
|
yes |
Whether the maintenance page is enabled. |
|
|
yes |
Whether a trailing slash is mandatory at the end of the entry path or not. |
|
|
yes |
Whether the entry path should be case sensitive. |
|
|
yes |
The priority guarantees a deterministic selection of the mapping for a given request path. |
|
|
yes |
Whether the entry path (the external URL path of the mapping) should be interpreted as regular expression or not. |
|
|
yes |
The entry path specifies the external URL path the mapping should be available under. For each incoming request, Airlock Gateway compares the URL with the entry path to find the right mapping. |
|
|
yes |
Expert settings for the Apache web listener. |
|
|
yes |
Whether the Apache expert settings are enabled. |
|
|
yes |
Expert settings for the Apache web listener. |
|
|
yes |
Expert settings for the Security Gate. |
|
|
yes |
Whether the Security Gate expert settings are enabled. |
|
|
yes |
Expert settings for the Security Gate. |
|
|
yes |
Allows the detection of HTTP Parameter Pollution (HPP) attacks involving both HTTP GET and HTTP POST parameters (thus involving parameters of different/mixed types). |
|
|
yes |
If enabled, requests containing HTTP GET and HTTP POST parameters of the same name are blocked to prevent HPP attacks. |
|
|
yes |
If true, potential HPP attack requests are only logged but not blocked. |
|
|
yes |
Parameters named with a name matching this regular expression pattern will be ignored by the HPP detection. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
The actual pattern. |
|
|
yes |
Allows the detection of HTTP Parameter Pollution (HPP) attacks involving only HTTP GET or only HTTP POST parameters (thus involving only parameters of the same type). |
|
|
yes |
If enabled, parameters named with the same name and type (HTTP GET or POST) are joined together into one parameter before filtering to prevent HPP attacks. |
|
|
yes |
Counting mode of dynamic IP address blacklist blocks. Allowed values: |
|
|
yes |
If enabled, IPs on the dynamic IP address blacklist are blocked. |
|
|
yes |
If true, requests whose source IP address is contained in one of the configured IP Blacklists are only logged but not blocked. |
|
|
yes |
List of threat categories which should be blocked (;-separated string). Categories: |
|
|
yes |
If true, requests whose source IP address is not contained in one of the configured IP address whitelists are only logged but not blocked. |
|
|
yes |
If enabled, IP address whitelists will be applied if path matches. |
|
|
yes |
The IDs of referenced IP address whitelists |
|
|
yes |
IP address whitelists will be checked only for requests whose path matches this regular expression pattern. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
The actual pattern. |
|
|
yes |
List of assigned Labels (freely defined textual tags). Labels allow grouping of mappings with a common aspect, e.g. all mappings belonging to the same application. |
|
|
no |
Defines the maximum path length for requests to the current mapping. Default value: |
|
|
yes |
Defines the maximum size of the request body. It specifies the number of bytes from 0 (meaning unlimited) to 2147483647 (2GB) that are allowed in a request body. To restrict the size of file uploads, set this limit to the maximum combined size of all files uploaded at once. |
|
|
yes |
Whether limits are enabled. |
|
|
no |
Defines the maximum nesting depth. Default value: |
|
|
no |
Defines the maximum number of parameters inside the request. Default value: |
|
|
no |
Defines the maximum value length for a query parameter. Default value: |
|
|
no |
Defines the maximum length for a parameter name. Default value: |
|
|
no |
Defines the maximum length for a parameter value. Default value: |
|
|
no |
Defines the maximum number of parameters inside the request. Default value: |
|
|
yes |
Whether JSON limits are enabled. |
|
|
no |
Defines the maximum number of items for a single JSON array (non-recursive). Default value: |
|
|
no |
Defines the maximum length for a JSON key, also known as "JSON property" or "JSON object member". Default value: |
|
|
no |
Defines the maximum number of keys of a single JSON object (non-recursive). Default value: |
|
|
no |
Defines the maximum depth of nesting for JSON objects and JSON arrays. Default value: |
|
|
no |
Defines the maximum number of keys and array items in the whole JSON document (recursive). Default value: |
|
|
no |
Defines the maximum json value length for requests to the current mapping. Default value: |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
If true, the state of the attribute locks is displayed in Airlock Gateway’s Configuration Center for this mapping. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. Note that this lock affects both the EntryPath’s 'value' and 'ignoreCase'. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
The unique name of the mapping. |
|
|
no |
The mode in which the mapping runs. Allowed values: |
|
|
yes |
Whether the overload prevention filter is enabled. |
|
|
yes |
Whether the overload prevention filter is log-only. |
|
|
yes |
List of request frequency restrictions. Processed in order, the first matching path will win. |
|
|
yes |
If enabled, the restriction is active. |
|
|
yes |
Interval for measurement of allowed requests per IP address (seconds). |
|
|
yes |
Maximum requests allowed per IP address. |
|
|
yes |
Triggers the restriction if the path of the request matches. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
The actual pattern. |
|
|
yes |
Only requests whose content type header matches this regular expression pattern will be streamed. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
The actual pattern. |
|
|
yes |
Whether request body streaming is enabled. If enabled, only requests matching all three regular expression patterns will be streamed. |
|
|
yes |
Only requests whose HTTP method matches this regular expression pattern will be streamed. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
The actual pattern. |
|
|
yes |
Only requests whose path matches this regular expression pattern will be streamed. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
The actual pattern. |
|
|
yes |
Tenant of the mapping. |
|
|
yes |
Defines how policy violations, e.g., missing allow rules, matching deny rules, URL encryption and form protection violations, are handled. Allowed values: |
|
|
yes |
Defines the time (seconds) Airlock Gateway will wait for the back-end response. |
|
|
yes |
Defines the minimum session idle time (seconds) of Airlock Gateway for this mapping. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "mapping" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Allowed values: |
|
|
The host header to send with the logout request. |
|
|
Whenever an Airlock Gateway session terminates (either due to an explicit logout by the user or due to a session timeout), Airlock Gateway will call the given, unmodified path on the currently used back-end host with all information concerning this back-end application such as cookies, headers, etc. to allow clean session termination on the backend host. |
|
|
Specifies whether accessing this mapping requires the client to authenticate with a valid SSL client certificate. Allowed values: |
|
|
If true and the selected SSO credentials are missing, access to the mapping is denied and Airlock Gateway will redirect to either the global or the custom denied access URL. |
|
|
Defines if SSO credentials set by the control API will be forwarded to the back-end application or not. These credentials are typically set by the authentication service upon successful authentication. Allowed values: |
|
|
Allowed values: |
|
|
Location (URL) of the authentication service. In case the required role for the mapping is missing on the current session, Airlock Gateway will redirect the client to this location. |
|
|
Airlock Gateway is enabled to handle HTTP connections with transparent client to back-end NTLM authentication. Since the authorization of NTLM authenticated connections is bound to the underlying TCP connection, the client and back-end connections are correlated as soon as a NTLM handshake is detected. These one-to-one bindings of client and back-end connections exist until client connections are closed. It is guaranteed that no back-end connection authenticated using NTLM is ever reused by another client connection. NTLM has well-known security flaws. We strongly recommend adding additional security measures when exposing NTLM authentication to the Internet. If possible, Kerberos should be preferred over NTLM, as suggested by Microsoft. |
|
|
List of mandatory plans. Only sessions which have at least one of these plans will be able to access the service. |
|
|
List of mandatory roles. Only sessions which have at least one of these roles will be able to access the service. |
|
|
Whether access restriction is enabled. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
If enabled, Airlock Gateway will extract the token from the specified cookie. |
|
|
Name of the cookie. |
|
|
If enabled, Airlock Gateway will extract the token from the specified header. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
The rewrite expression for the header extraction. |
|
|
If enabled, Airlock Gateway will extract the token from the specified query parameter. |
|
|
Name of the query parameter. |
|
|
If not enforced, requests without a token are accepted. However, if a token is present, it is extracted and validated and the configured restrictions and role extractions are applied. |
|
|
Whether this claim extraction rule is enabled. |
|
|
Name of the claim you want to restrict. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
If enabled, the JWT standard claims expiry (exp) and not before (nbf) will be checked and must be valid. |
|
|
Allowed skew when checking expiry / not before in seconds. This can be used if verification fails because of time synchronization issues with the token issuer and your Airlock. |
|
|
If enabled, a technical client ID is extracted from the JWT. |
|
|
Name of the claim to extract as technical client ID. |
|
|
Whether this claim extraction rule is enabled. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Name of the claim you want to extract a role from. |
|
|
The rewrite expression of the role. |
|
|
If enforced, the expiry claim (exp) of the JWT will be used as the role lifetime. |
|
|
If enabled, the 'sub' claim is extracted from the JWT and its value is used as audit token of the current Airlock session. |
|
|
If enforced, the JWT’s signature must be present and valid. |
|
|
Whether access tokens should be processed. |
|
|
Whether to enable the API policy service. |
|
|
Name of the cookie. |
|
|
If enabled, Airlock Gateway will extract the API key from the specified cookie. |
|
|
If enabled, Airlock Gateway will extract the API key from the specified header. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Rewrite expression for the header extraction. |
|
|
If enabled, Airlock Gateway will extract the API key from the specified query parameter. |
|
|
Name of the query parameter. |
|
|
GraphQL inspections are enabled. |
|
|
Indicates if introspection is allowed. |
|
|
If true, requests containing invalid GraphQL payload are only logged but not blocked. |
|
|
Indicates if mutations are allowed. |
|
|
Indicates an optionally provided GraphQL schema is checked and enforced. |
|
|
Indicates if values are checked against allow and deny rules. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
If set to true, Airlock Gateway filters JSON attributes with allow rules and deny rules. |
|
|
Whether traffic to/from this service shall be checked against an API specification provided in the OpenAPI format.If enforced, traffic not conforming to the API specification will be blocked. |
|
|
If enabled, potential attack requests are only logged but not blocked. |
|
|
Run OpenAPI path matching against client or server view of request/response. Allowed values: |
|
|
If enabled, responses are also checked against the API specification. |
|
|
External path to the API specification. Note that the entry path will be added in front of it. |
|
|
If enabled, allow clients to download the API specification. |
|
|
If enabled, each path segment is interpreted as a separate parameter value and the deny rules for parameter values are applied to it. |
|
|
Whether this service is allowed to use Airlock Gateway’s back-end API via the control cookie mechanism. Normally, only the authentication application should be allowed to use the back-end control API of Airlock Gateway. |
|
|
Enables encryption of cookies which are sent to the client. |
|
|
Regular expression for cookies that should be cryptographically encrypted before being sent to the client. |
|
|
Whether this service should receive the Airlock Gateway environment cookies that contain useful information about the connection to the client. |
|
|
If enabled, load balancing information is sent to the client in a load balancing cookie. Disable if no load balancing is needed and no cookie should be generated for this purpose. |
|
|
Whether 'Passthrough Cookies' are enabled. Passthrough Cookies are cookies which are sent in plain format to the client. |
|
|
Regular expression to select cookies that should be treated as 'Passthrough Cookies'. |
|
|
If enabled, Airlock Gateway will deliver error pages by sending a HTTP redirect pointing to the error page to its clients. Otherwise the error page will be directly returned. |
|
|
Parameter values that are sent in HTTP requests from the client are interpreted by Airlock Gateway as if they were encoded using the given charset. If Airlock Gateway detects that the charset does not match, it tries to use the fallback charset. Allowed values: |
|
|
Additional headers to allow. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The actual pattern. |
|
|
If enabled, default header allow list will be applied. |
|
|
Additional headers to deny. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The actual pattern. |
|
|
If enabled, default header deny list will be applied. |
|
|
If enabled, requests which contain invalid UTF-8 sequences in the headers will be blocked. |
|
|
If enabled, requests which contain invalid UTF-8 sequences in the parameters will be blocked. |
|
|
If enabled, requests which contain invalid UTF-8 sequences in the path will be blocked. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
A response from the back-end server is rewritten only if the response headerContent-Type matches this regular expression. |
|
|
Whether rewrites are enabled. |
|
|
Target string which will replace the string matched by Content Pattern. |
|
|
Specifies whether Airlock Gateway should compress the output on-the-fly for the client browser (if supported and requested by the browser). |
|
|
Whether rewrites are enabled. |
|
|
Target string which will replace the string matched by HTTP status content pattern. |
|
|
The HTTP status code pattern. |
|
|
Additional headers to allow. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The actual pattern. |
|
|
If enabled, default header allow list will be applied. |
|
|
Additional headers to deny. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The actual pattern. |
|
|
If enabled, default header deny list will be applied. |
|
|
Whether rewrites are enabled. |
|
|
Target string which will replace the string matched by URL pattern. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Whether to apply the rule to <script> and <style> blocks embedded in the HTML page |
|
|
Whether rewrites are enabled. |
|
|
Whether to apply the rule to JavaScript event strings such as onsubmit, onload, etc. |
|
|
Target string which will replace the string matched by URL Pattern. |
|
|
Whether to apply the rule to linked HTML elements like href, src, etc. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Whether rewrites are enabled. |
|
|
A response from the back-end server is rewritten only if the JSON path matches this regular expression. |
|
|
Target string which will replace the string matched by Content Pattern. |
|
|
If enabled, Airlock Gateway removes HTML comments. |
|
|
Allowed values: |
|
|
Whether support for the WebSockets protocol as defined in RFC 6455 is enabled. |
|
|
The back-end path specifies the internal back-end path, i.e. the path of the request sent to the application server. |
|
|
If enabled, only clients implementing a Cookie-Store will be able to access the application through this mapping. In contrast to regular browsers, most bots do not implement a Cookie-Store and will therefore be blocked if this setting is enabled. |
|
|
If enabled, custom bots are not blocked. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Do not block bots whose source-domain matches the "domain pattern". |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
If true, requests from bots are only logged but not blocked. |
|
|
Check the User-Agent to determine if a bot is well-known and do not block such bots. |
|
|
If enabled, a reverse IP lookup for well-known bots is performed to verify that the client’s IP address belongs to the operator of a well-known bot. |
|
|
Whether CSRF protection is enabled. |
|
|
If a missing or invalid CSRF token is detected, the client is redirected to the configured location. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Whether the DoS attack prevention filter is enabled. |
|
|
Whether the DoS attack prevention filter is log-only. |
|
|
List of request frequency restrictions. Processed in order, the first matching path will win. |
|
|
If enabled, the restriction is active. |
|
|
Interval for measurement of allowed requests per IP address (seconds). |
|
|
Maximum requests allowed per IP address. |
|
|
Triggers the restriction if the path of the request matches. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether the maintenance page is enabled. |
|
|
Whether a trailing slash is mandatory at the end of the entry path or not. |
|
|
Whether the entry path should be case sensitive. |
|
|
The priority guarantees a deterministic selection of the mapping for a given request path. |
|
|
Whether the entry path (the external URL path of the mapping) should be interpreted as regular expression or not. |
|
|
The entry path specifies the external URL path the mapping should be available under. For each incoming request, Airlock Gateway compares the URL with the entry path to find the right mapping. |
|
|
Expert settings for the Apache web listener. |
|
|
Whether the Apache expert settings are enabled. |
|
|
Expert settings for the Apache web listener. |
|
|
Expert settings for the Security Gate. |
|
|
Whether the Security Gate expert settings are enabled. |
|
|
Expert settings for the Security Gate. |
|
|
Allows the detection of HTTP Parameter Pollution (HPP) attacks involving both HTTP GET and HTTP POST parameters (thus involving parameters of different/mixed types). |
|
|
If enabled, requests containing HTTP GET and HTTP POST parameters of the same name are blocked to prevent HPP attacks. |
|
|
If true, potential HPP attack requests are only logged but not blocked. |
|
|
Parameters named with a name matching this regular expression pattern will be ignored by the HPP detection. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Allows the detection of HTTP Parameter Pollution (HPP) attacks involving only HTTP GET or only HTTP POST parameters (thus involving only parameters of the same type). |
|
|
If enabled, parameters named with the same name and type (HTTP GET or POST) are joined together into one parameter before filtering to prevent HPP attacks. |
|
|
Counting mode of dynamic IP address blacklist blocks. Allowed values: |
|
|
If enabled, IPs on the dynamic IP address blacklist are blocked. |
|
|
If true, requests whose source IP address is contained in one of the configured IP Blacklists are only logged but not blocked. |
|
|
List of threat categories which should be blocked (;-separated string). Categories: |
|
|
If true, requests whose source IP address is not contained in one of the configured IP address whitelists are only logged but not blocked. |
|
|
If enabled, IP address whitelists will be applied if path matches. |
|
|
The IDs of referenced IP address whitelists |
|
|
IP address whitelists will be checked only for requests whose path matches this regular expression pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
List of assigned Labels (freely defined textual tags). Labels allow grouping of mappings with a common aspect, e.g. all mappings belonging to the same application. |
|
|
Defines the maximum path length for requests to the current mapping. |
|
|
Defines the maximum size of the request body. It specifies the number of bytes from 0 (meaning unlimited) to 2147483647 (2GB) that are allowed in a request body. To restrict the size of file uploads, set this limit to the maximum combined size of all files uploaded at once. |
|
|
Whether limits are enabled. |
|
|
Defines the maximum nesting depth. |
|
|
Defines the maximum number of parameters inside the request. |
|
|
Defines the maximum value length for a query parameter. |
|
|
Defines the maximum length for a parameter name. |
|
|
Defines the maximum length for a parameter value. |
|
|
Defines the maximum number of parameters inside the request. |
|
|
Whether JSON limits are enabled. |
|
|
Defines the maximum number of items for a single JSON array (non-recursive). |
|
|
Defines the maximum length for a JSON key, also known as "JSON property" or "JSON object member". |
|
|
Defines the maximum number of keys of a single JSON object (non-recursive). |
|
|
Defines the maximum depth of nesting for JSON objects and JSON arrays. |
|
|
Defines the maximum number of keys and array items in the whole JSON document (recursive). |
|
|
Defines the maximum json value length for requests to the current mapping. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
If true, the state of the attribute locks is displayed in Airlock Gateway’s Configuration Center for this mapping. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. Note that this lock affects both the EntryPath’s 'value' and 'ignoreCase'. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
The unique name of the mapping. |
|
|
The mode in which the mapping runs. Allowed values: |
|
|
Whether the overload prevention filter is enabled. |
|
|
Whether the overload prevention filter is log-only. |
|
|
List of request frequency restrictions. Processed in order, the first matching path will win. |
|
|
If enabled, the restriction is active. |
|
|
Interval for measurement of allowed requests per IP address (seconds). |
|
|
Maximum requests allowed per IP address. |
|
|
Triggers the restriction if the path of the request matches. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Only requests whose content type header matches this regular expression pattern will be streamed. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether request body streaming is enabled. If enabled, only requests matching all three regular expression patterns will be streamed. |
|
|
Only requests whose HTTP method matches this regular expression pattern will be streamed. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Only requests whose path matches this regular expression pattern will be streamed. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Tenant of the mapping. |
|
|
Defines how policy violations, e.g., missing allow rules, matching deny rules, URL encryption and form protection violations, are handled. Allowed values: |
|
|
Defines the time (seconds) Airlock Gateway will wait for the back-end response. |
|
|
Defines the minimum session idle time (seconds) of Airlock Gateway for this mapping. |
|
|
The mapping-template references. |
|
|
The data type of the referenced resource. Must be "mapping-template" for this call. |
|
|
The ID of the mapping-template resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "mapping",
"attributes" : {
"name" : "mymapping",
"labels" : [ "labelA", "labelB" ],
"tenant" : "AirlockBankingCo",
"entryPath" : {
"value" : "/entryPathA/",
"enforceTrailingSlashes" : true,
"regexFormatEnforced" : true,
"ignoreCase" : true,
"priority" : 0
},
"backendPath" : "/backendA/",
"threatHandling" : "BLOCK",
"operationalMode" : "PRODUCTION",
"enableMaintenancePage" : true,
"access" : {
"deniedUrl" : {
"value" : "/auth/login",
"mode" : "GLOBAL"
},
"restrictions" : [ {
"enabled" : true,
"httpMethodPattern" : {
"pattern" : "[GET|POST|DELETE]",
"caseIgnored" : true,
"inverted" : true
},
"entryPathPattern" : {
"pattern" : "/admin/",
"caseIgnored" : true,
"inverted" : true
},
"authorizedRoles" : [ "admin" ],
"authorizedPlans" : [ "android", "ios", "browser" ]
} ],
"clientCertificateAuthentication" : "NOT_REQUIRED",
"authenticationFlow" : "REDIRECT",
"backendLogoutUrl" : "/backendA/logout",
"backendLogoutHostHeader" : "%BACKENDHOST%",
"ntlmPassthroughEnabled" : true,
"credentialsPropagation" : {
"mandatory" : true,
"type" : "BASIC_AUTH"
},
"tokensEnabled" : true,
"tokenTransport" : {
"presenceMandatoryEnforced" : true,
"headerExtraction" : {
"enabled" : true,
"extractionPattern" : {
"pattern" : "mypattern",
"caseIgnored" : true
},
"replaceWith" : "$1"
},
"parameterExtraction" : {
"enabled" : true,
"name" : "paramExtraction"
},
"cookieExtraction" : {
"enabled" : true,
"name" : "EXTRACTION_COOKIE"
}
},
"tokenVerification" : {
"signatureCheckEnforced" : true,
"expiryCheckEnabled" : true,
"expiryCheckSkew" : 42,
"extractTechnicalClientIdEnabled" : true,
"extractTechnicalClientIdName" : "TechnicalClientID",
"setAuditTokenFromSubjectEnabled" : true,
"claimRestrictions" : [ {
"enabled" : true,
"name" : "myrestriction",
"restrictionPattern" : {
"pattern" : "myRestriction",
"caseIgnored" : true,
"inverted" : true
}
} ],
"roleExtractions" : [ {
"enabled" : true,
"name" : "myextraction",
"extractionPattern" : {
"pattern" : "extractionPattern",
"caseIgnored" : true
},
"replaceWith" : "$1",
"tokenLifetimeAsRoleLifetimeEnforced" : true
} ]
}
},
"ipRules" : {
"ipAddressWhitelists" : {
"logOnly" : true,
"pathWhitelists" : [ {
"enabled" : true,
"pathPattern" : {
"pattern" : ".*",
"caseIgnored" : true,
"inverted" : true
},
"ipAddressListIds" : [ ]
} ]
},
"ipAddressBlacklists" : {
"logOnly" : true,
"webrootThreatCategories" : ""
},
"dynamicIpAddressBlacklist" : {
"enabled" : true,
"countMode" : "ALL"
}
},
"botManagement" : {
"logOnly" : false,
"clientCookieSupportEnforced" : true,
"wellKnownBots" : {
"allowed" : true,
"sourceDomainEnforced" : true
},
"customBots" : {
"allowed" : true,
"sourceDomainEnforced" : true,
"userAgentPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
},
"domainPattern" : {
"pattern" : "",
"inverted" : false
}
}
},
"timeouts" : {
"backend" : 120,
"sessionIdle" : 0
},
"limits" : {
"general" : {
"maxRequestBodySize" : 222,
"maxPathLength" : 111
},
"http" : {
"maxParameters" : 2222,
"maxParameterNameLength" : 1111,
"maxParameterValueLength" : 3333
},
"json" : {
"enabled" : true,
"maxKeyLength" : 48,
"maxValueLength" : 42,
"maxNestingDepth" : 2000,
"maxArrayItems" : 1000,
"maxKeys" : 4000,
"maxTotalEntries" : 3000
},
"graphql" : {
"enabled" : true,
"maxQuerySize" : 128,
"maxQueryNestingDepth" : 10,
"maxValueLength" : 256
}
},
"csrfProtection" : {
"enabled" : true,
"invalidTokenRedirectLocation" : "%ENTRY_PATH%/index.html",
"pathExceptions" : [ {
"pattern" : "^/exception/.*",
"caseIgnored" : true
} ]
},
"application" : {
"sessionHandling" : "ENFORCE_SESSION",
"controlApiAllowed" : true,
"environmentCookiesEnabled" : true,
"encryptedCookies" : {
"enabled" : true,
"prefix" : "ENCRYPT.*"
},
"passthroughCookies" : {
"enabled" : true,
"prefix" : "PASSTHROUGH.*"
},
"loadBalancingCookieEnabled" : true,
"webSocketsAllowed" : true,
"redirectForErrorPageEnabled" : true,
"request" : {
"charset" : "UTF_8_FALLBACK_WINDOWS_1252",
"path" : {
"enforceUtf8" : true
},
"header" : {
"enforceUtf8" : true,
"allowlist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$ ",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"denylist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
}
},
"parameter" : {
"enforceUtf8" : true
}
},
"response" : {
"compressionAllowed" : true,
"stripCommentsEnabled" : true,
"header" : {
"allowlist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"denylist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"location" : {
"rewrites" : [ {
"enabled" : true,
"urlPattern" : {
"pattern" : "/test/",
"caseIgnored" : true
},
"replaceWith" : "$1"
} ]
}
},
"json" : {
"rewrites" : [ {
"enabled" : true,
"path" : "$.address.city",
"contentPattern" : {
"pattern" : "Basel",
"caseIgnored" : true
},
"replaceWith" : "Zurich"
} ]
},
"body" : {
"rewrites" : [ {
"enabled" : true,
"contentType" : "application/json",
"contentPattern" : {
"pattern" : "test",
"caseIgnored" : true
},
"replaceWith" : "test2"
} ]
},
"html" : {
"rewrites" : [ {
"enabled" : true,
"urlPattern" : {
"pattern" : "^https?://www.mydomain.com(/[^'\"]*)$",
"caseIgnored" : true
},
"uris" : true,
"events" : true,
"embedded" : true,
"replaceWith" : "$1"
} ]
},
"errorPage" : {
"rewrites" : [ {
"enabled" : true,
"statusContentPattern" : "^5(?!02|03)..$",
"replaceWith" : "500.html"
} ]
}
}
},
"apiSecurity" : {
"treatPathSegmentsAsParamValues" : true,
"json" : {
"valuesChecked" : true,
"contentTypePattern" : {
"pattern" : "application/json",
"caseIgnored" : true,
"inverted" : true
},
"pathExceptions" : [ {
"pattern" : "^/json-parser-exception/.*",
"caseIgnored" : true
} ]
},
"graphql" : {
"enabled" : true,
"logOnly" : true,
"mutationsAllowed" : true,
"introspectionAllowed" : true,
"valuesChecked" : true,
"schemaEnforced" : true
},
"openApi" : {
"enabled" : true,
"logOnly" : true,
"responseCheckEnforced" : true,
"pathMatching" : "ClientView",
"specificationPublished" : true,
"specificationPublishPath" : "path/to/apiSpecification.json"
},
"apiPolicy" : {
"enabled" : true,
"keyExtractionHeader" : {
"enabled" : true,
"extractionPattern" : {
"pattern" : "^Api-Key: (.*)$",
"caseIgnored" : false,
"inverted" : false
},
"replaceWith" : "$1"
},
"keyExtractionQueryParameter" : {
"enabled" : true,
"parameterName" : "api_key"
},
"keyExtractionCookie" : {
"enabled" : true,
"cookieName" : "ApiKey"
}
}
},
"dosAttackPrevention" : {
"enabled" : true,
"logOnly" : true,
"restrictions" : [ {
"enabled" : true,
"pathPattern" : {
"pattern" : "^%ENTRYDIR%/",
"caseIgnored" : true,
"inverted" : true
},
"maxRequestsPerInterval" : 1000,
"interval" : 30
} ]
},
"overloadPrevention" : {
"enabled" : true,
"logOnly" : true,
"restrictions" : [ {
"enabled" : true,
"pathPattern" : {
"pattern" : "^%ENTRYDIR%/",
"caseIgnored" : true,
"inverted" : true
},
"maxRequestsPerInterval" : 1000,
"interval" : 30
} ]
},
"requestBodyStreaming" : {
"enabled" : true,
"httpMethodPattern" : {
"pattern" : "^GET$",
"caseIgnored" : true,
"inverted" : false
},
"pathPattern" : {
"pattern" : "/path/",
"caseIgnored" : false,
"inverted" : false
},
"contentTypePattern" : {
"pattern" : "video/mpeg",
"caseIgnored" : false,
"inverted" : false
}
},
"httpParameterPollutionDetection" : {
"mixedTypes" : {
"enabled" : false,
"logOnly" : true,
"parameterNameExceptionPattern" : {
"pattern" : "",
"caseIgnored" : true,
"inverted" : true
}
},
"sameType" : {
"enabled" : false
}
},
"expertSettings" : {
"securityGate" : {
"enabled" : true,
"settings" : "AuthenticatedSessionsWarningPercentage \"90\""
},
"apache" : {
"enabled" : true,
"settings" : "MaxConnectionsPerChild 15000"
}
},
"locking" : {
"enabled" : true,
"labels" : true,
"access" : {
"deniedUrl" : {
"value" : true,
"mode" : true
},
"restrictions" : true,
"clientCertificateAuthentication" : true,
"authenticationFlow" : true,
"backendLogoutUrl" : true,
"backendLogoutHostHeader" : true,
"ntlmPassthroughEnabled" : true,
"credentialsPropagation" : {
"mandatory" : true,
"type" : true
},
"tokensEnabled" : true,
"tokenVerification" : {
"localJwksProviders" : true,
"remoteJwksProviders" : true,
"expiryCheckEnabled" : true,
"expiryCheckSkew" : true,
"claimRestrictions" : true,
"roleExtractions" : true,
"extractTechnicalClientIdEnabled" : true,
"extractTechnicalClientIdName" : true,
"setAuditTokenFromSubjectEnabled" : true
},
"tokenTransport" : {
"presenceMandatoryEnforced" : true,
"headerExtraction" : {
"enabled" : true,
"extractionPattern" : true,
"replaceWith" : true
},
"parameterExtraction" : {
"enabled" : true,
"name" : true
},
"cookieExtraction" : {
"enabled" : true,
"name" : true
}
}
},
"entryPath" : {
"settings" : true,
"enforceTrailingSlashes" : true,
"regexFormatEnforced" : true,
"priority" : true
},
"backendPath" : true,
"threatHandling" : true,
"operationalMode" : true,
"enableMaintenancePage" : true,
"ipRules" : {
"ipAddressWhitelists" : {
"logOnly" : true,
"pathIpAddressWhitelists" : true
},
"ipAddressBlacklists" : {
"logOnly" : true
},
"dynamicIpAddressBlacklist" : {
"enabled" : true,
"countMode" : true
}
},
"botManagement" : {
"logOnly" : false,
"clientCookieSupportEnforced" : true,
"wellKnownBots" : {
"allowed" : true,
"sourceDomainEnforced" : true
},
"customBots" : {
"allowed" : true,
"sourceDomainEnforced" : true,
"userAgentPattern" : true,
"domainPattern" : true
}
},
"timeouts" : {
"backend" : true,
"sessionIdle" : true
},
"limits" : {
"general" : {
"maxRequestBodySize" : true,
"maxPathLength" : true
},
"http" : {
"maxParameters" : true,
"maxParameterNameLength" : true,
"maxParameterValueLength" : true,
"maxParameterLengthException" : true
},
"json" : {
"enabled" : true,
"maxKeyLength" : true,
"maxValueLength" : true,
"maxLengthException" : true,
"maxNestingDepth" : true,
"maxArrayItems" : true,
"maxKeys" : true,
"maxTotalEntries" : true
},
"graphql" : {
"enabled" : true,
"maxQuerySize" : true,
"maxQueryNestingDepth" : true,
"maxValueLength" : true,
"maxLengthException" : true
}
},
"csrfProtection" : {
"enabled" : true,
"invalidTokenRedirectLocation" : true,
"pathExceptions" : true
},
"application" : {
"sessionHandling" : true,
"controlApiAllowed" : true,
"environmentCookiesEnabled" : true,
"encryptedCookies" : {
"enabled" : true,
"prefix" : true
},
"passthroughCookies" : {
"enabled" : true,
"prefix" : true
},
"loadBalancingCookieEnabled" : true,
"webSocketsAllowed" : true,
"redirectForErrorPageEnabled" : true,
"request" : {
"charset" : true,
"path" : {
"enforceUtf8" : true
},
"header" : {
"enforceUtf8" : true,
"allowlist" : {
"defaultEnabled" : true,
"additional" : true
},
"denylist" : {
"defaultEnabled" : true,
"additional" : true
}
},
"parameter" : {
"enforceUtf8" : true
}
},
"response" : {
"compressionAllowed" : true,
"stripCommentsEnabled" : true,
"header" : {
"allowlist" : {
"defaultEnabled" : true,
"additional" : true
},
"denylist" : {
"defaultEnabled" : true,
"additional" : true
},
"location" : {
"rewrites" : true
}
},
"json" : {
"rewrites" : true
},
"body" : {
"rewrites" : true
},
"html" : {
"rewrites" : true
},
"errorPage" : {
"rewrites" : true
}
}
},
"apiSecurity" : {
"treatPathSegmentsAsParamValues" : true,
"json" : {
"valuesChecked" : true,
"contentTypePattern" : true,
"pathExceptions" : true
},
"graphql" : {
"enabled" : true,
"logOnly" : true,
"mutationsAllowed" : true,
"introspectionAllowed" : true,
"valuesChecked" : true,
"schemaEnforced" : true
},
"openApi" : {
"enabled" : true,
"logOnly" : true,
"documentId" : true,
"responseCheckEnforced" : true,
"pathMatching" : true,
"specificationPublished" : true,
"specificationPublishPath" : true
},
"apiPolicy" : {
"enabled" : true,
"serviceId" : true,
"keyExtractionHeader" : {
"enabled" : true,
"extractionPattern" : true,
"replaceWith" : true
},
"keyExtractionQueryParameter" : {
"enabled" : true,
"parameterName" : true
},
"keyExtractionCookie" : {
"enabled" : true,
"cookieName" : true
}
}
},
"dosAttackPrevention" : {
"enabled" : true,
"logOnly" : true,
"ipAddressException" : true,
"restrictions" : true
},
"overloadPrevention" : {
"enabled" : true,
"logOnly" : true,
"ipAddressException" : true,
"restrictions" : true
},
"requestBodyStreaming" : {
"enabled" : true,
"httpMethodPattern" : true,
"pathPattern" : true,
"contentTypePattern" : true
},
"httpParameterPollutionDetection" : {
"mixedTypes" : {
"enabled" : true,
"logOnly" : true,
"parameterNameExceptionPattern" : true
},
"sameType" : {
"enabled" : true
}
},
"icap" : {
"request" : {
"clientViews" : true,
"backendViews" : true
},
"response" : {
"backendViews" : true,
"clientViews" : true
}
}
}
}
}
}'
Example Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 20812
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:03.573Z"
},
"data" : {
"type" : "mapping",
"id" : "3",
"attributes" : {
"name" : "mymapping",
"labels" : [ "labelA", "labelB" ],
"tenant" : "AirlockBankingCo",
"entryPath" : {
"value" : "/entryPathA/",
"enforceTrailingSlashes" : true,
"regexFormatEnforced" : true,
"ignoreCase" : true,
"priority" : 0
},
"backendPath" : "/backendA/",
"threatHandling" : "BLOCK",
"operationalMode" : "PRODUCTION",
"enableMaintenancePage" : true,
"access" : {
"deniedUrl" : {
"value" : "/auth/login",
"mode" : "GLOBAL"
},
"restrictions" : [ {
"enabled" : true,
"httpMethodPattern" : {
"pattern" : "[GET|POST|DELETE]",
"caseIgnored" : true,
"inverted" : true
},
"entryPathPattern" : {
"pattern" : "/admin/",
"caseIgnored" : true,
"inverted" : true
},
"authorizedRoles" : [ "admin" ],
"authorizedPlans" : [ "android", "ios", "browser" ]
} ],
"clientCertificateAuthentication" : "NOT_REQUIRED",
"authenticationFlow" : "REDIRECT",
"backendLogoutUrl" : "/backendA/logout",
"backendLogoutHostHeader" : "%BACKENDHOST%",
"ntlmPassthroughEnabled" : true,
"credentialsPropagation" : {
"mandatory" : true,
"type" : "BASIC_AUTH"
},
"tokensEnabled" : true,
"tokenTransport" : {
"presenceMandatoryEnforced" : true,
"headerExtraction" : {
"enabled" : true,
"extractionPattern" : {
"pattern" : "mypattern",
"caseIgnored" : true
},
"replaceWith" : "$1"
},
"parameterExtraction" : {
"enabled" : true,
"name" : "paramExtraction"
},
"cookieExtraction" : {
"enabled" : true,
"name" : "EXTRACTION_COOKIE"
}
},
"tokenVerification" : {
"signatureCheckEnforced" : true,
"expiryCheckEnabled" : true,
"expiryCheckSkew" : 42,
"extractTechnicalClientIdEnabled" : true,
"extractTechnicalClientIdName" : "TechnicalClientID",
"setAuditTokenFromSubjectEnabled" : true,
"claimRestrictions" : [ {
"enabled" : true,
"name" : "myrestriction",
"restrictionPattern" : {
"pattern" : "myRestriction",
"caseIgnored" : true,
"inverted" : true
}
} ],
"roleExtractions" : [ {
"enabled" : true,
"name" : "myextraction",
"extractionPattern" : {
"pattern" : "extractionPattern",
"caseIgnored" : true
},
"replaceWith" : "$1",
"tokenLifetimeAsRoleLifetimeEnforced" : true
} ]
}
},
"ipRules" : {
"ipAddressWhitelists" : {
"logOnly" : true,
"pathWhitelists" : [ {
"enabled" : true,
"pathPattern" : {
"pattern" : ".*",
"caseIgnored" : true,
"inverted" : true
},
"ipAddressListIds" : [ ]
} ]
},
"ipAddressBlacklists" : {
"logOnly" : true,
"webrootThreatCategories" : ""
},
"dynamicIpAddressBlacklist" : {
"enabled" : true,
"countMode" : "ALL"
}
},
"botManagement" : {
"logOnly" : false,
"clientCookieSupportEnforced" : true,
"wellKnownBots" : {
"allowed" : true,
"sourceDomainEnforced" : true
},
"customBots" : {
"allowed" : true,
"sourceDomainEnforced" : true,
"userAgentPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
},
"domainPattern" : {
"pattern" : "",
"inverted" : false
}
}
},
"timeouts" : {
"backend" : 120,
"sessionIdle" : 0
},
"limits" : {
"general" : {
"maxRequestBodySize" : 222,
"maxPathLength" : 111
},
"http" : {
"maxParameters" : 2222,
"maxParameterNameLength" : 1111,
"maxParameterValueLength" : 3333
},
"json" : {
"enabled" : true,
"maxKeyLength" : 48,
"maxValueLength" : 42,
"maxNestingDepth" : 2000,
"maxArrayItems" : 1000,
"maxKeys" : 4000,
"maxTotalEntries" : 3000
},
"graphql" : {
"enabled" : true,
"maxQuerySize" : 128,
"maxQueryNestingDepth" : 10,
"maxValueLength" : 256
}
},
"csrfProtection" : {
"enabled" : true,
"invalidTokenRedirectLocation" : "%ENTRY_PATH%/index.html",
"pathExceptions" : [ {
"pattern" : "^/exception/.*",
"caseIgnored" : true
} ]
},
"application" : {
"sessionHandling" : "ENFORCE_SESSION",
"controlApiAllowed" : true,
"environmentCookiesEnabled" : true,
"encryptedCookies" : {
"enabled" : true,
"prefix" : "ENCRYPT.*"
},
"passthroughCookies" : {
"enabled" : true,
"prefix" : "PASSTHROUGH.*"
},
"loadBalancingCookieEnabled" : true,
"webSocketsAllowed" : true,
"redirectForErrorPageEnabled" : true,
"request" : {
"charset" : "UTF_8_FALLBACK_WINDOWS_1252",
"path" : {
"enforceUtf8" : true
},
"header" : {
"enforceUtf8" : true,
"allowlist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$ ",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"denylist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
}
},
"parameter" : {
"enforceUtf8" : true
}
},
"response" : {
"compressionAllowed" : true,
"stripCommentsEnabled" : true,
"header" : {
"allowlist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"denylist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"location" : {
"rewrites" : [ {
"enabled" : true,
"urlPattern" : {
"pattern" : "/test/",
"caseIgnored" : true
},
"replaceWith" : "$1"
} ]
}
},
"json" : {
"rewrites" : [ {
"enabled" : true,
"path" : "$.address.city",
"contentPattern" : {
"pattern" : "Basel",
"caseIgnored" : true
},
"replaceWith" : "Zurich"
} ]
},
"body" : {
"rewrites" : [ {
"enabled" : true,
"contentType" : "application/json",
"contentPattern" : {
"pattern" : "test",
"caseIgnored" : true
},
"replaceWith" : "test2"
} ]
},
"html" : {
"rewrites" : [ {
"enabled" : true,
"urlPattern" : {
"pattern" : "^https?://www.mydomain.com(/[^'\"]*)$",
"caseIgnored" : true
},
"uris" : true,
"events" : true,
"embedded" : true,
"replaceWith" : "$1"
} ]
},
"errorPage" : {
"rewrites" : [ {
"enabled" : true,
"statusContentPattern" : "^5(?!02|03)..$",
"replaceWith" : "500.html"
} ]
}
}
},
"apiSecurity" : {
"treatPathSegmentsAsParamValues" : true,
"json" : {
"valuesChecked" : true,
"contentTypePattern" : {
"pattern" : "application/json",
"caseIgnored" : true,
"inverted" : true
},
"pathExceptions" : [ {
"pattern" : "^/json-parser-exception/.*",
"caseIgnored" : true
} ]
},
"graphql" : {
"enabled" : true,
"logOnly" : true,
"mutationsAllowed" : true,
"introspectionAllowed" : true,
"valuesChecked" : true,
"schemaEnforced" : true
},
"openApi" : {
"enabled" : true,
"logOnly" : true,
"responseCheckEnforced" : true,
"pathMatching" : "ClientView",
"specificationPublished" : true,
"specificationPublishPath" : "path/to/apiSpecification.json"
},
"apiPolicy" : {
"enabled" : true,
"keyExtractionHeader" : {
"enabled" : true,
"extractionPattern" : {
"pattern" : "^Api-Key: (.*)$",
"caseIgnored" : false,
"inverted" : false
},
"replaceWith" : "$1"
},
"keyExtractionQueryParameter" : {
"enabled" : true,
"parameterName" : "api_key"
},
"keyExtractionCookie" : {
"enabled" : true,
"cookieName" : "ApiKey"
}
}
},
"dosAttackPrevention" : {
"enabled" : true,
"logOnly" : true,
"restrictions" : [ {
"enabled" : true,
"pathPattern" : {
"pattern" : "^%ENTRYDIR%/",
"caseIgnored" : true,
"inverted" : true
},
"maxRequestsPerInterval" : 1000,
"interval" : 30
} ]
},
"overloadPrevention" : {
"enabled" : true,
"logOnly" : true,
"restrictions" : [ {
"enabled" : true,
"pathPattern" : {
"pattern" : "^%ENTRYDIR%/",
"caseIgnored" : true,
"inverted" : true
},
"maxRequestsPerInterval" : 1000,
"interval" : 30
} ]
},
"requestBodyStreaming" : {
"enabled" : true,
"httpMethodPattern" : {
"pattern" : "^GET$",
"caseIgnored" : true,
"inverted" : false
},
"pathPattern" : {
"pattern" : "/path/",
"caseIgnored" : false,
"inverted" : false
},
"contentTypePattern" : {
"pattern" : "video/mpeg",
"caseIgnored" : false,
"inverted" : false
}
},
"httpParameterPollutionDetection" : {
"mixedTypes" : {
"enabled" : false,
"logOnly" : true,
"parameterNameExceptionPattern" : {
"pattern" : "",
"caseIgnored" : true,
"inverted" : true
}
},
"sameType" : {
"enabled" : false
}
},
"expertSettings" : {
"securityGate" : {
"enabled" : true,
"settings" : "AuthenticatedSessionsWarningPercentage \"90\""
},
"apache" : {
"enabled" : true,
"settings" : "MaxConnectionsPerChild 15000"
}
},
"locking" : {
"enabled" : true,
"labels" : true,
"access" : {
"deniedUrl" : {
"value" : true,
"mode" : true
},
"restrictions" : true,
"clientCertificateAuthentication" : true,
"authenticationFlow" : true,
"backendLogoutUrl" : true,
"backendLogoutHostHeader" : true,
"ntlmPassthroughEnabled" : true,
"credentialsPropagation" : {
"mandatory" : true,
"type" : true
},
"tokensEnabled" : true,
"tokenVerification" : {
"localJwksProviders" : true,
"remoteJwksProviders" : true,
"expiryCheckEnabled" : true,
"expiryCheckSkew" : true,
"claimRestrictions" : true,
"roleExtractions" : true,
"extractTechnicalClientIdEnabled" : true,
"extractTechnicalClientIdName" : true,
"setAuditTokenFromSubjectEnabled" : true
},
"tokenTransport" : {
"presenceMandatoryEnforced" : true,
"headerExtraction" : {
"enabled" : true,
"extractionPattern" : true,
"replaceWith" : true
},
"parameterExtraction" : {
"enabled" : true,
"name" : true
},
"cookieExtraction" : {
"enabled" : true,
"name" : true
}
}
},
"entryPath" : {
"settings" : true,
"enforceTrailingSlashes" : true,
"regexFormatEnforced" : true,
"priority" : true
},
"backendPath" : true,
"threatHandling" : true,
"operationalMode" : true,
"enableMaintenancePage" : true,
"ipRules" : {
"ipAddressWhitelists" : {
"logOnly" : true,
"pathIpAddressWhitelists" : true
},
"ipAddressBlacklists" : {
"logOnly" : true
},
"dynamicIpAddressBlacklist" : {
"enabled" : true,
"countMode" : true
}
},
"botManagement" : {
"logOnly" : false,
"clientCookieSupportEnforced" : true,
"wellKnownBots" : {
"allowed" : true,
"sourceDomainEnforced" : true
},
"customBots" : {
"allowed" : true,
"sourceDomainEnforced" : true,
"userAgentPattern" : true,
"domainPattern" : true
}
},
"timeouts" : {
"backend" : true,
"sessionIdle" : true
},
"limits" : {
"general" : {
"maxRequestBodySize" : true,
"maxPathLength" : true
},
"http" : {
"maxParameters" : true,
"maxParameterNameLength" : true,
"maxParameterValueLength" : true,
"maxParameterLengthException" : true
},
"json" : {
"enabled" : true,
"maxKeyLength" : true,
"maxValueLength" : true,
"maxLengthException" : true,
"maxNestingDepth" : true,
"maxArrayItems" : true,
"maxKeys" : true,
"maxTotalEntries" : true
},
"graphql" : {
"enabled" : true,
"maxQuerySize" : true,
"maxQueryNestingDepth" : true,
"maxValueLength" : true,
"maxLengthException" : true
}
},
"csrfProtection" : {
"enabled" : true,
"invalidTokenRedirectLocation" : true,
"pathExceptions" : true
},
"application" : {
"sessionHandling" : true,
"controlApiAllowed" : true,
"environmentCookiesEnabled" : true,
"encryptedCookies" : {
"enabled" : true,
"prefix" : true
},
"passthroughCookies" : {
"enabled" : true,
"prefix" : true
},
"loadBalancingCookieEnabled" : true,
"webSocketsAllowed" : true,
"redirectForErrorPageEnabled" : true,
"request" : {
"charset" : true,
"path" : {
"enforceUtf8" : true
},
"header" : {
"enforceUtf8" : true,
"allowlist" : {
"defaultEnabled" : true,
"additional" : true
},
"denylist" : {
"defaultEnabled" : true,
"additional" : true
}
},
"parameter" : {
"enforceUtf8" : true
}
},
"response" : {
"compressionAllowed" : true,
"stripCommentsEnabled" : true,
"header" : {
"allowlist" : {
"defaultEnabled" : true,
"additional" : true
},
"denylist" : {
"defaultEnabled" : true,
"additional" : true
},
"location" : {
"rewrites" : true
}
},
"json" : {
"rewrites" : true
},
"body" : {
"rewrites" : true
},
"html" : {
"rewrites" : true
},
"errorPage" : {
"rewrites" : true
}
}
},
"apiSecurity" : {
"treatPathSegmentsAsParamValues" : true,
"json" : {
"valuesChecked" : true,
"contentTypePattern" : true,
"pathExceptions" : true
},
"graphql" : {
"enabled" : true,
"logOnly" : true,
"mutationsAllowed" : true,
"introspectionAllowed" : true,
"valuesChecked" : true,
"schemaEnforced" : true
},
"openApi" : {
"enabled" : true,
"logOnly" : true,
"documentId" : true,
"responseCheckEnforced" : true,
"pathMatching" : true,
"specificationPublished" : true,
"specificationPublishPath" : true
},
"apiPolicy" : {
"enabled" : true,
"serviceId" : true,
"keyExtractionHeader" : {
"enabled" : true,
"extractionPattern" : true,
"replaceWith" : true
},
"keyExtractionQueryParameter" : {
"enabled" : true,
"parameterName" : true
},
"keyExtractionCookie" : {
"enabled" : true,
"cookieName" : true
}
}
},
"dosAttackPrevention" : {
"enabled" : true,
"logOnly" : true,
"ipAddressException" : true,
"restrictions" : true
},
"overloadPrevention" : {
"enabled" : true,
"logOnly" : true,
"ipAddressException" : true,
"restrictions" : true
},
"requestBodyStreaming" : {
"enabled" : true,
"httpMethodPattern" : true,
"pathPattern" : true,
"contentTypePattern" : true
},
"httpParameterPollutionDetection" : {
"mixedTypes" : {
"enabled" : true,
"logOnly" : true,
"parameterNameExceptionPattern" : true
},
"sameType" : {
"enabled" : true
}
},
"icap" : {
"request" : {
"clientViews" : true,
"backendViews" : true
},
"response" : {
"backendViews" : true,
"clientViews" : true
}
}
}
},
"relationships" : {
"template" : {
"data" : {
"type" : "mapping-template",
"id" : "jwaxsKQ9IURXc/B+GE4KAZcjj2KmIofyWmX2OHF21Gw="
}
}
}
}
}
Create a Mapping from a Template
POST /configuration/mappings/create-from-template
Content-Type application/json
Accept application/json
The call to /configuration/mappings/create-from-template requires a system mapping template ID. Please refer to Access all System Mapping Templates for a list of available templates and their IDs.
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "create-mapping-from-template" for this call. |
|
|
yes |
ID of the system mapping template. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "mapping" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Allowed values: |
|
|
The host header to send with the logout request. |
|
|
Whenever an Airlock Gateway session terminates (either due to an explicit logout by the user or due to a session timeout), Airlock Gateway will call the given, unmodified path on the currently used back-end host with all information concerning this back-end application such as cookies, headers, etc. to allow clean session termination on the backend host. |
|
|
Specifies whether accessing this mapping requires the client to authenticate with a valid SSL client certificate. Allowed values: |
|
|
If true and the selected SSO credentials are missing, access to the mapping is denied and Airlock Gateway will redirect to either the global or the custom denied access URL. |
|
|
Defines if SSO credentials set by the control API will be forwarded to the back-end application or not. These credentials are typically set by the authentication service upon successful authentication. Allowed values: |
|
|
Allowed values: |
|
|
Location (URL) of the authentication service. In case the required role for the mapping is missing on the current session, Airlock Gateway will redirect the client to this location. |
|
|
Airlock Gateway is enabled to handle HTTP connections with transparent client to back-end NTLM authentication. Since the authorization of NTLM authenticated connections is bound to the underlying TCP connection, the client and back-end connections are correlated as soon as a NTLM handshake is detected. These one-to-one bindings of client and back-end connections exist until client connections are closed. It is guaranteed that no back-end connection authenticated using NTLM is ever reused by another client connection. NTLM has well-known security flaws. We strongly recommend adding additional security measures when exposing NTLM authentication to the Internet. If possible, Kerberos should be preferred over NTLM, as suggested by Microsoft. |
|
|
List of mandatory plans. Only sessions which have at least one of these plans will be able to access the service. |
|
|
List of mandatory roles. Only sessions which have at least one of these roles will be able to access the service. |
|
|
Whether access restriction is enabled. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
If enabled, Airlock Gateway will extract the token from the specified cookie. |
|
|
Name of the cookie. |
|
|
If enabled, Airlock Gateway will extract the token from the specified header. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
The rewrite expression for the header extraction. |
|
|
If enabled, Airlock Gateway will extract the token from the specified query parameter. |
|
|
Name of the query parameter. |
|
|
If not enforced, requests without a token are accepted. However, if a token is present, it is extracted and validated and the configured restrictions and role extractions are applied. |
|
|
Whether this claim extraction rule is enabled. |
|
|
Name of the claim you want to restrict. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
If enabled, the JWT standard claims expiry (exp) and not before (nbf) will be checked and must be valid. |
|
|
Allowed skew when checking expiry / not before in seconds. This can be used if verification fails because of time synchronization issues with the token issuer and your Airlock. |
|
|
If enabled, a technical client ID is extracted from the JWT. |
|
|
Name of the claim to extract as technical client ID. |
|
|
Whether this claim extraction rule is enabled. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Name of the claim you want to extract a role from. |
|
|
The rewrite expression of the role. |
|
|
If enforced, the expiry claim (exp) of the JWT will be used as the role lifetime. |
|
|
If enabled, the 'sub' claim is extracted from the JWT and its value is used as audit token of the current Airlock session. |
|
|
If enforced, the JWT’s signature must be present and valid. |
|
|
Whether access tokens should be processed. |
|
|
Whether to enable the API policy service. |
|
|
Name of the cookie. |
|
|
If enabled, Airlock Gateway will extract the API key from the specified cookie. |
|
|
If enabled, Airlock Gateway will extract the API key from the specified header. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Rewrite expression for the header extraction. |
|
|
If enabled, Airlock Gateway will extract the API key from the specified query parameter. |
|
|
Name of the query parameter. |
|
|
GraphQL inspections are enabled. |
|
|
Indicates if introspection is allowed. |
|
|
If true, requests containing invalid GraphQL payload are only logged but not blocked. |
|
|
Indicates if mutations are allowed. |
|
|
Indicates an optionally provided GraphQL schema is checked and enforced. |
|
|
Indicates if values are checked against allow and deny rules. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
If set to true, Airlock Gateway filters JSON attributes with allow rules and deny rules. |
|
|
Whether traffic to/from this service shall be checked against an API specification provided in the OpenAPI format.If enforced, traffic not conforming to the API specification will be blocked. |
|
|
If enabled, potential attack requests are only logged but not blocked. |
|
|
Run OpenAPI path matching against client or server view of request/response. Allowed values: |
|
|
If enabled, responses are also checked against the API specification. |
|
|
External path to the API specification. Note that the entry path will be added in front of it. |
|
|
If enabled, allow clients to download the API specification. |
|
|
If enabled, each path segment is interpreted as a separate parameter value and the deny rules for parameter values are applied to it. |
|
|
Whether this service is allowed to use Airlock Gateway’s back-end API via the control cookie mechanism. Normally, only the authentication application should be allowed to use the back-end control API of Airlock Gateway. |
|
|
Enables encryption of cookies which are sent to the client. |
|
|
Regular expression for cookies that should be cryptographically encrypted before being sent to the client. |
|
|
Whether this service should receive the Airlock Gateway environment cookies that contain useful information about the connection to the client. |
|
|
If enabled, load balancing information is sent to the client in a load balancing cookie. Disable if no load balancing is needed and no cookie should be generated for this purpose. |
|
|
Whether 'Passthrough Cookies' are enabled. Passthrough Cookies are cookies which are sent in plain format to the client. |
|
|
Regular expression to select cookies that should be treated as 'Passthrough Cookies'. |
|
|
If enabled, Airlock Gateway will deliver error pages by sending a HTTP redirect pointing to the error page to its clients. Otherwise the error page will be directly returned. |
|
|
Parameter values that are sent in HTTP requests from the client are interpreted by Airlock Gateway as if they were encoded using the given charset. If Airlock Gateway detects that the charset does not match, it tries to use the fallback charset. Allowed values: |
|
|
Additional headers to allow. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The actual pattern. |
|
|
If enabled, default header allow list will be applied. |
|
|
Additional headers to deny. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The actual pattern. |
|
|
If enabled, default header deny list will be applied. |
|
|
If enabled, requests which contain invalid UTF-8 sequences in the headers will be blocked. |
|
|
If enabled, requests which contain invalid UTF-8 sequences in the parameters will be blocked. |
|
|
If enabled, requests which contain invalid UTF-8 sequences in the path will be blocked. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
A response from the back-end server is rewritten only if the response headerContent-Type matches this regular expression. |
|
|
Whether rewrites are enabled. |
|
|
Target string which will replace the string matched by Content Pattern. |
|
|
Specifies whether Airlock Gateway should compress the output on-the-fly for the client browser (if supported and requested by the browser). |
|
|
Whether rewrites are enabled. |
|
|
Target string which will replace the string matched by HTTP status content pattern. |
|
|
The HTTP status code pattern. |
|
|
Additional headers to allow. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The actual pattern. |
|
|
If enabled, default header allow list will be applied. |
|
|
Additional headers to deny. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The actual pattern. |
|
|
If enabled, default header deny list will be applied. |
|
|
Whether rewrites are enabled. |
|
|
Target string which will replace the string matched by URL pattern. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Whether to apply the rule to <script> and <style> blocks embedded in the HTML page |
|
|
Whether rewrites are enabled. |
|
|
Whether to apply the rule to JavaScript event strings such as onsubmit, onload, etc. |
|
|
Target string which will replace the string matched by URL Pattern. |
|
|
Whether to apply the rule to linked HTML elements like href, src, etc. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Whether rewrites are enabled. |
|
|
A response from the back-end server is rewritten only if the JSON path matches this regular expression. |
|
|
Target string which will replace the string matched by Content Pattern. |
|
|
If enabled, Airlock Gateway removes HTML comments. |
|
|
Allowed values: |
|
|
Whether support for the WebSockets protocol as defined in RFC 6455 is enabled. |
|
|
The back-end path specifies the internal back-end path, i.e. the path of the request sent to the application server. |
|
|
If enabled, only clients implementing a Cookie-Store will be able to access the application through this mapping. In contrast to regular browsers, most bots do not implement a Cookie-Store and will therefore be blocked if this setting is enabled. |
|
|
If enabled, custom bots are not blocked. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Do not block bots whose source-domain matches the "domain pattern". |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
If true, requests from bots are only logged but not blocked. |
|
|
Check the User-Agent to determine if a bot is well-known and do not block such bots. |
|
|
If enabled, a reverse IP lookup for well-known bots is performed to verify that the client’s IP address belongs to the operator of a well-known bot. |
|
|
Whether CSRF protection is enabled. |
|
|
If a missing or invalid CSRF token is detected, the client is redirected to the configured location. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Whether the DoS attack prevention filter is enabled. |
|
|
Whether the DoS attack prevention filter is log-only. |
|
|
List of request frequency restrictions. Processed in order, the first matching path will win. |
|
|
If enabled, the restriction is active. |
|
|
Interval for measurement of allowed requests per IP address (seconds). |
|
|
Maximum requests allowed per IP address. |
|
|
Triggers the restriction if the path of the request matches. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether the maintenance page is enabled. |
|
|
Whether a trailing slash is mandatory at the end of the entry path or not. |
|
|
Whether the entry path should be case sensitive. |
|
|
The priority guarantees a deterministic selection of the mapping for a given request path. |
|
|
Whether the entry path (the external URL path of the mapping) should be interpreted as regular expression or not. |
|
|
The entry path specifies the external URL path the mapping should be available under. For each incoming request, Airlock Gateway compares the URL with the entry path to find the right mapping. |
|
|
Expert settings for the Apache web listener. |
|
|
Whether the Apache expert settings are enabled. |
|
|
Expert settings for the Apache web listener. |
|
|
Expert settings for the Security Gate. |
|
|
Whether the Security Gate expert settings are enabled. |
|
|
Expert settings for the Security Gate. |
|
|
Allows the detection of HTTP Parameter Pollution (HPP) attacks involving both HTTP GET and HTTP POST parameters (thus involving parameters of different/mixed types). |
|
|
If enabled, requests containing HTTP GET and HTTP POST parameters of the same name are blocked to prevent HPP attacks. |
|
|
If true, potential HPP attack requests are only logged but not blocked. |
|
|
Parameters named with a name matching this regular expression pattern will be ignored by the HPP detection. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Allows the detection of HTTP Parameter Pollution (HPP) attacks involving only HTTP GET or only HTTP POST parameters (thus involving only parameters of the same type). |
|
|
If enabled, parameters named with the same name and type (HTTP GET or POST) are joined together into one parameter before filtering to prevent HPP attacks. |
|
|
Counting mode of dynamic IP address blacklist blocks. Allowed values: |
|
|
If enabled, IPs on the dynamic IP address blacklist are blocked. |
|
|
If true, requests whose source IP address is contained in one of the configured IP Blacklists are only logged but not blocked. |
|
|
List of threat categories which should be blocked (;-separated string). Categories: |
|
|
If true, requests whose source IP address is not contained in one of the configured IP address whitelists are only logged but not blocked. |
|
|
If enabled, IP address whitelists will be applied if path matches. |
|
|
The IDs of referenced IP address whitelists |
|
|
IP address whitelists will be checked only for requests whose path matches this regular expression pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
List of assigned Labels (freely defined textual tags). Labels allow grouping of mappings with a common aspect, e.g. all mappings belonging to the same application. |
|
|
Defines the maximum path length for requests to the current mapping. |
|
|
Defines the maximum size of the request body. It specifies the number of bytes from 0 (meaning unlimited) to 2147483647 (2GB) that are allowed in a request body. To restrict the size of file uploads, set this limit to the maximum combined size of all files uploaded at once. |
|
|
Whether limits are enabled. |
|
|
Defines the maximum nesting depth. |
|
|
Defines the maximum number of parameters inside the request. |
|
|
Defines the maximum value length for a query parameter. |
|
|
Defines the maximum length for a parameter name. |
|
|
Defines the maximum length for a parameter value. |
|
|
Defines the maximum number of parameters inside the request. |
|
|
Whether JSON limits are enabled. |
|
|
Defines the maximum number of items for a single JSON array (non-recursive). |
|
|
Defines the maximum length for a JSON key, also known as "JSON property" or "JSON object member". |
|
|
Defines the maximum number of keys of a single JSON object (non-recursive). |
|
|
Defines the maximum depth of nesting for JSON objects and JSON arrays. |
|
|
Defines the maximum number of keys and array items in the whole JSON document (recursive). |
|
|
Defines the maximum json value length for requests to the current mapping. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
If true, the state of the attribute locks is displayed in Airlock Gateway’s Configuration Center for this mapping. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. Note that this lock affects both the EntryPath’s 'value' and 'ignoreCase'. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
The unique name of the mapping. |
|
|
The mode in which the mapping runs. Allowed values: |
|
|
Whether the overload prevention filter is enabled. |
|
|
Whether the overload prevention filter is log-only. |
|
|
List of request frequency restrictions. Processed in order, the first matching path will win. |
|
|
If enabled, the restriction is active. |
|
|
Interval for measurement of allowed requests per IP address (seconds). |
|
|
Maximum requests allowed per IP address. |
|
|
Triggers the restriction if the path of the request matches. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Only requests whose content type header matches this regular expression pattern will be streamed. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether request body streaming is enabled. If enabled, only requests matching all three regular expression patterns will be streamed. |
|
|
Only requests whose HTTP method matches this regular expression pattern will be streamed. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Only requests whose path matches this regular expression pattern will be streamed. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Tenant of the mapping. |
|
|
Defines how policy violations, e.g., missing allow rules, matching deny rules, URL encryption and form protection violations, are handled. Allowed values: |
|
|
Defines the time (seconds) Airlock Gateway will wait for the back-end response. |
|
|
Defines the minimum session idle time (seconds) of Airlock Gateway for this mapping. |
|
|
The virtual-host references. |
|
|
The data type of the referenced resource. Must be "virtual-host" for this call. |
|
|
The ID of the virtual-host resource. |
|
|
The back-end-group references. |
|
|
The data type of the referenced resource. Must be "back-end-group" for this call. |
|
|
The ID of the back-end-group resource. |
|
|
The local-json-web-key-set references. |
|
|
The data type of the referenced resource. Must be "local-json-web-key-set" for this call. |
|
|
The ID of the local-json-web-key-set resource. |
|
|
The remote-json-web-key-set references. |
|
|
The data type of the referenced resource. Must be "remote-json-web-key-set" for this call. |
|
|
The ID of the remote-json-web-key-set resource. |
|
|
The openapi-document references. |
|
|
The data type of the referenced resource. Must be "openapi-document" for this call. |
|
|
The ID of the openapi-document resource. |
|
|
The graphql-document references. |
|
|
The data type of the referenced resource. Must be "graphql-document" for this call. |
|
|
The ID of the graphql-document resource. |
|
|
The api-policy-service references. |
|
|
The data type of the referenced resource. Must be "api-policy-service" for this call. |
|
|
The ID of the api-policy-service resource. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
|
|
The icap-environment references. |
|
|
The data type of the referenced resource. Must be "icap-environment" for this call. |
|
|
The ID of the icap-environment resource. |
|
|
The JSON API meta type, which is: "jsonapi.meta" |
|
|
Whether this ICAP handler is enabled. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
The icap-environment references. |
|
|
The data type of the referenced resource. Must be "icap-environment" for this call. |
|
|
The ID of the icap-environment resource. |
|
|
The JSON API meta type, which is: "jsonapi.meta" |
|
|
Whether this ICAP handler is enabled. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
The icap-environment references. |
|
|
The data type of the referenced resource. Must be "icap-environment" for this call. |
|
|
The ID of the icap-environment resource. |
|
|
The JSON API meta type, which is: "jsonapi.meta" |
|
|
Whether this ICAP handler is enabled. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
The icap-environment references. |
|
|
The data type of the referenced resource. Must be "icap-environment" for this call. |
|
|
The ID of the icap-environment resource. |
|
|
The JSON API meta type, which is: "jsonapi.meta" |
|
|
Whether this ICAP handler is enabled. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
The anomaly-shield-application references. |
|
|
The data type of the referenced resource. Must be "anomaly-shield-application" for this call. |
|
|
The ID of the anomaly-shield-application resource. |
|
|
The mapping-template references. |
|
|
The data type of the referenced resource. Must be "mapping-template" for this call. |
|
|
The ID of the mapping-template resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/create-from-template" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "create-mapping-from-template",
"attributes" : {
"id" : "FKBzf/MyoN5wczkklO7xN8+QMXtKo1y/C+qt2Lvh1ZM="
}
}
}'
Example Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 26106
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:03.012Z"
},
"data" : {
"type" : "mapping",
"id" : "3",
"attributes" : {
"name" : "Some_Mapping",
"labels" : [ ],
"tenant" : "NO_TENANT",
"entryPath" : {
"value" : "/",
"enforceTrailingSlashes" : true,
"regexFormatEnforced" : false,
"ignoreCase" : false,
"priority" : 0
},
"backendPath" : "/",
"threatHandling" : "BLOCK",
"operationalMode" : "PRODUCTION",
"enableMaintenancePage" : false,
"access" : {
"deniedUrl" : {
"value" : "/",
"mode" : "GLOBAL"
},
"restrictions" : [ {
"enabled" : true,
"httpMethodPattern" : {
"pattern" : "^GET$^POST$^HEAD$",
"caseIgnored" : false,
"inverted" : false
},
"entryPathPattern" : {
"pattern" : "/admin/",
"caseIgnored" : false,
"inverted" : false
},
"authorizedRoles" : [ "admin" ],
"authorizedPlans" : [ ]
} ],
"clientCertificateAuthentication" : "NOT_REQUIRED",
"authenticationFlow" : "REDIRECT",
"backendLogoutUrl" : "",
"backendLogoutHostHeader" : "",
"ntlmPassthroughEnabled" : false,
"credentialsPropagation" : {
"mandatory" : false,
"type" : "NONE"
},
"tokensEnabled" : false,
"tokenTransport" : {
"presenceMandatoryEnforced" : false,
"headerExtraction" : {
"enabled" : false,
"extractionPattern" : {
"pattern" : "^Authorization: Bearer (.*)$",
"caseIgnored" : true
},
"replaceWith" : "$1"
},
"parameterExtraction" : {
"enabled" : false,
"name" : ""
},
"cookieExtraction" : {
"enabled" : false,
"name" : ""
}
},
"tokenVerification" : {
"signatureCheckEnforced" : true,
"expiryCheckEnabled" : false,
"expiryCheckSkew" : 10,
"extractTechnicalClientIdEnabled" : false,
"extractTechnicalClientIdName" : "",
"setAuditTokenFromSubjectEnabled" : false,
"claimRestrictions" : [ {
"enabled" : true,
"name" : "starts-with-valid",
"restrictionPattern" : {
"pattern" : "^valid",
"caseIgnored" : false,
"inverted" : false
}
} ],
"roleExtractions" : [ {
"enabled" : true,
"name" : "static-jwt-role",
"extractionPattern" : {
"pattern" : ".*",
"caseIgnored" : false
},
"replaceWith" : "static-jwt-role",
"tokenLifetimeAsRoleLifetimeEnforced" : false
} ]
}
},
"ipRules" : {
"ipAddressWhitelists" : {
"logOnly" : false,
"pathWhitelists" : [ {
"enabled" : true,
"pathPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
},
"ipAddressListIds" : [ ]
} ]
},
"ipAddressBlacklists" : {
"logOnly" : false,
"webrootThreatCategories" : ""
},
"dynamicIpAddressBlacklist" : {
"enabled" : false,
"countMode" : "OFF"
}
},
"botManagement" : {
"logOnly" : false,
"clientCookieSupportEnforced" : false,
"wellKnownBots" : {
"allowed" : false,
"sourceDomainEnforced" : false
},
"customBots" : {
"allowed" : false,
"sourceDomainEnforced" : false,
"userAgentPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
},
"domainPattern" : {
"pattern" : "",
"inverted" : false
}
}
},
"timeouts" : {
"backend" : 120,
"sessionIdle" : 0
},
"limits" : {
"general" : {
"maxRequestBodySize" : 104857600,
"maxPathLength" : 1024
},
"http" : {
"maxParameters" : 128,
"maxParameterNameLength" : 128,
"maxParameterValueLength" : 1024
},
"json" : {
"enabled" : true,
"maxKeyLength" : 256,
"maxValueLength" : 8192,
"maxNestingDepth" : 100,
"maxArrayItems" : 500,
"maxKeys" : 250,
"maxTotalEntries" : 150000
},
"graphql" : {
"enabled" : false,
"maxQuerySize" : 1024,
"maxQueryNestingDepth" : 10,
"maxValueLength" : 256
}
},
"csrfProtection" : {
"enabled" : true,
"invalidTokenRedirectLocation" : "/%ENTRYPATH%",
"pathExceptions" : [ {
"pattern" : "/test/",
"caseIgnored" : false
} ]
},
"application" : {
"sessionHandling" : "ENFORCE_SESSION",
"controlApiAllowed" : false,
"environmentCookiesEnabled" : false,
"encryptedCookies" : {
"enabled" : false,
"prefix" : ""
},
"passthroughCookies" : {
"enabled" : false,
"prefix" : ""
},
"loadBalancingCookieEnabled" : false,
"webSocketsAllowed" : false,
"redirectForErrorPageEnabled" : true,
"request" : {
"charset" : "UTF_8_FALLBACK_WINDOWS_1252",
"path" : {
"enforceUtf8" : false
},
"header" : {
"enforceUtf8" : false,
"allowlist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : false,
"pattern" : "^$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"denylist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : false,
"pattern" : "^$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
}
},
"parameter" : {
"enforceUtf8" : false
}
},
"response" : {
"compressionAllowed" : false,
"stripCommentsEnabled" : true,
"header" : {
"allowlist" : {
"defaultEnabled" : false,
"additional" : {
"enabled" : false,
"pattern" : "^$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"denylist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : false,
"pattern" : "^$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"location" : {
"rewrites" : [ {
"enabled" : true,
"urlPattern" : {
"pattern" : "^(?:https?://%BACKENDHOST%)?(/.*)?$",
"caseIgnored" : true
},
"replaceWith" : "$1"
} ]
}
},
"json" : {
"rewrites" : [ {
"enabled" : true,
"path" : "$.address.city",
"contentPattern" : {
"pattern" : "Basel",
"caseIgnored" : true
},
"replaceWith" : "Zurich"
} ]
},
"body" : {
"rewrites" : [ {
"enabled" : true,
"contentType" : "^text/css$",
"contentPattern" : {
"pattern" : "url[\\h\\v]*\\([\\h\\v]*(['\"]?)(?:https?://[^/'\")]*)?(?<URL>[^)'\"]*)(['\"]?)[\\h\\v]*\\)",
"caseIgnored" : true
},
"replaceWith" : "url($1$2$3)"
} ]
},
"html" : {
"rewrites" : [ {
"enabled" : true,
"urlPattern" : {
"pattern" : "/test/",
"caseIgnored" : true
},
"uris" : true,
"events" : false,
"embedded" : false,
"replaceWith" : "$1"
} ]
},
"errorPage" : {
"rewrites" : [ {
"enabled" : true,
"statusContentPattern" : "^401$",
"replaceWith" : "401.html"
}, {
"enabled" : true,
"statusContentPattern" : "^403$",
"replaceWith" : "403.html"
}, {
"enabled" : true,
"statusContentPattern" : "^404$",
"replaceWith" : "404.html"
}, {
"enabled" : true,
"statusContentPattern" : "^4(?!01|03|04)..$",
"replaceWith" : "400.html"
}, {
"enabled" : true,
"statusContentPattern" : "^502$",
"replaceWith" : "502.html"
}, {
"enabled" : true,
"statusContentPattern" : "^503$",
"replaceWith" : "503.html"
}, {
"enabled" : true,
"statusContentPattern" : "^5(?!02|03)..$",
"replaceWith" : "500.html"
} ]
}
}
},
"apiSecurity" : {
"treatPathSegmentsAsParamValues" : false,
"json" : {
"valuesChecked" : true,
"contentTypePattern" : {
"pattern" : "json",
"caseIgnored" : true,
"inverted" : false
},
"pathExceptions" : [ {
"pattern" : "^/json-parser-exception$",
"caseIgnored" : false
} ]
},
"graphql" : {
"enabled" : false,
"logOnly" : false,
"mutationsAllowed" : true,
"introspectionAllowed" : true,
"valuesChecked" : true,
"schemaEnforced" : false
},
"openApi" : {
"enabled" : false,
"logOnly" : false,
"responseCheckEnforced" : false,
"pathMatching" : "ClientView",
"specificationPublished" : false,
"specificationPublishPath" : ""
},
"apiPolicy" : {
"enabled" : false,
"keyExtractionHeader" : {
"enabled" : true,
"extractionPattern" : {
"pattern" : "^Api-Key: (.*)$",
"caseIgnored" : false,
"inverted" : false
},
"replaceWith" : "$1"
},
"keyExtractionQueryParameter" : {
"enabled" : false,
"parameterName" : "api_key"
},
"keyExtractionCookie" : {
"enabled" : false,
"cookieName" : "ApiKey"
}
}
},
"dosAttackPrevention" : {
"enabled" : true,
"logOnly" : false,
"restrictions" : [ {
"enabled" : true,
"pathPattern" : {
"pattern" : "^%ENTRYDIR%/",
"caseIgnored" : false,
"inverted" : false
},
"maxRequestsPerInterval" : 500,
"interval" : 60
} ]
},
"overloadPrevention" : {
"enabled" : true,
"logOnly" : false,
"restrictions" : [ {
"enabled" : true,
"pathPattern" : {
"pattern" : ".*",
"caseIgnored" : false,
"inverted" : false
},
"maxRequestsPerInterval" : 500,
"interval" : 60
} ]
},
"requestBodyStreaming" : {
"enabled" : false,
"httpMethodPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
},
"pathPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
},
"contentTypePattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
}
},
"httpParameterPollutionDetection" : {
"mixedTypes" : {
"enabled" : true,
"logOnly" : false,
"parameterNameExceptionPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
}
},
"sameType" : {
"enabled" : true
}
},
"expertSettings" : {
"securityGate" : {
"enabled" : false,
"settings" : ""
},
"apache" : {
"enabled" : false,
"settings" : ""
}
},
"locking" : {
"enabled" : false,
"labels" : false,
"access" : {
"deniedUrl" : {
"value" : false,
"mode" : false
},
"restrictions" : false,
"clientCertificateAuthentication" : false,
"authenticationFlow" : false,
"backendLogoutUrl" : false,
"backendLogoutHostHeader" : false,
"ntlmPassthroughEnabled" : false,
"credentialsPropagation" : {
"mandatory" : false,
"type" : false
},
"tokensEnabled" : false,
"tokenVerification" : {
"localJwksProviders" : false,
"remoteJwksProviders" : false,
"expiryCheckEnabled" : false,
"expiryCheckSkew" : false,
"claimRestrictions" : false,
"roleExtractions" : false,
"extractTechnicalClientIdEnabled" : false,
"extractTechnicalClientIdName" : false,
"setAuditTokenFromSubjectEnabled" : false
},
"tokenTransport" : {
"presenceMandatoryEnforced" : false,
"headerExtraction" : {
"enabled" : false,
"extractionPattern" : false,
"replaceWith" : false
},
"parameterExtraction" : {
"enabled" : false,
"name" : false
},
"cookieExtraction" : {
"enabled" : false,
"name" : false
}
}
},
"entryPath" : {
"settings" : false,
"enforceTrailingSlashes" : false,
"regexFormatEnforced" : false,
"priority" : false
},
"backendPath" : false,
"threatHandling" : false,
"operationalMode" : false,
"enableMaintenancePage" : false,
"ipRules" : {
"ipAddressWhitelists" : {
"logOnly" : false,
"pathIpAddressWhitelists" : false
},
"ipAddressBlacklists" : {
"logOnly" : false
},
"dynamicIpAddressBlacklist" : {
"enabled" : false,
"countMode" : false
}
},
"botManagement" : {
"logOnly" : false,
"clientCookieSupportEnforced" : false,
"wellKnownBots" : {
"allowed" : false,
"sourceDomainEnforced" : false
},
"customBots" : {
"allowed" : false,
"sourceDomainEnforced" : false,
"userAgentPattern" : false,
"domainPattern" : false
}
},
"timeouts" : {
"backend" : false,
"sessionIdle" : false
},
"limits" : {
"general" : {
"maxRequestBodySize" : false,
"maxPathLength" : false
},
"http" : {
"maxParameters" : false,
"maxParameterNameLength" : false,
"maxParameterValueLength" : false,
"maxParameterLengthException" : false
},
"json" : {
"enabled" : false,
"maxKeyLength" : false,
"maxValueLength" : false,
"maxLengthException" : false,
"maxNestingDepth" : false,
"maxArrayItems" : false,
"maxKeys" : false,
"maxTotalEntries" : false
},
"graphql" : {
"enabled" : false,
"maxQuerySize" : false,
"maxQueryNestingDepth" : false,
"maxValueLength" : false,
"maxLengthException" : false
}
},
"csrfProtection" : {
"enabled" : false,
"invalidTokenRedirectLocation" : false,
"pathExceptions" : false
},
"application" : {
"sessionHandling" : false,
"controlApiAllowed" : false,
"environmentCookiesEnabled" : false,
"encryptedCookies" : {
"enabled" : false,
"prefix" : false
},
"passthroughCookies" : {
"enabled" : false,
"prefix" : false
},
"loadBalancingCookieEnabled" : false,
"webSocketsAllowed" : false,
"redirectForErrorPageEnabled" : false,
"request" : {
"charset" : false,
"path" : {
"enforceUtf8" : false
},
"header" : {
"enforceUtf8" : false,
"allowlist" : {
"defaultEnabled" : false,
"additional" : false
},
"denylist" : {
"defaultEnabled" : false,
"additional" : false
}
},
"parameter" : {
"enforceUtf8" : false
}
},
"response" : {
"compressionAllowed" : false,
"stripCommentsEnabled" : false,
"header" : {
"allowlist" : {
"defaultEnabled" : false,
"additional" : false
},
"denylist" : {
"defaultEnabled" : false,
"additional" : false
},
"location" : {
"rewrites" : false
}
},
"json" : {
"rewrites" : false
},
"body" : {
"rewrites" : false
},
"html" : {
"rewrites" : false
},
"errorPage" : {
"rewrites" : false
}
}
},
"apiSecurity" : {
"treatPathSegmentsAsParamValues" : false,
"json" : {
"valuesChecked" : false,
"contentTypePattern" : false,
"pathExceptions" : false
},
"graphql" : {
"enabled" : false,
"logOnly" : false,
"mutationsAllowed" : false,
"introspectionAllowed" : false,
"valuesChecked" : false,
"schemaEnforced" : false
},
"openApi" : {
"enabled" : false,
"logOnly" : false,
"documentId" : false,
"responseCheckEnforced" : false,
"pathMatching" : false,
"specificationPublished" : false,
"specificationPublishPath" : false
},
"apiPolicy" : {
"enabled" : false,
"serviceId" : false,
"keyExtractionHeader" : {
"enabled" : false,
"extractionPattern" : false,
"replaceWith" : false
},
"keyExtractionQueryParameter" : {
"enabled" : false,
"parameterName" : false
},
"keyExtractionCookie" : {
"enabled" : false,
"cookieName" : false
}
}
},
"dosAttackPrevention" : {
"enabled" : false,
"logOnly" : false,
"ipAddressException" : false,
"restrictions" : false
},
"overloadPrevention" : {
"enabled" : false,
"logOnly" : false,
"ipAddressException" : false,
"restrictions" : false
},
"requestBodyStreaming" : {
"enabled" : false,
"httpMethodPattern" : false,
"pathPattern" : false,
"contentTypePattern" : false
},
"httpParameterPollutionDetection" : {
"mixedTypes" : {
"enabled" : false,
"logOnly" : false,
"parameterNameExceptionPattern" : false
},
"sameType" : {
"enabled" : false
}
},
"icap" : {
"request" : {
"clientViews" : false,
"backendViews" : false
},
"response" : {
"backendViews" : false,
"clientViews" : false
}
}
}
},
"relationships" : {
"back-end-groups" : {
"data" : [ {
"type" : "back-end-group",
"id" : "30"
} ]
},
"virtual-hosts" : {
"data" : [ {
"type" : "virtual-host",
"id" : "40"
} ]
},
"icap-request-client-views" : {
"data" : [ {
"type" : "icap-environment",
"id" : "0",
"meta" : {
"type" : "jsonapi.meta",
"usage" : {
"httpMethodPattern" : {
"caseIgnored" : "false",
"pattern" : "",
"inverted" : "false"
},
"pathPattern" : {
"caseIgnored" : "false",
"pattern" : ".*",
"inverted" : "false"
},
"requestHeaderNamePattern" : {
"caseIgnored" : "false",
"pattern" : "",
"inverted" : "false"
},
"requestHeaderValuePattern" : {
"caseIgnored" : "false",
"pattern" : "",
"inverted" : "false"
},
"enabled" : true
}
}
} ]
},
"icap-request-backend-views" : {
"data" : [ {
"type" : "icap-environment",
"id" : "0",
"meta" : {
"type" : "jsonapi.meta",
"usage" : {
"httpMethodPattern" : {
"caseIgnored" : "false",
"pattern" : "",
"inverted" : "false"
},
"pathPattern" : {
"caseIgnored" : "false",
"pattern" : "/url2",
"inverted" : "false"
},
"requestHeaderNamePattern" : {
"caseIgnored" : "false",
"pattern" : "",
"inverted" : "false"
},
"requestHeaderValuePattern" : {
"caseIgnored" : "false",
"pattern" : "",
"inverted" : "false"
},
"enabled" : true
}
}
} ]
},
"icap-response-backend-views" : {
"data" : [ {
"type" : "icap-environment",
"id" : "0",
"meta" : {
"type" : "jsonapi.meta",
"usage" : {
"httpMethodPattern" : {
"caseIgnored" : "false",
"pattern" : "",
"inverted" : "false"
},
"pathPattern" : {
"caseIgnored" : "false",
"pattern" : ".*",
"inverted" : "false"
},
"requestHeaderNamePattern" : {
"caseIgnored" : "false",
"pattern" : "",
"inverted" : "false"
},
"requestHeaderValuePattern" : {
"caseIgnored" : "false",
"pattern" : "",
"inverted" : "false"
},
"responseHeaderNamePattern" : {
"caseIgnored" : "false",
"pattern" : "",
"inverted" : "false"
},
"responseHeaderValuePattern" : {
"caseIgnored" : "false",
"pattern" : "",
"inverted" : "false"
},
"enabled" : true
}
}
} ]
},
"icap-response-client-views" : {
"data" : [ {
"type" : "icap-environment",
"id" : "0",
"meta" : {
"type" : "jsonapi.meta",
"usage" : {
"httpMethodPattern" : {
"caseIgnored" : "false",
"pattern" : "",
"inverted" : "false"
},
"pathPattern" : {
"caseIgnored" : "false",
"pattern" : ".*",
"inverted" : "false"
},
"requestHeaderNamePattern" : {
"caseIgnored" : "false",
"pattern" : "",
"inverted" : "false"
},
"requestHeaderValuePattern" : {
"caseIgnored" : "false",
"pattern" : "",
"inverted" : "false"
},
"responseHeaderNamePattern" : {
"caseIgnored" : "false",
"pattern" : "",
"inverted" : "false"
},
"responseHeaderValuePattern" : {
"caseIgnored" : "false",
"pattern" : "",
"inverted" : "false"
},
"enabled" : true
}
}
} ]
},
"template" : {
"data" : {
"type" : "mapping-template",
"id" : "vNaEppw52p2v1l/Vk7HqiR895gTv2mPS/9/50w+oQJo="
}
}
}
}
}
Update a Mapping
PATCH /configuration/mappings/{id}
Content-Type application/json
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "mapping" for this call. |
|
|
yes |
The ID of the resource to be addressed. |
|
|
no |
Allowed values: |
|
|
no |
The host header to send with the logout request. |
|
|
no |
Whenever an Airlock Gateway session terminates (either due to an explicit logout by the user or due to a session timeout), Airlock Gateway will call the given, unmodified path on the currently used back-end host with all information concerning this back-end application such as cookies, headers, etc. to allow clean session termination on the backend host. |
|
|
no |
Specifies whether accessing this mapping requires the client to authenticate with a valid SSL client certificate. Allowed values: |
|
|
no |
If true and the selected SSO credentials are missing, access to the mapping is denied and Airlock Gateway will redirect to either the global or the custom denied access URL. |
|
|
no |
Defines if SSO credentials set by the control API will be forwarded to the back-end application or not. These credentials are typically set by the authentication service upon successful authentication. Allowed values: |
|
|
no |
Allowed values: |
|
|
no |
Location (URL) of the authentication service. In case the required role for the mapping is missing on the current session, Airlock Gateway will redirect the client to this location. |
|
|
no |
Airlock Gateway is enabled to handle HTTP connections with transparent client to back-end NTLM authentication. Since the authorization of NTLM authenticated connections is bound to the underlying TCP connection, the client and back-end connections are correlated as soon as a NTLM handshake is detected. These one-to-one bindings of client and back-end connections exist until client connections are closed. It is guaranteed that no back-end connection authenticated using NTLM is ever reused by another client connection. NTLM has well-known security flaws. We strongly recommend adding additional security measures when exposing NTLM authentication to the Internet. If possible, Kerberos should be preferred over NTLM, as suggested by Microsoft. |
|
|
no |
List of mandatory plans. Only sessions which have at least one of these plans will be able to access the service. |
|
|
no |
List of mandatory roles. Only sessions which have at least one of these roles will be able to access the service. |
|
|
no |
Whether access restriction is enabled. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
If enabled, Airlock Gateway will extract the token from the specified cookie. |
|
|
no |
Name of the cookie. |
|
|
no |
If enabled, Airlock Gateway will extract the token from the specified header. |
|
|
no |
Whether to ignore case. |
|
|
no |
The actual pattern. |
|
|
no |
The rewrite expression for the header extraction. |
|
|
no |
If enabled, Airlock Gateway will extract the token from the specified query parameter. |
|
|
no |
Name of the query parameter. |
|
|
no |
If not enforced, requests without a token are accepted. However, if a token is present, it is extracted and validated and the configured restrictions and role extractions are applied. |
|
|
no |
Whether this claim extraction rule is enabled. |
|
|
no |
Name of the claim you want to restrict. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
If enabled, the JWT standard claims expiry (exp) and not before (nbf) will be checked and must be valid. |
|
|
no |
Allowed skew when checking expiry / not before in seconds. This can be used if verification fails because of time synchronization issues with the token issuer and your Airlock. |
|
|
no |
If enabled, a technical client ID is extracted from the JWT. |
|
|
no |
Name of the claim to extract as technical client ID. |
|
|
no |
Whether this claim extraction rule is enabled. |
|
|
no |
Whether to ignore case. |
|
|
no |
The actual pattern. |
|
|
no |
Name of the claim you want to extract a role from. |
|
|
no |
The rewrite expression of the role. |
|
|
no |
If enforced, the expiry claim (exp) of the JWT will be used as the role lifetime. |
|
|
no |
If enabled, the 'sub' claim is extracted from the JWT and its value is used as audit token of the current Airlock session. |
|
|
no |
If enforced, the JWT’s signature must be present and valid. |
|
|
no |
Whether access tokens should be processed. |
|
|
no |
Whether to enable the API policy service. |
|
|
no |
Name of the cookie. |
|
|
no |
If enabled, Airlock Gateway will extract the API key from the specified cookie. |
|
|
no |
If enabled, Airlock Gateway will extract the API key from the specified header. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Rewrite expression for the header extraction. |
|
|
no |
If enabled, Airlock Gateway will extract the API key from the specified query parameter. |
|
|
no |
Name of the query parameter. |
|
|
no |
GraphQL inspections are enabled. |
|
|
no |
Indicates if introspection is allowed. |
|
|
no |
If true, requests containing invalid GraphQL payload are only logged but not blocked. |
|
|
no |
Indicates if mutations are allowed. |
|
|
no |
Indicates an optionally provided GraphQL schema is checked and enforced. |
|
|
no |
Indicates if values are checked against allow and deny rules. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Whether to ignore case. |
|
|
no |
The actual pattern. |
|
|
no |
If set to true, Airlock Gateway filters JSON attributes with allow rules and deny rules. |
|
|
no |
Whether traffic to/from this service shall be checked against an API specification provided in the OpenAPI format.If enforced, traffic not conforming to the API specification will be blocked. |
|
|
no |
If enabled, potential attack requests are only logged but not blocked. |
|
|
no |
Run OpenAPI path matching against client or server view of request/response. Allowed values: |
|
|
no |
If enabled, responses are also checked against the API specification. |
|
|
no |
External path to the API specification. Note that the entry path will be added in front of it. |
|
|
no |
If enabled, allow clients to download the API specification. |
|
|
no |
If enabled, each path segment is interpreted as a separate parameter value and the deny rules for parameter values are applied to it. |
|
|
no |
Whether this service is allowed to use Airlock Gateway’s back-end API via the control cookie mechanism. Normally, only the authentication application should be allowed to use the back-end control API of Airlock Gateway. |
|
|
no |
Enables encryption of cookies which are sent to the client. |
|
|
no |
Regular expression for cookies that should be cryptographically encrypted before being sent to the client. |
|
|
no |
Whether this service should receive the Airlock Gateway environment cookies that contain useful information about the connection to the client. |
|
|
no |
If enabled, load balancing information is sent to the client in a load balancing cookie. Disable if no load balancing is needed and no cookie should be generated for this purpose. |
|
|
no |
Whether 'Passthrough Cookies' are enabled. Passthrough Cookies are cookies which are sent in plain format to the client. |
|
|
no |
Regular expression to select cookies that should be treated as 'Passthrough Cookies'. |
|
|
no |
If enabled, Airlock Gateway will deliver error pages by sending a HTTP redirect pointing to the error page to its clients. Otherwise the error page will be directly returned. |
|
|
no |
Parameter values that are sent in HTTP requests from the client are interpreted by Airlock Gateway as if they were encoded using the given charset. If Airlock Gateway detects that the charset does not match, it tries to use the fallback charset. Allowed values: |
|
|
no |
Additional headers to allow. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether the pattern is enabled. |
|
|
no |
Whether to invert the match. |
|
|
no |
Whether to interpret line breaks as logical ORs. |
|
|
no |
The actual pattern. |
|
|
no |
If enabled, default header allow list will be applied. |
|
|
no |
Additional headers to deny. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether the pattern is enabled. |
|
|
no |
Whether to invert the match. |
|
|
no |
Whether to interpret line breaks as logical ORs. |
|
|
no |
The actual pattern. |
|
|
no |
If enabled, default header deny list will be applied. |
|
|
no |
If enabled, requests which contain invalid UTF-8 sequences in the headers will be blocked. |
|
|
no |
If enabled, requests which contain invalid UTF-8 sequences in the parameters will be blocked. |
|
|
no |
If enabled, requests which contain invalid UTF-8 sequences in the path will be blocked. |
|
|
no |
Whether to ignore case. |
|
|
no |
The actual pattern. |
|
|
no |
A response from the back-end server is rewritten only if the response headerContent-Type matches this regular expression. |
|
|
no |
Whether rewrites are enabled. |
|
|
no |
Target string which will replace the string matched by Content Pattern. |
|
|
no |
Specifies whether Airlock Gateway should compress the output on-the-fly for the client browser (if supported and requested by the browser). |
|
|
no |
Whether rewrites are enabled. |
|
|
no |
Target string which will replace the string matched by HTTP status content pattern. |
|
|
no |
The HTTP status code pattern. |
|
|
no |
Additional headers to allow. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether the pattern is enabled. |
|
|
no |
Whether to invert the match. |
|
|
no |
Whether to interpret line breaks as logical ORs. |
|
|
no |
The actual pattern. |
|
|
no |
If enabled, default header allow list will be applied. |
|
|
no |
Additional headers to deny. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether the pattern is enabled. |
|
|
no |
Whether to invert the match. |
|
|
no |
Whether to interpret line breaks as logical ORs. |
|
|
no |
The actual pattern. |
|
|
no |
If enabled, default header deny list will be applied. |
|
|
no |
Whether rewrites are enabled. |
|
|
no |
Target string which will replace the string matched by URL pattern. |
|
|
no |
Whether to ignore case. |
|
|
no |
The actual pattern. |
|
|
no |
Whether to apply the rule to <script> and <style> blocks embedded in the HTML page |
|
|
no |
Whether rewrites are enabled. |
|
|
no |
Whether to apply the rule to JavaScript event strings such as onsubmit, onload, etc. |
|
|
no |
Target string which will replace the string matched by URL Pattern. |
|
|
no |
Whether to apply the rule to linked HTML elements like href, src, etc. |
|
|
no |
Whether to ignore case. |
|
|
no |
The actual pattern. |
|
|
no |
Whether to ignore case. |
|
|
no |
The actual pattern. |
|
|
no |
Whether rewrites are enabled. |
|
|
no |
A response from the back-end server is rewritten only if the JSON path matches this regular expression. |
|
|
no |
Target string which will replace the string matched by Content Pattern. |
|
|
no |
If enabled, Airlock Gateway removes HTML comments. |
|
|
no |
Allowed values: |
|
|
no |
Whether support for the WebSockets protocol as defined in RFC 6455 is enabled. |
|
|
no |
The back-end path specifies the internal back-end path, i.e. the path of the request sent to the application server. |
|
|
no |
If enabled, only clients implementing a Cookie-Store will be able to access the application through this mapping. In contrast to regular browsers, most bots do not implement a Cookie-Store and will therefore be blocked if this setting is enabled. |
|
|
no |
If enabled, custom bots are not blocked. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Do not block bots whose source-domain matches the "domain pattern". |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
If true, requests from bots are only logged but not blocked. |
|
|
no |
Check the User-Agent to determine if a bot is well-known and do not block such bots. |
|
|
no |
If enabled, a reverse IP lookup for well-known bots is performed to verify that the client’s IP address belongs to the operator of a well-known bot. |
|
|
no |
Whether CSRF protection is enabled. |
|
|
no |
If a missing or invalid CSRF token is detected, the client is redirected to the configured location. |
|
|
no |
Whether to ignore case. |
|
|
no |
The actual pattern. |
|
|
no |
Whether the DoS attack prevention filter is enabled. |
|
|
no |
Whether the DoS attack prevention filter is log-only. |
|
|
no |
List of request frequency restrictions. Processed in order, the first matching path will win. |
|
|
no |
If enabled, the restriction is active. |
|
|
no |
Interval for measurement of allowed requests per IP address (seconds). |
|
|
no |
Maximum requests allowed per IP address. |
|
|
no |
Triggers the restriction if the path of the request matches. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Whether the maintenance page is enabled. |
|
|
no |
Whether a trailing slash is mandatory at the end of the entry path or not. |
|
|
no |
Whether the entry path should be case sensitive. |
|
|
no |
The priority guarantees a deterministic selection of the mapping for a given request path. |
|
|
no |
Whether the entry path (the external URL path of the mapping) should be interpreted as regular expression or not. |
|
|
no |
The entry path specifies the external URL path the mapping should be available under. For each incoming request, Airlock Gateway compares the URL with the entry path to find the right mapping. |
|
|
no |
Expert settings for the Apache web listener. |
|
|
no |
Whether the Apache expert settings are enabled. |
|
|
no |
Expert settings for the Apache web listener. |
|
|
no |
Expert settings for the Security Gate. |
|
|
no |
Whether the Security Gate expert settings are enabled. |
|
|
no |
Expert settings for the Security Gate. |
|
|
no |
Allows the detection of HTTP Parameter Pollution (HPP) attacks involving both HTTP GET and HTTP POST parameters (thus involving parameters of different/mixed types). |
|
|
no |
If enabled, requests containing HTTP GET and HTTP POST parameters of the same name are blocked to prevent HPP attacks. |
|
|
no |
If true, potential HPP attack requests are only logged but not blocked. |
|
|
no |
Parameters named with a name matching this regular expression pattern will be ignored by the HPP detection. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Allows the detection of HTTP Parameter Pollution (HPP) attacks involving only HTTP GET or only HTTP POST parameters (thus involving only parameters of the same type). |
|
|
no |
If enabled, parameters named with the same name and type (HTTP GET or POST) are joined together into one parameter before filtering to prevent HPP attacks. |
|
|
no |
Counting mode of dynamic IP address blacklist blocks. Allowed values: |
|
|
no |
If enabled, IPs on the dynamic IP address blacklist are blocked. |
|
|
no |
If true, requests whose source IP address is contained in one of the configured IP Blacklists are only logged but not blocked. |
|
|
no |
List of threat categories which should be blocked (;-separated string). Categories: |
|
|
no |
If true, requests whose source IP address is not contained in one of the configured IP address whitelists are only logged but not blocked. |
|
|
no |
If enabled, IP address whitelists will be applied if path matches. |
|
|
no |
The IDs of referenced IP address whitelists |
|
|
no |
IP address whitelists will be checked only for requests whose path matches this regular expression pattern. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
List of assigned Labels (freely defined textual tags). Labels allow grouping of mappings with a common aspect, e.g. all mappings belonging to the same application. |
|
|
no |
Defines the maximum path length for requests to the current mapping. |
|
|
no |
Defines the maximum size of the request body. It specifies the number of bytes from 0 (meaning unlimited) to 2147483647 (2GB) that are allowed in a request body. To restrict the size of file uploads, set this limit to the maximum combined size of all files uploaded at once. |
|
|
no |
Whether limits are enabled. |
|
|
no |
Defines the maximum nesting depth. |
|
|
no |
Defines the maximum number of parameters inside the request. |
|
|
no |
Defines the maximum value length for a query parameter. |
|
|
no |
Defines the maximum length for a parameter name. |
|
|
no |
Defines the maximum length for a parameter value. |
|
|
no |
Defines the maximum number of parameters inside the request. |
|
|
no |
Whether JSON limits are enabled. |
|
|
no |
Defines the maximum number of items for a single JSON array (non-recursive). |
|
|
no |
Defines the maximum length for a JSON key, also known as "JSON property" or "JSON object member". |
|
|
no |
Defines the maximum number of keys of a single JSON object (non-recursive). |
|
|
no |
Defines the maximum depth of nesting for JSON objects and JSON arrays. |
|
|
no |
Defines the maximum number of keys and array items in the whole JSON document (recursive). |
|
|
no |
Defines the maximum json value length for requests to the current mapping. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
no |
If true, the state of the attribute locks is displayed in Airlock Gateway’s Configuration Center for this mapping. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
no |
Lock for the corresponding member. Note that this lock affects both the EntryPath’s 'value' and 'ignoreCase'. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
no |
The unique name of the mapping. |
|
|
no |
The mode in which the mapping runs. Allowed values: |
|
|
no |
Whether the overload prevention filter is enabled. |
|
|
no |
Whether the overload prevention filter is log-only. |
|
|
no |
List of request frequency restrictions. Processed in order, the first matching path will win. |
|
|
no |
If enabled, the restriction is active. |
|
|
no |
Interval for measurement of allowed requests per IP address (seconds). |
|
|
no |
Maximum requests allowed per IP address. |
|
|
no |
Triggers the restriction if the path of the request matches. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Only requests whose content type header matches this regular expression pattern will be streamed. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Whether request body streaming is enabled. If enabled, only requests matching all three regular expression patterns will be streamed. |
|
|
no |
Only requests whose HTTP method matches this regular expression pattern will be streamed. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Only requests whose path matches this regular expression pattern will be streamed. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Tenant of the mapping. |
|
|
no |
Defines how policy violations, e.g., missing allow rules, matching deny rules, URL encryption and form protection violations, are handled. Allowed values: |
|
|
no |
Defines the time (seconds) Airlock Gateway will wait for the back-end response. |
|
|
no |
Defines the minimum session idle time (seconds) of Airlock Gateway for this mapping. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "mapping" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Allowed values: |
|
|
The host header to send with the logout request. |
|
|
Whenever an Airlock Gateway session terminates (either due to an explicit logout by the user or due to a session timeout), Airlock Gateway will call the given, unmodified path on the currently used back-end host with all information concerning this back-end application such as cookies, headers, etc. to allow clean session termination on the backend host. |
|
|
Specifies whether accessing this mapping requires the client to authenticate with a valid SSL client certificate. Allowed values: |
|
|
If true and the selected SSO credentials are missing, access to the mapping is denied and Airlock Gateway will redirect to either the global or the custom denied access URL. |
|
|
Defines if SSO credentials set by the control API will be forwarded to the back-end application or not. These credentials are typically set by the authentication service upon successful authentication. Allowed values: |
|
|
Allowed values: |
|
|
Location (URL) of the authentication service. In case the required role for the mapping is missing on the current session, Airlock Gateway will redirect the client to this location. |
|
|
Airlock Gateway is enabled to handle HTTP connections with transparent client to back-end NTLM authentication. Since the authorization of NTLM authenticated connections is bound to the underlying TCP connection, the client and back-end connections are correlated as soon as a NTLM handshake is detected. These one-to-one bindings of client and back-end connections exist until client connections are closed. It is guaranteed that no back-end connection authenticated using NTLM is ever reused by another client connection. NTLM has well-known security flaws. We strongly recommend adding additional security measures when exposing NTLM authentication to the Internet. If possible, Kerberos should be preferred over NTLM, as suggested by Microsoft. |
|
|
List of mandatory plans. Only sessions which have at least one of these plans will be able to access the service. |
|
|
List of mandatory roles. Only sessions which have at least one of these roles will be able to access the service. |
|
|
Whether access restriction is enabled. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
If enabled, Airlock Gateway will extract the token from the specified cookie. |
|
|
Name of the cookie. |
|
|
If enabled, Airlock Gateway will extract the token from the specified header. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
The rewrite expression for the header extraction. |
|
|
If enabled, Airlock Gateway will extract the token from the specified query parameter. |
|
|
Name of the query parameter. |
|
|
If not enforced, requests without a token are accepted. However, if a token is present, it is extracted and validated and the configured restrictions and role extractions are applied. |
|
|
Whether this claim extraction rule is enabled. |
|
|
Name of the claim you want to restrict. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
If enabled, the JWT standard claims expiry (exp) and not before (nbf) will be checked and must be valid. |
|
|
Allowed skew when checking expiry / not before in seconds. This can be used if verification fails because of time synchronization issues with the token issuer and your Airlock. |
|
|
If enabled, a technical client ID is extracted from the JWT. |
|
|
Name of the claim to extract as technical client ID. |
|
|
Whether this claim extraction rule is enabled. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Name of the claim you want to extract a role from. |
|
|
The rewrite expression of the role. |
|
|
If enforced, the expiry claim (exp) of the JWT will be used as the role lifetime. |
|
|
If enabled, the 'sub' claim is extracted from the JWT and its value is used as audit token of the current Airlock session. |
|
|
If enforced, the JWT’s signature must be present and valid. |
|
|
Whether access tokens should be processed. |
|
|
Whether to enable the API policy service. |
|
|
Name of the cookie. |
|
|
If enabled, Airlock Gateway will extract the API key from the specified cookie. |
|
|
If enabled, Airlock Gateway will extract the API key from the specified header. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Rewrite expression for the header extraction. |
|
|
If enabled, Airlock Gateway will extract the API key from the specified query parameter. |
|
|
Name of the query parameter. |
|
|
GraphQL inspections are enabled. |
|
|
Indicates if introspection is allowed. |
|
|
If true, requests containing invalid GraphQL payload are only logged but not blocked. |
|
|
Indicates if mutations are allowed. |
|
|
Indicates an optionally provided GraphQL schema is checked and enforced. |
|
|
Indicates if values are checked against allow and deny rules. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
If set to true, Airlock Gateway filters JSON attributes with allow rules and deny rules. |
|
|
Whether traffic to/from this service shall be checked against an API specification provided in the OpenAPI format.If enforced, traffic not conforming to the API specification will be blocked. |
|
|
If enabled, potential attack requests are only logged but not blocked. |
|
|
Run OpenAPI path matching against client or server view of request/response. Allowed values: |
|
|
If enabled, responses are also checked against the API specification. |
|
|
External path to the API specification. Note that the entry path will be added in front of it. |
|
|
If enabled, allow clients to download the API specification. |
|
|
If enabled, each path segment is interpreted as a separate parameter value and the deny rules for parameter values are applied to it. |
|
|
Whether this service is allowed to use Airlock Gateway’s back-end API via the control cookie mechanism. Normally, only the authentication application should be allowed to use the back-end control API of Airlock Gateway. |
|
|
Enables encryption of cookies which are sent to the client. |
|
|
Regular expression for cookies that should be cryptographically encrypted before being sent to the client. |
|
|
Whether this service should receive the Airlock Gateway environment cookies that contain useful information about the connection to the client. |
|
|
If enabled, load balancing information is sent to the client in a load balancing cookie. Disable if no load balancing is needed and no cookie should be generated for this purpose. |
|
|
Whether 'Passthrough Cookies' are enabled. Passthrough Cookies are cookies which are sent in plain format to the client. |
|
|
Regular expression to select cookies that should be treated as 'Passthrough Cookies'. |
|
|
If enabled, Airlock Gateway will deliver error pages by sending a HTTP redirect pointing to the error page to its clients. Otherwise the error page will be directly returned. |
|
|
Parameter values that are sent in HTTP requests from the client are interpreted by Airlock Gateway as if they were encoded using the given charset. If Airlock Gateway detects that the charset does not match, it tries to use the fallback charset. Allowed values: |
|
|
Additional headers to allow. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The actual pattern. |
|
|
If enabled, default header allow list will be applied. |
|
|
Additional headers to deny. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The actual pattern. |
|
|
If enabled, default header deny list will be applied. |
|
|
If enabled, requests which contain invalid UTF-8 sequences in the headers will be blocked. |
|
|
If enabled, requests which contain invalid UTF-8 sequences in the parameters will be blocked. |
|
|
If enabled, requests which contain invalid UTF-8 sequences in the path will be blocked. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
A response from the back-end server is rewritten only if the response headerContent-Type matches this regular expression. |
|
|
Whether rewrites are enabled. |
|
|
Target string which will replace the string matched by Content Pattern. |
|
|
Specifies whether Airlock Gateway should compress the output on-the-fly for the client browser (if supported and requested by the browser). |
|
|
Whether rewrites are enabled. |
|
|
Target string which will replace the string matched by HTTP status content pattern. |
|
|
The HTTP status code pattern. |
|
|
Additional headers to allow. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The actual pattern. |
|
|
If enabled, default header allow list will be applied. |
|
|
Additional headers to deny. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The actual pattern. |
|
|
If enabled, default header deny list will be applied. |
|
|
Whether rewrites are enabled. |
|
|
Target string which will replace the string matched by URL pattern. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Whether to apply the rule to <script> and <style> blocks embedded in the HTML page |
|
|
Whether rewrites are enabled. |
|
|
Whether to apply the rule to JavaScript event strings such as onsubmit, onload, etc. |
|
|
Target string which will replace the string matched by URL Pattern. |
|
|
Whether to apply the rule to linked HTML elements like href, src, etc. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Whether rewrites are enabled. |
|
|
A response from the back-end server is rewritten only if the JSON path matches this regular expression. |
|
|
Target string which will replace the string matched by Content Pattern. |
|
|
If enabled, Airlock Gateway removes HTML comments. |
|
|
Allowed values: |
|
|
Whether support for the WebSockets protocol as defined in RFC 6455 is enabled. |
|
|
The back-end path specifies the internal back-end path, i.e. the path of the request sent to the application server. |
|
|
If enabled, only clients implementing a Cookie-Store will be able to access the application through this mapping. In contrast to regular browsers, most bots do not implement a Cookie-Store and will therefore be blocked if this setting is enabled. |
|
|
If enabled, custom bots are not blocked. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Do not block bots whose source-domain matches the "domain pattern". |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
If true, requests from bots are only logged but not blocked. |
|
|
Check the User-Agent to determine if a bot is well-known and do not block such bots. |
|
|
If enabled, a reverse IP lookup for well-known bots is performed to verify that the client’s IP address belongs to the operator of a well-known bot. |
|
|
Whether CSRF protection is enabled. |
|
|
If a missing or invalid CSRF token is detected, the client is redirected to the configured location. |
|
|
Whether to ignore case. |
|
|
The actual pattern. |
|
|
Whether the DoS attack prevention filter is enabled. |
|
|
Whether the DoS attack prevention filter is log-only. |
|
|
List of request frequency restrictions. Processed in order, the first matching path will win. |
|
|
If enabled, the restriction is active. |
|
|
Interval for measurement of allowed requests per IP address (seconds). |
|
|
Maximum requests allowed per IP address. |
|
|
Triggers the restriction if the path of the request matches. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether the maintenance page is enabled. |
|
|
Whether a trailing slash is mandatory at the end of the entry path or not. |
|
|
Whether the entry path should be case sensitive. |
|
|
The priority guarantees a deterministic selection of the mapping for a given request path. |
|
|
Whether the entry path (the external URL path of the mapping) should be interpreted as regular expression or not. |
|
|
The entry path specifies the external URL path the mapping should be available under. For each incoming request, Airlock Gateway compares the URL with the entry path to find the right mapping. |
|
|
Expert settings for the Apache web listener. |
|
|
Whether the Apache expert settings are enabled. |
|
|
Expert settings for the Apache web listener. |
|
|
Expert settings for the Security Gate. |
|
|
Whether the Security Gate expert settings are enabled. |
|
|
Expert settings for the Security Gate. |
|
|
Allows the detection of HTTP Parameter Pollution (HPP) attacks involving both HTTP GET and HTTP POST parameters (thus involving parameters of different/mixed types). |
|
|
If enabled, requests containing HTTP GET and HTTP POST parameters of the same name are blocked to prevent HPP attacks. |
|
|
If true, potential HPP attack requests are only logged but not blocked. |
|
|
Parameters named with a name matching this regular expression pattern will be ignored by the HPP detection. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Allows the detection of HTTP Parameter Pollution (HPP) attacks involving only HTTP GET or only HTTP POST parameters (thus involving only parameters of the same type). |
|
|
If enabled, parameters named with the same name and type (HTTP GET or POST) are joined together into one parameter before filtering to prevent HPP attacks. |
|
|
Counting mode of dynamic IP address blacklist blocks. Allowed values: |
|
|
If enabled, IPs on the dynamic IP address blacklist are blocked. |
|
|
If true, requests whose source IP address is contained in one of the configured IP Blacklists are only logged but not blocked. |
|
|
List of threat categories which should be blocked (;-separated string). Categories: |
|
|
If true, requests whose source IP address is not contained in one of the configured IP address whitelists are only logged but not blocked. |
|
|
If enabled, IP address whitelists will be applied if path matches. |
|
|
The IDs of referenced IP address whitelists |
|
|
IP address whitelists will be checked only for requests whose path matches this regular expression pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
List of assigned Labels (freely defined textual tags). Labels allow grouping of mappings with a common aspect, e.g. all mappings belonging to the same application. |
|
|
Defines the maximum path length for requests to the current mapping. |
|
|
Defines the maximum size of the request body. It specifies the number of bytes from 0 (meaning unlimited) to 2147483647 (2GB) that are allowed in a request body. To restrict the size of file uploads, set this limit to the maximum combined size of all files uploaded at once. |
|
|
Whether limits are enabled. |
|
|
Defines the maximum nesting depth. |
|
|
Defines the maximum number of parameters inside the request. |
|
|
Defines the maximum value length for a query parameter. |
|
|
Defines the maximum length for a parameter name. |
|
|
Defines the maximum length for a parameter value. |
|
|
Defines the maximum number of parameters inside the request. |
|
|
Whether JSON limits are enabled. |
|
|
Defines the maximum number of items for a single JSON array (non-recursive). |
|
|
Defines the maximum length for a JSON key, also known as "JSON property" or "JSON object member". |
|
|
Defines the maximum number of keys of a single JSON object (non-recursive). |
|
|
Defines the maximum depth of nesting for JSON objects and JSON arrays. |
|
|
Defines the maximum number of keys and array items in the whole JSON document (recursive). |
|
|
Defines the maximum json value length for requests to the current mapping. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
If true, the state of the attribute locks is displayed in Airlock Gateway’s Configuration Center for this mapping. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. Note that this lock affects both the EntryPath’s 'value' and 'ignoreCase'. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
The unique name of the mapping. |
|
|
The mode in which the mapping runs. Allowed values: |
|
|
Whether the overload prevention filter is enabled. |
|
|
Whether the overload prevention filter is log-only. |
|
|
List of request frequency restrictions. Processed in order, the first matching path will win. |
|
|
If enabled, the restriction is active. |
|
|
Interval for measurement of allowed requests per IP address (seconds). |
|
|
Maximum requests allowed per IP address. |
|
|
Triggers the restriction if the path of the request matches. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Only requests whose content type header matches this regular expression pattern will be streamed. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether request body streaming is enabled. If enabled, only requests matching all three regular expression patterns will be streamed. |
|
|
Only requests whose HTTP method matches this regular expression pattern will be streamed. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Only requests whose path matches this regular expression pattern will be streamed. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Tenant of the mapping. |
|
|
Defines how policy violations, e.g., missing allow rules, matching deny rules, URL encryption and form protection violations, are handled. Allowed values: |
|
|
Defines the time (seconds) Airlock Gateway will wait for the back-end response. |
|
|
Defines the minimum session idle time (seconds) of Airlock Gateway for this mapping. |
|
|
The virtual-host references. |
|
|
The data type of the referenced resource. Must be "virtual-host" for this call. |
|
|
The ID of the virtual-host resource. |
|
|
The back-end-group references. |
|
|
The data type of the referenced resource. Must be "back-end-group" for this call. |
|
|
The ID of the back-end-group resource. |
|
|
The local-json-web-key-set references. |
|
|
The data type of the referenced resource. Must be "local-json-web-key-set" for this call. |
|
|
The ID of the local-json-web-key-set resource. |
|
|
The remote-json-web-key-set references. |
|
|
The data type of the referenced resource. Must be "remote-json-web-key-set" for this call. |
|
|
The ID of the remote-json-web-key-set resource. |
|
|
The openapi-document references. |
|
|
The data type of the referenced resource. Must be "openapi-document" for this call. |
|
|
The ID of the openapi-document resource. |
|
|
The graphql-document references. |
|
|
The data type of the referenced resource. Must be "graphql-document" for this call. |
|
|
The ID of the graphql-document resource. |
|
|
The api-policy-service references. |
|
|
The data type of the referenced resource. Must be "api-policy-service" for this call. |
|
|
The ID of the api-policy-service resource. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
|
|
The icap-environment references. |
|
|
The data type of the referenced resource. Must be "icap-environment" for this call. |
|
|
The ID of the icap-environment resource. |
|
|
The JSON API meta type, which is: "jsonapi.meta" |
|
|
Whether this ICAP handler is enabled. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
The icap-environment references. |
|
|
The data type of the referenced resource. Must be "icap-environment" for this call. |
|
|
The ID of the icap-environment resource. |
|
|
The JSON API meta type, which is: "jsonapi.meta" |
|
|
Whether this ICAP handler is enabled. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
The icap-environment references. |
|
|
The data type of the referenced resource. Must be "icap-environment" for this call. |
|
|
The ID of the icap-environment resource. |
|
|
The JSON API meta type, which is: "jsonapi.meta" |
|
|
Whether this ICAP handler is enabled. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
The icap-environment references. |
|
|
The data type of the referenced resource. Must be "icap-environment" for this call. |
|
|
The ID of the icap-environment resource. |
|
|
The JSON API meta type, which is: "jsonapi.meta" |
|
|
Whether this ICAP handler is enabled. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
The anomaly-shield-application references. |
|
|
The data type of the referenced resource. Must be "anomaly-shield-application" for this call. |
|
|
The ID of the anomaly-shield-application resource. |
|
|
The mapping-template references. |
|
|
The data type of the referenced resource. Must be "mapping-template" for this call. |
|
|
The ID of the mapping-template resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "mapping",
"id" : "1",
"attributes" : {
"name" : "mymapping",
"labels" : [ "labelA", "labelB" ],
"tenant" : "AirlockBankingCo",
"entryPath" : {
"value" : "/entryPathA/",
"enforceTrailingSlashes" : true,
"regexFormatEnforced" : true,
"ignoreCase" : true,
"priority" : 0
},
"backendPath" : "/backendA/",
"threatHandling" : "BLOCK",
"operationalMode" : "PRODUCTION",
"enableMaintenancePage" : true,
"access" : {
"deniedUrl" : {
"value" : "/auth/login",
"mode" : "GLOBAL"
},
"restrictions" : [ {
"enabled" : true,
"httpMethodPattern" : {
"pattern" : "[GET|POST|DELETE]",
"caseIgnored" : true,
"inverted" : true
},
"entryPathPattern" : {
"pattern" : "/admin/",
"caseIgnored" : true,
"inverted" : true
},
"authorizedRoles" : [ "admin" ],
"authorizedPlans" : [ "android", "ios", "browser" ]
} ],
"clientCertificateAuthentication" : "NOT_REQUIRED",
"authenticationFlow" : "REDIRECT",
"backendLogoutUrl" : "/backendA/logout",
"backendLogoutHostHeader" : "%BACKENDHOST%",
"ntlmPassthroughEnabled" : true,
"credentialsPropagation" : {
"mandatory" : true,
"type" : "BASIC_AUTH"
},
"tokensEnabled" : true,
"tokenTransport" : {
"presenceMandatoryEnforced" : true,
"headerExtraction" : {
"enabled" : true,
"extractionPattern" : {
"pattern" : "mypattern",
"caseIgnored" : true
},
"replaceWith" : "$1"
},
"parameterExtraction" : {
"enabled" : true,
"name" : "paramExtraction"
},
"cookieExtraction" : {
"enabled" : true,
"name" : "EXTRACTION_COOKIE"
}
},
"tokenVerification" : {
"signatureCheckEnforced" : true,
"expiryCheckEnabled" : true,
"expiryCheckSkew" : 42,
"extractTechnicalClientIdEnabled" : true,
"extractTechnicalClientIdName" : "TechnicalClientID",
"setAuditTokenFromSubjectEnabled" : true,
"claimRestrictions" : [ {
"enabled" : true,
"name" : "myrestriction",
"restrictionPattern" : {
"pattern" : "myRestriction",
"caseIgnored" : true,
"inverted" : true
}
} ],
"roleExtractions" : [ {
"enabled" : true,
"name" : "myextraction",
"extractionPattern" : {
"pattern" : "extractionPattern",
"caseIgnored" : true
},
"replaceWith" : "$1",
"tokenLifetimeAsRoleLifetimeEnforced" : true
} ]
}
},
"ipRules" : {
"ipAddressWhitelists" : {
"logOnly" : true,
"pathWhitelists" : [ {
"enabled" : true,
"pathPattern" : {
"pattern" : ".*",
"caseIgnored" : true,
"inverted" : true
},
"ipAddressListIds" : [ ]
} ]
},
"ipAddressBlacklists" : {
"logOnly" : true,
"webrootThreatCategories" : ""
},
"dynamicIpAddressBlacklist" : {
"enabled" : true,
"countMode" : "ALL"
}
},
"botManagement" : {
"logOnly" : false,
"clientCookieSupportEnforced" : true,
"wellKnownBots" : {
"allowed" : true,
"sourceDomainEnforced" : true
},
"customBots" : {
"allowed" : true,
"sourceDomainEnforced" : true,
"userAgentPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
},
"domainPattern" : {
"pattern" : "",
"inverted" : false
}
}
},
"timeouts" : {
"backend" : 120,
"sessionIdle" : 0
},
"limits" : {
"general" : {
"maxRequestBodySize" : 222,
"maxPathLength" : 111
},
"http" : {
"maxParameters" : 2222,
"maxParameterNameLength" : 1111,
"maxParameterValueLength" : 3333
},
"json" : {
"enabled" : true,
"maxKeyLength" : 48,
"maxValueLength" : 42,
"maxNestingDepth" : 2000,
"maxArrayItems" : 1000,
"maxKeys" : 4000,
"maxTotalEntries" : 3000
},
"graphql" : {
"enabled" : true,
"maxQuerySize" : 128,
"maxQueryNestingDepth" : 10,
"maxValueLength" : 256
}
},
"csrfProtection" : {
"enabled" : true,
"invalidTokenRedirectLocation" : "%ENTRY_PATH%/index.html",
"pathExceptions" : [ {
"pattern" : "^/exception/.*",
"caseIgnored" : true
} ]
},
"application" : {
"sessionHandling" : "ENFORCE_SESSION",
"controlApiAllowed" : true,
"environmentCookiesEnabled" : true,
"encryptedCookies" : {
"enabled" : true,
"prefix" : "ENCRYPT.*"
},
"passthroughCookies" : {
"enabled" : true,
"prefix" : "PASSTHROUGH.*"
},
"loadBalancingCookieEnabled" : true,
"webSocketsAllowed" : true,
"redirectForErrorPageEnabled" : true,
"request" : {
"charset" : "UTF_8_FALLBACK_WINDOWS_1252",
"path" : {
"enforceUtf8" : true
},
"header" : {
"enforceUtf8" : true,
"allowlist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$ ",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"denylist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
}
},
"parameter" : {
"enforceUtf8" : true
}
},
"response" : {
"compressionAllowed" : true,
"stripCommentsEnabled" : true,
"header" : {
"allowlist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"denylist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"location" : {
"rewrites" : [ {
"enabled" : true,
"urlPattern" : {
"pattern" : "/test/",
"caseIgnored" : true
},
"replaceWith" : "$1"
} ]
}
},
"json" : {
"rewrites" : [ {
"enabled" : true,
"path" : "$.address.city",
"contentPattern" : {
"pattern" : "Basel",
"caseIgnored" : true
},
"replaceWith" : "Zurich"
} ]
},
"body" : {
"rewrites" : [ {
"enabled" : true,
"contentType" : "application/json",
"contentPattern" : {
"pattern" : "test",
"caseIgnored" : true
},
"replaceWith" : "test2"
} ]
},
"html" : {
"rewrites" : [ {
"enabled" : true,
"urlPattern" : {
"pattern" : "^https?://www.mydomain.com(/[^'\"]*)$",
"caseIgnored" : true
},
"uris" : true,
"events" : true,
"embedded" : true,
"replaceWith" : "$1"
} ]
},
"errorPage" : {
"rewrites" : [ {
"enabled" : true,
"statusContentPattern" : "^5(?!02|03)..$",
"replaceWith" : "500.html"
} ]
}
}
},
"apiSecurity" : {
"treatPathSegmentsAsParamValues" : true,
"json" : {
"valuesChecked" : true,
"contentTypePattern" : {
"pattern" : "application/json",
"caseIgnored" : true,
"inverted" : true
},
"pathExceptions" : [ {
"pattern" : "^/json-parser-exception/.*",
"caseIgnored" : true
} ]
},
"graphql" : {
"enabled" : true,
"logOnly" : true,
"mutationsAllowed" : true,
"introspectionAllowed" : true,
"valuesChecked" : true,
"schemaEnforced" : true
},
"openApi" : {
"enabled" : true,
"logOnly" : true,
"responseCheckEnforced" : true,
"pathMatching" : "ClientView",
"specificationPublished" : true,
"specificationPublishPath" : "path/to/apiSpecification.json"
},
"apiPolicy" : {
"enabled" : true,
"keyExtractionHeader" : {
"enabled" : true,
"extractionPattern" : {
"pattern" : "^Api-Key: (.*)$",
"caseIgnored" : false,
"inverted" : false
},
"replaceWith" : "$1"
},
"keyExtractionQueryParameter" : {
"enabled" : true,
"parameterName" : "api_key"
},
"keyExtractionCookie" : {
"enabled" : true,
"cookieName" : "ApiKey"
}
}
},
"dosAttackPrevention" : {
"enabled" : true,
"logOnly" : true,
"restrictions" : [ {
"enabled" : true,
"pathPattern" : {
"pattern" : "^%ENTRYDIR%/",
"caseIgnored" : true,
"inverted" : true
},
"maxRequestsPerInterval" : 1000,
"interval" : 30
} ]
},
"overloadPrevention" : {
"enabled" : true,
"logOnly" : true,
"restrictions" : [ {
"enabled" : true,
"pathPattern" : {
"pattern" : "^%ENTRYDIR%/",
"caseIgnored" : true,
"inverted" : true
},
"maxRequestsPerInterval" : 1000,
"interval" : 30
} ]
},
"requestBodyStreaming" : {
"enabled" : true,
"httpMethodPattern" : {
"pattern" : "^GET$",
"caseIgnored" : true,
"inverted" : false
},
"pathPattern" : {
"pattern" : "/path/",
"caseIgnored" : false,
"inverted" : false
},
"contentTypePattern" : {
"pattern" : "video/mpeg",
"caseIgnored" : false,
"inverted" : false
}
},
"httpParameterPollutionDetection" : {
"mixedTypes" : {
"enabled" : false,
"logOnly" : true,
"parameterNameExceptionPattern" : {
"pattern" : "",
"caseIgnored" : true,
"inverted" : true
}
},
"sameType" : {
"enabled" : false
}
},
"expertSettings" : {
"securityGate" : {
"enabled" : true,
"settings" : "AuthenticatedSessionsWarningPercentage \"90\""
},
"apache" : {
"enabled" : true,
"settings" : "MaxConnectionsPerChild 15000"
}
},
"locking" : {
"enabled" : true,
"labels" : true,
"access" : {
"deniedUrl" : {
"value" : true,
"mode" : true
},
"restrictions" : true,
"clientCertificateAuthentication" : true,
"authenticationFlow" : true,
"backendLogoutUrl" : true,
"backendLogoutHostHeader" : true,
"ntlmPassthroughEnabled" : true,
"credentialsPropagation" : {
"mandatory" : true,
"type" : true
},
"tokensEnabled" : true,
"tokenVerification" : {
"localJwksProviders" : true,
"remoteJwksProviders" : true,
"expiryCheckEnabled" : true,
"expiryCheckSkew" : true,
"claimRestrictions" : true,
"roleExtractions" : true,
"extractTechnicalClientIdEnabled" : true,
"extractTechnicalClientIdName" : true,
"setAuditTokenFromSubjectEnabled" : true
},
"tokenTransport" : {
"presenceMandatoryEnforced" : true,
"headerExtraction" : {
"enabled" : true,
"extractionPattern" : true,
"replaceWith" : true
},
"parameterExtraction" : {
"enabled" : true,
"name" : true
},
"cookieExtraction" : {
"enabled" : true,
"name" : true
}
}
},
"entryPath" : {
"settings" : true,
"enforceTrailingSlashes" : true,
"regexFormatEnforced" : true,
"priority" : true
},
"backendPath" : true,
"threatHandling" : true,
"operationalMode" : true,
"enableMaintenancePage" : true,
"ipRules" : {
"ipAddressWhitelists" : {
"logOnly" : true,
"pathIpAddressWhitelists" : true
},
"ipAddressBlacklists" : {
"logOnly" : true
},
"dynamicIpAddressBlacklist" : {
"enabled" : true,
"countMode" : true
}
},
"botManagement" : {
"logOnly" : false,
"clientCookieSupportEnforced" : true,
"wellKnownBots" : {
"allowed" : true,
"sourceDomainEnforced" : true
},
"customBots" : {
"allowed" : true,
"sourceDomainEnforced" : true,
"userAgentPattern" : true,
"domainPattern" : true
}
},
"timeouts" : {
"backend" : true,
"sessionIdle" : true
},
"limits" : {
"general" : {
"maxRequestBodySize" : true,
"maxPathLength" : true
},
"http" : {
"maxParameters" : true,
"maxParameterNameLength" : true,
"maxParameterValueLength" : true,
"maxParameterLengthException" : true
},
"json" : {
"enabled" : true,
"maxKeyLength" : true,
"maxValueLength" : true,
"maxLengthException" : true,
"maxNestingDepth" : true,
"maxArrayItems" : true,
"maxKeys" : true,
"maxTotalEntries" : true
},
"graphql" : {
"enabled" : true,
"maxQuerySize" : true,
"maxQueryNestingDepth" : true,
"maxValueLength" : true,
"maxLengthException" : true
}
},
"csrfProtection" : {
"enabled" : true,
"invalidTokenRedirectLocation" : true,
"pathExceptions" : true
},
"application" : {
"sessionHandling" : true,
"controlApiAllowed" : true,
"environmentCookiesEnabled" : true,
"encryptedCookies" : {
"enabled" : true,
"prefix" : true
},
"passthroughCookies" : {
"enabled" : true,
"prefix" : true
},
"loadBalancingCookieEnabled" : true,
"webSocketsAllowed" : true,
"redirectForErrorPageEnabled" : true,
"request" : {
"charset" : true,
"path" : {
"enforceUtf8" : true
},
"header" : {
"enforceUtf8" : true,
"allowlist" : {
"defaultEnabled" : true,
"additional" : true
},
"denylist" : {
"defaultEnabled" : true,
"additional" : true
}
},
"parameter" : {
"enforceUtf8" : true
}
},
"response" : {
"compressionAllowed" : true,
"stripCommentsEnabled" : true,
"header" : {
"allowlist" : {
"defaultEnabled" : true,
"additional" : true
},
"denylist" : {
"defaultEnabled" : true,
"additional" : true
},
"location" : {
"rewrites" : true
}
},
"json" : {
"rewrites" : true
},
"body" : {
"rewrites" : true
},
"html" : {
"rewrites" : true
},
"errorPage" : {
"rewrites" : true
}
}
},
"apiSecurity" : {
"treatPathSegmentsAsParamValues" : true,
"json" : {
"valuesChecked" : true,
"contentTypePattern" : true,
"pathExceptions" : true
},
"graphql" : {
"enabled" : true,
"logOnly" : true,
"mutationsAllowed" : true,
"introspectionAllowed" : true,
"valuesChecked" : true,
"schemaEnforced" : true
},
"openApi" : {
"enabled" : true,
"logOnly" : true,
"documentId" : true,
"responseCheckEnforced" : true,
"pathMatching" : true,
"specificationPublished" : true,
"specificationPublishPath" : true
},
"apiPolicy" : {
"enabled" : true,
"serviceId" : true,
"keyExtractionHeader" : {
"enabled" : true,
"extractionPattern" : true,
"replaceWith" : true
},
"keyExtractionQueryParameter" : {
"enabled" : true,
"parameterName" : true
},
"keyExtractionCookie" : {
"enabled" : true,
"cookieName" : true
}
}
},
"dosAttackPrevention" : {
"enabled" : true,
"logOnly" : true,
"ipAddressException" : true,
"restrictions" : true
},
"overloadPrevention" : {
"enabled" : true,
"logOnly" : true,
"ipAddressException" : true,
"restrictions" : true
},
"requestBodyStreaming" : {
"enabled" : true,
"httpMethodPattern" : true,
"pathPattern" : true,
"contentTypePattern" : true
},
"httpParameterPollutionDetection" : {
"mixedTypes" : {
"enabled" : true,
"logOnly" : true,
"parameterNameExceptionPattern" : true
},
"sameType" : {
"enabled" : true
}
},
"icap" : {
"request" : {
"clientViews" : true,
"backendViews" : true
},
"response" : {
"backendViews" : true,
"clientViews" : true
}
}
}
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 26818
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:05.502Z"
},
"data" : {
"type" : "mapping",
"id" : "1",
"attributes" : {
"name" : "mymapping",
"labels" : [ "labelA", "labelB" ],
"tenant" : "AirlockBankingCo",
"entryPath" : {
"value" : "/entryPathA/",
"enforceTrailingSlashes" : true,
"regexFormatEnforced" : true,
"ignoreCase" : true,
"priority" : 0
},
"backendPath" : "/backendA/",
"threatHandling" : "BLOCK",
"operationalMode" : "PRODUCTION",
"enableMaintenancePage" : true,
"access" : {
"deniedUrl" : {
"value" : "/auth/login",
"mode" : "GLOBAL"
},
"restrictions" : [ {
"enabled" : true,
"httpMethodPattern" : {
"pattern" : "[GET|POST|DELETE]",
"caseIgnored" : true,
"inverted" : true
},
"entryPathPattern" : {
"pattern" : "/admin/",
"caseIgnored" : true,
"inverted" : true
},
"authorizedRoles" : [ "admin" ],
"authorizedPlans" : [ "android", "ios", "browser" ]
} ],
"clientCertificateAuthentication" : "NOT_REQUIRED",
"authenticationFlow" : "REDIRECT",
"backendLogoutUrl" : "/backendA/logout",
"backendLogoutHostHeader" : "%BACKENDHOST%",
"ntlmPassthroughEnabled" : true,
"credentialsPropagation" : {
"mandatory" : true,
"type" : "BASIC_AUTH"
},
"tokensEnabled" : true,
"tokenTransport" : {
"presenceMandatoryEnforced" : true,
"headerExtraction" : {
"enabled" : true,
"extractionPattern" : {
"pattern" : "mypattern",
"caseIgnored" : true
},
"replaceWith" : "$1"
},
"parameterExtraction" : {
"enabled" : true,
"name" : "paramExtraction"
},
"cookieExtraction" : {
"enabled" : true,
"name" : "EXTRACTION_COOKIE"
}
},
"tokenVerification" : {
"signatureCheckEnforced" : true,
"expiryCheckEnabled" : true,
"expiryCheckSkew" : 42,
"extractTechnicalClientIdEnabled" : true,
"extractTechnicalClientIdName" : "TechnicalClientID",
"setAuditTokenFromSubjectEnabled" : true,
"claimRestrictions" : [ {
"enabled" : true,
"name" : "myrestriction",
"restrictionPattern" : {
"pattern" : "myRestriction",
"caseIgnored" : true,
"inverted" : true
}
} ],
"roleExtractions" : [ {
"enabled" : true,
"name" : "myextraction",
"extractionPattern" : {
"pattern" : "extractionPattern",
"caseIgnored" : true
},
"replaceWith" : "$1",
"tokenLifetimeAsRoleLifetimeEnforced" : true
} ]
}
},
"ipRules" : {
"ipAddressWhitelists" : {
"logOnly" : true,
"pathWhitelists" : [ {
"enabled" : true,
"pathPattern" : {
"pattern" : ".*",
"caseIgnored" : true,
"inverted" : true
},
"ipAddressListIds" : [ ]
} ]
},
"ipAddressBlacklists" : {
"logOnly" : true,
"webrootThreatCategories" : ""
},
"dynamicIpAddressBlacklist" : {
"enabled" : true,
"countMode" : "ALL"
}
},
"botManagement" : {
"logOnly" : false,
"clientCookieSupportEnforced" : true,
"wellKnownBots" : {
"allowed" : true,
"sourceDomainEnforced" : true
},
"customBots" : {
"allowed" : true,
"sourceDomainEnforced" : true,
"userAgentPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
},
"domainPattern" : {
"pattern" : "",
"inverted" : false
}
}
},
"timeouts" : {
"backend" : 120,
"sessionIdle" : 0
},
"limits" : {
"general" : {
"maxRequestBodySize" : 222,
"maxPathLength" : 111
},
"http" : {
"maxParameters" : 2222,
"maxParameterNameLength" : 1111,
"maxParameterValueLength" : 3333
},
"json" : {
"enabled" : true,
"maxKeyLength" : 48,
"maxValueLength" : 42,
"maxNestingDepth" : 2000,
"maxArrayItems" : 1000,
"maxKeys" : 4000,
"maxTotalEntries" : 3000
},
"graphql" : {
"enabled" : true,
"maxQuerySize" : 128,
"maxQueryNestingDepth" : 10,
"maxValueLength" : 256
}
},
"csrfProtection" : {
"enabled" : true,
"invalidTokenRedirectLocation" : "%ENTRY_PATH%/index.html",
"pathExceptions" : [ {
"pattern" : "^/exception/.*",
"caseIgnored" : true
} ]
},
"application" : {
"sessionHandling" : "ENFORCE_SESSION",
"controlApiAllowed" : true,
"environmentCookiesEnabled" : true,
"encryptedCookies" : {
"enabled" : true,
"prefix" : "ENCRYPT.*"
},
"passthroughCookies" : {
"enabled" : true,
"prefix" : "PASSTHROUGH.*"
},
"loadBalancingCookieEnabled" : true,
"webSocketsAllowed" : true,
"redirectForErrorPageEnabled" : true,
"request" : {
"charset" : "UTF_8_FALLBACK_WINDOWS_1252",
"path" : {
"enforceUtf8" : true
},
"header" : {
"enforceUtf8" : true,
"allowlist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$ ",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"denylist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
}
},
"parameter" : {
"enforceUtf8" : true
}
},
"response" : {
"compressionAllowed" : true,
"stripCommentsEnabled" : true,
"header" : {
"allowlist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"denylist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"location" : {
"rewrites" : [ {
"enabled" : true,
"urlPattern" : {
"pattern" : "/test/",
"caseIgnored" : true
},
"replaceWith" : "$1"
} ]
}
},
"json" : {
"rewrites" : [ {
"enabled" : true,
"path" : "$.address.city",
"contentPattern" : {
"pattern" : "Basel",
"caseIgnored" : true
},
"replaceWith" : "Zurich"
} ]
},
"body" : {
"rewrites" : [ {
"enabled" : true,
"contentType" : "application/json",
"contentPattern" : {
"pattern" : "test",
"caseIgnored" : true
},
"replaceWith" : "test2"
} ]
},
"html" : {
"rewrites" : [ {
"enabled" : true,
"urlPattern" : {
"pattern" : "^https?://www.mydomain.com(/[^'\"]*)$",
"caseIgnored" : true
},
"uris" : true,
"events" : true,
"embedded" : true,
"replaceWith" : "$1"
} ]
},
"errorPage" : {
"rewrites" : [ {
"enabled" : true,
"statusContentPattern" : "^5(?!02|03)..$",
"replaceWith" : "500.html"
} ]
}
}
},
"apiSecurity" : {
"treatPathSegmentsAsParamValues" : true,
"json" : {
"valuesChecked" : true,
"contentTypePattern" : {
"pattern" : "application/json",
"caseIgnored" : true,
"inverted" : true
},
"pathExceptions" : [ {
"pattern" : "^/json-parser-exception/.*",
"caseIgnored" : true
} ]
},
"graphql" : {
"enabled" : true,
"logOnly" : true,
"mutationsAllowed" : true,
"introspectionAllowed" : true,
"valuesChecked" : true,
"schemaEnforced" : true
},
"openApi" : {
"enabled" : true,
"logOnly" : true,
"responseCheckEnforced" : true,
"pathMatching" : "ClientView",
"specificationPublished" : true,
"specificationPublishPath" : "path/to/apiSpecification.json"
},
"apiPolicy" : {
"enabled" : true,
"keyExtractionHeader" : {
"enabled" : true,
"extractionPattern" : {
"pattern" : "^Api-Key: (.*)$",
"caseIgnored" : false,
"inverted" : false
},
"replaceWith" : "$1"
},
"keyExtractionQueryParameter" : {
"enabled" : true,
"parameterName" : "api_key"
},
"keyExtractionCookie" : {
"enabled" : true,
"cookieName" : "ApiKey"
}
}
},
"dosAttackPrevention" : {
"enabled" : true,
"logOnly" : true,
"restrictions" : [ {
"enabled" : true,
"pathPattern" : {
"pattern" : "^%ENTRYDIR%/",
"caseIgnored" : true,
"inverted" : true
},
"maxRequestsPerInterval" : 1000,
"interval" : 30
} ]
},
"overloadPrevention" : {
"enabled" : true,
"logOnly" : true,
"restrictions" : [ {
"enabled" : true,
"pathPattern" : {
"pattern" : "^%ENTRYDIR%/",
"caseIgnored" : true,
"inverted" : true
},
"maxRequestsPerInterval" : 1000,
"interval" : 30
} ]
},
"requestBodyStreaming" : {
"enabled" : true,
"httpMethodPattern" : {
"pattern" : "^GET$",
"caseIgnored" : true,
"inverted" : false
},
"pathPattern" : {
"pattern" : "/path/",
"caseIgnored" : false,
"inverted" : false
},
"contentTypePattern" : {
"pattern" : "video/mpeg",
"caseIgnored" : false,
"inverted" : false
}
},
"httpParameterPollutionDetection" : {
"mixedTypes" : {
"enabled" : false,
"logOnly" : true,
"parameterNameExceptionPattern" : {
"pattern" : "",
"caseIgnored" : true,
"inverted" : true
}
},
"sameType" : {
"enabled" : false
}
},
"expertSettings" : {
"securityGate" : {
"enabled" : true,
"settings" : "AuthenticatedSessionsWarningPercentage \"90\""
},
"apache" : {
"enabled" : true,
"settings" : "MaxConnectionsPerChild 15000"
}
},
"locking" : {
"enabled" : true,
"labels" : true,
"access" : {
"deniedUrl" : {
"value" : true,
"mode" : true
},
"restrictions" : true,
"clientCertificateAuthentication" : true,
"authenticationFlow" : true,
"backendLogoutUrl" : true,
"backendLogoutHostHeader" : true,
"ntlmPassthroughEnabled" : true,
"credentialsPropagation" : {
"mandatory" : true,
"type" : true
},
"tokensEnabled" : true,
"tokenVerification" : {
"localJwksProviders" : true,
"remoteJwksProviders" : true,
"expiryCheckEnabled" : true,
"expiryCheckSkew" : true,
"claimRestrictions" : true,
"roleExtractions" : true,
"extractTechnicalClientIdEnabled" : true,
"extractTechnicalClientIdName" : true,
"setAuditTokenFromSubjectEnabled" : true
},
"tokenTransport" : {
"presenceMandatoryEnforced" : true,
"headerExtraction" : {
"enabled" : true,
"extractionPattern" : true,
"replaceWith" : true
},
"parameterExtraction" : {
"enabled" : true,
"name" : true
},
"cookieExtraction" : {
"enabled" : true,
"name" : true
}
}
},
"entryPath" : {
"settings" : true,
"enforceTrailingSlashes" : true,
"regexFormatEnforced" : true,
"priority" : true
},
"backendPath" : true,
"threatHandling" : true,
"operationalMode" : true,
"enableMaintenancePage" : true,
"ipRules" : {
"ipAddressWhitelists" : {
"logOnly" : true,
"pathIpAddressWhitelists" : true
},
"ipAddressBlacklists" : {
"logOnly" : true
},
"dynamicIpAddressBlacklist" : {
"enabled" : true,
"countMode" : true
}
},
"botManagement" : {
"logOnly" : false,
"clientCookieSupportEnforced" : true,
"wellKnownBots" : {
"allowed" : true,
"sourceDomainEnforced" : true
},
"customBots" : {
"allowed" : true,
"sourceDomainEnforced" : true,
"userAgentPattern" : true,
"domainPattern" : true
}
},
"timeouts" : {
"backend" : true,
"sessionIdle" : true
},
"limits" : {
"general" : {
"maxRequestBodySize" : true,
"maxPathLength" : true
},
"http" : {
"maxParameters" : true,
"maxParameterNameLength" : true,
"maxParameterValueLength" : true,
"maxParameterLengthException" : true
},
"json" : {
"enabled" : true,
"maxKeyLength" : true,
"maxValueLength" : true,
"maxLengthException" : true,
"maxNestingDepth" : true,
"maxArrayItems" : true,
"maxKeys" : true,
"maxTotalEntries" : true
},
"graphql" : {
"enabled" : true,
"maxQuerySize" : true,
"maxQueryNestingDepth" : true,
"maxValueLength" : true,
"maxLengthException" : true
}
},
"csrfProtection" : {
"enabled" : true,
"invalidTokenRedirectLocation" : true,
"pathExceptions" : true
},
"application" : {
"sessionHandling" : true,
"controlApiAllowed" : true,
"environmentCookiesEnabled" : true,
"encryptedCookies" : {
"enabled" : true,
"prefix" : true
},
"passthroughCookies" : {
"enabled" : true,
"prefix" : true
},
"loadBalancingCookieEnabled" : true,
"webSocketsAllowed" : true,
"redirectForErrorPageEnabled" : true,
"request" : {
"charset" : true,
"path" : {
"enforceUtf8" : true
},
"header" : {
"enforceUtf8" : true,
"allowlist" : {
"defaultEnabled" : true,
"additional" : true
},
"denylist" : {
"defaultEnabled" : true,
"additional" : true
}
},
"parameter" : {
"enforceUtf8" : true
}
},
"response" : {
"compressionAllowed" : true,
"stripCommentsEnabled" : true,
"header" : {
"allowlist" : {
"defaultEnabled" : true,
"additional" : true
},
"denylist" : {
"defaultEnabled" : true,
"additional" : true
},
"location" : {
"rewrites" : true
}
},
"json" : {
"rewrites" : true
},
"body" : {
"rewrites" : true
},
"html" : {
"rewrites" : true
},
"errorPage" : {
"rewrites" : true
}
}
},
"apiSecurity" : {
"treatPathSegmentsAsParamValues" : true,
"json" : {
"valuesChecked" : true,
"contentTypePattern" : true,
"pathExceptions" : true
},
"graphql" : {
"enabled" : true,
"logOnly" : true,
"mutationsAllowed" : true,
"introspectionAllowed" : true,
"valuesChecked" : true,
"schemaEnforced" : true
},
"openApi" : {
"enabled" : true,
"logOnly" : true,
"documentId" : true,
"responseCheckEnforced" : true,
"pathMatching" : true,
"specificationPublished" : true,
"specificationPublishPath" : true
},
"apiPolicy" : {
"enabled" : true,
"serviceId" : true,
"keyExtractionHeader" : {
"enabled" : true,
"extractionPattern" : true,
"replaceWith" : true
},
"keyExtractionQueryParameter" : {
"enabled" : true,
"parameterName" : true
},
"keyExtractionCookie" : {
"enabled" : true,
"cookieName" : true
}
}
},
"dosAttackPrevention" : {
"enabled" : true,
"logOnly" : true,
"ipAddressException" : true,
"restrictions" : true
},
"overloadPrevention" : {
"enabled" : true,
"logOnly" : true,
"ipAddressException" : true,
"restrictions" : true
},
"requestBodyStreaming" : {
"enabled" : true,
"httpMethodPattern" : true,
"pathPattern" : true,
"contentTypePattern" : true
},
"httpParameterPollutionDetection" : {
"mixedTypes" : {
"enabled" : true,
"logOnly" : true,
"parameterNameExceptionPattern" : true
},
"sameType" : {
"enabled" : true
}
},
"icap" : {
"request" : {
"clientViews" : true,
"backendViews" : true
},
"response" : {
"backendViews" : true,
"clientViews" : true
}
}
}
},
"relationships" : {
"back-end-groups" : {
"data" : [ {
"type" : "back-end-group",
"id" : "30"
} ]
},
"virtual-hosts" : {
"data" : [ {
"type" : "virtual-host",
"id" : "40"
} ]
},
"local-json-web-key-sets" : {
"data" : [ {
"type" : "local-json-web-key-set",
"id" : "46"
} ]
},
"remote-json-web-key-sets" : {
"data" : [ {
"type" : "remote-json-web-key-set",
"id" : "47"
} ]
},
"openapi-document" : {
"data" : {
"type" : "openapi-document",
"id" : "50"
}
},
"graphql-document" : {
"data" : {
"type" : "graphql-document",
"id" : "80"
}
},
"api-policy-service" : {
"data" : {
"type" : "api-policy-service",
"id" : "60"
}
},
"ip-address-blacklists" : {
"data" : [ {
"type" : "ip-address-list",
"id" : "92"
} ]
},
"ip-address-blacklist-exceptions" : {
"data" : [ {
"type" : "ip-address-list",
"id" : "92"
} ]
},
"dos-attack-prevention-source-ip-address-exception" : {
"data" : {
"type" : "ip-address-list",
"id" : "80"
}
},
"icap-request-client-views" : {
"data" : [ {
"type" : "icap-environment",
"id" : "42",
"meta" : {
"type" : "jsonapi.meta",
"usage" : {
"httpMethodPattern" : {
"caseIgnored" : "true",
"pattern" : "GET",
"inverted" : "true"
},
"pathPattern" : {
"caseIgnored" : "true",
"pattern" : "/entity-path",
"inverted" : "true"
},
"requestHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "^X-Entity",
"inverted" : "true"
},
"requestHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "EntityValue",
"inverted" : "true"
},
"enabled" : true
}
}
} ]
},
"icap-request-backend-views" : {
"data" : [ {
"type" : "icap-environment",
"id" : "43",
"meta" : {
"type" : "jsonapi.meta",
"usage" : {
"httpMethodPattern" : {
"caseIgnored" : "true",
"pattern" : "GET",
"inverted" : "true"
},
"pathPattern" : {
"caseIgnored" : "true",
"pattern" : "/entity-path",
"inverted" : "true"
},
"requestHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "^X-Entity",
"inverted" : "true"
},
"requestHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "EntityValue",
"inverted" : "true"
},
"enabled" : true
}
}
} ]
},
"icap-response-backend-views" : {
"data" : [ {
"type" : "icap-environment",
"id" : "44",
"meta" : {
"type" : "jsonapi.meta",
"usage" : {
"httpMethodPattern" : {
"caseIgnored" : "true",
"pattern" : "GET",
"inverted" : "true"
},
"pathPattern" : {
"caseIgnored" : "true",
"pattern" : "/entity-path",
"inverted" : "true"
},
"requestHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "^X-Entity",
"inverted" : "true"
},
"requestHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "EntityValue",
"inverted" : "true"
},
"responseHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "X-Response",
"inverted" : "true"
},
"responseHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "responsevalue",
"inverted" : "true"
},
"enabled" : true
}
}
} ]
},
"icap-response-client-views" : {
"data" : [ {
"type" : "icap-environment",
"id" : "45",
"meta" : {
"type" : "jsonapi.meta",
"usage" : {
"httpMethodPattern" : {
"caseIgnored" : "true",
"pattern" : "GET",
"inverted" : "true"
},
"pathPattern" : {
"caseIgnored" : "true",
"pattern" : "/entity-path",
"inverted" : "true"
},
"requestHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "^X-Entity",
"inverted" : "true"
},
"requestHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "EntityValue",
"inverted" : "true"
},
"responseHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "X-Response",
"inverted" : "true"
},
"responseHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "responsevalue",
"inverted" : "true"
},
"enabled" : true
}
}
} ]
},
"anomaly-shield-application" : {
"data" : {
"type" : "anomaly-shield-application",
"id" : "70"
}
}
}
}
}
Delete a Mapping
DELETE /configuration/mappings/{id}
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Access a Deny Rule Group Usage
GET /configuration/mappings/{id}/deny-rule-groups/{shortName}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
|
The short name of the element to access. This corresponds to the ID returned by the global resource for this data type. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "mapping-deny-rule-group" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
If set to true, all deny rule of this group on the selected security level are active. |
|
|
All exceptions for this group. |
|
|
Triggers an exception if the content type of the request matches. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
If enabled, the exception is active. |
|
|
Triggers an exception for a matching header name. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
Triggers an exception for a matching header value. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
Triggers an exception if the HTTP method of the request matches. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
Triggers an exception for a matching query parameter name. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
Triggers an exception for a matching query parameter value. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
Triggers an exception for a matching request path. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
If enabled, requests triggering the group policies are not blocked. The violation is logged and notified. |
|
|
Specifies the security level. Allowed values: |
|
|
Allowed values: |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/deny-rule-groups/HEADER_VALUE_INJECTION" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2256
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:54.428Z"
},
"data" : {
"type" : "mapping-deny-rule-group",
"id" : "HEADER_VALUE_INJECTION",
"attributes" : {
"enabled" : true,
"securityLevel" : "STANDARD",
"securityLevelLogged" : "STRICT",
"logOnly" : true,
"exceptions" : [ {
"enabled" : true,
"httpMethodPattern" : {
"enabled" : true,
"name" : "POST",
"pattern" : "^POST",
"caseIgnored" : false,
"inverted" : false,
"multipleSingleLineRegex" : true
},
"pathPattern" : {
"enabled" : true,
"name" : "internal path",
"pattern" : "^/internal/",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
},
"parameterNamePattern" : {
"enabled" : true,
"name" : "Certificate Parameter",
"pattern" : "(?:certificate)",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : false
},
"parameterValuePattern" : {
"enabled" : true,
"name" : "BASE64 Encoded",
"pattern" : "[a-aA-Z0-9@_=-]+",
"caseIgnored" : false,
"inverted" : false,
"multipleSingleLineRegex" : false
},
"contentTypePattern" : {
"enabled" : true,
"name" : "Forms",
"pattern" : "^form/",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : false
},
"headerNamePattern" : {
"enabled" : true,
"name" : "Custom Headers",
"pattern" : "^X-Good-Header",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : false
},
"headerValuePattern" : {
"enabled" : true,
"name" : "Only printable values",
"pattern" : "\\p{printable}",
"caseIgnored" : false,
"inverted" : true,
"multipleSingleLineRegex" : false
}
} ],
"locking" : {
"enabled" : false,
"exceptions" : false
}
}
}
}
Update a Deny Rule Group Usage
PATCH /configuration/mappings/{id}/deny-rule-groups/{shortName}
Content-Type application/json
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
|
The short name of the element to access. This corresponds to the ID returned by the global resource for this data type. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "mapping-deny-rule-group" for this call. |
|
|
yes |
The ID of the resource to be addressed. |
|
|
no |
If set to true, all deny rule of this group on the selected security level are active. |
|
|
no |
All exceptions for this group. |
|
|
no |
Triggers an exception if the content type of the request matches. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether the pattern is enabled. |
|
|
no |
Whether to invert the match. |
|
|
no |
Whether to interpret line breaks as logical ORs. |
|
|
no |
The name of the pattern. Will be generated if empty. |
|
|
no |
The actual pattern. |
|
|
no |
If enabled, the exception is active. |
|
|
no |
Triggers an exception for a matching header name. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether the pattern is enabled. |
|
|
no |
Whether to invert the match. |
|
|
no |
Whether to interpret line breaks as logical ORs. |
|
|
no |
The name of the pattern. Will be generated if empty. |
|
|
no |
The actual pattern. |
|
|
no |
Triggers an exception for a matching header value. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether the pattern is enabled. |
|
|
no |
Whether to invert the match. |
|
|
no |
Whether to interpret line breaks as logical ORs. |
|
|
no |
The name of the pattern. Will be generated if empty. |
|
|
no |
The actual pattern. |
|
|
no |
Triggers an exception if the HTTP method of the request matches. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether the pattern is enabled. |
|
|
no |
Whether to invert the match. |
|
|
no |
Whether to interpret line breaks as logical ORs. |
|
|
no |
The name of the pattern. Will be generated if empty. |
|
|
no |
The actual pattern. |
|
|
no |
Triggers an exception for a matching query parameter name. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether the pattern is enabled. |
|
|
no |
Whether to invert the match. |
|
|
no |
Whether to interpret line breaks as logical ORs. |
|
|
no |
The name of the pattern. Will be generated if empty. |
|
|
no |
The actual pattern. |
|
|
no |
Triggers an exception for a matching query parameter value. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether the pattern is enabled. |
|
|
no |
Whether to invert the match. |
|
|
no |
Whether to interpret line breaks as logical ORs. |
|
|
no |
The name of the pattern. Will be generated if empty. |
|
|
no |
The actual pattern. |
|
|
no |
Triggers an exception for a matching request path. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether the pattern is enabled. |
|
|
no |
Whether to invert the match. |
|
|
no |
Whether to interpret line breaks as logical ORs. |
|
|
no |
The name of the pattern. Will be generated if empty. |
|
|
no |
The actual pattern. |
|
|
yes |
Lock for the corresponding member. |
|
|
yes |
Lock for the corresponding member. |
|
|
no |
If enabled, requests triggering the group policies are not blocked. The violation is logged and notified. |
|
|
no |
Specifies the security level. Allowed values: |
|
|
no |
Allowed values: |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "mapping-deny-rule-group" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
If set to true, all deny rule of this group on the selected security level are active. |
|
|
All exceptions for this group. |
|
|
Triggers an exception if the content type of the request matches. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
If enabled, the exception is active. |
|
|
Triggers an exception for a matching header name. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
Triggers an exception for a matching header value. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
Triggers an exception if the HTTP method of the request matches. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
Triggers an exception for a matching query parameter name. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
Triggers an exception for a matching query parameter value. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
Triggers an exception for a matching request path. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
Lock for the corresponding member. |
|
|
Lock for the corresponding member. |
|
|
If enabled, requests triggering the group policies are not blocked. The violation is logged and notified. |
|
|
Specifies the security level. Allowed values: |
|
|
Allowed values: |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/deny-rule-groups/HEADER_VALUE_INJECTION" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "mapping-deny-rule-group",
"id" : "1",
"attributes" : {
"enabled" : true,
"securityLevel" : "STANDARD",
"securityLevelLogged" : "STRICT",
"logOnly" : true,
"exceptions" : [ {
"enabled" : true,
"httpMethodPattern" : {
"enabled" : true,
"pattern" : "GET",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
},
"pathPattern" : {
"enabled" : true,
"pattern" : "/path",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
},
"parameterNamePattern" : {
"enabled" : true,
"pattern" : "parameter",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
},
"parameterValuePattern" : {
"enabled" : true,
"pattern" : "value",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
},
"contentTypePattern" : {
"enabled" : true,
"pattern" : "text/html",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
},
"headerNamePattern" : {
"enabled" : true,
"pattern" : "headerName",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
},
"headerValuePattern" : {
"enabled" : true,
"pattern" : "headerValue",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
}
} ],
"locking" : {
"enabled" : false,
"exceptions" : false
}
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2173
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:54.519Z"
},
"data" : {
"type" : "mapping-deny-rule-group",
"id" : "HEADER_VALUE_INJECTION",
"attributes" : {
"enabled" : true,
"securityLevel" : "STANDARD",
"securityLevelLogged" : "STRICT",
"logOnly" : true,
"exceptions" : [ {
"enabled" : true,
"httpMethodPattern" : {
"enabled" : true,
"name" : "GET",
"pattern" : "GET",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
},
"pathPattern" : {
"enabled" : true,
"name" : "/path",
"pattern" : "/path",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
},
"parameterNamePattern" : {
"enabled" : true,
"name" : "parameter",
"pattern" : "parameter",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
},
"parameterValuePattern" : {
"enabled" : true,
"name" : "value",
"pattern" : "value",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
},
"contentTypePattern" : {
"enabled" : true,
"name" : "text/html",
"pattern" : "text/html",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
},
"headerNamePattern" : {
"enabled" : true,
"name" : "headerName",
"pattern" : "headerName",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
},
"headerValuePattern" : {
"enabled" : true,
"name" : "headerValue",
"pattern" : "headerValue",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
}
} ],
"locking" : {
"enabled" : false,
"exceptions" : false
}
}
}
}
Access a Deny Rule Usage
GET /configuration/mappings/{id}/deny-rules/{shortName}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
|
The short name of the element to access. This corresponds to the ID returned by the global resource for this data type. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "mapping-deny-rule" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
If set to true, the deny rule is enabled. Changing this value is only allowed, if the security level of the parent deny rule group is set to "CUSTOM". Otherwise any attempt in changing the value will result in a response with status code '409 Conflict'. |
|
|
All exceptions for this group. |
|
|
Triggers an exception if the content type of the request matches. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
If enabled, the exception is active. |
|
|
Triggers an exception for a matching header name. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
Triggers an exception for a matching header value. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
Triggers an exception if the HTTP method of the request matches. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
Triggers an exception for a matching query parameter name. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
Triggers an exception for a matching query parameter value. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
Triggers an exception for a matching request path. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
If enabled, requests triggering the deny rule are not blocked. The violation is logged and notified. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/deny-rules/SQL_001A" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2076
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:54.393Z"
},
"data" : {
"type" : "mapping-deny-rule",
"id" : "SQL_001A",
"attributes" : {
"enabled" : true,
"logOnly" : false,
"exceptions" : [ {
"enabled" : true,
"httpMethodPattern" : {
"enabled" : true,
"name" : "POST",
"pattern" : "^POST",
"caseIgnored" : false,
"inverted" : false,
"multipleSingleLineRegex" : true
},
"pathPattern" : {
"enabled" : true,
"name" : "internal path",
"pattern" : "^/internal/",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
},
"parameterNamePattern" : {
"enabled" : true,
"name" : "Certificate Parameter",
"pattern" : "(?:certificate)",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : false
},
"parameterValuePattern" : {
"enabled" : true,
"name" : "BASE64 Encoded",
"pattern" : "[a-aA-Z0-9@_=-]+",
"caseIgnored" : false,
"inverted" : false,
"multipleSingleLineRegex" : false
},
"contentTypePattern" : {
"enabled" : true,
"name" : "Forms",
"pattern" : "^form/",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : false
},
"headerNamePattern" : {
"enabled" : true,
"name" : "Custom Headers",
"pattern" : "^X-Good-Header",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : false
},
"headerValuePattern" : {
"enabled" : true,
"name" : "Only printable values",
"pattern" : "\\p{printable}",
"caseIgnored" : false,
"inverted" : true,
"multipleSingleLineRegex" : false
}
} ]
}
}
}
Update a Deny Rule Usage
PATCH /configuration/mappings/{id}/deny-rules/{shortName}
Content-Type application/json
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
|
The short name of the element to access. This corresponds to the ID returned by the global resource for this data type. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "mapping-deny-rule" for this call. |
|
|
yes |
The ID of the resource to be addressed. |
|
|
no |
If set to true, the deny rule is enabled. Changing this value is only allowed, if the security level of the parent deny rule group is set to "CUSTOM". Otherwise any attempt in changing the value will result in a response with status code '409 Conflict'. |
|
|
no |
All exceptions for this group. |
|
|
no |
Triggers an exception if the content type of the request matches. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether the pattern is enabled. |
|
|
no |
Whether to invert the match. |
|
|
no |
Whether to interpret line breaks as logical ORs. |
|
|
no |
The name of the pattern. Will be generated if empty. |
|
|
no |
The actual pattern. |
|
|
no |
If enabled, the exception is active. |
|
|
no |
Triggers an exception for a matching header name. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether the pattern is enabled. |
|
|
no |
Whether to invert the match. |
|
|
no |
Whether to interpret line breaks as logical ORs. |
|
|
no |
The name of the pattern. Will be generated if empty. |
|
|
no |
The actual pattern. |
|
|
no |
Triggers an exception for a matching header value. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether the pattern is enabled. |
|
|
no |
Whether to invert the match. |
|
|
no |
Whether to interpret line breaks as logical ORs. |
|
|
no |
The name of the pattern. Will be generated if empty. |
|
|
no |
The actual pattern. |
|
|
no |
Triggers an exception if the HTTP method of the request matches. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether the pattern is enabled. |
|
|
no |
Whether to invert the match. |
|
|
no |
Whether to interpret line breaks as logical ORs. |
|
|
no |
The name of the pattern. Will be generated if empty. |
|
|
no |
The actual pattern. |
|
|
no |
Triggers an exception for a matching query parameter name. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether the pattern is enabled. |
|
|
no |
Whether to invert the match. |
|
|
no |
Whether to interpret line breaks as logical ORs. |
|
|
no |
The name of the pattern. Will be generated if empty. |
|
|
no |
The actual pattern. |
|
|
no |
Triggers an exception for a matching query parameter value. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether the pattern is enabled. |
|
|
no |
Whether to invert the match. |
|
|
no |
Whether to interpret line breaks as logical ORs. |
|
|
no |
The name of the pattern. Will be generated if empty. |
|
|
no |
The actual pattern. |
|
|
no |
Triggers an exception for a matching request path. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether the pattern is enabled. |
|
|
no |
Whether to invert the match. |
|
|
no |
Whether to interpret line breaks as logical ORs. |
|
|
no |
The name of the pattern. Will be generated if empty. |
|
|
no |
The actual pattern. |
|
|
no |
If enabled, requests triggering the deny rule are not blocked. The violation is logged and notified. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "mapping-deny-rule" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
If set to true, the deny rule is enabled. Changing this value is only allowed, if the security level of the parent deny rule group is set to "CUSTOM". Otherwise any attempt in changing the value will result in a response with status code '409 Conflict'. |
|
|
All exceptions for this group. |
|
|
Triggers an exception if the content type of the request matches. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
If enabled, the exception is active. |
|
|
Triggers an exception for a matching header name. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
Triggers an exception for a matching header value. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
Triggers an exception if the HTTP method of the request matches. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
Triggers an exception for a matching query parameter name. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
Triggers an exception for a matching query parameter value. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
Triggers an exception for a matching request path. |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
Whether to interpret line breaks as logical ORs. |
|
|
The name of the pattern. Will be generated if empty. |
|
|
The actual pattern. |
|
|
If enabled, requests triggering the deny rule are not blocked. The violation is logged and notified. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/deny-rules/SQL_001A" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "mapping-deny-rule",
"id" : "1",
"attributes" : {
"enabled" : true,
"logOnly" : true,
"exceptions" : [ {
"enabled" : true,
"httpMethodPattern" : {
"enabled" : true,
"pattern" : "GET",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
},
"pathPattern" : {
"enabled" : true,
"pattern" : "/path",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
},
"parameterNamePattern" : {
"enabled" : true,
"pattern" : "parameter",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
},
"parameterValuePattern" : {
"enabled" : true,
"pattern" : "value",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
},
"contentTypePattern" : {
"enabled" : true,
"pattern" : "text/html",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
},
"headerNamePattern" : {
"enabled" : true,
"pattern" : "headerName",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
},
"headerValuePattern" : {
"enabled" : true,
"pattern" : "headerValue",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
}
} ]
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1992
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:54.483Z"
},
"data" : {
"type" : "mapping-deny-rule",
"id" : "SQL_001A",
"attributes" : {
"enabled" : true,
"logOnly" : true,
"exceptions" : [ {
"enabled" : true,
"httpMethodPattern" : {
"enabled" : true,
"name" : "GET",
"pattern" : "GET",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
},
"pathPattern" : {
"enabled" : true,
"name" : "/path",
"pattern" : "/path",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
},
"parameterNamePattern" : {
"enabled" : true,
"name" : "parameter",
"pattern" : "parameter",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
},
"parameterValuePattern" : {
"enabled" : true,
"name" : "value",
"pattern" : "value",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
},
"contentTypePattern" : {
"enabled" : true,
"name" : "text/html",
"pattern" : "text/html",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
},
"headerNamePattern" : {
"enabled" : true,
"name" : "headerName",
"pattern" : "headerName",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
},
"headerValuePattern" : {
"enabled" : true,
"name" : "headerValue",
"pattern" : "headerValue",
"caseIgnored" : true,
"inverted" : true,
"multipleSingleLineRegex" : true
}
} ]
}
}
}
Enable 'Show Maintenance Page' Option of a Mapping
POST /configuration/mappings/{id}/maintenance
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/maintenance" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Disable 'Show Maintenance Page' Option of a Mapping
DELETE /configuration/mappings/{id}/maintenance
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/maintenance" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Import Mappings (New or Replace)
PUT /configuration/mappings/import
Content-Type application/zip
Accept application/json
If a mapping with the same name already exists, its settings/connections will be overwritten.
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/import" -i -X PUT \
-H 'Content-Type: application/zip' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
--data-binary '@/tmp/upload.zip'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 17203
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:04.821Z"
},
"data" : [ {
"type" : "mapping",
"id" : "3",
"attributes" : {
"name" : "mymapping",
"labels" : [ ],
"tenant" : "",
"entryPath" : {
"value" : "/",
"enforceTrailingSlashes" : true,
"regexFormatEnforced" : false,
"ignoreCase" : false,
"priority" : 0
},
"backendPath" : "/",
"threatHandling" : "BLOCK",
"operationalMode" : "PRODUCTION",
"enableMaintenancePage" : false,
"access" : {
"deniedUrl" : {
"value" : "/",
"mode" : "GLOBAL"
},
"restrictions" : [ ],
"clientCertificateAuthentication" : "NOT_REQUIRED",
"authenticationFlow" : "REDIRECT",
"backendLogoutUrl" : "",
"backendLogoutHostHeader" : "",
"ntlmPassthroughEnabled" : false,
"credentialsPropagation" : {
"mandatory" : false,
"type" : "NONE"
},
"tokensEnabled" : false,
"tokenTransport" : {
"presenceMandatoryEnforced" : false,
"headerExtraction" : {
"enabled" : false,
"extractionPattern" : {
"pattern" : "^Authorization: Bearer (.*)$",
"caseIgnored" : true
},
"replaceWith" : "$1"
},
"parameterExtraction" : {
"enabled" : false,
"name" : ""
},
"cookieExtraction" : {
"enabled" : false,
"name" : ""
}
},
"tokenVerification" : {
"signatureCheckEnforced" : true,
"expiryCheckEnabled" : false,
"expiryCheckSkew" : 10,
"extractTechnicalClientIdEnabled" : false,
"extractTechnicalClientIdName" : "",
"setAuditTokenFromSubjectEnabled" : false,
"claimRestrictions" : [ ],
"roleExtractions" : [ ]
}
},
"ipRules" : {
"ipAddressWhitelists" : {
"logOnly" : false,
"pathWhitelists" : [ ]
},
"ipAddressBlacklists" : {
"logOnly" : false,
"webrootThreatCategories" : ""
},
"dynamicIpAddressBlacklist" : {
"enabled" : false,
"countMode" : "OFF"
}
},
"botManagement" : {
"logOnly" : false,
"clientCookieSupportEnforced" : false,
"wellKnownBots" : {
"allowed" : false,
"sourceDomainEnforced" : false
},
"customBots" : {
"allowed" : false,
"sourceDomainEnforced" : false,
"userAgentPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
},
"domainPattern" : {
"pattern" : "",
"inverted" : false
}
}
},
"timeouts" : {
"backend" : 120,
"sessionIdle" : 0
},
"limits" : {
"general" : {
"maxRequestBodySize" : 104857600,
"maxPathLength" : 1024
},
"http" : {
"maxParameters" : 128,
"maxParameterNameLength" : 128,
"maxParameterValueLength" : 1024
},
"json" : {
"enabled" : true,
"maxKeyLength" : 256,
"maxValueLength" : 8192,
"maxNestingDepth" : 100,
"maxArrayItems" : 500,
"maxKeys" : 250,
"maxTotalEntries" : 150000
},
"graphql" : {
"enabled" : false,
"maxQuerySize" : 1024,
"maxQueryNestingDepth" : 10,
"maxValueLength" : 256
}
},
"csrfProtection" : {
"enabled" : false,
"invalidTokenRedirectLocation" : "/%ENTRYPATH%",
"pathExceptions" : [ {
"pattern" : "",
"caseIgnored" : false
} ]
},
"application" : {
"sessionHandling" : "ENFORCE_SESSION",
"controlApiAllowed" : false,
"environmentCookiesEnabled" : false,
"encryptedCookies" : {
"enabled" : false,
"prefix" : ""
},
"passthroughCookies" : {
"enabled" : false,
"prefix" : ""
},
"loadBalancingCookieEnabled" : false,
"webSocketsAllowed" : false,
"redirectForErrorPageEnabled" : true,
"request" : {
"charset" : "UTF_8_FALLBACK_WINDOWS_1252",
"path" : {
"enforceUtf8" : false
},
"header" : {
"enforceUtf8" : false,
"allowlist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : false,
"pattern" : "^$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"denylist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : false,
"pattern" : "^$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
}
},
"parameter" : {
"enforceUtf8" : false
}
},
"response" : {
"compressionAllowed" : false,
"stripCommentsEnabled" : true,
"header" : {
"allowlist" : {
"defaultEnabled" : false,
"additional" : {
"enabled" : false,
"pattern" : "^$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"denylist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : false,
"pattern" : "^$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"location" : {
"rewrites" : [ ]
}
},
"json" : {
"rewrites" : [ ]
},
"body" : {
"rewrites" : [ ]
},
"html" : {
"rewrites" : [ ]
},
"errorPage" : {
"rewrites" : [ ]
}
}
},
"apiSecurity" : {
"treatPathSegmentsAsParamValues" : false,
"json" : {
"valuesChecked" : true,
"contentTypePattern" : {
"pattern" : "json",
"caseIgnored" : true,
"inverted" : false
},
"pathExceptions" : [ ]
},
"graphql" : {
"enabled" : false,
"logOnly" : false,
"mutationsAllowed" : true,
"introspectionAllowed" : true,
"valuesChecked" : true,
"schemaEnforced" : false
},
"openApi" : {
"enabled" : false,
"logOnly" : false,
"responseCheckEnforced" : false,
"pathMatching" : "ClientView",
"specificationPublished" : false,
"specificationPublishPath" : ""
},
"apiPolicy" : {
"enabled" : false,
"keyExtractionHeader" : {
"enabled" : true,
"extractionPattern" : {
"pattern" : "^Api-Key: (.*)$",
"caseIgnored" : false,
"inverted" : false
},
"replaceWith" : "$1"
},
"keyExtractionQueryParameter" : {
"enabled" : false,
"parameterName" : "api_key"
},
"keyExtractionCookie" : {
"enabled" : false,
"cookieName" : "ApiKey"
}
}
},
"dosAttackPrevention" : {
"enabled" : false,
"logOnly" : false,
"restrictions" : [ ]
},
"overloadPrevention" : {
"enabled" : false,
"logOnly" : false,
"restrictions" : [ ]
},
"requestBodyStreaming" : {
"enabled" : false,
"httpMethodPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
},
"pathPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
},
"contentTypePattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
}
},
"httpParameterPollutionDetection" : {
"mixedTypes" : {
"enabled" : true,
"logOnly" : false,
"parameterNameExceptionPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
}
},
"sameType" : {
"enabled" : true
}
},
"expertSettings" : {
"securityGate" : {
"enabled" : false,
"settings" : ""
},
"apache" : {
"enabled" : false,
"settings" : ""
}
},
"locking" : {
"enabled" : false,
"labels" : false,
"access" : {
"deniedUrl" : {
"value" : false,
"mode" : false
},
"restrictions" : false,
"clientCertificateAuthentication" : false,
"authenticationFlow" : false,
"backendLogoutUrl" : false,
"backendLogoutHostHeader" : false,
"ntlmPassthroughEnabled" : false,
"credentialsPropagation" : {
"mandatory" : false,
"type" : false
},
"tokensEnabled" : false,
"tokenVerification" : {
"localJwksProviders" : false,
"remoteJwksProviders" : false,
"expiryCheckEnabled" : false,
"expiryCheckSkew" : false,
"claimRestrictions" : false,
"roleExtractions" : false,
"extractTechnicalClientIdEnabled" : false,
"extractTechnicalClientIdName" : false,
"setAuditTokenFromSubjectEnabled" : false
},
"tokenTransport" : {
"presenceMandatoryEnforced" : false,
"headerExtraction" : {
"enabled" : false,
"extractionPattern" : false,
"replaceWith" : false
},
"parameterExtraction" : {
"enabled" : false,
"name" : false
},
"cookieExtraction" : {
"enabled" : false,
"name" : false
}
}
},
"entryPath" : {
"settings" : false,
"enforceTrailingSlashes" : false,
"regexFormatEnforced" : false,
"priority" : false
},
"backendPath" : false,
"threatHandling" : false,
"operationalMode" : false,
"enableMaintenancePage" : false,
"ipRules" : {
"ipAddressWhitelists" : {
"logOnly" : false,
"pathIpAddressWhitelists" : false
},
"ipAddressBlacklists" : {
"logOnly" : false
},
"dynamicIpAddressBlacklist" : {
"enabled" : false,
"countMode" : false
}
},
"botManagement" : {
"logOnly" : false,
"clientCookieSupportEnforced" : false,
"wellKnownBots" : {
"allowed" : false,
"sourceDomainEnforced" : false
},
"customBots" : {
"allowed" : false,
"sourceDomainEnforced" : false,
"userAgentPattern" : false,
"domainPattern" : false
}
},
"timeouts" : {
"backend" : false,
"sessionIdle" : false
},
"limits" : {
"general" : {
"maxRequestBodySize" : false,
"maxPathLength" : false
},
"http" : {
"maxParameters" : false,
"maxParameterNameLength" : false,
"maxParameterValueLength" : false,
"maxParameterLengthException" : false
},
"json" : {
"enabled" : false,
"maxKeyLength" : false,
"maxValueLength" : false,
"maxLengthException" : false,
"maxNestingDepth" : false,
"maxArrayItems" : false,
"maxKeys" : false,
"maxTotalEntries" : false
},
"graphql" : {
"enabled" : false,
"maxQuerySize" : false,
"maxQueryNestingDepth" : false,
"maxValueLength" : false,
"maxLengthException" : false
}
},
"csrfProtection" : {
"enabled" : false,
"invalidTokenRedirectLocation" : false,
"pathExceptions" : false
},
"application" : {
"sessionHandling" : false,
"controlApiAllowed" : false,
"environmentCookiesEnabled" : false,
"encryptedCookies" : {
"enabled" : false,
"prefix" : false
},
"passthroughCookies" : {
"enabled" : false,
"prefix" : false
},
"loadBalancingCookieEnabled" : false,
"webSocketsAllowed" : false,
"redirectForErrorPageEnabled" : false,
"request" : {
"charset" : false,
"path" : {
"enforceUtf8" : false
},
"header" : {
"enforceUtf8" : false,
"allowlist" : {
"defaultEnabled" : true,
"additional" : false
},
"denylist" : {
"defaultEnabled" : true,
"additional" : false
}
},
"parameter" : {
"enforceUtf8" : false
}
},
"response" : {
"compressionAllowed" : false,
"stripCommentsEnabled" : false,
"header" : {
"allowlist" : {
"defaultEnabled" : true,
"additional" : false
},
"denylist" : {
"defaultEnabled" : true,
"additional" : false
},
"location" : {
"rewrites" : false
}
},
"json" : {
"rewrites" : false
},
"body" : {
"rewrites" : false
},
"html" : {
"rewrites" : false
},
"errorPage" : {
"rewrites" : false
}
}
},
"apiSecurity" : {
"treatPathSegmentsAsParamValues" : false,
"json" : {
"valuesChecked" : false,
"contentTypePattern" : false,
"pathExceptions" : false
},
"graphql" : {
"enabled" : false,
"logOnly" : false,
"mutationsAllowed" : false,
"introspectionAllowed" : false,
"valuesChecked" : false,
"schemaEnforced" : false
},
"openApi" : {
"enabled" : false,
"logOnly" : false,
"documentId" : false,
"responseCheckEnforced" : false,
"pathMatching" : false,
"specificationPublished" : false,
"specificationPublishPath" : false
},
"apiPolicy" : {
"enabled" : false,
"serviceId" : false,
"keyExtractionHeader" : {
"enabled" : false,
"extractionPattern" : false,
"replaceWith" : false
},
"keyExtractionQueryParameter" : {
"enabled" : false,
"parameterName" : false
},
"keyExtractionCookie" : {
"enabled" : false,
"cookieName" : false
}
}
},
"dosAttackPrevention" : {
"enabled" : false,
"logOnly" : false,
"ipAddressException" : false,
"restrictions" : false
},
"overloadPrevention" : {
"enabled" : false,
"logOnly" : false,
"ipAddressException" : false,
"restrictions" : false
},
"requestBodyStreaming" : {
"enabled" : false,
"httpMethodPattern" : false,
"pathPattern" : false,
"contentTypePattern" : false
},
"httpParameterPollutionDetection" : {
"mixedTypes" : {
"enabled" : false,
"logOnly" : false,
"parameterNameExceptionPattern" : false
},
"sameType" : {
"enabled" : false
}
},
"icap" : {
"request" : {
"clientViews" : false,
"backendViews" : false
},
"response" : {
"backendViews" : false,
"clientViews" : false
}
}
}
}
} ]
}
Import Mappings (As New Copy)
POST /configuration/mappings/import
Content-Type application/zip
Accept application/json
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/import" -i -X POST \
-H 'Content-Type: application/zip' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
--data-binary '@/tmp/upload.zip'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 17211
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:00.251Z"
},
"data" : [ {
"type" : "mapping",
"id" : "3",
"attributes" : {
"name" : "Copy-of-mymapping",
"labels" : [ ],
"tenant" : "",
"entryPath" : {
"value" : "/",
"enforceTrailingSlashes" : true,
"regexFormatEnforced" : false,
"ignoreCase" : false,
"priority" : 0
},
"backendPath" : "/",
"threatHandling" : "BLOCK",
"operationalMode" : "PRODUCTION",
"enableMaintenancePage" : false,
"access" : {
"deniedUrl" : {
"value" : "/",
"mode" : "GLOBAL"
},
"restrictions" : [ ],
"clientCertificateAuthentication" : "NOT_REQUIRED",
"authenticationFlow" : "REDIRECT",
"backendLogoutUrl" : "",
"backendLogoutHostHeader" : "",
"ntlmPassthroughEnabled" : false,
"credentialsPropagation" : {
"mandatory" : false,
"type" : "NONE"
},
"tokensEnabled" : false,
"tokenTransport" : {
"presenceMandatoryEnforced" : false,
"headerExtraction" : {
"enabled" : false,
"extractionPattern" : {
"pattern" : "^Authorization: Bearer (.*)$",
"caseIgnored" : true
},
"replaceWith" : "$1"
},
"parameterExtraction" : {
"enabled" : false,
"name" : ""
},
"cookieExtraction" : {
"enabled" : false,
"name" : ""
}
},
"tokenVerification" : {
"signatureCheckEnforced" : true,
"expiryCheckEnabled" : false,
"expiryCheckSkew" : 10,
"extractTechnicalClientIdEnabled" : false,
"extractTechnicalClientIdName" : "",
"setAuditTokenFromSubjectEnabled" : false,
"claimRestrictions" : [ ],
"roleExtractions" : [ ]
}
},
"ipRules" : {
"ipAddressWhitelists" : {
"logOnly" : false,
"pathWhitelists" : [ ]
},
"ipAddressBlacklists" : {
"logOnly" : false,
"webrootThreatCategories" : ""
},
"dynamicIpAddressBlacklist" : {
"enabled" : false,
"countMode" : "OFF"
}
},
"botManagement" : {
"logOnly" : false,
"clientCookieSupportEnforced" : false,
"wellKnownBots" : {
"allowed" : false,
"sourceDomainEnforced" : false
},
"customBots" : {
"allowed" : false,
"sourceDomainEnforced" : false,
"userAgentPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
},
"domainPattern" : {
"pattern" : "",
"inverted" : false
}
}
},
"timeouts" : {
"backend" : 120,
"sessionIdle" : 0
},
"limits" : {
"general" : {
"maxRequestBodySize" : 104857600,
"maxPathLength" : 1024
},
"http" : {
"maxParameters" : 128,
"maxParameterNameLength" : 128,
"maxParameterValueLength" : 1024
},
"json" : {
"enabled" : true,
"maxKeyLength" : 256,
"maxValueLength" : 8192,
"maxNestingDepth" : 100,
"maxArrayItems" : 500,
"maxKeys" : 250,
"maxTotalEntries" : 150000
},
"graphql" : {
"enabled" : false,
"maxQuerySize" : 1024,
"maxQueryNestingDepth" : 10,
"maxValueLength" : 256
}
},
"csrfProtection" : {
"enabled" : false,
"invalidTokenRedirectLocation" : "/%ENTRYPATH%",
"pathExceptions" : [ {
"pattern" : "",
"caseIgnored" : false
} ]
},
"application" : {
"sessionHandling" : "ENFORCE_SESSION",
"controlApiAllowed" : false,
"environmentCookiesEnabled" : false,
"encryptedCookies" : {
"enabled" : false,
"prefix" : ""
},
"passthroughCookies" : {
"enabled" : false,
"prefix" : ""
},
"loadBalancingCookieEnabled" : false,
"webSocketsAllowed" : false,
"redirectForErrorPageEnabled" : true,
"request" : {
"charset" : "UTF_8_FALLBACK_WINDOWS_1252",
"path" : {
"enforceUtf8" : false
},
"header" : {
"enforceUtf8" : false,
"allowlist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : false,
"pattern" : "^$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"denylist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : false,
"pattern" : "^$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
}
},
"parameter" : {
"enforceUtf8" : false
}
},
"response" : {
"compressionAllowed" : false,
"stripCommentsEnabled" : true,
"header" : {
"allowlist" : {
"defaultEnabled" : false,
"additional" : {
"enabled" : false,
"pattern" : "^$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"denylist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : false,
"pattern" : "^$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"location" : {
"rewrites" : [ ]
}
},
"json" : {
"rewrites" : [ ]
},
"body" : {
"rewrites" : [ ]
},
"html" : {
"rewrites" : [ ]
},
"errorPage" : {
"rewrites" : [ ]
}
}
},
"apiSecurity" : {
"treatPathSegmentsAsParamValues" : false,
"json" : {
"valuesChecked" : true,
"contentTypePattern" : {
"pattern" : "json",
"caseIgnored" : true,
"inverted" : false
},
"pathExceptions" : [ ]
},
"graphql" : {
"enabled" : false,
"logOnly" : false,
"mutationsAllowed" : true,
"introspectionAllowed" : true,
"valuesChecked" : true,
"schemaEnforced" : false
},
"openApi" : {
"enabled" : false,
"logOnly" : false,
"responseCheckEnforced" : false,
"pathMatching" : "ClientView",
"specificationPublished" : false,
"specificationPublishPath" : ""
},
"apiPolicy" : {
"enabled" : false,
"keyExtractionHeader" : {
"enabled" : true,
"extractionPattern" : {
"pattern" : "^Api-Key: (.*)$",
"caseIgnored" : false,
"inverted" : false
},
"replaceWith" : "$1"
},
"keyExtractionQueryParameter" : {
"enabled" : false,
"parameterName" : "api_key"
},
"keyExtractionCookie" : {
"enabled" : false,
"cookieName" : "ApiKey"
}
}
},
"dosAttackPrevention" : {
"enabled" : false,
"logOnly" : false,
"restrictions" : [ ]
},
"overloadPrevention" : {
"enabled" : false,
"logOnly" : false,
"restrictions" : [ ]
},
"requestBodyStreaming" : {
"enabled" : false,
"httpMethodPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
},
"pathPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
},
"contentTypePattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
}
},
"httpParameterPollutionDetection" : {
"mixedTypes" : {
"enabled" : true,
"logOnly" : false,
"parameterNameExceptionPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
}
},
"sameType" : {
"enabled" : true
}
},
"expertSettings" : {
"securityGate" : {
"enabled" : false,
"settings" : ""
},
"apache" : {
"enabled" : false,
"settings" : ""
}
},
"locking" : {
"enabled" : false,
"labels" : false,
"access" : {
"deniedUrl" : {
"value" : false,
"mode" : false
},
"restrictions" : false,
"clientCertificateAuthentication" : false,
"authenticationFlow" : false,
"backendLogoutUrl" : false,
"backendLogoutHostHeader" : false,
"ntlmPassthroughEnabled" : false,
"credentialsPropagation" : {
"mandatory" : false,
"type" : false
},
"tokensEnabled" : false,
"tokenVerification" : {
"localJwksProviders" : false,
"remoteJwksProviders" : false,
"expiryCheckEnabled" : false,
"expiryCheckSkew" : false,
"claimRestrictions" : false,
"roleExtractions" : false,
"extractTechnicalClientIdEnabled" : false,
"extractTechnicalClientIdName" : false,
"setAuditTokenFromSubjectEnabled" : false
},
"tokenTransport" : {
"presenceMandatoryEnforced" : false,
"headerExtraction" : {
"enabled" : false,
"extractionPattern" : false,
"replaceWith" : false
},
"parameterExtraction" : {
"enabled" : false,
"name" : false
},
"cookieExtraction" : {
"enabled" : false,
"name" : false
}
}
},
"entryPath" : {
"settings" : false,
"enforceTrailingSlashes" : false,
"regexFormatEnforced" : false,
"priority" : false
},
"backendPath" : false,
"threatHandling" : false,
"operationalMode" : false,
"enableMaintenancePage" : false,
"ipRules" : {
"ipAddressWhitelists" : {
"logOnly" : false,
"pathIpAddressWhitelists" : false
},
"ipAddressBlacklists" : {
"logOnly" : false
},
"dynamicIpAddressBlacklist" : {
"enabled" : false,
"countMode" : false
}
},
"botManagement" : {
"logOnly" : false,
"clientCookieSupportEnforced" : false,
"wellKnownBots" : {
"allowed" : false,
"sourceDomainEnforced" : false
},
"customBots" : {
"allowed" : false,
"sourceDomainEnforced" : false,
"userAgentPattern" : false,
"domainPattern" : false
}
},
"timeouts" : {
"backend" : false,
"sessionIdle" : false
},
"limits" : {
"general" : {
"maxRequestBodySize" : false,
"maxPathLength" : false
},
"http" : {
"maxParameters" : false,
"maxParameterNameLength" : false,
"maxParameterValueLength" : false,
"maxParameterLengthException" : false
},
"json" : {
"enabled" : false,
"maxKeyLength" : false,
"maxValueLength" : false,
"maxLengthException" : false,
"maxNestingDepth" : false,
"maxArrayItems" : false,
"maxKeys" : false,
"maxTotalEntries" : false
},
"graphql" : {
"enabled" : false,
"maxQuerySize" : false,
"maxQueryNestingDepth" : false,
"maxValueLength" : false,
"maxLengthException" : false
}
},
"csrfProtection" : {
"enabled" : false,
"invalidTokenRedirectLocation" : false,
"pathExceptions" : false
},
"application" : {
"sessionHandling" : false,
"controlApiAllowed" : false,
"environmentCookiesEnabled" : false,
"encryptedCookies" : {
"enabled" : false,
"prefix" : false
},
"passthroughCookies" : {
"enabled" : false,
"prefix" : false
},
"loadBalancingCookieEnabled" : false,
"webSocketsAllowed" : false,
"redirectForErrorPageEnabled" : false,
"request" : {
"charset" : false,
"path" : {
"enforceUtf8" : false
},
"header" : {
"enforceUtf8" : false,
"allowlist" : {
"defaultEnabled" : true,
"additional" : false
},
"denylist" : {
"defaultEnabled" : true,
"additional" : false
}
},
"parameter" : {
"enforceUtf8" : false
}
},
"response" : {
"compressionAllowed" : false,
"stripCommentsEnabled" : false,
"header" : {
"allowlist" : {
"defaultEnabled" : true,
"additional" : false
},
"denylist" : {
"defaultEnabled" : true,
"additional" : false
},
"location" : {
"rewrites" : false
}
},
"json" : {
"rewrites" : false
},
"body" : {
"rewrites" : false
},
"html" : {
"rewrites" : false
},
"errorPage" : {
"rewrites" : false
}
}
},
"apiSecurity" : {
"treatPathSegmentsAsParamValues" : false,
"json" : {
"valuesChecked" : false,
"contentTypePattern" : false,
"pathExceptions" : false
},
"graphql" : {
"enabled" : false,
"logOnly" : false,
"mutationsAllowed" : false,
"introspectionAllowed" : false,
"valuesChecked" : false,
"schemaEnforced" : false
},
"openApi" : {
"enabled" : false,
"logOnly" : false,
"documentId" : false,
"responseCheckEnforced" : false,
"pathMatching" : false,
"specificationPublished" : false,
"specificationPublishPath" : false
},
"apiPolicy" : {
"enabled" : false,
"serviceId" : false,
"keyExtractionHeader" : {
"enabled" : false,
"extractionPattern" : false,
"replaceWith" : false
},
"keyExtractionQueryParameter" : {
"enabled" : false,
"parameterName" : false
},
"keyExtractionCookie" : {
"enabled" : false,
"cookieName" : false
}
}
},
"dosAttackPrevention" : {
"enabled" : false,
"logOnly" : false,
"ipAddressException" : false,
"restrictions" : false
},
"overloadPrevention" : {
"enabled" : false,
"logOnly" : false,
"ipAddressException" : false,
"restrictions" : false
},
"requestBodyStreaming" : {
"enabled" : false,
"httpMethodPattern" : false,
"pathPattern" : false,
"contentTypePattern" : false
},
"httpParameterPollutionDetection" : {
"mixedTypes" : {
"enabled" : false,
"logOnly" : false,
"parameterNameExceptionPattern" : false
},
"sameType" : {
"enabled" : false
}
},
"icap" : {
"request" : {
"clientViews" : false,
"backendViews" : false
},
"response" : {
"backendViews" : false,
"clientViews" : false
}
}
}
}
} ]
}
Export a Mapping
GET /configuration/mappings/{id}/export
Accept application/zip
Allows the export of a mapping.
Status Code | Description |
---|---|
200 |
The mapping was successfully exported. |
404 |
There is no mapping with the given ID to export. |
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/export" -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/zip' \
-o '/tmp/download.zip'
Example Response
HTTP/1.1 200 OK
Content-Type: application/zip
Content-Length: 4743
Export Mappings
GET /configuration/mappings/export
Accept application/zip
Export multiple mappings. If no filter
parameter is given, all mappings are exported.
Status Code | Description |
---|---|
200 |
Mappings were successfully exported. |
404 |
There is no mapping matching the search filter to export. |
Request Structure
Parameter | Description | Required |
---|---|---|
|
Optionally allows to filter by: 'name', 'label', 'entryPath' and 'backendPath'. Click here for more details about the syntax. |
no |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/export?filter=label%3D%3DmyMappingLabel&filter=entryPath%3D%3D/mymapping/" -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/zip' \
-o '/tmp/download.zip'
Example Response
HTTP/1.1 200 OK
Content-Type: application/zip
Content-Length: 4743
Apply Unlocked Settings from Source Mapping
POST /configuration/mappings/{id}/pull-from-source-mapping
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/4/pull-from-source-mapping" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 26991
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:02.607Z"
},
"data" : {
"type" : "mapping",
"id" : "4",
"attributes" : {
"name" : "mymapping",
"labels" : [ "myMappingLabel" ],
"tenant" : "",
"entryPath" : {
"value" : "/source-mapping-path/",
"enforceTrailingSlashes" : true,
"regexFormatEnforced" : false,
"ignoreCase" : false,
"priority" : 0
},
"backendPath" : "/",
"threatHandling" : "BLOCK",
"operationalMode" : "PRODUCTION",
"enableMaintenancePage" : true,
"access" : {
"deniedUrl" : {
"value" : "/",
"mode" : "GLOBAL"
},
"restrictions" : [ {
"enabled" : true,
"httpMethodPattern" : {
"pattern" : "GET",
"caseIgnored" : true,
"inverted" : true
},
"entryPathPattern" : {
"pattern" : "/admin/",
"caseIgnored" : true,
"inverted" : true
},
"authorizedRoles" : [ "admin" ],
"authorizedPlans" : [ "android", "ios", "browser" ]
} ],
"clientCertificateAuthentication" : "NOT_REQUIRED",
"authenticationFlow" : "REDIRECT",
"backendLogoutUrl" : "/logout",
"backendLogoutHostHeader" : "%BACKENDHOST%",
"ntlmPassthroughEnabled" : false,
"credentialsPropagation" : {
"mandatory" : false,
"type" : "NONE"
},
"tokensEnabled" : false,
"tokenTransport" : {
"presenceMandatoryEnforced" : false,
"headerExtraction" : {
"enabled" : false,
"extractionPattern" : {
"pattern" : "^Authorization: Bearer (.*)$",
"caseIgnored" : true
},
"replaceWith" : "$1"
},
"parameterExtraction" : {
"enabled" : false,
"name" : ""
},
"cookieExtraction" : {
"enabled" : false,
"name" : ""
}
},
"tokenVerification" : {
"signatureCheckEnforced" : false,
"expiryCheckEnabled" : false,
"expiryCheckSkew" : 10,
"extractTechnicalClientIdEnabled" : false,
"extractTechnicalClientIdName" : "",
"setAuditTokenFromSubjectEnabled" : false,
"claimRestrictions" : [ {
"enabled" : true,
"name" : "myClaim",
"restrictionPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
}
} ],
"roleExtractions" : [ {
"enabled" : true,
"name" : "myClaim",
"extractionPattern" : {
"pattern" : "",
"caseIgnored" : false
},
"replaceWith" : "$1",
"tokenLifetimeAsRoleLifetimeEnforced" : true
} ]
}
},
"ipRules" : {
"ipAddressWhitelists" : {
"logOnly" : false,
"pathWhitelists" : [ {
"enabled" : true,
"pathPattern" : {
"pattern" : ".*",
"caseIgnored" : true,
"inverted" : true
},
"ipAddressListIds" : [ 90, 91 ]
} ]
},
"ipAddressBlacklists" : {
"logOnly" : false,
"webrootThreatCategories" : "WEB_ATTACKS"
},
"dynamicIpAddressBlacklist" : {
"enabled" : false,
"countMode" : "OFF"
}
},
"botManagement" : {
"logOnly" : false,
"clientCookieSupportEnforced" : false,
"wellKnownBots" : {
"allowed" : false,
"sourceDomainEnforced" : false
},
"customBots" : {
"allowed" : false,
"sourceDomainEnforced" : false,
"userAgentPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
},
"domainPattern" : {
"pattern" : "",
"inverted" : false
}
}
},
"timeouts" : {
"backend" : 120,
"sessionIdle" : 0
},
"limits" : {
"general" : {
"maxRequestBodySize" : 1073741824,
"maxPathLength" : 1024
},
"http" : {
"maxParameters" : 128,
"maxParameterNameLength" : 128,
"maxParameterValueLength" : 1024
},
"json" : {
"enabled" : true,
"maxKeyLength" : 256,
"maxValueLength" : 8192,
"maxNestingDepth" : 100,
"maxArrayItems" : 500,
"maxKeys" : 250,
"maxTotalEntries" : 150000
},
"graphql" : {
"enabled" : false,
"maxQuerySize" : 1024,
"maxQueryNestingDepth" : 10,
"maxValueLength" : 256
}
},
"csrfProtection" : {
"enabled" : false,
"invalidTokenRedirectLocation" : "/%ENTRYPATH%",
"pathExceptions" : [ {
"pattern" : "^/exception$",
"caseIgnored" : true
} ]
},
"application" : {
"sessionHandling" : "ENFORCE_SESSION",
"controlApiAllowed" : false,
"environmentCookiesEnabled" : false,
"encryptedCookies" : {
"enabled" : false,
"prefix" : ""
},
"passthroughCookies" : {
"enabled" : false,
"prefix" : ""
},
"loadBalancingCookieEnabled" : true,
"webSocketsAllowed" : false,
"redirectForErrorPageEnabled" : false,
"request" : {
"charset" : "UTF_8_FALLBACK_WINDOWS_1252",
"path" : {
"enforceUtf8" : false
},
"header" : {
"enforceUtf8" : false,
"allowlist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"denylist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
}
},
"parameter" : {
"enforceUtf8" : false
}
},
"response" : {
"compressionAllowed" : false,
"stripCommentsEnabled" : true,
"header" : {
"allowlist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Allowed-Header|Second-Additional-Allowed-Header)$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"denylist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : true,
"pattern" : "^(?:First-Additional-Denied-Header|Second-Additional-Denied-Header)$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"location" : {
"rewrites" : [ {
"enabled" : true,
"urlPattern" : {
"pattern" : "/",
"caseIgnored" : true
},
"replaceWith" : "$1"
} ]
}
},
"json" : {
"rewrites" : [ {
"enabled" : true,
"path" : "json#path",
"contentPattern" : {
"pattern" : "a",
"caseIgnored" : true
},
"replaceWith" : "b"
} ]
},
"body" : {
"rewrites" : [ {
"enabled" : true,
"contentType" : "application/json",
"contentPattern" : {
"pattern" : "a",
"caseIgnored" : true
},
"replaceWith" : "b"
} ]
},
"html" : {
"rewrites" : [ {
"enabled" : true,
"urlPattern" : {
"pattern" : "a",
"caseIgnored" : true
},
"uris" : true,
"events" : true,
"embedded" : true,
"replaceWith" : "b"
} ]
},
"errorPage" : {
"rewrites" : [ {
"enabled" : true,
"statusContentPattern" : "^5(?!02|03)..$",
"replaceWith" : "500.html"
} ]
}
}
},
"apiSecurity" : {
"treatPathSegmentsAsParamValues" : true,
"json" : {
"valuesChecked" : false,
"contentTypePattern" : {
"pattern" : "",
"caseIgnored" : true,
"inverted" : false
},
"pathExceptions" : [ {
"pattern" : "^/json-parse-exception$",
"caseIgnored" : true
} ]
},
"graphql" : {
"enabled" : true,
"logOnly" : true,
"mutationsAllowed" : true,
"introspectionAllowed" : true,
"valuesChecked" : true,
"schemaEnforced" : true
},
"openApi" : {
"enabled" : true,
"logOnly" : false,
"responseCheckEnforced" : false,
"pathMatching" : "ClientView",
"specificationPublished" : true,
"specificationPublishPath" : "path/to/apiSpecification.json"
},
"apiPolicy" : {
"enabled" : true,
"keyExtractionHeader" : {
"enabled" : true,
"extractionPattern" : {
"pattern" : "^Api-Key: (.*)$",
"caseIgnored" : false,
"inverted" : false
},
"replaceWith" : "$1"
},
"keyExtractionQueryParameter" : {
"enabled" : false,
"parameterName" : "api_key"
},
"keyExtractionCookie" : {
"enabled" : false,
"cookieName" : "ApiKey"
}
}
},
"dosAttackPrevention" : {
"enabled" : true,
"logOnly" : true,
"restrictions" : [ {
"enabled" : true,
"pathPattern" : {
"pattern" : "^%ENTRYDIR%/",
"caseIgnored" : true,
"inverted" : true
},
"maxRequestsPerInterval" : 500,
"interval" : 60
} ]
},
"overloadPrevention" : {
"enabled" : false,
"logOnly" : false,
"restrictions" : [ {
"enabled" : true,
"pathPattern" : {
"pattern" : "%/.*",
"caseIgnored" : true,
"inverted" : true
},
"maxRequestsPerInterval" : 500,
"interval" : 60
} ]
},
"requestBodyStreaming" : {
"enabled" : false,
"httpMethodPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
},
"pathPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
},
"contentTypePattern" : {
"pattern" : "",
"caseIgnored" : true,
"inverted" : false
}
},
"httpParameterPollutionDetection" : {
"mixedTypes" : {
"enabled" : true,
"logOnly" : false,
"parameterNameExceptionPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
}
},
"sameType" : {
"enabled" : true
}
},
"expertSettings" : {
"securityGate" : {
"enabled" : false,
"settings" : ""
},
"apache" : {
"enabled" : false,
"settings" : ""
}
},
"locking" : {
"enabled" : false,
"labels" : false,
"access" : {
"deniedUrl" : {
"value" : false,
"mode" : false
},
"restrictions" : false,
"clientCertificateAuthentication" : false,
"authenticationFlow" : false,
"backendLogoutUrl" : false,
"backendLogoutHostHeader" : false,
"ntlmPassthroughEnabled" : false,
"credentialsPropagation" : {
"mandatory" : false,
"type" : false
},
"tokensEnabled" : false,
"tokenVerification" : {
"localJwksProviders" : true,
"remoteJwksProviders" : true,
"expiryCheckEnabled" : false,
"expiryCheckSkew" : false,
"claimRestrictions" : false,
"roleExtractions" : false,
"extractTechnicalClientIdEnabled" : false,
"extractTechnicalClientIdName" : false,
"setAuditTokenFromSubjectEnabled" : false
},
"tokenTransport" : {
"presenceMandatoryEnforced" : false,
"headerExtraction" : {
"enabled" : false,
"extractionPattern" : false,
"replaceWith" : false
},
"parameterExtraction" : {
"enabled" : false,
"name" : false
},
"cookieExtraction" : {
"enabled" : false,
"name" : false
}
}
},
"entryPath" : {
"settings" : false,
"enforceTrailingSlashes" : true,
"regexFormatEnforced" : true,
"priority" : false
},
"backendPath" : true,
"threatHandling" : false,
"operationalMode" : false,
"enableMaintenancePage" : false,
"ipRules" : {
"ipAddressWhitelists" : {
"logOnly" : false,
"pathIpAddressWhitelists" : false
},
"ipAddressBlacklists" : {
"logOnly" : false
},
"dynamicIpAddressBlacklist" : {
"enabled" : false,
"countMode" : false
}
},
"botManagement" : {
"logOnly" : false,
"clientCookieSupportEnforced" : false,
"wellKnownBots" : {
"allowed" : false,
"sourceDomainEnforced" : false
},
"customBots" : {
"allowed" : false,
"sourceDomainEnforced" : false,
"userAgentPattern" : false,
"domainPattern" : false
}
},
"timeouts" : {
"backend" : false,
"sessionIdle" : false
},
"limits" : {
"general" : {
"maxRequestBodySize" : true,
"maxPathLength" : true
},
"http" : {
"maxParameters" : false,
"maxParameterNameLength" : false,
"maxParameterValueLength" : false,
"maxParameterLengthException" : false
},
"json" : {
"enabled" : false,
"maxKeyLength" : false,
"maxValueLength" : false,
"maxLengthException" : false,
"maxNestingDepth" : false,
"maxArrayItems" : false,
"maxKeys" : false,
"maxTotalEntries" : false
},
"graphql" : {
"enabled" : false,
"maxQuerySize" : false,
"maxQueryNestingDepth" : false,
"maxValueLength" : false,
"maxLengthException" : false
}
},
"csrfProtection" : {
"enabled" : false,
"invalidTokenRedirectLocation" : false,
"pathExceptions" : false
},
"application" : {
"sessionHandling" : false,
"controlApiAllowed" : false,
"environmentCookiesEnabled" : false,
"encryptedCookies" : {
"enabled" : false,
"prefix" : false
},
"passthroughCookies" : {
"enabled" : false,
"prefix" : false
},
"loadBalancingCookieEnabled" : false,
"webSocketsAllowed" : false,
"redirectForErrorPageEnabled" : false,
"request" : {
"charset" : false,
"path" : {
"enforceUtf8" : false
},
"header" : {
"enforceUtf8" : false,
"allowlist" : {
"defaultEnabled" : true,
"additional" : false
},
"denylist" : {
"defaultEnabled" : false,
"additional" : false
}
},
"parameter" : {
"enforceUtf8" : false
}
},
"response" : {
"compressionAllowed" : false,
"stripCommentsEnabled" : false,
"header" : {
"allowlist" : {
"defaultEnabled" : false,
"additional" : false
},
"denylist" : {
"defaultEnabled" : false,
"additional" : false
},
"location" : {
"rewrites" : false
}
},
"json" : {
"rewrites" : false
},
"body" : {
"rewrites" : false
},
"html" : {
"rewrites" : false
},
"errorPage" : {
"rewrites" : false
}
}
},
"apiSecurity" : {
"treatPathSegmentsAsParamValues" : false,
"json" : {
"valuesChecked" : false,
"contentTypePattern" : false,
"pathExceptions" : false
},
"graphql" : {
"enabled" : false,
"logOnly" : false,
"mutationsAllowed" : false,
"introspectionAllowed" : false,
"valuesChecked" : false,
"schemaEnforced" : false
},
"openApi" : {
"enabled" : false,
"logOnly" : false,
"documentId" : false,
"responseCheckEnforced" : false,
"pathMatching" : false,
"specificationPublished" : false,
"specificationPublishPath" : false
},
"apiPolicy" : {
"enabled" : false,
"serviceId" : false,
"keyExtractionHeader" : {
"enabled" : false,
"extractionPattern" : false,
"replaceWith" : false
},
"keyExtractionQueryParameter" : {
"enabled" : false,
"parameterName" : false
},
"keyExtractionCookie" : {
"enabled" : false,
"cookieName" : false
}
}
},
"dosAttackPrevention" : {
"enabled" : false,
"logOnly" : false,
"ipAddressException" : false,
"restrictions" : false
},
"overloadPrevention" : {
"enabled" : false,
"logOnly" : false,
"ipAddressException" : false,
"restrictions" : false
},
"requestBodyStreaming" : {
"enabled" : false,
"httpMethodPattern" : false,
"pathPattern" : false,
"contentTypePattern" : false
},
"httpParameterPollutionDetection" : {
"mixedTypes" : {
"enabled" : false,
"logOnly" : false,
"parameterNameExceptionPattern" : false
},
"sameType" : {
"enabled" : false
}
},
"icap" : {
"request" : {
"clientViews" : false,
"backendViews" : false
},
"response" : {
"backendViews" : false,
"clientViews" : false
}
}
}
},
"relationships" : {
"back-end-groups" : {
"data" : [ {
"type" : "back-end-group",
"id" : "30"
} ]
},
"virtual-hosts" : {
"data" : [ {
"type" : "virtual-host",
"id" : "40"
} ]
},
"local-json-web-key-sets" : {
"data" : [ {
"type" : "local-json-web-key-set",
"id" : "46"
} ]
},
"remote-json-web-key-sets" : {
"data" : [ {
"type" : "remote-json-web-key-set",
"id" : "47"
} ]
},
"openapi-document" : {
"data" : {
"type" : "openapi-document",
"id" : "50"
}
},
"graphql-document" : {
"data" : {
"type" : "graphql-document",
"id" : "80"
}
},
"api-policy-service" : {
"data" : {
"type" : "api-policy-service",
"id" : "60"
}
},
"ip-address-whitelists" : {
"data" : [ {
"type" : "ip-address-list",
"id" : "90"
}, {
"type" : "ip-address-list",
"id" : "91"
} ]
},
"ip-address-blacklists" : {
"data" : [ {
"type" : "ip-address-list",
"id" : "92"
} ]
},
"ip-address-blacklist-exceptions" : {
"data" : [ {
"type" : "ip-address-list",
"id" : "92"
} ]
},
"dos-attack-prevention-source-ip-address-exception" : {
"data" : {
"type" : "ip-address-list",
"id" : "80"
}
},
"icap-request-client-views" : {
"data" : [ {
"type" : "icap-environment",
"id" : "42",
"meta" : {
"type" : "jsonapi.meta",
"usage" : {
"httpMethodPattern" : {
"caseIgnored" : "true",
"pattern" : "GET",
"inverted" : "true"
},
"pathPattern" : {
"caseIgnored" : "true",
"pattern" : "/entity-path",
"inverted" : "true"
},
"requestHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "^X-Entity",
"inverted" : "true"
},
"requestHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "EntityValue",
"inverted" : "true"
},
"enabled" : true
}
}
} ]
},
"icap-request-backend-views" : {
"data" : [ {
"type" : "icap-environment",
"id" : "43",
"meta" : {
"type" : "jsonapi.meta",
"usage" : {
"httpMethodPattern" : {
"caseIgnored" : "true",
"pattern" : "GET",
"inverted" : "true"
},
"pathPattern" : {
"caseIgnored" : "true",
"pattern" : "/entity-path",
"inverted" : "true"
},
"requestHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "^X-Entity",
"inverted" : "true"
},
"requestHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "EntityValue",
"inverted" : "true"
},
"enabled" : true
}
}
} ]
},
"icap-response-backend-views" : {
"data" : [ {
"type" : "icap-environment",
"id" : "44",
"meta" : {
"type" : "jsonapi.meta",
"usage" : {
"httpMethodPattern" : {
"caseIgnored" : "true",
"pattern" : "GET",
"inverted" : "true"
},
"pathPattern" : {
"caseIgnored" : "true",
"pattern" : "/entity-path",
"inverted" : "true"
},
"requestHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "^X-Entity",
"inverted" : "true"
},
"requestHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "EntityValue",
"inverted" : "true"
},
"responseHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "X-Response",
"inverted" : "true"
},
"responseHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "responsevalue",
"inverted" : "true"
},
"enabled" : true
}
}
} ]
},
"icap-response-client-views" : {
"data" : [ {
"type" : "icap-environment",
"id" : "45",
"meta" : {
"type" : "jsonapi.meta",
"usage" : {
"httpMethodPattern" : {
"caseIgnored" : "true",
"pattern" : "GET",
"inverted" : "true"
},
"pathPattern" : {
"caseIgnored" : "true",
"pattern" : "/entity-path",
"inverted" : "true"
},
"requestHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "^X-Entity",
"inverted" : "true"
},
"requestHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "EntityValue",
"inverted" : "true"
},
"responseHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "X-Response",
"inverted" : "true"
},
"responseHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "responsevalue",
"inverted" : "true"
},
"enabled" : true
}
}
} ]
},
"anomaly-shield-application" : {
"data" : {
"type" : "anomaly-shield-application",
"id" : "70"
}
},
"template" : {
"data" : {
"type" : "mapping",
"id" : "3"
}
}
}
}
}
Apply Unlocked Settings from Import
POST /configuration/mappings/pull-from-uploaded-mappings
Content-Type application/zip
Accept application/json
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/pull-from-uploaded-mappings" -i -X POST \
-H 'Content-Type: application/zip' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
--data-binary '@/tmp/upload.zip'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 17785
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:02.190Z"
},
"data" : [ {
"type" : "mapping",
"id" : "1",
"attributes" : {
"name" : "mymapping",
"labels" : [ ],
"tenant" : "",
"entryPath" : {
"value" : "/mymapping/",
"enforceTrailingSlashes" : true,
"regexFormatEnforced" : false,
"ignoreCase" : false,
"priority" : 0
},
"backendPath" : "/",
"threatHandling" : "BLOCK",
"operationalMode" : "PRODUCTION",
"enableMaintenancePage" : false,
"access" : {
"deniedUrl" : {
"value" : "/",
"mode" : "GLOBAL"
},
"restrictions" : [ ],
"clientCertificateAuthentication" : "NOT_REQUIRED",
"authenticationFlow" : "REDIRECT",
"backendLogoutUrl" : "",
"backendLogoutHostHeader" : "",
"ntlmPassthroughEnabled" : false,
"credentialsPropagation" : {
"mandatory" : false,
"type" : "NONE"
},
"tokensEnabled" : false,
"tokenTransport" : {
"presenceMandatoryEnforced" : false,
"headerExtraction" : {
"enabled" : false,
"extractionPattern" : {
"pattern" : "^Authorization: Bearer (.*)$",
"caseIgnored" : true
},
"replaceWith" : "$1"
},
"parameterExtraction" : {
"enabled" : false,
"name" : ""
},
"cookieExtraction" : {
"enabled" : false,
"name" : ""
}
},
"tokenVerification" : {
"signatureCheckEnforced" : true,
"expiryCheckEnabled" : false,
"expiryCheckSkew" : 10,
"extractTechnicalClientIdEnabled" : false,
"extractTechnicalClientIdName" : "",
"setAuditTokenFromSubjectEnabled" : false,
"claimRestrictions" : [ ],
"roleExtractions" : [ ]
}
},
"ipRules" : {
"ipAddressWhitelists" : {
"logOnly" : false,
"pathWhitelists" : [ ]
},
"ipAddressBlacklists" : {
"logOnly" : false,
"webrootThreatCategories" : ""
},
"dynamicIpAddressBlacklist" : {
"enabled" : false,
"countMode" : "OFF"
}
},
"botManagement" : {
"logOnly" : false,
"clientCookieSupportEnforced" : false,
"wellKnownBots" : {
"allowed" : false,
"sourceDomainEnforced" : false
},
"customBots" : {
"allowed" : false,
"sourceDomainEnforced" : false,
"userAgentPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
},
"domainPattern" : {
"pattern" : "",
"inverted" : false
}
}
},
"timeouts" : {
"backend" : 120,
"sessionIdle" : 0
},
"limits" : {
"general" : {
"maxRequestBodySize" : 1073741824,
"maxPathLength" : 1024
},
"http" : {
"maxParameters" : 128,
"maxParameterNameLength" : 128,
"maxParameterValueLength" : 1024
},
"json" : {
"enabled" : true,
"maxKeyLength" : 256,
"maxValueLength" : 8192,
"maxNestingDepth" : 100,
"maxArrayItems" : 500,
"maxKeys" : 250,
"maxTotalEntries" : 150000
},
"graphql" : {
"enabled" : false,
"maxQuerySize" : 1024,
"maxQueryNestingDepth" : 10,
"maxValueLength" : 256
}
},
"csrfProtection" : {
"enabled" : false,
"invalidTokenRedirectLocation" : "/%ENTRYPATH%",
"pathExceptions" : [ {
"pattern" : "",
"caseIgnored" : false
} ]
},
"application" : {
"sessionHandling" : "ENFORCE_SESSION",
"controlApiAllowed" : false,
"environmentCookiesEnabled" : false,
"encryptedCookies" : {
"enabled" : false,
"prefix" : ""
},
"passthroughCookies" : {
"enabled" : false,
"prefix" : ""
},
"loadBalancingCookieEnabled" : false,
"webSocketsAllowed" : false,
"redirectForErrorPageEnabled" : true,
"request" : {
"charset" : "UTF_8_FALLBACK_WINDOWS_1252",
"path" : {
"enforceUtf8" : false
},
"header" : {
"enforceUtf8" : false,
"allowlist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : false,
"pattern" : "^$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"denylist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : false,
"pattern" : "^$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
}
},
"parameter" : {
"enforceUtf8" : false
}
},
"response" : {
"compressionAllowed" : false,
"stripCommentsEnabled" : true,
"header" : {
"allowlist" : {
"defaultEnabled" : false,
"additional" : {
"enabled" : false,
"pattern" : "^$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"denylist" : {
"defaultEnabled" : true,
"additional" : {
"enabled" : false,
"pattern" : "^$",
"caseIgnored" : true,
"inverted" : false,
"multipleSingleLineRegex" : true
}
},
"location" : {
"rewrites" : [ ]
}
},
"json" : {
"rewrites" : [ ]
},
"body" : {
"rewrites" : [ ]
},
"html" : {
"rewrites" : [ ]
},
"errorPage" : {
"rewrites" : [ ]
}
}
},
"apiSecurity" : {
"treatPathSegmentsAsParamValues" : false,
"json" : {
"valuesChecked" : true,
"contentTypePattern" : {
"pattern" : "json",
"caseIgnored" : true,
"inverted" : false
},
"pathExceptions" : [ ]
},
"graphql" : {
"enabled" : false,
"logOnly" : false,
"mutationsAllowed" : true,
"introspectionAllowed" : true,
"valuesChecked" : true,
"schemaEnforced" : false
},
"openApi" : {
"enabled" : false,
"logOnly" : false,
"responseCheckEnforced" : false,
"pathMatching" : "ClientView",
"specificationPublished" : false,
"specificationPublishPath" : ""
},
"apiPolicy" : {
"enabled" : false,
"keyExtractionHeader" : {
"enabled" : true,
"extractionPattern" : {
"pattern" : "^Api-Key: (.*)$",
"caseIgnored" : false,
"inverted" : false
},
"replaceWith" : "$1"
},
"keyExtractionQueryParameter" : {
"enabled" : false,
"parameterName" : "api_key"
},
"keyExtractionCookie" : {
"enabled" : false,
"cookieName" : "ApiKey"
}
}
},
"dosAttackPrevention" : {
"enabled" : false,
"logOnly" : false,
"restrictions" : [ ]
},
"overloadPrevention" : {
"enabled" : false,
"logOnly" : false,
"restrictions" : [ ]
},
"requestBodyStreaming" : {
"enabled" : false,
"httpMethodPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
},
"pathPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
},
"contentTypePattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
}
},
"httpParameterPollutionDetection" : {
"mixedTypes" : {
"enabled" : true,
"logOnly" : false,
"parameterNameExceptionPattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
}
},
"sameType" : {
"enabled" : true
}
},
"expertSettings" : {
"securityGate" : {
"enabled" : false,
"settings" : ""
},
"apache" : {
"enabled" : false,
"settings" : ""
}
},
"locking" : {
"enabled" : false,
"labels" : false,
"access" : {
"deniedUrl" : {
"value" : false,
"mode" : false
},
"restrictions" : false,
"clientCertificateAuthentication" : false,
"authenticationFlow" : false,
"backendLogoutUrl" : false,
"backendLogoutHostHeader" : false,
"ntlmPassthroughEnabled" : false,
"credentialsPropagation" : {
"mandatory" : false,
"type" : false
},
"tokensEnabled" : false,
"tokenVerification" : {
"localJwksProviders" : true,
"remoteJwksProviders" : true,
"expiryCheckEnabled" : false,
"expiryCheckSkew" : false,
"claimRestrictions" : false,
"roleExtractions" : false,
"extractTechnicalClientIdEnabled" : false,
"extractTechnicalClientIdName" : false,
"setAuditTokenFromSubjectEnabled" : false
},
"tokenTransport" : {
"presenceMandatoryEnforced" : false,
"headerExtraction" : {
"enabled" : false,
"extractionPattern" : false,
"replaceWith" : false
},
"parameterExtraction" : {
"enabled" : false,
"name" : false
},
"cookieExtraction" : {
"enabled" : false,
"name" : false
}
}
},
"entryPath" : {
"settings" : true,
"enforceTrailingSlashes" : true,
"regexFormatEnforced" : true,
"priority" : false
},
"backendPath" : true,
"threatHandling" : false,
"operationalMode" : false,
"enableMaintenancePage" : false,
"ipRules" : {
"ipAddressWhitelists" : {
"logOnly" : false,
"pathIpAddressWhitelists" : false
},
"ipAddressBlacklists" : {
"logOnly" : false
},
"dynamicIpAddressBlacklist" : {
"enabled" : false,
"countMode" : false
}
},
"botManagement" : {
"logOnly" : false,
"clientCookieSupportEnforced" : false,
"wellKnownBots" : {
"allowed" : false,
"sourceDomainEnforced" : false
},
"customBots" : {
"allowed" : false,
"sourceDomainEnforced" : false,
"userAgentPattern" : false,
"domainPattern" : false
}
},
"timeouts" : {
"backend" : false,
"sessionIdle" : false
},
"limits" : {
"general" : {
"maxRequestBodySize" : true,
"maxPathLength" : true
},
"http" : {
"maxParameters" : false,
"maxParameterNameLength" : false,
"maxParameterValueLength" : false,
"maxParameterLengthException" : false
},
"json" : {
"enabled" : false,
"maxKeyLength" : false,
"maxValueLength" : false,
"maxLengthException" : false,
"maxNestingDepth" : false,
"maxArrayItems" : false,
"maxKeys" : false,
"maxTotalEntries" : false
},
"graphql" : {
"enabled" : false,
"maxQuerySize" : false,
"maxQueryNestingDepth" : false,
"maxValueLength" : false,
"maxLengthException" : false
}
},
"csrfProtection" : {
"enabled" : false,
"invalidTokenRedirectLocation" : false,
"pathExceptions" : false
},
"application" : {
"sessionHandling" : false,
"controlApiAllowed" : false,
"environmentCookiesEnabled" : false,
"encryptedCookies" : {
"enabled" : false,
"prefix" : false
},
"passthroughCookies" : {
"enabled" : false,
"prefix" : false
},
"loadBalancingCookieEnabled" : false,
"webSocketsAllowed" : false,
"redirectForErrorPageEnabled" : false,
"request" : {
"charset" : false,
"path" : {
"enforceUtf8" : false
},
"header" : {
"enforceUtf8" : false,
"allowlist" : {
"defaultEnabled" : true,
"additional" : false
},
"denylist" : {
"defaultEnabled" : false,
"additional" : false
}
},
"parameter" : {
"enforceUtf8" : false
}
},
"response" : {
"compressionAllowed" : false,
"stripCommentsEnabled" : false,
"header" : {
"allowlist" : {
"defaultEnabled" : false,
"additional" : false
},
"denylist" : {
"defaultEnabled" : false,
"additional" : false
},
"location" : {
"rewrites" : false
}
},
"json" : {
"rewrites" : false
},
"body" : {
"rewrites" : false
},
"html" : {
"rewrites" : false
},
"errorPage" : {
"rewrites" : false
}
}
},
"apiSecurity" : {
"treatPathSegmentsAsParamValues" : false,
"json" : {
"valuesChecked" : false,
"contentTypePattern" : false,
"pathExceptions" : false
},
"graphql" : {
"enabled" : false,
"logOnly" : false,
"mutationsAllowed" : false,
"introspectionAllowed" : false,
"valuesChecked" : false,
"schemaEnforced" : false
},
"openApi" : {
"enabled" : false,
"logOnly" : false,
"documentId" : false,
"responseCheckEnforced" : false,
"pathMatching" : false,
"specificationPublished" : false,
"specificationPublishPath" : false
},
"apiPolicy" : {
"enabled" : false,
"serviceId" : false,
"keyExtractionHeader" : {
"enabled" : false,
"extractionPattern" : false,
"replaceWith" : false
},
"keyExtractionQueryParameter" : {
"enabled" : false,
"parameterName" : false
},
"keyExtractionCookie" : {
"enabled" : false,
"cookieName" : false
}
}
},
"dosAttackPrevention" : {
"enabled" : false,
"logOnly" : false,
"ipAddressException" : false,
"restrictions" : false
},
"overloadPrevention" : {
"enabled" : false,
"logOnly" : false,
"ipAddressException" : false,
"restrictions" : false
},
"requestBodyStreaming" : {
"enabled" : false,
"httpMethodPattern" : false,
"pathPattern" : false,
"contentTypePattern" : false
},
"httpParameterPollutionDetection" : {
"mixedTypes" : {
"enabled" : false,
"logOnly" : false,
"parameterNameExceptionPattern" : false
},
"sameType" : {
"enabled" : false
}
},
"icap" : {
"request" : {
"clientViews" : false,
"backendViews" : false
},
"response" : {
"backendViews" : false,
"clientViews" : false
}
}
}
},
"relationships" : {
"back-end-groups" : {
"data" : [ {
"type" : "back-end-group",
"id" : "30"
} ]
},
"virtual-hosts" : {
"data" : [ {
"type" : "virtual-host",
"id" : "40"
} ]
},
"local-json-web-key-sets" : {
"data" : [ {
"type" : "local-json-web-key-set",
"id" : "46"
} ]
},
"remote-json-web-key-sets" : {
"data" : [ {
"type" : "remote-json-web-key-set",
"id" : "47"
} ]
}
}
} ]
}
Add Virtual Host Connections
PATCH /configuration/mappings/{id}/relationships/virtual-hosts
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "virtual-host" for this call. |
|
|
yes |
The ID of the referenced "virtual-host" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/virtual-hosts" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "virtual-host",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Virtual Host Connections
DELETE /configuration/mappings/{id}/relationships/virtual-hosts
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "virtual-host" for this call. |
|
|
yes |
The ID of the referenced "virtual-host" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/virtual-hosts" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "virtual-host",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Add Back-End Group Connections
PATCH /configuration/mappings/{id}/relationships/back-end-groups
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "back-end-group" for this call. |
|
|
yes |
The ID of the referenced "back-end-group" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/back-end-groups" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "back-end-group",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Back-End Group Connections
DELETE /configuration/mappings/{id}/relationships/back-end-groups
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "back-end-group" for this call. |
|
|
yes |
The ID of the referenced "back-end-group" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/back-end-groups" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "back-end-group",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Add OpenAPI Document Connection
PATCH /configuration/mappings/{id}/relationships/openapi-document
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "openapi-document" for this call. |
|
|
yes |
The ID of the referenced "openapi-document" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/openapi-document" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "openapi-document",
"id" : "2"
}
}'
Example Response
HTTP/1.1 204 No Content
Remove OpenAPI Document Connection
DELETE /configuration/mappings/{id}/relationships/openapi-document
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "openapi-document" for this call. |
|
|
yes |
The ID of the referenced "openapi-document" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/openapi-document" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "openapi-document",
"id" : "2"
}
}'
Example Response
HTTP/1.1 204 No Content
Add GraphQL Document Connection
PATCH /configuration/mappings/{id}/relationships/graphql-document
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "graphql-document" for this call. |
|
|
yes |
The ID of the referenced "graphql-document" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/graphql-document" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "graphql-document",
"id" : "3"
}
}'
Example Response
HTTP/1.1 204 No Content
Remove GraphQL Document Connection
DELETE /configuration/mappings/{id}/relationships/graphql-document
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "graphql-document" for this call. |
|
|
yes |
The ID of the referenced "graphql-document" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/graphql-document" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "graphql-document",
"id" : "3"
}
}'
Example Response
HTTP/1.1 204 No Content
Add Remote JWKS Connections
PATCH /configuration/mappings/{id}/relationships/json-web-key-sets/remotes
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "remote-json-web-key-set" for this call. |
|
|
yes |
The ID of the referenced "remote-json-web-key-set" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/json-web-key-sets/remotes" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "remote-json-web-key-set",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Remote JWKS Connections
DELETE /configuration/mappings/{id}/relationships/json-web-key-sets/remotes
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "remote-json-web-key-set" for this call. |
|
|
yes |
The ID of the referenced "remote-json-web-key-set" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/json-web-key-sets/remotes" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "remote-json-web-key-set",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Add Local JWKS Connections
PATCH /configuration/mappings/{id}/relationships/json-web-key-sets/locals
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "local-json-web-key-set" for this call. |
|
|
yes |
The ID of the referenced "local-json-web-key-set" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/json-web-key-sets/locals" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "local-json-web-key-set",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Local JWKS Connections
DELETE /configuration/mappings/{id}/relationships/json-web-key-sets/locals
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "local-json-web-key-set" for this call. |
|
|
yes |
The ID of the referenced "local-json-web-key-set" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/json-web-key-sets/locals" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "local-json-web-key-set",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Add IP Address Blacklist Connections
PATCH /configuration/mappings/{id}/relationships/ip-address-blacklists
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
yes |
The ID of the referenced "ip-address-list" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/ip-address-blacklists" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "ip-address-list",
"id" : "3"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove IP Address Blacklist Connections
DELETE /configuration/mappings/{id}/relationships/ip-address-blacklists
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
yes |
The ID of the referenced "ip-address-list" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/ip-address-blacklists" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "ip-address-list",
"id" : "3"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Add IP Address Blacklist Exception Connections
PATCH /configuration/mappings/{id}/relationships/ip-address-blacklist-exceptions
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
yes |
The ID of the referenced "ip-address-list" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/ip-address-blacklist-exceptions" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "ip-address-list",
"id" : "3"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove IP Address Blacklist Exception Connections
DELETE /configuration/mappings/{id}/relationships/ip-address-blacklist-exceptions
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
yes |
The ID of the referenced "ip-address-list" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/ip-address-blacklist-exceptions" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "ip-address-list",
"id" : "3"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Add Dos Attack Prevention Source IP Address Exception
PATCH /configuration/mappings/{id}/relationships/dos-attack-prevention-source-ip-address-exception
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
yes |
The ID of the referenced "ip-address-list" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/dos-attack-prevention-source-ip-address-exception" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "ip-address-list",
"id" : "3"
}
}'
Example Response
HTTP/1.1 204 No Content
Remove Dos Attack Prevention Source IP Address Exception
DELETE /configuration/mappings/{id}/relationships/dos-attack-prevention-source-ip-address-exception
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
yes |
The ID of the referenced "ip-address-list" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/dos-attack-prevention-source-ip-address-exception" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "ip-address-list",
"id" : "3"
}
}'
Example Response
HTTP/1.1 204 No Content
Add Overload Prevention Source IP Address Exception
PATCH /configuration/mappings/{id}/relationships/overload-prevention-source-ip-address-exception
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
yes |
The ID of the referenced "ip-address-list" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/overload-prevention-source-ip-address-exception" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "ip-address-list",
"id" : "3"
}
}'
Example Response
HTTP/1.1 204 No Content
Remove Overload Prevention Source IP Address Exception
DELETE /configuration/mappings/{id}/relationships/overload-prevention-source-ip-address-exception
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
yes |
The ID of the referenced "ip-address-list" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/overload-prevention-source-ip-address-exception" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "ip-address-list",
"id" : "3"
}
}'
Example Response
HTTP/1.1 204 No Content
Add Bot Management Source IP Address Whitelist
PATCH /configuration/mappings/{id}/relationships/bot-management-source-ip-address-whitelist
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
yes |
The ID of the referenced "ip-address-list" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/bot-management-source-ip-address-whitelist" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "ip-address-list",
"id" : "3"
}
}'
Example Response
HTTP/1.1 204 No Content
Remove Bot Management Source IP Address Whitelist
DELETE /configuration/mappings/{id}/relationships/bot-management-source-ip-address-whitelist
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
yes |
The ID of the referenced "ip-address-list" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/bot-management-source-ip-address-whitelist" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "ip-address-list",
"id" : "3"
}
}'
Example Response
HTTP/1.1 204 No Content
Add ICAP Service Request Client View
PATCH /configuration/mappings/{id}/relationships/icap-request-client-view
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "icap-request-client-view" for this call. |
|
|
yes |
The ID of the related entity. |
|
|
no |
The JSON API meta type, which is: "jsonapi.meta" |
|
|
no |
Whether this ICAP handler is enabled. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/icap-request-client-view" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "icap-request-client-view",
"id" : "3",
"meta" : {
"type" : "jsonapi.meta",
"usage" : {
"requestHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "Example",
"inverted" : "true"
},
"pathPattern" : {
"caseIgnored" : "true",
"pattern" : "^/example-path/?",
"inverted" : "true"
},
"requestHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "X-Header",
"inverted" : "true"
},
"enabled" : true,
"httpMethodPattern" : {
"caseIgnored" : "true",
"pattern" : "^GET$",
"inverted" : "true"
}
}
}
}
}'
Example Response
HTTP/1.1 204 No Content
Remove ICAP Service Request Client View
DELETE /configuration/mappings/{id}/relationships/icap-request-client-view
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "icap-request-client-view" for this call. |
|
|
yes |
The ID of the related entity. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/icap-request-client-view" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "icap-request-client-view",
"id" : "3"
}
}'
Example Response
HTTP/1.1 204 No Content
Add ICAP Service Request Back-End View
PATCH /configuration/mappings/{id}/relationships/icap-request-backend-view
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "icap-request-backend-view" for this call. |
|
|
yes |
The ID of the related entity. |
|
|
no |
The JSON API meta type, which is: "jsonapi.meta" |
|
|
no |
Whether this ICAP handler is enabled. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/icap-request-backend-view" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "icap-request-backend-view",
"id" : "3",
"meta" : {
"type" : "jsonapi.meta",
"usage" : {
"requestHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "Example",
"inverted" : "true"
},
"pathPattern" : {
"caseIgnored" : "true",
"pattern" : "^/example-path/?",
"inverted" : "true"
},
"requestHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "X-Header",
"inverted" : "true"
},
"enabled" : true,
"httpMethodPattern" : {
"caseIgnored" : "true",
"pattern" : "^GET$",
"inverted" : "true"
}
}
}
}
}'
Example Response
HTTP/1.1 204 No Content
Remove ICAP Service Request Back-End View
DELETE /configuration/mappings/{id}/relationships/icap-request-backend-view
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "icap-request-backend-view" for this call. |
|
|
yes |
The ID of the related entity. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/icap-request-backend-view" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "icap-request-backend-view",
"id" : "3"
}
}'
Example Response
HTTP/1.1 204 No Content
Add ICAP Service Response Back-End View
PATCH /configuration/mappings/{id}/relationships/icap-response-backend-view
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "icap-reponse-backend-view" for this call. |
|
|
yes |
The ID of the related entity. |
|
|
no |
The JSON API meta type, which is: "jsonapi.meta" |
|
|
no |
Whether this ICAP handler is enabled. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/icap-response-backend-view" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "icap-reponse-backend-view",
"id" : "3",
"meta" : {
"type" : "jsonapi.meta",
"usage" : {
"responseHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "COOKIE_EXAMPLE",
"inverted" : "true"
},
"responseHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "Set-Cookie",
"inverted" : "true"
},
"requestHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "Example",
"inverted" : "true"
},
"pathPattern" : {
"caseIgnored" : "true",
"pattern" : "^/example-path/?",
"inverted" : "true"
},
"requestHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "X-Header",
"inverted" : "true"
},
"enabled" : true,
"httpMethodPattern" : {
"caseIgnored" : "true",
"pattern" : "^GET$",
"inverted" : "true"
}
}
}
}
}'
Example Response
HTTP/1.1 204 No Content
Remove ICAP Service Response Back-End View
DELETE /configuration/mappings/{id}/relationships/icap-response-backend-view
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "icap-reponse-backend-view" for this call. |
|
|
yes |
The ID of the related entity. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/icap-response-backend-view" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "icap-reponse-backend-view",
"id" : "3"
}
}'
Example Response
HTTP/1.1 204 No Content
Add ICAP Service Response Client View
PATCH /configuration/mappings/{id}/relationships/icap-request-client-view
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "icap-response-client-view" for this call. |
|
|
yes |
The ID of the related entity. |
|
|
no |
The JSON API meta type, which is: "jsonapi.meta" |
|
|
no |
Whether this ICAP handler is enabled. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/icap-request-client-view" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "icap-response-client-view",
"id" : "3",
"meta" : {
"type" : "jsonapi.meta",
"usage" : {
"responseHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "COOKIE_EXAMPLE",
"inverted" : "true"
},
"responseHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "Set-Cookie",
"inverted" : "true"
},
"requestHeaderValuePattern" : {
"caseIgnored" : "true",
"pattern" : "Example",
"inverted" : "true"
},
"pathPattern" : {
"caseIgnored" : "true",
"pattern" : "^/example-path/?",
"inverted" : "true"
},
"requestHeaderNamePattern" : {
"caseIgnored" : "true",
"pattern" : "X-Header",
"inverted" : "true"
},
"enabled" : true,
"httpMethodPattern" : {
"caseIgnored" : "true",
"pattern" : "^GET$",
"inverted" : "true"
}
}
}
}
}'
Example Response
HTTP/1.1 204 No Content
Remove ICAP Service Response Client View
DELETE /configuration/mappings/{id}/relationships/icap-response-client-view
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "icap-response-client-view" for this call. |
|
|
yes |
The ID of the related entity. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/icap-response-client-view" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "icap-response-client-view",
"id" : "3"
}
}'
Example Response
HTTP/1.1 204 No Content
Add Source Mapping Connection
PATCH /configuration/mappings/{id}/relationships/template
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "mapping-template" or "mapping" for this call. |
|
|
yes |
The ID of the referenced "mapping-template" or "mapping" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/template" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "mapping-template",
"id" : "/weO3jCCp0b7tVQflvDzc5H6wgM6V6ou+uOL3yStsl8="
}
}'
Example Response
HTTP/1.1 204 No Content
Remove Source Mapping Connection
DELETE /configuration/mappings/{id}/relationships/template
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "mapping-template" or "mapping" for this call. |
|
|
yes |
The ID of the referenced "mapping-template" or "mapping" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/template" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "mapping-template",
"id" : "/weO3jCCp0b7tVQflvDzc5H6wgM6V6ou+uOL3yStsl8="
}
}'
Example Response
HTTP/1.1 204 No Content
Add API Policy Service Connection
PATCH /configuration/mappings/{id}/relationships/api-policy-service
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "api-policy-service" for this call. |
|
|
yes |
The ID of the referenced "api-policy-service" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/api-policy-service" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "api-policy-service",
"id" : "3"
}
}'
Example Response
HTTP/1.1 204 No Content
Remove API Policy Service Connection
DELETE /configuration/mappings/{id}/relationships/api-policy-service
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "api-policy-service" for this call. |
|
|
yes |
The ID of the referenced "api-policy-service" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/api-policy-service" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "api-policy-service",
"id" : "3"
}
}'
Example Response
HTTP/1.1 204 No Content
Add Anomaly Shield Application Connection
PATCH /configuration/mappings/{id}/relationships/anomaly-shield-application
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "anomaly-shield-application" for this call. |
|
|
yes |
The ID of the referenced "anomaly-shield-application" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/anomaly-shield-application" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "anomaly-shield-application",
"id" : "2"
}
}'
Example Response
HTTP/1.1 204 No Content
Remove Anomaly Shield Application Connection
DELETE /configuration/mappings/{id}/relationships/anomaly-shield-application
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "anomaly-shield-application" for this call. |
|
|
yes |
The ID of the referenced "anomaly-shield-application" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/mappings/1/relationships/anomaly-shield-application" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "anomaly-shield-application",
"id" : "2"
}
}'
Example Response
HTTP/1.1 204 No Content
Back-end Group
Access all Back-End Groups
GET /configuration/back-end-groups
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
Optionally allows to filter by: 'name' and 'backendHosts.hostName'. Click here for more details about the syntax. |
no |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "back-end-group" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
List of back-end hosts to use for load balancing. |
|
|
Hostname of the back-end host. |
|
|
The mode a back-end host can be in. Allowed values: |
|
|
Back-end port. Configuring a port is optional if the default ports for HTTP (80) or HTTPS (443) are used. |
|
|
Protocol used to connect to the back-end application. Allowed values: |
|
|
Whether the host is spare. |
|
|
The weight determines the relative amount of new sessions assigned to a specific back-end host. |
|
|
Configuration of conditions for mappings with multiple back-end groups. |
|
|
Client host header to use as condition. |
|
|
The actual pattern. |
|
|
The priority guarantees a deterministic selection of the back-end group for a request with a given client host header through a mapping that is connected to multiple back-end groups. |
|
|
Expert settings for the Security Gate. |
|
|
Whether the Security Gate expert settings are enabled. |
|
|
Expert settings for the Security Gate. |
|
|
In-band health checks. |
|
|
Whether to analyze the response content to detect a back-end failure. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether in-band checks are enabled. |
|
|
Number of bytes that must be available before the response body is inspected. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
The unique name of the back-end group. |
|
|
Out-of-band health checks. |
|
|
Interval in seconds between individual calls to the check URL in case of a bad back-end. |
|
|
Number of subsequent successful requests after which the back-end will be marked as "good". |
|
|
Interval in seconds between individual calls to the check URL in case of a good back-end. |
|
|
Number of subsequent failed requests after which the back-end will be marked as "bad". |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether out-of-band checks are enabled. |
|
|
Host header to send to the back-end. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Time-out in seconds which will only apply to out-of-band calls to the check URL. |
|
|
Address of the test page. |
|
|
Tenant of the back-end group. |
|
|
Configuration of the TLS connections to back-ends hosts. |
|
|
Back-end SSL cipher list. For documentation, visit www.openssl.org and search for 'ciphers'. |
|
|
Whether back-end SSL sessions shall be resumed or not. |
|
|
Back-end SSL protocol version. Allowed values: |
|
|
List of Certificate Authorities which are used to verify the server certificate of the back-end hosts. |
|
|
Indicates if the server certificate will be verified. |
|
|
Whether the server name is verified against the common name (CN) of the server certificate. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The kerberos-environment references. |
|
|
The data type of the referenced resource. Must be "kerberos-environment" for this call. |
|
|
The ID of the kerberos-environment resource. |
|
|
The ssl-certificate references. |
|
|
The data type of the referenced resource. Must be "ssl-certificate" for this call. |
|
|
The ID of the ssl-certificate resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/back-end-groups?filter=name%3D%3Dmybackendgroup" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2390
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:13.480Z"
},
"data" : [ {
"type" : "back-end-group",
"id" : "1",
"attributes" : {
"name" : "mybackendgroup",
"tenant" : "",
"backendHosts" : [ {
"protocol" : "HTTP",
"hostName" : "backendhost.example.com",
"port" : 80,
"mode" : "ENABLED",
"spare" : false,
"weight" : 100
}, {
"protocol" : "HTTPS",
"hostName" : "backendhost.airlock.com",
"port" : 443,
"mode" : "ENABLED",
"spare" : false,
"weight" : 100
} ],
"conditions" : {
"priority" : 0,
"clientHostHeaderPattern" : {
"pattern" : "^myvirtualhost[.](airlock|example)[.]com$"
}
},
"inBandChecks" : {
"enabled" : false,
"statusPattern" : {
"enabled" : true,
"pattern" : "^503$",
"inverted" : false
},
"checkResponseContentEnabled" : false,
"contentTypePattern" : {
"pattern" : "^(text|application)/(html|xhtml)",
"inverted" : false
},
"maxContentSize" : 512,
"contentPattern" : {
"pattern" : "Service Unavailable",
"caseIgnored" : true,
"inverted" : false
}
},
"outOfBandChecks" : {
"enabled" : false,
"hostHeader" : "",
"url" : "/",
"checksWhenGood" : {
"interval" : 5,
"switchAfter" : 3
},
"checksWhenBad" : {
"interval" : 3,
"switchAfter" : 3
},
"timeout" : 2,
"statusPattern" : {
"enabled" : true,
"pattern" : "^503$",
"inverted" : false
},
"contentPattern" : {
"enabled" : false,
"pattern" : "Service Unavailable",
"caseIgnored" : true,
"inverted" : false
}
},
"tls" : {
"protocol" : "DEFAULT",
"cipherSuite" : "DEFAULT",
"forceNewSession" : false,
"serverCertificateValidation" : {
"enabled" : true,
"verifyHost" : true,
"caCertificates" : [ ]
}
},
"expertSettings" : {
"securityGate" : {
"enabled" : false,
"settings" : ""
}
}
}
} ]
}
Access a Back-End Group
GET /configuration/back-end-groups/{id}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "back-end-group" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
List of back-end hosts to use for load balancing. |
|
|
Hostname of the back-end host. |
|
|
The mode a back-end host can be in. Allowed values: |
|
|
Back-end port. Configuring a port is optional if the default ports for HTTP (80) or HTTPS (443) are used. |
|
|
Protocol used to connect to the back-end application. Allowed values: |
|
|
Whether the host is spare. |
|
|
The weight determines the relative amount of new sessions assigned to a specific back-end host. |
|
|
Configuration of conditions for mappings with multiple back-end groups. |
|
|
Client host header to use as condition. |
|
|
The actual pattern. |
|
|
The priority guarantees a deterministic selection of the back-end group for a request with a given client host header through a mapping that is connected to multiple back-end groups. |
|
|
Expert settings for the Security Gate. |
|
|
Whether the Security Gate expert settings are enabled. |
|
|
Expert settings for the Security Gate. |
|
|
In-band health checks. |
|
|
Whether to analyze the response content to detect a back-end failure. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether in-band checks are enabled. |
|
|
Number of bytes that must be available before the response body is inspected. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
The unique name of the back-end group. |
|
|
Out-of-band health checks. |
|
|
Interval in seconds between individual calls to the check URL in case of a bad back-end. |
|
|
Number of subsequent successful requests after which the back-end will be marked as "good". |
|
|
Interval in seconds between individual calls to the check URL in case of a good back-end. |
|
|
Number of subsequent failed requests after which the back-end will be marked as "bad". |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether out-of-band checks are enabled. |
|
|
Host header to send to the back-end. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Time-out in seconds which will only apply to out-of-band calls to the check URL. |
|
|
Address of the test page. |
|
|
Tenant of the back-end group. |
|
|
Configuration of the TLS connections to back-ends hosts. |
|
|
Back-end SSL cipher list. For documentation, visit www.openssl.org and search for 'ciphers'. |
|
|
Whether back-end SSL sessions shall be resumed or not. |
|
|
Back-end SSL protocol version. Allowed values: |
|
|
List of Certificate Authorities which are used to verify the server certificate of the back-end hosts. |
|
|
Indicates if the server certificate will be verified. |
|
|
Whether the server name is verified against the common name (CN) of the server certificate. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The kerberos-environment references. |
|
|
The data type of the referenced resource. Must be "kerberos-environment" for this call. |
|
|
The ID of the kerberos-environment resource. |
|
|
The ssl-certificate references. |
|
|
The data type of the referenced resource. Must be "ssl-certificate" for this call. |
|
|
The ID of the ssl-certificate resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/back-end-groups/1" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2386
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:12.872Z"
},
"data" : {
"type" : "back-end-group",
"id" : "1",
"attributes" : {
"name" : "mybackendgroup",
"tenant" : "",
"backendHosts" : [ {
"protocol" : "HTTP",
"hostName" : "backendhost.example.com",
"port" : 80,
"mode" : "ENABLED",
"spare" : false,
"weight" : 100
}, {
"protocol" : "HTTPS",
"hostName" : "backendhost.airlock.com",
"port" : 443,
"mode" : "ENABLED",
"spare" : false,
"weight" : 100
} ],
"conditions" : {
"priority" : 0,
"clientHostHeaderPattern" : {
"pattern" : "^myvirtualhost[.](airlock|example)[.]com$"
}
},
"inBandChecks" : {
"enabled" : false,
"statusPattern" : {
"enabled" : true,
"pattern" : "^503$",
"inverted" : false
},
"checkResponseContentEnabled" : false,
"contentTypePattern" : {
"pattern" : "^(text|application)/(html|xhtml)",
"inverted" : false
},
"maxContentSize" : 512,
"contentPattern" : {
"pattern" : "Service Unavailable",
"caseIgnored" : true,
"inverted" : false
}
},
"outOfBandChecks" : {
"enabled" : false,
"hostHeader" : "",
"url" : "/",
"checksWhenGood" : {
"interval" : 5,
"switchAfter" : 3
},
"checksWhenBad" : {
"interval" : 3,
"switchAfter" : 3
},
"timeout" : 2,
"statusPattern" : {
"enabled" : true,
"pattern" : "^503$",
"inverted" : false
},
"contentPattern" : {
"enabled" : false,
"pattern" : "Service Unavailable",
"caseIgnored" : true,
"inverted" : false
}
},
"tls" : {
"protocol" : "DEFAULT",
"cipherSuite" : "DEFAULT",
"forceNewSession" : false,
"serverCertificateValidation" : {
"enabled" : true,
"verifyHost" : true,
"caCertificates" : [ ]
}
},
"expertSettings" : {
"securityGate" : {
"enabled" : false,
"settings" : ""
}
}
}
}
}
Create a Back-End Group
POST /configuration/back-end-groups
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "back-end-group" for this call. |
|
|
yes |
List of back-end hosts to use for load balancing. |
|
|
yes |
Hostname of the back-end host. |
|
|
yes |
The mode a back-end host can be in. Allowed values: |
|
|
yes |
Back-end port. Configuring a port is optional if the default ports for HTTP (80) or HTTPS (443) are used. |
|
|
yes |
Protocol used to connect to the back-end application. Allowed values: |
|
|
yes |
Whether the host is spare. |
|
|
yes |
The weight determines the relative amount of new sessions assigned to a specific back-end host. |
|
|
yes |
Configuration of conditions for mappings with multiple back-end groups. |
|
|
yes |
Client host header to use as condition. |
|
|
yes |
The actual pattern. |
|
|
yes |
The priority guarantees a deterministic selection of the back-end group for a request with a given client host header through a mapping that is connected to multiple back-end groups. |
|
|
yes |
Expert settings for the Security Gate. |
|
|
yes |
Whether the Security Gate expert settings are enabled. |
|
|
yes |
Expert settings for the Security Gate. |
|
|
yes |
In-band health checks. |
|
|
yes |
Whether to analyze the response content to detect a back-end failure. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
The actual pattern. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
The actual pattern. |
|
|
yes |
Whether in-band checks are enabled. |
|
|
yes |
Number of bytes that must be available before the response body is inspected. |
|
|
yes |
Whether the pattern is enabled. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
The actual pattern. |
|
|
yes |
The unique name of the back-end group. |
|
|
yes |
Out-of-band health checks. |
|
|
yes |
Interval in seconds between individual calls to the check URL in case of a bad back-end. |
|
|
yes |
Number of subsequent successful requests after which the back-end will be marked as "good". |
|
|
yes |
Interval in seconds between individual calls to the check URL in case of a good back-end. |
|
|
yes |
Number of subsequent failed requests after which the back-end will be marked as "bad". |
|
|
yes |
Whether to ignore case. |
|
|
yes |
Whether the pattern is enabled. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
The actual pattern. |
|
|
yes |
Whether out-of-band checks are enabled. |
|
|
yes |
Host header to send to the back-end. |
|
|
yes |
Whether the pattern is enabled. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
The actual pattern. |
|
|
yes |
Time-out in seconds which will only apply to out-of-band calls to the check URL. |
|
|
yes |
Address of the test page. |
|
|
yes |
Tenant of the back-end group. |
|
|
yes |
Configuration of the TLS connections to back-ends hosts. |
|
|
no |
Back-end SSL cipher list. For documentation, visit www.openssl.org and search for 'ciphers'. Default value: |
|
|
no |
Whether back-end SSL sessions shall be resumed or not. Default value: |
|
|
no |
Back-end SSL protocol version. Allowed values: |
|
|
yes |
List of Certificate Authorities which are used to verify the server certificate of the back-end hosts. |
|
|
no |
Indicates if the server certificate will be verified. Default value: |
|
|
no |
Whether the server name is verified against the common name (CN) of the server certificate. Default value: |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "back-end-group" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
List of back-end hosts to use for load balancing. |
|
|
Hostname of the back-end host. |
|
|
The mode a back-end host can be in. Allowed values: |
|
|
Back-end port. Configuring a port is optional if the default ports for HTTP (80) or HTTPS (443) are used. |
|
|
Protocol used to connect to the back-end application. Allowed values: |
|
|
Whether the host is spare. |
|
|
The weight determines the relative amount of new sessions assigned to a specific back-end host. |
|
|
Configuration of conditions for mappings with multiple back-end groups. |
|
|
Client host header to use as condition. |
|
|
The actual pattern. |
|
|
The priority guarantees a deterministic selection of the back-end group for a request with a given client host header through a mapping that is connected to multiple back-end groups. |
|
|
Expert settings for the Security Gate. |
|
|
Whether the Security Gate expert settings are enabled. |
|
|
Expert settings for the Security Gate. |
|
|
In-band health checks. |
|
|
Whether to analyze the response content to detect a back-end failure. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether in-band checks are enabled. |
|
|
Number of bytes that must be available before the response body is inspected. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
The unique name of the back-end group. |
|
|
Out-of-band health checks. |
|
|
Interval in seconds between individual calls to the check URL in case of a bad back-end. |
|
|
Number of subsequent successful requests after which the back-end will be marked as "good". |
|
|
Interval in seconds between individual calls to the check URL in case of a good back-end. |
|
|
Number of subsequent failed requests after which the back-end will be marked as "bad". |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether out-of-band checks are enabled. |
|
|
Host header to send to the back-end. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Time-out in seconds which will only apply to out-of-band calls to the check URL. |
|
|
Address of the test page. |
|
|
Tenant of the back-end group. |
|
|
Configuration of the TLS connections to back-ends hosts. |
|
|
Back-end SSL cipher list. For documentation, visit www.openssl.org and search for 'ciphers'. |
|
|
Whether back-end SSL sessions shall be resumed or not. |
|
|
Back-end SSL protocol version. Allowed values: |
|
|
List of Certificate Authorities which are used to verify the server certificate of the back-end hosts. |
|
|
Indicates if the server certificate will be verified. |
|
|
Whether the server name is verified against the common name (CN) of the server certificate. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The kerberos-environment references. |
|
|
The data type of the referenced resource. Must be "kerberos-environment" for this call. |
|
|
The ID of the kerberos-environment resource. |
|
|
The ssl-certificate references. |
|
|
The data type of the referenced resource. Must be "ssl-certificate" for this call. |
|
|
The ID of the ssl-certificate resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/back-end-groups" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "back-end-group",
"attributes" : {
"name" : "mybackendgroup",
"tenant" : "AirlockBankingCo",
"backendHosts" : [ {
"protocol" : "HTTP",
"hostName" : "example.com",
"port" : 80,
"mode" : "ENABLED",
"spare" : false,
"weight" : 200
} ],
"conditions" : {
"priority" : 100,
"clientHostHeaderPattern" : {
"pattern" : "^myvirtualhost[.](airlock|example)[.]com$"
}
},
"inBandChecks" : {
"enabled" : true,
"statusPattern" : {
"enabled" : true,
"pattern" : ".*",
"inverted" : false
},
"checkResponseContentEnabled" : true,
"contentTypePattern" : {
"pattern" : ".*",
"inverted" : false
},
"maxContentSize" : 100,
"contentPattern" : {
"pattern" : ".*",
"caseIgnored" : false,
"inverted" : false
}
},
"outOfBandChecks" : {
"enabled" : true,
"hostHeader" : "%BACKENDHOST%",
"url" : "http://example.com/state",
"checksWhenGood" : {
"interval" : 10,
"switchAfter" : 20
},
"checksWhenBad" : {
"interval" : 10,
"switchAfter" : 20
},
"timeout" : 200,
"statusPattern" : {
"enabled" : true,
"pattern" : ".*",
"inverted" : false
},
"contentPattern" : {
"enabled" : true,
"pattern" : ".*",
"caseIgnored" : false,
"inverted" : false
}
},
"tls" : {
"protocol" : "TLSv1_3",
"cipherSuite" : "myCipher",
"forceNewSession" : true,
"serverCertificateValidation" : {
"enabled" : true,
"verifyHost" : true,
"caCertificates" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n" ]
}
},
"expertSettings" : {
"securityGate" : {
"enabled" : false,
"settings" : ""
}
}
}
}
}'
Example Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 4882
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:13.414Z"
},
"data" : {
"type" : "back-end-group",
"id" : "3",
"attributes" : {
"name" : "mybackendgroup",
"tenant" : "AirlockBankingCo",
"backendHosts" : [ {
"protocol" : "HTTP",
"hostName" : "example.com",
"port" : 80,
"mode" : "ENABLED",
"spare" : false,
"weight" : 200
} ],
"conditions" : {
"priority" : 100,
"clientHostHeaderPattern" : {
"pattern" : "^myvirtualhost[.](airlock|example)[.]com$"
}
},
"inBandChecks" : {
"enabled" : true,
"statusPattern" : {
"enabled" : true,
"pattern" : ".*",
"inverted" : false
},
"checkResponseContentEnabled" : true,
"contentTypePattern" : {
"pattern" : ".*",
"inverted" : false
},
"maxContentSize" : 100,
"contentPattern" : {
"pattern" : ".*",
"caseIgnored" : false,
"inverted" : false
}
},
"outOfBandChecks" : {
"enabled" : true,
"hostHeader" : "%BACKENDHOST%",
"url" : "http://example.com/state",
"checksWhenGood" : {
"interval" : 10,
"switchAfter" : 20
},
"checksWhenBad" : {
"interval" : 10,
"switchAfter" : 20
},
"timeout" : 200,
"statusPattern" : {
"enabled" : true,
"pattern" : ".*",
"inverted" : false
},
"contentPattern" : {
"enabled" : true,
"pattern" : ".*",
"caseIgnored" : false,
"inverted" : false
}
},
"tls" : {
"protocol" : "TLSv1_3",
"cipherSuite" : "myCipher",
"forceNewSession" : true,
"serverCertificateValidation" : {
"enabled" : true,
"verifyHost" : true,
"caCertificates" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n" ]
}
},
"expertSettings" : {
"securityGate" : {
"enabled" : false,
"settings" : ""
}
}
}
}
}
Update a Back-End Group
PATCH /configuration/back-end-groups/{id}
Content-Type application/json
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "back-end-group" for this call. |
|
|
yes |
The ID of the resource to be addressed. |
|
|
no |
List of back-end hosts to use for load balancing. |
|
|
no |
Hostname of the back-end host. |
|
|
no |
The mode a back-end host can be in. Allowed values: |
|
|
no |
Back-end port. Configuring a port is optional if the default ports for HTTP (80) or HTTPS (443) are used. |
|
|
no |
Protocol used to connect to the back-end application. Allowed values: |
|
|
no |
Whether the host is spare. |
|
|
no |
The weight determines the relative amount of new sessions assigned to a specific back-end host. |
|
|
no |
Configuration of conditions for mappings with multiple back-end groups. |
|
|
no |
Client host header to use as condition. |
|
|
no |
The actual pattern. |
|
|
no |
The priority guarantees a deterministic selection of the back-end group for a request with a given client host header through a mapping that is connected to multiple back-end groups. |
|
|
no |
Expert settings for the Security Gate. |
|
|
no |
Whether the Security Gate expert settings are enabled. |
|
|
no |
Expert settings for the Security Gate. |
|
|
no |
In-band health checks. |
|
|
no |
Whether to analyze the response content to detect a back-end failure. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Whether in-band checks are enabled. |
|
|
no |
Number of bytes that must be available before the response body is inspected. |
|
|
no |
Whether the pattern is enabled. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
The unique name of the back-end group. |
|
|
no |
Out-of-band health checks. |
|
|
no |
Interval in seconds between individual calls to the check URL in case of a bad back-end. |
|
|
no |
Number of subsequent successful requests after which the back-end will be marked as "good". |
|
|
no |
Interval in seconds between individual calls to the check URL in case of a good back-end. |
|
|
no |
Number of subsequent failed requests after which the back-end will be marked as "bad". |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether the pattern is enabled. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Whether out-of-band checks are enabled. |
|
|
no |
Host header to send to the back-end. |
|
|
no |
Whether the pattern is enabled. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Time-out in seconds which will only apply to out-of-band calls to the check URL. |
|
|
no |
Address of the test page. |
|
|
no |
Tenant of the back-end group. |
|
|
no |
Configuration of the TLS connections to back-ends hosts. |
|
|
no |
Back-end SSL cipher list. For documentation, visit www.openssl.org and search for 'ciphers'. |
|
|
no |
Whether back-end SSL sessions shall be resumed or not. |
|
|
no |
Back-end SSL protocol version. Allowed values: |
|
|
no |
List of Certificate Authorities which are used to verify the server certificate of the back-end hosts. |
|
|
no |
Indicates if the server certificate will be verified. |
|
|
no |
Whether the server name is verified against the common name (CN) of the server certificate. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "back-end-group" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
List of back-end hosts to use for load balancing. |
|
|
Hostname of the back-end host. |
|
|
The mode a back-end host can be in. Allowed values: |
|
|
Back-end port. Configuring a port is optional if the default ports for HTTP (80) or HTTPS (443) are used. |
|
|
Protocol used to connect to the back-end application. Allowed values: |
|
|
Whether the host is spare. |
|
|
The weight determines the relative amount of new sessions assigned to a specific back-end host. |
|
|
Configuration of conditions for mappings with multiple back-end groups. |
|
|
Client host header to use as condition. |
|
|
The actual pattern. |
|
|
The priority guarantees a deterministic selection of the back-end group for a request with a given client host header through a mapping that is connected to multiple back-end groups. |
|
|
Expert settings for the Security Gate. |
|
|
Whether the Security Gate expert settings are enabled. |
|
|
Expert settings for the Security Gate. |
|
|
In-band health checks. |
|
|
Whether to analyze the response content to detect a back-end failure. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether in-band checks are enabled. |
|
|
Number of bytes that must be available before the response body is inspected. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
The unique name of the back-end group. |
|
|
Out-of-band health checks. |
|
|
Interval in seconds between individual calls to the check URL in case of a bad back-end. |
|
|
Number of subsequent successful requests after which the back-end will be marked as "good". |
|
|
Interval in seconds between individual calls to the check URL in case of a good back-end. |
|
|
Number of subsequent failed requests after which the back-end will be marked as "bad". |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether out-of-band checks are enabled. |
|
|
Host header to send to the back-end. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Time-out in seconds which will only apply to out-of-band calls to the check URL. |
|
|
Address of the test page. |
|
|
Tenant of the back-end group. |
|
|
Configuration of the TLS connections to back-ends hosts. |
|
|
Back-end SSL cipher list. For documentation, visit www.openssl.org and search for 'ciphers'. |
|
|
Whether back-end SSL sessions shall be resumed or not. |
|
|
Back-end SSL protocol version. Allowed values: |
|
|
List of Certificate Authorities which are used to verify the server certificate of the back-end hosts. |
|
|
Indicates if the server certificate will be verified. |
|
|
Whether the server name is verified against the common name (CN) of the server certificate. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The kerberos-environment references. |
|
|
The data type of the referenced resource. Must be "kerberos-environment" for this call. |
|
|
The ID of the kerberos-environment resource. |
|
|
The ssl-certificate references. |
|
|
The data type of the referenced resource. Must be "ssl-certificate" for this call. |
|
|
The ID of the ssl-certificate resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/back-end-groups/1" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "back-end-group",
"id" : "1",
"attributes" : {
"name" : "mybackendgroup",
"tenant" : "AirlockBankingCo",
"backendHosts" : [ {
"protocol" : "HTTP",
"hostName" : "example.com",
"port" : 80,
"mode" : "ENABLED",
"spare" : false,
"weight" : 200
} ],
"conditions" : {
"priority" : 100,
"clientHostHeaderPattern" : {
"pattern" : "^myvirtualhost[.](airlock|example)[.]com$"
}
},
"inBandChecks" : {
"enabled" : true,
"statusPattern" : {
"enabled" : true,
"pattern" : ".*",
"inverted" : false
},
"checkResponseContentEnabled" : true,
"contentTypePattern" : {
"pattern" : ".*",
"inverted" : false
},
"maxContentSize" : 100,
"contentPattern" : {
"pattern" : ".*",
"caseIgnored" : false,
"inverted" : false
}
},
"outOfBandChecks" : {
"enabled" : true,
"hostHeader" : "%BACKENDHOST%",
"url" : "http://example.com/state",
"checksWhenGood" : {
"interval" : 10,
"switchAfter" : 20
},
"checksWhenBad" : {
"interval" : 10,
"switchAfter" : 20
},
"timeout" : 200,
"statusPattern" : {
"enabled" : true,
"pattern" : ".*",
"inverted" : false
},
"contentPattern" : {
"enabled" : true,
"pattern" : ".*",
"caseIgnored" : false,
"inverted" : false
}
},
"tls" : {
"protocol" : "TLSv1_3",
"cipherSuite" : "myCipher",
"forceNewSession" : true,
"serverCertificateValidation" : {
"enabled" : true,
"verifyHost" : true,
"caCertificates" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n" ]
}
},
"expertSettings" : {
"securityGate" : {
"enabled" : false,
"settings" : ""
}
}
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 4882
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:13.713Z"
},
"data" : {
"type" : "back-end-group",
"id" : "1",
"attributes" : {
"name" : "mybackendgroup",
"tenant" : "AirlockBankingCo",
"backendHosts" : [ {
"protocol" : "HTTP",
"hostName" : "example.com",
"port" : 80,
"mode" : "ENABLED",
"spare" : false,
"weight" : 200
} ],
"conditions" : {
"priority" : 100,
"clientHostHeaderPattern" : {
"pattern" : "^myvirtualhost[.](airlock|example)[.]com$"
}
},
"inBandChecks" : {
"enabled" : true,
"statusPattern" : {
"enabled" : true,
"pattern" : ".*",
"inverted" : false
},
"checkResponseContentEnabled" : true,
"contentTypePattern" : {
"pattern" : ".*",
"inverted" : false
},
"maxContentSize" : 100,
"contentPattern" : {
"pattern" : ".*",
"caseIgnored" : false,
"inverted" : false
}
},
"outOfBandChecks" : {
"enabled" : true,
"hostHeader" : "%BACKENDHOST%",
"url" : "http://example.com/state",
"checksWhenGood" : {
"interval" : 10,
"switchAfter" : 20
},
"checksWhenBad" : {
"interval" : 10,
"switchAfter" : 20
},
"timeout" : 200,
"statusPattern" : {
"enabled" : true,
"pattern" : ".*",
"inverted" : false
},
"contentPattern" : {
"enabled" : true,
"pattern" : ".*",
"caseIgnored" : false,
"inverted" : false
}
},
"tls" : {
"protocol" : "TLSv1_3",
"cipherSuite" : "myCipher",
"forceNewSession" : true,
"serverCertificateValidation" : {
"enabled" : true,
"verifyHost" : true,
"caCertificates" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n" ]
}
},
"expertSettings" : {
"securityGate" : {
"enabled" : false,
"settings" : ""
}
}
}
}
}
Delete a Back-End Group
DELETE /configuration/back-end-groups/{id}
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/back-end-groups/1" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Change mode of a Back-End Host
POST /configuration/back-end-groups/{id}/host-mode
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "back-end-host-mode-change" for this call. |
|
|
yes |
Hostname of the back-end. |
|
|
yes |
New mode for the back-end host to set. Allowed values: |
|
|
yes |
Port on which the back-end host is listening. If omitted, the default ports for HTTP (80) and HTTPS (443) are used. |
|
|
yes |
Protocol used by the back-end host. Allowed values: |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "back-end-group" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
List of back-end hosts to use for load balancing. |
|
|
Hostname of the back-end host. |
|
|
The mode a back-end host can be in. Allowed values: |
|
|
Back-end port. Configuring a port is optional if the default ports for HTTP (80) or HTTPS (443) are used. |
|
|
Protocol used to connect to the back-end application. Allowed values: |
|
|
Whether the host is spare. |
|
|
The weight determines the relative amount of new sessions assigned to a specific back-end host. |
|
|
Configuration of conditions for mappings with multiple back-end groups. |
|
|
Client host header to use as condition. |
|
|
The actual pattern. |
|
|
The priority guarantees a deterministic selection of the back-end group for a request with a given client host header through a mapping that is connected to multiple back-end groups. |
|
|
Expert settings for the Security Gate. |
|
|
Whether the Security Gate expert settings are enabled. |
|
|
Expert settings for the Security Gate. |
|
|
In-band health checks. |
|
|
Whether to analyze the response content to detect a back-end failure. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether in-band checks are enabled. |
|
|
Number of bytes that must be available before the response body is inspected. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
The unique name of the back-end group. |
|
|
Out-of-band health checks. |
|
|
Interval in seconds between individual calls to the check URL in case of a bad back-end. |
|
|
Number of subsequent successful requests after which the back-end will be marked as "good". |
|
|
Interval in seconds between individual calls to the check URL in case of a good back-end. |
|
|
Number of subsequent failed requests after which the back-end will be marked as "bad". |
|
|
Whether to ignore case. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether out-of-band checks are enabled. |
|
|
Host header to send to the back-end. |
|
|
Whether the pattern is enabled. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Time-out in seconds which will only apply to out-of-band calls to the check URL. |
|
|
Address of the test page. |
|
|
Tenant of the back-end group. |
|
|
Configuration of the TLS connections to back-ends hosts. |
|
|
Back-end SSL cipher list. For documentation, visit www.openssl.org and search for 'ciphers'. |
|
|
Whether back-end SSL sessions shall be resumed or not. |
|
|
Back-end SSL protocol version. Allowed values: |
|
|
List of Certificate Authorities which are used to verify the server certificate of the back-end hosts. |
|
|
Indicates if the server certificate will be verified. |
|
|
Whether the server name is verified against the common name (CN) of the server certificate. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The ssl-certificate references. |
|
|
The data type of the referenced resource. Must be "ssl-certificate" for this call. |
|
|
The ID of the ssl-certificate resource. |
|
|
The kerberos-environment references. |
|
|
The data type of the referenced resource. Must be "kerberos-environment" for this call. |
|
|
The ID of the kerberos-environment resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/back-end-groups/1/host-mode" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "back-end-host-mode-change",
"attributes" : {
"protocol" : "HTTP",
"hostName" : "myBackendHost",
"port" : "80",
"mode" : "NO_NEW_SESSIONS"
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2156
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:12.673Z"
},
"data" : {
"type" : "back-end-group",
"id" : "1",
"attributes" : {
"name" : "myBackendGroup",
"tenant" : "",
"backendHosts" : [ {
"protocol" : "HTTP",
"hostName" : "myBackendHost",
"port" : 80,
"mode" : "NO_NEW_SESSIONS",
"spare" : false,
"weight" : 100
} ],
"conditions" : {
"priority" : 0,
"clientHostHeaderPattern" : {
"pattern" : ""
}
},
"inBandChecks" : {
"enabled" : false,
"statusPattern" : {
"enabled" : true,
"pattern" : "^503$",
"inverted" : false
},
"checkResponseContentEnabled" : false,
"contentTypePattern" : {
"pattern" : "^(text|application)/(html|xhtml)",
"inverted" : false
},
"maxContentSize" : 512,
"contentPattern" : {
"pattern" : "Service Unavailable",
"caseIgnored" : true,
"inverted" : false
}
},
"outOfBandChecks" : {
"enabled" : false,
"hostHeader" : "",
"url" : "/",
"checksWhenGood" : {
"interval" : 5,
"switchAfter" : 3
},
"checksWhenBad" : {
"interval" : 3,
"switchAfter" : 3
},
"timeout" : 2,
"statusPattern" : {
"enabled" : true,
"pattern" : "^503$",
"inverted" : false
},
"contentPattern" : {
"enabled" : false,
"pattern" : "Service Unavailable",
"caseIgnored" : true,
"inverted" : false
}
},
"tls" : {
"protocol" : "DEFAULT",
"cipherSuite" : "DEFAULT",
"forceNewSession" : false,
"serverCertificateValidation" : {
"enabled" : true,
"verifyHost" : true,
"caCertificates" : [ ]
}
},
"expertSettings" : {
"securityGate" : {
"enabled" : false,
"settings" : ""
}
}
}
}
}
Add Mapping Connections
PATCH /configuration/back-end-groups/{id}/relationships/mappings
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
yes |
The ID of the referenced "mapping" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/back-end-groups/1/relationships/mappings" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "mapping",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Mapping Connections
DELETE /configuration/back-end-groups/{id}/relationships/mappings
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
yes |
The ID of the referenced "mapping" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/back-end-groups/1/relationships/mappings" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "mapping",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Add Kerberos Connection
PATCH /configuration/back-end-groups/{id}/relationships/kerberos-environment
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "kerberos-environment" for this call. |
|
|
yes |
The ID of the referenced "kerberos-environment" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/back-end-groups/1/relationships/kerberos-environment" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "kerberos-environment",
"id" : "3"
}
}'
Example Response
HTTP/1.1 204 No Content
Remove Kerberos Connection
DELETE /configuration/back-end-groups/{id}/relationships/kerberos-environment
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/back-end-groups/1/relationships/kerberos-environment" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Add Client Certificate Connection
PATCH /configuration/back-end-groups/{id}/relationships/client-certificate
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "ssl-certificate" for this call. |
|
|
yes |
The ID of the referenced "ssl-certificate" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/back-end-groups/1/relationships/client-certificate" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "ssl-certificate",
"id" : "3"
}
}'
Example Response
HTTP/1.1 204 No Content
Remove Client Certificate Connection
DELETE /configuration/back-end-groups/{id}/relationships/client-certificate
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "ssl-certificate" for this call. |
|
|
yes |
The ID of the referenced "ssl-certificate" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/back-end-groups/1/relationships/client-certificate" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "ssl-certificate",
"id" : "3"
}
}'
Example Response
HTTP/1.1 204 No Content
SSL Certificate
Access all SSL Certificates
GET /configuration/ssl-certificates
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "ssl-certificate" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Type of the certificate. Allowed values: |
|
|
Certificate in PEM format. |
|
|
List of all intermediate CA certificates in the server certificate’s CA chain in PEM format. |
|
|
Private key for the certificate in PEM format (can be encrypted). |
|
|
Root CA certificate in PEM format. |
|
|
The virtual-host references. |
|
|
The data type of the referenced resource. Must be "virtual-host" for this call. |
|
|
The ID of the virtual-host resource. |
|
|
The node references. |
|
|
The data type of the referenced resource. Must be "node" for this call. |
|
|
The ID of the node resource. |
|
|
The remote-json-web-key-set references. |
|
|
The data type of the referenced resource. Must be "remote-json-web-key-set" for this call. |
|
|
The ID of the remote-json-web-key-set resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 16362
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:47.370Z"
},
"data" : [ {
"type" : "ssl-certificate",
"id" : "-1000",
"attributes" : {
"certificate" : "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n",
"privateKey" : "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,C5189547CFDBEC5B\n\nKUOALsIUb+GKVxTF1tBeZBGJucah8kWfbVr0LNhUz2MflaKV4AmwN2N+S2KPvqeP\nEg/SicmC8O/J2jcLhrLrXvaL9YWCFYHs27fFACHhbaFC7Xr6WKKAS3hMZQcS2pXc\niij76MPykwxj2aEg8XAn0KqQ+bbkrPhNZfzKCv6KSPM3VOKD7fSE8FHAC8i4cE6D\nnc616mlXMH6G2urB53y4GMlYutkhin5Q5lp3OzGEWs0vVzitmVQ4geRWs5Sg4ctm\nrmnuC0wuajjDvh0momdXNV5yKWIi/sqNrRUAN/hEgQo/LeOlRpDTYPZis+vmh6zz\nVJ0+YyslcKRDhKuz41yki9tss8OjAkJ/bqFpAYW8QfVIAbti5aXEDQwLRrar8NpZ\nYMjT9nKFtY2HAa3NRk6VI9xF1eupEqIdybP/qC71Qera/CZa6q7sEM9BMuQ2bJlE\nnW8Ugvdlk8Suk6XNMxqvCuXYdusgIy9Go6F1o6UrNf7legsa27QeQuX4TL5A37be\nSgZzC3WbMHRPa2FlsB7QIqBlkq/ZQlKmLKX595IxPqEvlNVp+pKo4/sStAAFVyVo\nOAxOEa56PLOJwrRAI66ufKJl/og9pW6qZhEprSIFOZ0GYEAho2qFO7kxF3RK4hqK\n5r32+qtgqbYU4CoMww0MlDj/3TSjNIPNSz5KMXu8cg570ppAQ1pYBL3NhJkKNKHx\nv9yhtszdDlACKok9rqp3LdTWgJI+Lw3H3SP5Xidzg0nOtvnS0LD/huE0thnfkuaB\nLTBSvdFR6sQFtNcxppwKC1X0PDoQuwiNB/J51LpnQ1D1ho/Zor6cRhKEaYACdb2Q\nS/UT6NRzbpS/P4GU06tN8msNaBaPAWWoUECJNX7Dyiq1mk3AzQUmJksGQIcoy1D4\nmAT24Vk/xztrL116R+OIhdNq42BME0w2RRaqcohPLqVa8HTGEsJf7prieov3hQbN\nXVmxG5ewnTj0ozsGY/NQGkdzwmjsThs1UoSAEIQCSDUAEa7UAoLq+Kud+JpaAUvh\n4LTU3T8x0J+HZEclyEqKLzFf3QVAiTR6afTwUAQFNdrjhb0LKgBlEBD1RxXAWikm\nv5/FBViWcaRAJpLKcGB4bWQbEHp5u9U5XyXZtbpwPnRJzFlhhBuxVV8aeCpyBqDs\nSdRo0QmAs/vxzkgVl0XKbm9zJM7D9ZJxa6Ko55uo0gNK8DEduS/F53tJiNFKb1lY\nBBjqugCtKexynS3N4cknJTkq9KFvE27s6FNqOYiOUh9GzTTz3+0Ye+OcyIcONlHd\n8KhijeJWTM7yt7A3ZAUQGFks9nJQONMRKVykzQyRCEbKoqUqf1DrZUcLD8H6TuMt\nR7j4v1KVvptaxBkDqvXhBaqgLc4ug/p2fsXNZ8VXiogskJtTLBzb5eo/s015E72H\nOHNJSiWgG2Yzd7QF1MVZvzpsdSi9/lvuTtzTx5U2P/v+inYIMWNT2DU03Z2X2j2a\n+jkI9aTnN46UNiCPE+FVx0j+Hd2n0hUaEYyy9dtMQ5gn/DYaTF+cuTMdGmLpL2+P\nigiIPf3LlAwUwd+l9iMrDFhDtOa8rQGi8way1gamV9tk0z6AHfFAoYTmA6M0JU0c\n-----END RSA PRIVATE KEY-----\n",
"certificateChain" : [ "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n" ],
"rootCaCertificate" : "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n",
"certType" : "SERVER_CERT"
},
"relationships" : {
"virtual-hosts" : {
"data" : [ {
"type" : "virtual-host",
"id" : "200"
}, {
"type" : "virtual-host",
"id" : "201"
} ]
},
"remote-json-web-key-sets" : {
"data" : [ {
"type" : "remote-json-web-key-set",
"id" : "300"
}, {
"type" : "remote-json-web-key-set",
"id" : "301"
} ]
},
"nodes" : {
"data" : [ {
"type" : "node",
"id" : "400"
} ]
}
}
}, {
"type" : "ssl-certificate",
"id" : "1",
"attributes" : {
"certificate" : "-----BEGIN CERTIFICATE-----\nMIIEaTCCA9KgAwIBAgIBCTANBgkqhkiG9w0BAQUFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wIBcNMTIwOTEzMDkzMzE3WhgPMjA5NDExMDIwOTMzMTdaMIGSMQswCQYD\nVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxHDAaBgNV\nBAoTE0VyZ29uIEluZm9ybWF0aWsgQUcxHDAaBgNVBAMTE2FpcmxvY2suaG9zdC5k\nb21haW4xJTAjBgkqhkiG9w0BCQEWFmFpcmxvY2stZGV2ZWxAZXJnb24uY2gwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwLD++du1o+I0+080T1/VQ+PC5\nXR52b9kSMY3kAML0pG+JTXB61YssCa3jfG8cs+IVKK9gsu2s+SzB/AEJoQeG5De+\nO6p4z2vsGOTz2P9rIEA7fS5o2BKu2WRV+5RJa4w2WbQgNPolmnVvpUaZqc87y/YM\nI60ZBKCBd7GUTIw1KaldiyL8mi2OVjenTVo9dobnbXRpb4U3ziIHrPFrf/M4t7f7\nTeSGrqjRAd8rY2fu39jLweZAyZHzUkNoA/81tSQJ967WaP1I3YMdiUz9vqAImB6B\nzS33WST5MOi92YIUFL6rm3ITBF/X7tgYz2uhFNoFvMf3goRriGERkxB6ovSPAgMB\nAAGjggE0MIIBMDAJBgNVHRMEAjAAMDEGCWCGSAGG+EIBDQQkFiJTZWNsdXRpb25z\nIHRlc3RzdWl0ZUNBIGNlcnRpZmljYXRlMB0GA1UdDgQWBBSXq/aDOorEQmKEFAPx\nvpSP809RozCB0AYDVR0jBIHIMIHFgBRQPwWqPXrmjSsagxrpwlzLLXNvt6GBqaSB\npjCBozELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVy\naWNoMSIwIAYDVQQKExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQD\nExp0ZXN0c3VpdGVDQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVz\ndHN1aXRlQ0FAc2VjbHV0aW9ucy5jb22CAQAwDQYJKoZIhvcNAQEFBQADgYEAE+f1\n+0bs978AnmysqCGW50yJzb9HiYXkisGoZJaGvSrTp+V5bUC9/ZOyhchP06g56OJG\n87KsluBnVSYtdr8ktudk+bnKB26gtY5ZlLT0vTMX2ZgAVQvmCR6kDK77r+woKshW\ng+jN2LaaZGLXm9TZIhgEdzUn5HUB9lDtXUcgRgw=\n-----END CERTIFICATE-----\n",
"privateKey" : "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,C25730E419F3C597\n\n1hVqxCTfprR/RabWcYGf+ciWj/5mzW14eypJ1fEzaJlVHpuCluNQ7RUMzLl1kSkH\nn2BVCEhNmuqm+I3T88HaAeoKvprLdiMpUwTJlwkZNhaTN46QyqpgGWjIYMJ1/bgH\nsT30xDg9+FdhQnrQQnj2EYy8HeC4teu/bc7cO13ZHfdplDVW+wfhyWAsuj7rfuA0\n1XarTKQwEZvfSUOCpNM3+CkX4Syu6G0SFip4NBe7f8vJADEB1UWMSYRCFled9EmL\nPJo3aX1f3Ji8Mud+83h896mBku0XWPTZQieRRZqiiQtGqf40pmtdjDiC4zQoDxm7\niVmUW31iYL6ESUoVgTKRshC45XSnrGclIeG9GMrqSNFXqYpzPh30KwHkWXfR8EqN\nhi4bJ7L5O0w0NNQIBhO5sTXqHe3objxztZlx0zMgFSaK5mwEdum+0Kmv+DRjExlf\n1l6/kdhMiIjw+PHh6FP2URcx49DIM1cQir1wofWsD5BiTGFIL9jyo5oo16YFWoLx\nfKJjQDnH04SvVQKM5xtIfJP9gp1G7seMaE4SXiVZ9gtEuz0Ws8BJo6gdWeYudhcd\nML8sj/QpVqnNRGsPpQdwlugaB4+eLDsST/Z4dOTloNuXtzuGMs4jXNTJVlAT0lC/\nPn9H6TnX8ixCVYZmqJHvX5aLAV0AUZNYT/AncZj6KzOrCHf6HmUc0y1nYO8ZKu7J\n1nkRUvViqPol9s/5tn01Dg5iIGklJgLf0+vLpV2K1DlJL53WsB14Nqt/cZaOLuq1\n9GaOTDL/GpJwlqH85KI04gG2m+HOBKAUUs9vewFLSgjIRihdLbHYIl3VkAJlZSFu\nYMdutVbbF+hT/TJe9daFlT2w+d7XuTgK2Q37N1J4CbW3tdwQrj8RsK35/a/QVbs9\nRXj7fRqqwAivRmdHENqif8RUNmeMS7/cQtp1K71Kc89bM7TkBH/rE3Iw3QtnzMy4\n8XAtvVDtdS66uPuw9NvzhnaSRFUPOgZ1ywHWH1kcykHjiv/fqA62qqTVaslIvUvr\njXVvYd1BVF5dPZSKoRKOLPnrDacZqnbUkbl1pBHnkfnu3eLyFLmurcc1dhT1S+3F\nfH+6UrSWyKbanoQgUsr+rlTMwfbDX6aDDHPseqsSLk38uBIJ+v/G8oIRMpKjzOja\no7X2xL4mISrAfB3DNkVm+Qdf4uex/NYJhaaT8CrnYdOgERvSNtIPW2gsqUVPvdil\nnEwJ+au6quvBTUAw1zVU7746F5Rf/DWOhKOE/Hsndjuv/PqAVMGeV5K+laAj8huE\nTb6SvO+ZcHIBW4nDFN7e9avx8l4xI8+QWKLUAcsDzaXUv7AJFNCCq+37IGJqszhT\n4zDzNtnWXvk5LzqcrTmsyObg7PZiDhbr64EdVZnqAIMMV/Xu/L52h697a15NqoO5\nRTxMy30ANjb30V1nghGOsoBrNhw6EnifhVk3QxLsLsVL3EU2QZXGoC9ieR85pL4E\n9UVJ+Fgs8gGjYVe/lmhqj6XdoC5r5rOzDCtEO25WiFKVYAXaPuk3myRys+aQArXP\npUyFwsfmX46aEbwLF9VpURoDx08eRrqkuLzmVJcXrTMn9G0xQFWMZw==\n-----END RSA PRIVATE KEY-----\n",
"certificateChain" : [ "-----BEGIN CERTIFICATE-----\nMIIEaTCCA9KgAwIBAgIBCTANBgkqhkiG9w0BAQUFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wIBcNMTIwOTEzMDkzMzE3WhgPMjA5NDExMDIwOTMzMTdaMIGSMQswCQYD\nVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxHDAaBgNV\nBAoTE0VyZ29uIEluZm9ybWF0aWsgQUcxHDAaBgNVBAMTE2FpcmxvY2suaG9zdC5k\nb21haW4xJTAjBgkqhkiG9w0BCQEWFmFpcmxvY2stZGV2ZWxAZXJnb24uY2gwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwLD++du1o+I0+080T1/VQ+PC5\nXR52b9kSMY3kAML0pG+JTXB61YssCa3jfG8cs+IVKK9gsu2s+SzB/AEJoQeG5De+\nO6p4z2vsGOTz2P9rIEA7fS5o2BKu2WRV+5RJa4w2WbQgNPolmnVvpUaZqc87y/YM\nI60ZBKCBd7GUTIw1KaldiyL8mi2OVjenTVo9dobnbXRpb4U3ziIHrPFrf/M4t7f7\nTeSGrqjRAd8rY2fu39jLweZAyZHzUkNoA/81tSQJ967WaP1I3YMdiUz9vqAImB6B\nzS33WST5MOi92YIUFL6rm3ITBF/X7tgYz2uhFNoFvMf3goRriGERkxB6ovSPAgMB\nAAGjggE0MIIBMDAJBgNVHRMEAjAAMDEGCWCGSAGG+EIBDQQkFiJTZWNsdXRpb25z\nIHRlc3RzdWl0ZUNBIGNlcnRpZmljYXRlMB0GA1UdDgQWBBSXq/aDOorEQmKEFAPx\nvpSP809RozCB0AYDVR0jBIHIMIHFgBRQPwWqPXrmjSsagxrpwlzLLXNvt6GBqaSB\npjCBozELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVy\naWNoMSIwIAYDVQQKExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQD\nExp0ZXN0c3VpdGVDQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVz\ndHN1aXRlQ0FAc2VjbHV0aW9ucy5jb22CAQAwDQYJKoZIhvcNAQEFBQADgYEAE+f1\n+0bs978AnmysqCGW50yJzb9HiYXkisGoZJaGvSrTp+V5bUC9/ZOyhchP06g56OJG\n87KsluBnVSYtdr8ktudk+bnKB26gtY5ZlLT0vTMX2ZgAVQvmCR6kDK77r+woKshW\ng+jN2LaaZGLXm9TZIhgEdzUn5HUB9lDtXUcgRgw=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n" ],
"rootCaCertificate" : "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n",
"certType" : "SERVER_CERT"
},
"relationships" : {
"virtual-hosts" : {
"data" : [ {
"type" : "virtual-host",
"id" : "1200"
}, {
"type" : "virtual-host",
"id" : "1300"
} ]
}
}
} ]
}
Access a SSL Certificate
GET /configuration/ssl-certificates/{id}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "ssl-certificate" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Type of the certificate. Allowed values: |
|
|
Certificate in PEM format. |
|
|
List of all intermediate CA certificates in the server certificate’s CA chain in PEM format. |
|
|
Private key for the certificate in PEM format (can be encrypted). |
|
|
Root CA certificate in PEM format. |
|
|
The virtual-host references. |
|
|
The data type of the referenced resource. Must be "virtual-host" for this call. |
|
|
The ID of the virtual-host resource. |
|
|
The node references. |
|
|
The data type of the referenced resource. Must be "node" for this call. |
|
|
The ID of the node resource. |
|
|
The remote-json-web-key-set references. |
|
|
The data type of the referenced resource. Must be "remote-json-web-key-set" for this call. |
|
|
The ID of the remote-json-web-key-set resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates/1" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 8369
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:36.818Z"
},
"data" : {
"type" : "ssl-certificate",
"id" : "1",
"attributes" : {
"certificate" : "-----BEGIN CERTIFICATE-----\nMIIEaTCCA9KgAwIBAgIBCTANBgkqhkiG9w0BAQUFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wIBcNMTIwOTEzMDkzMzE3WhgPMjA5NDExMDIwOTMzMTdaMIGSMQswCQYD\nVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxHDAaBgNV\nBAoTE0VyZ29uIEluZm9ybWF0aWsgQUcxHDAaBgNVBAMTE2FpcmxvY2suaG9zdC5k\nb21haW4xJTAjBgkqhkiG9w0BCQEWFmFpcmxvY2stZGV2ZWxAZXJnb24uY2gwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwLD++du1o+I0+080T1/VQ+PC5\nXR52b9kSMY3kAML0pG+JTXB61YssCa3jfG8cs+IVKK9gsu2s+SzB/AEJoQeG5De+\nO6p4z2vsGOTz2P9rIEA7fS5o2BKu2WRV+5RJa4w2WbQgNPolmnVvpUaZqc87y/YM\nI60ZBKCBd7GUTIw1KaldiyL8mi2OVjenTVo9dobnbXRpb4U3ziIHrPFrf/M4t7f7\nTeSGrqjRAd8rY2fu39jLweZAyZHzUkNoA/81tSQJ967WaP1I3YMdiUz9vqAImB6B\nzS33WST5MOi92YIUFL6rm3ITBF/X7tgYz2uhFNoFvMf3goRriGERkxB6ovSPAgMB\nAAGjggE0MIIBMDAJBgNVHRMEAjAAMDEGCWCGSAGG+EIBDQQkFiJTZWNsdXRpb25z\nIHRlc3RzdWl0ZUNBIGNlcnRpZmljYXRlMB0GA1UdDgQWBBSXq/aDOorEQmKEFAPx\nvpSP809RozCB0AYDVR0jBIHIMIHFgBRQPwWqPXrmjSsagxrpwlzLLXNvt6GBqaSB\npjCBozELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVy\naWNoMSIwIAYDVQQKExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQD\nExp0ZXN0c3VpdGVDQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVz\ndHN1aXRlQ0FAc2VjbHV0aW9ucy5jb22CAQAwDQYJKoZIhvcNAQEFBQADgYEAE+f1\n+0bs978AnmysqCGW50yJzb9HiYXkisGoZJaGvSrTp+V5bUC9/ZOyhchP06g56OJG\n87KsluBnVSYtdr8ktudk+bnKB26gtY5ZlLT0vTMX2ZgAVQvmCR6kDK77r+woKshW\ng+jN2LaaZGLXm9TZIhgEdzUn5HUB9lDtXUcgRgw=\n-----END CERTIFICATE-----\n",
"privateKey" : "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,C25730E419F3C597\n\n1hVqxCTfprR/RabWcYGf+ciWj/5mzW14eypJ1fEzaJlVHpuCluNQ7RUMzLl1kSkH\nn2BVCEhNmuqm+I3T88HaAeoKvprLdiMpUwTJlwkZNhaTN46QyqpgGWjIYMJ1/bgH\nsT30xDg9+FdhQnrQQnj2EYy8HeC4teu/bc7cO13ZHfdplDVW+wfhyWAsuj7rfuA0\n1XarTKQwEZvfSUOCpNM3+CkX4Syu6G0SFip4NBe7f8vJADEB1UWMSYRCFled9EmL\nPJo3aX1f3Ji8Mud+83h896mBku0XWPTZQieRRZqiiQtGqf40pmtdjDiC4zQoDxm7\niVmUW31iYL6ESUoVgTKRshC45XSnrGclIeG9GMrqSNFXqYpzPh30KwHkWXfR8EqN\nhi4bJ7L5O0w0NNQIBhO5sTXqHe3objxztZlx0zMgFSaK5mwEdum+0Kmv+DRjExlf\n1l6/kdhMiIjw+PHh6FP2URcx49DIM1cQir1wofWsD5BiTGFIL9jyo5oo16YFWoLx\nfKJjQDnH04SvVQKM5xtIfJP9gp1G7seMaE4SXiVZ9gtEuz0Ws8BJo6gdWeYudhcd\nML8sj/QpVqnNRGsPpQdwlugaB4+eLDsST/Z4dOTloNuXtzuGMs4jXNTJVlAT0lC/\nPn9H6TnX8ixCVYZmqJHvX5aLAV0AUZNYT/AncZj6KzOrCHf6HmUc0y1nYO8ZKu7J\n1nkRUvViqPol9s/5tn01Dg5iIGklJgLf0+vLpV2K1DlJL53WsB14Nqt/cZaOLuq1\n9GaOTDL/GpJwlqH85KI04gG2m+HOBKAUUs9vewFLSgjIRihdLbHYIl3VkAJlZSFu\nYMdutVbbF+hT/TJe9daFlT2w+d7XuTgK2Q37N1J4CbW3tdwQrj8RsK35/a/QVbs9\nRXj7fRqqwAivRmdHENqif8RUNmeMS7/cQtp1K71Kc89bM7TkBH/rE3Iw3QtnzMy4\n8XAtvVDtdS66uPuw9NvzhnaSRFUPOgZ1ywHWH1kcykHjiv/fqA62qqTVaslIvUvr\njXVvYd1BVF5dPZSKoRKOLPnrDacZqnbUkbl1pBHnkfnu3eLyFLmurcc1dhT1S+3F\nfH+6UrSWyKbanoQgUsr+rlTMwfbDX6aDDHPseqsSLk38uBIJ+v/G8oIRMpKjzOja\no7X2xL4mISrAfB3DNkVm+Qdf4uex/NYJhaaT8CrnYdOgERvSNtIPW2gsqUVPvdil\nnEwJ+au6quvBTUAw1zVU7746F5Rf/DWOhKOE/Hsndjuv/PqAVMGeV5K+laAj8huE\nTb6SvO+ZcHIBW4nDFN7e9avx8l4xI8+QWKLUAcsDzaXUv7AJFNCCq+37IGJqszhT\n4zDzNtnWXvk5LzqcrTmsyObg7PZiDhbr64EdVZnqAIMMV/Xu/L52h697a15NqoO5\nRTxMy30ANjb30V1nghGOsoBrNhw6EnifhVk3QxLsLsVL3EU2QZXGoC9ieR85pL4E\n9UVJ+Fgs8gGjYVe/lmhqj6XdoC5r5rOzDCtEO25WiFKVYAXaPuk3myRys+aQArXP\npUyFwsfmX46aEbwLF9VpURoDx08eRrqkuLzmVJcXrTMn9G0xQFWMZw==\n-----END RSA PRIVATE KEY-----\n",
"certificateChain" : [ "-----BEGIN CERTIFICATE-----\nMIIEaTCCA9KgAwIBAgIBCTANBgkqhkiG9w0BAQUFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wIBcNMTIwOTEzMDkzMzE3WhgPMjA5NDExMDIwOTMzMTdaMIGSMQswCQYD\nVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxHDAaBgNV\nBAoTE0VyZ29uIEluZm9ybWF0aWsgQUcxHDAaBgNVBAMTE2FpcmxvY2suaG9zdC5k\nb21haW4xJTAjBgkqhkiG9w0BCQEWFmFpcmxvY2stZGV2ZWxAZXJnb24uY2gwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwLD++du1o+I0+080T1/VQ+PC5\nXR52b9kSMY3kAML0pG+JTXB61YssCa3jfG8cs+IVKK9gsu2s+SzB/AEJoQeG5De+\nO6p4z2vsGOTz2P9rIEA7fS5o2BKu2WRV+5RJa4w2WbQgNPolmnVvpUaZqc87y/YM\nI60ZBKCBd7GUTIw1KaldiyL8mi2OVjenTVo9dobnbXRpb4U3ziIHrPFrf/M4t7f7\nTeSGrqjRAd8rY2fu39jLweZAyZHzUkNoA/81tSQJ967WaP1I3YMdiUz9vqAImB6B\nzS33WST5MOi92YIUFL6rm3ITBF/X7tgYz2uhFNoFvMf3goRriGERkxB6ovSPAgMB\nAAGjggE0MIIBMDAJBgNVHRMEAjAAMDEGCWCGSAGG+EIBDQQkFiJTZWNsdXRpb25z\nIHRlc3RzdWl0ZUNBIGNlcnRpZmljYXRlMB0GA1UdDgQWBBSXq/aDOorEQmKEFAPx\nvpSP809RozCB0AYDVR0jBIHIMIHFgBRQPwWqPXrmjSsagxrpwlzLLXNvt6GBqaSB\npjCBozELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVy\naWNoMSIwIAYDVQQKExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQD\nExp0ZXN0c3VpdGVDQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVz\ndHN1aXRlQ0FAc2VjbHV0aW9ucy5jb22CAQAwDQYJKoZIhvcNAQEFBQADgYEAE+f1\n+0bs978AnmysqCGW50yJzb9HiYXkisGoZJaGvSrTp+V5bUC9/ZOyhchP06g56OJG\n87KsluBnVSYtdr8ktudk+bnKB26gtY5ZlLT0vTMX2ZgAVQvmCR6kDK77r+woKshW\ng+jN2LaaZGLXm9TZIhgEdzUn5HUB9lDtXUcgRgw=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n" ],
"rootCaCertificate" : "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n",
"certType" : "SERVER_CERT"
},
"relationships" : {
"virtual-hosts" : {
"data" : [ {
"type" : "virtual-host",
"id" : "1200"
}, {
"type" : "virtual-host",
"id" : "1300"
} ]
}
}
}
}
Create a SSL Certificate
POST /configuration/ssl-certificates
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "ssl-certificate" for this call. |
|
|
no |
Type of the certificate. Allowed values: |
|
|
yes |
Certificate in PEM format. |
|
|
yes |
List of all intermediate CA certificates in the server certificate’s CA chain in PEM format. |
|
|
yes |
Passphrase in case of an encrypted private key (not persistent). |
|
|
yes |
Private key for the certificate in PEM format (can be encrypted). |
|
|
yes |
Root CA certificate in PEM format. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "ssl-certificate" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Type of the certificate. Allowed values: |
|
|
Certificate in PEM format. |
|
|
List of all intermediate CA certificates in the server certificate’s CA chain in PEM format. |
|
|
Private key for the certificate in PEM format (can be encrypted). |
|
|
Root CA certificate in PEM format. |
|
|
The virtual-host references. |
|
|
The data type of the referenced resource. Must be "virtual-host" for this call. |
|
|
The ID of the virtual-host resource. |
|
|
The node references. |
|
|
The data type of the referenced resource. Must be "node" for this call. |
|
|
The ID of the node resource. |
|
|
The remote-json-web-key-set references. |
|
|
The data type of the referenced resource. Must be "remote-json-web-key-set" for this call. |
|
|
The ID of the remote-json-web-key-set resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "ssl-certificate",
"attributes" : {
"certificate" : "-----BEGIN CERTIFICATE-----\nMIIEaTCCA9KgAwIBAgIBCTANBgkqhkiG9w0BAQUFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wIBcNMTIwOTEzMDkzMzE3WhgPMjA5NDExMDIwOTMzMTdaMIGSMQswCQYD\nVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxHDAaBgNV\nBAoTE0VyZ29uIEluZm9ybWF0aWsgQUcxHDAaBgNVBAMTE2FpcmxvY2suaG9zdC5k\nb21haW4xJTAjBgkqhkiG9w0BCQEWFmFpcmxvY2stZGV2ZWxAZXJnb24uY2gwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwLD++du1o+I0+080T1/VQ+PC5\nXR52b9kSMY3kAML0pG+JTXB61YssCa3jfG8cs+IVKK9gsu2s+SzB/AEJoQeG5De+\nO6p4z2vsGOTz2P9rIEA7fS5o2BKu2WRV+5RJa4w2WbQgNPolmnVvpUaZqc87y/YM\nI60ZBKCBd7GUTIw1KaldiyL8mi2OVjenTVo9dobnbXRpb4U3ziIHrPFrf/M4t7f7\nTeSGrqjRAd8rY2fu39jLweZAyZHzUkNoA/81tSQJ967WaP1I3YMdiUz9vqAImB6B\nzS33WST5MOi92YIUFL6rm3ITBF/X7tgYz2uhFNoFvMf3goRriGERkxB6ovSPAgMB\nAAGjggE0MIIBMDAJBgNVHRMEAjAAMDEGCWCGSAGG+EIBDQQkFiJTZWNsdXRpb25z\nIHRlc3RzdWl0ZUNBIGNlcnRpZmljYXRlMB0GA1UdDgQWBBSXq/aDOorEQmKEFAPx\nvpSP809RozCB0AYDVR0jBIHIMIHFgBRQPwWqPXrmjSsagxrpwlzLLXNvt6GBqaSB\npjCBozELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVy\naWNoMSIwIAYDVQQKExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQD\nExp0ZXN0c3VpdGVDQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVz\ndHN1aXRlQ0FAc2VjbHV0aW9ucy5jb22CAQAwDQYJKoZIhvcNAQEFBQADgYEAE+f1\n+0bs978AnmysqCGW50yJzb9HiYXkisGoZJaGvSrTp+V5bUC9/ZOyhchP06g56OJG\n87KsluBnVSYtdr8ktudk+bnKB26gtY5ZlLT0vTMX2ZgAVQvmCR6kDK77r+woKshW\ng+jN2LaaZGLXm9TZIhgEdzUn5HUB9lDtXUcgRgw=\n-----END CERTIFICATE-----\n",
"privateKey" : "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,C25730E419F3C597\n\n1hVqxCTfprR/RabWcYGf+ciWj/5mzW14eypJ1fEzaJlVHpuCluNQ7RUMzLl1kSkH\nn2BVCEhNmuqm+I3T88HaAeoKvprLdiMpUwTJlwkZNhaTN46QyqpgGWjIYMJ1/bgH\nsT30xDg9+FdhQnrQQnj2EYy8HeC4teu/bc7cO13ZHfdplDVW+wfhyWAsuj7rfuA0\n1XarTKQwEZvfSUOCpNM3+CkX4Syu6G0SFip4NBe7f8vJADEB1UWMSYRCFled9EmL\nPJo3aX1f3Ji8Mud+83h896mBku0XWPTZQieRRZqiiQtGqf40pmtdjDiC4zQoDxm7\niVmUW31iYL6ESUoVgTKRshC45XSnrGclIeG9GMrqSNFXqYpzPh30KwHkWXfR8EqN\nhi4bJ7L5O0w0NNQIBhO5sTXqHe3objxztZlx0zMgFSaK5mwEdum+0Kmv+DRjExlf\n1l6/kdhMiIjw+PHh6FP2URcx49DIM1cQir1wofWsD5BiTGFIL9jyo5oo16YFWoLx\nfKJjQDnH04SvVQKM5xtIfJP9gp1G7seMaE4SXiVZ9gtEuz0Ws8BJo6gdWeYudhcd\nML8sj/QpVqnNRGsPpQdwlugaB4+eLDsST/Z4dOTloNuXtzuGMs4jXNTJVlAT0lC/\nPn9H6TnX8ixCVYZmqJHvX5aLAV0AUZNYT/AncZj6KzOrCHf6HmUc0y1nYO8ZKu7J\n1nkRUvViqPol9s/5tn01Dg5iIGklJgLf0+vLpV2K1DlJL53WsB14Nqt/cZaOLuq1\n9GaOTDL/GpJwlqH85KI04gG2m+HOBKAUUs9vewFLSgjIRihdLbHYIl3VkAJlZSFu\nYMdutVbbF+hT/TJe9daFlT2w+d7XuTgK2Q37N1J4CbW3tdwQrj8RsK35/a/QVbs9\nRXj7fRqqwAivRmdHENqif8RUNmeMS7/cQtp1K71Kc89bM7TkBH/rE3Iw3QtnzMy4\n8XAtvVDtdS66uPuw9NvzhnaSRFUPOgZ1ywHWH1kcykHjiv/fqA62qqTVaslIvUvr\njXVvYd1BVF5dPZSKoRKOLPnrDacZqnbUkbl1pBHnkfnu3eLyFLmurcc1dhT1S+3F\nfH+6UrSWyKbanoQgUsr+rlTMwfbDX6aDDHPseqsSLk38uBIJ+v/G8oIRMpKjzOja\no7X2xL4mISrAfB3DNkVm+Qdf4uex/NYJhaaT8CrnYdOgERvSNtIPW2gsqUVPvdil\nnEwJ+au6quvBTUAw1zVU7746F5Rf/DWOhKOE/Hsndjuv/PqAVMGeV5K+laAj8huE\nTb6SvO+ZcHIBW4nDFN7e9avx8l4xI8+QWKLUAcsDzaXUv7AJFNCCq+37IGJqszhT\n4zDzNtnWXvk5LzqcrTmsyObg7PZiDhbr64EdVZnqAIMMV/Xu/L52h697a15NqoO5\nRTxMy30ANjb30V1nghGOsoBrNhw6EnifhVk3QxLsLsVL3EU2QZXGoC9ieR85pL4E\n9UVJ+Fgs8gGjYVe/lmhqj6XdoC5r5rOzDCtEO25WiFKVYAXaPuk3myRys+aQArXP\npUyFwsfmX46aEbwLF9VpURoDx08eRrqkuLzmVJcXrTMn9G0xQFWMZw==\n-----END RSA PRIVATE KEY-----\n",
"passphrase" : "password",
"certificateChain" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIEaTCCA9KgAwIBAgIBCTANBgkqhkiG9w0BAQUFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wIBcNMTIwOTEzMDkzMzE3WhgPMjA5NDExMDIwOTMzMTdaMIGSMQswCQYD\nVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxHDAaBgNV\nBAoTE0VyZ29uIEluZm9ybWF0aWsgQUcxHDAaBgNVBAMTE2FpcmxvY2suaG9zdC5k\nb21haW4xJTAjBgkqhkiG9w0BCQEWFmFpcmxvY2stZGV2ZWxAZXJnb24uY2gwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwLD++du1o+I0+080T1/VQ+PC5\nXR52b9kSMY3kAML0pG+JTXB61YssCa3jfG8cs+IVKK9gsu2s+SzB/AEJoQeG5De+\nO6p4z2vsGOTz2P9rIEA7fS5o2BKu2WRV+5RJa4w2WbQgNPolmnVvpUaZqc87y/YM\nI60ZBKCBd7GUTIw1KaldiyL8mi2OVjenTVo9dobnbXRpb4U3ziIHrPFrf/M4t7f7\nTeSGrqjRAd8rY2fu39jLweZAyZHzUkNoA/81tSQJ967WaP1I3YMdiUz9vqAImB6B\nzS33WST5MOi92YIUFL6rm3ITBF/X7tgYz2uhFNoFvMf3goRriGERkxB6ovSPAgMB\nAAGjggE0MIIBMDAJBgNVHRMEAjAAMDEGCWCGSAGG+EIBDQQkFiJTZWNsdXRpb25z\nIHRlc3RzdWl0ZUNBIGNlcnRpZmljYXRlMB0GA1UdDgQWBBSXq/aDOorEQmKEFAPx\nvpSP809RozCB0AYDVR0jBIHIMIHFgBRQPwWqPXrmjSsagxrpwlzLLXNvt6GBqaSB\npjCBozELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVy\naWNoMSIwIAYDVQQKExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQD\nExp0ZXN0c3VpdGVDQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVz\ndHN1aXRlQ0FAc2VjbHV0aW9ucy5jb22CAQAwDQYJKoZIhvcNAQEFBQADgYEAE+f1\n+0bs978AnmysqCGW50yJzb9HiYXkisGoZJaGvSrTp+V5bUC9/ZOyhchP06g56OJG\n87KsluBnVSYtdr8ktudk+bnKB26gtY5ZlLT0vTMX2ZgAVQvmCR6kDK77r+woKshW\ng+jN2LaaZGLXm9TZIhgEdzUn5HUB9lDtXUcgRgw=\n-----END CERTIFICATE-----\n" ],
"rootCaCertificate" : "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n",
"certType" : "SERVER_CERT"
}
}
}'
Example Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 8140
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:44.557Z"
},
"data" : {
"type" : "ssl-certificate",
"id" : "3",
"attributes" : {
"certificate" : "-----BEGIN CERTIFICATE-----\nMIIEaTCCA9KgAwIBAgIBCTANBgkqhkiG9w0BAQUFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wIBcNMTIwOTEzMDkzMzE3WhgPMjA5NDExMDIwOTMzMTdaMIGSMQswCQYD\nVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxHDAaBgNV\nBAoTE0VyZ29uIEluZm9ybWF0aWsgQUcxHDAaBgNVBAMTE2FpcmxvY2suaG9zdC5k\nb21haW4xJTAjBgkqhkiG9w0BCQEWFmFpcmxvY2stZGV2ZWxAZXJnb24uY2gwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwLD++du1o+I0+080T1/VQ+PC5\nXR52b9kSMY3kAML0pG+JTXB61YssCa3jfG8cs+IVKK9gsu2s+SzB/AEJoQeG5De+\nO6p4z2vsGOTz2P9rIEA7fS5o2BKu2WRV+5RJa4w2WbQgNPolmnVvpUaZqc87y/YM\nI60ZBKCBd7GUTIw1KaldiyL8mi2OVjenTVo9dobnbXRpb4U3ziIHrPFrf/M4t7f7\nTeSGrqjRAd8rY2fu39jLweZAyZHzUkNoA/81tSQJ967WaP1I3YMdiUz9vqAImB6B\nzS33WST5MOi92YIUFL6rm3ITBF/X7tgYz2uhFNoFvMf3goRriGERkxB6ovSPAgMB\nAAGjggE0MIIBMDAJBgNVHRMEAjAAMDEGCWCGSAGG+EIBDQQkFiJTZWNsdXRpb25z\nIHRlc3RzdWl0ZUNBIGNlcnRpZmljYXRlMB0GA1UdDgQWBBSXq/aDOorEQmKEFAPx\nvpSP809RozCB0AYDVR0jBIHIMIHFgBRQPwWqPXrmjSsagxrpwlzLLXNvt6GBqaSB\npjCBozELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVy\naWNoMSIwIAYDVQQKExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQD\nExp0ZXN0c3VpdGVDQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVz\ndHN1aXRlQ0FAc2VjbHV0aW9ucy5jb22CAQAwDQYJKoZIhvcNAQEFBQADgYEAE+f1\n+0bs978AnmysqCGW50yJzb9HiYXkisGoZJaGvSrTp+V5bUC9/ZOyhchP06g56OJG\n87KsluBnVSYtdr8ktudk+bnKB26gtY5ZlLT0vTMX2ZgAVQvmCR6kDK77r+woKshW\ng+jN2LaaZGLXm9TZIhgEdzUn5HUB9lDtXUcgRgw=\n-----END CERTIFICATE-----\n",
"privateKey" : "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,C25730E419F3C597\n\n1hVqxCTfprR/RabWcYGf+ciWj/5mzW14eypJ1fEzaJlVHpuCluNQ7RUMzLl1kSkH\nn2BVCEhNmuqm+I3T88HaAeoKvprLdiMpUwTJlwkZNhaTN46QyqpgGWjIYMJ1/bgH\nsT30xDg9+FdhQnrQQnj2EYy8HeC4teu/bc7cO13ZHfdplDVW+wfhyWAsuj7rfuA0\n1XarTKQwEZvfSUOCpNM3+CkX4Syu6G0SFip4NBe7f8vJADEB1UWMSYRCFled9EmL\nPJo3aX1f3Ji8Mud+83h896mBku0XWPTZQieRRZqiiQtGqf40pmtdjDiC4zQoDxm7\niVmUW31iYL6ESUoVgTKRshC45XSnrGclIeG9GMrqSNFXqYpzPh30KwHkWXfR8EqN\nhi4bJ7L5O0w0NNQIBhO5sTXqHe3objxztZlx0zMgFSaK5mwEdum+0Kmv+DRjExlf\n1l6/kdhMiIjw+PHh6FP2URcx49DIM1cQir1wofWsD5BiTGFIL9jyo5oo16YFWoLx\nfKJjQDnH04SvVQKM5xtIfJP9gp1G7seMaE4SXiVZ9gtEuz0Ws8BJo6gdWeYudhcd\nML8sj/QpVqnNRGsPpQdwlugaB4+eLDsST/Z4dOTloNuXtzuGMs4jXNTJVlAT0lC/\nPn9H6TnX8ixCVYZmqJHvX5aLAV0AUZNYT/AncZj6KzOrCHf6HmUc0y1nYO8ZKu7J\n1nkRUvViqPol9s/5tn01Dg5iIGklJgLf0+vLpV2K1DlJL53WsB14Nqt/cZaOLuq1\n9GaOTDL/GpJwlqH85KI04gG2m+HOBKAUUs9vewFLSgjIRihdLbHYIl3VkAJlZSFu\nYMdutVbbF+hT/TJe9daFlT2w+d7XuTgK2Q37N1J4CbW3tdwQrj8RsK35/a/QVbs9\nRXj7fRqqwAivRmdHENqif8RUNmeMS7/cQtp1K71Kc89bM7TkBH/rE3Iw3QtnzMy4\n8XAtvVDtdS66uPuw9NvzhnaSRFUPOgZ1ywHWH1kcykHjiv/fqA62qqTVaslIvUvr\njXVvYd1BVF5dPZSKoRKOLPnrDacZqnbUkbl1pBHnkfnu3eLyFLmurcc1dhT1S+3F\nfH+6UrSWyKbanoQgUsr+rlTMwfbDX6aDDHPseqsSLk38uBIJ+v/G8oIRMpKjzOja\no7X2xL4mISrAfB3DNkVm+Qdf4uex/NYJhaaT8CrnYdOgERvSNtIPW2gsqUVPvdil\nnEwJ+au6quvBTUAw1zVU7746F5Rf/DWOhKOE/Hsndjuv/PqAVMGeV5K+laAj8huE\nTb6SvO+ZcHIBW4nDFN7e9avx8l4xI8+QWKLUAcsDzaXUv7AJFNCCq+37IGJqszhT\n4zDzNtnWXvk5LzqcrTmsyObg7PZiDhbr64EdVZnqAIMMV/Xu/L52h697a15NqoO5\nRTxMy30ANjb30V1nghGOsoBrNhw6EnifhVk3QxLsLsVL3EU2QZXGoC9ieR85pL4E\n9UVJ+Fgs8gGjYVe/lmhqj6XdoC5r5rOzDCtEO25WiFKVYAXaPuk3myRys+aQArXP\npUyFwsfmX46aEbwLF9VpURoDx08eRrqkuLzmVJcXrTMn9G0xQFWMZw==\n-----END RSA PRIVATE KEY-----\n",
"certificateChain" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIEaTCCA9KgAwIBAgIBCTANBgkqhkiG9w0BAQUFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wIBcNMTIwOTEzMDkzMzE3WhgPMjA5NDExMDIwOTMzMTdaMIGSMQswCQYD\nVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxHDAaBgNV\nBAoTE0VyZ29uIEluZm9ybWF0aWsgQUcxHDAaBgNVBAMTE2FpcmxvY2suaG9zdC5k\nb21haW4xJTAjBgkqhkiG9w0BCQEWFmFpcmxvY2stZGV2ZWxAZXJnb24uY2gwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwLD++du1o+I0+080T1/VQ+PC5\nXR52b9kSMY3kAML0pG+JTXB61YssCa3jfG8cs+IVKK9gsu2s+SzB/AEJoQeG5De+\nO6p4z2vsGOTz2P9rIEA7fS5o2BKu2WRV+5RJa4w2WbQgNPolmnVvpUaZqc87y/YM\nI60ZBKCBd7GUTIw1KaldiyL8mi2OVjenTVo9dobnbXRpb4U3ziIHrPFrf/M4t7f7\nTeSGrqjRAd8rY2fu39jLweZAyZHzUkNoA/81tSQJ967WaP1I3YMdiUz9vqAImB6B\nzS33WST5MOi92YIUFL6rm3ITBF/X7tgYz2uhFNoFvMf3goRriGERkxB6ovSPAgMB\nAAGjggE0MIIBMDAJBgNVHRMEAjAAMDEGCWCGSAGG+EIBDQQkFiJTZWNsdXRpb25z\nIHRlc3RzdWl0ZUNBIGNlcnRpZmljYXRlMB0GA1UdDgQWBBSXq/aDOorEQmKEFAPx\nvpSP809RozCB0AYDVR0jBIHIMIHFgBRQPwWqPXrmjSsagxrpwlzLLXNvt6GBqaSB\npjCBozELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVy\naWNoMSIwIAYDVQQKExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQD\nExp0ZXN0c3VpdGVDQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVz\ndHN1aXRlQ0FAc2VjbHV0aW9ucy5jb22CAQAwDQYJKoZIhvcNAQEFBQADgYEAE+f1\n+0bs978AnmysqCGW50yJzb9HiYXkisGoZJaGvSrTp+V5bUC9/ZOyhchP06g56OJG\n87KsluBnVSYtdr8ktudk+bnKB26gtY5ZlLT0vTMX2ZgAVQvmCR6kDK77r+woKshW\ng+jN2LaaZGLXm9TZIhgEdzUn5HUB9lDtXUcgRgw=\n-----END CERTIFICATE-----\n" ],
"rootCaCertificate" : "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n",
"certType" : "SERVER_CERT"
}
}
}
Example Request with wrong passphrase
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "ssl-certificate",
"attributes" : {
"certificate" : "-----BEGIN CERTIFICATE-----\nMIIEaTCCA9KgAwIBAgIBCTANBgkqhkiG9w0BAQUFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wIBcNMTIwOTEzMDkzMzE3WhgPMjA5NDExMDIwOTMzMTdaMIGSMQswCQYD\nVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxHDAaBgNV\nBAoTE0VyZ29uIEluZm9ybWF0aWsgQUcxHDAaBgNVBAMTE2FpcmxvY2suaG9zdC5k\nb21haW4xJTAjBgkqhkiG9w0BCQEWFmFpcmxvY2stZGV2ZWxAZXJnb24uY2gwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwLD++du1o+I0+080T1/VQ+PC5\nXR52b9kSMY3kAML0pG+JTXB61YssCa3jfG8cs+IVKK9gsu2s+SzB/AEJoQeG5De+\nO6p4z2vsGOTz2P9rIEA7fS5o2BKu2WRV+5RJa4w2WbQgNPolmnVvpUaZqc87y/YM\nI60ZBKCBd7GUTIw1KaldiyL8mi2OVjenTVo9dobnbXRpb4U3ziIHrPFrf/M4t7f7\nTeSGrqjRAd8rY2fu39jLweZAyZHzUkNoA/81tSQJ967WaP1I3YMdiUz9vqAImB6B\nzS33WST5MOi92YIUFL6rm3ITBF/X7tgYz2uhFNoFvMf3goRriGERkxB6ovSPAgMB\nAAGjggE0MIIBMDAJBgNVHRMEAjAAMDEGCWCGSAGG+EIBDQQkFiJTZWNsdXRpb25z\nIHRlc3RzdWl0ZUNBIGNlcnRpZmljYXRlMB0GA1UdDgQWBBSXq/aDOorEQmKEFAPx\nvpSP809RozCB0AYDVR0jBIHIMIHFgBRQPwWqPXrmjSsagxrpwlzLLXNvt6GBqaSB\npjCBozELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVy\naWNoMSIwIAYDVQQKExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQD\nExp0ZXN0c3VpdGVDQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVz\ndHN1aXRlQ0FAc2VjbHV0aW9ucy5jb22CAQAwDQYJKoZIhvcNAQEFBQADgYEAE+f1\n+0bs978AnmysqCGW50yJzb9HiYXkisGoZJaGvSrTp+V5bUC9/ZOyhchP06g56OJG\n87KsluBnVSYtdr8ktudk+bnKB26gtY5ZlLT0vTMX2ZgAVQvmCR6kDK77r+woKshW\ng+jN2LaaZGLXm9TZIhgEdzUn5HUB9lDtXUcgRgw=\n-----END CERTIFICATE-----\n",
"privateKey" : "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,C25730E419F3C597\n\n1hVqxCTfprR/RabWcYGf+ciWj/5mzW14eypJ1fEzaJlVHpuCluNQ7RUMzLl1kSkH\nn2BVCEhNmuqm+I3T88HaAeoKvprLdiMpUwTJlwkZNhaTN46QyqpgGWjIYMJ1/bgH\nsT30xDg9+FdhQnrQQnj2EYy8HeC4teu/bc7cO13ZHfdplDVW+wfhyWAsuj7rfuA0\n1XarTKQwEZvfSUOCpNM3+CkX4Syu6G0SFip4NBe7f8vJADEB1UWMSYRCFled9EmL\nPJo3aX1f3Ji8Mud+83h896mBku0XWPTZQieRRZqiiQtGqf40pmtdjDiC4zQoDxm7\niVmUW31iYL6ESUoVgTKRshC45XSnrGclIeG9GMrqSNFXqYpzPh30KwHkWXfR8EqN\nhi4bJ7L5O0w0NNQIBhO5sTXqHe3objxztZlx0zMgFSaK5mwEdum+0Kmv+DRjExlf\n1l6/kdhMiIjw+PHh6FP2URcx49DIM1cQir1wofWsD5BiTGFIL9jyo5oo16YFWoLx\nfKJjQDnH04SvVQKM5xtIfJP9gp1G7seMaE4SXiVZ9gtEuz0Ws8BJo6gdWeYudhcd\nML8sj/QpVqnNRGsPpQdwlugaB4+eLDsST/Z4dOTloNuXtzuGMs4jXNTJVlAT0lC/\nPn9H6TnX8ixCVYZmqJHvX5aLAV0AUZNYT/AncZj6KzOrCHf6HmUc0y1nYO8ZKu7J\n1nkRUvViqPol9s/5tn01Dg5iIGklJgLf0+vLpV2K1DlJL53WsB14Nqt/cZaOLuq1\n9GaOTDL/GpJwlqH85KI04gG2m+HOBKAUUs9vewFLSgjIRihdLbHYIl3VkAJlZSFu\nYMdutVbbF+hT/TJe9daFlT2w+d7XuTgK2Q37N1J4CbW3tdwQrj8RsK35/a/QVbs9\nRXj7fRqqwAivRmdHENqif8RUNmeMS7/cQtp1K71Kc89bM7TkBH/rE3Iw3QtnzMy4\n8XAtvVDtdS66uPuw9NvzhnaSRFUPOgZ1ywHWH1kcykHjiv/fqA62qqTVaslIvUvr\njXVvYd1BVF5dPZSKoRKOLPnrDacZqnbUkbl1pBHnkfnu3eLyFLmurcc1dhT1S+3F\nfH+6UrSWyKbanoQgUsr+rlTMwfbDX6aDDHPseqsSLk38uBIJ+v/G8oIRMpKjzOja\no7X2xL4mISrAfB3DNkVm+Qdf4uex/NYJhaaT8CrnYdOgERvSNtIPW2gsqUVPvdil\nnEwJ+au6quvBTUAw1zVU7746F5Rf/DWOhKOE/Hsndjuv/PqAVMGeV5K+laAj8huE\nTb6SvO+ZcHIBW4nDFN7e9avx8l4xI8+QWKLUAcsDzaXUv7AJFNCCq+37IGJqszhT\n4zDzNtnWXvk5LzqcrTmsyObg7PZiDhbr64EdVZnqAIMMV/Xu/L52h697a15NqoO5\nRTxMy30ANjb30V1nghGOsoBrNhw6EnifhVk3QxLsLsVL3EU2QZXGoC9ieR85pL4E\n9UVJ+Fgs8gGjYVe/lmhqj6XdoC5r5rOzDCtEO25WiFKVYAXaPuk3myRys+aQArXP\npUyFwsfmX46aEbwLF9VpURoDx08eRrqkuLzmVJcXrTMn9G0xQFWMZw==\n-----END RSA PRIVATE KEY-----\n",
"passphrase" : "invalid-password",
"certificateChain" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIEaTCCA9KgAwIBAgIBCTANBgkqhkiG9w0BAQUFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wIBcNMTIwOTEzMDkzMzE3WhgPMjA5NDExMDIwOTMzMTdaMIGSMQswCQYD\nVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxHDAaBgNV\nBAoTE0VyZ29uIEluZm9ybWF0aWsgQUcxHDAaBgNVBAMTE2FpcmxvY2suaG9zdC5k\nb21haW4xJTAjBgkqhkiG9w0BCQEWFmFpcmxvY2stZGV2ZWxAZXJnb24uY2gwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwLD++du1o+I0+080T1/VQ+PC5\nXR52b9kSMY3kAML0pG+JTXB61YssCa3jfG8cs+IVKK9gsu2s+SzB/AEJoQeG5De+\nO6p4z2vsGOTz2P9rIEA7fS5o2BKu2WRV+5RJa4w2WbQgNPolmnVvpUaZqc87y/YM\nI60ZBKCBd7GUTIw1KaldiyL8mi2OVjenTVo9dobnbXRpb4U3ziIHrPFrf/M4t7f7\nTeSGrqjRAd8rY2fu39jLweZAyZHzUkNoA/81tSQJ967WaP1I3YMdiUz9vqAImB6B\nzS33WST5MOi92YIUFL6rm3ITBF/X7tgYz2uhFNoFvMf3goRriGERkxB6ovSPAgMB\nAAGjggE0MIIBMDAJBgNVHRMEAjAAMDEGCWCGSAGG+EIBDQQkFiJTZWNsdXRpb25z\nIHRlc3RzdWl0ZUNBIGNlcnRpZmljYXRlMB0GA1UdDgQWBBSXq/aDOorEQmKEFAPx\nvpSP809RozCB0AYDVR0jBIHIMIHFgBRQPwWqPXrmjSsagxrpwlzLLXNvt6GBqaSB\npjCBozELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVy\naWNoMSIwIAYDVQQKExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQD\nExp0ZXN0c3VpdGVDQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVz\ndHN1aXRlQ0FAc2VjbHV0aW9ucy5jb22CAQAwDQYJKoZIhvcNAQEFBQADgYEAE+f1\n+0bs978AnmysqCGW50yJzb9HiYXkisGoZJaGvSrTp+V5bUC9/ZOyhchP06g56OJG\n87KsluBnVSYtdr8ktudk+bnKB26gtY5ZlLT0vTMX2ZgAVQvmCR6kDK77r+woKshW\ng+jN2LaaZGLXm9TZIhgEdzUn5HUB9lDtXUcgRgw=\n-----END CERTIFICATE-----\n" ],
"rootCaCertificate" : "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n",
"certType" : "SERVER_CERT"
}
}
}'
Example Response with wrong passphrase
HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 251
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:35.508Z",
"rid" : "n/a"
},
"errors" : [ {
"code" : "INVALID_VALUE",
"source" : {
"pointer" : "/data/attributes/passphrase"
}
} ]
}
Update a SSL Certificate
PATCH /configuration/ssl-certificates/{id}
Content-Type application/json
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "ssl-certificate" for this call. |
|
|
no |
Type of the certificate. Allowed values: |
|
|
no |
Certificate in PEM format. |
|
|
no |
List of all intermediate CA certificates in the server certificate’s CA chain in PEM format. |
|
|
no |
Passphrase in case of an encrypted private key (not persistent). |
|
|
no |
Private key for the certificate in PEM format (can be encrypted). |
|
|
no |
Root CA certificate in PEM format. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "ssl-certificate" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Type of the certificate. Allowed values: |
|
|
Certificate in PEM format. |
|
|
List of all intermediate CA certificates in the server certificate’s CA chain in PEM format. |
|
|
Private key for the certificate in PEM format (can be encrypted). |
|
|
Root CA certificate in PEM format. |
|
|
The virtual-host references. |
|
|
The data type of the referenced resource. Must be "virtual-host" for this call. |
|
|
The ID of the virtual-host resource. |
|
|
The node references. |
|
|
The data type of the referenced resource. Must be "node" for this call. |
|
|
The ID of the node resource. |
|
|
The remote-json-web-key-set references. |
|
|
The data type of the referenced resource. Must be "remote-json-web-key-set" for this call. |
|
|
The ID of the remote-json-web-key-set resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates/1" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "ssl-certificate",
"attributes" : {
"certificate" : "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n",
"privateKey" : "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,C5189547CFDBEC5B\n\nKUOALsIUb+GKVxTF1tBeZBGJucah8kWfbVr0LNhUz2MflaKV4AmwN2N+S2KPvqeP\nEg/SicmC8O/J2jcLhrLrXvaL9YWCFYHs27fFACHhbaFC7Xr6WKKAS3hMZQcS2pXc\niij76MPykwxj2aEg8XAn0KqQ+bbkrPhNZfzKCv6KSPM3VOKD7fSE8FHAC8i4cE6D\nnc616mlXMH6G2urB53y4GMlYutkhin5Q5lp3OzGEWs0vVzitmVQ4geRWs5Sg4ctm\nrmnuC0wuajjDvh0momdXNV5yKWIi/sqNrRUAN/hEgQo/LeOlRpDTYPZis+vmh6zz\nVJ0+YyslcKRDhKuz41yki9tss8OjAkJ/bqFpAYW8QfVIAbti5aXEDQwLRrar8NpZ\nYMjT9nKFtY2HAa3NRk6VI9xF1eupEqIdybP/qC71Qera/CZa6q7sEM9BMuQ2bJlE\nnW8Ugvdlk8Suk6XNMxqvCuXYdusgIy9Go6F1o6UrNf7legsa27QeQuX4TL5A37be\nSgZzC3WbMHRPa2FlsB7QIqBlkq/ZQlKmLKX595IxPqEvlNVp+pKo4/sStAAFVyVo\nOAxOEa56PLOJwrRAI66ufKJl/og9pW6qZhEprSIFOZ0GYEAho2qFO7kxF3RK4hqK\n5r32+qtgqbYU4CoMww0MlDj/3TSjNIPNSz5KMXu8cg570ppAQ1pYBL3NhJkKNKHx\nv9yhtszdDlACKok9rqp3LdTWgJI+Lw3H3SP5Xidzg0nOtvnS0LD/huE0thnfkuaB\nLTBSvdFR6sQFtNcxppwKC1X0PDoQuwiNB/J51LpnQ1D1ho/Zor6cRhKEaYACdb2Q\nS/UT6NRzbpS/P4GU06tN8msNaBaPAWWoUECJNX7Dyiq1mk3AzQUmJksGQIcoy1D4\nmAT24Vk/xztrL116R+OIhdNq42BME0w2RRaqcohPLqVa8HTGEsJf7prieov3hQbN\nXVmxG5ewnTj0ozsGY/NQGkdzwmjsThs1UoSAEIQCSDUAEa7UAoLq+Kud+JpaAUvh\n4LTU3T8x0J+HZEclyEqKLzFf3QVAiTR6afTwUAQFNdrjhb0LKgBlEBD1RxXAWikm\nv5/FBViWcaRAJpLKcGB4bWQbEHp5u9U5XyXZtbpwPnRJzFlhhBuxVV8aeCpyBqDs\nSdRo0QmAs/vxzkgVl0XKbm9zJM7D9ZJxa6Ko55uo0gNK8DEduS/F53tJiNFKb1lY\nBBjqugCtKexynS3N4cknJTkq9KFvE27s6FNqOYiOUh9GzTTz3+0Ye+OcyIcONlHd\n8KhijeJWTM7yt7A3ZAUQGFks9nJQONMRKVykzQyRCEbKoqUqf1DrZUcLD8H6TuMt\nR7j4v1KVvptaxBkDqvXhBaqgLc4ug/p2fsXNZ8VXiogskJtTLBzb5eo/s015E72H\nOHNJSiWgG2Yzd7QF1MVZvzpsdSi9/lvuTtzTx5U2P/v+inYIMWNT2DU03Z2X2j2a\n+jkI9aTnN46UNiCPE+FVx0j+Hd2n0hUaEYyy9dtMQ5gn/DYaTF+cuTMdGmLpL2+P\nigiIPf3LlAwUwd+l9iMrDFhDtOa8rQGi8way1gamV9tk0z6AHfFAoYTmA6M0JU0c\n-----END RSA PRIVATE KEY-----\n",
"passphrase" : "password",
"certificateChain" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n" ],
"rootCaCertificate" : "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n",
"certType" : "SERVER_CERT"
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 7765
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:48.978Z"
},
"data" : {
"type" : "ssl-certificate",
"id" : "1",
"attributes" : {
"certificate" : "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n",
"privateKey" : "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,C5189547CFDBEC5B\n\nKUOALsIUb+GKVxTF1tBeZBGJucah8kWfbVr0LNhUz2MflaKV4AmwN2N+S2KPvqeP\nEg/SicmC8O/J2jcLhrLrXvaL9YWCFYHs27fFACHhbaFC7Xr6WKKAS3hMZQcS2pXc\niij76MPykwxj2aEg8XAn0KqQ+bbkrPhNZfzKCv6KSPM3VOKD7fSE8FHAC8i4cE6D\nnc616mlXMH6G2urB53y4GMlYutkhin5Q5lp3OzGEWs0vVzitmVQ4geRWs5Sg4ctm\nrmnuC0wuajjDvh0momdXNV5yKWIi/sqNrRUAN/hEgQo/LeOlRpDTYPZis+vmh6zz\nVJ0+YyslcKRDhKuz41yki9tss8OjAkJ/bqFpAYW8QfVIAbti5aXEDQwLRrar8NpZ\nYMjT9nKFtY2HAa3NRk6VI9xF1eupEqIdybP/qC71Qera/CZa6q7sEM9BMuQ2bJlE\nnW8Ugvdlk8Suk6XNMxqvCuXYdusgIy9Go6F1o6UrNf7legsa27QeQuX4TL5A37be\nSgZzC3WbMHRPa2FlsB7QIqBlkq/ZQlKmLKX595IxPqEvlNVp+pKo4/sStAAFVyVo\nOAxOEa56PLOJwrRAI66ufKJl/og9pW6qZhEprSIFOZ0GYEAho2qFO7kxF3RK4hqK\n5r32+qtgqbYU4CoMww0MlDj/3TSjNIPNSz5KMXu8cg570ppAQ1pYBL3NhJkKNKHx\nv9yhtszdDlACKok9rqp3LdTWgJI+Lw3H3SP5Xidzg0nOtvnS0LD/huE0thnfkuaB\nLTBSvdFR6sQFtNcxppwKC1X0PDoQuwiNB/J51LpnQ1D1ho/Zor6cRhKEaYACdb2Q\nS/UT6NRzbpS/P4GU06tN8msNaBaPAWWoUECJNX7Dyiq1mk3AzQUmJksGQIcoy1D4\nmAT24Vk/xztrL116R+OIhdNq42BME0w2RRaqcohPLqVa8HTGEsJf7prieov3hQbN\nXVmxG5ewnTj0ozsGY/NQGkdzwmjsThs1UoSAEIQCSDUAEa7UAoLq+Kud+JpaAUvh\n4LTU3T8x0J+HZEclyEqKLzFf3QVAiTR6afTwUAQFNdrjhb0LKgBlEBD1RxXAWikm\nv5/FBViWcaRAJpLKcGB4bWQbEHp5u9U5XyXZtbpwPnRJzFlhhBuxVV8aeCpyBqDs\nSdRo0QmAs/vxzkgVl0XKbm9zJM7D9ZJxa6Ko55uo0gNK8DEduS/F53tJiNFKb1lY\nBBjqugCtKexynS3N4cknJTkq9KFvE27s6FNqOYiOUh9GzTTz3+0Ye+OcyIcONlHd\n8KhijeJWTM7yt7A3ZAUQGFks9nJQONMRKVykzQyRCEbKoqUqf1DrZUcLD8H6TuMt\nR7j4v1KVvptaxBkDqvXhBaqgLc4ug/p2fsXNZ8VXiogskJtTLBzb5eo/s015E72H\nOHNJSiWgG2Yzd7QF1MVZvzpsdSi9/lvuTtzTx5U2P/v+inYIMWNT2DU03Z2X2j2a\n+jkI9aTnN46UNiCPE+FVx0j+Hd2n0hUaEYyy9dtMQ5gn/DYaTF+cuTMdGmLpL2+P\nigiIPf3LlAwUwd+l9iMrDFhDtOa8rQGi8way1gamV9tk0z6AHfFAoYTmA6M0JU0c\n-----END RSA PRIVATE KEY-----\n",
"certificateChain" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n" ],
"rootCaCertificate" : "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n",
"certType" : "SERVER_CERT"
},
"relationships" : {
"virtual-hosts" : {
"data" : [ {
"type" : "virtual-host",
"id" : "1200"
}, {
"type" : "virtual-host",
"id" : "1300"
} ]
}
}
}
}
Example Request with wrong passphrase
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates/1" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "ssl-certificate",
"attributes" : {
"certificate" : "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n",
"privateKey" : "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,C5189547CFDBEC5B\n\nKUOALsIUb+GKVxTF1tBeZBGJucah8kWfbVr0LNhUz2MflaKV4AmwN2N+S2KPvqeP\nEg/SicmC8O/J2jcLhrLrXvaL9YWCFYHs27fFACHhbaFC7Xr6WKKAS3hMZQcS2pXc\niij76MPykwxj2aEg8XAn0KqQ+bbkrPhNZfzKCv6KSPM3VOKD7fSE8FHAC8i4cE6D\nnc616mlXMH6G2urB53y4GMlYutkhin5Q5lp3OzGEWs0vVzitmVQ4geRWs5Sg4ctm\nrmnuC0wuajjDvh0momdXNV5yKWIi/sqNrRUAN/hEgQo/LeOlRpDTYPZis+vmh6zz\nVJ0+YyslcKRDhKuz41yki9tss8OjAkJ/bqFpAYW8QfVIAbti5aXEDQwLRrar8NpZ\nYMjT9nKFtY2HAa3NRk6VI9xF1eupEqIdybP/qC71Qera/CZa6q7sEM9BMuQ2bJlE\nnW8Ugvdlk8Suk6XNMxqvCuXYdusgIy9Go6F1o6UrNf7legsa27QeQuX4TL5A37be\nSgZzC3WbMHRPa2FlsB7QIqBlkq/ZQlKmLKX595IxPqEvlNVp+pKo4/sStAAFVyVo\nOAxOEa56PLOJwrRAI66ufKJl/og9pW6qZhEprSIFOZ0GYEAho2qFO7kxF3RK4hqK\n5r32+qtgqbYU4CoMww0MlDj/3TSjNIPNSz5KMXu8cg570ppAQ1pYBL3NhJkKNKHx\nv9yhtszdDlACKok9rqp3LdTWgJI+Lw3H3SP5Xidzg0nOtvnS0LD/huE0thnfkuaB\nLTBSvdFR6sQFtNcxppwKC1X0PDoQuwiNB/J51LpnQ1D1ho/Zor6cRhKEaYACdb2Q\nS/UT6NRzbpS/P4GU06tN8msNaBaPAWWoUECJNX7Dyiq1mk3AzQUmJksGQIcoy1D4\nmAT24Vk/xztrL116R+OIhdNq42BME0w2RRaqcohPLqVa8HTGEsJf7prieov3hQbN\nXVmxG5ewnTj0ozsGY/NQGkdzwmjsThs1UoSAEIQCSDUAEa7UAoLq+Kud+JpaAUvh\n4LTU3T8x0J+HZEclyEqKLzFf3QVAiTR6afTwUAQFNdrjhb0LKgBlEBD1RxXAWikm\nv5/FBViWcaRAJpLKcGB4bWQbEHp5u9U5XyXZtbpwPnRJzFlhhBuxVV8aeCpyBqDs\nSdRo0QmAs/vxzkgVl0XKbm9zJM7D9ZJxa6Ko55uo0gNK8DEduS/F53tJiNFKb1lY\nBBjqugCtKexynS3N4cknJTkq9KFvE27s6FNqOYiOUh9GzTTz3+0Ye+OcyIcONlHd\n8KhijeJWTM7yt7A3ZAUQGFks9nJQONMRKVykzQyRCEbKoqUqf1DrZUcLD8H6TuMt\nR7j4v1KVvptaxBkDqvXhBaqgLc4ug/p2fsXNZ8VXiogskJtTLBzb5eo/s015E72H\nOHNJSiWgG2Yzd7QF1MVZvzpsdSi9/lvuTtzTx5U2P/v+inYIMWNT2DU03Z2X2j2a\n+jkI9aTnN46UNiCPE+FVx0j+Hd2n0hUaEYyy9dtMQ5gn/DYaTF+cuTMdGmLpL2+P\nigiIPf3LlAwUwd+l9iMrDFhDtOa8rQGi8way1gamV9tk0z6AHfFAoYTmA6M0JU0c\n-----END RSA PRIVATE KEY-----\n",
"passphrase" : "invalid-password",
"certificateChain" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n" ],
"rootCaCertificate" : "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n",
"certType" : "SERVER_CERT"
}
}
}'
Example Response with wrong passphrase
HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 251
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:37.594Z",
"rid" : "n/a"
},
"errors" : [ {
"code" : "INVALID_VALUE",
"source" : {
"pointer" : "/data/attributes/passphrase"
}
} ]
}
Delete a SSL Certificate
DELETE /configuration/ssl-certificates/{id}
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates/1" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Add Virtual Host Connections
PATCH /configuration/ssl-certificates/{id}/relationships/virtual-hosts
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "virtual-host" for this call. |
|
|
yes |
The ID of the referenced "virtual-host" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates/1/relationships/virtual-hosts" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "virtual-host",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Virtual Host Connections
DELETE /configuration/ssl-certificates/{id}/relationships/virtual-hosts
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "virtual-host" for this call. |
|
|
yes |
The ID of the referenced "virtual-host" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates/1/relationships/virtual-hosts" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "virtual-host",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Add Back-End Group Connection
PATCH /configuration/ssl-certificates/{id}/relationships/back-end-groups
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "back-end-group" for this call. |
|
|
yes |
The ID of the referenced "back-end-group" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates/1/relationships/back-end-groups" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "back-end-group",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Back-End Group Connections
DELETE /configuration/ssl-certificates/{id}/relationships/back-end-groups
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "back-end-group" for this call. |
|
|
yes |
The ID of the referenced "back-end-group" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates/1/relationships/back-end-groups" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "back-end-group",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Add Remote JWKS Connection
PATCH /configuration/ssl-certificates/{id}/relationships/json-web-key-sets/remotes
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "remote-json-web-key-set" for this call. |
|
|
yes |
The ID of the referenced "remote-json-web-key-set" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates/1/relationships/json-web-key-sets/remotes" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "remote-json-web-key-set",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Remote JWKS Connections
PATCH /configuration/ssl-certificates/{id}/relationships/json-web-key-sets/remotes
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "remote-json-web-key-set" for this call. |
|
|
yes |
The ID of the referenced "remote-json-web-key-set" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates/1/relationships/json-web-key-sets/remotes" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "remote-json-web-key-set",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Add Node Connections
PATCH /configuration/ssl-certificates/{id}/relationships/nodes
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "node" for this call. |
|
|
yes |
The ID of the referenced "node" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates/1/relationships/nodes" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "node",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Node Connections
DELETE /configuration/ssl-certificates/{id}/relationships/nodes
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "node" for this call. |
|
|
yes |
The ID of the referenced "node" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ssl-certificates/1/relationships/nodes" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "node",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
ACME Service
Access all ACME Services
GET /configuration/acme-services
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "acme-service" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Expert settings for ACME service. |
|
|
Expert settings for the Apache web listener. |
|
|
Whether the Apache expert settings are enabled. |
|
|
Expert settings for the Apache web listener. |
|
|
External account binding settings. |
|
|
Whether the external account binding is enabled. |
|
|
External account binding HMAC to use at CA. |
|
|
External account binding key ID to use at CA. |
|
|
The name identifying the ACME service. |
|
|
Minimum remaining validity of the certificate. If the validity of the certificate falls below duration, the certificate will be renewed. |
|
|
The URL of the ACME service. |
|
|
The virtual-host references. |
|
|
The data type of the referenced resource. Must be "virtual-host" for this call. |
|
|
The ID of the virtual-host resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/acme-services" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 637
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:31:50.708Z"
},
"data" : [ {
"type" : "acme-service",
"id" : "1",
"attributes" : {
"name" : "myOtherAcmeService",
"url" : "https://acme.com/myOtherAcmeService",
"renewWindow" : "99%",
"externalAccountBinding" : {
"enabled" : true,
"keyId" : "my-key-id",
"hmac" : "63a4fdbdb401a84130ceca05677861dbbb4cf9f1a3ce3a5718180b9757f2e9d3"
},
"expertSettings" : {
"apache" : {
"enabled" : true,
"settings" : "MDExpert yes"
}
}
}
} ]
}
Access an ACME Service
GET /configuration/acme-services/{id}
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "acme-service" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Expert settings for ACME service. |
|
|
Expert settings for the Apache web listener. |
|
|
Whether the Apache expert settings are enabled. |
|
|
Expert settings for the Apache web listener. |
|
|
External account binding settings. |
|
|
Whether the external account binding is enabled. |
|
|
External account binding HMAC to use at CA. |
|
|
External account binding key ID to use at CA. |
|
|
The name identifying the ACME service. |
|
|
Minimum remaining validity of the certificate. If the validity of the certificate falls below duration, the certificate will be renewed. |
|
|
The URL of the ACME service. |
|
|
The virtual-host references. |
|
|
The data type of the referenced resource. Must be "virtual-host" for this call. |
|
|
The ID of the virtual-host resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/acme-services/2" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 778
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:31:49.871Z"
},
"data" : {
"type" : "acme-service",
"id" : "2",
"attributes" : {
"name" : "myAcmeService",
"url" : "https://acme.com/myAcmeService",
"renewWindow" : "99%",
"externalAccountBinding" : {
"enabled" : true,
"keyId" : "my-key-id",
"hmac" : "63a4fdbdb401a84130ceca05677861dbbb4cf9f1a3ce3a5718180b9757f2e9d3"
},
"expertSettings" : {
"apache" : {
"enabled" : true,
"settings" : "MDExpert yes"
}
}
},
"relationships" : {
"virtual-hosts" : {
"data" : [ {
"type" : "virtual-host",
"id" : "10"
} ]
}
}
}
}
Create an ACME Service
POST /configuration/acme-services
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "acme-service" for this call. |
|
|
yes |
Expert settings for ACME service. |
|
|
yes |
Expert settings for the Apache web listener. |
|
|
yes |
Whether the Apache expert settings are enabled. |
|
|
yes |
Expert settings for the Apache web listener. |
|
|
yes |
External account binding settings. |
|
|
yes |
Whether the external account binding is enabled. |
|
|
yes |
External account binding HMAC to use at CA. |
|
|
yes |
External account binding key ID to use at CA. |
|
|
yes |
The name identifying the ACME service. |
|
|
yes |
Minimum remaining validity of the certificate. If the validity of the certificate falls below duration, the certificate will be renewed. |
|
|
yes |
The URL of the ACME service. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "acme-service" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Expert settings for ACME service. |
|
|
Expert settings for the Apache web listener. |
|
|
Whether the Apache expert settings are enabled. |
|
|
Expert settings for the Apache web listener. |
|
|
External account binding settings. |
|
|
Whether the external account binding is enabled. |
|
|
External account binding HMAC to use at CA. |
|
|
External account binding key ID to use at CA. |
|
|
The name identifying the ACME service. |
|
|
Minimum remaining validity of the certificate. If the validity of the certificate falls below duration, the certificate will be renewed. |
|
|
The URL of the ACME service. |
|
|
The virtual-host references. |
|
|
The data type of the referenced resource. Must be "virtual-host" for this call. |
|
|
The ID of the virtual-host resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/acme-services" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "acme-service",
"attributes" : {
"name" : "my-acme-service",
"url" : "https://acme.com/myservice",
"renewWindow" : "42%",
"externalAccountBinding" : {
"enabled" : true,
"keyId" : "dev-key",
"hmac" : "5718163a4fdbdb401a84130ceca05677861dbbb4cf9f1a3ce3a57181"
},
"expertSettings" : {
"apache" : {
"enabled" : true,
"settings" : "MDExpert yes"
}
}
}
}
}'
Example Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 611
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:31:50.529Z"
},
"data" : {
"type" : "acme-service",
"id" : "3",
"attributes" : {
"name" : "my-acme-service",
"url" : "https://acme.com/myservice",
"renewWindow" : "42%",
"externalAccountBinding" : {
"enabled" : true,
"keyId" : "dev-key",
"hmac" : "5718163a4fdbdb401a84130ceca05677861dbbb4cf9f1a3ce3a57181"
},
"expertSettings" : {
"apache" : {
"enabled" : true,
"settings" : "MDExpert yes"
}
}
}
}
}
Update an ACME Service
PATCH /configuration/acme-services/{id}
Content-Type application/json
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "acme-service" for this call. |
|
|
yes |
The ID of the resource to be addressed. |
|
|
no |
Expert settings for ACME service. |
|
|
no |
Expert settings for the Apache web listener. |
|
|
no |
Whether the Apache expert settings are enabled. |
|
|
no |
Expert settings for the Apache web listener. |
|
|
no |
External account binding settings. |
|
|
no |
Whether the external account binding is enabled. |
|
|
no |
External account binding HMAC to use at CA. |
|
|
no |
External account binding key ID to use at CA. |
|
|
no |
The name identifying the ACME service. |
|
|
no |
Minimum remaining validity of the certificate. If the validity of the certificate falls below duration, the certificate will be renewed. |
|
|
no |
The URL of the ACME service. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "acme-service" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Expert settings for ACME service. |
|
|
Expert settings for the Apache web listener. |
|
|
Whether the Apache expert settings are enabled. |
|
|
Expert settings for the Apache web listener. |
|
|
External account binding settings. |
|
|
Whether the external account binding is enabled. |
|
|
External account binding HMAC to use at CA. |
|
|
External account binding key ID to use at CA. |
|
|
The name identifying the ACME service. |
|
|
Minimum remaining validity of the certificate. If the validity of the certificate falls below duration, the certificate will be renewed. |
|
|
The URL of the ACME service. |
|
|
The virtual-host references. |
|
|
The data type of the referenced resource. Must be "virtual-host" for this call. |
|
|
The ID of the virtual-host resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/acme-services/1" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "acme-service",
"id" : "1",
"attributes" : {
"name" : "myAcmeService",
"url" : "https://acme.com/myservice",
"renewWindow" : "42%",
"externalAccountBinding" : {
"enabled" : true,
"keyId" : "dev-key",
"hmac" : "5718163a4fdbdb401a84130ceca05677861dbbb4cf9f1a3ce3a57181"
},
"expertSettings" : {
"apache" : {
"enabled" : true,
"settings" : "MDExpert yes"
}
}
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 609
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:31:50.757Z"
},
"data" : {
"type" : "acme-service",
"id" : "1",
"attributes" : {
"name" : "myAcmeService",
"url" : "https://acme.com/myservice",
"renewWindow" : "42%",
"externalAccountBinding" : {
"enabled" : true,
"keyId" : "dev-key",
"hmac" : "5718163a4fdbdb401a84130ceca05677861dbbb4cf9f1a3ce3a57181"
},
"expertSettings" : {
"apache" : {
"enabled" : true,
"settings" : "MDExpert yes"
}
}
}
}
}
Delete an ACME Service
DELETE /configuration/acme-services/{id}
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/acme-services/1" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Add Virtual Host Connections
PATCH /configuration/acme-services/{id}/relationships/virtual-hosts
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "virtual-host" for this call. |
|
|
yes |
The ID of the referenced "virtual-host" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/acme-services/1/relationships/virtual-hosts" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "virtual-host",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Virtual Host Connections
DELETE /configuration/acme-services/{id}/relationships/virtual-hosts
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "virtual-host" for this call. |
|
|
yes |
The ID of the referenced "virtual-host" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/acme-services/1/relationships/virtual-hosts" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "virtual-host",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Local JSON Web Key Sets
Access all Local JSON Web Key Sets
GET /configuration/json-web-key-sets/locals
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "local-json-web-key-set" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
The Json Web Key Set. |
|
|
An issuer to bind the JWKS to. |
|
|
The unique name of the local JWKS provider. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/locals" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2121
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:45.829Z"
},
"data" : [ {
"type" : "local-json-web-key-set",
"id" : "1",
"attributes" : {
"name" : "a local JWKS",
"content" : "{\n\"keys\": [\n {\n \"alg\": \"RS256\",\n \"kty\": \"RSA\",\n \"use\": \"sig\",\n \"x5c\": [\n \"MIIC+DCCAeCgAwIBAgIJBIGjYW6hFpn2MA0GCSqGSIb3DQEBBQUAMCMxITAfBgNVBAMTGGN1c3RvbWVyLWRlbW9zLmF1dGgwLmNvbTAeFw0xNjExMjIyMjIyMDVaFw0zMDA4MDEyMjIyMDVaMCMxITAfBgNVBAMTGGN1c3RvbWVyLWRlbW9zLmF1dGgwLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMnjZc5bm/eGIHq09N9HKHahM7Y31P0ul+A2wwP4lSpIwFrWHzxw88/7Dwk9QMc+orGXX95R6av4GF+Es/nG3uK45ooMVMa/hYCh0Mtx3gnSuoTavQEkLzCvSwTqVwzZ+5noukWVqJuMKNwjL77GNcPLY7Xy2/skMCT5bR8UoWaufooQvYq6SyPcRAU4BtdquZRiBT4U5f+4pwNTxSvey7ki50yc1tG49Per/0zA4O6Tlpv8x7Red6m1bCNHt7+Z5nSl3RX/QYyAEUX1a28VcYmR41Osy+o2OUCXYdUAphDaHo4/8rbKTJhlu8jEcc1KoMXAKjgaVZtG/v5ltx6AXY0CAwEAAaMvMC0wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUQxFG602h1cG+pnyvJoy9pGJJoCswDQYJKoZIhvcNAQEFBQADggEBAGvtCbzGNBUJPLICth3mLsX0Z4z8T8iu4tyoiuAshP/Ry/ZBnFnXmhD8vwgMZ2lTgUWwlrvlgN+fAtYKnwFO2G3BOCFw96Nm8So9sjTda9CCZ3dhoH57F/hVMBB0K6xhklAc0b5ZxUpCIN92v/w+xZoz1XQBHe8ZbRHaP1HpRM4M7DJk2G5cgUCyu3UBvYS41sHvzrxQ3z7vIePRA4WF4bEkfX12gvny0RsPkrbVMXX1Rj9t6V7QXrbPYBAO+43JvDGYawxYVvLhz+BJ45x50GFQmHszfY3BR9TPK8xmMmQwtIvLu1PMttNCs7niCYkSiUv2sc2mlq1i3IashGkkgmo=\"\n ],\n \"n\": \"yeNlzlub94YgerT030codqEztjfU_S6X4DbDA_iVKkjAWtYfPHDzz_sPCT1Axz6isZdf3lHpq_gYX4Sz-cbe4rjmigxUxr-FgKHQy3HeCdK6hNq9ASQvMK9LBOpXDNn7mei6RZWom4wo3CMvvsY1w8tjtfLb-yQwJPltHxShZq5-ihC9irpLI9xEBTgG12q5lGIFPhTl_7inA1PFK97LuSLnTJzW0bj096v_TMDg7pOWm_zHtF53qbVsI0e3v5nmdKXdFf9BjIARRfVrbxVxiZHjU6zL6jY5QJdh1QCmENoejj_ytspMmGW7yMRxzUqgxcAqOBpVm0b-_mW3HoBdjQ\",\n \"e\": \"AQAB\",\n \"kid\": \"NjVBRjY5MDlCMUIwNzU4RTA2QzZFMDQ4QzQ2MDAyQjVDNjk1RTM2Qg\",\n \"x5t\": \"NjVBRjY5MDlCMUIwNzU4RTA2QzZFMDQ4QzQ2MDAyQjVDNjk1RTM2Qg\"\n }\n]}",
"issuer" : "myIssuer"
},
"relationships" : {
"mappings" : {
"data" : [ {
"type" : "mapping",
"id" : "30"
} ]
}
}
} ]
}
Access a Local JSON Web Key Set
GET /configuration/json-web-key-sets/locals/{id}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "local-json-web-key-set" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
The Json Web Key Set. |
|
|
An issuer to bind the JWKS to. |
|
|
The unique name of the local JWKS provider. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/locals/1" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2117
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:45.752Z"
},
"data" : {
"type" : "local-json-web-key-set",
"id" : "1",
"attributes" : {
"name" : "a local JWKS",
"content" : "{\n\"keys\": [\n {\n \"alg\": \"RS256\",\n \"kty\": \"RSA\",\n \"use\": \"sig\",\n \"x5c\": [\n \"MIIC+DCCAeCgAwIBAgIJBIGjYW6hFpn2MA0GCSqGSIb3DQEBBQUAMCMxITAfBgNVBAMTGGN1c3RvbWVyLWRlbW9zLmF1dGgwLmNvbTAeFw0xNjExMjIyMjIyMDVaFw0zMDA4MDEyMjIyMDVaMCMxITAfBgNVBAMTGGN1c3RvbWVyLWRlbW9zLmF1dGgwLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMnjZc5bm/eGIHq09N9HKHahM7Y31P0ul+A2wwP4lSpIwFrWHzxw88/7Dwk9QMc+orGXX95R6av4GF+Es/nG3uK45ooMVMa/hYCh0Mtx3gnSuoTavQEkLzCvSwTqVwzZ+5noukWVqJuMKNwjL77GNcPLY7Xy2/skMCT5bR8UoWaufooQvYq6SyPcRAU4BtdquZRiBT4U5f+4pwNTxSvey7ki50yc1tG49Per/0zA4O6Tlpv8x7Red6m1bCNHt7+Z5nSl3RX/QYyAEUX1a28VcYmR41Osy+o2OUCXYdUAphDaHo4/8rbKTJhlu8jEcc1KoMXAKjgaVZtG/v5ltx6AXY0CAwEAAaMvMC0wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUQxFG602h1cG+pnyvJoy9pGJJoCswDQYJKoZIhvcNAQEFBQADggEBAGvtCbzGNBUJPLICth3mLsX0Z4z8T8iu4tyoiuAshP/Ry/ZBnFnXmhD8vwgMZ2lTgUWwlrvlgN+fAtYKnwFO2G3BOCFw96Nm8So9sjTda9CCZ3dhoH57F/hVMBB0K6xhklAc0b5ZxUpCIN92v/w+xZoz1XQBHe8ZbRHaP1HpRM4M7DJk2G5cgUCyu3UBvYS41sHvzrxQ3z7vIePRA4WF4bEkfX12gvny0RsPkrbVMXX1Rj9t6V7QXrbPYBAO+43JvDGYawxYVvLhz+BJ45x50GFQmHszfY3BR9TPK8xmMmQwtIvLu1PMttNCs7niCYkSiUv2sc2mlq1i3IashGkkgmo=\"\n ],\n \"n\": \"yeNlzlub94YgerT030codqEztjfU_S6X4DbDA_iVKkjAWtYfPHDzz_sPCT1Axz6isZdf3lHpq_gYX4Sz-cbe4rjmigxUxr-FgKHQy3HeCdK6hNq9ASQvMK9LBOpXDNn7mei6RZWom4wo3CMvvsY1w8tjtfLb-yQwJPltHxShZq5-ihC9irpLI9xEBTgG12q5lGIFPhTl_7inA1PFK97LuSLnTJzW0bj096v_TMDg7pOWm_zHtF53qbVsI0e3v5nmdKXdFf9BjIARRfVrbxVxiZHjU6zL6jY5QJdh1QCmENoejj_ytspMmGW7yMRxzUqgxcAqOBpVm0b-_mW3HoBdjQ\",\n \"e\": \"AQAB\",\n \"kid\": \"NjVBRjY5MDlCMUIwNzU4RTA2QzZFMDQ4QzQ2MDAyQjVDNjk1RTM2Qg\",\n \"x5t\": \"NjVBRjY5MDlCMUIwNzU4RTA2QzZFMDQ4QzQ2MDAyQjVDNjk1RTM2Qg\"\n }\n]}",
"issuer" : "myIssuer"
},
"relationships" : {
"mappings" : {
"data" : [ {
"type" : "mapping",
"id" : "30"
} ]
}
}
}
}
Create a Local JSON Web Key Set
POST /configuration/json-web-key-sets/locals
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "local-json-web-key-set" for this call. |
|
|
yes |
The Json Web Key Set. |
|
|
yes |
An issuer to bind the JWKS to. |
|
|
yes |
The unique name of the local JWKS provider. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "local-json-web-key-set" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
The Json Web Key Set. |
|
|
An issuer to bind the JWKS to. |
|
|
The unique name of the local JWKS provider. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/locals" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "local-json-web-key-set",
"attributes" : {
"name" : "a local JWKS",
"content" : "{\"keys\":\n [\n {\"kty\":\"oct\",\n \"alg\":\"A128KW\",\n \"k\":\"GawgguFyGrWKav7AX4VKUg\"},\n {\"kty\":\"oct\",\n \"k\":\"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow\",\n \"kid\":\"HMAC key used in JWS spec Appendix A.1 example\"}\n ]\n }",
"issuer" : "myissuer"
}
}
}'
Example Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 639
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:45.798Z"
},
"data" : {
"type" : "local-json-web-key-set",
"id" : "3",
"attributes" : {
"name" : "a local JWKS",
"content" : "{\"keys\":\n [\n {\"kty\":\"oct\",\n \"alg\":\"A128KW\",\n \"k\":\"GawgguFyGrWKav7AX4VKUg\"},\n {\"kty\":\"oct\",\n \"k\":\"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow\",\n \"kid\":\"HMAC key used in JWS spec Appendix A.1 example\"}\n ]\n }",
"issuer" : "myissuer"
}
}
}
Update a Local JSON Web Key Set
PATCH /configuration/json-web-key-sets/locals/{id}
Content-Type application/json
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "local-json-web-key-set" for this call. |
|
|
yes |
The ID of the resource to be addressed. |
|
|
no |
The Json Web Key Set. |
|
|
no |
An issuer to bind the JWKS to. |
|
|
no |
The unique name of the local JWKS provider. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "local-json-web-key-set" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
The Json Web Key Set. |
|
|
An issuer to bind the JWKS to. |
|
|
The unique name of the local JWKS provider. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/locals/1" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "local-json-web-key-set",
"id" : "1",
"attributes" : {
"name" : "a local JWKS",
"content" : "{\"keys\":\n [\n {\"kty\":\"oct\",\n \"alg\":\"A128KW\",\n \"k\":\"GawgguFyGrWKav7AX4VKUg\"},\n {\"kty\":\"oct\",\n \"k\":\"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow\",\n \"kid\":\"HMAC key used in JWS spec Appendix A.1 example\"}\n ]\n }",
"issuer" : "myissuer"
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 784
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:45.846Z"
},
"data" : {
"type" : "local-json-web-key-set",
"id" : "1",
"attributes" : {
"name" : "a local JWKS",
"content" : "{\"keys\":\n [\n {\"kty\":\"oct\",\n \"alg\":\"A128KW\",\n \"k\":\"GawgguFyGrWKav7AX4VKUg\"},\n {\"kty\":\"oct\",\n \"k\":\"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow\",\n \"kid\":\"HMAC key used in JWS spec Appendix A.1 example\"}\n ]\n }",
"issuer" : "myissuer"
},
"relationships" : {
"mappings" : {
"data" : [ {
"type" : "mapping",
"id" : "30"
} ]
}
}
}
}
Delete a Local JSON Web Key Set
DELETE /configuration/json-web-key-sets/locals/{id}
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/locals/1" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Add Mapping Connections
PATCH /configuration/json-web-key-sets/locals/{id}/relationships/mappings
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
yes |
The ID of the referenced "mapping" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/locals/1/relationships/mappings" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "mapping",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Mapping Connections
DELETE /configuration/json-web-key-sets/locals/{id}/relationships/mappings
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
yes |
The ID of the referenced "mapping" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/locals/1/relationships/mappings" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "mapping",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remote JSON Web Key Sets
Access all Remote JSON Web Key Sets
GET /configuration/json-web-key-sets/remotes
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "remote-json-web-key-set" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
An issuer to bind the JWKS to. |
|
|
The unique name of the remote JWKS provider. |
|
|
The URL of the service provider. |
|
|
Back-end SSL cipher list. For documentation, visit www.openssl.org and search for 'ciphers'. |
|
|
Whether back-end SSL sessions shall be resumed or not. |
|
|
Back-end SSL protocol version. Allowed values: |
|
|
List of Certificate Authorities which are used to verify the server certificate of the back-end hosts. |
|
|
Indicates if the server certificate will be verified. |
|
|
Whether the server name is verified against the common name (CN) of the server certificate. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/remotes" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 745
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:18.441Z"
},
"data" : [ {
"type" : "remote-json-web-key-set",
"id" : "1",
"attributes" : {
"name" : "a remote JWKS",
"serviceUrl" : "https://example.com/jwks.json",
"issuer" : "myIssuer",
"tls" : {
"protocol" : "TLSv1_3",
"cipherSuite" : "AES_256_CBC",
"forceNewSession" : true,
"serverCertificateValidation" : {
"enabled" : true,
"verifyHost" : true,
"caCertificates" : [ ]
}
}
},
"relationships" : {
"mappings" : {
"data" : [ {
"type" : "mapping",
"id" : "30"
} ]
}
}
} ]
}
Access a Remote JSON Web Key Set
GET /configuration/json-web-key-sets/remotes/{id}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "remote-json-web-key-set" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
An issuer to bind the JWKS to. |
|
|
The unique name of the remote JWKS provider. |
|
|
The URL of the service provider. |
|
|
Back-end SSL cipher list. For documentation, visit www.openssl.org and search for 'ciphers'. |
|
|
Whether back-end SSL sessions shall be resumed or not. |
|
|
Back-end SSL protocol version. Allowed values: |
|
|
List of Certificate Authorities which are used to verify the server certificate of the back-end hosts. |
|
|
Indicates if the server certificate will be verified. |
|
|
Whether the server name is verified against the common name (CN) of the server certificate. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/remotes/1" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 741
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:17.812Z"
},
"data" : {
"type" : "remote-json-web-key-set",
"id" : "1",
"attributes" : {
"name" : "a remote JWKS",
"serviceUrl" : "https://example.com/jwks.json",
"issuer" : "myIssuer",
"tls" : {
"protocol" : "TLSv1_3",
"cipherSuite" : "AES_256_CBC",
"forceNewSession" : true,
"serverCertificateValidation" : {
"enabled" : true,
"verifyHost" : true,
"caCertificates" : [ ]
}
}
},
"relationships" : {
"mappings" : {
"data" : [ {
"type" : "mapping",
"id" : "30"
} ]
}
}
}
}
Create a Remote JSON Web Key Set
POST /configuration/json-web-key-sets/remotes
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "remote-json-web-key-set" for this call. |
|
|
yes |
An issuer to bind the JWKS to. |
|
|
yes |
The unique name of the remote JWKS provider. |
|
|
yes |
The URL of the service provider. |
|
|
no |
Back-end SSL cipher list. For documentation, visit www.openssl.org and search for 'ciphers'. Default value: |
|
|
no |
Whether back-end SSL sessions shall be resumed or not. Default value: |
|
|
no |
Back-end SSL protocol version. Allowed values: |
|
|
yes |
List of Certificate Authorities which are used to verify the server certificate of the back-end hosts. |
|
|
no |
Indicates if the server certificate will be verified. Default value: |
|
|
no |
Whether the server name is verified against the common name (CN) of the server certificate. Default value: |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "remote-json-web-key-set" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
An issuer to bind the JWKS to. |
|
|
The unique name of the remote JWKS provider. |
|
|
The URL of the service provider. |
|
|
Back-end SSL cipher list. For documentation, visit www.openssl.org and search for 'ciphers'. |
|
|
Whether back-end SSL sessions shall be resumed or not. |
|
|
Back-end SSL protocol version. Allowed values: |
|
|
List of Certificate Authorities which are used to verify the server certificate of the back-end hosts. |
|
|
Indicates if the server certificate will be verified. |
|
|
Whether the server name is verified against the common name (CN) of the server certificate. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/remotes" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "remote-json-web-key-set",
"attributes" : {
"name" : "a remote JWKS",
"serviceUrl" : "https://airlock.com/jwks-example.json",
"issuer" : "myissuer",
"tls" : {
"protocol" : "TLSv1_3",
"cipherSuite" : "myCipher",
"forceNewSession" : true,
"serverCertificateValidation" : {
"enabled" : true,
"verifyHost" : true,
"caCertificates" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n" ]
}
}
}
}
}'
Example Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 3308
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:18.411Z"
},
"data" : {
"type" : "remote-json-web-key-set",
"id" : "3",
"attributes" : {
"name" : "a remote JWKS",
"serviceUrl" : "https://airlock.com/jwks-example.json",
"issuer" : "myissuer",
"tls" : {
"protocol" : "TLSv1_3",
"cipherSuite" : "myCipher",
"forceNewSession" : true,
"serverCertificateValidation" : {
"enabled" : true,
"verifyHost" : true,
"caCertificates" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n" ]
}
}
}
}
}
Update a Remote JSON Web Key Set
PATCH /configuration/json-web-key-sets/remotes/{id}
Content-Type application/json
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "remote-json-web-key-set" for this call. |
|
|
yes |
The ID of the resource to be addressed. |
|
|
no |
An issuer to bind the JWKS to. |
|
|
no |
The unique name of the remote JWKS provider. |
|
|
no |
The URL of the service provider. |
|
|
no |
Back-end SSL cipher list. For documentation, visit www.openssl.org and search for 'ciphers'. |
|
|
no |
Whether back-end SSL sessions shall be resumed or not. |
|
|
no |
Back-end SSL protocol version. Allowed values: |
|
|
no |
List of Certificate Authorities which are used to verify the server certificate of the back-end hosts. |
|
|
no |
Indicates if the server certificate will be verified. |
|
|
no |
Whether the server name is verified against the common name (CN) of the server certificate. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "remote-json-web-key-set" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
An issuer to bind the JWKS to. |
|
|
The unique name of the remote JWKS provider. |
|
|
The URL of the service provider. |
|
|
Back-end SSL cipher list. For documentation, visit www.openssl.org and search for 'ciphers'. |
|
|
Whether back-end SSL sessions shall be resumed or not. |
|
|
Back-end SSL protocol version. Allowed values: |
|
|
List of Certificate Authorities which are used to verify the server certificate of the back-end hosts. |
|
|
Indicates if the server certificate will be verified. |
|
|
Whether the server name is verified against the common name (CN) of the server certificate. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/remotes/1" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "remote-json-web-key-set",
"id" : "1",
"attributes" : {
"name" : "a remote JWKS",
"serviceUrl" : "https://airlock.com/jwks-example.json",
"issuer" : "myissuer",
"tls" : {
"protocol" : "TLSv1_3",
"cipherSuite" : "myCipher",
"forceNewSession" : true,
"serverCertificateValidation" : {
"enabled" : true,
"verifyHost" : true,
"caCertificates" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n" ]
}
}
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 3453
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:18.634Z"
},
"data" : {
"type" : "remote-json-web-key-set",
"id" : "1",
"attributes" : {
"name" : "a remote JWKS",
"serviceUrl" : "https://airlock.com/jwks-example.json",
"issuer" : "myissuer",
"tls" : {
"protocol" : "TLSv1_3",
"cipherSuite" : "myCipher",
"forceNewSession" : true,
"serverCertificateValidation" : {
"enabled" : true,
"verifyHost" : true,
"caCertificates" : [ "-----BEGIN CERTIFICATE-----\nMIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0gx\nDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQKExl0ZXN0\nc3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVDQS5zZWNs\ndXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2VjbHV0aW9u\ncy5jb20wHhcNMDMxMDE2MTE0NDM4WhcNNDkxMDI5MDUxNjIyWjCBozELMAkGA1UE\nBhMCQ0gxDzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMSIwIAYDVQQK\nExl0ZXN0c3VpdGUgQ0EgKGJ5IHNsdC5jb20pMSMwIQYDVQQDExp0ZXN0c3VpdGVD\nQS5zZWNsdXRpb25zLmNvbTEpMCcGCSqGSIb3DQEJARYadGVzdHN1aXRlQ0FAc2Vj\nbHV0aW9ucy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkkf37eiLbL\nspQKmLa3cb60m3IPJ6MvCl9Q8EFJH4WtcxaB4/HOOwCW7K61ZnrHWiJLNZ8+gLXf\n1fkJHWnlzvqlwjLlCXUqyvOdr5ZJU2KgRKd1dKSYKsLAvCES7K5OB9bJDJ4qbwKb\nwT+vZKe5Kx2jmF8yvQj2/U57Su8CWfBBAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU\nUD8Fqj165o0rGoMa6cJcyy1zb7cwgdAGA1UdIwSByDCBxYAUUD8Fqj165o0rGoMa\n6cJcyy1zb7ehgamkgaYwgaMxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZadXJpY2gx\nDzANBgNVBAcTBlp1cmljaDEiMCAGA1UEChMZdGVzdHN1aXRlIENBIChieSBzbHQu\nY29tKTEjMCEGA1UEAxMadGVzdHN1aXRlQ0Euc2VjbHV0aW9ucy5jb20xKTAnBgkq\nhkiG9w0BCQEWGnRlc3RzdWl0ZUNBQHNlY2x1dGlvbnMuY29tggEAMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAFIoboAodI/tag5RBOnmm1sTE0piLE5NI\n59v9aHFTihl+N0Mwgtq5Mz+FZleuh/kPflRBhB1CT4KvYTvwC0AqWd/X7PDC3AH+\nHkWRhgqWm8ITQckIcfIVrwqaElJIhxB7raI3Bzxu2ByV0XXyOZXy6nM0+/EC32nN\nkD1kLHTbrs4=\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIDizCCAnOgAwIBAgIJAMQE1QewYs4QMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV\nBAYTAkNIMQ8wDQYDVQQIDAZadXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UE\nCgwHQWlybG9jazEZMBcGA1UEAwwQdGVzdC5jZXJ0aWZpY2F0ZTAeFw0xNjAyMTYx\nNTE4NTZaFw0yNjAyMTUxNTE4NTZaMFwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZa\ndXJpY2gxDzANBgNVBAcMBlp1cmljaDEQMA4GA1UECgwHQWlybG9jazEZMBcGA1UE\nAwwQdGVzdC5jZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAMtPaJ5q3HFeui6iKe5i9gBjAuZwbZ5a05MVbj0NnyCm6iOcuJOySUAPM2kF\nJqUxrIXdz54xcilsKUoepQkn9e0bmIUVuiXWcQrr8iqjYC+hINNmiq+4YX4lWq2M\nCeOSOpxrMPmvDX0kt+O9Qwr+6tTqzD5VKJDFvlrfJnYTQ4WXeiaG9SfgR06/+pSQ\n+qDRWo7JmrVHcyv+3X0aRZ2JUP9cFy054GxF3dhRaZMZ7KdgjX5FkADY8MYiI2j5\n9Q2SA8zBjfRfZlGCORm7vdwIzPbRRo19TMXeBoOOnO8XB/XWS+n/bBLkRYN+wcnf\ntPZZuLggCQhRBVHy9ehKltkJMZkCAwEAAaNQME4wHQYDVR0OBBYEFP4M/uLWVuOh\n8RkBDnlU5jJyR3cJMB8GA1UdIwQYMBaAFP4M/uLWVuOh8RkBDnlU5jJyR3cJMAwG\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKItccRGDcX9pdkiHv/1PQtb\nykmxAMseVYt/6kJl3yUUd/tDTaAR4CHTvkX+4waMpnhToJ3SN9qNtbzID1/67X6D\n9RQAaiXiJ0Y+/Z6cWY/Rx3HiWsgcJN7F0Xux6wR5gdX/oSCqxyomxR42Ovs61bjx\n77RRptcoQJPvw50z9rJ4wkrb58raUKOqxgvpckQdYdtok0dR6tXbBfC4LHmqq0mo\nQ4ph1jI/QLl5lsYtDm4SLt1ALvgRQj8QerJdZ/SrmfFmUkOx3lGpBChM0lT+wkrI\naw/GIcvwLSquzFBrlU3Jhg+wu8p/514lgiShy39fmzMOa3Q0/5jF3qM74+lGUsA=\n-----END CERTIFICATE-----\n" ]
}
}
},
"relationships" : {
"mappings" : {
"data" : [ {
"type" : "mapping",
"id" : "30"
} ]
}
}
}
}
Delete a Remote JSON Web Key Set
DELETE /configuration/json-web-key-sets/remotes/{id}
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/remotes/1" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Add Mapping Connections
PATCH /configuration/json-web-key-sets/remotes/{id}/relationships/mappings
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
yes |
The ID of the referenced "mapping" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/remotes/1/relationships/mappings" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "mapping",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Mapping Connections
DELETE /configuration/json-web-key-sets/remotes/{id}/relationships/mappings
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
yes |
The ID of the referenced "mapping" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/remotes/1/relationships/mappings" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "mapping",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Add Client Certificate Connection
PATCH /configuration/json-web-key-sets/remotes/{id}/relationships/client-certificate
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "ssl-certificate" for this call. |
|
|
yes |
The ID of the referenced "ssl-certificate" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/remotes/1/relationships/client-certificate" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "ssl-certificate",
"id" : "2"
}
}'
Example Response
HTTP/1.1 204 No Content
Remove Client Certificate Connection
DELETE /configuration/json-web-key-sets/remotes/{id}/relationships/client-certificate
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "ssl-certificate" for this call. |
|
|
yes |
The ID of the referenced "ssl-certificate" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/json-web-key-sets/remotes/1/relationships/client-certificate" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "ssl-certificate",
"id" : "2"
}
}'
Example Response
HTTP/1.1 204 No Content
OpenAPI
Access all OpenAPI Documents
GET /configuration/api-security/openapi-documents
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "openapi-document" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
The unique name of the OpenAPI document. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/openapi-documents" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 358
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:13.230Z"
},
"data" : [ {
"type" : "openapi-document",
"id" : "1",
"attributes" : {
"name" : "apiSpecificationA"
}
}, {
"type" : "openapi-document",
"id" : "2",
"attributes" : {
"name" : "apiSpecificationB"
}
} ]
}
Access an OpenAPI Document
GET /configuration/api-security/openapi-documents/{id}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "openapi-document" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
The unique name of the OpenAPI document. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/openapi-documents/1" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 235
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:13.142Z"
},
"data" : {
"type" : "openapi-document",
"id" : "1",
"attributes" : {
"name" : "apiSpecification"
}
}
}
Create an OpenAPI Document
POST /configuration/api-security/openapi-documents
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "openapi-document" for this call. |
|
|
yes |
The unique name of the OpenAPI document. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "openapi-document" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
The unique name of the OpenAPI document. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/openapi-documents" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "openapi-document",
"attributes" : {
"name" : "newApiSpecification"
}
}
}'
Example Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 238
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:13.195Z"
},
"data" : {
"type" : "openapi-document",
"id" : "3",
"attributes" : {
"name" : "newApiSpecification"
}
}
}
Update an OpenAPI Document
PATCH /configuration/api-security/openapi-documents/{id}
Content-Type application/json
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "openapi-document" for this call. |
|
|
yes |
The ID of the resource to be addressed. |
|
|
no |
The unique name of the OpenAPI document. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "openapi-document" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
The unique name of the OpenAPI document. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/openapi-documents/1" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "openapi-document",
"id" : "1",
"attributes" : {
"name" : "updatedApiSpecification"
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 242
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:13.244Z"
},
"data" : {
"type" : "openapi-document",
"id" : "1",
"attributes" : {
"name" : "updatedApiSpecification"
}
}
}
Delete an OpenAPI Document
DELETE /configuration/api-security/openapi-documents/{id}
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/openapi-documents/1" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Upload OpenAPI Document Content
Uploads an API specification in the OpenAPI format. Please note that the content must be UTF-8 encoded and that the OpenApi document, for which the content is intended, must already exist.
PUT /configuration/api-security/openapi-documents/{id}/content
Content-Type application/octet-stream
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/openapi-documents/1/content" -i -X PUT \
-H 'Content-Type: application/octet-stream' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '@/tmp/upload.zip'
Example Response
HTTP/1.1 204 No Content
Get OpenAPI Document Content
GET /configuration/api-security/openapi-documents/{id}/content
Accept application/octet-stream
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/openapi-documents/2/content" -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/octet-stream'
Example Response
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 1629
Add Mapping Connections
PATCH /configuration/api-security/openapi-documents/{id}/relationships/mappings
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
yes |
The ID of the referenced "mapping" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/openapi-documents/3/relationships/mappings" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "mapping",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Mapping Connections
DELETE /configuration/api-security/openapi-documents/{id}/relationships/mappings
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
yes |
The ID of the referenced "mapping" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/openapi-documents/3/relationships/mappings" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "mapping",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
GraphQL
Access all GraphQL Documents
GET /configuration/api-security/graphql-documents
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "graphql-document" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
The unique name of the GraphQL document. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/graphql-documents" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 338
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:30.900Z"
},
"data" : [ {
"type" : "graphql-document",
"id" : "1",
"attributes" : {
"name" : "schemaA"
}
}, {
"type" : "graphql-document",
"id" : "2",
"attributes" : {
"name" : "schemaB"
}
} ]
}
Access an GraphQL Document
GET /configuration/api-security/graphql-documents/{id}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "graphql-document" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
The unique name of the GraphQL document. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/graphql-documents/1" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 235
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:30.669Z"
},
"data" : {
"type" : "graphql-document",
"id" : "1",
"attributes" : {
"name" : "apiSpecification"
}
}
}
Create an GraphQL Document
POST /configuration/api-security/graphql-documents
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "graphql-document" for this call. |
|
|
yes |
The unique name of the GraphQL document. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "graphql-document" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
The unique name of the GraphQL document. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/graphql-documents" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "graphql-document",
"attributes" : {
"name" : "newGraphQLDocument"
}
}
}'
Example Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 237
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:30.854Z"
},
"data" : {
"type" : "graphql-document",
"id" : "3",
"attributes" : {
"name" : "newGraphQLDocument"
}
}
}
Update an GraphQL Document
PATCH /configuration/api-security/graphql-documents/{id}
Content-Type application/json
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "graphql-document" for this call. |
|
|
yes |
The ID of the resource to be addressed. |
|
|
no |
The unique name of the GraphQL document. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "graphql-document" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
The unique name of the GraphQL document. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/graphql-documents/1" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "graphql-document",
"id" : "1",
"attributes" : {
"name" : "updatedApiSpecification"
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 242
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:30.913Z"
},
"data" : {
"type" : "graphql-document",
"id" : "1",
"attributes" : {
"name" : "updatedApiSpecification"
}
}
}
Delete an GraphQL Document
DELETE /configuration/api-security/graphql-documents/{id}
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/graphql-documents/1" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Upload GraphQL Document Content
Uploads an schema in the GraphQL format. Please note that the content must be UTF-8 encoded and that the GraphQL document, for which the content is intended, must already exist.
PUT /configuration/api-security/graphql-documents/{id}/content
Content-Type application/octet-stream
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/graphql-documents/1/content" -i -X PUT \
-H 'Content-Type: application/octet-stream' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '@/tmp/upload.zip'
Example Response
HTTP/1.1 204 No Content
Get GraphQL Document Content
GET /configuration/api-security/graphql-documents/{id}/content
Accept application/octet-stream
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/graphql-documents/2/content" -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/octet-stream'
Example Response
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 235
Add Mapping Connections
PATCH /configuration/api-security/graphql-documents/{id}/relationships/mappings
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
yes |
The ID of the referenced "mapping" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/graphql-documents/3/relationships/mappings" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "mapping",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Mapping Connections
DELETE /configuration/api-security/graphql-documents/{id}/relationships/mappings
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
yes |
The ID of the referenced "mapping" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-security/graphql-documents/3/relationships/mappings" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "mapping",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Anomaly Shield
Access Anomaly Shield Settings
GET /configuration/anomaly-shield
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "anomaly-shield" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Whether the Airlock Anomaly Shield feature is enabled. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 222
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:01.020Z"
},
"data" : {
"type" : "anomaly-shield",
"id" : "2",
"attributes" : {
"enabled" : true
}
}
}
Update Anomaly Shield Settings
PATCH /configuration/anomaly-shield
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "anomaly-shield" for this call. |
|
|
no |
Whether the Airlock Anomaly Shield feature is enabled. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "anomaly-shield" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Whether the Airlock Anomaly Shield feature is enabled. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "anomaly-shield",
"attributes" : {
"enabled" : true
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 222
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:01.060Z"
},
"data" : {
"type" : "anomaly-shield",
"id" : "2",
"attributes" : {
"enabled" : true
}
}
}
Anomaly Shield Applications
Access Anomaly Shield Applications
GET /configuration/anomaly-shield-applications
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
Optionally allows to filter by: 'name'. Click here for more details about the syntax. |
no |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "anomaly-shield-application" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Whether client behavior data is collected for detection. |
|
|
Whether anomaly detection and response rules are enabled. |
|
|
Specifies when low-level machine learning information (e.g. the current session anomaly pattern) should be logged. If set to ALWAYS, the information will be logged for every request. Allowed values: |
|
|
Specifies whether actions of triggered rules should be executed or only logged. Allowed values: |
|
|
Configures periodic automatic retraining Allowed values: |
|
|
The unique name of the Anomaly Shield Application. |
|
|
Tenant of the Anomaly Shield Application. |
|
|
Whether client behavior data should be collected for subsequent Anomaly Shield training. |
|
|
Whether request data of this application should be collected for subsequent Anomaly Shield training. |
|
|
Configures training strategy for manual and automatic training. Allowed values: |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The anomaly-shield-rule references. |
|
|
The data type of the referenced resource. Must be "anomaly-shield-rule" for this call. |
|
|
The ID of the anomaly-shield-rule resource. |
|
|
The anomaly-shield-traffic-matcher references. |
|
|
The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call. |
|
|
The ID of the anomaly-shield-traffic-matcher resource. |
|
|
The anomaly-shield-traffic-matcher references. |
|
|
The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call. |
|
|
The ID of the anomaly-shield-traffic-matcher resource. |
|
|
The anomaly-shield-traffic-matcher references. |
|
|
The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call. |
|
|
The ID of the anomaly-shield-traffic-matcher resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications?filter=name%3D%3DAnomalyShieldApplication" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1320
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:31:58.535Z"
},
"data" : [ {
"type" : "anomaly-shield-application",
"id" : "1",
"attributes" : {
"name" : "AnomalyShieldApplication",
"tenant" : "AirlockBankingCo",
"trainingStrategy" : "SESSIONS",
"automaticRetrainingMode" : "RETRAIN_AND_ENFORCE",
"trainingDataCollection" : {
"enabled" : true,
"behaviorDataCollected" : true
},
"anomalyDetectionAndResponse" : {
"enabled" : false,
"behaviorDataCollected" : false,
"threatHandling" : "LOG_ONLY",
"sessionAnomalyDetailsLogging" : "ON_PATTERN_CHANGES"
}
},
"relationships" : {
"mappings" : {
"data" : [ {
"type" : "mapping",
"id" : "30"
} ]
},
"anomaly-shield-rules" : {
"data" : [ {
"type" : "anomaly-shield-rule",
"id" : "35"
} ]
},
"training-data-collection-exclusions" : {
"data" : [ {
"type" : "anomaly-shield-traffic-matcher",
"id" : "40"
} ]
},
"response-rule-exceptions" : {
"data" : [ {
"type" : "anomaly-shield-traffic-matcher",
"id" : "50"
} ]
}
}
} ]
}
Access an Anomaly Shield Application
GET /configuration/anomaly-shield-applications/{id}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "anomaly-shield-application" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Whether client behavior data is collected for detection. |
|
|
Whether anomaly detection and response rules are enabled. |
|
|
Specifies when low-level machine learning information (e.g. the current session anomaly pattern) should be logged. If set to ALWAYS, the information will be logged for every request. Allowed values: |
|
|
Specifies whether actions of triggered rules should be executed or only logged. Allowed values: |
|
|
Configures periodic automatic retraining Allowed values: |
|
|
The unique name of the Anomaly Shield Application. |
|
|
Tenant of the Anomaly Shield Application. |
|
|
Whether client behavior data should be collected for subsequent Anomaly Shield training. |
|
|
Whether request data of this application should be collected for subsequent Anomaly Shield training. |
|
|
Configures training strategy for manual and automatic training. Allowed values: |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The anomaly-shield-rule references. |
|
|
The data type of the referenced resource. Must be "anomaly-shield-rule" for this call. |
|
|
The ID of the anomaly-shield-rule resource. |
|
|
The anomaly-shield-traffic-matcher references. |
|
|
The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call. |
|
|
The ID of the anomaly-shield-traffic-matcher resource. |
|
|
The anomaly-shield-traffic-matcher references. |
|
|
The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call. |
|
|
The ID of the anomaly-shield-traffic-matcher resource. |
|
|
The anomaly-shield-traffic-matcher references. |
|
|
The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call. |
|
|
The ID of the anomaly-shield-traffic-matcher resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications/1" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1316
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:31:58.224Z"
},
"data" : {
"type" : "anomaly-shield-application",
"id" : "1",
"attributes" : {
"name" : "AnomalyShieldApplication",
"tenant" : "AirlockBankingCo",
"trainingStrategy" : "SESSIONS",
"automaticRetrainingMode" : "RETRAIN_AND_ENFORCE",
"trainingDataCollection" : {
"enabled" : true,
"behaviorDataCollected" : true
},
"anomalyDetectionAndResponse" : {
"enabled" : false,
"behaviorDataCollected" : false,
"threatHandling" : "LOG_ONLY",
"sessionAnomalyDetailsLogging" : "ON_PATTERN_CHANGES"
}
},
"relationships" : {
"mappings" : {
"data" : [ {
"type" : "mapping",
"id" : "30"
} ]
},
"anomaly-shield-rules" : {
"data" : [ {
"type" : "anomaly-shield-rule",
"id" : "35"
} ]
},
"training-data-collection-exclusions" : {
"data" : [ {
"type" : "anomaly-shield-traffic-matcher",
"id" : "40"
} ]
},
"response-rule-exceptions" : {
"data" : [ {
"type" : "anomaly-shield-traffic-matcher",
"id" : "50"
} ]
}
}
}
}
Create an Anomaly Shield Application
POST /configuration/anomaly-shield-applications
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "anomaly-shield-application" for this call. |
|
|
yes |
Whether client behavior data is collected for detection. |
|
|
yes |
Whether anomaly detection and response rules are enabled. |
|
|
yes |
Specifies when low-level machine learning information (e.g. the current session anomaly pattern) should be logged. If set to ALWAYS, the information will be logged for every request. Allowed values: |
|
|
yes |
Specifies whether actions of triggered rules should be executed or only logged. Allowed values: |
|
|
yes |
Configures periodic automatic retraining Allowed values: |
|
|
yes |
The unique name of the Anomaly Shield Application. |
|
|
yes |
Tenant of the Anomaly Shield Application. |
|
|
yes |
Whether client behavior data should be collected for subsequent Anomaly Shield training. |
|
|
yes |
Whether request data of this application should be collected for subsequent Anomaly Shield training. |
|
|
yes |
Configures training strategy for manual and automatic training. Allowed values: |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "anomaly-shield-application" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Whether client behavior data is collected for detection. |
|
|
Whether anomaly detection and response rules are enabled. |
|
|
Specifies when low-level machine learning information (e.g. the current session anomaly pattern) should be logged. If set to ALWAYS, the information will be logged for every request. Allowed values: |
|
|
Specifies whether actions of triggered rules should be executed or only logged. Allowed values: |
|
|
Configures periodic automatic retraining Allowed values: |
|
|
The unique name of the Anomaly Shield Application. |
|
|
Tenant of the Anomaly Shield Application. |
|
|
Whether client behavior data should be collected for subsequent Anomaly Shield training. |
|
|
Whether request data of this application should be collected for subsequent Anomaly Shield training. |
|
|
Configures training strategy for manual and automatic training. Allowed values: |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "anomaly-shield-application",
"attributes" : {
"name" : "AnomalyShieldApplication",
"tenant" : "AirlockBankingCo",
"trainingStrategy" : "SESSIONS",
"automaticRetrainingMode" : "RETRAIN_AND_ENFORCE",
"trainingDataCollection" : {
"enabled" : true,
"behaviorDataCollected" : true
},
"anomalyDetectionAndResponse" : {
"enabled" : false,
"behaviorDataCollected" : true,
"threatHandling" : "LOG_ONLY",
"sessionAnomalyDetailsLogging" : "ON_PATTERN_CHANGES"
}
}
}
}'
Example Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 712
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:31:58.486Z"
},
"data" : {
"type" : "anomaly-shield-application",
"id" : "3",
"attributes" : {
"name" : "AnomalyShieldApplication",
"tenant" : "AirlockBankingCo",
"trainingStrategy" : "SESSIONS",
"automaticRetrainingMode" : "RETRAIN_AND_ENFORCE",
"trainingDataCollection" : {
"enabled" : true,
"behaviorDataCollected" : true
},
"anomalyDetectionAndResponse" : {
"enabled" : false,
"behaviorDataCollected" : true,
"threatHandling" : "LOG_ONLY",
"sessionAnomalyDetailsLogging" : "ON_PATTERN_CHANGES"
}
}
}
}
Update an Anomaly Shield Application
PATCH /configuration/anomaly-shield-applications/{id}
Content-Type application/json
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "anomaly-shield-application" for this call. |
|
|
yes |
The ID of the resource to be addressed. |
|
|
no |
Whether client behavior data is collected for detection. |
|
|
no |
Whether anomaly detection and response rules are enabled. |
|
|
no |
Specifies when low-level machine learning information (e.g. the current session anomaly pattern) should be logged. If set to ALWAYS, the information will be logged for every request. Allowed values: |
|
|
no |
Specifies whether actions of triggered rules should be executed or only logged. Allowed values: |
|
|
no |
Configures periodic automatic retraining Allowed values: |
|
|
no |
The unique name of the Anomaly Shield Application. |
|
|
no |
Tenant of the Anomaly Shield Application. |
|
|
no |
Whether client behavior data should be collected for subsequent Anomaly Shield training. |
|
|
no |
Whether request data of this application should be collected for subsequent Anomaly Shield training. |
|
|
no |
Configures training strategy for manual and automatic training. Allowed values: |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "anomaly-shield-application" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Whether client behavior data is collected for detection. |
|
|
Whether anomaly detection and response rules are enabled. |
|
|
Specifies when low-level machine learning information (e.g. the current session anomaly pattern) should be logged. If set to ALWAYS, the information will be logged for every request. Allowed values: |
|
|
Specifies whether actions of triggered rules should be executed or only logged. Allowed values: |
|
|
Configures periodic automatic retraining Allowed values: |
|
|
The unique name of the Anomaly Shield Application. |
|
|
Tenant of the Anomaly Shield Application. |
|
|
Whether client behavior data should be collected for subsequent Anomaly Shield training. |
|
|
Whether request data of this application should be collected for subsequent Anomaly Shield training. |
|
|
Configures training strategy for manual and automatic training. Allowed values: |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The anomaly-shield-rule references. |
|
|
The data type of the referenced resource. Must be "anomaly-shield-rule" for this call. |
|
|
The ID of the anomaly-shield-rule resource. |
|
|
The anomaly-shield-traffic-matcher references. |
|
|
The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call. |
|
|
The ID of the anomaly-shield-traffic-matcher resource. |
|
|
The anomaly-shield-traffic-matcher references. |
|
|
The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call. |
|
|
The ID of the anomaly-shield-traffic-matcher resource. |
|
|
The anomaly-shield-traffic-matcher references. |
|
|
The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call. |
|
|
The ID of the anomaly-shield-traffic-matcher resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications/1" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "anomaly-shield-application",
"id" : "1",
"attributes" : {
"name" : "AnomalyShieldApplication",
"tenant" : "AirlockBankingCo",
"trainingStrategy" : "SESSIONS",
"automaticRetrainingMode" : "RETRAIN_AND_ENFORCE",
"trainingDataCollection" : {
"enabled" : true,
"behaviorDataCollected" : true
},
"anomalyDetectionAndResponse" : {
"enabled" : false,
"behaviorDataCollected" : true,
"threatHandling" : "LOG_ONLY",
"sessionAnomalyDetailsLogging" : "ON_PATTERN_CHANGES"
}
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1315
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:31:58.592Z"
},
"data" : {
"type" : "anomaly-shield-application",
"id" : "1",
"attributes" : {
"name" : "AnomalyShieldApplication",
"tenant" : "AirlockBankingCo",
"trainingStrategy" : "SESSIONS",
"automaticRetrainingMode" : "RETRAIN_AND_ENFORCE",
"trainingDataCollection" : {
"enabled" : true,
"behaviorDataCollected" : true
},
"anomalyDetectionAndResponse" : {
"enabled" : false,
"behaviorDataCollected" : true,
"threatHandling" : "LOG_ONLY",
"sessionAnomalyDetailsLogging" : "ON_PATTERN_CHANGES"
}
},
"relationships" : {
"mappings" : {
"data" : [ {
"type" : "mapping",
"id" : "30"
} ]
},
"anomaly-shield-rules" : {
"data" : [ {
"type" : "anomaly-shield-rule",
"id" : "35"
} ]
},
"training-data-collection-exclusions" : {
"data" : [ {
"type" : "anomaly-shield-traffic-matcher",
"id" : "40"
} ]
},
"response-rule-exceptions" : {
"data" : [ {
"type" : "anomaly-shield-traffic-matcher",
"id" : "50"
} ]
}
}
}
}
Delete an Anomaly Shield Application
DELETE /configuration/anomaly-shield-applications/{id}
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications/1" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Add Mapping Anomaly Shield Application Connections
PATCH /configuration/anomaly-shield-applications/{id}/relationships/mappings
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
yes |
The ID of the referenced "mapping" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications/3/relationships/mappings" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "mapping",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Mapping Anomaly Shield Application Connections
DELETE /configuration/anomaly-shield-applications/{id}/relationships/mappings
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
yes |
The ID of the referenced "mapping" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications/3/relationships/mappings" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "mapping",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Add Anomaly Shield Rule Connections
PATCH /configuration/anomaly-shield-applications/{id}/relationships/anomaly-shield-rules
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "anomaly-shield-rule" for this call. |
|
|
yes |
The ID of the referenced "anomaly-shield-rule" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications/3/relationships/anomaly-shield-rules" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "anomaly-shield-rule",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Anomaly Shield Rule Connections
DELETE /configuration/anomaly-shield-applications/{id}/relationships/anomaly-shield-rules
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "anomaly-shield-rule" for this call. |
|
|
yes |
The ID of the referenced "anomaly-shield-rule" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications/3/relationships/anomaly-shield-rules" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "anomaly-shield-rule",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Add Training Data Collection Exclusions
PATCH /configuration/anomaly-shield-applications/{id}/relationships/training-data-collection-exclusions
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call. |
|
|
yes |
The ID of the referenced "anomaly-shield-traffic-matcher" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications/3/relationships/training-data-collection-exclusions" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "anomaly-shield-traffic-matcher",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Training Data Collection Exclusions
DELETE /configuration/anomaly-shield-applications/{id}/relationships/training-data-collection-exclusions
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call. |
|
|
yes |
The ID of the referenced "anomaly-shield-traffic-matcher" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications/3/relationships/training-data-collection-exclusions" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "anomaly-shield-traffic-matcher",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Add Anomaly Detection Exclusions
PATCH /configuration/anomaly-shield-applications/{id}/relationships/anomaly-detection-exclusions
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call. |
|
|
yes |
The ID of the referenced "anomaly-shield-traffic-matcher" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications/3/relationships/anomaly-detection-exclusions" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "anomaly-shield-traffic-matcher",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Anomaly Detection Exclusions
DELETE /configuration/anomaly-shield-applications/{id}/relationships/anomaly-detection-exclusions
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call. |
|
|
yes |
The ID of the referenced "anomaly-shield-traffic-matcher" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications/3/relationships/anomaly-detection-exclusions" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "anomaly-shield-traffic-matcher",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Add Response Rule Exceptions
PATCH /configuration/anomaly-shield-applications/{id}/relationships/response-rule-exceptions
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call. |
|
|
yes |
The ID of the referenced "anomaly-shield-traffic-matcher" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications/3/relationships/response-rule-exceptions" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "anomaly-shield-traffic-matcher",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Response Rule Exceptions
DELETE /configuration/anomaly-shield-applications/{id}/relationships/response-rule-exceptions
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "anomaly-shield-traffic-matcher" for this call. |
|
|
yes |
The ID of the referenced "anomaly-shield-traffic-matcher" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-applications/3/relationships/response-rule-exceptions" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "anomaly-shield-traffic-matcher",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Anomaly Shield Traffic Matchers
Access Anomaly Shield Traffic Matchers
GET /configuration/anomaly-shield-traffic-matchers
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
Optionally allows to filter by: 'name'. Click here for more details about the syntax. |
no |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "anomaly-shield-traffic-matcher" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
The unique name of the Anomaly Shield Traffic Matcher. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Tenant of the Anomaly Shield Traffic Matcher. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-traffic-matchers?filter=name%3D%3DAnomalyShieldTrafficMatcher" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1109
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:05.842Z"
},
"data" : [ {
"type" : "anomaly-shield-traffic-matcher",
"id" : "1",
"attributes" : {
"name" : "AnomalyShieldTrafficMatcher",
"tenant" : "AirlockBankingCo",
"headerNamePattern" : {
"pattern" : "^X-Header$",
"caseIgnored" : false,
"inverted" : false
},
"headerValuePattern" : {
"pattern" : "^header-value$",
"caseIgnored" : false,
"inverted" : false
},
"pathPattern" : {
"pattern" : "^/mypath",
"caseIgnored" : true,
"inverted" : false
},
"httpMethodPattern" : {
"pattern" : "^GET$",
"caseIgnored" : true,
"inverted" : false
},
"contentTypePattern" : {
"pattern" : "^image/jpeg$",
"caseIgnored" : true,
"inverted" : false
}
},
"relationships" : {
"ip-address-lists" : {
"data" : [ {
"type" : "ip-address-list",
"id" : "60"
} ]
}
}
} ]
}
Access an Anomaly Shield Traffic Matcher
GET /configuration/anomaly-shield-traffic-matchers/{id}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "anomaly-shield-traffic-matcher" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
The unique name of the Anomaly Shield Traffic Matcher. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Tenant of the Anomaly Shield Traffic Matcher. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-traffic-matchers/1" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1105
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:05.708Z"
},
"data" : {
"type" : "anomaly-shield-traffic-matcher",
"id" : "1",
"attributes" : {
"name" : "AnomalyShieldTrafficMatcher",
"tenant" : "AirlockBankingCo",
"headerNamePattern" : {
"pattern" : "^X-Header$",
"caseIgnored" : false,
"inverted" : false
},
"headerValuePattern" : {
"pattern" : "^header-value$",
"caseIgnored" : false,
"inverted" : false
},
"pathPattern" : {
"pattern" : "^/mypath",
"caseIgnored" : true,
"inverted" : false
},
"httpMethodPattern" : {
"pattern" : "^GET$",
"caseIgnored" : true,
"inverted" : false
},
"contentTypePattern" : {
"pattern" : "^image/jpeg$",
"caseIgnored" : true,
"inverted" : false
}
},
"relationships" : {
"ip-address-lists" : {
"data" : [ {
"type" : "ip-address-list",
"id" : "60"
} ]
}
}
}
}
Create an Anomaly Shield Traffic Matcher
POST /configuration/anomaly-shield-traffic-matchers
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "anomaly-shield-traffic-matcher" for this call. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
The actual pattern. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
The actual pattern. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
The actual pattern. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
The actual pattern. |
|
|
yes |
The unique name of the Anomaly Shield Traffic Matcher. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
The actual pattern. |
|
|
yes |
Tenant of the Anomaly Shield Traffic Matcher. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "anomaly-shield-traffic-matcher" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
The unique name of the Anomaly Shield Traffic Matcher. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Tenant of the Anomaly Shield Traffic Matcher. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-traffic-matchers" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "anomaly-shield-traffic-matcher",
"attributes" : {
"name" : "AnomalyShieldTrafficMatcher",
"tenant" : "AirlockBankingCo",
"headerNamePattern" : {
"pattern" : "^X-Header$",
"caseIgnored" : false,
"inverted" : false
},
"headerValuePattern" : {
"pattern" : "^header-value$",
"caseIgnored" : false,
"inverted" : false
},
"pathPattern" : {
"pattern" : "^/mypath",
"caseIgnored" : true,
"inverted" : false
},
"httpMethodPattern" : {
"pattern" : "^GET$",
"caseIgnored" : true,
"inverted" : false
},
"contentTypePattern" : {
"pattern" : "^image/jpeg$",
"caseIgnored" : true,
"inverted" : false
}
}
}
}'
Example Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 944
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:05.808Z"
},
"data" : {
"type" : "anomaly-shield-traffic-matcher",
"id" : "3",
"attributes" : {
"name" : "AnomalyShieldTrafficMatcher",
"tenant" : "AirlockBankingCo",
"headerNamePattern" : {
"pattern" : "^X-Header$",
"caseIgnored" : false,
"inverted" : false
},
"headerValuePattern" : {
"pattern" : "^header-value$",
"caseIgnored" : false,
"inverted" : false
},
"pathPattern" : {
"pattern" : "^/mypath",
"caseIgnored" : true,
"inverted" : false
},
"httpMethodPattern" : {
"pattern" : "^GET$",
"caseIgnored" : true,
"inverted" : false
},
"contentTypePattern" : {
"pattern" : "^image/jpeg$",
"caseIgnored" : true,
"inverted" : false
}
}
}
}
Update an Anomaly Shield Traffic Matcher
PATCH /configuration/anomaly-shield-traffic-matchers/{id}
Content-Type application/json
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "anomaly-shield-traffic-matcher" for this call. |
|
|
yes |
The ID of the resource to be addressed. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
The unique name of the Anomaly Shield Traffic Matcher. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Tenant of the Anomaly Shield Traffic Matcher. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "anomaly-shield-traffic-matcher" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
The unique name of the Anomaly Shield Traffic Matcher. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Tenant of the Anomaly Shield Traffic Matcher. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-traffic-matchers/1" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "anomaly-shield-traffic-matcher",
"id" : "1",
"attributes" : {
"name" : "AnomalyShieldTrafficMatcher",
"tenant" : "AirlockBankingCo",
"headerNamePattern" : {
"pattern" : "^X-Header$",
"caseIgnored" : false,
"inverted" : false
},
"headerValuePattern" : {
"pattern" : "^header-value$",
"caseIgnored" : false,
"inverted" : false
},
"pathPattern" : {
"pattern" : "^/mypath",
"caseIgnored" : true,
"inverted" : false
},
"httpMethodPattern" : {
"pattern" : "^GET$",
"caseIgnored" : true,
"inverted" : false
},
"contentTypePattern" : {
"pattern" : "^image/jpeg$",
"caseIgnored" : true,
"inverted" : false
}
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1105
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:05.862Z"
},
"data" : {
"type" : "anomaly-shield-traffic-matcher",
"id" : "1",
"attributes" : {
"name" : "AnomalyShieldTrafficMatcher",
"tenant" : "AirlockBankingCo",
"headerNamePattern" : {
"pattern" : "^X-Header$",
"caseIgnored" : false,
"inverted" : false
},
"headerValuePattern" : {
"pattern" : "^header-value$",
"caseIgnored" : false,
"inverted" : false
},
"pathPattern" : {
"pattern" : "^/mypath",
"caseIgnored" : true,
"inverted" : false
},
"httpMethodPattern" : {
"pattern" : "^GET$",
"caseIgnored" : true,
"inverted" : false
},
"contentTypePattern" : {
"pattern" : "^image/jpeg$",
"caseIgnored" : true,
"inverted" : false
}
},
"relationships" : {
"ip-address-lists" : {
"data" : [ {
"type" : "ip-address-list",
"id" : "60"
} ]
}
}
}
}
Delete an Anomaly Shield Traffic Matcher
DELETE /configuration/anomaly-shield-traffic-matchers/{id}
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-traffic-matchers/1" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Add IP Address List Connections
PATCH /configuration/anomaly-shield-traffic-matchers/{id}/relationships/ip-address-lists
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
yes |
The ID of the referenced "ip-address-list" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-traffic-matchers/3/relationships/ip-address-lists" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "ip-address-list",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove IP Address List Connections
DELETE /configuration/anomaly-shield-traffic-matchers/{id}/relationships/ip-address-lists
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
yes |
The ID of the referenced "ip-address-list" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-traffic-matchers/3/relationships/ip-address-lists" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "ip-address-list",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Anomaly Shield Triggers
Access Anomaly Shield Triggers
GET /configuration/anomaly-shield-triggers
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
Optionally allows to filter by: 'name'. Click here for more details about the syntax. |
no |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "anomaly-shield-trigger" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
The unique name of the Anomaly Shield Trigger. |
|
|
Tenant of the Anomaly Shield Trigger. |
|
|
This trigger will be activated whenever the current session anomaly pattern matches any of these patterns. |
|
|
Anomaly Shield Indicator. Allowed values: |
|
|
Anomaly Shield Indicator. Allowed values: |
|
|
Anomaly Shield Indicator. Allowed values: |
|
|
Anomaly Shield Indicator. Allowed values: |
|
|
Anomaly Shield Indicator. Allowed values: |
|
|
Anomaly Shield Indicator. Allowed values: |
|
|
The anomaly-shield-rule references. |
|
|
The data type of the referenced resource. Must be "anomaly-shield-rule" for this call. |
|
|
The ID of the anomaly-shield-rule resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-triggers?filter=name%3D%3DAnomalyShieldTrigger" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 732
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:08.091Z"
},
"data" : [ {
"type" : "anomaly-shield-trigger",
"id" : "1",
"attributes" : {
"name" : "AnomalyShieldTrigger",
"tenant" : "AirlockBankingCo",
"triggerPatterns" : [ {
"graphMetricsCluster" : "DISABLED",
"isolationForest" : "NORMAL",
"statusCodeMeta" : "ANOMALOUS",
"timingCluster" : "DISABLED",
"queryParameters" : "NORMAL",
"clientBehavior" : "ANOMALOUS"
} ]
},
"relationships" : {
"anomaly-shield-rules" : {
"data" : [ {
"type" : "anomaly-shield-rule",
"id" : "5"
} ]
}
}
} ]
}
Access an Anomaly Shield Trigger
GET /configuration/anomaly-shield-triggers/{id}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "anomaly-shield-trigger" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
The unique name of the Anomaly Shield Trigger. |
|
|
Tenant of the Anomaly Shield Trigger. |
|
|
This trigger will be activated whenever the current session anomaly pattern matches any of these patterns. |
|
|
Anomaly Shield Indicator. Allowed values: |
|
|
Anomaly Shield Indicator. Allowed values: |
|
|
Anomaly Shield Indicator. Allowed values: |
|
|
Anomaly Shield Indicator. Allowed values: |
|
|
Anomaly Shield Indicator. Allowed values: |
|
|
Anomaly Shield Indicator. Allowed values: |
|
|
The anomaly-shield-rule references. |
|
|
The data type of the referenced resource. Must be "anomaly-shield-rule" for this call. |
|
|
The ID of the anomaly-shield-rule resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-triggers/1" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 728
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:08.040Z"
},
"data" : {
"type" : "anomaly-shield-trigger",
"id" : "1",
"attributes" : {
"name" : "AnomalyShieldTrigger",
"tenant" : "AirlockBankingCo",
"triggerPatterns" : [ {
"graphMetricsCluster" : "DISABLED",
"isolationForest" : "NORMAL",
"statusCodeMeta" : "ANOMALOUS",
"timingCluster" : "DISABLED",
"queryParameters" : "NORMAL",
"clientBehavior" : "ANOMALOUS"
} ]
},
"relationships" : {
"anomaly-shield-rules" : {
"data" : [ {
"type" : "anomaly-shield-rule",
"id" : "5"
} ]
}
}
}
}
Create an Anomaly Shield Trigger
POST /configuration/anomaly-shield-triggers
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "anomaly-shield-trigger" for this call. |
|
|
yes |
The unique name of the Anomaly Shield Trigger. |
|
|
yes |
Tenant of the Anomaly Shield Trigger. |
|
|
yes |
This trigger will be activated whenever the current session anomaly pattern matches any of these patterns. |
|
|
yes |
Anomaly Shield Indicator. Allowed values: |
|
|
yes |
Anomaly Shield Indicator. Allowed values: |
|
|
yes |
Anomaly Shield Indicator. Allowed values: |
|
|
yes |
Anomaly Shield Indicator. Allowed values: |
|
|
yes |
Anomaly Shield Indicator. Allowed values: |
|
|
yes |
Anomaly Shield Indicator. Allowed values: |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "anomaly-shield-trigger" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
The unique name of the Anomaly Shield Trigger. |
|
|
Tenant of the Anomaly Shield Trigger. |
|
|
This trigger will be activated whenever the current session anomaly pattern matches any of these patterns. |
|
|
Anomaly Shield Indicator. Allowed values: |
|
|
Anomaly Shield Indicator. Allowed values: |
|
|
Anomaly Shield Indicator. Allowed values: |
|
|
Anomaly Shield Indicator. Allowed values: |
|
|
Anomaly Shield Indicator. Allowed values: |
|
|
Anomaly Shield Indicator. Allowed values: |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-triggers" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "anomaly-shield-trigger",
"attributes" : {
"name" : "AnomalyShieldTrigger",
"tenant" : "AirlockBankingCo",
"triggerPatterns" : [ {
"graphMetricsCluster" : "ANOMALOUS",
"isolationForest" : "DISABLED",
"statusCodeMeta" : "ANOMALOUS",
"timingCluster" : "ANOMALOUS",
"queryParameters" : "NORMAL",
"clientBehavior" : "ANOMALOUS"
} ]
}
}
}'
Example Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 564
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:08.059Z"
},
"data" : {
"type" : "anomaly-shield-trigger",
"id" : "3",
"attributes" : {
"name" : "AnomalyShieldTrigger",
"tenant" : "AirlockBankingCo",
"triggerPatterns" : [ {
"graphMetricsCluster" : "ANOMALOUS",
"isolationForest" : "DISABLED",
"statusCodeMeta" : "ANOMALOUS",
"timingCluster" : "ANOMALOUS",
"queryParameters" : "NORMAL",
"clientBehavior" : "ANOMALOUS"
} ]
}
}
}
Update an Anomaly Shield Trigger
PATCH /configuration/anomaly-shield-triggers/{id}
Content-Type application/json
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "anomaly-shield-trigger" for this call. |
|
|
yes |
The ID of the resource to be addressed. |
|
|
no |
The unique name of the Anomaly Shield Trigger. |
|
|
no |
Tenant of the Anomaly Shield Trigger. |
|
|
no |
This trigger will be activated whenever the current session anomaly pattern matches any of these patterns. |
|
|
no |
Anomaly Shield Indicator. Allowed values: |
|
|
no |
Anomaly Shield Indicator. Allowed values: |
|
|
no |
Anomaly Shield Indicator. Allowed values: |
|
|
no |
Anomaly Shield Indicator. Allowed values: |
|
|
no |
Anomaly Shield Indicator. Allowed values: |
|
|
no |
Anomaly Shield Indicator. Allowed values: |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "anomaly-shield-trigger" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
The unique name of the Anomaly Shield Trigger. |
|
|
Tenant of the Anomaly Shield Trigger. |
|
|
This trigger will be activated whenever the current session anomaly pattern matches any of these patterns. |
|
|
Anomaly Shield Indicator. Allowed values: |
|
|
Anomaly Shield Indicator. Allowed values: |
|
|
Anomaly Shield Indicator. Allowed values: |
|
|
Anomaly Shield Indicator. Allowed values: |
|
|
Anomaly Shield Indicator. Allowed values: |
|
|
Anomaly Shield Indicator. Allowed values: |
|
|
The anomaly-shield-rule references. |
|
|
The data type of the referenced resource. Must be "anomaly-shield-rule" for this call. |
|
|
The ID of the anomaly-shield-rule resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-triggers/1" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "anomaly-shield-trigger",
"id" : "1",
"attributes" : {
"name" : "AnomalyShieldTrigger",
"tenant" : "AirlockBankingCo",
"triggerPatterns" : [ {
"graphMetricsCluster" : "ANOMALOUS",
"isolationForest" : "DISABLED",
"statusCodeMeta" : "ANOMALOUS",
"timingCluster" : "ANOMALOUS",
"queryParameters" : "NORMAL",
"clientBehavior" : "ANOMALOUS"
} ]
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 732
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:08.110Z"
},
"data" : {
"type" : "anomaly-shield-trigger",
"id" : "1",
"attributes" : {
"name" : "AnomalyShieldTrigger",
"tenant" : "AirlockBankingCo",
"triggerPatterns" : [ {
"graphMetricsCluster" : "ANOMALOUS",
"isolationForest" : "DISABLED",
"statusCodeMeta" : "ANOMALOUS",
"timingCluster" : "ANOMALOUS",
"queryParameters" : "NORMAL",
"clientBehavior" : "ANOMALOUS"
} ]
},
"relationships" : {
"anomaly-shield-rules" : {
"data" : [ {
"type" : "anomaly-shield-rule",
"id" : "5"
} ]
}
}
}
}
Delete an Anomaly Shield Trigger
DELETE /configuration/anomaly-shield-triggers/{id}
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-triggers/1" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Anomaly Shield Rules
Access Anomaly Shield Rules
GET /configuration/anomaly-shield-rules
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
Optionally allows to filter by: 'name'. Click here for more details about the syntax. |
no |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "anomaly-shield-rule" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
If enabled, the source IP of the IP aggregate that triggered this rule will be blocked. |
|
|
If enabled, IP aggregates that triggered this rule will be tagged as anomalous. |
|
|
The unique name of the Anomaly Shield Rule. |
|
|
If enabled, the source IPs of sessions which trigger this rule will be blocked. |
|
|
If enabled, authorization roles matching the specified pattern will be revoked whenever a session triggers this rule. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
If enabled, sessions which trigger this rule will be tagged as anomalous. |
|
|
If enabled, sessions which trigger this rule will be immediately terminated. |
|
|
Tenant of the Anomaly Shield Rule. |
|
|
The anomaly-shield-application references. |
|
|
The data type of the referenced resource. Must be "anomaly-shield-application" for this call. |
|
|
The ID of the anomaly-shield-application resource. |
|
|
The anomaly-shield-trigger references. |
|
|
The data type of the referenced resource. Must be "anomaly-shield-trigger" for this call. |
|
|
The ID of the anomaly-shield-trigger resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-rules?filter=name%3D%3DAnomalyShieldRule" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1067
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:03.485Z"
},
"data" : [ {
"type" : "anomaly-shield-rule",
"id" : "1",
"attributes" : {
"name" : "AnomalyShieldRule",
"tenant" : "AirlockBankingCo",
"sessionActions" : {
"sessionTaggingEnabled" : true,
"sessionTerminationEnabled" : true,
"ipBlockingEnabled" : false,
"removeRoles" : {
"enabled" : false,
"rolePattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
}
}
},
"ipActions" : {
"ipTaggingEnabled" : false,
"ipBlockingEnabled" : false
}
},
"relationships" : {
"anomaly-shield-applications" : {
"data" : [ {
"type" : "anomaly-shield-application",
"id" : "20"
} ]
},
"anomaly-shield-triggers" : {
"data" : [ {
"type" : "anomaly-shield-trigger",
"id" : "30"
} ]
}
}
} ]
}
Access Anomaly Shield Rule
GET /configuration/anomaly-shield-rules/{id}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "anomaly-shield-rule" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
If enabled, the source IP of the IP aggregate that triggered this rule will be blocked. |
|
|
If enabled, IP aggregates that triggered this rule will be tagged as anomalous. |
|
|
The unique name of the Anomaly Shield Rule. |
|
|
If enabled, the source IPs of sessions which trigger this rule will be blocked. |
|
|
If enabled, authorization roles matching the specified pattern will be revoked whenever a session triggers this rule. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
If enabled, sessions which trigger this rule will be tagged as anomalous. |
|
|
If enabled, sessions which trigger this rule will be immediately terminated. |
|
|
Tenant of the Anomaly Shield Rule. |
|
|
The anomaly-shield-application references. |
|
|
The data type of the referenced resource. Must be "anomaly-shield-application" for this call. |
|
|
The ID of the anomaly-shield-application resource. |
|
|
The anomaly-shield-trigger references. |
|
|
The data type of the referenced resource. Must be "anomaly-shield-trigger" for this call. |
|
|
The ID of the anomaly-shield-trigger resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-rules/1" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1063
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:03.364Z"
},
"data" : {
"type" : "anomaly-shield-rule",
"id" : "1",
"attributes" : {
"name" : "AnomalyShieldRule",
"tenant" : "AirlockBankingCo",
"sessionActions" : {
"sessionTaggingEnabled" : true,
"sessionTerminationEnabled" : true,
"ipBlockingEnabled" : false,
"removeRoles" : {
"enabled" : false,
"rolePattern" : {
"pattern" : "",
"caseIgnored" : false,
"inverted" : false
}
}
},
"ipActions" : {
"ipTaggingEnabled" : false,
"ipBlockingEnabled" : false
}
},
"relationships" : {
"anomaly-shield-applications" : {
"data" : [ {
"type" : "anomaly-shield-application",
"id" : "20"
} ]
},
"anomaly-shield-triggers" : {
"data" : [ {
"type" : "anomaly-shield-trigger",
"id" : "30"
} ]
}
}
}
}
Create an Anomaly Shield Rule
POST /configuration/anomaly-shield-rules
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "anomaly-shield-rule" for this call. |
|
|
yes |
If enabled, the source IP of the IP aggregate that triggered this rule will be blocked. |
|
|
yes |
If enabled, IP aggregates that triggered this rule will be tagged as anomalous. |
|
|
yes |
The unique name of the Anomaly Shield Rule. |
|
|
yes |
If enabled, the source IPs of sessions which trigger this rule will be blocked. |
|
|
yes |
If enabled, authorization roles matching the specified pattern will be revoked whenever a session triggers this rule. |
|
|
yes |
Whether to ignore case. |
|
|
yes |
Whether to invert the match. |
|
|
yes |
The actual pattern. |
|
|
yes |
If enabled, sessions which trigger this rule will be tagged as anomalous. |
|
|
yes |
If enabled, sessions which trigger this rule will be immediately terminated. |
|
|
yes |
Tenant of the Anomaly Shield Rule. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "anomaly-shield-rule" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
If enabled, the source IP of the IP aggregate that triggered this rule will be blocked. |
|
|
If enabled, IP aggregates that triggered this rule will be tagged as anomalous. |
|
|
The unique name of the Anomaly Shield Rule. |
|
|
If enabled, the source IPs of sessions which trigger this rule will be blocked. |
|
|
If enabled, authorization roles matching the specified pattern will be revoked whenever a session triggers this rule. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
If enabled, sessions which trigger this rule will be tagged as anomalous. |
|
|
If enabled, sessions which trigger this rule will be immediately terminated. |
|
|
Tenant of the Anomaly Shield Rule. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-rules" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "anomaly-shield-rule",
"attributes" : {
"name" : "AnomalyShieldRule",
"tenant" : "AirlockBankingCo",
"sessionActions" : {
"sessionTaggingEnabled" : true,
"sessionTerminationEnabled" : true,
"ipBlockingEnabled" : false,
"removeRoles" : {
"enabled" : true,
"rolePattern" : {
"pattern" : "normal-auth",
"caseIgnored" : false,
"inverted" : false
}
}
},
"ipActions" : {
"ipTaggingEnabled" : true,
"ipBlockingEnabled" : false
}
}
}
}'
Example Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 744
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:03.450Z"
},
"data" : {
"type" : "anomaly-shield-rule",
"id" : "3",
"attributes" : {
"name" : "AnomalyShieldRule",
"tenant" : "AirlockBankingCo",
"sessionActions" : {
"sessionTaggingEnabled" : true,
"sessionTerminationEnabled" : true,
"ipBlockingEnabled" : false,
"removeRoles" : {
"enabled" : true,
"rolePattern" : {
"pattern" : "normal-auth",
"caseIgnored" : false,
"inverted" : false
}
}
},
"ipActions" : {
"ipTaggingEnabled" : true,
"ipBlockingEnabled" : false
}
}
}
}
Update an Anomaly Shield Rule
PATCH /configuration/anomaly-shield-rules/{id}
Content-Type application/json
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "anomaly-shield-rule" for this call. |
|
|
yes |
The ID of the resource to be addressed. |
|
|
no |
If enabled, the source IP of the IP aggregate that triggered this rule will be blocked. |
|
|
no |
If enabled, IP aggregates that triggered this rule will be tagged as anomalous. |
|
|
no |
The unique name of the Anomaly Shield Rule. |
|
|
no |
If enabled, the source IPs of sessions which trigger this rule will be blocked. |
|
|
no |
If enabled, authorization roles matching the specified pattern will be revoked whenever a session triggers this rule. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
If enabled, sessions which trigger this rule will be tagged as anomalous. |
|
|
no |
If enabled, sessions which trigger this rule will be immediately terminated. |
|
|
no |
Tenant of the Anomaly Shield Rule. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "anomaly-shield-rule" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
If enabled, the source IP of the IP aggregate that triggered this rule will be blocked. |
|
|
If enabled, IP aggregates that triggered this rule will be tagged as anomalous. |
|
|
The unique name of the Anomaly Shield Rule. |
|
|
If enabled, the source IPs of sessions which trigger this rule will be blocked. |
|
|
If enabled, authorization roles matching the specified pattern will be revoked whenever a session triggers this rule. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
If enabled, sessions which trigger this rule will be tagged as anomalous. |
|
|
If enabled, sessions which trigger this rule will be immediately terminated. |
|
|
Tenant of the Anomaly Shield Rule. |
|
|
The anomaly-shield-application references. |
|
|
The data type of the referenced resource. Must be "anomaly-shield-application" for this call. |
|
|
The ID of the anomaly-shield-application resource. |
|
|
The anomaly-shield-trigger references. |
|
|
The data type of the referenced resource. Must be "anomaly-shield-trigger" for this call. |
|
|
The ID of the anomaly-shield-trigger resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-rules/1" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "anomaly-shield-rule",
"id" : "1",
"attributes" : {
"name" : "AnomalyShieldRule",
"tenant" : "AirlockBankingCo",
"sessionActions" : {
"sessionTaggingEnabled" : true,
"sessionTerminationEnabled" : true,
"ipBlockingEnabled" : false,
"removeRoles" : {
"enabled" : true,
"rolePattern" : {
"pattern" : "normal-auth",
"caseIgnored" : false,
"inverted" : false
}
}
},
"ipActions" : {
"ipTaggingEnabled" : true,
"ipBlockingEnabled" : false
}
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1072
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:03.554Z"
},
"data" : {
"type" : "anomaly-shield-rule",
"id" : "1",
"attributes" : {
"name" : "AnomalyShieldRule",
"tenant" : "AirlockBankingCo",
"sessionActions" : {
"sessionTaggingEnabled" : true,
"sessionTerminationEnabled" : true,
"ipBlockingEnabled" : false,
"removeRoles" : {
"enabled" : true,
"rolePattern" : {
"pattern" : "normal-auth",
"caseIgnored" : false,
"inverted" : false
}
}
},
"ipActions" : {
"ipTaggingEnabled" : true,
"ipBlockingEnabled" : false
}
},
"relationships" : {
"anomaly-shield-applications" : {
"data" : [ {
"type" : "anomaly-shield-application",
"id" : "20"
} ]
},
"anomaly-shield-triggers" : {
"data" : [ {
"type" : "anomaly-shield-trigger",
"id" : "30"
} ]
}
}
}
}
Delete an Anomaly Shield Rule
DELETE /configuration/anomaly-shield-rules/{id}
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-rules/1" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Add Anomaly Shield Trigger Connections
PATCH /configuration/anomaly-shield-rules/{id}/relationships/anomaly-shield-triggers
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "anomaly-shield-trigger" for this call. |
|
|
yes |
The ID of the referenced "anomaly-shield-trigger" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-rules/2/relationships/anomaly-shield-triggers" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "anomaly-shield-trigger",
"id" : "3"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Anomaly Shield Trigger Connections
DELETE /configuration/anomaly-shield-rules/{id}/relationships/anomaly-shield-triggers
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "anomaly-shield-trigger" for this call. |
|
|
yes |
The ID of the referenced "anomaly-shield-trigger" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/anomaly-shield-rules/2/relationships/anomaly-shield-triggers" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "anomaly-shield-trigger",
"id" : "3"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Deny Rule Groups
Access all Deny Rule Groups
GET /configuration/deny-rule-groups
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "deny-rule-group" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
All deny rules that are member of this group. |
|
|
Specifies the security level. Allowed values: |
|
|
All deny rules belonging to the security level. |
|
|
The name of the deny-rule group. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/deny-rule-groups" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1464
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:20.300Z"
},
"data" : [ {
"type" : "deny-rule-group",
"id" : "SQLI_PARAM_VALUE",
"attributes" : {
"name" : "(default) SQL Injection (SQLi) in Parameter Value",
"denyRules" : [ {
"securityLevel" : "BASIC",
"shortNames" : [ "SQL_020A", "SQL_030A", "SQL_060A" ]
}, {
"securityLevel" : "STANDARD",
"shortNames" : [ "SQL_005A", "SQL_020A", "SQL_025A", "SQL_030A", "SQL_045A", "SQL_055A", "SQL_060A", "SQL_065A" ]
}, {
"securityLevel" : "STRICT",
"shortNames" : [ "SQL_001A", "SQL_005A", "SQL_020A", "SQL_025A", "SQL_030A", "SQL_040A", "SQL_045A", "SQL_050A", "SQL_055A", "SQL_060A", "SQL_065A" ]
} ]
}
}, {
"type" : "deny-rule-group",
"id" : "SQLI_HEADER_VALUE",
"attributes" : {
"name" : "(default) SQL Injection (SQLi) in Header Value",
"denyRules" : [ {
"securityLevel" : "BASIC",
"shortNames" : [ "SQL_020B", "SQL_030B", "SQL_060B" ]
}, {
"securityLevel" : "STANDARD",
"shortNames" : [ "SQL_005B", "SQL_020B", "SQL_025B", "SQL_030B", "SQL_045B", "SQL_055B", "SQL_060B", "SQL_065B" ]
}, {
"securityLevel" : "STRICT",
"shortNames" : [ "SQL_001B", "SQL_005B", "SQL_020B", "SQL_025B", "SQL_030B", "SQL_040B", "SQL_045B", "SQL_050B", "SQL_055B", "SQL_060B", "SQL_065B" ]
} ]
}
} ]
}
Access a Deny Rule Group
GET /configuration/deny-rule-groups/{id}
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "deny-rule-group" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
All deny rules that are member of this group. |
|
|
Specifies the security level. Allowed values: |
|
|
All deny rules belonging to the security level. |
|
|
The name of the deny-rule group. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/deny-rule-groups/SQLI_PARAM_VALUE" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 790
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:20.127Z"
},
"data" : {
"type" : "deny-rule-group",
"id" : "SQLI_PARAM_VALUE",
"attributes" : {
"name" : "(default) SQL Injection (SQLi) in Parameter Value",
"denyRules" : [ {
"securityLevel" : "BASIC",
"shortNames" : [ "SQL_020A", "SQL_030A", "SQL_060A" ]
}, {
"securityLevel" : "STANDARD",
"shortNames" : [ "SQL_005A", "SQL_020A", "SQL_025A", "SQL_030A", "SQL_045A", "SQL_055A", "SQL_060A", "SQL_065A" ]
}, {
"securityLevel" : "STRICT",
"shortNames" : [ "SQL_001A", "SQL_005A", "SQL_020A", "SQL_025A", "SQL_030A", "SQL_040A", "SQL_045A", "SQL_050A", "SQL_055A", "SQL_060A", "SQL_065A" ]
} ]
}
}
}
Deny Rules
Access all Deny Rules
GET /configuration/deny-rules
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "deny-rule" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Attack type covered by the deny rule. |
|
|
Short name of the deny rule group this rule is belongs to. |
|
|
The name of the deny rule. |
|
|
All restriction patterns used. Only active patterns will be returned. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Allowed values: |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/deny-rules" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 788
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:22.413Z"
},
"data" : [ {
"type" : "deny-rule",
"id" : "BADIP_001C",
"attributes" : {
"name" : "(default BADIP_001C) evil internal network",
"securityLevels" : [ ],
"attackType" : "0 day",
"groupShortName" : "BAD_IP"
}
}, {
"type" : "deny-rule",
"id" : "LDAP_001A",
"attributes" : {
"name" : "(default LDAP_001A) search subtree",
"securityLevels" : [ ],
"attackType" : "0 day",
"groupShortName" : "LDAP_PARAM_INJECTION",
"restrictions" : {
"parameterValuePattern" : {
"pattern" : "\\p{printable}",
"caseIgnored" : false,
"inverted" : true
}
}
}
} ]
}
Access a Deny Rule
GET /configuration/deny-rules/{id}
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "deny-rule" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Attack type covered by the deny rule. |
|
|
Short name of the deny rule group this rule is belongs to. |
|
|
The name of the deny rule. |
|
|
All restriction patterns used. Only active patterns will be returned. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Allowed values: |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/deny-rules/RULE_001A" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1379
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:22.385Z"
},
"data" : {
"type" : "deny-rule",
"id" : "RULE_001A",
"attributes" : {
"name" : "(default RULE_001A) some default deny rule",
"securityLevels" : [ ],
"attackType" : "0 day",
"groupShortName" : "DENY_001",
"restrictions" : {
"httpMethodPattern" : {
"pattern" : "^GET$",
"caseIgnored" : false,
"inverted" : true
},
"pathPattern" : {
"pattern" : "^/internal/",
"caseIgnored" : true,
"inverted" : false
},
"parameterNamePattern" : {
"pattern" : "(?:evil|bad)",
"caseIgnored" : true,
"inverted" : false
},
"parameterValuePattern" : {
"pattern" : "\\p{printable}",
"caseIgnored" : false,
"inverted" : true
},
"contentTypePattern" : {
"pattern" : "^image/",
"caseIgnored" : true,
"inverted" : false
},
"httpHeaderNamePattern" : {
"pattern" : "^X-",
"caseIgnored" : true,
"inverted" : false
},
"httpHeaderValuePattern" : {
"pattern" : "\\p{printable}",
"caseIgnored" : false,
"inverted" : true
}
}
}
}
}
IP Address List
Access all IP Address Lists
GET /configuration/ip-address-lists
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "ip-address-list" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
List of IP addresses (in CIDR notation). |
|
|
Name of the IP address list. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ip-address-lists" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 255
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:39.279Z"
},
"data" : [ {
"type" : "ip-address-list",
"id" : "1",
"attributes" : {
"name" : "tor-ip-list",
"ips" : [ "" ]
}
} ]
}
Access an IP Address List
GET /configuration/ip-address-lists/{id}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "ip-address-list" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
List of IP addresses (in CIDR notation). |
|
|
Name of the IP address list. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ip-address-lists/1" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 251
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:39.123Z"
},
"data" : {
"type" : "ip-address-list",
"id" : "1",
"attributes" : {
"name" : "tor-ip-list",
"ips" : [ "" ]
}
}
}
Create an IP Address List
POST /configuration/ip-address-lists
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "ip-address-list" for this call. |
|
|
yes |
List of IP addresses (in CIDR notation). |
|
|
yes |
Name of the IP address list. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "ip-address-list" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
List of IP addresses (in CIDR notation). |
|
|
Name of the IP address list. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ip-address-lists" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "ip-address-list",
"attributes" : {
"name" : "custom-ip-list",
"ips" : [ "127.0.0.1/24" ]
}
}
}'
Example Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 266
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:39.216Z"
},
"data" : {
"type" : "ip-address-list",
"id" : "3",
"attributes" : {
"name" : "custom-ip-list",
"ips" : [ "127.0.0.1/24" ]
}
}
}
Update an IP Address List
PATCH /configuration/ip-address-lists/{id}
Content-Type application/json
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "ip-address-list" for this call. |
|
|
yes |
The ID of the resource to be addressed. |
|
|
no |
List of IP addresses (in CIDR notation). |
|
|
no |
Name of the IP address list. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "ip-address-list" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
List of IP addresses (in CIDR notation). |
|
|
Name of the IP address list. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ip-address-lists/1" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "ip-address-list",
"id" : "1",
"attributes" : {
"name" : "custom-ip-list",
"ips" : [ "127.0.0.1/24" ]
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 266
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:39.292Z"
},
"data" : {
"type" : "ip-address-list",
"id" : "1",
"attributes" : {
"name" : "custom-ip-list",
"ips" : [ "127.0.0.1/24" ]
}
}
}
Delete an IP Address List
DELETE /configuration/ip-address-lists/{id}
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ip-address-lists/1" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Add Mapping Blacklist Connections
PATCH /configuration/ip-address-lists/{id}/relationships/mappings-blacklist
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
yes |
The ID of the referenced "mapping" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ip-address-lists/3/relationships/mappings-blacklist" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "mapping",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Mapping Blacklist Connections
DELETE /configuration/ip-address-lists/{id}/relationships/mappings-blacklist
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
yes |
The ID of the referenced "mapping" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ip-address-lists/3/relationships/mappings-blacklist" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "mapping",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Add Mapping Blacklist Exception Connections
PATCH /configuration/ip-address-lists/{id}/relationships/mappings-blacklist-exception
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
yes |
The ID of the referenced "mapping" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ip-address-lists/3/relationships/mappings-blacklist-exception" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "mapping",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Mapping Blacklist Exception Connections
DELETE /configuration/ip-address-lists/{id}/relationships/mappings-blacklist-exception
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
yes |
The ID of the referenced "mapping" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ip-address-lists/3/relationships/mappings-blacklist-exception" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "mapping",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Add Mapping Dos Attack Prevention Exception Connections
PATCH /configuration/ip-address-lists/{id}/relationships/mappings-dos-attack-prevention-exception
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
yes |
The ID of the referenced "mapping" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ip-address-lists/3/relationships/mappings-dos-attack-prevention-exception" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "mapping",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Mapping Dos Attack Prevention Exception Connections
DELETE /configuration/ip-address-lists/{id}/relationships/mappings-dos-attack-prevention-exception
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
yes |
The ID of the referenced "mapping" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ip-address-lists/3/relationships/mappings-dos-attack-prevention-exception" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "mapping",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Add Mapping Overload Prevention Exception Connections
PATCH /configuration/ip-address-lists/{id}/relationships/mappings-overload-prevention-exception
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
yes |
The ID of the referenced "mapping" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ip-address-lists/3/relationships/mappings-overload-prevention-exception" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "mapping",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Mapping Overload Prevention Exception Connections
DELETE /configuration/ip-address-lists/{id}/relationships/mappings-overload-prevention-exception
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
yes |
The ID of the referenced "mapping" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/ip-address-lists/3/relationships/mappings-overload-prevention-exception" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "mapping",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Dynamic IP Address Blacklist
Access Dynamic IP Address Blacklist Settings
GET /configuration/dynamic-ip-address-blacklist
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "dynamic-ip-address-blacklist" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Time period in seconds for which an IP is blocked once blacklisted. |
|
|
Number of blocks an IP must trigger during an observation period in order to get blacklisted. |
|
|
Time period in seconds for which an IP is observed. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/dynamic-ip-address-blacklist" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 300
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:24.394Z"
},
"data" : {
"type" : "dynamic-ip-address-blacklist",
"id" : "2",
"attributes" : {
"observationPeriod" : 60,
"blockThreshold" : 10,
"blockPeriod" : 120
}
}
}
Update Dynamic IP Address Blacklist Settings
PATCH /configuration/dynamic-ip-address-blacklist
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "dynamic-ip-address-blacklist" for this call. |
|
|
no |
Time period in seconds for which an IP is blocked once blacklisted. |
|
|
no |
Number of blocks an IP must trigger during an observation period in order to get blacklisted. |
|
|
no |
Time period in seconds for which an IP is observed. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "dynamic-ip-address-blacklist" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Time period in seconds for which an IP is blocked once blacklisted. |
|
|
Number of blocks an IP must trigger during an observation period in order to get blacklisted. |
|
|
Time period in seconds for which an IP is observed. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/dynamic-ip-address-blacklist" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "dynamic-ip-address-blacklist",
"attributes" : {
"observationPeriod" : 60,
"blockThreshold" : 10,
"blockPeriod" : 120
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 300
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:24.425Z"
},
"data" : {
"type" : "dynamic-ip-address-blacklist",
"id" : "2",
"attributes" : {
"observationPeriod" : 60,
"blockThreshold" : 10,
"blockPeriod" : 120
}
}
}
Error Pages
Access Error Pages Settings
GET /configuration/error-pages
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "error-pages" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
The path the error-pages are accessible on the virtual host. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/error-pages" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 225
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:26.467Z"
},
"data" : {
"type" : "error-pages",
"id" : "2",
"attributes" : {
"errorPath" : "/error"
}
}
}
Update Error Pages Settings
PATCH /configuration/error-pages
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "error-pages" for this call. |
|
|
no |
The path the error-pages are accessible on the virtual host. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "error-pages" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
The path the error-pages are accessible on the virtual host. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/error-pages" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "error-pages",
"attributes" : {
"errorPath" : "/error_path"
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 230
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:26.540Z"
},
"data" : {
"type" : "error-pages",
"id" : "2",
"attributes" : {
"errorPath" : "/error_path"
}
}
}
Export Error Pages
GET /configuration/error-pages/content
Accept application/zip
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/error-pages/content" -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/zip' \
-o '/tmp/download.zip'
Example Response
HTTP/1.1 200 OK
Content-Type: application/zip
Content-Length: 3054
Import Error Pages
PUT /configuration/error-pages/content
Content-Type application/zip
Note that prior to the import, a configuration must first be loaded.
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/error-pages/content" -i -X PUT \
-H 'Content-Type: application/zip' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
--data-binary '@/tmp/upload.zip'
Example Response
HTTP/1.1 200 OK
Delete Error Pages
DELETE /configuration/error-pages/content
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/error-pages/content" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Export Error Pages Templates
GET /configuration/error-pages/content/default
Accept application/zip
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/error-pages/content/default" -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/zip' \
-o '/tmp/download.zip'
Example Response
HTTP/1.1 200 OK
Content-Type: application/zip
Content-Length: 3054
System Templates
Access all System Mapping Templates
GET /configuration/templates/mappings
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
Optionally allows to filter by: 'group', 'application' and 'name'. Click here for more details about the syntax. |
no |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "template.mapping" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Application name of the system mapping template. |
|
|
Group name of the system mapping template. |
|
|
Name of the mapping inside the mapping template. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/templates/mappings?filter=name%3D%3DNew_Mapping" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 361
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:54.609Z"
},
"data" : [ {
"type" : "mapping-template",
"id" : "/weO3jCCp0b7tVQflvDzc5H6wgM6V6ou+uOL3yStsl8=",
"attributes" : {
"group" : "Airlock Gateway",
"application" : "Medium Security Mapping",
"name" : "New_Mapping"
}
} ]
}
Session Settings
Access Session Settings
GET /configuration/session
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "session" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Whether Airlock Gateway should interpret the domain and the path attribute of cookies that are stored in the cookie store. |
|
|
Name of Airlock Gateway’s CSRF token. |
|
|
If enabled, the number of sessions that can be concurrently allocated by the same source IP address is limited. |
|
|
Maximum number of concurrent sessions (total of authenticated and unauthenticated sessions) that can be allocated by the same source IP address. |
|
|
The passphrase for the passphrase based encryption mechanism (PBE). |
|
|
URL to which mappings with a role restriction and "access.deniedUrl.mode" set to "GLOBAL" should redirect when authentication is required. |
|
|
Name of the load-balancing cookie. This cookie is used to keep track of non-critical load balancing status information. |
|
|
If enabled, Airlock Gateway will automatically adapt the session store size. |
|
|
Allowed values: |
|
|
Name of the host running the Redis Server. |
|
|
Port on which the Redis Server is listening. |
|
|
Size of the Session Store in MiB. |
|
|
Whether the session shall be tracked by using a cookie or the SSL session ID. |
|
|
Name of the session cookie. |
|
|
Session lifetime in seconds. |
|
|
Session timeout in seconds. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/session" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1073
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:52.935Z"
},
"data" : {
"type" : "session",
"id" : "2",
"attributes" : {
"store" : {
"mode" : "SERVER",
"autoSizingEnabled" : true,
"size" : 100,
"redisServers" : [ {
"hostName" : "myRedisServerHostname",
"port" : 1234
} ]
},
"tracking" : {
"basedOn" : "COOKIE",
"timeout" : 600,
"lifetime" : 28800,
"cookieName" : "AL_SESS"
},
"dosMitigation" : {
"enabled" : true,
"maxSessionsPerIp" : 1500
},
"csrfTokenName" : "CSRFT759",
"loadbalancingCookieName" : "AL_BALANCE",
"cookieStoreDomainInterpretationEnabled" : true,
"encryptionPassphrase" : "secret",
"globalDeniedAccessUrl" : "/auth/check-login"
},
"relationships" : {
"session-dos-mitigation-source-ip-whitelist" : {
"data" : {
"type" : "ip-address-list",
"id" : "42"
}
}
}
}
}
Update Session Settings
PATCH /configuration/session
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "session" for this call. |
|
|
no |
Whether Airlock Gateway should interpret the domain and the path attribute of cookies that are stored in the cookie store. |
|
|
no |
Name of Airlock Gateway’s CSRF token. |
|
|
no |
If enabled, the number of sessions that can be concurrently allocated by the same source IP address is limited. |
|
|
no |
Maximum number of concurrent sessions (total of authenticated and unauthenticated sessions) that can be allocated by the same source IP address. |
|
|
no |
The passphrase for the passphrase based encryption mechanism (PBE). |
|
|
no |
URL to which mappings with a role restriction and "access.deniedUrl.mode" set to "GLOBAL" should redirect when authentication is required. |
|
|
no |
Name of the load-balancing cookie. This cookie is used to keep track of non-critical load balancing status information. |
|
|
no |
If enabled, Airlock Gateway will automatically adapt the session store size. |
|
|
no |
Allowed values: |
|
|
no |
Name of the host running the Redis Server. |
|
|
no |
Port on which the Redis Server is listening. |
|
|
no |
Size of the Session Store in MiB. |
|
|
no |
Whether the session shall be tracked by using a cookie or the SSL session ID. |
|
|
no |
Name of the session cookie. |
|
|
no |
Session lifetime in seconds. |
|
|
no |
Session timeout in seconds. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "session" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Whether Airlock Gateway should interpret the domain and the path attribute of cookies that are stored in the cookie store. |
|
|
Name of Airlock Gateway’s CSRF token. |
|
|
If enabled, the number of sessions that can be concurrently allocated by the same source IP address is limited. |
|
|
Maximum number of concurrent sessions (total of authenticated and unauthenticated sessions) that can be allocated by the same source IP address. |
|
|
The passphrase for the passphrase based encryption mechanism (PBE). |
|
|
URL to which mappings with a role restriction and "access.deniedUrl.mode" set to "GLOBAL" should redirect when authentication is required. |
|
|
Name of the load-balancing cookie. This cookie is used to keep track of non-critical load balancing status information. |
|
|
If enabled, Airlock Gateway will automatically adapt the session store size. |
|
|
Allowed values: |
|
|
Name of the host running the Redis Server. |
|
|
Port on which the Redis Server is listening. |
|
|
Size of the Session Store in MiB. |
|
|
Whether the session shall be tracked by using a cookie or the SSL session ID. |
|
|
Name of the session cookie. |
|
|
Session lifetime in seconds. |
|
|
Session timeout in seconds. |
|
|
The ip-address-list references. |
|
|
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
The ID of the ip-address-list resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/session" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "session",
"attributes" : {
"store" : {
"mode" : "SERVER",
"autoSizingEnabled" : true,
"size" : 100,
"redisServers" : [ {
"hostName" : "redisServerHostname",
"port" : 1234
} ]
},
"tracking" : {
"basedOn" : "SSL_SESSION_ID",
"timeout" : 60,
"lifetime" : 28800,
"cookieName" : "MY_SESSION_COOKIE_NAME"
},
"dosMitigation" : {
"enabled" : true,
"maxSessionsPerIp" : 1500
},
"csrfTokenName" : "myCsrfTokenName",
"loadbalancingCookieName" : "MY_LOADBALANCING_COOKIE_NAME",
"cookieStoreDomainInterpretationEnabled" : true,
"encryptionPassphrase" : "pbePassPhrase",
"globalDeniedAccessUrl" : "myGlobalDeniedAccessUrl"
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1131
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:52.989Z"
},
"data" : {
"type" : "session",
"id" : "2",
"attributes" : {
"store" : {
"mode" : "SERVER",
"autoSizingEnabled" : true,
"size" : 100,
"redisServers" : [ {
"hostName" : "redisServerHostname",
"port" : 1234
} ]
},
"tracking" : {
"basedOn" : "SSL_SESSION_ID",
"timeout" : 60,
"lifetime" : 28800,
"cookieName" : "MY_SESSION_COOKIE_NAME"
},
"dosMitigation" : {
"enabled" : true,
"maxSessionsPerIp" : 1500
},
"csrfTokenName" : "myCsrfTokenName",
"loadbalancingCookieName" : "MY_LOADBALANCING_COOKIE_NAME",
"cookieStoreDomainInterpretationEnabled" : true,
"encryptionPassphrase" : "pbePassPhrase",
"globalDeniedAccessUrl" : "myGlobalDeniedAccessUrl"
},
"relationships" : {
"session-dos-mitigation-source-ip-whitelist" : {
"data" : {
"type" : "ip-address-list",
"id" : "42"
}
}
}
}
}
Add Connection to Session DoS Mitigation Source IP Whitelist
PATCH /configuration/session/relationships/session-dos-mitigation-source-ip-whitelist
Content-Type application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
yes |
The ID of the referenced "ip-address-list" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/session/relationships/session-dos-mitigation-source-ip-whitelist" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "ip-address-list",
"id" : "42"
}
}'
Example Response
HTTP/1.1 204 No Content
Remove Connection to Session DoS Mitigation Source IP Whitelist
DELETE /configuration/session/relationships/session-dos-mitigation-source-ip-whitelist
Content-Type application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "ip-address-list" for this call. |
|
|
yes |
The ID of the referenced "ip-address-list" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/session/relationships/session-dos-mitigation-source-ip-whitelist" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "ip-address-list",
"id" : "42"
}
}'
Example Response
HTTP/1.1 204 No Content
License
Access License
GET /configuration/license
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "license-response" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Number of licensed back-end hosts. |
|
|
License is valid for Appliance (A) or Microgateway (M) |
|
|
Environment for which the license was issued. |
|
|
Expiry date. |
|
|
Grace margin for authenticated sessions. |
|
|
Whether Airlock Anomaly Shield is licensed. |
|
|
Whether the API Gateway features are licensed. |
|
|
Whether ICAP is licensed. |
|
|
Whether Kerberos is licensed. |
|
|
Whether full filtering is licensed. |
|
|
Whether Webroot Threat Intelligence is licensed. |
|
|
Your anonymized user id. |
|
|
Webroot Threat Intelligence license type. |
|
|
List of licensed ethernet addresses. |
|
|
License owner. |
|
|
License can be cloud license and restricted to Amazon Web Services (A), Google Compute Engine (G), Microsoft Azure (Z) or empty. |
|
|
Encoded license string. |
|
|
Licensed request rate. |
|
|
Number of licensed authenticated sessions. |
|
|
Whether this is a trial license. |
|
|
Number of licensed back-end hosts in used. |
|
|
License version. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/license" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1929
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:43.474Z"
},
"data" : {
"type" : "license-response",
"id" : "2",
"attributes" : {
"version" : "4",
"owner" : "Ergon Informatik AG",
"environment" : "Production - HA",
"expiry" : "2525-01-01",
"licensedFeatures" : {
"icap" : true,
"kerberos" : true,
"policyEnforcement" : true,
"apiGateway" : true,
"anomalyShield" : false,
"webrootThreatIntelligence" : false,
"webrootThreatIntelligenceLicenseType" : "",
"webrootThreatIntelligenceLicenseCustomerId" : ""
},
"trial" : false,
"deploymentForm" : "A",
"platformRestriction" : "A",
"sessions" : 10000,
"graceMargin" : 20000,
"requestRate" : 0,
"backendHosts" : 50,
"usedBackendHosts" : 0,
"macAddresses" : [ "56:00:ca:fe:ba:be", "56:00:de:ad:be:ef" ],
"rawLicense" : "-----BEGIN LICENSE-----\neJxF0EmTmlAUBeD/4pZUCQo0pCoLJmVGmVRCFswyvPeUx2hX//dYWaSX9zvn\nbO7nZip6XCNoJQ3qNz831ObHf6rhPyLf1NVZAXGBNz9/f24AyseueCdC3Xco\na78nb2O+2+8L7p2Liw4i44yQSRheWlxUWTdPI6i5p+RnOxIvJ3xxXkp3ssp5\nTS6RA9NcZP3p0ZGSx3CHfHjXnxPzce0KaunV5GziiMEB75/b52Ml1sH1yWfT\na0lik2zAYEUEw3rOKIW8EPQ1hvNACxY27EOtJKMjqTo07sjolEU7K/d9dVrJ\ntqD9gLoK2Dfti7f6Qu1lu+hhyfohugs2c2Ml1sH1yWfTzxELPMOaqqrvJDjl\nqT9KB1CpU9iQ8t33+PLDTRocuvsKmWmx8k9VimFC9FqGczEKTvpjvIFkfWVc\n4rTLLuuPQ7rctHKm5celGptmndWrBdPpchJpnWs4x9nbMWR0uFWAoFKcMPKl\nWzZzR9f+o1dIHU8AgK6Ri6SpVKIhweU0Yh/GIgbZfpnWs4x9cAyz/EYo/K2l\n2GOdHh7R1jqEQP+Q6vJaXF3q7Bwq0zHVVD81aNKE7AJe4tofXGvo8vRk6zGU\nJfVqDMOuGgxPpNrRZMHC50Dy62Mz3XnAWS5bYXcnW7a8yuHeCfsZv6aPaSgT\nVyWoGAZmyUI7B65o0xkb3shKOoVZZ6So01DkS4jVCcZHC50Dy629a/QBVIPT\nOpl3kIiLV8SwlxAilezm80y9tefgxvKue59RymvCIonIjoryynXEVlrzasko\nkTYz9BSE/RJB2mXff5BYntAs62Mz3XnAWS5bYXcnWd2ZGDZtpciscfMIlAuH\nfsVw8/Xn6y9lSRIB\n-----END LICENSE-----\n"
}
}
}
Update License
PATCH /configuration/license
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "license-response" for this call. |
|
|
no |
Encoded license. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "license-response" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Number of licensed back-end hosts. |
|
|
License is valid for Appliance (A) or Microgateway (M) |
|
|
Environment for which the license was issued. |
|
|
Expiry date. |
|
|
Grace margin for authenticated sessions. |
|
|
Whether Airlock Anomaly Shield is licensed. |
|
|
Whether the API Gateway features are licensed. |
|
|
Whether ICAP is licensed. |
|
|
Whether Kerberos is licensed. |
|
|
Whether full filtering is licensed. |
|
|
Whether Webroot Threat Intelligence is licensed. |
|
|
Your anonymized user id. |
|
|
Webroot Threat Intelligence license type. |
|
|
List of licensed ethernet addresses. |
|
|
License owner. |
|
|
License can be cloud license and restricted to Amazon Web Services (A), Google Compute Engine (G), Microsoft Azure (Z) or empty. |
|
|
Encoded license string. |
|
|
Licensed request rate. |
|
|
Number of licensed authenticated sessions. |
|
|
Whether this is a trial license. |
|
|
Number of licensed back-end hosts in used. |
|
|
License version. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/license" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "license",
"attributes" : {
"license" : "-----BEGIN LICENSE-----\neJxF0EmTmlAUBeD/4pZUCQo0pCoLJmVGmVRCFswyvPeUx2hX//dYWaSX9zvn\nbO7nZip6XCNoJQ3qNz831ObHf6rhPyLf1NVZAXGBNz9/f24AyseueCdC3Xco\na78nb2O+2+8L7p2Liw4i44yQSRheWlxUWTdPI6i5p+RnOxIvJ3xxXkp3ssp5\nTS6RA9NcZP3p0ZGSx3CHfHjXnxPzce0KaunV5GziiMEB75/b52Ml1sH1yWfT\na0lik2zAYEUEw3rOKIW8EPQ1hvNACxY27EOtJKMjqTo07sjolEU7K/d9dVrJ\ntqD9gLoK2Dfti7f6Qu1lu+hhyfohugs2c2Ml1sH1yWfTzxELPMOaqqrvJDjl\nqT9KB1CpU9iQ8t33+PLDTRocuvsKmWmx8k9VimFC9FqGczEKTvpjvIFkfWVc\n4rTLLuuPQ7rctHKm5celGptmndWrBdPpchJpnWs4x9nbMWR0uFWAoFKcMPKl\nWzZzR9f+o1dIHU8AgK6Ri6SpVKIhweU0Yh/GIgbZfpnWs4x9cAyz/EYo/K2l\n2GOdHh7R1jqEQP+Q6vJaXF3q7Bwq0zHVVD81aNKE7AJe4tofXGvo8vRk6zGU\nJfVqDMOuGgxPpNrRZMHC50Dy62Mz3XnAWS5bYXcnW7a8yuHeCfsZv6aPaSgT\nVyWoGAZmyUI7B65o0xkb3shKOoVZZ6So01DkS4jVCcZHC50Dy629a/QBVIPT\nOpl3kIiLV8SwlxAilezm80y9tefgxvKue59RymvCIonIjoryynXEVlrzasko\nkTYz9BSE/RJB2mXff5BYntAs62Mz3XnAWS5bYXcnWd2ZGDZtpciscfMIlAuH\nfsVw8/Xn6y9lSRIB\n-----END LICENSE-----\n"
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1835
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:43.531Z"
},
"data" : {
"type" : "license-response",
"id" : "2",
"attributes" : {
"version" : "",
"owner" : "",
"environment" : "",
"expiry" : "",
"licensedFeatures" : {
"icap" : false,
"kerberos" : false,
"policyEnforcement" : true,
"apiGateway" : false,
"anomalyShield" : false,
"webrootThreatIntelligence" : false,
"webrootThreatIntelligenceLicenseType" : "",
"webrootThreatIntelligenceLicenseCustomerId" : ""
},
"trial" : false,
"deploymentForm" : "",
"platformRestriction" : "",
"sessions" : 0,
"graceMargin" : 0,
"requestRate" : 0,
"backendHosts" : 0,
"usedBackendHosts" : 0,
"macAddresses" : [ ],
"rawLicense" : "-----BEGIN LICENSE-----\neJxF0EmTmlAUBeD/4pZUCQo0pCoLJmVGmVRCFswyvPeUx2hX//dYWaSX9zvn\nbO7nZip6XCNoJQ3qNz831ObHf6rhPyLf1NVZAXGBNz9/f24AyseueCdC3Xco\na78nb2O+2+8L7p2Liw4i44yQSRheWlxUWTdPI6i5p+RnOxIvJ3xxXkp3ssp5\nTS6RA9NcZP3p0ZGSx3CHfHjXnxPzce0KaunV5GziiMEB75/b52Ml1sH1yWfT\na0lik2zAYEUEw3rOKIW8EPQ1hvNACxY27EOtJKMjqTo07sjolEU7K/d9dVrJ\ntqD9gLoK2Dfti7f6Qu1lu+hhyfohugs2c2Ml1sH1yWfTzxELPMOaqqrvJDjl\nqT9KB1CpU9iQ8t33+PLDTRocuvsKmWmx8k9VimFC9FqGczEKTvpjvIFkfWVc\n4rTLLuuPQ7rctHKm5celGptmndWrBdPpchJpnWs4x9nbMWR0uFWAoFKcMPKl\nWzZzR9f+o1dIHU8AgK6Ri6SpVKIhweU0Yh/GIgbZfpnWs4x9cAyz/EYo/K2l\n2GOdHh7R1jqEQP+Q6vJaXF3q7Bwq0zHVVD81aNKE7AJe4tofXGvo8vRk6zGU\nJfVqDMOuGgxPpNrRZMHC50Dy62Mz3XnAWS5bYXcnW7a8yuHeCfsZv6aPaSgT\nVyWoGAZmyUI7B65o0xkb3shKOoVZZ6So01DkS4jVCcZHC50Dy629a/QBVIPT\nOpl3kIiLV8SwlxAilezm80y9tefgxvKue59RymvCIonIjoryynXEVlrzasko\nkTYz9BSE/RJB2mXff5BYntAs62Mz3XnAWS5bYXcnWd2ZGDZtpciscfMIlAuH\nfsVw8/Xn6y9lSRIB\n-----END LICENSE-----\n"
}
}
}
Clear License
DELETE /configuration/license
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/license" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Nodes
Access Current Node and Interfaces
GET /configuration/nodes/current
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "node" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
The IP address in CIDR format. |
|
|
The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
Private IP address of the mirror host of this external network interface. This is the private failover IP address of the other Airlock Gateway instance. |
|
|
Private IP address that this external network interface uses for the failover communication link. |
|
|
Static system host/node name (ignored if hostNameDhcpInterface is set). |
|
|
Name of the physical interface from which to retrieve the hostname via DHCP. |
|
|
IP address in CIDR format. |
|
|
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
Port on which the Configuration Center listens for HTTPS (SSL/TLS) connections. |
|
|
Bonding mode to use. Allowed values: |
|
|
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
Logical name of the first physical interface that is part of the bonding interface. |
|
|
Logical name of the second physical interface that is part of the bonding interface. |
|
|
Physical interface that is connected to the logical name. |
|
|
Allowed values: |
|
|
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
The logical name of the physical or bonded interface on which the VLAN for this virtual interface is configured. |
|
|
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
ID of the VLAN to which the virtual interface should be connected. |
|
|
Skin color of the Configuration Center GUI. |
|
|
The ssl-certificate references. |
|
|
The data type of the referenced resource. Must be "ssl-certificate" for this call. |
|
|
The ID of the ssl-certificate resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/nodes/current" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1717
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:10.795Z"
},
"data" : {
"type" : "node",
"id" : "3",
"attributes" : {
"hostName" : "localhost",
"hostNameDhcpInterface" : "eth0",
"skinName" : "skinBlue",
"networkInterfaces" : {
"physical" : [ {
"logicalName" : "EXT0-a",
"dhcpMode" : "DHCPV4",
"device" : "hme0",
"mtu" : 1500
}, {
"logicalName" : "EXT0-b",
"dhcpMode" : "DHCPV4",
"device" : "hne1",
"mtu" : 1500
} ],
"bonded" : [ {
"logicalName" : "BOND0",
"slaveInterfaces" : {
"first" : "EXT0-a",
"second" : "EXT0-b"
},
"bondingMode" : "BALANCE_RR",
"mtu" : 1500
} ],
"virtual" : [ {
"logicalName" : "MGT",
"baseInterfaceName" : "EXT",
"vlan" : 1,
"mtu" : 1500
}, {
"logicalName" : "BACK",
"baseInterfaceName" : "EXT",
"vlan" : 1,
"mtu" : 1500
} ]
},
"backendAddresses" : [ {
"logicalName" : "MGT",
"ipAddress" : "192.168.0.1"
} ],
"managementAddresses" : [ {
"logicalName" : "BACK",
"ipAddress" : "192.168.1.1",
"port" : 443
} ],
"failoverAddresses" : [ {
"logicalName" : "FAILOVER",
"privateIpAddress" : "10.0.69.1/24",
"mirrorIpAddress" : "10.0.69.2"
} ]
},
"relationships" : {
"ssl-certificate" : {
"data" : {
"type" : "ssl-certificate",
"id" : "-1000"
}
}
}
}
}
Update Current Node and Interfaces
PATCH /configuration/nodes/current
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "node" for this call. |
|
|
yes |
The ID of the resource to be addressed. |
|
|
no |
The IP address in CIDR format. |
|
|
no |
The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
no |
The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
no |
Private IP address of the mirror host of this external network interface. This is the private failover IP address of the other Airlock Gateway instance. |
|
|
no |
Private IP address that this external network interface uses for the failover communication link. |
|
|
no |
Static system host/node name (ignored if hostNameDhcpInterface is set). |
|
|
no |
Name of the physical interface from which to retrieve the hostname via DHCP. |
|
|
no |
IP address in CIDR format. |
|
|
no |
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
no |
Port on which the Configuration Center listens for HTTPS (SSL/TLS) connections. |
|
|
no |
Bonding mode to use. Allowed values: |
|
|
no |
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
no |
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
no |
Logical name of the first physical interface that is part of the bonding interface. |
|
|
no |
Logical name of the second physical interface that is part of the bonding interface. |
|
|
no |
Physical interface that is connected to the logical name. |
|
|
no |
Allowed values: |
|
|
no |
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
no |
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
no |
The logical name of the physical or bonded interface on which the VLAN for this virtual interface is configured. |
|
|
no |
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
no |
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
no |
ID of the VLAN to which the virtual interface should be connected. |
|
|
no |
Skin color of the Configuration Center GUI. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "node" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
The IP address in CIDR format. |
|
|
The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
Private IP address of the mirror host of this external network interface. This is the private failover IP address of the other Airlock Gateway instance. |
|
|
Private IP address that this external network interface uses for the failover communication link. |
|
|
Static system host/node name (ignored if hostNameDhcpInterface is set). |
|
|
Name of the physical interface from which to retrieve the hostname via DHCP. |
|
|
IP address in CIDR format. |
|
|
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
Port on which the Configuration Center listens for HTTPS (SSL/TLS) connections. |
|
|
Bonding mode to use. Allowed values: |
|
|
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
Logical name of the first physical interface that is part of the bonding interface. |
|
|
Logical name of the second physical interface that is part of the bonding interface. |
|
|
Physical interface that is connected to the logical name. |
|
|
Allowed values: |
|
|
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
The logical name of the physical or bonded interface on which the VLAN for this virtual interface is configured. |
|
|
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
ID of the VLAN to which the virtual interface should be connected. |
|
|
Skin color of the Configuration Center GUI. |
|
|
The ssl-certificate references. |
|
|
The data type of the referenced resource. Must be "ssl-certificate" for this call. |
|
|
The ID of the ssl-certificate resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/nodes/current" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "node",
"id" : "3",
"attributes" : {
"hostName" : "testHost",
"hostNameDhcpInterface" : "MGT",
"skinName" : "skinBlue",
"networkInterfaces" : {
"physical" : [ {
"logicalName" : "MGT",
"dhcpMode" : "DHCPV4",
"device" : "hme0",
"mtu" : 1499
} ],
"bonded" : [ {
"logicalName" : "EXT",
"slaveInterfaces" : {
"first" : "EXT0-a",
"second" : "EXT0-b"
},
"bondingMode" : "ACTIVE_BACKUP",
"mtu" : 1300
} ],
"virtual" : [ {
"logicalName" : "BACK",
"baseInterfaceName" : "MGT",
"vlan" : 42,
"mtu" : 1400
} ]
},
"backendAddresses" : [ {
"logicalName" : "BACK",
"ipAddress" : "127.1.0.1"
} ],
"managementAddresses" : [ {
"logicalName" : "MGT",
"ipAddress" : "127.2.0.1",
"port" : 443
} ],
"failoverAddresses" : [ {
"logicalName" : "FAILOVER",
"privateIpAddress" : "127.0.0.1/24",
"mirrorIpAddress" : "127.0.0.2"
} ]
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1446
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:10.815Z"
},
"data" : {
"type" : "node",
"id" : "3",
"attributes" : {
"hostName" : "testHost",
"hostNameDhcpInterface" : "MGT",
"skinName" : "skinBlue",
"networkInterfaces" : {
"physical" : [ {
"logicalName" : "MGT",
"dhcpMode" : "DHCPV4",
"device" : "hme0",
"mtu" : 1499
} ],
"bonded" : [ {
"logicalName" : "EXT",
"slaveInterfaces" : {
"first" : "EXT0-a",
"second" : "EXT0-b"
},
"bondingMode" : "ACTIVE_BACKUP",
"mtu" : 1300
} ],
"virtual" : [ {
"logicalName" : "BACK",
"baseInterfaceName" : "MGT",
"vlan" : 42,
"mtu" : 1400
} ]
},
"backendAddresses" : [ {
"logicalName" : "BACK",
"ipAddress" : "127.1.0.1"
} ],
"managementAddresses" : [ {
"logicalName" : "MGT",
"ipAddress" : "127.2.0.1",
"port" : 443
} ],
"failoverAddresses" : [ {
"logicalName" : "FAILOVER",
"privateIpAddress" : "127.0.0.1/24",
"mirrorIpAddress" : "127.0.0.2"
} ]
},
"relationships" : {
"ssl-certificate" : {
"data" : {
"type" : "ssl-certificate",
"id" : "-1000"
}
}
}
}
}
Add Management Access SSL Certificate Connection on Current Node
PATCH /configuration/nodes/current/relationships/ssl-certificate
Content-Type application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "ssl-certificate" for this call. |
|
|
yes |
The ID of the referenced "ssl-certificate" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/nodes/current/relationships/ssl-certificate" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "ssl-certificate",
"id" : "2"
}
}'
Example Response
HTTP/1.1 204 No Content
Remove Management Access SSL Certificate Connection on Current Node
DELETE /configuration/nodes/current/relationships/ssl-certificate
Content-Type application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "ssl-certificate" for this call. |
|
|
yes |
The ID of the referenced "ssl-certificate" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/nodes/current/relationships/ssl-certificate" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "ssl-certificate",
"id" : "2"
}
}'
Example Response
HTTP/1.1 204 No Content
Access all Nodes and Interfaces
GET /configuration/nodes
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "node" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
The IP address in CIDR format. |
|
|
The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
Private IP address of the mirror host of this external network interface. This is the private failover IP address of the other Airlock Gateway instance. |
|
|
Private IP address that this external network interface uses for the failover communication link. |
|
|
Static system host/node name (ignored if hostNameDhcpInterface is set). |
|
|
Name of the physical interface from which to retrieve the hostname via DHCP. |
|
|
IP address in CIDR format. |
|
|
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
Port on which the Configuration Center listens for HTTPS (SSL/TLS) connections. |
|
|
Bonding mode to use. Allowed values: |
|
|
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
Logical name of the first physical interface that is part of the bonding interface. |
|
|
Logical name of the second physical interface that is part of the bonding interface. |
|
|
Physical interface that is connected to the logical name. |
|
|
Allowed values: |
|
|
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
The logical name of the physical or bonded interface on which the VLAN for this virtual interface is configured. |
|
|
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
ID of the VLAN to which the virtual interface should be connected. |
|
|
Skin color of the Configuration Center GUI. |
|
|
The ssl-certificate references. |
|
|
The data type of the referenced resource. Must be "ssl-certificate" for this call. |
|
|
The ID of the ssl-certificate resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/nodes" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1721
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:10.778Z"
},
"data" : [ {
"type" : "node",
"id" : "1",
"attributes" : {
"hostName" : "localhost",
"hostNameDhcpInterface" : "eth0",
"skinName" : "skinBlue",
"networkInterfaces" : {
"physical" : [ {
"logicalName" : "EXT0-a",
"dhcpMode" : "DHCPV4",
"device" : "hme0",
"mtu" : 1500
}, {
"logicalName" : "EXT0-b",
"dhcpMode" : "DHCPV4",
"device" : "hne1",
"mtu" : 1500
} ],
"bonded" : [ {
"logicalName" : "BOND0",
"slaveInterfaces" : {
"first" : "EXT0-a",
"second" : "EXT0-b"
},
"bondingMode" : "BALANCE_RR",
"mtu" : 1500
} ],
"virtual" : [ {
"logicalName" : "MGT",
"baseInterfaceName" : "EXT",
"vlan" : 1,
"mtu" : 1500
}, {
"logicalName" : "BACK",
"baseInterfaceName" : "EXT",
"vlan" : 1,
"mtu" : 1500
} ]
},
"backendAddresses" : [ {
"logicalName" : "MGT",
"ipAddress" : "192.168.0.1"
} ],
"managementAddresses" : [ {
"logicalName" : "BACK",
"ipAddress" : "192.168.1.1",
"port" : 443
} ],
"failoverAddresses" : [ {
"logicalName" : "FAILOVER",
"privateIpAddress" : "10.0.69.1/24",
"mirrorIpAddress" : "10.0.69.2"
} ]
},
"relationships" : {
"ssl-certificate" : {
"data" : {
"type" : "ssl-certificate",
"id" : "-1000"
}
}
}
} ]
}
Access a Node
GET /configuration/nodes/{id}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "node" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
The IP address in CIDR format. |
|
|
The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
Private IP address of the mirror host of this external network interface. This is the private failover IP address of the other Airlock Gateway instance. |
|
|
Private IP address that this external network interface uses for the failover communication link. |
|
|
Static system host/node name (ignored if hostNameDhcpInterface is set). |
|
|
Name of the physical interface from which to retrieve the hostname via DHCP. |
|
|
IP address in CIDR format. |
|
|
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
Port on which the Configuration Center listens for HTTPS (SSL/TLS) connections. |
|
|
Bonding mode to use. Allowed values: |
|
|
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
Logical name of the first physical interface that is part of the bonding interface. |
|
|
Logical name of the second physical interface that is part of the bonding interface. |
|
|
Physical interface that is connected to the logical name. |
|
|
Allowed values: |
|
|
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
The logical name of the physical or bonded interface on which the VLAN for this virtual interface is configured. |
|
|
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
ID of the VLAN to which the virtual interface should be connected. |
|
|
Skin color of the Configuration Center GUI. |
|
|
The ssl-certificate references. |
|
|
The data type of the referenced resource. Must be "ssl-certificate" for this call. |
|
|
The ID of the ssl-certificate resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/nodes/3" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1717
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:10.587Z"
},
"data" : {
"type" : "node",
"id" : "3",
"attributes" : {
"hostName" : "localhost",
"hostNameDhcpInterface" : "eth0",
"skinName" : "skinBlue",
"networkInterfaces" : {
"physical" : [ {
"logicalName" : "EXT0-a",
"dhcpMode" : "DHCPV4",
"device" : "hme0",
"mtu" : 1500
}, {
"logicalName" : "EXT0-b",
"dhcpMode" : "DHCPV4",
"device" : "hne1",
"mtu" : 1500
} ],
"bonded" : [ {
"logicalName" : "BOND0",
"slaveInterfaces" : {
"first" : "EXT0-a",
"second" : "EXT0-b"
},
"bondingMode" : "BALANCE_RR",
"mtu" : 1500
} ],
"virtual" : [ {
"logicalName" : "MGT",
"baseInterfaceName" : "EXT",
"vlan" : 1,
"mtu" : 1500
}, {
"logicalName" : "BACK",
"baseInterfaceName" : "EXT",
"vlan" : 1,
"mtu" : 1500
} ]
},
"backendAddresses" : [ {
"logicalName" : "MGT",
"ipAddress" : "192.168.0.1"
} ],
"managementAddresses" : [ {
"logicalName" : "BACK",
"ipAddress" : "192.168.1.1",
"port" : 443
} ],
"failoverAddresses" : [ {
"logicalName" : "FAILOVER",
"privateIpAddress" : "10.0.69.1/24",
"mirrorIpAddress" : "10.0.69.2"
} ]
},
"relationships" : {
"ssl-certificate" : {
"data" : {
"type" : "ssl-certificate",
"id" : "-1000"
}
}
}
}
}
Create a Node
If you try to create more than a total of two nodes (current and failover), the error code 'BAD REQUEST' will be returned.
POST /configuration/nodes
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "node" for this call. |
|
|
yes |
The IP address in CIDR format. |
|
|
yes |
The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
yes |
The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
yes |
Private IP address of the mirror host of this external network interface. This is the private failover IP address of the other Airlock Gateway instance. |
|
|
yes |
Private IP address that this external network interface uses for the failover communication link. |
|
|
yes |
Static system host/node name (ignored if hostNameDhcpInterface is set). |
|
|
yes |
Name of the physical interface from which to retrieve the hostname via DHCP. |
|
|
yes |
IP address in CIDR format. |
|
|
yes |
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
yes |
Port on which the Configuration Center listens for HTTPS (SSL/TLS) connections. |
|
|
yes |
Bonding mode to use. Allowed values: |
|
|
yes |
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
yes |
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
yes |
Logical name of the first physical interface that is part of the bonding interface. |
|
|
yes |
Logical name of the second physical interface that is part of the bonding interface. |
|
|
yes |
Physical interface that is connected to the logical name. |
|
|
yes |
Allowed values: |
|
|
yes |
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
yes |
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
yes |
The logical name of the physical or bonded interface on which the VLAN for this virtual interface is configured. |
|
|
yes |
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
yes |
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
yes |
ID of the VLAN to which the virtual interface should be connected. |
|
|
yes |
Skin color of the Configuration Center GUI. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "node" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
The IP address in CIDR format. |
|
|
The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
Private IP address of the mirror host of this external network interface. This is the private failover IP address of the other Airlock Gateway instance. |
|
|
Private IP address that this external network interface uses for the failover communication link. |
|
|
Static system host/node name (ignored if hostNameDhcpInterface is set). |
|
|
Name of the physical interface from which to retrieve the hostname via DHCP. |
|
|
IP address in CIDR format. |
|
|
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
Port on which the Configuration Center listens for HTTPS (SSL/TLS) connections. |
|
|
Bonding mode to use. Allowed values: |
|
|
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
Logical name of the first physical interface that is part of the bonding interface. |
|
|
Logical name of the second physical interface that is part of the bonding interface. |
|
|
Physical interface that is connected to the logical name. |
|
|
Allowed values: |
|
|
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
The logical name of the physical or bonded interface on which the VLAN for this virtual interface is configured. |
|
|
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
ID of the VLAN to which the virtual interface should be connected. |
|
|
Skin color of the Configuration Center GUI. |
|
|
The ssl-certificate references. |
|
|
The data type of the referenced resource. Must be "ssl-certificate" for this call. |
|
|
The ID of the ssl-certificate resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/nodes" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "node",
"attributes" : {
"hostName" : "failo",
"hostNameDhcpInterface" : "pci4n",
"skinName" : "orange",
"networkInterfaces" : {
"physical" : [ {
"logicalName" : "MGT",
"dhcpMode" : "DHCPV4",
"device" : "pci4n",
"mtu" : 1499
} ],
"bonded" : [ {
"logicalName" : "EXT",
"slaveInterfaces" : {
"first" : "EXT0-a",
"second" : "EXT0-b"
},
"bondingMode" : "ACTIVE_BACKUP",
"mtu" : 1300
} ],
"virtual" : [ {
"logicalName" : "BACK",
"baseInterfaceName" : "MGT",
"vlan" : 42,
"mtu" : 1400
} ]
},
"backendAddresses" : [ {
"logicalName" : "BACK",
"ipAddress" : "127.1.0.1"
} ],
"managementAddresses" : [ {
"logicalName" : "MGT",
"ipAddress" : "127.2.0.1",
"port" : 443
} ],
"failoverAddresses" : [ {
"logicalName" : "FAILOVER",
"privateIpAddress" : "127.0.0.1/24",
"mirrorIpAddress" : "127.0.0.2"
} ]
}
}
}'
Example Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 1444
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:10.737Z"
},
"data" : {
"type" : "node",
"id" : "3",
"attributes" : {
"hostName" : "failo",
"hostNameDhcpInterface" : "pci4n",
"skinName" : "orange",
"networkInterfaces" : {
"physical" : [ {
"logicalName" : "MGT",
"dhcpMode" : "DHCPV4",
"device" : "pci4n",
"mtu" : 1499
} ],
"bonded" : [ {
"logicalName" : "EXT",
"slaveInterfaces" : {
"first" : "EXT0-a",
"second" : "EXT0-b"
},
"bondingMode" : "ACTIVE_BACKUP",
"mtu" : 1300
} ],
"virtual" : [ {
"logicalName" : "BACK",
"baseInterfaceName" : "MGT",
"vlan" : 42,
"mtu" : 1400
} ]
},
"backendAddresses" : [ {
"logicalName" : "BACK",
"ipAddress" : "127.1.0.1"
} ],
"managementAddresses" : [ {
"logicalName" : "MGT",
"ipAddress" : "127.2.0.1",
"port" : 443
} ],
"failoverAddresses" : [ {
"logicalName" : "FAILOVER",
"privateIpAddress" : "127.0.0.1/24",
"mirrorIpAddress" : "127.0.0.2"
} ]
},
"relationships" : {
"ssl-certificate" : {
"data" : {
"type" : "ssl-certificate",
"id" : "-1000"
}
}
}
}
}
Update a Node
PATCH /configuration/nodes/{id}
Content-Type application/json
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "node" for this call. |
|
|
yes |
The ID of the resource to be addressed. |
|
|
no |
The IP address in CIDR format. |
|
|
no |
The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
no |
The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
no |
Private IP address of the mirror host of this external network interface. This is the private failover IP address of the other Airlock Gateway instance. |
|
|
no |
Private IP address that this external network interface uses for the failover communication link. |
|
|
no |
Static system host/node name (ignored if hostNameDhcpInterface is set). |
|
|
no |
Name of the physical interface from which to retrieve the hostname via DHCP. |
|
|
no |
IP address in CIDR format. |
|
|
no |
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
no |
Port on which the Configuration Center listens for HTTPS (SSL/TLS) connections. |
|
|
no |
Bonding mode to use. Allowed values: |
|
|
no |
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
no |
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
no |
Logical name of the first physical interface that is part of the bonding interface. |
|
|
no |
Logical name of the second physical interface that is part of the bonding interface. |
|
|
no |
Physical interface that is connected to the logical name. |
|
|
no |
Allowed values: |
|
|
no |
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
no |
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
no |
The logical name of the physical or bonded interface on which the VLAN for this virtual interface is configured. |
|
|
no |
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
no |
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
no |
ID of the VLAN to which the virtual interface should be connected. |
|
|
no |
Skin color of the Configuration Center GUI. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "node" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
The IP address in CIDR format. |
|
|
The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
The logical name that is referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
Private IP address of the mirror host of this external network interface. This is the private failover IP address of the other Airlock Gateway instance. |
|
|
Private IP address that this external network interface uses for the failover communication link. |
|
|
Static system host/node name (ignored if hostNameDhcpInterface is set). |
|
|
Name of the physical interface from which to retrieve the hostname via DHCP. |
|
|
IP address in CIDR format. |
|
|
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
Port on which the Configuration Center listens for HTTPS (SSL/TLS) connections. |
|
|
Bonding mode to use. Allowed values: |
|
|
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
Logical name of the first physical interface that is part of the bonding interface. |
|
|
Logical name of the second physical interface that is part of the bonding interface. |
|
|
Physical interface that is connected to the logical name. |
|
|
Allowed values: |
|
|
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
The logical name of the physical or bonded interface on which the VLAN for this virtual interface is configured. |
|
|
The logical name that will be referenced in virtual hosts, virtual network interfaces, back-end addresses, management access and failover configuration. |
|
|
MTU size for this interface. Please note that jumbo frames (more than 1500) may not be supported in all environments. |
|
|
ID of the VLAN to which the virtual interface should be connected. |
|
|
Skin color of the Configuration Center GUI. |
|
|
The ssl-certificate references. |
|
|
The data type of the referenced resource. Must be "ssl-certificate" for this call. |
|
|
The ID of the ssl-certificate resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/nodes/3" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "node",
"id" : "3",
"attributes" : {
"hostName" : "testHost",
"hostNameDhcpInterface" : "MGT",
"skinName" : "skinBlue",
"networkInterfaces" : {
"physical" : [ {
"logicalName" : "MGT",
"dhcpMode" : "DHCPV4",
"device" : "hme0",
"mtu" : 1499
} ],
"bonded" : [ {
"logicalName" : "EXT",
"slaveInterfaces" : {
"first" : "EXT0-a",
"second" : "EXT0-b"
},
"bondingMode" : "ACTIVE_BACKUP",
"mtu" : 1300
} ],
"virtual" : [ {
"logicalName" : "BACK",
"baseInterfaceName" : "MGT",
"vlan" : 42,
"mtu" : 1400
} ]
},
"backendAddresses" : [ {
"logicalName" : "BACK",
"ipAddress" : "127.1.0.1"
} ],
"managementAddresses" : [ {
"logicalName" : "MGT",
"ipAddress" : "127.2.0.1",
"port" : 443
} ],
"failoverAddresses" : [ {
"logicalName" : "FAILOVER",
"privateIpAddress" : "127.0.0.1/24",
"mirrorIpAddress" : "127.0.0.2"
} ]
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1446
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:10.839Z"
},
"data" : {
"type" : "node",
"id" : "3",
"attributes" : {
"hostName" : "testHost",
"hostNameDhcpInterface" : "MGT",
"skinName" : "skinBlue",
"networkInterfaces" : {
"physical" : [ {
"logicalName" : "MGT",
"dhcpMode" : "DHCPV4",
"device" : "hme0",
"mtu" : 1499
} ],
"bonded" : [ {
"logicalName" : "EXT",
"slaveInterfaces" : {
"first" : "EXT0-a",
"second" : "EXT0-b"
},
"bondingMode" : "ACTIVE_BACKUP",
"mtu" : 1300
} ],
"virtual" : [ {
"logicalName" : "BACK",
"baseInterfaceName" : "MGT",
"vlan" : 42,
"mtu" : 1400
} ]
},
"backendAddresses" : [ {
"logicalName" : "BACK",
"ipAddress" : "127.1.0.1"
} ],
"managementAddresses" : [ {
"logicalName" : "MGT",
"ipAddress" : "127.2.0.1",
"port" : 443
} ],
"failoverAddresses" : [ {
"logicalName" : "FAILOVER",
"privateIpAddress" : "127.0.0.1/24",
"mirrorIpAddress" : "127.0.0.2"
} ]
},
"relationships" : {
"ssl-certificate" : {
"data" : {
"type" : "ssl-certificate",
"id" : "-1000"
}
}
}
}
}
Delete a Node
Only the failover node can be deleted, if you supply the id of the current node, the error code 'BAD REQUEST' will be returned.
DELETE /configuration/nodes/{id}
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/nodes/4" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Add Management Access SSL Certificate Connection
PATCH /configuration/nodes/{id}/relationships/ssl-certificate
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "ssl-certificate" for this call. |
|
|
yes |
The ID of the referenced "ssl-certificate" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/nodes/4/relationships/ssl-certificate" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "ssl-certificate",
"id" : "2"
}
}'
Example Response
HTTP/1.1 204 No Content
Remove Management Access SSL Certificate Connection
DELETE /configuration/nodes/{id}/relationships/ssl-certificate
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "ssl-certificate" for this call. |
|
|
yes |
The ID of the referenced "ssl-certificate" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/nodes/4/relationships/ssl-certificate" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "ssl-certificate",
"id" : "2"
}
}'
Example Response
HTTP/1.1 204 No Content
Routes
Access Default Gateways and Settings
GET /configuration/routes/default
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "route-default" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Enables configuration of static routes via DHCP for all interfaces with DHCP enabled. |
|
|
The logical name of the physical interface to retrieve the default gateway from. DHCP needs to be enabled on that interface. |
|
|
Static IPv4 address of the default gateway for destination based routing (ignored if dhcpInterface is set). |
|
|
Enables automatic configuration of source-based routes for interfaces with enabled DHCP. Then for each interface with a default gateway, a source-based routing rule is generated. |
|
|
Static IPv6 address of the default gateway for destination based routing. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/default" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 459
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:22.784Z"
},
"data" : {
"type" : "route-default",
"id" : "2",
"attributes" : {
"ipv4" : {
"dhcpInterface" : "INT",
"gateway" : "192.168.1.42",
"destinationRoutesFromDhcpEnabled" : true,
"sourceRoutesFromDhcpEnabled" : true
},
"ipv6" : {
"gateway" : "2001:1620:2000:1861::1"
}
}
}
}
Update Default Gateways and Settings
PATCH /configuration/routes/default
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "route-default" for this call. |
|
|
no |
Enables configuration of static routes via DHCP for all interfaces with DHCP enabled. |
|
|
no |
The logical name of the physical interface to retrieve the default gateway from. DHCP needs to be enabled on that interface. |
|
|
no |
Static IPv4 address of the default gateway for destination based routing (ignored if dhcpInterface is set). |
|
|
no |
Enables automatic configuration of source-based routes for interfaces with enabled DHCP. Then for each interface with a default gateway, a source-based routing rule is generated. |
|
|
no |
Static IPv6 address of the default gateway for destination based routing. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "route-default" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Enables configuration of static routes via DHCP for all interfaces with DHCP enabled. |
|
|
The logical name of the physical interface to retrieve the default gateway from. DHCP needs to be enabled on that interface. |
|
|
Static IPv4 address of the default gateway for destination based routing (ignored if dhcpInterface is set). |
|
|
Enables automatic configuration of source-based routes for interfaces with enabled DHCP. Then for each interface with a default gateway, a source-based routing rule is generated. |
|
|
Static IPv6 address of the default gateway for destination based routing. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/default" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "route-default",
"attributes" : {
"ipv4" : {
"dhcpInterface" : "EXT",
"gateway" : "192.168.1.42",
"destinationRoutesFromDhcpEnabled" : true,
"sourceRoutesFromDhcpEnabled" : true
},
"ipv6" : {
"gateway" : "::1"
}
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 440
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:22.815Z"
},
"data" : {
"type" : "route-default",
"id" : "2",
"attributes" : {
"ipv4" : {
"dhcpInterface" : "EXT",
"gateway" : "192.168.1.42",
"destinationRoutesFromDhcpEnabled" : true,
"sourceRoutesFromDhcpEnabled" : true
},
"ipv6" : {
"gateway" : "::1"
}
}
}
}
Access all IPv4 Destination Routes
GET /configuration/routes/ipv4/destination
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "route-ipv4-destination" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Destination IPv4 address or network for this routing rule, in CIDR format (e.g. 192.168.1.1/24). |
|
|
IPv4 address of the gateway for this routing rule. |
|
|
Force the route to be associated with the specified interface. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv4/destination" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 312
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:24.916Z"
},
"data" : [ {
"type" : "route-ipv4-destination",
"id" : "1",
"attributes" : {
"gateway" : "192.168.0.1",
"destination" : "192.168.1.0/24",
"logicalName" : "INT"
}
} ]
}
Access an IPv4 Destination Route
GET /configuration/routes/ipv4/destination/{id}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "route-ipv4-destination" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Destination IPv4 address or network for this routing rule, in CIDR format (e.g. 192.168.1.1/24). |
|
|
IPv4 address of the gateway for this routing rule. |
|
|
Force the route to be associated with the specified interface. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv4/destination/2" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 308
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:24.867Z"
},
"data" : {
"type" : "route-ipv4-destination",
"id" : "2",
"attributes" : {
"gateway" : "192.168.0.1",
"destination" : "192.168.2.0/24",
"logicalName" : "INT"
}
}
}
Create an IPv4 Destination Route
POST /configuration/routes/ipv4/destination
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "route-ipv4-destination" for this call. |
|
|
no |
Destination IPv4 address or network for this routing rule, in CIDR format (e.g. 192.168.1.1/24). |
|
|
no |
IPv4 address of the gateway for this routing rule. |
|
|
no |
Force the route to be associated with the specified interface. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "route-ipv4-destination" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Destination IPv4 address or network for this routing rule, in CIDR format (e.g. 192.168.1.1/24). |
|
|
IPv4 address of the gateway for this routing rule. |
|
|
Force the route to be associated with the specified interface. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv4/destination" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "route-ipv4-destination",
"attributes" : {
"gateway" : "127.0.0.1",
"destination" : "8.0.0.0/12",
"logicalName" : "INT"
}
}
}'
Example Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 302
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:24.894Z"
},
"data" : {
"type" : "route-ipv4-destination",
"id" : "3",
"attributes" : {
"gateway" : "127.0.0.1",
"destination" : "8.0.0.0/12",
"logicalName" : "INT"
}
}
}
Update an IPv4 Destination Route
PATCH /configuration/routes/ipv4/destination/{id}
Content-Type application/json
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "route-ipv4-destination" for this call. |
|
|
yes |
The ID of the resource to be addressed. |
|
|
no |
Destination IPv4 address or network for this routing rule, in CIDR format (e.g. 192.168.1.1/24). |
|
|
no |
IPv4 address of the gateway for this routing rule. |
|
|
no |
Force the route to be associated with the specified interface. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "route-ipv4-destination" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Destination IPv4 address or network for this routing rule, in CIDR format (e.g. 192.168.1.1/24). |
|
|
IPv4 address of the gateway for this routing rule. |
|
|
Force the route to be associated with the specified interface. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv4/destination/1" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "route-ipv4-destination",
"id" : "1",
"attributes" : {
"gateway" : "127.0.0.1",
"destination" : "8.0.0.0/12",
"logicalName" : "MGT"
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 302
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:24.928Z"
},
"data" : {
"type" : "route-ipv4-destination",
"id" : "1",
"attributes" : {
"gateway" : "127.0.0.1",
"destination" : "8.0.0.0/12",
"logicalName" : "MGT"
}
}
}
Delete an IPv4 Destination Route
DELETE /configuration/routes/ipv4/destination/{id}
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv4/destination/1" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Access all IPv4 Source Routes
GET /configuration/routes/ipv4/source
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "route-ipv4-source" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
IPv4 address of the gateway for this routing rule. |
|
|
Source IPv4 address or network for this routing rule, in CIDR format (e.g. 192.168.1.1/24). |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv4/source" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 273
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:26.910Z"
},
"data" : [ {
"type" : "route-ipv4-source",
"id" : "1",
"attributes" : {
"gateway" : "192.168.0.1",
"source" : "192.168.1.8/32"
}
} ]
}
Access a IPv4 Source Route
GET /configuration/routes/ipv4/source/{id}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "route-ipv4-source" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
IPv4 address of the gateway for this routing rule. |
|
|
Source IPv4 address or network for this routing rule, in CIDR format (e.g. 192.168.1.1/24). |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv4/source/2" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 269
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:26.868Z"
},
"data" : {
"type" : "route-ipv4-source",
"id" : "2",
"attributes" : {
"gateway" : "192.168.0.1",
"source" : "192.168.2.8/32"
}
}
}
Create an IPv4 Source Route
POST /configuration/routes/ipv4/source
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "route-ipv4-source" for this call. |
|
|
yes |
IPv4 address of the gateway for this routing rule. |
|
|
yes |
Source IPv4 address or network for this routing rule, in CIDR format (e.g. 192.168.1.1/24). |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "route-ipv4-source" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
IPv4 address of the gateway for this routing rule. |
|
|
Source IPv4 address or network for this routing rule, in CIDR format (e.g. 192.168.1.1/24). |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv4/source" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "route-ipv4-source",
"attributes" : {
"gateway" : "127.2.3.4",
"source" : "1.2.3.4/32"
}
}
}'
Example Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 263
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:26.888Z"
},
"data" : {
"type" : "route-ipv4-source",
"id" : "3",
"attributes" : {
"gateway" : "127.2.3.4",
"source" : "1.2.3.4/32"
}
}
}
Update an IPv4 Source Route
PATCH /configuration/routes/ipv4/source/{id}
Content-Type application/json
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "route-ipv4-source" for this call. |
|
|
yes |
The ID of the resource to be addressed. |
|
|
no |
IPv4 address of the gateway for this routing rule. |
|
|
no |
Source IPv4 address or network for this routing rule, in CIDR format (e.g. 192.168.1.1/24). |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "route-ipv4-source" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
IPv4 address of the gateway for this routing rule. |
|
|
Source IPv4 address or network for this routing rule, in CIDR format (e.g. 192.168.1.1/24). |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv4/source/1" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "route-ipv4-source",
"id" : "1",
"attributes" : {
"gateway" : "127.0.0.1",
"source" : "1.2.3.4/32"
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 263
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:26.921Z"
},
"data" : {
"type" : "route-ipv4-source",
"id" : "1",
"attributes" : {
"gateway" : "127.0.0.1",
"source" : "1.2.3.4/32"
}
}
}
Delete an IPv4 Source Route
DELETE /configuration/routes/ipv4/source/{id}
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv4/source/1" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Access all IPv6 Destination Routes
GET /configuration/routes/ipv6/destination
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "route-ipv6-destination" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Destination IPv6 address or network for this routing rule, in CIDR format (e.g. 2001:db8::1::1/64). |
|
|
IPv6 address of the gateway for this routing rule. |
|
|
Force the route to be associated with the specified interface. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv6/destination" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 333
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:29.107Z"
},
"data" : [ {
"type" : "route-ipv6-destination",
"id" : "1",
"attributes" : {
"gateway" : "2001:1620:2000:1860::1",
"destination" : "2001:1620:2000:1861::/64",
"logicalName" : "INT"
}
} ]
}
Access an IPv6 Destination Route
GET /configuration/routes/ipv6/destination/{id}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "route-ipv6-destination" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Destination IPv6 address or network for this routing rule, in CIDR format (e.g. 2001:db8::1::1/64). |
|
|
IPv6 address of the gateway for this routing rule. |
|
|
Force the route to be associated with the specified interface. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv6/destination/2" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:29.048Z"
},
"data" : {
"type" : "route-ipv6-destination",
"id" : "2",
"attributes" : {
"gateway" : "2001:1620:2000:1860::1",
"destination" : "2001:1620:2000:1862::/64",
"logicalName" : "INT"
}
}
}
Update an IPv6 Destination Route
PATCH /configuration/routes/ipv6/destination/{id}
Content-Type application/json
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "route-ipv6-destination" for this call. |
|
|
yes |
The ID of the resource to be addressed. |
|
|
no |
Destination IPv6 address or network for this routing rule, in CIDR format (e.g. 2001:db8::1::1/64). |
|
|
no |
IPv6 address of the gateway for this routing rule. |
|
|
no |
Force the route to be associated with the specified interface. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "route-ipv6-destination" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Destination IPv6 address or network for this routing rule, in CIDR format (e.g. 2001:db8::1::1/64). |
|
|
IPv6 address of the gateway for this routing rule. |
|
|
Force the route to be associated with the specified interface. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv6/destination/1" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "route-ipv6-destination",
"id" : "1",
"attributes" : {
"gateway" : "2001:1620:2000:1860::1",
"destination" : "2001:1620:2000:1861::/64",
"logicalName" : "MGT"
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:29.123Z"
},
"data" : {
"type" : "route-ipv6-destination",
"id" : "1",
"attributes" : {
"gateway" : "2001:1620:2000:1860::1",
"destination" : "2001:1620:2000:1861::/64",
"logicalName" : "MGT"
}
}
}
Create an IPv6 Destination Route
POST /configuration/routes/ipv6/destination
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "route-ipv6-destination" for this call. |
|
|
no |
Destination IPv6 address or network for this routing rule, in CIDR format (e.g. 2001:db8::1::1/64). |
|
|
no |
IPv6 address of the gateway for this routing rule. |
|
|
no |
Force the route to be associated with the specified interface. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "route-ipv6-destination" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Destination IPv6 address or network for this routing rule, in CIDR format (e.g. 2001:db8::1::1/64). |
|
|
IPv6 address of the gateway for this routing rule. |
|
|
Force the route to be associated with the specified interface. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv6/destination" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "route-ipv6-destination",
"attributes" : {
"gateway" : "2001:1620:2000:1860::1",
"destination" : "2001:1620:2000:1861::/64",
"logicalName" : "INT"
}
}
}'
Example Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 329
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:29.075Z"
},
"data" : {
"type" : "route-ipv6-destination",
"id" : "3",
"attributes" : {
"gateway" : "2001:1620:2000:1860::1",
"destination" : "2001:1620:2000:1861::/64",
"logicalName" : "INT"
}
}
}
Delete an IPv6 Destination Route
DELETE /configuration/routes/ipv6/destination/{id}
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv6/destination/1" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Access all IPv6 Source Routes
GET /configuration/routes/ipv6/source
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "route-ipv6-source" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
IPv6 address of the gateway for this routing rule. |
|
|
Source IPv6 address or network for this routing rule, in CIDR format (e.g. 2001:db8:0:cd30::1/60). |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv6/source" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 301
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:31.282Z"
},
"data" : [ {
"type" : "route-ipv6-source",
"id" : "1",
"attributes" : {
"gateway" : "2001:db8:85a3::8a2e:370:1",
"source" : "fe80::202:b3ff:fe1e:8329/128"
}
} ]
}
Access a IPv6 Source Route
GET /configuration/routes/ipv6/source/{id}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "route-ipv6-source" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
IPv6 address of the gateway for this routing rule. |
|
|
Source IPv6 address or network for this routing rule, in CIDR format (e.g. 2001:db8:0:cd30::1/60). |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv6/source/2" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 294
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:31.239Z"
},
"data" : {
"type" : "route-ipv6-source",
"id" : "2",
"attributes" : {
"gateway" : "2001:db8:85a3::8a2e:370:2",
"source" : "fe80::202:b3ff:fe1e:2/128"
}
}
}
Create an IPv6 Source Route
POST /configuration/routes/ipv6/source
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "route-ipv6-source" for this call. |
|
|
yes |
IPv6 address of the gateway for this routing rule. |
|
|
yes |
Source IPv6 address or network for this routing rule, in CIDR format (e.g. 2001:db8:0:cd30::1/60). |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "route-ipv6-source" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
IPv6 address of the gateway for this routing rule. |
|
|
Source IPv6 address or network for this routing rule, in CIDR format (e.g. 2001:db8:0:cd30::1/60). |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv6/source" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "route-ipv6-source",
"attributes" : {
"gateway" : "2001:1620:2000:1861::1",
"source" : "2001:1620:2000:1860::/48"
}
}
}'
Example Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 290
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:31.261Z"
},
"data" : {
"type" : "route-ipv6-source",
"id" : "3",
"attributes" : {
"gateway" : "2001:1620:2000:1861::1",
"source" : "2001:1620:2000:1860::/48"
}
}
}
Update an IPv6 Source Route
PATCH /configuration/routes/ipv6/source/{id}
Content-Type application/json
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "route-ipv6-source" for this call. |
|
|
yes |
The ID of the resource to be addressed. |
|
|
no |
IPv6 address of the gateway for this routing rule. |
|
|
no |
Source IPv6 address or network for this routing rule, in CIDR format (e.g. 2001:db8:0:cd30::1/60). |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "route-ipv6-source" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
IPv6 address of the gateway for this routing rule. |
|
|
Source IPv6 address or network for this routing rule, in CIDR format (e.g. 2001:db8:0:cd30::1/60). |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv6/source/1" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "route-ipv6-source",
"id" : "1",
"attributes" : {
"gateway" : "2001:db8:85a3::8a2e:370:2",
"source" : "2001:1620:2000:1860::/48"
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 293
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:31.295Z"
},
"data" : {
"type" : "route-ipv6-source",
"id" : "1",
"attributes" : {
"gateway" : "2001:db8:85a3::8a2e:370:2",
"source" : "2001:1620:2000:1860::/48"
}
}
}
Delete an IPv6 Source Route
DELETE /configuration/routes/ipv6/source/{id}
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/routes/ipv6/source/1" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Host
Access all Hosts
GET /configuration/hosts
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "host" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Host names and aliases. |
|
|
IP address of the host. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/hosts" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 276
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:32.926Z"
},
"data" : [ {
"type" : "host",
"id" : "1",
"attributes" : {
"ipAddress" : "192.168.0.42",
"hostNames" : [ "marvin", "marvin-int" ]
}
} ]
}
Access a Host
GET /configuration/hosts/{id}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "host" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Host names and aliases. |
|
|
IP address of the host. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/hosts/1" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 272
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:32.873Z"
},
"data" : {
"type" : "host",
"id" : "1",
"attributes" : {
"ipAddress" : "192.168.0.42",
"hostNames" : [ "marvin", "marvin-int" ]
}
}
}
Create a Host
POST /configuration/hosts
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "host" for this call. |
|
|
yes |
Host names and aliases. |
|
|
yes |
IP address of the host. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "host" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Host names and aliases. |
|
|
IP address of the host. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/hosts" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "host",
"attributes" : {
"ipAddress" : "2001:500:2::c",
"hostNames" : [ "host1", "host2" ]
}
}
}'
Example Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 267
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:32.900Z"
},
"data" : {
"type" : "host",
"id" : "3",
"attributes" : {
"ipAddress" : "2001:500:2::c",
"hostNames" : [ "host1", "host2" ]
}
}
}
Update a Host
PATCH /configuration/hosts/{id}
Content-Type application/json
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "host" for this call. |
|
|
yes |
The ID of the resource to be addressed. |
|
|
no |
Host names and aliases. |
|
|
no |
IP address of the host. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "host" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Host names and aliases. |
|
|
IP address of the host. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/hosts/1" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "host",
"id" : "1",
"attributes" : {
"ipAddress" : "2001:500:2::c",
"hostNames" : [ "host1", "host2" ]
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 267
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:32.940Z"
},
"data" : {
"type" : "host",
"id" : "1",
"attributes" : {
"ipAddress" : "2001:500:2::c",
"hostNames" : [ "host1", "host2" ]
}
}
}
Delete a Host
DELETE /configuration/hosts/{id}
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/hosts/1" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Network Services
Access Network Services
GET /configuration/network-services
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "network-services" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Whether the OCSP servers autodetect is enabled. If true, server URLs are collected from configured SSL certificates (extracted from OCSP field in x509 extension 'authority information access') |
|
|
Whether the cache is enabled. |
|
|
Lifetime of cached data in seconds. |
|
|
Specifies the default DNS domain for resolving host names of the back-end application servers. |
|
|
Logical interface from which to obtain DNS settings via DHCP. |
|
|
Specifies up to three DNS server IP addresses for resolving host names of the back-end application servers. |
|
|
List of NTP servers to use. |
|
|
Encryption method of the SMTP connection Allowed values: |
|
|
Password to use for authentication with the mail server. |
|
|
Sender address for emails sent via the defined mail hosts. If unspecified, the default address "administrator@<hostname>" is used. |
|
|
Sender name for emails sent via the defined mail hosts. If unspecified, the default name "Airlock Administrator" is used. |
|
|
Specifies the mail hosts. If multiple servers are specified, they act as fallback. |
|
|
Username to use for authentication with the mail server. If unspecified, no explicit login is performed. |
|
|
Specifies the SNMPv2 read only community string to access the SNMP monitoring data. |
|
|
The authentication algorithm used for authenticated SNMPv3 messages. Allowed values: |
|
|
The authentication passphrase used for authenticated SNMPv3 messages. |
|
|
The privacy algorithm used for encrypted SNMPv3 messages. Allowed values: |
|
|
The privacy pass phrase used for encrypted SNMPv3 messages. |
|
|
The securityName used for authenticated SNMPv3 messages. |
|
|
SNMP protocol version Allowed values: |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/network-services" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1244
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:08.354Z"
},
"data" : {
"type" : "network-services",
"id" : "2",
"attributes" : {
"dns" : {
"dhcpInterface" : "INTERN",
"ipAddresses" : [ "192.168.1.42", "2001:1620:2000:1899::42" ],
"defaultDomain" : "me.local"
},
"ntp" : {
"servers" : [ "ntp1.me.local", "ntp2.me.local" ]
},
"smtp" : {
"servers" : [ "smtp.me.local:25" ],
"encryptionMethod" : "TLS",
"username" : "user",
"password" : "**** hidden ****",
"senderName" : "Airlock Notifications",
"senderAddress" : "airlock-admin@example.com"
},
"snmp" : {
"version" : "SNMPv2",
"community" : "airlock",
"v3" : {
"username" : "JohnDoe",
"authenticationPassphrase" : "passphrase2",
"authenticationAlgorithm" : "SHA",
"privacyPassphrase" : "**** hidden ****",
"privacyAlgorithm" : "AES"
}
},
"apiPolicy" : {
"cacheEnabled" : true,
"cacheExpiry" : 300
},
"allowedNetworkEndpoints" : {
"ocspServersAutodetected" : false
}
}
}
}
Update Network Services
PATCH /configuration/network-services
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "network-services" for this call. |
|
|
no |
Whether the OCSP servers autodetect is enabled. If true, server URLs are collected from configured SSL certificates (extracted from OCSP field in x509 extension 'authority information access') |
|
|
no |
Whether the cache is enabled. |
|
|
no |
Lifetime of cached data in seconds. |
|
|
no |
Specifies the default DNS domain for resolving host names of the back-end application servers. |
|
|
no |
Logical interface from which to obtain DNS settings via DHCP. |
|
|
no |
Specifies up to three DNS server IP addresses for resolving host names of the back-end application servers. |
|
|
no |
List of NTP servers to use. |
|
|
no |
Encryption method of the SMTP connection Allowed values: |
|
|
no |
Password to use for authentication with the mail server. |
|
|
no |
Sender address for emails sent via the defined mail hosts. If unspecified, the default address "administrator@<hostname>" is used. |
|
|
no |
Sender name for emails sent via the defined mail hosts. If unspecified, the default name "Airlock Administrator" is used. |
|
|
no |
Specifies the mail hosts. If multiple servers are specified, they act as fallback. |
|
|
no |
Username to use for authentication with the mail server. If unspecified, no explicit login is performed. |
|
|
no |
Specifies the SNMPv2 read only community string to access the SNMP monitoring data. |
|
|
no |
The authentication algorithm used for authenticated SNMPv3 messages. Allowed values: |
|
|
no |
The authentication passphrase used for authenticated SNMPv3 messages. |
|
|
no |
The privacy algorithm used for encrypted SNMPv3 messages. Allowed values: |
|
|
no |
The privacy pass phrase used for encrypted SNMPv3 messages. |
|
|
no |
The securityName used for authenticated SNMPv3 messages. |
|
|
no |
SNMP protocol version Allowed values: |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "network-services" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Whether the OCSP servers autodetect is enabled. If true, server URLs are collected from configured SSL certificates (extracted from OCSP field in x509 extension 'authority information access') |
|
|
Whether the cache is enabled. |
|
|
Lifetime of cached data in seconds. |
|
|
Specifies the default DNS domain for resolving host names of the back-end application servers. |
|
|
Logical interface from which to obtain DNS settings via DHCP. |
|
|
Specifies up to three DNS server IP addresses for resolving host names of the back-end application servers. |
|
|
List of NTP servers to use. |
|
|
Encryption method of the SMTP connection Allowed values: |
|
|
Password to use for authentication with the mail server. |
|
|
Sender address for emails sent via the defined mail hosts. If unspecified, the default address "administrator@<hostname>" is used. |
|
|
Sender name for emails sent via the defined mail hosts. If unspecified, the default name "Airlock Administrator" is used. |
|
|
Specifies the mail hosts. If multiple servers are specified, they act as fallback. |
|
|
Username to use for authentication with the mail server. If unspecified, no explicit login is performed. |
|
|
Specifies the SNMPv2 read only community string to access the SNMP monitoring data. |
|
|
The authentication algorithm used for authenticated SNMPv3 messages. Allowed values: |
|
|
The authentication passphrase used for authenticated SNMPv3 messages. |
|
|
The privacy algorithm used for encrypted SNMPv3 messages. Allowed values: |
|
|
The privacy pass phrase used for encrypted SNMPv3 messages. |
|
|
The securityName used for authenticated SNMPv3 messages. |
|
|
SNMP protocol version Allowed values: |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/network-services" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "network-services",
"attributes" : {
"dns" : {
"dhcpInterface" : "INT",
"ipAddresses" : [ "127.0.0.1", "127.0.0.2" ],
"defaultDomain" : "domain.my"
},
"ntp" : {
"servers" : [ "127.2.0.1" ]
},
"smtp" : {
"servers" : [ "127.1.0.1", "127.1.0.2" ],
"encryptionMethod" : "NONE",
"username" : "",
"password" : "**** hidden ****",
"senderName" : "Airlock Notifications",
"senderAddress" : "airlock-admin@example.com"
},
"snmp" : {
"version" : "SNMPv2",
"community" : "public",
"v3" : {
"username" : "JaneDoe",
"authenticationPassphrase" : "**** hidden ****",
"authenticationAlgorithm" : "SHA",
"privacyPassphrase" : "**** hidden ****",
"privacyAlgorithm" : "AES"
}
},
"apiPolicy" : {
"cacheEnabled" : true,
"cacheExpiry" : 300
},
"allowedNetworkEndpoints" : {
"ocspServersAutodetected" : true
}
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1210
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:08.398Z"
},
"data" : {
"type" : "network-services",
"id" : "2",
"attributes" : {
"dns" : {
"dhcpInterface" : "INT",
"ipAddresses" : [ "127.0.0.1", "127.0.0.2" ],
"defaultDomain" : "domain.my"
},
"ntp" : {
"servers" : [ "127.2.0.1" ]
},
"smtp" : {
"servers" : [ "127.1.0.1", "127.1.0.2" ],
"encryptionMethod" : "NONE",
"username" : "",
"password" : "**** hidden ****",
"senderName" : "Airlock Notifications",
"senderAddress" : "airlock-admin@example.com"
},
"snmp" : {
"version" : "SNMPv2",
"community" : "public",
"v3" : {
"username" : "JaneDoe",
"authenticationPassphrase" : "**** hidden ****",
"authenticationAlgorithm" : "SHA",
"privacyPassphrase" : "**** hidden ****",
"privacyAlgorithm" : "AES"
}
},
"apiPolicy" : {
"cacheEnabled" : true,
"cacheExpiry" : 300
},
"allowedNetworkEndpoints" : {
"ocspServersAutodetected" : true
}
}
}
}
ICAP Environments
Access all ICAP Environments
GET /configuration/icap-environments
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "icap-environment" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Whether application usage is allowed to continue even if all configured ICAP Service URLs are unreachable. |
|
|
Either an ICAP URL (icap://… or icaps://…) for a traditional ICAP service or an HTTP URL (http://…; or https://…) for an ICAP service such as the Airlock Gateway SOAP/XML Filter which runs on a Java web application container. Using an HTTP URL will slightly modify the ICAP protocol by transferring the data in a HTTP data stream. |
|
|
The unique name of the ICAP environment. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/icap-environments" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 328
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:35.010Z"
},
"data" : [ {
"type" : "icap-environment",
"id" : "1",
"attributes" : {
"name" : "my-icap-environment",
"failOpen" : true,
"icapUrls" : [ "icap://server-1", "icap://server-2" ]
}
} ]
}
Access an ICAP Environment
GET /configuration/icap-environments/{id}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "icap-environment" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Whether application usage is allowed to continue even if all configured ICAP Service URLs are unreachable. |
|
|
Either an ICAP URL (icap://… or icaps://…) for a traditional ICAP service or an HTTP URL (http://…; or https://…) for an ICAP service such as the Airlock Gateway SOAP/XML Filter which runs on a Java web application container. Using an HTTP URL will slightly modify the ICAP protocol by transferring the data in a HTTP data stream. |
|
|
The unique name of the ICAP environment. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/icap-environments/1" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 324
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:34.961Z"
},
"data" : {
"type" : "icap-environment",
"id" : "1",
"attributes" : {
"name" : "my-icap-environment",
"failOpen" : true,
"icapUrls" : [ "icap://server-1", "icap://server-2" ]
}
}
}
Create an ICAP Environment
POST /configuration/icap-environments
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "icap-environment" for this call. |
|
|
yes |
Whether application usage is allowed to continue even if all configured ICAP Service URLs are unreachable. |
|
|
yes |
Either an ICAP URL (icap://… or icaps://…) for a traditional ICAP service or an HTTP URL (http://…; or https://…) for an ICAP service such as the Airlock Gateway SOAP/XML Filter which runs on a Java web application container. Using an HTTP URL will slightly modify the ICAP protocol by transferring the data in a HTTP data stream. |
|
|
yes |
The unique name of the ICAP environment. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "icap-environment" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Whether application usage is allowed to continue even if all configured ICAP Service URLs are unreachable. |
|
|
Either an ICAP URL (icap://… or icaps://…) for a traditional ICAP service or an HTTP URL (http://…; or https://…) for an ICAP service such as the Airlock Gateway SOAP/XML Filter which runs on a Java web application container. Using an HTTP URL will slightly modify the ICAP protocol by transferring the data in a HTTP data stream. |
|
|
The unique name of the ICAP environment. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/icap-environments" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "icap-environment",
"attributes" : {
"name" : "my-icap-environment",
"failOpen" : true,
"icapUrls" : [ "http://127.0.0.1:8888", "http://127.0.0.2:9999" ]
}
}
}'
Example Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 336
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:34.987Z"
},
"data" : {
"type" : "icap-environment",
"id" : "3",
"attributes" : {
"name" : "my-icap-environment",
"failOpen" : true,
"icapUrls" : [ "http://127.0.0.1:8888", "http://127.0.0.2:9999" ]
}
}
}
Update an ICAP Environment
PATCH /configuration/icap-environments/{id}
Content-Type application/json
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "icap-environment" for this call. |
|
|
yes |
The ID of the resource to be addressed. |
|
|
no |
Whether application usage is allowed to continue even if all configured ICAP Service URLs are unreachable. |
|
|
no |
Either an ICAP URL (icap://… or icaps://…) for a traditional ICAP service or an HTTP URL (http://…; or https://…) for an ICAP service such as the Airlock Gateway SOAP/XML Filter which runs on a Java web application container. Using an HTTP URL will slightly modify the ICAP protocol by transferring the data in a HTTP data stream. |
|
|
no |
The unique name of the ICAP environment. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "icap-environment" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Whether application usage is allowed to continue even if all configured ICAP Service URLs are unreachable. |
|
|
Either an ICAP URL (icap://… or icaps://…) for a traditional ICAP service or an HTTP URL (http://…; or https://…) for an ICAP service such as the Airlock Gateway SOAP/XML Filter which runs on a Java web application container. Using an HTTP URL will slightly modify the ICAP protocol by transferring the data in a HTTP data stream. |
|
|
The unique name of the ICAP environment. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/icap-environments/1" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "icap-environment",
"id" : "1",
"attributes" : {
"name" : "my-icap-environment",
"failOpen" : true,
"icapUrls" : [ "http://127.0.0.1:8888", "http://127.0.0.2:9999" ]
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 336
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:35.027Z"
},
"data" : {
"type" : "icap-environment",
"id" : "1",
"attributes" : {
"name" : "my-icap-environment",
"failOpen" : true,
"icapUrls" : [ "http://127.0.0.1:8888", "http://127.0.0.2:9999" ]
}
}
}
Delete an ICAP Environment
DELETE /configuration/icap-environments/{id}
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/icap-environments/1" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Kerberos Environments
Access all Kerberos Environments
GET /configuration/kerberos-environments
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "kerberos-environment" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
List of domain controllers. The default port is 88. |
|
|
Kerberos domain |
|
|
The unique name of the kerberos environment |
|
|
Password of the Kerberos systemuser. The field is masked in the response. |
|
|
Username of the Kerberos systemuser. This user must be allowed to perform Kerberos constrained delegation. |
|
|
The back-end-group references. |
|
|
The data type of the referenced resource. Must be "back-end-group" for this call. |
|
|
The ID of the back-end-group resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/kerberos-environments" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 414
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:41.371Z"
},
"data" : [ {
"type" : "kerberos-environment",
"id" : "3",
"attributes" : {
"name" : "KerberosResourceTest",
"domainName" : "domain.krb",
"domainControllers" : [ "pdc1.domain.krb", "pdc2.domain.krb" ],
"username" : "",
"password" : "**** hidden ****"
}
} ]
}
Access a Kerberos Environment
GET /configuration/kerberos-environments/{id}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "kerberos-environment" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
List of domain controllers. The default port is 88. |
|
|
Kerberos domain |
|
|
The unique name of the kerberos environment |
|
|
Password of the Kerberos systemuser. The field is masked in the response. |
|
|
Username of the Kerberos systemuser. This user must be allowed to perform Kerberos constrained delegation. |
|
|
The back-end-group references. |
|
|
The data type of the referenced resource. Must be "back-end-group" for this call. |
|
|
The ID of the back-end-group resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/kerberos-environments/3" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 410
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:41.310Z"
},
"data" : {
"type" : "kerberos-environment",
"id" : "3",
"attributes" : {
"name" : "KerberosResourceTest",
"domainName" : "domain.krb",
"domainControllers" : [ "pdc1.domain.krb", "pdc2.domain.krb" ],
"username" : "",
"password" : "**** hidden ****"
}
}
}
Create a Kerberos Environment
POST /configuration/kerberos-environments
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "kerberos-environment" for this call. |
|
|
yes |
List of domain controllers. The default port is 88. |
|
|
yes |
Kerberos domain |
|
|
yes |
The unique name of the kerberos environment |
|
|
yes |
Password of the Kerberos systemuser. The field is masked in the response. |
|
|
yes |
Username of the Kerberos systemuser. This user must be allowed to perform Kerberos constrained delegation. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "kerberos-environment" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
List of domain controllers. The default port is 88. |
|
|
Kerberos domain |
|
|
The unique name of the kerberos environment |
|
|
Password of the Kerberos systemuser. The field is masked in the response. |
|
|
Username of the Kerberos systemuser. This user must be allowed to perform Kerberos constrained delegation. |
|
|
The back-end-group references. |
|
|
The data type of the referenced resource. Must be "back-end-group" for this call. |
|
|
The ID of the back-end-group resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/kerberos-environments" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "kerberos-environment",
"attributes" : {
"name" : "my-kerb-dto",
"domainName" : "domain.dto",
"domainControllers" : [ "pdc1", "pdc2" ],
"username" : "dto-user",
"password" : "dto-pass"
}
}
}'
Example Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 387
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:41.348Z"
},
"data" : {
"type" : "kerberos-environment",
"id" : "3",
"attributes" : {
"name" : "my-kerb-dto",
"domainName" : "domain.dto",
"domainControllers" : [ "pdc1", "pdc2" ],
"username" : "dto-user",
"password" : "**** hidden ****"
}
}
}
Update a Kerberos Environment
PATCH /configuration/kerberos-environments/{id}
Content-Type application/json
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "kerberos-environment" for this call. |
|
|
yes |
The ID of the resource to be addressed. |
|
|
no |
List of domain controllers. The default port is 88. |
|
|
no |
Kerberos domain |
|
|
no |
The unique name of the kerberos environment |
|
|
no |
Password of the Kerberos systemuser. The field is masked in the response. |
|
|
no |
Username of the Kerberos systemuser. This user must be allowed to perform Kerberos constrained delegation. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "kerberos-environment" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
List of domain controllers. The default port is 88. |
|
|
Kerberos domain |
|
|
The unique name of the kerberos environment |
|
|
Password of the Kerberos systemuser. The field is masked in the response. |
|
|
Username of the Kerberos systemuser. This user must be allowed to perform Kerberos constrained delegation. |
|
|
The back-end-group references. |
|
|
The data type of the referenced resource. Must be "back-end-group" for this call. |
|
|
The ID of the back-end-group resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/kerberos-environments/3" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "kerberos-environment",
"id" : "3",
"attributes" : {
"name" : "my-kerb-dto",
"domainName" : "domain.dto",
"domainControllers" : [ "pdc1", "pdc2" ],
"username" : "dto-user",
"password" : "dto-pass"
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 387
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:41.383Z"
},
"data" : {
"type" : "kerberos-environment",
"id" : "3",
"attributes" : {
"name" : "my-kerb-dto",
"domainName" : "domain.dto",
"domainControllers" : [ "pdc1", "pdc2" ],
"username" : "dto-user",
"password" : "**** hidden ****"
}
}
}
Delete a Kerberos Environment
DELETE /configuration/kerberos-environments/{id}
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/kerberos-environments/3" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Add Back-End Group Connections
PATCH /configuration/kerberos-environments/{id}/relationships/back-end-groups
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "back-end-group" for this call. |
|
|
yes |
The ID of the referenced "back-end-group" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/kerberos-environments/3/relationships/back-end-groups" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "back-end-group",
"id" : "1"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Back-End Group Connections
DELETE /configuration/kerberos-environments/{id}/relationships/back-end-groups
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "back-end-group" for this call. |
|
|
yes |
The ID of the referenced "back-end-group" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/kerberos-environments/3/relationships/back-end-groups" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "back-end-group",
"id" : "1"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Allowed Network Endpoints
Access all Allowed Network Endpoints
GET /configuration/allowed-network-endpoints
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "allowed-network-endpoint" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Hostname, IP address or network to which a connection should be allowed. |
|
|
Port of the external service. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/allowed-network-endpoints" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 278
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:31:55.038Z"
},
"data" : [ {
"type" : "allowed-network-endpoint",
"id" : "1",
"attributes" : {
"destination" : "allowed.example.com",
"port" : 4242
}
} ]
}
Access an Allowed Network Endpoint
GET /configuration/allowed-network-endpoints/{id}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "allowed-network-endpoint" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Hostname, IP address or network to which a connection should be allowed. |
|
|
Port of the external service. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/allowed-network-endpoints/1" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 274
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:31:54.940Z"
},
"data" : {
"type" : "allowed-network-endpoint",
"id" : "1",
"attributes" : {
"destination" : "allowed.example.com",
"port" : 4242
}
}
}
Create an Allowed Network Endpoint
POST /configuration/allowed-network-endpoints
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "allowed-network-endpoint" for this call. |
|
|
yes |
Hostname, IP address or network to which a connection should be allowed. |
|
|
yes |
Port of the external service. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "allowed-network-endpoint" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Hostname, IP address or network to which a connection should be allowed. |
|
|
Port of the external service. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/allowed-network-endpoints" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "allowed-network-endpoint",
"attributes" : {
"destination" : "allowed.example.com",
"port" : 42424
}
}
}'
Example Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 275
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:31:54.995Z"
},
"data" : {
"type" : "allowed-network-endpoint",
"id" : "3",
"attributes" : {
"destination" : "allowed.example.com",
"port" : 42424
}
}
}
Update an Allowed Network Endpoint
PATCH /configuration/allowed-network-endpoints/{id}
Content-Type application/json
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "allowed-network-endpoint" for this call. |
|
|
yes |
The ID of the resource to be addressed. |
|
|
no |
Hostname, IP address or network to which a connection should be allowed. |
|
|
no |
Port of the external service. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "allowed-network-endpoint" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Hostname, IP address or network to which a connection should be allowed. |
|
|
Port of the external service. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/allowed-network-endpoints/1" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "allowed-network-endpoint",
"id" : "1",
"attributes" : {
"destination" : "allowed.example.com",
"port" : 42424
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 275
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:31:55.062Z"
},
"data" : {
"type" : "allowed-network-endpoint",
"id" : "1",
"attributes" : {
"destination" : "allowed.example.com",
"port" : 42424
}
}
}
Delete an Allowed Network Endpoint
DELETE /configuration/allowed-network-endpoints/{id}
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/allowed-network-endpoints/1" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
API Policy Service
Access all API Policy Services
GET /configuration/api-policy-services
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "api-policy-service" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Endpoint of the API policy service. |
|
|
The unique name of the API policy service. |
|
|
Shared secret used to encrypt the JWT token for access to API policy service. The field is masked in the response. |
|
|
URL of the API policy service. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-policy-services" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 599
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:10.311Z"
},
"data" : [ {
"type" : "api-policy-service",
"id" : "1",
"attributes" : {
"name" : "IAM",
"url" : "https://iam.example.com:8443",
"endpoint" : "/auth-api-policy-service/rest/resolve-tech-client",
"sharedSecret" : "**** hidden ****"
},
"relationships" : {
"mappings" : {
"data" : [ {
"type" : "mapping",
"id" : "21"
}, {
"type" : "mapping",
"id" : "22"
} ]
}
}
} ]
}
Access an API Policy Service
GET /configuration/api-policy-services/{id}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "api-policy-service" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Endpoint of the API policy service. |
|
|
The unique name of the API policy service. |
|
|
Shared secret used to encrypt the JWT token for access to API policy service. The field is masked in the response. |
|
|
URL of the API policy service. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-policy-services/1" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 595
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:10.230Z"
},
"data" : {
"type" : "api-policy-service",
"id" : "1",
"attributes" : {
"name" : "IAM",
"url" : "https://iam.example.com:8443",
"endpoint" : "/auth-api-policy-service/rest/resolve-tech-client",
"sharedSecret" : "**** hidden ****"
},
"relationships" : {
"mappings" : {
"data" : [ {
"type" : "mapping",
"id" : "21"
}, {
"type" : "mapping",
"id" : "22"
} ]
}
}
}
}
Create an API Policy Service
POST /configuration/api-policy-services
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "api-policy-service" for this call. |
|
|
yes |
Endpoint of the API policy service. |
|
|
yes |
The unique name of the API policy service. |
|
|
yes |
Shared secret used to encrypt the JWT token for access to API policy service. The field is masked in the response. |
|
|
yes |
URL of the API policy service. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "api-policy-service" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Endpoint of the API policy service. |
|
|
The unique name of the API policy service. |
|
|
Shared secret used to encrypt the JWT token for access to API policy service. The field is masked in the response. |
|
|
URL of the API policy service. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-policy-services" -i -X POST \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "api-policy-service",
"attributes" : {
"name" : "IAM",
"url" : "https://iam.example.com:8443",
"endpoint" : "/auth-api-policy-service/rest/resolve-tech-client",
"sharedSecret" : "**** hidden ****"
}
}
}'
Example Response
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 385
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:10.282Z"
},
"data" : {
"type" : "api-policy-service",
"id" : "3",
"attributes" : {
"name" : "IAM",
"url" : "https://iam.example.com:8443",
"endpoint" : "/auth-api-policy-service/rest/resolve-tech-client",
"sharedSecret" : "**** hidden ****"
}
}
}
Update an API Policy Service
PATCH /configuration/api-policy-services/{id}
Content-Type application/json
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "api-policy-service" for this call. |
|
|
yes |
The ID of the resource to be addressed. |
|
|
no |
Endpoint of the API policy service. |
|
|
no |
The unique name of the API policy service. |
|
|
no |
Shared secret used to encrypt the JWT token for access to API policy service. The field is masked in the response. |
|
|
no |
URL of the API policy service. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "api-policy-service" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Endpoint of the API policy service. |
|
|
The unique name of the API policy service. |
|
|
Shared secret used to encrypt the JWT token for access to API policy service. The field is masked in the response. |
|
|
URL of the API policy service. |
|
|
The mapping references. |
|
|
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
The ID of the mapping resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-policy-services/1" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "api-policy-service",
"id" : "1",
"attributes" : {
"name" : "IAM",
"url" : "https://iam.example.com:8443",
"endpoint" : "/auth-api-policy-service/rest/resolve-tech-client",
"sharedSecret" : "**** hidden ****"
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 595
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:10.327Z"
},
"data" : {
"type" : "api-policy-service",
"id" : "1",
"attributes" : {
"name" : "IAM",
"url" : "https://iam.example.com:8443",
"endpoint" : "/auth-api-policy-service/rest/resolve-tech-client",
"sharedSecret" : "**** hidden ****"
},
"relationships" : {
"mappings" : {
"data" : [ {
"type" : "mapping",
"id" : "21"
}, {
"type" : "mapping",
"id" : "22"
} ]
}
}
}
}
Delete an API Policy Service
DELETE /configuration/api-policy-services/{id}
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-policy-services/1" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 204 No Content
Add Mapping API Policy Service Connections
PATCH /configuration/api-policy-services/{id}/relationships/mappings
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
yes |
The ID of the referenced "mapping" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-policy-services/1/relationships/mappings" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "mapping",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Remove Mapping API Policy Service Connections
DELETE /configuration/api-policy-services/{id}/relationships/mappings
Content-Type application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The ID of the element to access. |
yes |
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type of the referenced resource. Must be "mapping" for this call. |
|
|
yes |
The ID of the referenced "mapping" resource. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/api-policy-services/1/relationships/mappings" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : [ {
"type" : "mapping",
"id" : "2"
} ]
}'
Example Response
HTTP/1.1 204 No Content
Log Settings
Access Log Settings
GET /configuration/log
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "log" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Forwarding configurations. |
|
|
If true, blocked request information is sent to the configured loghosts. |
|
|
If true, events related to web requests are sent to the configured loghosts. |
|
|
Format of the messages that are sent to the loghost. Allowed values: |
|
|
IP address or host name of the remote loghost which will receive the Airlock Gateway messages. |
|
|
A PCRE regular expression to apply against the text body of log messages. Headers are not considered. All matching messages are sent to the configured loghosts. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Port of the remote loghost. |
|
|
If true, the summary line of each request handled by Airlock Gateway is sent to the configured loghosts. |
|
|
If true, system related events and system errors are sent to the configured loghosts. |
|
|
Type of transport used for remote logging. Allowed values: |
|
|
Log level. Allowed values: |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/log" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 685
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:48.014Z"
},
"data" : {
"type" : "log",
"id" : "2",
"attributes" : {
"level" : "TRACE",
"forwards" : [ {
"hostName" : "myLogHostName",
"port" : 514,
"format" : "CEF",
"transportProtocol" : "TCP",
"systemErrorsForwarded" : true,
"requestSummariesForwarded" : true,
"blockedRequestsForwarded" : true,
"eventsForwarded" : true,
"messageFilterPattern" : {
"pattern" : "logMessagesFilterPattern",
"caseIgnored" : true,
"inverted" : true
}
} ]
}
}
}
Update Log Settings
PATCH /configuration/log
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "log" for this call. |
|
|
no |
Forwarding configurations. |
|
|
no |
If true, blocked request information is sent to the configured loghosts. |
|
|
no |
If true, events related to web requests are sent to the configured loghosts. |
|
|
no |
Format of the messages that are sent to the loghost. Allowed values: |
|
|
no |
IP address or host name of the remote loghost which will receive the Airlock Gateway messages. |
|
|
no |
A PCRE regular expression to apply against the text body of log messages. Headers are not considered. All matching messages are sent to the configured loghosts. |
|
|
no |
Whether to ignore case. |
|
|
no |
Whether to invert the match. |
|
|
no |
The actual pattern. |
|
|
no |
Port of the remote loghost. |
|
|
no |
If true, the summary line of each request handled by Airlock Gateway is sent to the configured loghosts. |
|
|
no |
If true, system related events and system errors are sent to the configured loghosts. |
|
|
no |
Type of transport used for remote logging. Allowed values: |
|
|
no |
Log level. Allowed values: |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "log" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Forwarding configurations. |
|
|
If true, blocked request information is sent to the configured loghosts. |
|
|
If true, events related to web requests are sent to the configured loghosts. |
|
|
Format of the messages that are sent to the loghost. Allowed values: |
|
|
IP address or host name of the remote loghost which will receive the Airlock Gateway messages. |
|
|
A PCRE regular expression to apply against the text body of log messages. Headers are not considered. All matching messages are sent to the configured loghosts. |
|
|
Whether to ignore case. |
|
|
Whether to invert the match. |
|
|
The actual pattern. |
|
|
Port of the remote loghost. |
|
|
If true, the summary line of each request handled by Airlock Gateway is sent to the configured loghosts. |
|
|
If true, system related events and system errors are sent to the configured loghosts. |
|
|
Type of transport used for remote logging. Allowed values: |
|
|
Log level. Allowed values: |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/log" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "log",
"attributes" : {
"level" : "TRACE",
"forwards" : [ {
"hostName" : "destinationLogHost",
"port" : 514,
"format" : "CEF",
"transportProtocol" : "TCP",
"systemErrorsForwarded" : true,
"requestSummariesForwarded" : true,
"blockedRequestsForwarded" : true,
"eventsForwarded" : true,
"messageFilterPattern" : {
"pattern" : "logMessageFilterPattern",
"caseIgnored" : true,
"inverted" : true
}
} ]
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 689
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:48.065Z"
},
"data" : {
"type" : "log",
"id" : "2",
"attributes" : {
"level" : "TRACE",
"forwards" : [ {
"hostName" : "destinationLogHost",
"port" : 514,
"format" : "CEF",
"transportProtocol" : "TCP",
"systemErrorsForwarded" : true,
"requestSummariesForwarded" : true,
"blockedRequestsForwarded" : true,
"eventsForwarded" : true,
"messageFilterPattern" : {
"pattern" : "logMessageFilterPattern",
"caseIgnored" : true,
"inverted" : true
}
} ]
}
}
}
Reporting Settings
Access Reporting Settings
GET /configuration/reporting
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "reporting" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
If true, all logs are sent to the local Elasticsearch database. |
|
|
If true, all logs are sent to the specified remote Elasticsearch database. |
|
|
Password of the remote reporting server. |
|
|
URL of the remote reporting server. |
|
|
Username of the remote reporting server. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/reporting" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 403
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:20.693Z"
},
"data" : {
"type" : "reporting",
"id" : "2",
"attributes" : {
"localEnabled" : true,
"remote" : {
"enabled" : true,
"serverUrls" : [ "http://elastic-cluster:9200" ],
"username" : "user",
"password" : "**** hidden ****"
}
}
}
}
Update Reporting Settings
PATCH /configuration/reporting
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "reporting" for this call. |
|
|
no |
If true, all logs are sent to the local Elasticsearch database. |
|
|
no |
If true, all logs are sent to the specified remote Elasticsearch database. |
|
|
no |
Password of the remote reporting server. |
|
|
no |
URL of the remote reporting server. |
|
|
no |
Username of the remote reporting server. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "reporting" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
If true, all logs are sent to the local Elasticsearch database. |
|
|
If true, all logs are sent to the specified remote Elasticsearch database. |
|
|
Password of the remote reporting server. |
|
|
URL of the remote reporting server. |
|
|
Username of the remote reporting server. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/reporting" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "reporting",
"attributes" : {
"localEnabled" : true,
"remote" : {
"enabled" : true,
"serverUrls" : [ "http://elastic-cluster:9200" ],
"username" : "user",
"password" : "pass"
}
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 403
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:20.724Z"
},
"data" : {
"type" : "reporting",
"id" : "2",
"attributes" : {
"localEnabled" : true,
"remote" : {
"enabled" : true,
"serverUrls" : [ "http://elastic-cluster:9200" ],
"username" : "user",
"password" : "**** hidden ****"
}
}
}
}
Expert Settings
Access Expert Settings
GET /configuration/expert-settings
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "expert-settings" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Expert settings for the Apache web listener. |
|
|
Whether the Apache expert settings are enabled. |
|
|
Expert settings for the Apache web listener. |
|
|
Expert settings for the Security Gate. |
|
|
Whether the Security Gate expert settings are enabled. |
|
|
Expert settings for the Security Gate. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/expert-settings" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 363
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:28.572Z"
},
"data" : {
"type" : "expert-settings",
"id" : "2",
"attributes" : {
"securityGate" : {
"enabled" : false,
"settings" : ""
},
"apache" : {
"enabled" : false,
"settings" : ""
}
}
}
}
Update Expert Settings
PATCH /configuration/expert-settings
Content-Type application/json
Accept application/json
Request Structure
Path | Type | Required | Description |
---|---|---|---|
|
|
yes |
The data type sent to the server. Must be set to "expert-settings" for this call. |
|
|
no |
Expert settings for the Apache web listener. |
|
|
no |
Whether the Apache expert settings are enabled. |
|
|
no |
Expert settings for the Apache web listener. |
|
|
no |
Expert settings for the Security Gate. |
|
|
no |
Whether the Security Gate expert settings are enabled. |
|
|
no |
Expert settings for the Security Gate. |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "expert-settings" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Expert settings for the Apache web listener. |
|
|
Whether the Apache expert settings are enabled. |
|
|
Expert settings for the Apache web listener. |
|
|
Expert settings for the Security Gate. |
|
|
Whether the Security Gate expert settings are enabled. |
|
|
Expert settings for the Security Gate. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/expert-settings" -i -X PATCH \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json' \
-d '{
"data" : {
"type" : "expert-settings",
"attributes" : {
"securityGate" : {
"enabled" : true,
"settings" : "AuthenticatedSessionsWarningPercentage \"90\""
},
"apache" : {
"enabled" : true,
"settings" : "MaxConnectionsPerChild 15000"
}
}
}
}'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 446
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:32:28.620Z"
},
"data" : {
"type" : "expert-settings",
"id" : "2",
"attributes" : {
"securityGate" : {
"enabled" : true,
"settings" : "AuthenticatedSessionsWarningPercentage \"90\""
},
"apache" : {
"enabled" : true,
"settings" : "MaxConnectionsPerChild 15000"
}
}
}
}
Validator Message
Validation Error Codes
A description of all error codes that can occur in a validator message
Error code | Description |
---|---|
REQUIRED |
The value may not be empty or null. |
OUTSIDE_RANGE |
The number is too large or too small. |
NOT_UNIQUE |
The value must be unique among other values. |
LICENSE_NOT_MATCH |
The Airlock license is either invalid, expired, does not match the system or the configuration uses unlicensed features. |
INVALID_VALUE |
Generic message to show validation errors. |
Access all Validator Messages
GET /configuration/validator-messages
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
Optionally allows to filter by: 'meta.severity', 'meta.model.type' and 'meta.model.id'. For this REST endpoint, note that only exact matches using '==' are allowed. Click here for more details about the syntax. |
no |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "validator-message" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Application-specific error code. |
|
|
Detailed description of the validation error. |
|
|
Non-standard meta-information about the error. |
|
|
Model that is affected by the validation error. |
|
|
ID of the affected model. |
|
|
Type of the affected model. |
|
|
Optional parameters that are useful for the particular error in form of a key-value map. |
|
|
Severity of the error which is one of: ERROR, WARNING, INFO |
|
|
Type of the metadata object. |
|
|
The request entity or request parameter causing the error. |
|
|
A JSON pointer (RFC 6901) identifying the associated entity in the request document that caused the error, e.g. "/data/attributes/x" for the attribute "x" of the primary data object. |
|
|
Short description of the model value that failed to validate. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/configuration/validator-messages?filter=meta.severity%3D%3Dwarning&filter=meta.model.type%3D%3Dback-end-group" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 833
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:33:56.844Z"
},
"data" : [ {
"type" : "validatormessage",
"id" : "446baa87-a50d-4b67-b9a9-91a9a92e8f12",
"attributes" : {
"code" : "INVALID_VALUE",
"title" : "backendHosts[0].address",
"detail" : "The host name is invalid. Only characters a-Z, numbers and the special characters '.', '_' and '-' are allowed, no '.', '_' or '-' at beginning or end. An IP address can also be configured instead of a host name.",
"source" : {
"pointer" : "/data/attributes/backendHosts[0]/hostName"
},
"meta" : {
"type" : "jsonapi.metadata.validation",
"severity" : "WARNING",
"model" : {
"id" : "1",
"type" : "back-end-group"
}
}
}
} ]
}
Status Information
Access Node Status
GET /system/status/node
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "node-state" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Number of users currently logged in to the configuration center. |
|
|
Failover state of this Airlock. Possible values are "offline", "active", "passive" and "standalone". |
|
|
Your current hostname. |
|
|
The software version of this Airlock. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/system/status/node" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 350
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:34:02.596Z"
},
"data" : {
"type" : "node-state",
"id" : "airlock.example.com",
"attributes" : {
"hostName" : "airlock.example.com",
"version" : "999.9.9",
"failoverState" : "standalone",
"countUserLogins" : 1
}
}
}
Access Network Interface Status
GET /system/status/interfaces
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "interface-state" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Name of the network device. |
|
|
Link information and negotiated speed settings. |
|
|
Mac address of the network device. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/system/status/interfaces" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 302
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:34:02.369Z"
},
"data" : [ {
"type" : "interface-state",
"id" : "hme0",
"attributes" : {
"device" : "hme0",
"macAddress" : "94:18:82:89:6c:0",
"linkInformation" : ""
}
} ]
}
Access Logged-in Users Status
GET /system/status/users/logged-in
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "logged-in-users" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Time and the the user was last active. |
|
|
Remote address of the user |
|
|
Role assigned to the user. |
|
|
SessionID of the user. |
|
|
Username identifyin the user. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/system/status/users/logged-in" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 420
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:34:02.481Z"
},
"data" : [ {
"type" : "logged-in-user",
"id" : "51aa0a9",
"attributes" : {
"userName" : "admin",
"role" : "airlock-administrator",
"lastActive" : "2024-10-28T19:33:02.455",
"sessionId" : "4213d1115210481aa6ad12d688fd58b3",
"remoteAddress" : "192.168.0.14"
}
} ]
}
List Bad Back-end Groups
GET /system/status/back-end-groups/with-bad-hosts
Accept application/json
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "back-end-groups-state" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
List of unreachable back-end group names. |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/system/status/back-end-groups/with-bad-hosts" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 258
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:34:02.259Z"
},
"data" : {
"type" : "back-end-groups-state",
"id" : "-443337354",
"attributes" : {
"badBackendGroups" : [ "bad-group" ]
}
}
}
Access Back-end Group Status
GET /system/status/back-end-groups/{back-end-group-name}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The name of the back-end group to access. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "back-end-group-state" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Name or IP address of the back-end host. |
|
|
Port on which the host listens for HTTP connections. |
|
|
Number of active sessions on the back-end host. |
|
|
State of the back-end host. Allowed values: |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/system/status/back-end-groups/back-end-group-example" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 387
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:34:02.248Z"
},
"data" : {
"type" : "back-end-group-state",
"id" : "back-end-group-example",
"attributes" : {
"backendHosts" : [ {
"hostName" : "backend-host.example.com",
"port" : 80,
"sessionCount" : 20,
"state" : "GOOD"
} ]
}
}
}
List Sessions
GET /system/status/sessions/query/{query}/sortattribute/{sortattribute}/sortmode/{sortmode}/returnattributes/{returnattributes}/maxresults/{maxresults}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
Query Expression. Please check the 'Session Viewer' section in the Airlock Gateway manual for detailed information and examples. Using a ' ' or '*' will return all sessions. Be aware that retrieving many sessions or executing complex queries could be very costly and impact performance. |
yes |
|
Sort results according to this field name. |
yes |
|
Defines the order of the sorted result list. |
yes |
|
Space separated list of fields to return. |
yes |
|
Limit the number of matching elements. |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "com.airlock.waf.status.sessions" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Number of returned sessions. |
|
|
Result status of the query. Allowed values: |
|
|
Audit token. |
|
|
The name of the back-end group. |
|
|
When a back-end group contains more than one host and has load balancing configured, then at creation every session is assigned to one host. This field shows that assignment (only for back-end groups that have a host assignment, i.e. those that the session has accessed before). |
|
|
TCP port of the back-end host. This helps to identify the used service if different ports are used on the same back-end system. |
|
|
Whether this session has any roles. |
|
|
Maximum idle time (seconds) that’s left before being terminated. |
|
|
Time in seconds since the last access. |
|
|
IP address used at the moment of session creation. |
|
|
Remaining lifetime in seconds. |
|
|
List of all accessed mappings (not including requests that were redirected to "Denied access URL" for authentication). |
|
|
Maximum time (seconds) a session can be idle before being terminated. |
|
|
Maximum idle time (seconds) that’s left before being terminated. |
|
|
Time in seconds since the last access. |
|
|
Timestamp when the role was initially set. |
|
|
Maximum lifetime in seconds. |
|
|
Remaining lifetime in seconds. |
|
|
Role name. |
|
|
Session ID. |
|
|
Timestamp of session creation. |
|
|
Timestamp of last access. |
|
|
Special session tracking identifier (e.g. sslId). |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/system/status/sessions/query/*/sortattribute/idletime/sortmode/asc/returnattributes/*/maxresults/2" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2238
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:34:02.862Z"
},
"data" : {
"type" : "com.airlock.waf.status.sessions",
"id" : "1896408165",
"attributes" : {
"returnCode" : "OK",
"resultCount" : 2,
"sessions" : [ {
"sid" : "0000000000000000000000000000000",
"trackingId" : "0000000-000-0000000",
"ipCreation" : "10.0.0.0",
"lifetimeRemaining" : 0,
"timeCreation" : "2024-10-27",
"timeLast" : "19:34:02.861764167",
"idleTime" : 0,
"idleRemaining" : 10,
"roles" : [ {
"name" : "customer-0",
"initTime" : 0,
"lifetimeMax" : 86400,
"lifetimeRemaining" : 72000,
"idleTime" : 60,
"idleRemaining" : 0,
"idleMax" : 3600
} ],
"hasRoles" : true,
"auditToken" : "audit-token-0",
"backendHostsSelected" : [ {
"groupName" : "e-banking",
"hostName" : "node-0.payment.example.com",
"port" : 8443
}, {
"groupName" : "iam",
"hostName" : "login-0.example.com",
"port" : 8443
} ],
"mappingsAccessed" : [ "iam", "payment", "quotes" ]
}, {
"sid" : "1111111111111111111111111111111",
"trackingId" : "1111111-111-1111111",
"ipCreation" : "10.0.0.1",
"lifetimeRemaining" : 1000,
"timeCreation" : "2024-10-27",
"timeLast" : "19:34:02.862070163",
"idleTime" : 1,
"idleRemaining" : 11,
"roles" : [ {
"name" : "customer-1",
"initTime" : 0,
"lifetimeMax" : 86400,
"lifetimeRemaining" : 72000,
"idleTime" : 60,
"idleRemaining" : 0,
"idleMax" : 3600
} ],
"hasRoles" : true,
"auditToken" : "audit-token-1",
"backendHostsSelected" : [ {
"groupName" : "e-banking",
"hostName" : "node-1.payment.example.com",
"port" : 8443
}, {
"groupName" : "iam",
"hostName" : "login-1.example.com",
"port" : 8443
} ],
"mappingsAccessed" : [ "iam", "payment", "quotes" ]
} ]
}
}
}
Access Session Details
GET /system/status/sessions/{sid}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The session identifier |
yes |
Response Structure
Path | Type | Description |
---|---|---|
|
|
The JSON API meta type, which is: "jsonapi.metadata.document" |
|
|
The current server time as a timestamp. |
|
|
The data type of the resource. Must be "com.airlock.waf.status.session" for this call. |
|
|
The ID of the resource to be addressed. |
|
|
Result status of the query. Allowed values: |
|
|
Audit token. |
|
|
The name of the back-end group. |
|
|
When a back-end group contains more than one host and has load balancing configured, then at creation every session is assigned to one host. This field shows that assignment (only for back-end groups that have a host assignment, i.e. those that the session has accessed before). |
|
|
TCP port of the back-end host. This helps to identify the used service if different ports are used on the same back-end system. |
|
|
List of all client fingerprinting incidents that have occurred on this session. |
|
|
List of all client fingerprinting thresholds that have been reached, out of (Log / Notify / Block). The "Terminate" threshold will never appear because the affected sessions will be terminated immediately. |
|
|
Cookie description. |
|
|
URL describing how the cookie is intended to be used. |
|
|
Whether the client should discard the cookie when it terminates. |
|
|
Cookie domain attribute if set. |
|
|
Date and time when the browser should delete the cookie. |
|
|
Whether the cookie should not be exposed through channels other than HTTP(S) requests. |
|
|
Number of seconds until the cookie expires. |
|
|
Name identifying the cookie. |
|
|
Server which initially set the cookie. |
|
|
Cookie path attribute if set. |
|
|
Restricts the TCP port to which a cookie may be sent. |
|
|
Whether cookie communication should be limited to encrypted transmission. |
|
|
Stored value. |
|
|
Cookie version if applicable. |
|
|
Whether this session has any roles. |
|
|
If configured, the mapping where the response header was set. |
|
|
Response header name. |
|
|
Response header value. |
|
|
Maximum time (seconds) a session can be idle before being terminated. |
|
|
Maximum idle time (seconds) that’s left before being terminated. |
|
|
Time in seconds since the last access. |
|
|
IP address used at the moment of session creation. |
|
|
The mapping used. |
|
|
The kerberos user. |
|
|
Maximum lifetime in seconds. |
|
|
Remaining lifetime in seconds. |
|
|
List of all accessed mappings (not including requests that were redirected to "Denied access URL" for authentication). |
|
|
The mapping the credential is set for. |
|
|
Usually a combination of <username>:<password> (sensitive data is masked). |
|
|
Maximum time (seconds) a session can be idle before being terminated. |
|
|
Maximum idle time (seconds) that’s left before being terminated. |
|
|
Time in seconds since the last access. |
|
|
Timestamp when the role was initially set. |
|
|
Maximum lifetime in seconds. |
|
|
Remaining lifetime in seconds. |
|
|
Role name. |
|
|
Session ID. |
|
|
Timestamp of session creation. |
|
|
Timestamp of last access. |
|
|
Special session tracking identifier (e.g. SSL session ID). |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/system/status/sessions/12345678901234567890123456789012" -i -X GET \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2227
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:34:02.827Z"
},
"data" : {
"type" : "com.airlock.waf.status.session",
"id" : "12345678901234567890123456789012",
"attributes" : {
"returnCode" : "OK",
"session" : {
"sid" : "12345678901234567890123456789012",
"trackingId" : "30b87285-4f58-4f21-a289-7b9dcd941a0a",
"ipCreation" : "127.0.0.1",
"lifetimeMax" : 0,
"lifetimeRemaining" : 0,
"timeCreation" : "15:34:02.824946388",
"timeLast" : "19:33:02.824981188",
"idleTime" : 60,
"idleRemaining" : 3540,
"idleMax" : 3600,
"roles" : [ {
"name" : "customer",
"initTime" : 0,
"lifetimeMax" : 86400,
"lifetimeRemaining" : 72000,
"idleTime" : 60,
"idleRemaining" : 0,
"idleMax" : 3600
} ],
"hasRoles" : true,
"auditToken" : "audit-token",
"backendHostsSelected" : [ {
"groupName" : "e-banking",
"hostName" : "node-14.payment.example.com",
"port" : 8443
}, {
"groupName" : "iam",
"hostName" : "login-2.example.com",
"port" : 8443
} ],
"mappingsAccessed" : [ "iam", "payment", "quotes" ],
"headers" : [ {
"name" : "x-airlock-gateway-version",
"value" : "999.9-a72d225",
"mapping" : ""
} ],
"cookies" : [ {
"name" : "JSESSIONID",
"value" : "85290242ac130003 ",
"path" : "",
"domain" : "",
"expires" : "",
"maxAge" : "42d",
"version" : "",
"comment" : "",
"commentUrl" : "",
"port" : "",
"origin" : "",
"secure" : false,
"discard" : false,
"httpOnly" : true
} ],
"cfpIncidents" : [ "sess_userAgentChange", "req_ipChange" ],
"cfpThresholds" : [ "Log" ],
"ntlmCredentials" : [ {
"value" : "test-customer",
"mapping" : "iam"
} ],
"kerberosUsers" : [ {
"user" : "user",
"mapping" : "root"
} ]
}
}
}
}
Terminate Sessions
DELETE /system/status/sessions/query/{query}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
Query Expression. Please check the 'Session Viewer' section in the Airlock Gateway manual for detailed information and examples. Using a ' ' or '*' will return all sessions. Be aware that retrieving many sessions or executing complex queries could be very costly and impact performance. |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/system/status/sessions/query/sid=12345678901234567890123456789012" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 918
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:34:02.843Z"
},
"data" : {
"type" : "com.airlock.waf.status.sessions.terminate",
"id" : "54703645",
"attributes" : {
"returnCode" : "OK",
"resultCount" : 10,
"sessions" : [ {
"sid" : "0000000000000000000000000000000"
}, {
"sid" : "1111111111111111111111111111111"
}, {
"sid" : "2222222222222222222222222222222"
}, {
"sid" : "3333333333333333333333333333333"
}, {
"sid" : "4444444444444444444444444444444"
}, {
"sid" : "5555555555555555555555555555555"
}, {
"sid" : "6666666666666666666666666666666"
}, {
"sid" : "7777777777777777777777777777777"
}, {
"sid" : "8888888888888888888888888888888"
}, {
"sid" : "9999999999999999999999999999999"
} ]
}
}
}
Terminate a Session
DELETE /system/status/sessions/{sid}
Accept application/json
Request Structure
Parameter | Description | Required |
---|---|---|
|
The session identifier |
yes |
Example Request
$ curl "https://${AIRLOCK}/airlock/rest/system/status/sessions/12345678901234567890123456789012" -i -X DELETE \
-H 'Content-Type: application/json' \
-H "Cookie: JSESSIONID=${JSESSIONID}" \
-H 'Accept: application/json'
Example Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 310
{
"meta" : {
"type" : "jsonapi.metadata.document",
"timestamp" : "2024-10-28T19:34:02.851Z"
},
"data" : {
"type" : "com.airlock.waf.status.session.terminate",
"id" : "1406809580",
"attributes" : {
"returnCode" : "OK",
"sid" : "12345678901234567890123456789012"
}
}
}
API Changes
Notable changes between versions in the Airlock Gateway REST API are listed below. The first version of the API was introduced Airlock Gateway 7.1.
Airlock Gateway 8.3
General
-
URLs are validated more strictly against trailing slashes.
-
Update or delete of default entities will result in a response with status code
409 Conflict
Mappings
Changed Endpoints
New | Old |
---|---|
|
|
|
|
|
|
|
|
Renamed Paths
New | Old | Description |
---|---|---|
`data.attributes.dosAttackPrevention.restrictions[].maxRequestsPerInterval |
|
Introduce restrictions list with nested field |
`data.attributes.dosAttackPrevention.restrictions[].interval |
|
Introduce restrictions list with nested field |
`data.relationships.dos-attack-prevention-ip-address-exclusion |
`data.relationships.request-frequency-filter-ip-address-whitelist |
Introduce restrictions list with nested field |
Removed Endpoints
Removed | Description |
---|---|
|
now part of mapping.ipAddressPaths[] |
|
now part of mapping.ipAddressPaths[] |
Virtual Host
Removed Fields
Name | Description |
---|---|
|
Replaced with |
Anomaly Shield Rules
Removed Fields
Name | Description |
---|---|
|
Incidents are logged all the time |
|
Incidents are logged all the time |
Reporting
Renamed Paths
New | Old | Description |
---|---|---|
|
|
Expose list instead of space separated URL field |
Allowed Network Endpoints
Renamed Paths
New | Old | Description |
---|---|---|
|
|
Also allow networks as endpoints |
IP Address Lists
Removed Endpoints
Removed | Description |
---|---|
|
now part of mapping.ipAddressPaths[] |
|
now part of mapping.ipAddressPaths[] |
System Templates
Renamed Templates
New | Old |
---|---|
"Airlock Gateway" / "Medium Security Mapping" / "New_Mapping" - ID: "/weO3jCCp0b7tVQflvDzc5H6wgM6V6ou+uOL3yStsl8=" |
"Airlock Gateway" / "Empty Mapping" / "New_Mapping" - ID: "hPg28A988JGwBKRi2BotP6MthrM1XIT1i/expDvvPtY=" |
Airlock Gateway 8.2
General
-
New endpoints to terminate sessions by id or query.
-
New endpoints to configure SSL certificates for node management.
Airlock Gateway 8.1
Mappings
Renamed Paths
New | Old | Description |
---|---|---|
|
|
Introduce nested apiPolicy structure with generic enabled field |
|
|
Introduce nested apiPolicy structure |
|
|
Introduce nested apiPolicy structure |
|
|
Introduce nested apiPolicy structure |
|
|
Introduce nested openApi structure with generic enabled field |
|
|
Introduce nested openApi structure with generic logOnly field |
|
|
Introduce nested openApi structure and rename |
|
|
Introduce nested openApi structure and rename |
|
|
Introduce nested openApi structure and rename |
|
|
Decouple value checks and parser enable, rename to unified json structure |
|
|
Rename to unified json structure |
|
|
Introduce nested apiPolicy structure with generic enabled field |
|
|
Introduce nested apiPolicy structure |
|
|
Introduce nested apiPolicy structure |
|
|
Introduce nested apiPolicy structure |
|
|
Introduce nested apiPolicy structure |
|
|
Introduce nested openApi structure with generic enabled field |
|
|
Introduce nested openApi structureMa |
|
|
Introduce nested openApi structure with generic logOnly field |
|
|
Introduce nested openApi structure and rename |
|
|
Introduce nested openApi structure and rename |
|
|
Introduce nested openApi structure and rename |
|
|
Decouple value checks and parser enable, rename to unified json structure |
Anomaly Shield Rules
Renamed Paths
New | Old | Description |
---|---|---|
|
|
Renamed actions to sessionActions |
|
|
Renamed actions to sessionActions |
|
|
Renamed actions to sessionActions |
|
|
Renamed actions to sessionActions |
|
|
Renamed actions to sessionActions |
Airlock Gateway 8.0
Mapping
Removed Fields
Name | Description |
---|---|
|
Removed according to deprecated warning. Use |
Anomaly Shield Applications
General
-
An
Anomaly Shield Application
can now have multiple training data collection traffic exclusions and response rule exceptions. The corresponding configuration was moved into a dedicatedAnomaly Shield Traffic Matcher
resource of which multiple can be connected to anAnomaly Shield Application
via the newtraining-data-collection-exclusions
andresponse-rule-exceptions
relationships.
Removed Fields
Name | Description |
---|---|
|
These settings were moved to the |
|
These settings were moved to the |
Changed Endpoints
New |
Old |
Description |
|
|
The IP address lists are now linked to an |
|
|
The IP address lists are now linked to an |
Network Services
Removed Fields
Name | Description |
---|---|
|
This flag was removed because the new NTP daemon Chrony does not support MULTICAST mode. NTP is now enabled if |
Node
Removed Fields
Name | Description |
---|---|
|
Speed mode setting is not available anymore in 8.0 |
Network Interface Status
Removed Fields
Name | Description |
---|---|
|
Speed mode setting is not available anymore in 8.0 |
Airlock Gateway 7.8
Mapping
Changed Endpoints
New | Old | Description |
---|---|---|
|
|
Mappings can be connected to multiple Back-End Groups |
|
|
Mappings can be connected to multiple Back-End Groups |
Renamed Path
New | Old | Description |
---|---|---|
|
|
Mappings can be connected to multiple Back-End Groups |
Airlock Gateway 7.7
License
Renamed Path
New | Old | Description |
---|---|---|
|
|
Renamed license field for consistency. |
Mapping
Renamed group and id of empty Mapping Template
New | Old | Description |
---|---|---|
|
|
The group name was changed due to our efforts to rename Airlock WAF to Airlock Gateway. The id changed because of the group name change. |
Airlock Gateway 7.6
SSL Certificate
Renamed Paths
New | Old | Description |
---|---|---|
|
|
Because this end point is now also used for client certificates of Back-end groups. |
Virtual Host
Removed Fields
Name | Description |
---|---|
|
This flag was removed and replaced by |
Airlock Gateway 7.5
Activation
New Option
New | Description |
---|---|
|
This new option has to be set to |
Node
Renamed Paths
New | Old | Description |
---|---|---|
|
|
Support IPv4 and IPv6 for management address instead of only IPv4. |
|
|
Support IPv4 and IPv6 for back-end address instead of only IPv4. |
|
|
Support DHCPv4 and DHCPv6 instead of only DHCPv4. |
Log Settings
Renamed Paths
New | Old | Description |
---|---|---|
|
|
Log forwarding host port is in a separate field. |
Airlock Gateway 7.4
General
-
Content-Type "application/json;charset=UTF-8" has been replaced through Content-Type "application/json" in the REST API responses.
Airlock Gateway 7.3
Mapping
Changed Endpoints
New | Old | Description |
---|---|---|
|
|
Export a Mapping |
|
|
Import Mappings (New or Replace) |
|
|
Import Mappings (As New Copy) |
|
|
Apply Unlocked Settings from Import |
Renamed Paths
New | Old | Description |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
Airlock Gateway 7.2
Mapping
Renamed Paths
New | Old | Description |
---|---|---|
|
|
Whenever an Airlock Gateway session terminates (either due to an explicit logout by the user or due to a session timeout), Airlock Gateway will call the given, unmodified path on the currently used back-end host with all information concerning this back-end application such as cookies, headers, etc. to allow clean session termination on the backend host. |
|
|
Lock for the corresponding member. |
|
|
Specifies a list of access restrictions. Each request that matches the combination of HTTP method and path of an entry must have at least one of the specified roles to access the service. |
|
|
Lock for the corresponding member. |