ApiTarget

ApiTarget object specifies all information necessary for performing access control for requests to an API target.

idstring

ID is the unique UUID for the API target

namestring

Name is a unique human readable name for the API target

commentstring

Comment is an optional human readable comment

access_group_idstring

AccessGroupID specifies the access group the API target is associated to

roles object[]

Roles are the required roles which grant access to the API target

Array [

idstringrequired

Role unique identifier

namestring

Optional human readable role name

deletedboolean

Whether the role has been deleted

]

authorized_endpoints object[]

AuthorizedEndpoints specify the address, scheme, method and path patterns for matching requests. A request must match at least one authorized endpoint to be authorized.

Array [

hoststringrequired

Host is matched against the host part in the request URL. Port may be omitted if it matches the default port 80 for http or 443 for https. Matching is case-insensitive exact match.

protocolsstring[]required

Protocols are matched against request URL scheme. Accepted values are "http", "https" and "*" (for http or https).

Possible values: [http, https, *]

methodsstring[]required

Methods are matched against request HTTP method. Accepted values are "GET","PUT","POST","DELETE","HEAD","PATCH","OPTIONS","TRACE" and "*".

Possible values: [GET, PUT, POST, DELETE, HEAD, PATCH, OPTIONS, TRACE, *]

pathsstring[]required

Paths are matched against request URL path. Supported wildcards are "*" matches one path segment, "**" matches rest of the path.

allow_unauthenticatedbooleanrequired

If true, unauthenticated requests matching this endpoint are allowed

nat_target_hoststring

Optional NAT target host (used when forwarding requests over an extender)

]

unauthorized_endpoints object[]

UnauthorizedEndpoints specify the address, scheme, method and path patterns for matching requests. An authorized request must not match any unauthorized endpoint.

Array [

hoststringrequired

Host is matched against the host part in the request URL. Port may be omitted if it matches the default port 80 for http or 443 for https. Matching is case-insensitive exact match.

protocolsstring[]required

Protocols are matched against request URL scheme. Accepted values are "http", "https" and "*" (for http or https).

Possible values: [http, https, *]

methodsstring[]required

Methods are matched against request HTTP method. Accepted values are "GET","PUT","POST","DELETE","HEAD","PATCH","OPTIONS","TRACE" and "*".

Possible values: [GET, PUT, POST, DELETE, HEAD, PATCH, OPTIONS, TRACE, *]

pathsstring[]required

Paths are matched against request URL path. Supported wildcards are "*" matches one path segment, "**" matches rest of the path.

allow_unauthenticatedbooleanrequired

If true, unauthenticated requests matching this endpoint are allowed

nat_target_hoststring

Optional NAT target host (used when forwarding requests over an extender)

]

tls_trust_anchorsstring

TLSTrustAnchors specify optional X.509 certificate trust anchors for validating the API target TLS server certificates.

tls_insecure_skip_verifyboolean

TLSInsecureSkipVerify turns off the API target TLS server certificate validation. Use with great caution and only when strictly needed.

target_credential object

TargetCredential contains the credentials for authenticating to the API target.

typestringrequired

Credential type

Possible values: [basicauth, token, certificate]

basic_auth_usernamestring

Username for credentials of type "basicauth"

basic_auth_passwordstring

Password for credentials of type "basicauth"

bearer_tokenstring

Static bearer token for credentials of type "token"

certificatestring

Certificate for api target of type "certificate"

private_keystring

Private key for api target of type "certificate"

disabledstring

Disabled specifies whether this API target is enabled or not. All requests to disabled API targets are rejected.

Possible values: [FALSE, BY_LICENSE, BY_ADMIN]

audit_enabledboolean

AuditEnabled specifies whether to session-record requests to this target API

createdstring<date-time>

Creation timestamp

authorstring

Identifier of the creator

updatedstring<date-time>

Last update timestamp

updated_bystring

Identifier of the last updater

tagsstring[]

optional tags for the API target

ApiTarget

{
  "id": "string",
  "name": "string",
  "comment": "string",
  "access_group_id": "string",
  "roles": [
    {
      "id": "string",
      "name": "string",
      "deleted": true
    }
  ],
  "authorized_endpoints": [
    {
      "host": "string",
      "protocols": [
        "http"
      ],
      "methods": [
        "GET"
      ],
      "paths": [
        "string"
      ],
      "allow_unauthenticated": true,
      "nat_target_host": "string"
    }
  ],
  "unauthorized_endpoints": [
    {
      "host": "string",
      "protocols": [
        "http"
      ],
      "methods": [
        "GET"
      ],
      "paths": [
        "string"
      ],
      "allow_unauthenticated": true,
      "nat_target_host": "string"
    }
  ],
  "tls_trust_anchors": "string",
  "tls_insecure_skip_verify": true,
  "target_credential": {
    "type": "basicauth",
    "basic_auth_username": "string",
    "basic_auth_password": "string",
    "bearer_token": "string",
    "certificate": "string",
    "private_key": "string"
  },
  "disabled": "FALSE",
  "audit_enabled": true,
  "created": "2024-07-29T15:51:28.071Z",
  "author": "string",
  "updated": "2024-07-29T15:51:28.071Z",
  "updated_by": "string",
  "tags": [
    "string"
  ]
}